From c4a0793b2e7fb94cb5e2ce8e697c71153f8c7b1f Mon Sep 17 00:00:00 2001 From: rtrimana Date: Mon, 6 Nov 2017 10:49:18 -0800 Subject: [PATCH] Restructuring files and folders --- ...efx_generator.py => base_gefx_generator.py | 4 +- ...t_from_tshark.py => extract_from_tshark.py | 0 json/eth1.dump.json | 1215830 ++++++++++++++ parser/__init__.py | 0 4 files changed, 1215832 insertions(+), 2 deletions(-) rename origin/base_gefx_generator.py => base_gefx_generator.py (98%) rename origin/extract_from_tshark.py => extract_from_tshark.py (100%) create mode 100644 json/eth1.dump.json create mode 100644 parser/__init__.py diff --git a/origin/base_gefx_generator.py b/base_gefx_generator.py similarity index 98% rename from origin/base_gefx_generator.py rename to base_gefx_generator.py index 703fe45..af39ffc 100644 --- a/origin/base_gefx_generator.py +++ b/base_gefx_generator.py @@ -19,14 +19,14 @@ import networkx as nx import sys from decimal import * -import parse_dns +import parser.parse_dns JSON_KEY_ETH_SRC = "eth.src" JSON_KEY_ETH_DST = "eth.dst" def parse_json(file_path): - device_dns_mappings = parse_dns.parse_json_dns("./dns.json") + device_dns_mappings = parser.parse_dns.parse_json_dns("./json/dns.json") # Init empty graph G = nx.DiGraph() diff --git a/origin/extract_from_tshark.py b/extract_from_tshark.py similarity index 100% rename from origin/extract_from_tshark.py rename to extract_from_tshark.py diff --git a/json/eth1.dump.json b/json/eth1.dump.json new file mode 100644 index 0000000..d61fcaa --- /dev/null +++ b/json/eth1.dump.json @@ -0,0 +1,1215830 @@ +[ + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:46:31.460686000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493591.460686000", + "frame.time_delta": "0.000000000", + "frame.time_delta_displayed": "0.000000000", + "frame.time_relative": "0.000000000", + "frame.number": "1", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:46:31.461239000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493591.461239000", + "frame.time_delta": "0.000553000", + "frame.time_delta_displayed": "0.000553000", + "frame.time_relative": "0.000553000", + "frame.number": "2", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:46:31.525095000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493591.525095000", + "frame.time_delta": "0.063856000", + "frame.time_delta_displayed": "0.063856000", + "frame.time_relative": "0.064409000", + "frame.number": "3", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000094e8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007861", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "1", + "tcp.nxtseq": "55", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001f54", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:b0:f1:a7:9a:fb:27", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2404593, TSecr 2811951911": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2404593", + "tcp.options.timestamp.tsecr": "2811951911" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:8f:40:fd:3b:3e:a4:2f:33:d8:3d:bc:c6:60:44:79:44:61:7e:ac:88:d7:ed:89:13:61:c2:de:36:ba:86:be:cb:cd:ac:1a:a3:07:bd:e3:0a:70:8a" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:46:31.585328000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493591.585328000", + "frame.time_delta": "0.060233000", + "frame.time_delta_displayed": "0.060233000", + "frame.time_relative": "0.124642000", + "frame.number": "4", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002be8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003997", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "55", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fbf4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9a:fb:74:00:24:b0:f1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2811951988, TSecr 2404593": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2811951988", + "tcp.options.timestamp.tsecr": "2404593" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3", + "tcp.analysis.ack_rtt": "0.060233000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:46:33.000259000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493593.000259000", + "frame.time_delta": "1.414931000", + "frame.time_delta_displayed": "1.414931000", + "frame.time_relative": "1.539573000", + "frame.number": "5", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000affd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000295c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:46:34.421324000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493594.421324000", + "frame.time_delta": "1.421065000", + "frame.time_delta_displayed": "1.421065000", + "frame.time_relative": "2.960638000", + "frame.number": "6", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057ce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6c3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000006bf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:46:34.559535000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493594.559535000", + "frame.time_delta": "0.138211000", + "frame.time_delta_displayed": "0.138211000", + "frame.time_relative": "3.098849000", + "frame.number": "7", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000094e9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007860", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "55", + "tcp.nxtseq": "109", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000714d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:b2:21:a7:9a:fb:74", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2404897, TSecr 2811951988": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2404897", + "tcp.options.timestamp.tsecr": "2811951988" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:90:47:73:e4:b3:40:55:49:ce:dd:2d:ea:3a:54:db:c0:d8:86:e7:de:c4:47:a6:dd:55:5f:9a:ba:06:d3:2b:bb:33:22:7d:1e:03:fd:43:97:1b:90" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:46:34.564399000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493594.564399000", + "frame.time_delta": "0.004864000", + "frame.time_delta_displayed": "0.004864000", + "frame.time_relative": "3.103713000", + "frame.number": "8", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fc0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdd1", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "2", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001134", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.ack_lost_segment": "", + "_ws.expert.message": "ACKed segment that wasn't captured (common at capture start)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:46:34.619651000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493594.619651000", + "frame.time_delta": "0.055252000", + "frame.time_delta_displayed": "0.055252000", + "frame.time_relative": "3.158965000", + "frame.number": "9", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002be9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003996", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "109", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f797", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9a:fe:6b:00:24:b2:21", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2811952747, TSecr 2404897": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2811952747", + "tcp.options.timestamp.tsecr": "2404897" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7", + "tcp.analysis.ack_rtt": "0.060116000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:46:35.983656000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493595.983656000", + "frame.time_delta": "1.364005000", + "frame.time_delta_displayed": "1.364005000", + "frame.time_relative": "4.522970000", + "frame.number": "10", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005ab2", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005d37", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:46:40.218247000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493600.218247000", + "frame.time_delta": "4.234591000", + "frame.time_delta_displayed": "4.234591000", + "frame.time_relative": "8.757561000", + "frame.number": "11", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000a7c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ee14", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x0000af75", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:c4:01:79:55:6e:cc:f2:14:6b:00:00:00:52:a0:21:21:33:33:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:46:53.696454000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493613.696454000", + "frame.time_delta": "13.478207000", + "frame.time_delta_displayed": "13.478207000", + "frame.time_relative": "22.235768000", + "frame.number": "12", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "50:c7:bf:59:d5:84", + "eth.src_tree": { + "eth.src_resolved": "Tp-LinkT_59:d5:84", + "eth.addr": "50:c7:bf:59:d5:84", + "eth.addr_resolved": "Tp-LinkT_59:d5:84", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "50:c7:bf:59:d5:84", + "arp.src.proto_ipv4": "192.168.0.221", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:46:54.771721000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493614.771721000", + "frame.time_delta": "1.075267000", + "frame.time_delta_displayed": "1.075267000", + "frame.time_relative": "23.311035000", + "frame.number": "13", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000fa02", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Include Mode": { + "igmp.record_type": "3", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:46:55.758033000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493615.758033000", + "frame.time_delta": "0.986312000", + "frame.time_delta_displayed": "0.986312000", + "frame.time_relative": "24.297347000", + "frame.number": "14", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:46:56.017456000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493616.017456000", + "frame.time_delta": "0.259423000", + "frame.time_delta_displayed": "0.259423000", + "frame.time_relative": "24.556770000", + "frame.number": "15", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:46:56.033832000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493616.033832000", + "frame.time_delta": "0.016376000", + "frame.time_delta_displayed": "0.016376000", + "frame.time_relative": "24.573146000", + "frame.number": "16", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:46:56.048621000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493616.048621000", + "frame.time_delta": "0.014789000", + "frame.time_delta_displayed": "0.014789000", + "frame.time_relative": "24.587935000", + "frame.number": "17", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:46:56.132571000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493616.132571000", + "frame.time_delta": "0.083950000", + "frame.time_delta_displayed": "0.083950000", + "frame.time_relative": "24.671885000", + "frame.number": "18", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:46:58.485460000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493618.485460000", + "frame.time_delta": "2.352889000", + "frame.time_delta_displayed": "2.352889000", + "frame.time_relative": "27.024774000", + "frame.number": "19", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ntp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000010", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "4", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00004864", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000106c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "74.117.214.3", + "ip.addr": "74.117.214.3", + "ip.dst_host": "74.117.214.3", + "ip.host": "74.117.214.3", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS4539 Schweitzer Engineering Laboratories, Inc., Pullman, WA, 46.732201, -117.245598": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS4539 Schweitzer Engineering Laboratories, Inc.", + "ip.geoip.asnum": "AS4539 Schweitzer Engineering Laboratories, Inc.", + "ip.geoip.dst_city": "Pullman, WA", + "ip.geoip.city": "Pullman, WA", + "ip.geoip.dst_lat": "46.732201", + "ip.geoip.lat": "46.732201", + "ip.geoip.dst_lon": "-117.245598", + "ip.geoip.lon": "-117.245598" + } + }, + "udp": { + "udp.srcport": "34835", + "udp.dstport": "123", + "udp.port": "34835", + "udp.port": "123", + "udp.length": "56", + "udp.checksum": "0x0000311c", + "udp.checksum.status": "2", + "udp.stream": "4" + }, + "ntp": { + "ntp.flags": "0x00000023", + "ntp.flags_tree": { + "ntp.flags.li": "0", + "ntp.flags.vn": "4", + "ntp.flags.mode": "3" + }, + "ntp.stratum": "0", + "ntp.ppoll": "0", + "ntp.precision": "0", + "ntp.rootdelay": "0", + "ntp.rootdispersion": "0", + "ntp.refid": "00:00:00:00", + "ntp.reftime": "Dec 31, 1969 16:00:00.000000000 PST", + "ntp.org": "Dec 31, 1969 16:00:00.000000000 PST", + "ntp.rec": "Dec 31, 1969 16:00:00.000000000 PST", + "ntp.xmt": "Jan 7, 2089 02:20:12.279176000 PST" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:46:58.525889000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493618.525889000", + "frame.time_delta": "0.040429000", + "frame.time_delta_displayed": "0.040429000", + "frame.time_relative": "27.065203000", + "frame.number": "20", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ntp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x0000c8eb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "44", + "ip.proto": "17", + "ip.checksum": "0x0000a3f4", + "ip.checksum.status": "2", + "ip.src": "74.117.214.3", + "ip.addr": "74.117.214.3", + "ip.src_host": "74.117.214.3", + "ip.host": "74.117.214.3", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS4539 Schweitzer Engineering Laboratories, Inc., Pullman, WA, 46.732201, -117.245598": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS4539 Schweitzer Engineering Laboratories, Inc.", + "ip.geoip.asnum": "AS4539 Schweitzer Engineering Laboratories, Inc.", + "ip.geoip.src_city": "Pullman, WA", + "ip.geoip.city": "Pullman, WA", + "ip.geoip.src_lat": "46.732201", + "ip.geoip.lat": "46.732201", + "ip.geoip.src_lon": "-117.245598", + "ip.geoip.lon": "-117.245598" + }, + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "123", + "udp.dstport": "34835", + "udp.port": "123", + "udp.port": "34835", + "udp.length": "56", + "udp.checksum": "0x000063c1", + "udp.checksum.status": "2", + "udp.stream": "4" + }, + "ntp": { + "ntp.flags": "0x00000024", + "ntp.flags_tree": { + "ntp.flags.li": "0", + "ntp.flags.vn": "4", + "ntp.flags.mode": "4" + }, + "ntp.stratum": "1", + "ntp.ppoll": "3", + "ntp.precision": "-23", + "ntp.rootdelay": "0", + "ntp.rootdispersion": "0.001068115234375", + "ntp.refid": "50:50:53:00", + "ntp.reftime": "Oct 31, 2017 16:46:53.114475000 PDT", + "ntp.org": "Jan 7, 2089 02:20:12.279176000 PST", + "ntp.rec": "Oct 31, 2017 16:46:58.514446000 PDT", + "ntp.xmt": "Oct 31, 2017 16:46:58.514477000 PDT" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:00.543661000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493620.543661000", + "frame.time_delta": "2.017772000", + "frame.time_delta_displayed": "2.017772000", + "frame.time_relative": "29.082975000", + "frame.number": "21", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x000094ea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007864", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "109", + "tcp.nxtseq": "158", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005de4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:bc:47:a7:9a:fe:6b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2407495, TSecr 2811952747": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2407495", + "tcp.options.timestamp.tsecr": "2811952747" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:91:96:6d:d1:4d:44:24:23:66:a2:95:ac:22:a2:1e:a9:8c:7d:3a:ba:54:0b:7a:83:23:4b:76:94:8b:6a:3b:c2:e4:f3:9b:15:67" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:00.603876000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493620.603876000", + "frame.time_delta": "0.060215000", + "frame.time_delta_displayed": "0.060215000", + "frame.time_relative": "29.143190000", + "frame.number": "22", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002bea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003995", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "158", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d3e0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9b:17:cb:00:24:bc:47", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2811959243, TSecr 2407495": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2811959243", + "tcp.options.timestamp.tsecr": "2407495" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "21", + "tcp.analysis.ack_rtt": "0.060215000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:00.604430000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493620.604430000", + "frame.time_delta": "0.000554000", + "frame.time_delta_displayed": "0.000554000", + "frame.time_relative": "29.143744000", + "frame.number": "23", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002beb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000395d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "1", + "tcp.nxtseq": "56", + "tcp.ack": "158", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000913d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9b:17:cb:00:24:bc:47", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2811959243, TSecr 2407495": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2811959243", + "tcp.options.timestamp.tsecr": "2407495" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:2d:cd:91:0a:2a:7b:f0:0d:6f:02:ea:4c:c2:c1:25:61:5c:a0:94:d4:c7:75:e1:78:0d:a0:ed:b3:8c:e2:31:ea:1a:39:f2:81:f0:4e:c0:99:a3:a6:f9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:00.638103000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493620.638103000", + "frame.time_delta": "0.033673000", + "frame.time_delta_displayed": "0.033673000", + "frame.time_relative": "29.177417000", + "frame.number": "24", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000094eb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007894", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "158", + "tcp.ack": "56", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d2b0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:bc:51:a7:9b:17:cb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2407505, TSecr 2811959243": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2407505", + "tcp.options.timestamp.tsecr": "2811959243" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "23", + "tcp.analysis.ack_rtt": "0.033673000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:01.221862000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493621.221862000", + "frame.time_delta": "0.583759000", + "frame.time_delta_displayed": "0.583759000", + "frame.time_relative": "29.761176000", + "frame.number": "25", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:03.491176000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493623.491176000", + "frame.time_delta": "2.269314000", + "frame.time_delta_displayed": "2.269314000", + "frame.time_relative": "32.030490000", + "frame.number": "26", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:03.491268000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493623.491268000", + "frame.time_delta": "0.000092000", + "frame.time_delta_displayed": "0.000092000", + "frame.time_relative": "32.030582000", + "frame.number": "27", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:03.527902000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493623.527902000", + "frame.time_delta": "0.036634000", + "frame.time_delta_displayed": "0.036634000", + "frame.time_relative": "32.067216000", + "frame.number": "28", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001cc7", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bb29", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1315", + "udp.dstport": "5353", + "udp.port": "1315", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x000013a3", + "udp.checksum.status": "2", + "udp.stream": "5" + }, + "mdns": { + "dns.id": "0x0000025a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=602", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=58873" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:03.528427000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493623.528427000", + "frame.time_delta": "0.000525000", + "frame.time_delta_displayed": "0.000525000", + "frame.time_relative": "32.067741000", + "frame.number": "29", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001cc8", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009c24", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1315", + "udp.dstport": "5353", + "udp.port": "1315", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f49e", + "udp.checksum.status": "2", + "udp.stream": "6" + }, + "mdns": { + "dns.id": "0x0000025a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=602", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=58873" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:03.529067000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493623.529067000", + "frame.time_delta": "0.000640000", + "frame.time_delta_displayed": "0.000640000", + "frame.time_relative": "32.068381000", + "frame.number": "30", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1316", + "udp.dstport": "5353", + "udp.port": "1316", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008264", + "udp.checksum.status": "2", + "udp.stream": "7" + }, + "mdns": { + "dns.id": "0x0000025a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=602", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=58873" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:04.561273000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493624.561273000", + "frame.time_delta": "1.032206000", + "frame.time_delta_displayed": "1.032206000", + "frame.time_relative": "33.100587000", + "frame.number": "31", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057cf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6c2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000006bf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "6", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:04.704683000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493624.704683000", + "frame.time_delta": "0.143410000", + "frame.time_delta_displayed": "0.143410000", + "frame.time_relative": "33.243997000", + "frame.number": "32", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fc1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdd0", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "2", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001134", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.ack_lost_segment": "", + "_ws.expert.message": "ACKed segment that wasn't captured (common at capture start)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + }, + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "8", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:05.302997000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493625.302997000", + "frame.time_delta": "0.598314000", + "frame.time_delta_displayed": "0.598314000", + "frame.time_relative": "33.842311000", + "frame.number": "33", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00003bf8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008d5f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:05.355881000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493625.355881000", + "frame.time_delta": "0.052884000", + "frame.time_delta_displayed": "0.052884000", + "frame.time_relative": "33.895195000", + "frame.number": "34", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00003bfc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008d5b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:05.408741000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493625.408741000", + "frame.time_delta": "0.052860000", + "frame.time_delta_displayed": "0.052860000", + "frame.time_relative": "33.948055000", + "frame.number": "35", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00003c01", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008d4d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:05.461937000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493625.461937000", + "frame.time_delta": "0.053196000", + "frame.time_delta_displayed": "0.053196000", + "frame.time_relative": "34.001251000", + "frame.number": "36", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00003c05", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008d49", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:05.514848000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493625.514848000", + "frame.time_delta": "0.052911000", + "frame.time_delta_displayed": "0.052911000", + "frame.time_relative": "34.054162000", + "frame.number": "37", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00003c06", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008d4e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:05.567770000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493625.567770000", + "frame.time_delta": "0.052922000", + "frame.time_delta_displayed": "0.052922000", + "frame.time_relative": "34.107084000", + "frame.number": "38", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00003c08", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008d4c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:05.610387000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493625.610387000", + "frame.time_delta": "0.042617000", + "frame.time_delta_displayed": "0.042617000", + "frame.time_relative": "34.149701000", + "frame.number": "39", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:05.610787000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493625.610787000", + "frame.time_delta": "0.000400000", + "frame.time_delta_displayed": "0.000400000", + "frame.time_relative": "34.150101000", + "frame.number": "40", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:05.984178000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493625.984178000", + "frame.time_delta": "0.373391000", + "frame.time_delta_displayed": "0.373391000", + "frame.time_relative": "34.523492000", + "frame.number": "41", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005ab9", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005d30", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:07.419592000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493627.419592000", + "frame.time_delta": "1.435414000", + "frame.time_delta_displayed": "1.435414000", + "frame.time_relative": "35.958906000", + "frame.number": "42", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000a7e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ee12", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x0000a334", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:28:84:cf:a8:aa:74:cc:f2:14:6b:00:00:00:52:a0:21:21:33:33:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:08.528314000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493628.528314000", + "frame.time_delta": "1.108722000", + "frame.time_delta_displayed": "1.108722000", + "frame.time_relative": "37.067628000", + "frame.number": "43", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ccc", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bb24", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1315", + "udp.dstport": "5353", + "udp.port": "1315", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x000013a3", + "udp.checksum.status": "2", + "udp.stream": "5" + }, + "mdns": { + "dns.id": "0x0000025a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=602", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=58873" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:08.528845000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493628.528845000", + "frame.time_delta": "0.000531000", + "frame.time_delta_displayed": "0.000531000", + "frame.time_relative": "37.068159000", + "frame.number": "44", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ccd", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009c1f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1315", + "udp.dstport": "5353", + "udp.port": "1315", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f49e", + "udp.checksum.status": "2", + "udp.stream": "6" + }, + "mdns": { + "dns.id": "0x0000025a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=602", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=58873" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:08.529437000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493628.529437000", + "frame.time_delta": "0.000592000", + "frame.time_delta_displayed": "0.000592000", + "frame.time_relative": "37.068751000", + "frame.number": "45", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1316", + "udp.dstport": "5353", + "udp.port": "1316", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008264", + "udp.checksum.status": "2", + "udp.stream": "7" + }, + "mdns": { + "dns.id": "0x0000025a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=602", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=58873" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:09.719995000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493629.719995000", + "frame.time_delta": "1.190558000", + "frame.time_delta_displayed": "1.190558000", + "frame.time_relative": "38.259309000", + "frame.number": "46", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:09.720362000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493629.720362000", + "frame.time_delta": "0.000367000", + "frame.time_delta_displayed": "0.000367000", + "frame.time_relative": "38.259676000", + "frame.number": "47", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:13.528861000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493633.528861000", + "frame.time_delta": "3.808499000", + "frame.time_delta_displayed": "3.808499000", + "frame.time_relative": "42.068175000", + "frame.number": "48", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001cce", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bb22", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1315", + "udp.dstport": "5353", + "udp.port": "1315", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x000013a3", + "udp.checksum.status": "2", + "udp.stream": "5" + }, + "mdns": { + "dns.id": "0x0000025a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=602", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=58873" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:13.529225000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493633.529225000", + "frame.time_delta": "0.000364000", + "frame.time_delta_displayed": "0.000364000", + "frame.time_relative": "42.068539000", + "frame.number": "49", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ccf", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009c1d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1315", + "udp.dstport": "5353", + "udp.port": "1315", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f49e", + "udp.checksum.status": "2", + "udp.stream": "6" + }, + "mdns": { + "dns.id": "0x0000025a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=602", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=58873" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:13.530911000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493633.530911000", + "frame.time_delta": "0.001686000", + "frame.time_delta_displayed": "0.001686000", + "frame.time_relative": "42.070225000", + "frame.number": "50", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1316", + "udp.dstport": "5353", + "udp.port": "1316", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008264", + "udp.checksum.status": "2", + "udp.stream": "7" + }, + "mdns": { + "dns.id": "0x0000025a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=602", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=58873" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:13.541745000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493633.541745000", + "frame.time_delta": "0.010834000", + "frame.time_delta_displayed": "0.010834000", + "frame.time_relative": "42.081059000", + "frame.number": "51", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ntp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000010", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "4", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x000075f1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000038ed", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "216.93.242.12", + "ip.addr": "216.93.242.12", + "ip.dst_host": "216.93.242.12", + "ip.host": "216.93.242.12", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS27552 TowardEX Technologies International, Inc., Boston, MA, 42.358398, -71.059799": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS27552 TowardEX Technologies International, Inc.", + "ip.geoip.asnum": "AS27552 TowardEX Technologies International, Inc.", + "ip.geoip.dst_city": "Boston, MA", + "ip.geoip.city": "Boston, MA", + "ip.geoip.dst_lat": "42.358398", + "ip.geoip.lat": "42.358398", + "ip.geoip.dst_lon": "-71.059799", + "ip.geoip.lon": "-71.059799" + } + }, + "udp": { + "udp.srcport": "40339", + "udp.dstport": "123", + "udp.port": "40339", + "udp.port": "123", + "udp.length": "56", + "udp.checksum": "0x00009ecf", + "udp.checksum.status": "2", + "udp.stream": "9" + }, + "ntp": { + "ntp.flags": "0x00000023", + "ntp.flags_tree": { + "ntp.flags.li": "0", + "ntp.flags.vn": "4", + "ntp.flags.mode": "3" + }, + "ntp.stratum": "0", + "ntp.ppoll": "0", + "ntp.precision": "0", + "ntp.rootdelay": "0", + "ntp.rootdispersion": "0", + "ntp.refid": "00:00:00:00", + "ntp.reftime": "Dec 31, 1969 16:00:00.000000000 PST", + "ntp.org": "Dec 31, 1969 16:00:00.000000000 PST", + "ntp.rec": "Dec 31, 1969 16:00:00.000000000 PST", + "ntp.xmt": "Jun 10, 2096 18:29:07.167176000 PDT" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:13.621058000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493633.621058000", + "frame.time_delta": "0.079313000", + "frame.time_delta_displayed": "0.079313000", + "frame.time_relative": "42.160372000", + "frame.number": "52", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ntp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x000086d8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "48", + "ip.proto": "17", + "ip.checksum": "0x00003816", + "ip.checksum.status": "2", + "ip.src": "216.93.242.12", + "ip.addr": "216.93.242.12", + "ip.src_host": "216.93.242.12", + "ip.host": "216.93.242.12", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS27552 TowardEX Technologies International, Inc., Boston, MA, 42.358398, -71.059799": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS27552 TowardEX Technologies International, Inc.", + "ip.geoip.asnum": "AS27552 TowardEX Technologies International, Inc.", + "ip.geoip.src_city": "Boston, MA", + "ip.geoip.city": "Boston, MA", + "ip.geoip.src_lat": "42.358398", + "ip.geoip.lat": "42.358398", + "ip.geoip.src_lon": "-71.059799", + "ip.geoip.lon": "-71.059799" + }, + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "123", + "udp.dstport": "40339", + "udp.port": "123", + "udp.port": "40339", + "udp.length": "56", + "udp.checksum": "0x00003b96", + "udp.checksum.status": "2", + "udp.stream": "9" + }, + "ntp": { + "ntp.flags": "0x00000024", + "ntp.flags_tree": { + "ntp.flags.li": "0", + "ntp.flags.vn": "4", + "ntp.flags.mode": "4" + }, + "ntp.stratum": "2", + "ntp.ppoll": "3", + "ntp.precision": "-23", + "ntp.rootdelay": "0.0053558349609375", + "ntp.rootdispersion": "0.03155517578125", + "ntp.refid": "c8:62:c4:d4", + "ntp.reftime": "Oct 31, 2017 16:33:49.359642000 PDT", + "ntp.org": "Jun 10, 2096 18:29:07.167176000 PDT", + "ntp.rec": "Oct 31, 2017 16:47:13.588613000 PDT", + "ntp.xmt": "Oct 31, 2017 16:47:13.588671000 PDT" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:13.746762000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493633.746762000", + "frame.time_delta": "0.125704000", + "frame.time_delta_displayed": "0.125704000", + "frame.time_relative": "42.286076000", + "frame.number": "53", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:25.218154000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493645.218154000", + "frame.time_delta": "11.471392000", + "frame.time_delta_displayed": "11.471392000", + "frame.time_relative": "53.757468000", + "frame.number": "54", + "frame.len": "80", + "frame.cap_len": "80", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "66", + "ip.id": "0x00000a80", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ee42", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "46", + "udp.checksum": "0x00007e94", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "26:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:84:41:9f:cf:78:cc:f2:14:6f:00:00:00:c1:0b", + "data.len": "38" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:26.083960000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493646.083960000", + "frame.time_delta": "0.865806000", + "frame.time_delta_displayed": "0.865806000", + "frame.time_relative": "54.623274000", + "frame.number": "55", + "frame.len": "264", + "frame.cap_len": "264", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "250", + "ip.id": "0x00002bec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038cd", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "198", + "tcp.seq": "56", + "tcp.nxtseq": "254", + "tcp.ack": "158", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007695", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9b:30:ad:00:24:bc:51", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2811965613, TSecr 2407505": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2811965613", + "tcp.options.timestamp.tsecr": "2407505" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "198", + "tcp.analysis.push_bytes_sent": "198" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "193", + "ssl.app_data": "34:cd:34:17:47:48:0e:2e:ee:3f:a7:c9:bc:b0:9f:d9:c7:77:ff:f8:d5:80:aa:68:73:b1:2f:53:62:1f:d4:32:93:57:02:85:54:a8:6e:f7:42:17:b5:18:2d:f5:51:18:5f:e5:0b:6c:64:e2:90:d4:46:86:b7:f8:ed:69:35:4e:50:5b:8c:78:d3:4a:4e:6f:0e:12:ce:69:c3:ea:b8:31:ca:f4:92:44:78:b1:c6:3c:1b:a2:5b:47:0e:55:bb:72:63:e2:17:87:e6:fe:0c:1d:a2:0f:df:eb:6c:db:de:93:3e:87:04:4e:67:6e:9b:71:0e:2a:ef:43:0f:22:47:f7:a9:84:3f:b8:d2:24:ed:8a:a1:1c:9b:d6:b4:1e:ab:30:42:20:20:79:f3:c9:cf:66:e0:9e:3e:38:45:1c:d7:b3:37:e7:0b:b3:89:f9:c8:54:2a:b7:f8:b6:ec:31:d9:65:73:65:f8:7c:d2:b5:41:38:ec:78:be:b1:75:8c:07:8c:5b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:26.084449000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493646.084449000", + "frame.time_delta": "0.000489000", + "frame.time_delta_displayed": "0.000489000", + "frame.time_relative": "54.623763000", + "frame.number": "56", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000094ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007893", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "158", + "tcp.ack": "254", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000af18", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:c6:41:a7:9b:30:ad", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2410049, TSecr 2811965613": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2410049", + "tcp.options.timestamp.tsecr": "2811965613" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "55", + "tcp.analysis.ack_rtt": "0.000489000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:26.093607000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493646.093607000", + "frame.time_delta": "0.009158000", + "frame.time_delta_displayed": "0.009158000", + "frame.time_relative": "54.632921000", + "frame.number": "57", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x000094ed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000785d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "158", + "tcp.nxtseq": "211", + "tcp.ack": "254", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001096", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:c6:42:a7:9b:30:ad", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2410050, TSecr 2811965613": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2410050", + "tcp.options.timestamp.tsecr": "2811965613" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:92:ea:b5:ea:52:5f:79:7f:ed:24:82:0c:61:88:ff:f9:75:9c:b5:d1:61:d4:68:42:e7:9f:b5:88:74:80:8d:23:8d:e6:97:e8:4e:34:b2:67:f8" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:26.190175000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493646.190175000", + "frame.time_delta": "0.096568000", + "frame.time_delta_displayed": "0.096568000", + "frame.time_relative": "54.729489000", + "frame.number": "58", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002bed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003992", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "254", + "tcp.ack": "211", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000afb6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9b:30:c8:00:24:c6:42", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2811965640, TSecr 2410050": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2811965640", + "tcp.options.timestamp.tsecr": "2410050" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "57", + "tcp.analysis.ack_rtt": "0.096568000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:26.190781000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493646.190781000", + "frame.time_delta": "0.000606000", + "frame.time_delta_displayed": "0.000606000", + "frame.time_relative": "54.730095000", + "frame.number": "59", + "frame.len": "1442", + "frame.cap_len": "1442", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1428", + "ip.id": "0x000094ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007331", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1376", + "tcp.seq": "211", + "tcp.nxtseq": "1587", + "tcp.ack": "254", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ee28", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:c6:4c:a7:9b:30:c8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2410060, TSecr 2811965640": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2410060", + "tcp.options.timestamp.tsecr": "2811965640" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1376", + "tcp.analysis.push_bytes_sent": "1376" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:93:8b:91:05:ee:e1:b3:91:e0:b7:a8:b8:72:99:dc:43:29:06:04:59:82:24:7f:11:37:e9:6a:e7:9f:b6:55:9c:6f:1a:7f:29:19:f0:e2:34:43:fa" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:94:c6:c7:78:fd:42:3c:36:57:cb:d3:53:48:5e:98:fa:d5:72:6e:ec:c1:99:dc:37:45:63:10:04:af:37:34:75:b8:8a:b6:3f:5c:71:4b:d9:0c:49:11:d6:88:85:8d:4d:88:97:bd:98:d6:c6:d2:e4:e0:2d:51:88:75:63:1f:9b:5d:a2:0e:ed:31:d0:5d:f7:d5:2d:c8:96:fa:03:4a:51:64:c6:85:ff:e3:4d:b1:b2:5e" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1078", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:95:c7:e4:55:6e:36:ac:bf:c2:43:35:cf:b0:b8:3e:22:5b:8f:f7:f8:df:56:c3:5d:35:fd:27:5c:27:05:67:ac:81:9d:3a:c4:85:3b:64:35:65:11:ca:d1:49:2a:b6:8a:fb:ec:bf:38:67:a9:b6:d8:3e:01:32:9e:c0:06:e0:49:66:32:fe:45:24:dc:a7:0d:bd:2b:e2:1d:48:50:5d:ee:74:b9:68:4e:79:15:9f:60:59:3a:23:ad:bd:1d:0a:de:a7:e4:a0:78:5e:08:34:1b:21:8c:0e:94:6f:03:92:8f:8d:5c:2a:5b:67:0a:b4:c5:d4:0a:fa:af:bc:ff:2c:a2:a9:c0:de:b3:81:69:5e:f2:a3:0b:f9:de:c8:e1:0b:da:35:d6:ac:48:47:3d:f2:d8:47:8f:ce:6b:30:4a:fa:d4:e8:ff:11:dd:92:64:b3:1a:2b:d5:0b:2a:b9:cf:37:19:0d:e6:22:f4:e6:dc:0a:16:17:e4:1f:a3:fc:e5:5b:73:d9:df:82:4f:bd:04:0b:b7:b8:35:29:e4:10:5e:1f:09:10:4b:25:d4:83:9e:f4:ea:24:05:00:a9:fc:b0:dc:8a:54:ad:2b:ae:3c:97:1c:d7:1c:6a:8a:5d:ac:8a:78:54:c9:d9:fe:da:2c:cd:d7:7e:bf:ad:da:06:b7:47:3f:49:bf:27:ec:13:63:c1:08:22:99:b6:e3:03:0b:0d:15:45:ae:81:b9:05:ea:3e:74:82:89:eb:2a:f0:e9:91:e9:44:bb:c5:a3:c5:9e:55:9c:52:45:1b:04:7f:94:7d:0e:50:c1:6a:3c:58:3e:59:8f:ff:36:d8:27:64:ec:1f:b0:c8:d2:ae:ef:e4:f1:4c:19:cb:3a:2e:44:04:8d:38:10:13:d5:df:fb:6a:56:67:76:95:30:01:77:b8:fc:cd:7d:f6:9d:bc:dd:bf:50:13:00:43:58:19:35:7b:2d:d0:2a:8b:d0:2e:b2:fc:20:97:14:58:b6:19:f8:7e:69:61:43:45:d1:3c:0e:85:27:b1:a4:90:78:92:a8:4f:ef:de:a4:ee:37:df:31:00:98:ee:88:7b:e6:4e:44:3d:22:11:74:c2:75:68:1b:d7:e7:f9:9d:bc:2d:3e:be:af:6d:0f:b7:3a:64:48:13:c0:ce:49:68:cb:a3:6d:52:54:27:4e:4f:65:10:2c:0b:63:d4:d9:a4:57:65:63:08:4b:24:d8:46:d7:74:d5:20:b0:db:e0:26:ee:67:f4:1b:c2:a5:32:26:56:4b:d3:c2:c8:c5:71:e6:91:4b:0d:83:95:ae:4f:c1:a3:7a:9e:2b:14:d3:d4:23:ca:b7:16:d3:0b:d1:0a:ae:b9:6e:8a:e2:88:6d:e4:e4:a0:b5:ca:7a:81:19:1e:6b:27:dd:2e:22:8e:7d:55:79:71:7a:67:5e:90:a2:17:8f:22:d9:dd:15:e8:21:7a:17:6c:4e:00:45:4c:37:4c:77:6b:8a:3f:43:65:6c:93:91:48:7e:0e:0f:ed:0d:a8:3e:bd:44:4b:00:d2:52:76:31:7f:54:2b:f2:78:96:5e:61:67:f4:0a:64:ad:1b:39:3b:b7:0b:b1:a9:13:77:18:27:8f:61:87:36:2b:93:aa:fc:35:4d:05:04:76:a7:0a:31:e9:c4:6e:4a:f7:e1:11:79:10:bc:98:f9:19:a4:fb:82:1f:ea:1f:6b:a4:5a:25:d7:3e:c6:9d:fa:b9:16:22:1f:e6:93:10:0d:17:d7:5c:c0:53:69:9d:d2:f0:f6:71:57:35:c5:6b:5f:d9:f2:67:83:65:81:87:1a:74:96:c0:50:79:85:88:ab:bc:26:56:58:e0:da:e7:f5:a6:3b:f5:cb:70:76:ea:70:42:97:7f:4e:ec:56:34:99:82:e0:40:ad:99:80:f6:81:5d:1a:55:e0:68:44:0e:b3:f4:cf:5c:01:02:e3:16:f8:d7:47:52:79:72:bb:07:2a:d8:7e:1b:89:36:37:2e:70:32:67:f2:51:fe:c0:c3:24:de:34:c3:b5:37:52:85:0a:13:ec:04:55:a6:60:13:80:4c:ff:f1:66:c9:5f:ca:a4:69:e5:42:cf:b6:7e:b6:7f:70:de:7a:1a:09:35:e7:d5:1a:1f:89:a4:3e:3a:cb:c1:7b:41:77:80:52:81:84:37:7b:28:5f:ad:b9:6d:cc:71:c3:30:12:5d:99:93:c7:ef:7b:4b:ce:a3:d4:12:90:41:20:4b:d6:0c:43:96:5d:fc:35:07:e1:14:6a:b3:8f:c8:54:6c:8b:2d:df:d1:e7:81:aa:6b:74:d4:54:8b:41:b2:86:fc:0e:a2:85:10:d5:03:41:8b:e7:e9:00:52:79:32:3c:08:68:f8:e4:66:af:7c:04:0d:2a:6c:b4:a6:82:0b:1f:b3:45:60:d6:ba:5f:b7:3e:72:f4:cd:b6:47:79:db:82:65:59:4d:3c:66:1f:73:cc:6e:08:3d:6d:04:54:dc:3a:23:e3:06:81:ce:99:e9:07:0a:c5:f4:d0:19:b5:55:40:d0:40:37:31:66:da:5d:0f:0e:47:0d:73:48:cc:75:7e:79:b6:a8:82:3e:a3:76:b4:3d:86:51:e2:ff:b3:dd:67:d5:29:ab:e6:cd:ac:e2:9f:48:b1:e3:e1:ee:27:47:ab:d5:4a:8b:23:3f:60:49:96:3b:c6:a6:f3:83:53:17:6a:8b:d9:f8:5d:9f:66:31:12:5a:ae:c6:e3:7c:8a:ba:ed:61:0f:43:e4:bb:06:ae:34:33:6c:3d:a6:76:e7:76:4f:9e:88:14:ec:be:84:e1:9d:6e:fc:09:16:b4:72:a6:1f:e2:29:26" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "133", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:96:01:34:45:a8:77:0f:e6:a5:79:36:ee:5e:94:9b:6a:23:38:63:d3:30:11:7d:3f:78:e5:b0:ff:1a:7c:4a:46:4b:37:6f:c4:dc:e0:10:8a:8a:fd:2f:02:38:dd:0e:cb:f7:b4:52:b0:e1:c9:ed:0b:0f:a9:eb:e6:4e:c6:41:07:37:ca:57:33:51:d1:b0:7f:17:54:7c:41:48:77:35:bb:50:f3:35:af:17:da:99:d5:9f:7c:99:1e:d8:5c:65:ac:94:5f:d1:ab:c0:da:ed:80:8c:07:17:a2:e5:18:00:d1:72:7f:ac:ad:57:6e:b0:71:3b:d3:ec:00:61:5e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:26.319405000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493646.319405000", + "frame.time_delta": "0.128624000", + "frame.time_delta_displayed": "0.128624000", + "frame.time_relative": "54.858719000", + "frame.number": "60", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002bee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003991", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "254", + "tcp.ack": "1587", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000aa3d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9b:30:d7:00:24:c6:4c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2811965655, TSecr 2410060": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2811965655", + "tcp.options.timestamp.tsecr": "2410060" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "59", + "tcp.analysis.ack_rtt": "0.128624000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:26.508912000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493646.508912000", + "frame.time_delta": "0.189507000", + "frame.time_delta_displayed": "0.189507000", + "frame.time_relative": "55.048226000", + "frame.number": "61", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000094ef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000785a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "1587", + "tcp.nxtseq": "1641", + "tcp.ack": "254", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bbc2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:c6:6c:a7:9b:30:d7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2410092, TSecr 2811965655": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2410092", + "tcp.options.timestamp.tsecr": "2811965655" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:97:3c:9f:c9:ef:3f:50:f0:6f:40:e1:3b:93:b6:11:d8:1a:1d:95:50:a9:77:6e:4a:1f:d5:eb:c9:f0:48:c7:6e:d3:59:5e:d2:11:7d:75:38:35:65" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:26.569125000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493646.569125000", + "frame.time_delta": "0.060213000", + "frame.time_delta_displayed": "0.060213000", + "frame.time_relative": "55.108439000", + "frame.number": "62", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002bef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003990", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "254", + "tcp.ack": "1641", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a998", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9b:31:26:00:24:c6:6c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2811965734, TSecr 2410092": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2811965734", + "tcp.options.timestamp.tsecr": "2410092" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "61", + "tcp.analysis.ack_rtt": "0.060213000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:28.852812000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493648.852812000", + "frame.time_delta": "2.283687000", + "frame.time_delta_displayed": "2.283687000", + "frame.time_relative": "57.392126000", + "frame.number": "63", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.286678000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.286678000", + "frame.time_delta": "1.433866000", + "frame.time_delta_displayed": "1.433866000", + "frame.time_relative": "58.825992000", + "frame.number": "64", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:57:18:8e:aa:94", + "arp.src.proto_ipv4": "192.168.0.108", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.445912000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.445912000", + "frame.time_delta": "0.159234000", + "frame.time_delta_displayed": "0.159234000", + "frame.time_relative": "58.985226000", + "frame.number": "65", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x000020ce", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e776", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52117", + "udp.dstport": "1900", + "udp.port": "52117", + "udp.port": "1900", + "udp.length": "134", + "udp.checksum": "0x00004d48", + "udp.checksum.status": "2", + "udp.stream": "10" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.825318000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.825318000", + "frame.time_delta": "0.379406000", + "frame.time_delta_displayed": "0.379406000", + "frame.time_relative": "59.364632000", + "frame.number": "66", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000d9b1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dd99", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.833656000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.833656000", + "frame.time_delta": "0.008338000", + "frame.time_delta_displayed": "0.008338000", + "frame.time_relative": "59.372970000", + "frame.number": "67", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001850", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00006017", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54493", + "tcp.dstport": "80", + "tcp.port": "54493", + "tcp.port": "80", + "tcp.stream": "2", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00007f60", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.834203000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.834203000", + "frame.time_delta": "0.000547000", + "frame.time_delta_displayed": "0.000547000", + "frame.time_relative": "59.373517000", + "frame.number": "68", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54493", + "tcp.port": "80", + "tcp.port": "54493", + "tcp.stream": "2", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000036a6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "67", + "tcp.analysis.ack_rtt": "0.000547000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.836513000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.836513000", + "frame.time_delta": "0.002310000", + "frame.time_delta_displayed": "0.002310000", + "frame.time_relative": "59.375827000", + "frame.number": "69", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001851", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00006022", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54493", + "tcp.dstport": "80", + "tcp.port": "54493", + "tcp.port": "80", + "tcp.stream": "2", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e884", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "68", + "tcp.analysis.ack_rtt": "0.002310000", + "tcp.analysis.initial_rtt": "0.002857000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.837198000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.837198000", + "frame.time_delta": "0.000685000", + "frame.time_delta_displayed": "0.000685000", + "frame.time_relative": "59.376512000", + "frame.number": "70", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001852", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f7a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54493", + "tcp.dstport": "80", + "tcp.port": "54493", + "tcp.port": "80", + "tcp.stream": "2", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000fdfd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002857000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.837672000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.837672000", + "frame.time_delta": "0.000474000", + "frame.time_delta_displayed": "0.000474000", + "frame.time_relative": "59.376986000", + "frame.number": "71", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cc21", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ec51", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54493", + "tcp.port": "80", + "tcp.port": "54493", + "tcp.stream": "2", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000da15", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "70", + "tcp.analysis.ack_rtt": "0.000474000", + "tcp.analysis.initial_rtt": "0.002857000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.838314000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.838314000", + "frame.time_delta": "0.000642000", + "frame.time_delta_displayed": "0.000642000", + "frame.time_relative": "59.377628000", + "frame.number": "72", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000cc22", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ec3f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54493", + "tcp.port": "80", + "tcp.port": "54493", + "tcp.stream": "2", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001a37", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002857000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.838816000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.838816000", + "frame.time_delta": "0.000502000", + "frame.time_delta_displayed": "0.000502000", + "frame.time_relative": "59.378130000", + "frame.number": "73", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000cc23", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e86c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54493", + "tcp.port": "80", + "tcp.port": "54493", + "tcp.stream": "2", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006ca0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002857000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "72", + "tcp.segment": "73", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001618000", + "http.request_in": "70", + "http.file_data": "\n\n\n1<\/major>\n0<\/minor>\n<\/specVersion>\nhttp:\/\/192.168.0.160:80\/<\/URLBase>\n\nurn:schemas-upnp-org:device:Basic:1<\/deviceType>\nPhilips hue (192.168.0.160)<\/friendlyName>\nRoyal Philips Electronics<\/manufacturer>\nhttp:\/\/www.philips.com<\/manufacturerURL>\nPhilips hue Personal Wireless Lighting<\/modelDescription>\nPhilips hue bridge 2015<\/modelName>\nBSB002<\/modelNumber>\nhttp:\/\/www.meethue.com<\/modelURL>\n00178869eee4<\/serialNumber>\nuuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\nindex.html<\/presentationURL>\n\n\nimage\/png<\/mimetype>\n48<\/height>\n48<\/width>\n24<\/depth>\nhue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.841299000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.841299000", + "frame.time_delta": "0.002483000", + "frame.time_delta_displayed": "0.002483000", + "frame.time_relative": "59.380613000", + "frame.number": "74", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000cc24", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e86b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54493", + "tcp.port": "80", + "tcp.port": "54493", + "tcp.stream": "2", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006ca0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002857000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.842579000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.842579000", + "frame.time_delta": "0.001280000", + "frame.time_delta_displayed": "0.001280000", + "frame.time_relative": "59.381893000", + "frame.number": "75", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001853", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00006020", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54493", + "tcp.dstport": "80", + "tcp.port": "54493", + "tcp.port": "80", + "tcp.stream": "2", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e3ec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "73", + "tcp.analysis.ack_rtt": "0.003763000", + "tcp.analysis.initial_rtt": "0.002857000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.843148000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.843148000", + "frame.time_delta": "0.000569000", + "frame.time_delta_displayed": "0.000569000", + "frame.time_relative": "59.382462000", + "frame.number": "76", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001854", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x0000601f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54493", + "tcp.dstport": "80", + "tcp.port": "54493", + "tcp.port": "80", + "tcp.stream": "2", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e3eb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.843569000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.843569000", + "frame.time_delta": "0.000421000", + "frame.time_delta_displayed": "0.000421000", + "frame.time_relative": "59.382883000", + "frame.number": "77", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b6ab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000001c8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54493", + "tcp.port": "80", + "tcp.port": "54493", + "tcp.stream": "2", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d61f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "76", + "tcp.analysis.ack_rtt": "0.000421000", + "tcp.analysis.initial_rtt": "0.002857000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.845747000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.845747000", + "frame.time_delta": "0.002178000", + "frame.time_delta_displayed": "0.002178000", + "frame.time_relative": "59.385061000", + "frame.number": "78", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001855", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00006012", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54493", + "tcp.dstport": "80", + "tcp.port": "54493", + "tcp.port": "80", + "tcp.stream": "2", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000006b0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:8b:cf:45:d1:8b:cf:49:b4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002857000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "75", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.878281000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.878281000", + "frame.time_delta": "0.032534000", + "frame.time_delta_displayed": "0.032534000", + "frame.time_relative": "59.417595000", + "frame.number": "79", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000d9b4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dd8d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "66" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.881433000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.881433000", + "frame.time_delta": "0.003152000", + "frame.time_delta_displayed": "0.003152000", + "frame.time_relative": "59.420747000", + "frame.number": "80", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001856", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00006011", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54494", + "tcp.dstport": "80", + "tcp.port": "54494", + "tcp.port": "80", + "tcp.stream": "3", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00009daa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.881982000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.881982000", + "frame.time_delta": "0.000549000", + "frame.time_delta_displayed": "0.000549000", + "frame.time_relative": "59.421296000", + "frame.number": "81", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54494", + "tcp.port": "80", + "tcp.port": "54494", + "tcp.stream": "3", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000fe50", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "80", + "tcp.analysis.ack_rtt": "0.000549000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.884916000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.884916000", + "frame.time_delta": "0.002934000", + "frame.time_delta_displayed": "0.002934000", + "frame.time_relative": "59.424230000", + "frame.number": "82", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001857", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x0000601c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54494", + "tcp.dstport": "80", + "tcp.port": "54494", + "tcp.port": "80", + "tcp.stream": "3", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b02f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "81", + "tcp.analysis.ack_rtt": "0.002934000", + "tcp.analysis.initial_rtt": "0.003483000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.885582000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.885582000", + "frame.time_delta": "0.000666000", + "frame.time_delta_displayed": "0.000666000", + "frame.time_relative": "59.424896000", + "frame.number": "83", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001858", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f74", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54494", + "tcp.dstport": "80", + "tcp.port": "54494", + "tcp.port": "80", + "tcp.stream": "3", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c5a8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003483000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.886068000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.886068000", + "frame.time_delta": "0.000486000", + "frame.time_delta_displayed": "0.000486000", + "frame.time_relative": "59.425382000", + "frame.number": "84", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000755d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004316", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54494", + "tcp.port": "80", + "tcp.port": "54494", + "tcp.stream": "3", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a1c0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "83", + "tcp.analysis.ack_rtt": "0.000486000", + "tcp.analysis.initial_rtt": "0.003483000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.886638000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.886638000", + "frame.time_delta": "0.000570000", + "frame.time_delta_displayed": "0.000570000", + "frame.time_relative": "59.425952000", + "frame.number": "85", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000755e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004304", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54494", + "tcp.port": "80", + "tcp.port": "54494", + "tcp.stream": "3", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e1e1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003483000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.886985000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.886985000", + "frame.time_delta": "0.000347000", + "frame.time_delta_displayed": "0.000347000", + "frame.time_relative": "59.426299000", + "frame.number": "86", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000755f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003f31", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54494", + "tcp.port": "80", + "tcp.port": "54494", + "tcp.stream": "3", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000344b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003483000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "85", + "tcp.segment": "86", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001403000", + "http.request_in": "83", + "http.file_data": "\n\n\n1<\/major>\n0<\/minor>\n<\/specVersion>\nhttp:\/\/192.168.0.160:80\/<\/URLBase>\n\nurn:schemas-upnp-org:device:Basic:1<\/deviceType>\nPhilips hue (192.168.0.160)<\/friendlyName>\nRoyal Philips Electronics<\/manufacturer>\nhttp:\/\/www.philips.com<\/manufacturerURL>\nPhilips hue Personal Wireless Lighting<\/modelDescription>\nPhilips hue bridge 2015<\/modelName>\nBSB002<\/modelNumber>\nhttp:\/\/www.meethue.com<\/modelURL>\n00178869eee4<\/serialNumber>\nuuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\nindex.html<\/presentationURL>\n\n\nimage\/png<\/mimetype>\n48<\/height>\n48<\/width>\n24<\/depth>\nhue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.889188000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.889188000", + "frame.time_delta": "0.002203000", + "frame.time_delta_displayed": "0.002203000", + "frame.time_relative": "59.428502000", + "frame.number": "87", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001859", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x0000601a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54494", + "tcp.dstport": "80", + "tcp.port": "54494", + "tcp.port": "80", + "tcp.stream": "3", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ab97", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "86", + "tcp.analysis.ack_rtt": "0.002203000", + "tcp.analysis.initial_rtt": "0.003483000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.889781000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.889781000", + "frame.time_delta": "0.000593000", + "frame.time_delta_displayed": "0.000593000", + "frame.time_relative": "59.429095000", + "frame.number": "88", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000185a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00006019", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54494", + "tcp.dstport": "80", + "tcp.port": "54494", + "tcp.port": "80", + "tcp.stream": "3", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ab96", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.890234000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.890234000", + "frame.time_delta": "0.000453000", + "frame.time_delta_displayed": "0.000453000", + "frame.time_relative": "59.429548000", + "frame.number": "89", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b6ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000001c7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54494", + "tcp.port": "80", + "tcp.port": "54494", + "tcp.stream": "3", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009dca", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "88", + "tcp.analysis.ack_rtt": "0.000453000", + "tcp.analysis.initial_rtt": "0.003483000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.931133000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.931133000", + "frame.time_delta": "0.040899000", + "frame.time_delta_displayed": "0.040899000", + "frame.time_relative": "59.470447000", + "frame.number": "90", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000d9b8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dd8f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "79" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.940158000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.940158000", + "frame.time_delta": "0.009025000", + "frame.time_delta_displayed": "0.009025000", + "frame.time_relative": "59.479472000", + "frame.number": "91", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000185b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x0000600c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54495", + "tcp.dstport": "80", + "tcp.port": "54495", + "tcp.port": "80", + "tcp.stream": "4", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00001c3d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.940708000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.940708000", + "frame.time_delta": "0.000550000", + "frame.time_delta_displayed": "0.000550000", + "frame.time_relative": "59.480022000", + "frame.number": "92", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54495", + "tcp.port": "80", + "tcp.port": "54495", + "tcp.stream": "4", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000ff8f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "91", + "tcp.analysis.ack_rtt": "0.000550000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.944047000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.944047000", + "frame.time_delta": "0.003339000", + "frame.time_delta_displayed": "0.003339000", + "frame.time_relative": "59.483361000", + "frame.number": "93", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000185c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00006017", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54495", + "tcp.dstport": "80", + "tcp.port": "54495", + "tcp.port": "80", + "tcp.stream": "4", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b16e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "92", + "tcp.analysis.ack_rtt": "0.003339000", + "tcp.analysis.initial_rtt": "0.003889000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.944633000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.944633000", + "frame.time_delta": "0.000586000", + "frame.time_delta_displayed": "0.000586000", + "frame.time_relative": "59.483947000", + "frame.number": "94", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x0000185d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f6f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54495", + "tcp.dstport": "80", + "tcp.port": "54495", + "tcp.port": "80", + "tcp.stream": "4", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c6e7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003889000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.945104000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.945104000", + "frame.time_delta": "0.000471000", + "frame.time_delta_displayed": "0.000471000", + "frame.time_relative": "59.484418000", + "frame.number": "95", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018a5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009fce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54495", + "tcp.port": "80", + "tcp.port": "54495", + "tcp.stream": "4", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a2ff", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "94", + "tcp.analysis.ack_rtt": "0.000471000", + "tcp.analysis.initial_rtt": "0.003889000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.945669000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.945669000", + "frame.time_delta": "0.000565000", + "frame.time_delta_displayed": "0.000565000", + "frame.time_relative": "59.484983000", + "frame.number": "96", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000018a6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009fbc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54495", + "tcp.port": "80", + "tcp.port": "54495", + "tcp.stream": "4", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e320", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003889000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.946020000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.946020000", + "frame.time_delta": "0.000351000", + "frame.time_delta_displayed": "0.000351000", + "frame.time_relative": "59.485334000", + "frame.number": "97", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000018a7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009be9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54495", + "tcp.port": "80", + "tcp.port": "54495", + "tcp.stream": "4", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000358a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003889000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "96", + "tcp.segment": "97", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001387000", + "http.request_in": "94", + "http.file_data": "\n\n\n1<\/major>\n0<\/minor>\n<\/specVersion>\nhttp:\/\/192.168.0.160:80\/<\/URLBase>\n\nurn:schemas-upnp-org:device:Basic:1<\/deviceType>\nPhilips hue (192.168.0.160)<\/friendlyName>\nRoyal Philips Electronics<\/manufacturer>\nhttp:\/\/www.philips.com<\/manufacturerURL>\nPhilips hue Personal Wireless Lighting<\/modelDescription>\nPhilips hue bridge 2015<\/modelName>\nBSB002<\/modelNumber>\nhttp:\/\/www.meethue.com<\/modelURL>\n00178869eee4<\/serialNumber>\nuuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\nindex.html<\/presentationURL>\n\n\nimage\/png<\/mimetype>\n48<\/height>\n48<\/width>\n24<\/depth>\nhue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.948635000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.948635000", + "frame.time_delta": "0.002615000", + "frame.time_delta_displayed": "0.002615000", + "frame.time_relative": "59.487949000", + "frame.number": "98", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000185e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00006015", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54495", + "tcp.dstport": "80", + "tcp.port": "54495", + "tcp.port": "80", + "tcp.stream": "4", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000acd6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "97", + "tcp.analysis.ack_rtt": "0.002615000", + "tcp.analysis.initial_rtt": "0.003889000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.949227000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.949227000", + "frame.time_delta": "0.000592000", + "frame.time_delta_displayed": "0.000592000", + "frame.time_relative": "59.488541000", + "frame.number": "99", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000185f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00006014", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54495", + "tcp.dstport": "80", + "tcp.port": "54495", + "tcp.port": "80", + "tcp.stream": "4", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000acd5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:30.949658000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493650.949658000", + "frame.time_delta": "0.000431000", + "frame.time_delta_displayed": "0.000431000", + "frame.time_relative": "59.488972000", + "frame.number": "100", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b6ae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000001c5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54495", + "tcp.port": "80", + "tcp.port": "54495", + "tcp.stream": "4", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009f09", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "99", + "tcp.analysis.ack_rtt": "0.000431000", + "tcp.analysis.initial_rtt": "0.003889000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.878132000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.878132000", + "frame.time_delta": "0.928474000", + "frame.time_delta_displayed": "0.928474000", + "frame.time_relative": "60.417446000", + "frame.number": "101", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000da06", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dd44", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "90" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.882510000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.882510000", + "frame.time_delta": "0.004378000", + "frame.time_delta_displayed": "0.004378000", + "frame.time_relative": "60.421824000", + "frame.number": "102", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001860", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00006007", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54496", + "tcp.dstport": "80", + "tcp.port": "54496", + "tcp.port": "80", + "tcp.stream": "5", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00000e75", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.883053000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.883053000", + "frame.time_delta": "0.000543000", + "frame.time_delta_displayed": "0.000543000", + "frame.time_relative": "60.422367000", + "frame.number": "103", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54496", + "tcp.port": "80", + "tcp.port": "54496", + "tcp.stream": "5", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000033e3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "102", + "tcp.analysis.ack_rtt": "0.000543000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.885882000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.885882000", + "frame.time_delta": "0.002829000", + "frame.time_delta_displayed": "0.002829000", + "frame.time_relative": "60.425196000", + "frame.number": "104", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001861", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00006012", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54496", + "tcp.dstport": "80", + "tcp.port": "54496", + "tcp.port": "80", + "tcp.stream": "5", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e5c1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "103", + "tcp.analysis.ack_rtt": "0.002829000", + "tcp.analysis.initial_rtt": "0.003372000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.886538000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.886538000", + "frame.time_delta": "0.000656000", + "frame.time_delta_displayed": "0.000656000", + "frame.time_relative": "60.425852000", + "frame.number": "105", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001862", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f6a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54496", + "tcp.dstport": "80", + "tcp.port": "54496", + "tcp.port": "80", + "tcp.stream": "5", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000fb3a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003372000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.887027000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.887027000", + "frame.time_delta": "0.000489000", + "frame.time_delta_displayed": "0.000489000", + "frame.time_relative": "60.426341000", + "frame.number": "106", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003bab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007cc8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54496", + "tcp.port": "80", + "tcp.port": "54496", + "tcp.stream": "5", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d752", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "105", + "tcp.analysis.ack_rtt": "0.000489000", + "tcp.analysis.initial_rtt": "0.003372000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.887597000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.887597000", + "frame.time_delta": "0.000570000", + "frame.time_delta_displayed": "0.000570000", + "frame.time_relative": "60.426911000", + "frame.number": "107", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00003bac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007cb6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54496", + "tcp.port": "80", + "tcp.port": "54496", + "tcp.stream": "5", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001774", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003372000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.887945000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.887945000", + "frame.time_delta": "0.000348000", + "frame.time_delta_displayed": "0.000348000", + "frame.time_relative": "60.427259000", + "frame.number": "108", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00003bad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000078e3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54496", + "tcp.port": "80", + "tcp.port": "54496", + "tcp.stream": "5", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000069dd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003372000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "107", + "tcp.segment": "108", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001407000", + "http.request_in": "105", + "http.file_data": "\n\n\n1<\/major>\n0<\/minor>\n<\/specVersion>\nhttp:\/\/192.168.0.160:80\/<\/URLBase>\n\nurn:schemas-upnp-org:device:Basic:1<\/deviceType>\nPhilips hue (192.168.0.160)<\/friendlyName>\nRoyal Philips Electronics<\/manufacturer>\nhttp:\/\/www.philips.com<\/manufacturerURL>\nPhilips hue Personal Wireless Lighting<\/modelDescription>\nPhilips hue bridge 2015<\/modelName>\nBSB002<\/modelNumber>\nhttp:\/\/www.meethue.com<\/modelURL>\n00178869eee4<\/serialNumber>\nuuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\nindex.html<\/presentationURL>\n\n\nimage\/png<\/mimetype>\n48<\/height>\n48<\/width>\n24<\/depth>\nhue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.890093000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.890093000", + "frame.time_delta": "0.002148000", + "frame.time_delta_displayed": "0.002148000", + "frame.time_relative": "60.429407000", + "frame.number": "109", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001863", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00006010", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54496", + "tcp.dstport": "80", + "tcp.port": "54496", + "tcp.port": "80", + "tcp.stream": "5", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e129", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "108", + "tcp.analysis.ack_rtt": "0.002148000", + "tcp.analysis.initial_rtt": "0.003372000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.890680000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.890680000", + "frame.time_delta": "0.000587000", + "frame.time_delta_displayed": "0.000587000", + "frame.time_relative": "60.429994000", + "frame.number": "110", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001864", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x0000600f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54496", + "tcp.dstport": "80", + "tcp.port": "54496", + "tcp.port": "80", + "tcp.stream": "5", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e128", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.891164000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.891164000", + "frame.time_delta": "0.000484000", + "frame.time_delta_displayed": "0.000484000", + "frame.time_relative": "60.430478000", + "frame.number": "111", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b706", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000016d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54496", + "tcp.port": "80", + "tcp.port": "54496", + "tcp.stream": "5", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d35c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "110", + "tcp.analysis.ack_rtt": "0.000484000", + "tcp.analysis.initial_rtt": "0.003372000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.931049000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.931049000", + "frame.time_delta": "0.039885000", + "frame.time_delta_displayed": "0.039885000", + "frame.time_relative": "60.470363000", + "frame.number": "112", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000da08", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dd39", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.941375000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.941375000", + "frame.time_delta": "0.010326000", + "frame.time_delta_displayed": "0.010326000", + "frame.time_relative": "60.480689000", + "frame.number": "113", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001865", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00006002", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54497", + "tcp.dstport": "80", + "tcp.port": "54497", + "tcp.port": "80", + "tcp.stream": "6", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000dbfc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.941920000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.941920000", + "frame.time_delta": "0.000545000", + "frame.time_delta_displayed": "0.000545000", + "frame.time_relative": "60.481234000", + "frame.number": "114", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54497", + "tcp.port": "80", + "tcp.port": "54497", + "tcp.stream": "6", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00000e83", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "113", + "tcp.analysis.ack_rtt": "0.000545000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.952588000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.952588000", + "frame.time_delta": "0.010668000", + "frame.time_delta_displayed": "0.010668000", + "frame.time_relative": "60.491902000", + "frame.number": "115", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001866", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x0000600d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54497", + "tcp.dstport": "80", + "tcp.port": "54497", + "tcp.port": "80", + "tcp.stream": "6", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c061", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "114", + "tcp.analysis.ack_rtt": "0.010668000", + "tcp.analysis.initial_rtt": "0.011213000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.953267000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.953267000", + "frame.time_delta": "0.000679000", + "frame.time_delta_displayed": "0.000679000", + "frame.time_relative": "60.492581000", + "frame.number": "116", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001867", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f65", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54497", + "tcp.dstport": "80", + "tcp.port": "54497", + "tcp.port": "80", + "tcp.stream": "6", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d5da", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.011213000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.953759000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.953759000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "60.493073000", + "frame.number": "117", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000039ce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007ea5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54497", + "tcp.port": "80", + "tcp.port": "54497", + "tcp.stream": "6", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b1f2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "116", + "tcp.analysis.ack_rtt": "0.000492000", + "tcp.analysis.initial_rtt": "0.011213000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.954328000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.954328000", + "frame.time_delta": "0.000569000", + "frame.time_delta_displayed": "0.000569000", + "frame.time_relative": "60.493642000", + "frame.number": "118", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000039cf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007e93", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54497", + "tcp.port": "80", + "tcp.port": "54497", + "tcp.stream": "6", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f213", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.011213000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.954675000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.954675000", + "frame.time_delta": "0.000347000", + "frame.time_delta_displayed": "0.000347000", + "frame.time_relative": "60.493989000", + "frame.number": "119", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000039d0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007ac0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54497", + "tcp.port": "80", + "tcp.port": "54497", + "tcp.stream": "6", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000447d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.011213000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "118", + "tcp.segment": "119", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001408000", + "http.request_in": "116", + "http.file_data": "\n\n\n1<\/major>\n0<\/minor>\n<\/specVersion>\nhttp:\/\/192.168.0.160:80\/<\/URLBase>\n\nurn:schemas-upnp-org:device:Basic:1<\/deviceType>\nPhilips hue (192.168.0.160)<\/friendlyName>\nRoyal Philips Electronics<\/manufacturer>\nhttp:\/\/www.philips.com<\/manufacturerURL>\nPhilips hue Personal Wireless Lighting<\/modelDescription>\nPhilips hue bridge 2015<\/modelName>\nBSB002<\/modelNumber>\nhttp:\/\/www.meethue.com<\/modelURL>\n00178869eee4<\/serialNumber>\nuuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\nindex.html<\/presentationURL>\n\n\nimage\/png<\/mimetype>\n48<\/height>\n48<\/width>\n24<\/depth>\nhue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.960719000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.960719000", + "frame.time_delta": "0.006044000", + "frame.time_delta_displayed": "0.006044000", + "frame.time_relative": "60.500033000", + "frame.number": "120", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001868", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x0000600b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54497", + "tcp.dstport": "80", + "tcp.port": "54497", + "tcp.port": "80", + "tcp.stream": "6", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bbc9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "119", + "tcp.analysis.ack_rtt": "0.006044000", + "tcp.analysis.initial_rtt": "0.011213000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.962055000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.962055000", + "frame.time_delta": "0.001336000", + "frame.time_delta_displayed": "0.001336000", + "frame.time_relative": "60.501369000", + "frame.number": "121", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001869", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x0000600a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54497", + "tcp.dstport": "80", + "tcp.port": "54497", + "tcp.port": "80", + "tcp.stream": "6", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bbc8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.962513000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.962513000", + "frame.time_delta": "0.000458000", + "frame.time_delta_displayed": "0.000458000", + "frame.time_relative": "60.501827000", + "frame.number": "122", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b70d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000166", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54497", + "tcp.port": "80", + "tcp.port": "54497", + "tcp.stream": "6", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000adfc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "121", + "tcp.analysis.ack_rtt": "0.000458000", + "tcp.analysis.initial_rtt": "0.011213000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:31.984257000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493651.984257000", + "frame.time_delta": "0.021744000", + "frame.time_delta_displayed": "0.021744000", + "frame.time_relative": "60.523571000", + "frame.number": "123", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000da0b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dd3c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "112" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:32.012206000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493652.012206000", + "frame.time_delta": "0.027949000", + "frame.time_delta_displayed": "0.027949000", + "frame.time_relative": "60.551520000", + "frame.number": "124", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000186a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ffd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54498", + "tcp.dstport": "80", + "tcp.port": "54498", + "tcp.port": "80", + "tcp.stream": "7", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00004a32", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:32.012762000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493652.012762000", + "frame.time_delta": "0.000556000", + "frame.time_delta_displayed": "0.000556000", + "frame.time_relative": "60.552076000", + "frame.number": "125", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54498", + "tcp.port": "80", + "tcp.port": "54498", + "tcp.stream": "7", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00002823", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "124", + "tcp.analysis.ack_rtt": "0.000556000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:32.015559000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493652.015559000", + "frame.time_delta": "0.002797000", + "frame.time_delta_displayed": "0.002797000", + "frame.time_relative": "60.554873000", + "frame.number": "126", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000186b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00006008", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54498", + "tcp.dstport": "80", + "tcp.port": "54498", + "tcp.port": "80", + "tcp.stream": "7", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000da01", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "125", + "tcp.analysis.ack_rtt": "0.002797000", + "tcp.analysis.initial_rtt": "0.003353000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:32.016233000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493652.016233000", + "frame.time_delta": "0.000674000", + "frame.time_delta_displayed": "0.000674000", + "frame.time_relative": "60.555547000", + "frame.number": "127", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x0000186c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54498", + "tcp.dstport": "80", + "tcp.port": "54498", + "tcp.port": "80", + "tcp.stream": "7", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ef7a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003353000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:32.016727000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493652.016727000", + "frame.time_delta": "0.000494000", + "frame.time_delta_displayed": "0.000494000", + "frame.time_relative": "60.556041000", + "frame.number": "128", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006d4f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004b24", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54498", + "tcp.port": "80", + "tcp.port": "54498", + "tcp.stream": "7", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000cb92", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "127", + "tcp.analysis.ack_rtt": "0.000494000", + "tcp.analysis.initial_rtt": "0.003353000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:32.017322000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493652.017322000", + "frame.time_delta": "0.000595000", + "frame.time_delta_displayed": "0.000595000", + "frame.time_relative": "60.556636000", + "frame.number": "129", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00006d50", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004b12", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54498", + "tcp.port": "80", + "tcp.port": "54498", + "tcp.stream": "7", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000bb4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003353000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:32.017677000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493652.017677000", + "frame.time_delta": "0.000355000", + "frame.time_delta_displayed": "0.000355000", + "frame.time_relative": "60.556991000", + "frame.number": "130", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00006d51", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000473f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54498", + "tcp.port": "80", + "tcp.port": "54498", + "tcp.stream": "7", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005e1d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003353000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "129", + "tcp.segment": "130", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001444000", + "http.request_in": "127", + "http.file_data": "\n\n\n1<\/major>\n0<\/minor>\n<\/specVersion>\nhttp:\/\/192.168.0.160:80\/<\/URLBase>\n\nurn:schemas-upnp-org:device:Basic:1<\/deviceType>\nPhilips hue (192.168.0.160)<\/friendlyName>\nRoyal Philips Electronics<\/manufacturer>\nhttp:\/\/www.philips.com<\/manufacturerURL>\nPhilips hue Personal Wireless Lighting<\/modelDescription>\nPhilips hue bridge 2015<\/modelName>\nBSB002<\/modelNumber>\nhttp:\/\/www.meethue.com<\/modelURL>\n00178869eee4<\/serialNumber>\nuuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\nindex.html<\/presentationURL>\n\n\nimage\/png<\/mimetype>\n48<\/height>\n48<\/width>\n24<\/depth>\nhue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:32.020984000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493652.020984000", + "frame.time_delta": "0.003307000", + "frame.time_delta_displayed": "0.003307000", + "frame.time_relative": "60.560298000", + "frame.number": "131", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000186d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00006006", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54498", + "tcp.dstport": "80", + "tcp.port": "54498", + "tcp.port": "80", + "tcp.stream": "7", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d569", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "130", + "tcp.analysis.ack_rtt": "0.003307000", + "tcp.analysis.initial_rtt": "0.003353000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:32.021327000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493652.021327000", + "frame.time_delta": "0.000343000", + "frame.time_delta_displayed": "0.000343000", + "frame.time_relative": "60.560641000", + "frame.number": "132", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00006d52", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000473e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54498", + "tcp.port": "80", + "tcp.port": "54498", + "tcp.stream": "7", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005e1d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003353000", + "tcp.analysis.bytes_in_flight": "996", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.spurious_retransmission": "", + "_ws.expert.message": "This frame is a (suspected) spurious retransmission", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + }, + "_ws.expert": { + "tcp.analysis.retransmission": "", + "_ws.expert.message": "This frame is a (suspected) retransmission", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:32.021612000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493652.021612000", + "frame.time_delta": "0.000285000", + "frame.time_delta_displayed": "0.000285000", + "frame.time_relative": "60.560926000", + "frame.number": "133", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000186e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00006005", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54498", + "tcp.dstport": "80", + "tcp.port": "54498", + "tcp.port": "80", + "tcp.stream": "7", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d568", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "132", + "tcp.analysis.ack_rtt": "0.000285000", + "tcp.analysis.initial_rtt": "0.003353000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:32.022049000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493652.022049000", + "frame.time_delta": "0.000437000", + "frame.time_delta_displayed": "0.000437000", + "frame.time_relative": "60.561363000", + "frame.number": "134", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b712", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000161", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54498", + "tcp.port": "80", + "tcp.port": "54498", + "tcp.stream": "7", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c79c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "133", + "tcp.analysis.ack_rtt": "0.000437000", + "tcp.analysis.initial_rtt": "0.003353000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:32.025421000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493652.025421000", + "frame.time_delta": "0.003372000", + "frame.time_delta_displayed": "0.003372000", + "frame.time_relative": "60.564735000", + "frame.number": "135", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000186f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ff8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54498", + "tcp.dstport": "80", + "tcp.port": "54498", + "tcp.port": "80", + "tcp.stream": "7", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004583", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:c3:cb:e7:29:c3:cb:eb:0c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003353000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "131", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:34.701205000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493654.701205000", + "frame.time_delta": "2.675784000", + "frame.time_delta_displayed": "2.675784000", + "frame.time_relative": "63.240519000", + "frame.number": "136", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057d0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6c1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000006bf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "2", + "tcp.analysis.duplicate_ack_frame": "6", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#2)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:34.844461000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493654.844461000", + "frame.time_delta": "0.143256000", + "frame.time_delta_displayed": "0.143256000", + "frame.time_relative": "63.383775000", + "frame.number": "137", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fc2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdcf", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "2", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001134", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.ack_lost_segment": "", + "_ws.expert.message": "ACKed segment that wasn't captured (common at capture start)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + }, + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "2", + "tcp.analysis.duplicate_ack_frame": "8", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#2)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:34.881774000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493654.881774000", + "frame.time_delta": "0.037313000", + "frame.time_delta_displayed": "0.037313000", + "frame.time_relative": "63.421088000", + "frame.number": "138", + "frame.len": "413", + "frame.cap_len": "413", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "399", + "ip.id": "0x000094f0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007734", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "347", + "tcp.seq": "1641", + "tcp.nxtseq": "1988", + "tcp.ack": "254", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000055a5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:c9:b1:a7:9b:31:26", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2410929, TSecr 2811965734": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2410929", + "tcp.options.timestamp.tsecr": "2811965734" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "347", + "tcp.analysis.push_bytes_sent": "347" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "342", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:98:7b:f3:ed:32:d2:c7:75:6e:81:35:c7:dd:79:13:3f:20:ef:5a:75:de:e8:5a:78:5c:e9:2f:76:1d:14:60:d0:cf:01:60:38:d5:4a:fe:f4:ec:78:f7:0e:18:e1:33:17:0d:ac:10:cb:bf:e0:01:b7:af:5f:7f:28:92:9e:50:07:ac:ce:28:70:c2:a4:5a:c6:f7:e9:d6:b1:9b:c3:e6:fa:d4:86:41:00:9e:8e:78:23:d2:63:d8:9b:c1:bb:03:04:9a:14:0c:af:22:66:87:a9:fb:23:2c:f9:ab:6b:b0:e2:af:1e:af:5c:63:b2:b0:2e:c1:83:60:eb:54:ba:2f:7c:5f:14:c7:a6:8f:ce:cf:f2:8c:e4:fa:9e:7e:b0:9b:8d:4d:c5:d7:99:bb:37:18:34:32:ac:3c:95:44:01:33:5c:be:09:bc:3e:ba:30:88:6b:c7:35:15:d2:cb:bc:1f:ec:3e:74:c5:ee:31:b3:f2:70:5c:ab:b1:7b:82:85:8b:cf:69:db:87:d3:cb:6b:86:51:d0:68:a8:22:f6:80:c7:7c:b2:cf:1d:c4:b5:48:cb:35:0d:6e:a2:cf:d2:e9:70:96:58:2f:2b:8b:65:ee:31:ad:ec:e8:18:92:bc:e0:fb:94:f6:9b:e0:c9:0b:30:69:b8:97:d4:2d:f7:80:26:94:0f:8d:1c:3e:6f:32:5c:c1:1f:e0:0f:25:0a:83:3a:8b:76:ce:d8:60:64:fa:25:7f:49:d6:b3:ae:28:f6:16:3d:81:46:27:2b:c4:f5:98:25:c1:8a:1d:6c:e8:13:75:8c:77:c1:3b:81:7b:50:88:03:71:1c:e9:c1:82:97:35:f2:19:04:1d:6f:a4:38:5f:5d:07:ab:33:c5:e8:50:8f:a3" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:34.942984000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493654.942984000", + "frame.time_delta": "0.061210000", + "frame.time_delta_displayed": "0.061210000", + "frame.time_relative": "63.482298000", + "frame.number": "139", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002bf0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000398f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "254", + "tcp.ack": "1988", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009ccb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9b:39:53:00:24:c9:b1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2811967827, TSecr 2410929": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2811967827", + "tcp.options.timestamp.tsecr": "2410929" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "138", + "tcp.analysis.ack_rtt": "0.061210000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:34.943420000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493654.943420000", + "frame.time_delta": "0.000436000", + "frame.time_delta_displayed": "0.000436000", + "frame.time_relative": "63.482734000", + "frame.number": "140", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002bf1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000395f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "254", + "tcp.nxtseq": "301", + "tcp.ack": "1988", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000ba8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9b:39:54:00:24:c9:b1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2811967828, TSecr 2410929": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2811967828", + "tcp.options.timestamp.tsecr": "2410929" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:2f:03:6c:e6:77:f6:e6:b9:5f:29:ae:f9:d0:b7:49:cf:67:77:90:cc:a4:9d:cb:a1:5f:be:ac:77:68:86:f0:ff:ae:a5:80" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:34.976671000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493654.976671000", + "frame.time_delta": "0.033251000", + "frame.time_delta_displayed": "0.033251000", + "frame.time_relative": "63.515985000", + "frame.number": "141", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000094f1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000788e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "1988", + "tcp.ack": "301", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009ba2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:c9:bb:a7:9b:39:54", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2410939, TSecr 2811967828": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2410939", + "tcp.options.timestamp.tsecr": "2811967828" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "140", + "tcp.analysis.ack_rtt": "0.033251000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:36.032382000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493656.032382000", + "frame.time_delta": "1.055711000", + "frame.time_delta_displayed": "1.055711000", + "frame.time_relative": "64.571696000", + "frame.number": "142", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005ae0", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005d09", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:36.729036000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493656.729036000", + "frame.time_delta": "0.696654000", + "frame.time_delta_displayed": "0.696654000", + "frame.time_relative": "65.268350000", + "frame.number": "143", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020cf", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e745", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50192", + "udp.dstport": "1900", + "udp.port": "50192", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x0000864d", + "udp.checksum.status": "2", + "udp.stream": "12" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:37.465248000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493657.465248000", + "frame.time_delta": "0.736212000", + "frame.time_delta_displayed": "0.736212000", + "frame.time_relative": "66.004562000", + "frame.number": "144", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000da6a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dce0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "305", + "udp.checksum": "0x0000010b", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:37.518073000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493657.518073000", + "frame.time_delta": "0.052825000", + "frame.time_delta_displayed": "0.052825000", + "frame.time_relative": "66.057387000", + "frame.number": "145", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000da6c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dcd5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "314", + "udp.checksum": "0x00000ef6", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "144" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:37.570980000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493657.570980000", + "frame.time_delta": "0.052907000", + "frame.time_delta_displayed": "0.052907000", + "frame.time_relative": "66.110294000", + "frame.number": "146", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000da6e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dcd9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "308", + "udp.checksum": "0x00003280", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "145" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:37.691543000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493657.691543000", + "frame.time_delta": "0.120563000", + "frame.time_delta_displayed": "0.120563000", + "frame.time_relative": "66.230857000", + "frame.number": "147", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020d0", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e744", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50192", + "udp.dstport": "1900", + "udp.port": "50192", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x0000864d", + "udp.checksum.status": "2", + "udp.stream": "12" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "143" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:38.522999000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493658.522999000", + "frame.time_delta": "0.831456000", + "frame.time_delta_displayed": "0.831456000", + "frame.time_relative": "67.062313000", + "frame.number": "148", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000daac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc9e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "305", + "udp.checksum": "0x0000010b", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "146" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:38.575837000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493658.575837000", + "frame.time_delta": "0.052838000", + "frame.time_delta_displayed": "0.052838000", + "frame.time_relative": "67.115151000", + "frame.number": "149", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000dab0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc91", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "314", + "udp.checksum": "0x00000ef6", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "148" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:38.628594000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493658.628594000", + "frame.time_delta": "0.052757000", + "frame.time_delta_displayed": "0.052757000", + "frame.time_relative": "67.167908000", + "frame.number": "150", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000dab1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc96", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "308", + "udp.checksum": "0x00003280", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "149" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:38.692856000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493658.692856000", + "frame.time_delta": "0.064262000", + "frame.time_delta_displayed": "0.064262000", + "frame.time_relative": "67.232170000", + "frame.number": "151", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020d1", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e743", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50192", + "udp.dstport": "1900", + "udp.port": "50192", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x0000864d", + "udp.checksum.status": "2", + "udp.stream": "12" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "147" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:39.259287000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493659.259287000", + "frame.time_delta": "0.566431000", + "frame.time_delta_displayed": "0.566431000", + "frame.time_relative": "67.798601000", + "frame.number": "152", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000dae2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc68", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "305", + "udp.checksum": "0x0000010b", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "150" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:39.312084000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493659.312084000", + "frame.time_delta": "0.052797000", + "frame.time_delta_displayed": "0.052797000", + "frame.time_relative": "67.851398000", + "frame.number": "153", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000dae4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc5d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "314", + "udp.checksum": "0x00000ef6", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "152" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:39.364839000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493659.364839000", + "frame.time_delta": "0.052755000", + "frame.time_delta_displayed": "0.052755000", + "frame.time_relative": "67.904153000", + "frame.number": "154", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000dae7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "308", + "udp.checksum": "0x00003280", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "153" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:39.693459000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493659.693459000", + "frame.time_delta": "0.328620000", + "frame.time_delta_displayed": "0.328620000", + "frame.time_relative": "68.232773000", + "frame.number": "155", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020d2", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e742", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50192", + "udp.dstport": "1900", + "udp.port": "50192", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x0000864d", + "udp.checksum.status": "2", + "udp.stream": "12" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "151" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:40.311784000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493660.311784000", + "frame.time_delta": "0.618325000", + "frame.time_delta_displayed": "0.618325000", + "frame.time_relative": "68.851098000", + "frame.number": "156", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000daef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc5b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "305", + "udp.checksum": "0x0000010b", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "154" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:40.364626000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493660.364626000", + "frame.time_delta": "0.052842000", + "frame.time_delta_displayed": "0.052842000", + "frame.time_relative": "68.903940000", + "frame.number": "157", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000daf3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc4e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "314", + "udp.checksum": "0x00000ef6", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "156" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:40.396530000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493660.396530000", + "frame.time_delta": "0.031904000", + "frame.time_delta_displayed": "0.031904000", + "frame.time_relative": "68.935844000", + "frame.number": "158", + "frame.len": "318", + "frame.cap_len": "318", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "304", + "ip.id": "0x00006386", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x00002f45", + "ip.checksum.status": "2", + "ip.src": "54.241.191.235", + "ip.addr": "54.241.191.235", + "ip.src_host": "54.241.191.235", + "ip.host": "54.241.191.235", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49765", + "tcp.port": "80", + "tcp.port": "49765", + "tcp.stream": "8", + "tcp.len": "264", + "tcp.seq": "1", + "tcp.nxtseq": "265", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30016", + "tcp.window_size": "30016", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000aa29", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "264", + "tcp.analysis.push_bytes_sent": "264" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.date": "Tue, 31 Oct 2017 23:47:40 GMT", + "http.response.line": "Date: Tue, 31 Oct 2017 23:47:40 GMT\r\n", + "http.content_type": "text\/javascript; charset=\"UTF-8\"", + "http.response.line": "Content-Type: text\/javascript; charset=\"UTF-8\"\r\n", + "http.content_length_header": "24", + "http.content_length_header_tree": { + "http.content_length": "24" + }, + "http.response.line": "Content-Length: 24\r\n", + "http.connection": "keep-alive", + "http.response.line": "Connection: keep-alive\r\n", + "http.cache_control": "no-cache", + "http.response.line": "Cache-Control: no-cache\r\n", + "http.response.line": "Access-Control-Allow-Origin: *\r\n", + "http.response.line": "Access-Control-Allow-Methods: GET\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.file_data": "[[],\"15094933571306917\"]" + }, + "data-text-lines": { + "[[],\"15094933571306917\"]": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:40.417444000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493660.417444000", + "frame.time_delta": "0.020914000", + "frame.time_delta_displayed": "0.020914000", + "frame.time_relative": "68.956758000", + "frame.number": "159", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000daf7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc50", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "308", + "udp.checksum": "0x00003280", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "157" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:40.429943000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493660.429943000", + "frame.time_delta": "0.012499000", + "frame.time_delta_displayed": "0.012499000", + "frame.time_relative": "68.969257000", + "frame.number": "160", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000100b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f3c7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.235", + "ip.addr": "54.241.191.235", + "ip.dst_host": "54.241.191.235", + "ip.host": "54.241.191.235", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49765", + "tcp.dstport": "80", + "tcp.port": "49765", + "tcp.port": "80", + "tcp.stream": "8", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "265", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5336", + "tcp.window_size": "5336", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000089a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "158", + "tcp.analysis.ack_rtt": "0.033413000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:40.441384000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493660.441384000", + "frame.time_delta": "0.011441000", + "frame.time_delta_displayed": "0.011441000", + "frame.time_relative": "68.980698000", + "frame.number": "161", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006387", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x0000304c", + "ip.checksum.status": "2", + "ip.src": "54.241.191.235", + "ip.addr": "54.241.191.235", + "ip.src_host": "54.241.191.235", + "ip.host": "54.241.191.235", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49765", + "tcp.port": "80", + "tcp.port": "49765", + "tcp.stream": "8", + "tcp.len": "0", + "tcp.seq": "265", + "tcp.ack": "2", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30016", + "tcp.window_size": "30016", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a830", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "160", + "tcp.analysis.ack_rtt": "0.011441000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:40.446914000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493660.446914000", + "frame.time_delta": "0.005530000", + "frame.time_delta_displayed": "0.005530000", + "frame.time_relative": "68.986228000", + "frame.number": "162", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000100c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f3c6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.235", + "ip.addr": "54.241.191.235", + "ip.dst_host": "54.241.191.235", + "ip.host": "54.241.191.235", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49765", + "tcp.dstport": "80", + "tcp.port": "49765", + "tcp.port": "80", + "tcp.stream": "8", + "tcp.len": "0", + "tcp.seq": "2", + "tcp.ack": "266", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5335", + "tcp.window_size": "5335", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000089a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "161", + "tcp.analysis.ack_rtt": "0.005530000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:40.888286000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493660.888286000", + "frame.time_delta": "0.441372000", + "frame.time_delta_displayed": "0.441372000", + "frame.time_relative": "69.427600000", + "frame.number": "163", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000dafe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc4c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "305", + "udp.checksum": "0x0000010b", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "159" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:40.895844000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493660.895844000", + "frame.time_delta": "0.007558000", + "frame.time_delta_displayed": "0.007558000", + "frame.time_relative": "69.435158000", + "frame.number": "164", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000daff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc42", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "314", + "udp.checksum": "0x00000ef6", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "163" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:40.948644000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493660.948644000", + "frame.time_delta": "0.052800000", + "frame.time_delta_displayed": "0.052800000", + "frame.time_relative": "69.487958000", + "frame.number": "165", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000db04", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc43", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "308", + "udp.checksum": "0x00003280", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "164" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:41.437489000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493661.437489000", + "frame.time_delta": "0.488845000", + "frame.time_delta_displayed": "0.488845000", + "frame.time_relative": "69.976803000", + "frame.number": "166", + "frame.len": "77", + "frame.cap_len": "77", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "63", + "ip.id": "0x0000100d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000029d7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49153", + "udp.dstport": "53", + "udp.port": "49153", + "udp.port": "53", + "udp.length": "43", + "udp.checksum": "0x0000ae31", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "pubsub.pubnub.com: type A, class IN": { + "dns.qry.name": "pubsub.pubnub.com", + "dns.qry.name.len": "17", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:41.442343000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493661.442343000", + "frame.time_delta": "0.004854000", + "frame.time_delta_displayed": "0.004854000", + "frame.time_relative": "69.981657000", + "frame.number": "167", + "frame.len": "540", + "frame.cap_len": "540", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "526", + "ip.id": "0x0000c088", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f68c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49153", + "udp.port": "53", + "udp.port": "49153", + "udp.length": "506", + "udp.checksum": "0x000083d5", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.response_to": "166", + "dns.time": "0.004854000", + "dns.id": "0x00000000", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "2", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "11", + "Queries": { + "pubsub.pubnub.com: type A, class IN": { + "dns.qry.name": "pubsub.pubnub.com", + "dns.qry.name.len": "17", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "pubsub.pubnub.com: type A, class IN, addr 54.241.191.236": { + "dns.resp.name": "pubsub.pubnub.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "288", + "dns.resp.len": "4", + "dns.a": "54.241.191.236" + }, + "pubsub.pubnub.com: type A, class IN, addr 54.219.189.240": { + "dns.resp.name": "pubsub.pubnub.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "288", + "dns.resp.len": "4", + "dns.a": "54.219.189.240" + } + }, + "Authoritative nameservers": { + "pubnub.com: type NS, class IN, ns ns1.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53898", + "dns.resp.len": "20", + "dns.ns": "ns1.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns3.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53898", + "dns.resp.len": "6", + "dns.ns": "ns3.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns4.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53898", + "dns.resp.len": "6", + "dns.ns": "ns4.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns2.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53898", + "dns.resp.len": "6", + "dns.ns": "ns2.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns-22.awsdns-02.com": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53898", + "dns.resp.len": "18", + "dns.ns": "ns-22.awsdns-02.com" + }, + "pubnub.com: type NS, class IN, ns ns-1979.awsdns-55.co.uk": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53898", + "dns.resp.len": "25", + "dns.ns": "ns-1979.awsdns-55.co.uk" + }, + "pubnub.com: type NS, class IN, ns ns-1127.awsdns-12.org": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53898", + "dns.resp.len": "23", + "dns.ns": "ns-1127.awsdns-12.org" + }, + "pubnub.com: type NS, class IN, ns ns-907.awsdns-49.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53898", + "dns.resp.len": "19", + "dns.ns": "ns-907.awsdns-49.net" + } + }, + "Additional records": { + "ns1.p19.dynect.net: type A, class IN, addr 208.78.70.19": { + "dns.resp.name": "ns1.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6189", + "dns.resp.len": "4", + "dns.a": "208.78.70.19" + }, + "ns2.p19.dynect.net: type A, class IN, addr 204.13.250.19": { + "dns.resp.name": "ns2.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58149", + "dns.resp.len": "4", + "dns.a": "204.13.250.19" + }, + "ns3.p19.dynect.net: type A, class IN, addr 208.78.71.19": { + "dns.resp.name": "ns3.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4459", + "dns.resp.len": "4", + "dns.a": "208.78.71.19" + }, + "ns4.p19.dynect.net: type A, class IN, addr 204.13.251.19": { + "dns.resp.name": "ns4.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58150", + "dns.resp.len": "4", + "dns.a": "204.13.251.19" + }, + "ns-22.awsdns-02.com: type A, class IN, addr 205.251.192.22": { + "dns.resp.name": "ns-22.awsdns-02.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58891", + "dns.resp.len": "4", + "dns.a": "205.251.192.22" + }, + "ns-907.awsdns-49.net: type A, class IN, addr 205.251.195.139": { + "dns.resp.name": "ns-907.awsdns-49.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58999", + "dns.resp.len": "4", + "dns.a": "205.251.195.139" + }, + "ns-1127.awsdns-12.org: type A, class IN, addr 205.251.196.103": { + "dns.resp.name": "ns-1127.awsdns-12.org", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58541", + "dns.resp.len": "4", + "dns.a": "205.251.196.103" + }, + "ns-1979.awsdns-55.co.uk: type A, class IN, addr 205.251.199.187": { + "dns.resp.name": "ns-1979.awsdns-55.co.uk", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58342", + "dns.resp.len": "4", + "dns.a": "205.251.199.187" + }, + "ns-22.awsdns-02.com: type AAAA, class IN, addr 2600:9000:5300:1600::1": { + "dns.resp.name": "ns-22.awsdns-02.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58891", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5300:1600::1" + }, + "ns-907.awsdns-49.net: type AAAA, class IN, addr 2600:9000:5303:8b00::1": { + "dns.resp.name": "ns-907.awsdns-49.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58999", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5303:8b00::1" + }, + "ns-1127.awsdns-12.org: type AAAA, class IN, addr 2600:9000:5304:6700::1": { + "dns.resp.name": "ns-1127.awsdns-12.org", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58541", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5304:6700::1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:41.460523000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493661.460523000", + "frame.time_delta": "0.018180000", + "frame.time_delta_displayed": "0.018180000", + "frame.time_relative": "69.999837000", + "frame.number": "168", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x0000100e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f3bf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.236", + "ip.addr": "54.241.191.236", + "ip.dst_host": "54.241.191.236", + "ip.host": "54.241.191.236", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49766", + "tcp.dstport": "80", + "tcp.port": "49766", + "tcp.port": "80", + "tcp.stream": "9", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.checksum": "0x00003607", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:78", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1400" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:41.472318000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493661.472318000", + "frame.time_delta": "0.011795000", + "frame.time_delta_displayed": "0.011795000", + "frame.time_relative": "70.011632000", + "frame.number": "169", + "frame.len": "58", + "frame.cap_len": "58", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x000093ce", + "ip.checksum.status": "2", + "ip.src": "54.241.191.236", + "ip.addr": "54.241.191.236", + "ip.src_host": "54.241.191.236", + "ip.host": "54.241.191.236", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49766", + "tcp.port": "80", + "tcp.port": "49766", + "tcp.stream": "9", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00007ba9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "168", + "tcp.analysis.ack_rtt": "0.011795000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:41.477368000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493661.477368000", + "frame.time_delta": "0.005050000", + "frame.time_delta_displayed": "0.005050000", + "frame.time_relative": "70.016682000", + "frame.number": "170", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000100f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f3c2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.236", + "ip.addr": "54.241.191.236", + "ip.dst_host": "54.241.191.236", + "ip.host": "54.241.191.236", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49766", + "tcp.dstport": "80", + "tcp.port": "49766", + "tcp.port": "80", + "tcp.stream": "9", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000ef96", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "169", + "tcp.analysis.ack_rtt": "0.005050000", + "tcp.analysis.initial_rtt": "0.016845000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:41.496686000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493661.496686000", + "frame.time_delta": "0.019318000", + "frame.time_delta_displayed": "0.019318000", + "frame.time_relative": "70.036000000", + "frame.number": "171", + "frame.len": "69", + "frame.cap_len": "69", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "55", + "ip.id": "0x00001010", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f3b2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.236", + "ip.addr": "54.241.191.236", + "ip.dst_host": "54.241.191.236", + "ip.host": "54.241.191.236", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49766", + "tcp.dstport": "80", + "tcp.port": "49766", + "tcp.port": "80", + "tcp.stream": "9", + "tcp.len": "15", + "tcp.seq": "1", + "tcp.nxtseq": "16", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003812", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.016845000", + "tcp.analysis.bytes_in_flight": "15", + "tcp.analysis.push_bytes_sent": "15" + }, + "tcp.segment_data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:41.508209000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493661.508209000", + "frame.time_delta": "0.011523000", + "frame.time_delta_displayed": "0.011523000", + "frame.time_relative": "70.047523000", + "frame.number": "172", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000546f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x00003f63", + "ip.checksum.status": "2", + "ip.src": "54.241.191.236", + "ip.addr": "54.241.191.236", + "ip.src_host": "54.241.191.236", + "ip.host": "54.241.191.236", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49766", + "tcp.port": "80", + "tcp.port": "49766", + "tcp.stream": "9", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "16", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00009357", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "171", + "tcp.analysis.ack_rtt": "0.011523000", + "tcp.analysis.initial_rtt": "0.016845000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:41.513209000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493661.513209000", + "frame.time_delta": "0.005000000", + "frame.time_delta_displayed": "0.005000000", + "frame.time_relative": "70.052523000", + "frame.number": "173", + "frame.len": "296", + "frame.cap_len": "296", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "282", + "ip.id": "0x00001011", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f2ce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.236", + "ip.addr": "54.241.191.236", + "ip.dst_host": "54.241.191.236", + "ip.host": "54.241.191.236", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49766", + "tcp.dstport": "80", + "tcp.port": "49766", + "tcp.port": "80", + "tcp.stream": "9", + "tcp.len": "242", + "tcp.seq": "16", + "tcp.nxtseq": "258", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00007da4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.016845000", + "tcp.analysis.bytes_in_flight": "242", + "tcp.analysis.push_bytes_sent": "242" + }, + "tcp.segment_data": "73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:33:33:35:37:31:33:30:36:39:31:37:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" + }, + "tcp.segments": { + "tcp.segment": "171", + "tcp.segment": "173", + "tcp.segment.count": "2", + "tcp.reassembled.length": "257", + "tcp.reassembled.data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f:73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:33:33:35:37:31:33:30:36:39:31:37:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" + }, + "http": { + "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917 HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917 HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "pubsub.pubnub.com", + "http.request.line": "Host: pubsub.pubnub.com\r\n", + "http.user_agent": "lwsockets\/0.1", + "http.request.line": "User-Agent: lwsockets\/0.1\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.cache_control": "no-cache, no-store, max-age=0", + "http.request.line": "Cache-Control: no-cache, no-store, max-age=0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/pubsub.pubnub.com\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:41.525476000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493661.525476000", + "frame.time_delta": "0.012267000", + "frame.time_delta_displayed": "0.012267000", + "frame.time_relative": "70.064790000", + "frame.number": "174", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005470", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x00003f62", + "ip.checksum.status": "2", + "ip.src": "54.241.191.236", + "ip.addr": "54.241.191.236", + "ip.src_host": "54.241.191.236", + "ip.host": "54.241.191.236", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49766", + "tcp.port": "80", + "tcp.port": "49766", + "tcp.stream": "9", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "258", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30016", + "tcp.window_size": "30016", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008f35", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "173", + "tcp.analysis.ack_rtt": "0.012267000", + "tcp.analysis.initial_rtt": "0.016845000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:41.895682000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493661.895682000", + "frame.time_delta": "0.370206000", + "frame.time_delta_displayed": "0.370206000", + "frame.time_relative": "70.434996000", + "frame.number": "175", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000db0c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc3e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "305", + "udp.checksum": "0x0000010b", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "165" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:41.948511000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493661.948511000", + "frame.time_delta": "0.052829000", + "frame.time_delta_displayed": "0.052829000", + "frame.time_relative": "70.487825000", + "frame.number": "176", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000db0f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc32", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "314", + "udp.checksum": "0x00000ef6", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "175" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:42.001280000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493662.001280000", + "frame.time_delta": "0.052769000", + "frame.time_delta_displayed": "0.052769000", + "frame.time_relative": "70.540594000", + "frame.number": "177", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000db15", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc32", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "308", + "udp.checksum": "0x00003280", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "176" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:43.000495000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493663.000495000", + "frame.time_delta": "0.999215000", + "frame.time_delta_displayed": "0.999215000", + "frame.time_relative": "71.539809000", + "frame.number": "178", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000db26", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc24", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "305", + "udp.checksum": "0x0000010b", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "177" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:43.053376000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493663.053376000", + "frame.time_delta": "0.052881000", + "frame.time_delta_displayed": "0.052881000", + "frame.time_relative": "71.592690000", + "frame.number": "179", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000db27", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc1a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "314", + "udp.checksum": "0x00000ef6", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "178" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:43.106114000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493663.106114000", + "frame.time_delta": "0.052738000", + "frame.time_delta_displayed": "0.052738000", + "frame.time_relative": "71.645428000", + "frame.number": "180", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000db2c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc1b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "308", + "udp.checksum": "0x00003280", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "179" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:44.053018000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493664.053018000", + "frame.time_delta": "0.946904000", + "frame.time_delta_displayed": "0.946904000", + "frame.time_relative": "72.592332000", + "frame.number": "181", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000db2f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc1b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "305", + "udp.checksum": "0x0000010b", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "180" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:44.105935000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493664.105935000", + "frame.time_delta": "0.052917000", + "frame.time_delta_displayed": "0.052917000", + "frame.time_relative": "72.645249000", + "frame.number": "182", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000db30", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc11", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "314", + "udp.checksum": "0x00000ef6", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "181" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:44.158795000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493664.158795000", + "frame.time_delta": "0.052860000", + "frame.time_delta_displayed": "0.052860000", + "frame.time_relative": "72.698109000", + "frame.number": "183", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000db31", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc16", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50192", + "udp.port": "1900", + "udp.port": "50192", + "udp.length": "308", + "udp.checksum": "0x00003280", + "udp.checksum.status": "2", + "udp.stream": "13" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "182" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:45.400471000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493665.400471000", + "frame.time_delta": "1.241676000", + "frame.time_delta_displayed": "1.241676000", + "frame.time_relative": "73.939785000", + "frame.number": "184", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.120" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:45.407424000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493665.407424000", + "frame.time_delta": "0.006953000", + "frame.time_delta_displayed": "0.006953000", + "frame.time_relative": "73.946738000", + "frame.number": "185", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "e4:95:6e:b0:20:39", + "arp.src.proto_ipv4": "192.168.0.120", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:46.158400000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493666.158400000", + "frame.time_delta": "0.750976000", + "frame.time_delta_displayed": "0.750976000", + "frame.time_relative": "74.697714000", + "frame.number": "186", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:46.161216000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493666.161216000", + "frame.time_delta": "0.002816000", + "frame.time_delta_displayed": "0.002816000", + "frame.time_relative": "74.700530000", + "frame.number": "187", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:46.179163000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493666.179163000", + "frame.time_delta": "0.017947000", + "frame.time_delta_displayed": "0.017947000", + "frame.time_relative": "74.718477000", + "frame.number": "188", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:46.319944000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493666.319944000", + "frame.time_delta": "0.140781000", + "frame.time_delta_displayed": "0.140781000", + "frame.time_relative": "74.859258000", + "frame.number": "189", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:47.167775000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493667.167775000", + "frame.time_delta": "0.847831000", + "frame.time_delta_displayed": "0.847831000", + "frame.time_relative": "75.707089000", + "frame.number": "190", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x000074a3", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x00c4a775", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:47.180808000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493667.180808000", + "frame.time_delta": "0.013033000", + "frame.time_delta_displayed": "0.013033000", + "frame.time_relative": "75.720122000", + "frame.number": "191", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x0000aac2", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x0033671f", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:47.187984000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493667.187984000", + "frame.time_delta": "0.007176000", + "frame.time_delta_displayed": "0.007176000", + "frame.time_relative": "75.727298000", + "frame.number": "192", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:47.198021000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493667.198021000", + "frame.time_delta": "0.010037000", + "frame.time_delta_displayed": "0.010037000", + "frame.time_relative": "75.737335000", + "frame.number": "193", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:47.605552000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493667.605552000", + "frame.time_delta": "0.407531000", + "frame.time_delta_displayed": "0.407531000", + "frame.time_relative": "76.144866000", + "frame.number": "194", + "frame.len": "145", + "frame.cap_len": "145", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "131", + "ip.id": "0x000094f2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000783e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "79", + "tcp.seq": "1988", + "tcp.nxtseq": "2067", + "tcp.ack": "301", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f501", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:ce:a9:a7:9b:39:54", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2412201, TSecr 2811967828": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2412201", + "tcp.options.timestamp.tsecr": "2811967828" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "79", + "tcp.analysis.push_bytes_sent": "79" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "74", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:99:2f:84:c4:45:a1:1d:71:63:63:dc:4c:2b:9a:8c:57:6f:4f:4c:c9:03:6d:a0:f5:db:74:08:66:0a:f8:48:04:0e:d1:23:0c:f2:f5:9d:c6:ca:ab:49:84:a9:a7:64:c7:0c:12:de:ca:a9:0c:88:8a:c6:db:a8:8b:36:33:77:84:82:74:d0" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:47.667473000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493667.667473000", + "frame.time_delta": "0.061921000", + "frame.time_delta_displayed": "0.061921000", + "frame.time_relative": "76.206787000", + "frame.number": "195", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002bf2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000395e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "301", + "tcp.nxtseq": "348", + "tcp.ack": "2067", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000085d0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9b:45:c1:00:24:ce:a9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2811971009, TSecr 2412201": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2811971009", + "tcp.options.timestamp.tsecr": "2412201" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "194", + "tcp.analysis.ack_rtt": "0.061921000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:30:10:55:98:2d:49:3e:4d:7f:09:a0:0d:78:01:b1:3e:02:8b:d5:a1:fa:5d:4c:43:fd:94:d2:4c:3b:ac:fa:7f:96:ab:9f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:47.667968000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493667.667968000", + "frame.time_delta": "0.000495000", + "frame.time_delta_displayed": "0.000495000", + "frame.time_relative": "76.207282000", + "frame.number": "196", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000094f3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000788c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "2067", + "tcp.ack": "348", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000089c2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:ce:b0:a7:9b:45:c1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2412208, TSecr 2811971009": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2412208", + "tcp.options.timestamp.tsecr": "2811971009" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "195", + "tcp.analysis.ack_rtt": "0.000495000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:48.200978000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493668.200978000", + "frame.time_delta": "0.533010000", + "frame.time_delta_displayed": "0.533010000", + "frame.time_relative": "76.740292000", + "frame.number": "197", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:48.203256000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493668.203256000", + "frame.time_delta": "0.002278000", + "frame.time_delta_displayed": "0.002278000", + "frame.time_relative": "76.742570000", + "frame.number": "198", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:48.219350000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493668.219350000", + "frame.time_delta": "0.016094000", + "frame.time_delta_displayed": "0.016094000", + "frame.time_relative": "76.758664000", + "frame.number": "199", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:48.235130000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493668.235130000", + "frame.time_delta": "0.015780000", + "frame.time_delta_displayed": "0.015780000", + "frame.time_relative": "76.774444000", + "frame.number": "200", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000fa02", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Include Mode": { + "igmp.record_type": "3", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:48.357500000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493668.357500000", + "frame.time_delta": "0.122370000", + "frame.time_delta_displayed": "0.122370000", + "frame.time_relative": "76.896814000", + "frame.number": "201", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x000094f4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000772b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "2067", + "tcp.nxtseq": "2419", + "tcp.ack": "348", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000aa9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:ce:f5:a7:9b:45:c1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2412277, TSecr 2811971009": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2412277", + "tcp.options.timestamp.tsecr": "2811971009" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "352", + "tcp.analysis.push_bytes_sent": "352" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "347", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:9a:e9:1a:03:c9:86:61:16:c7:07:e6:5c:1c:c7:fc:5b:ae:c4:9a:40:4b:de:31:b9:40:69:9c:fb:7c:ca:a3:d4:c5:80:9e:f1:8e:05:0e:9c:f7:21:dc:fd:25:c4:4a:6f:19:b3:99:dd:67:9a:a0:91:4e:7c:25:75:d2:b7:54:f6:ad:2c:49:87:45:1b:2e:73:a3:1c:ef:58:fd:69:71:e7:ff:a4:28:79:71:5c:0f:c6:bb:9a:03:32:a5:62:3b:35:17:bb:39:28:5f:86:dc:4a:6f:57:d5:1d:29:ce:fa:b3:47:db:2a:1d:05:ce:42:aa:b8:35:82:04:64:65:81:ed:9c:f8:b8:ed:ad:d9:07:f1:f1:b7:e6:b7:95:73:80:36:4e:55:2e:c5:e2:cd:87:ef:f7:87:fb:f4:98:c8:68:84:0c:4c:45:8f:fa:fd:d6:d5:cb:2f:9e:72:54:8b:83:66:29:2b:13:dd:45:9d:44:30:72:1f:41:03:47:01:7f:3a:ba:a2:b6:29:4c:1f:72:7e:5e:a5:9a:ce:1c:02:da:6c:f3:48:17:4d:ac:d1:93:94:fe:f8:3d:76:55:4e:1c:2b:71:3b:a9:88:d5:9d:cb:0a:27:6d:5f:f5:06:ee:41:ec:54:0d:da:0c:5d:fc:2b:d1:2f:92:9d:9f:0e:66:c8:48:27:05:68:bf:85:74:1b:0f:c1:4c:7f:0f:aa:07:c8:ee:bf:15:dc:af:2c:74:87:15:6c:a7:10:20:82:ad:04:96:02:49:91:b9:49:70:be:ea:ef:ff:41:8f:06:30:b9:6b:e3:0b:b9:35:49:d7:8e:0e:06:f9:d4:50:cb:fc:ad:6a:9d:89:45:c8:34:d8:49:83:37:d9:c4:e8:0c:7d:12:30:43:79:f6:08" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:48.369346000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493668.369346000", + "frame.time_delta": "0.011846000", + "frame.time_delta_displayed": "0.011846000", + "frame.time_relative": "76.908660000", + "frame.number": "202", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:48.418285000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493668.418285000", + "frame.time_delta": "0.048939000", + "frame.time_delta_displayed": "0.048939000", + "frame.time_relative": "76.957599000", + "frame.number": "203", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002bf3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000395d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "348", + "tcp.nxtseq": "395", + "tcp.ack": "2419", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000883f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9b:46:7d:00:24:ce:f5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2811971197, TSecr 2412277": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2811971197", + "tcp.options.timestamp.tsecr": "2412277" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "201", + "tcp.analysis.ack_rtt": "0.060785000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:31:5f:b8:fc:5d:01:6e:e3:d9:1b:db:0e:b5:2b:fd:51:df:3e:0c:98:ff:e7:d5:88:39:4b:10:86:84:6d:ae:b0:c6:f7:6d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:48.418724000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493668.418724000", + "frame.time_delta": "0.000439000", + "frame.time_delta_displayed": "0.000439000", + "frame.time_relative": "76.958038000", + "frame.number": "204", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000094f5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000788a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "2419", + "tcp.ack": "395", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000872c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:ce:fb:a7:9b:46:7d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2412283, TSecr 2811971197": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2412283", + "tcp.options.timestamp.tsecr": "2811971197" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "203", + "tcp.analysis.ack_rtt": "0.000439000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:48.443753000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493668.443753000", + "frame.time_delta": "0.025029000", + "frame.time_delta_displayed": "0.025029000", + "frame.time_relative": "76.983067000", + "frame.number": "205", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x0000bdf8", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x00d95e0b", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:48.449822000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493668.449822000", + "frame.time_delta": "0.006069000", + "frame.time_delta_displayed": "0.006069000", + "frame.time_relative": "76.989136000", + "frame.number": "206", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x000065b7", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x0064abf9", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:48.459032000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493668.459032000", + "frame.time_delta": "0.009210000", + "frame.time_delta_displayed": "0.009210000", + "frame.time_relative": "76.998346000", + "frame.number": "207", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:48.470824000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493668.470824000", + "frame.time_delta": "0.011792000", + "frame.time_delta_displayed": "0.011792000", + "frame.time_relative": "77.010138000", + "frame.number": "208", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:49.477746000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493669.477746000", + "frame.time_delta": "1.006922000", + "frame.time_delta_displayed": "1.006922000", + "frame.time_relative": "78.017060000", + "frame.number": "209", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:49.480532000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493669.480532000", + "frame.time_delta": "0.002786000", + "frame.time_delta_displayed": "0.002786000", + "frame.time_relative": "78.019846000", + "frame.number": "210", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:49.484163000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493669.484163000", + "frame.time_delta": "0.003631000", + "frame.time_delta_displayed": "0.003631000", + "frame.time_relative": "78.023477000", + "frame.number": "211", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:49.534422000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493669.534422000", + "frame.time_delta": "0.050259000", + "frame.time_delta_displayed": "0.050259000", + "frame.time_relative": "78.073736000", + "frame.number": "212", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:49.589156000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493669.589156000", + "frame.time_delta": "0.054734000", + "frame.time_delta_displayed": "0.054734000", + "frame.time_relative": "78.128470000", + "frame.number": "213", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "36", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f315", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "1", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:50.063961000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493670.063961000", + "frame.time_delta": "0.474805000", + "frame.time_delta_displayed": "0.474805000", + "frame.time_relative": "78.603275000", + "frame.number": "214", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x0000b2a1", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x00bd697e", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:50.071084000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493670.071084000", + "frame.time_delta": "0.007123000", + "frame.time_delta_displayed": "0.007123000", + "frame.time_relative": "78.610398000", + "frame.number": "215", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x0000e8f4", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x004828d8", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:50.078839000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493670.078839000", + "frame.time_delta": "0.007755000", + "frame.time_delta_displayed": "0.007755000", + "frame.time_relative": "78.618153000", + "frame.number": "216", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:50.088237000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493670.088237000", + "frame.time_delta": "0.009398000", + "frame.time_delta_displayed": "0.009398000", + "frame.time_relative": "78.627551000", + "frame.number": "217", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:51.100942000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493671.100942000", + "frame.time_delta": "1.012705000", + "frame.time_delta_displayed": "1.012705000", + "frame.time_relative": "79.640256000", + "frame.number": "218", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:51.103287000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493671.103287000", + "frame.time_delta": "0.002345000", + "frame.time_delta_displayed": "0.002345000", + "frame.time_relative": "79.642601000", + "frame.number": "219", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:51.105093000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493671.105093000", + "frame.time_delta": "0.001806000", + "frame.time_delta_displayed": "0.001806000", + "frame.time_relative": "79.644407000", + "frame.number": "220", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:51.299297000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493671.299297000", + "frame.time_delta": "0.194204000", + "frame.time_delta_displayed": "0.194204000", + "frame.time_relative": "79.838611000", + "frame.number": "221", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:51.842410000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493671.842410000", + "frame.time_delta": "0.543113000", + "frame.time_delta_displayed": "0.543113000", + "frame.time_relative": "80.381724000", + "frame.number": "222", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x0000e591", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x009c36af", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:51.846984000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493671.846984000", + "frame.time_delta": "0.004574000", + "frame.time_delta_displayed": "0.004574000", + "frame.time_relative": "80.386298000", + "frame.number": "223", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x0000a9c2", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x009967b9", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:51.857232000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493671.857232000", + "frame.time_delta": "0.010248000", + "frame.time_delta_displayed": "0.010248000", + "frame.time_relative": "80.396546000", + "frame.number": "224", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:51.868193000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493671.868193000", + "frame.time_delta": "0.010961000", + "frame.time_delta_displayed": "0.010961000", + "frame.time_relative": "80.407507000", + "frame.number": "225", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:52.670783000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493672.670783000", + "frame.time_delta": "0.802590000", + "frame.time_delta_displayed": "0.802590000", + "frame.time_relative": "81.210097000", + "frame.number": "226", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:52.671257000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493672.671257000", + "frame.time_delta": "0.000474000", + "frame.time_delta_displayed": "0.000474000", + "frame.time_relative": "81.210571000", + "frame.number": "227", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:54.047053000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493674.047053000", + "frame.time_delta": "1.375796000", + "frame.time_delta_displayed": "1.375796000", + "frame.time_relative": "82.586367000", + "frame.number": "228", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:56.586071000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493676.586071000", + "frame.time_delta": "2.539018000", + "frame.time_delta_displayed": "2.539018000", + "frame.time_relative": "85.125385000", + "frame.number": "229", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:57:18:8e:aa:94", + "arp.src.proto_ipv4": "192.168.0.108", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:58.531102000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493678.531102000", + "frame.time_delta": "1.945031000", + "frame.time_delta_displayed": "1.945031000", + "frame.time_relative": "87.070416000", + "frame.number": "230", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001cd5", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bb1b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1315", + "udp.dstport": "5353", + "udp.port": "1315", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x000012a2", + "udp.checksum.status": "2", + "udp.stream": "5" + }, + "mdns": { + "dns.id": "0x0000025b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=603", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=58873" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:58.531622000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493678.531622000", + "frame.time_delta": "0.000520000", + "frame.time_delta_displayed": "0.000520000", + "frame.time_relative": "87.070936000", + "frame.number": "231", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001cd6", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009c16", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1315", + "udp.dstport": "5353", + "udp.port": "1315", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f39d", + "udp.checksum.status": "2", + "udp.stream": "6" + }, + "mdns": { + "dns.id": "0x0000025b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=603", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=58873" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:47:58.532220000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493678.532220000", + "frame.time_delta": "0.000598000", + "frame.time_delta_displayed": "0.000598000", + "frame.time_relative": "87.071534000", + "frame.number": "232", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1316", + "udp.dstport": "5353", + "udp.port": "1316", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008163", + "udp.checksum.status": "2", + "udp.stream": "7" + }, + "mdns": { + "dns.id": "0x0000025b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=603", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=58873" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:03.531393000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493683.531393000", + "frame.time_delta": "4.999173000", + "frame.time_delta_displayed": "4.999173000", + "frame.time_relative": "92.070707000", + "frame.number": "233", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001cd7", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bb19", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1315", + "udp.dstport": "5353", + "udp.port": "1315", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x000012a2", + "udp.checksum.status": "2", + "udp.stream": "5" + }, + "mdns": { + "dns.id": "0x0000025b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=603", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=58873" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:03.531912000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493683.531912000", + "frame.time_delta": "0.000519000", + "frame.time_delta_displayed": "0.000519000", + "frame.time_relative": "92.071226000", + "frame.number": "234", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001cd8", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009c14", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1315", + "udp.dstport": "5353", + "udp.port": "1315", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f39d", + "udp.checksum.status": "2", + "udp.stream": "6" + }, + "mdns": { + "dns.id": "0x0000025b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=603", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=58873" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:03.532533000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493683.532533000", + "frame.time_delta": "0.000621000", + "frame.time_delta_displayed": "0.000621000", + "frame.time_relative": "92.071847000", + "frame.number": "235", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1316", + "udp.dstport": "5353", + "udp.port": "1316", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008163", + "udp.checksum.status": "2", + "udp.stream": "7" + }, + "mdns": { + "dns.id": "0x0000025b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=603", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=58873" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:04.089085000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493684.089085000", + "frame.time_delta": "0.556552000", + "frame.time_delta_displayed": "0.556552000", + "frame.time_relative": "92.628399000", + "frame.number": "236", + "frame.len": "94", + "frame.cap_len": "94", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "80", + "ip.id": "0x000057d1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a698", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "40", + "tcp.seq": "2", + "tcp.nxtseq": "42", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005968", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.lost_segment": "", + "_ws.expert.message": "Previous segment not captured (common at capture start)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "35", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:dc:54:16:9a:8b:4e:19:e3:20:3b:8e:8d:af:ea:2c:93:b6:af:f1:91:71:e8:bc:60:69:cc:01:dc" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:04.271766000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493684.271766000", + "frame.time_delta": "0.182681000", + "frame.time_delta_displayed": "0.182681000", + "frame.time_relative": "92.811080000", + "frame.number": "237", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fc3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdce", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "42", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000110c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "236", + "tcp.analysis.ack_rtt": "0.182681000", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.ack_lost_segment": "", + "_ws.expert.message": "ACKed segment that wasn't captured (common at capture start)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:04.294896000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493684.294896000", + "frame.time_delta": "0.023130000", + "frame.time_delta_displayed": "0.023130000", + "frame.time_relative": "92.834210000", + "frame.number": "238", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00000fc4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fda9", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "36", + "tcp.seq": "1", + "tcp.nxtseq": "37", + "tcp.ack": "42", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cc00", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "36", + "tcp.analysis.push_bytes_sent": "36" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "31", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:62:10:75:8f:ec:d9:59:42:2b:f3:cd:1c:b1:e6:73:c7:33:fe:04:10:d3:e0:04:8d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:04.295387000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493684.295387000", + "frame.time_delta": "0.000491000", + "frame.time_delta_displayed": "0.000491000", + "frame.time_relative": "92.834701000", + "frame.number": "239", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057d2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6bf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "42", + "tcp.ack": "37", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000672", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "238", + "tcp.analysis.ack_rtt": "0.000491000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:05.090043000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493685.090043000", + "frame.time_delta": "0.794656000", + "frame.time_delta_displayed": "0.794656000", + "frame.time_relative": "93.629357000", + "frame.number": "240", + "frame.len": "1325", + "frame.cap_len": "1325", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1311", + "ip.id": "0x000094f6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000739e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1259", + "tcp.seq": "2419", + "tcp.nxtseq": "3678", + "tcp.ack": "395", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000208a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:d5:7e:a7:9b:46:7d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2413950, TSecr 2811971197": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2413950", + "tcp.options.timestamp.tsecr": "2811971197" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1259", + "tcp.analysis.push_bytes_sent": "1259" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1254", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:9b:98:e1:bc:a7:db:6e:85:c5:54:5d:b7:88:54:74:05:74:f3:a7:ff:e8:a3:f7:8c:03:58:d5:ef:85:52:c0:8e:8f:50:99:0a:e5:c9:fa:db:85:b2:de:0f:59:e8:16:3b:5f:28:8d:ad:b2:6f:44:84:b0:91:39:61:b1:41:88:3b:df:6a:7c:67:bc:3d:95:bd:a2:7d:b9:4b:9d:2d:67:a0:82:08:fa:49:ec:c8:92:67:b2:48:3d:0e:5d:91:b4:20:b2:cc:db:f1:fe:e2:94:e9:2f:4f:f1:6b:17:c6:1f:46:0d:9d:f3:47:85:22:fd:8d:8f:7d:31:64:35:79:95:f4:a0:82:d2:91:f8:41:e8:f7:9b:8c:b0:de:d5:fc:d4:61:93:1e:ee:44:40:37:7a:aa:f1:19:e6:20:68:ee:b1:35:c8:51:2c:77:d5:8d:8d:24:d2:a6:86:78:25:a1:22:52:75:dd:30:4d:66:f3:ff:b0:6a:df:88:8a:40:36:7b:20:a4:dd:6d:ed:6f:ce:54:dd:c1:6d:3b:66:b2:22:89:7a:84:8d:5b:e7:75:8c:60:13:ef:a3:00:55:b8:63:34:ec:61:43:d5:cb:5d:bb:f2:4e:55:4e:ef:a4:32:8c:ad:e6:2e:e0:5d:57:fd:b5:26:8e:95:e3:59:87:e6:d1:6f:0a:bc:b9:30:c2:8b:c8:d4:53:8d:84:d6:81:bf:5b:e8:ff:0c:a1:fd:f3:b6:ec:06:2e:fb:d9:fc:e6:a6:0d:45:be:9b:ca:20:25:87:8e:39:0a:d6:7d:13:4b:78:56:f3:2c:db:6f:3f:e8:52:2a:9a:f1:90:d6:98:60:bc:1a:88:b5:9b:3f:45:88:ad:dd:2b:eb:c4:b0:29:fa:f7:8a:31:ef:2b:a7:12:a0:59:cb:99:1c:a4:67:4b:05:74:08:fd:48:fe:8d:b2:39:57:43:32:dc:1a:b3:ce:54:fd:cb:e3:86:06:52:2a:3f:ea:3c:49:20:29:6c:c5:1c:24:2f:70:52:7e:ff:dd:26:6d:29:de:1b:e9:3d:66:d2:f8:a9:63:e7:4e:ca:13:97:82:56:81:66:eb:b0:e2:b0:20:26:fa:1e:c9:ab:0d:2d:3d:81:ad:ed:de:16:b9:24:d1:c0:bd:4b:69:98:87:01:c1:66:3d:04:d6:ac:31:9c:8c:e7:2c:d4:df:1e:49:19:16:32:eb:1e:25:d9:00:49:09:4c:ea:82:cd:72:e1:2c:a8:17:55:36:7b:cb:d4:c6:cf:27:bd:b8:f4:fa:8c:3f:12:bd:2a:f7:f4:4c:1f:e8:10:75:28:7c:ff:4f:b4:72:41:8a:45:22:31:b0:12:18:3c:f5:4a:1a:66:7b:ab:ec:b3:f4:33:8e:f6:69:7f:51:e6:c9:80:d5:b4:7f:e7:50:7a:86:d3:e2:c7:c3:3e:83:91:a9:89:98:5e:b6:26:fc:ac:32:a9:b5:74:92:05:40:df:6c:a0:30:74:3d:4b:6f:35:97:1b:6e:d4:89:c5:ea:40:7e:35:4d:07:ff:65:50:8b:4a:90:fb:5e:4a:f9:14:aa:73:4b:74:78:03:93:2f:c1:d1:a0:74:87:df:88:4a:96:97:fc:b4:00:aa:9f:47:39:28:8d:44:4d:7a:48:f0:02:dd:27:35:4c:1e:4b:73:94:f7:68:bf:62:a1:8a:f0:a3:30:9f:66:d6:50:d8:aa:86:89:4b:6f:6b:81:13:b2:0b:99:56:c2:9c:1a:a7:ac:7c:af:ec:53:e1:37:57:43:61:74:6e:d7:3f:32:33:29:65:78:8a:d7:42:43:7b:25:27:1b:ee:ca:59:d6:c7:7d:bf:46:b1:bf:ba:bc:8c:36:64:32:25:72:0a:57:29:46:a1:15:8c:96:19:a1:8b:ea:f3:5b:7b:24:1b:c4:8c:d7:77:c9:84:d7:91:e9:12:25:a8:9e:9c:b5:71:04:47:e1:76:02:e6:0e:25:1e:e2:94:fd:9a:f4:e0:85:79:1e:ce:1c:12:63:3c:fb:e0:45:d8:8c:91:c2:af:80:77:e1:4d:91:1b:d7:d0:a2:7b:e8:3a:0d:57:e9:dd:c2:5f:b8:f5:f5:09:eb:b6:72:48:d1:ee:a4:4f:78:6d:ee:59:dc:b7:6c:fe:8a:96:a7:83:a4:c0:7c:fc:58:ff:06:76:9a:6e:6e:13:28:41:8b:65:40:50:44:7d:50:a9:ba:9b:0a:08:ae:ba:42:7d:2c:a0:75:13:92:17:df:36:01:9b:16:c5:e6:80:78:95:d2:a9:5e:e1:37:25:ff:dd:e6:2b:7a:18:d4:79:9a:8d:aa:92:6e:23:66:17:81:f2:c3:11:6a:d9:62:67:72:45:f9:f5:b1:29:5e:74:9e:4a:76:5f:d8:ca:4d:dc:4b:3a:1f:bd:db:54:29:a5:a7:84:fd:c7:3e:88:3d:9e:0c:9a:ee:2f:91:9b:50:53:71:cf:76:8e:8c:a2:4d:77:0b:56:e5:ce:7e:a5:10:0a:cc:c7:2f:1d:3c:18:09:e0:ee:70:7b:cc:15:85:b4:19:55:d8:c9:f2:c8:a3:b9:6e:ed:fe:99:bb:da:9e:db:94:f2:74:a8:91:63:cb:6b:6d:3e:02:ce:89:10:b2:ef:da:01:e0:85:9f:c8:d5:b2:e5:25:86:47:74:d6:96:dd:75:ef:25:23:a8:fa:d9:0d:41:4e:72:e5:ac:c0:6d:01:0c:2e:28:a4:43:ac:ec:da:fe:58:19:24:35:60:09:3b:8a:2b:7e:46:fe:67:36:9f:40:3e:dc:31:8a:75:42:5b:2d:74:0f:a5:d0:14:38:72:6f:13:ed:07:56:28:55:36:5e:cb:9b:fe:7d:31:ed:fc:65:8b:cc:fa:45:aa:5d:c6:5e:a4:ed:70:32:81:3a:ab:56:8b:35:56:9f:70:8e:40:4f:b0:18:9a:39:d6:0c:33:b5:a2:38:1e:bd:18:69:79:fc:15:32:68:2e:6b:c9:72:40:dc:0b:c2:b3:5f:90:85:dd:1c:a7:45:40:7b:03:72:00:94:96:49:36:2c:98:7a:c9:a3:87:7b:86:fc:2c:94:71:df:03:17:8b:42:76:c7:12:c5:c2:7a:e5:8d:02:ad:b2:fa:96:4a:4b:dc:6a:9b:68:c7:40:af:c8:62:8d:20:5e:03:ec:2f:22:7a:4a:33:fa:b9:ad:76:2b:eb:63:83:cf:dd:1c:db:5e:59:97:96:f9:21:eb:40:5e:e8:0d:3b:3e:20:38:f8:b5:23:ac:5b:ca:4e:47:ea:f1:86:88:a1:38:19:31:eb:e2:60:fb:f7:80:be" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:05.190550000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493685.190550000", + "frame.time_delta": "0.100507000", + "frame.time_delta_displayed": "0.100507000", + "frame.time_relative": "93.729864000", + "frame.number": "241", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002bf4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000398b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "395", + "tcp.ack": "3678", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006c4c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9b:56:de:00:24:d5:7e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2811975390, TSecr 2413950": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2811975390", + "tcp.options.timestamp.tsecr": "2413950" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "240", + "tcp.analysis.ack_rtt": "0.100507000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:06.083765000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493686.083765000", + "frame.time_delta": "0.893215000", + "frame.time_delta_displayed": "0.893215000", + "frame.time_relative": "94.623079000", + "frame.number": "242", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005ae7", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005d02", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:07.150303000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493687.150303000", + "frame.time_delta": "1.066538000", + "frame.time_delta_displayed": "1.066538000", + "frame.time_relative": "95.689617000", + "frame.number": "243", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x000047cb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000818c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:07.203151000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493687.203151000", + "frame.time_delta": "0.052848000", + "frame.time_delta_displayed": "0.052848000", + "frame.time_relative": "95.742465000", + "frame.number": "244", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x000047d1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008186", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:07.255990000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493687.255990000", + "frame.time_delta": "0.052839000", + "frame.time_delta_displayed": "0.052839000", + "frame.time_relative": "95.795304000", + "frame.number": "245", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x000047d5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008179", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:07.308800000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493687.308800000", + "frame.time_delta": "0.052810000", + "frame.time_delta_displayed": "0.052810000", + "frame.time_relative": "95.848114000", + "frame.number": "246", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x000047d8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008176", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:07.361707000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493687.361707000", + "frame.time_delta": "0.052907000", + "frame.time_delta_displayed": "0.052907000", + "frame.time_relative": "95.901021000", + "frame.number": "247", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x000047dd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008177", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:07.414627000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493687.414627000", + "frame.time_delta": "0.052920000", + "frame.time_delta_displayed": "0.052920000", + "frame.time_relative": "95.953941000", + "frame.number": "248", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x000047de", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008176", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:08.531673000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493688.531673000", + "frame.time_delta": "1.117046000", + "frame.time_delta_displayed": "1.117046000", + "frame.time_relative": "97.070987000", + "frame.number": "249", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001cd9", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bb17", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1315", + "udp.dstport": "5353", + "udp.port": "1315", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x000012a2", + "udp.checksum.status": "2", + "udp.stream": "5" + }, + "mdns": { + "dns.id": "0x0000025b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=603", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=58873" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:08.532473000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493688.532473000", + "frame.time_delta": "0.000800000", + "frame.time_delta_displayed": "0.000800000", + "frame.time_relative": "97.071787000", + "frame.number": "250", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001cda", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009c12", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1315", + "udp.dstport": "5353", + "udp.port": "1315", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f39d", + "udp.checksum.status": "2", + "udp.stream": "6" + }, + "mdns": { + "dns.id": "0x0000025b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=603", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=58873" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:08.532897000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493688.532897000", + "frame.time_delta": "0.000424000", + "frame.time_delta_displayed": "0.000424000", + "frame.time_relative": "97.072211000", + "frame.number": "251", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1316", + "udp.dstport": "5353", + "udp.port": "1316", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008163", + "udp.checksum.status": "2", + "udp.stream": "7" + }, + "mdns": { + "dns.id": "0x0000025b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=603", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=58873" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:09.281174000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493689.281174000", + "frame.time_delta": "0.748277000", + "frame.time_delta_displayed": "0.748277000", + "frame.time_relative": "97.820488000", + "frame.number": "252", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:09.281570000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493689.281570000", + "frame.time_delta": "0.000396000", + "frame.time_delta_displayed": "0.000396000", + "frame.time_relative": "97.820884000", + "frame.number": "253", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:10.217254000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493690.217254000", + "frame.time_delta": "0.935684000", + "frame.time_delta_displayed": "0.935684000", + "frame.time_relative": "98.756568000", + "frame.number": "254", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00000a83", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ee33", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "58", + "udp.checksum": "0x000048bd", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "32:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:44:81:c5:49:83:cc:f2:14:0d:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:5c:11", + "data.len": "50" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:19.428308000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493699.428308000", + "frame.time_delta": "9.211054000", + "frame.time_delta_displayed": "9.211054000", + "frame.time_relative": "107.967622000", + "frame.number": "255", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x000094f7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007857", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "3678", + "tcp.nxtseq": "3727", + "tcp.ack": "395", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005cb3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:db:18:a7:9b:56:de", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2415384, TSecr 2811975390": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2415384", + "tcp.options.timestamp.tsecr": "2811975390" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:9c:96:9c:51:4b:d1:2e:48:46:23:3a:fc:66:3a:c2:e2:8c:9d:2c:5c:f8:e3:f9:32:f5:a7:ae:6c:14:f7:cc:e1:93:3a:c1:40:24" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:19.488599000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493699.488599000", + "frame.time_delta": "0.060291000", + "frame.time_delta_displayed": "0.060291000", + "frame.time_relative": "108.027913000", + "frame.number": "256", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002bf5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000398a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "395", + "tcp.ack": "3727", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000588b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9b:64:d4:00:24:db:18", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2811978964, TSecr 2415384": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2811978964", + "tcp.options.timestamp.tsecr": "2415384" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "255", + "tcp.analysis.ack_rtt": "0.060291000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:19.489103000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493699.489103000", + "frame.time_delta": "0.000504000", + "frame.time_delta_displayed": "0.000504000", + "frame.time_relative": "108.028417000", + "frame.number": "257", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002bf6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003952", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "395", + "tcp.nxtseq": "450", + "tcp.ack": "3727", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003223", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9b:64:d4:00:24:db:18", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2811978964, TSecr 2415384": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2811978964", + "tcp.options.timestamp.tsecr": "2415384" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:32:fa:bb:8a:08:61:c4:a6:26:5a:a8:a1:ff:d5:2d:e4:f0:ab:a2:22:95:74:6e:2e:1b:80:3f:10:ab:c6:81:f6:41:fc:02:66:6c:7d:22:fc:77:89:8b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:19.489535000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493699.489535000", + "frame.time_delta": "0.000432000", + "frame.time_delta_displayed": "0.000432000", + "frame.time_relative": "108.028849000", + "frame.number": "258", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000094f8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007887", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "3727", + "tcp.ack": "450", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000575f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:db:1e:a7:9b:64:d4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2415390, TSecr 2811978964": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2415390", + "tcp.options.timestamp.tsecr": "2811978964" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "257", + "tcp.analysis.ack_rtt": "0.000432000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:28.852420000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493708.852420000", + "frame.time_delta": "9.362885000", + "frame.time_delta_displayed": "9.362885000", + "frame.time_relative": "117.391734000", + "frame.number": "259", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:34.341163000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493714.341163000", + "frame.time_delta": "5.488743000", + "frame.time_delta_displayed": "5.488743000", + "frame.time_relative": "122.880477000", + "frame.number": "260", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057d3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6be", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "41", + "tcp.ack": "37", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000673", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:34.484610000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493714.484610000", + "frame.time_delta": "0.143447000", + "frame.time_delta_displayed": "0.143447000", + "frame.time_relative": "123.023924000", + "frame.number": "261", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fc5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdcc", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "37", + "tcp.ack": "42", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000010e8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:36.085662000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493716.085662000", + "frame.time_delta": "1.601052000", + "frame.time_delta_displayed": "1.601052000", + "frame.time_relative": "124.624976000", + "frame.number": "262", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005aee", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005cfb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:37.817664000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493717.817664000", + "frame.time_delta": "1.732002000", + "frame.time_delta_displayed": "1.732002000", + "frame.time_relative": "126.356978000", + "frame.number": "263", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:38.043531000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493718.043531000", + "frame.time_delta": "0.225867000", + "frame.time_delta_displayed": "0.225867000", + "frame.time_relative": "126.582845000", + "frame.number": "264", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:38.084466000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493718.084466000", + "frame.time_delta": "0.040935000", + "frame.time_delta_displayed": "0.040935000", + "frame.time_relative": "126.623780000", + "frame.number": "265", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:38.105159000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493718.105159000", + "frame.time_delta": "0.020693000", + "frame.time_delta_displayed": "0.020693000", + "frame.time_relative": "126.644473000", + "frame.number": "266", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:38.142983000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493718.142983000", + "frame.time_delta": "0.037824000", + "frame.time_delta_displayed": "0.037824000", + "frame.time_relative": "126.682297000", + "frame.number": "267", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:39.490154000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493719.490154000", + "frame.time_delta": "1.347171000", + "frame.time_delta_displayed": "1.347171000", + "frame.time_relative": "128.029468000", + "frame.number": "268", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:39.490558000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493719.490558000", + "frame.time_delta": "0.000404000", + "frame.time_delta_displayed": "0.000404000", + "frame.time_relative": "128.029872000", + "frame.number": "269", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:43.211745000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493723.211745000", + "frame.time_delta": "3.721187000", + "frame.time_delta_displayed": "3.721187000", + "frame.time_relative": "131.751059000", + "frame.number": "270", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:45.553546000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493725.553546000", + "frame.time_delta": "2.341801000", + "frame.time_delta_displayed": "2.341801000", + "frame.time_relative": "134.092860000", + "frame.number": "271", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ce0", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bb10", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000da8", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000025c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=604", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:45.554140000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493725.554140000", + "frame.time_delta": "0.000594000", + "frame.time_delta_displayed": "0.000594000", + "frame.time_relative": "134.093454000", + "frame.number": "272", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ce1", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009c0b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000eea3", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000025c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=604", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:45.554691000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493725.554691000", + "frame.time_delta": "0.000551000", + "frame.time_delta_displayed": "0.000551000", + "frame.time_relative": "134.094005000", + "frame.number": "273", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007c69", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000025c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=604", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:50.508869000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493730.508869000", + "frame.time_delta": "4.954178000", + "frame.time_delta_displayed": "4.954178000", + "frame.time_relative": "139.048183000", + "frame.number": "274", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x000094f9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007855", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "3727", + "tcp.nxtseq": "3776", + "tcp.ack": "450", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f00d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:e7:3c:a7:9b:64:d4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2418492, TSecr 2811978964": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2418492", + "tcp.options.timestamp.tsecr": "2811978964" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:9d:7a:de:b2:09:da:43:61:53:a5:b9:8d:0d:dd:de:32:ff:da:dd:1e:b9:36:b6:87:1c:5e:22:a5:43:bc:22:01:4a:e2:e4:d3:75" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:50.554014000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493730.554014000", + "frame.time_delta": "0.045145000", + "frame.time_delta_displayed": "0.045145000", + "frame.time_relative": "139.093328000", + "frame.number": "275", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ce2", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bb0e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000da8", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000025c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=604", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:50.554572000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493730.554572000", + "frame.time_delta": "0.000558000", + "frame.time_delta_displayed": "0.000558000", + "frame.time_relative": "139.093886000", + "frame.number": "276", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ce3", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009c09", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000eea3", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000025c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=604", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:50.555146000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493730.555146000", + "frame.time_delta": "0.000574000", + "frame.time_delta_displayed": "0.000574000", + "frame.time_relative": "139.094460000", + "frame.number": "277", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007c69", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000025c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=604", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:50.569933000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493730.569933000", + "frame.time_delta": "0.014787000", + "frame.time_delta_displayed": "0.014787000", + "frame.time_relative": "139.109247000", + "frame.number": "278", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002bf7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003951", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "450", + "tcp.nxtseq": "505", + "tcp.ack": "3776", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003310", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9b:83:2e:00:24:e7:3c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2811986734, TSecr 2418492": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2811986734", + "tcp.options.timestamp.tsecr": "2418492" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "274", + "tcp.analysis.ack_rtt": "0.061064000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:33:b7:ac:75:4f:f9:6d:13:07:e9:c0:73:26:ad:85:57:04:ac:e9:8b:aa:67:30:64:5f:45:d9:6d:7d:55:0d:ac:92:9a:bf:32:f0:2e:bc:62:6d:e1:77" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:50.570438000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493730.570438000", + "frame.time_delta": "0.000505000", + "frame.time_delta_displayed": "0.000505000", + "frame.time_relative": "139.109752000", + "frame.number": "279", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000094fa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007885", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "3776", + "tcp.ack": "505", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002c79", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:e7:42:a7:9b:83:2e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2418498, TSecr 2811986734": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2418498", + "tcp.options.timestamp.tsecr": "2811986734" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "278", + "tcp.analysis.ack_rtt": "0.000505000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:50.644308000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493730.644308000", + "frame.time_delta": "0.073870000", + "frame.time_delta_displayed": "0.073870000", + "frame.time_relative": "139.183622000", + "frame.number": "280", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000082ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000360e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52151", + "udp.dstport": "53", + "udp.port": "52151", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000ea7d", + "udp.checksum.status": "2", + "udp.stream": "19" + }, + "dns": { + "dns.id": "0x00000f08", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.106932000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.106932000", + "frame.time_delta": "0.462624000", + "frame.time_delta_displayed": "0.462624000", + "frame.time_relative": "139.646246000", + "frame.number": "281", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x00007594", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000042ec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "52151", + "udp.port": "53", + "udp.port": "52151", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "19" + }, + "dns": { + "dns.response_to": "280", + "dns.time": "0.462624000", + "dns.id": "0x00000f08", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3600", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.107840000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.107840000", + "frame.time_delta": "0.000908000", + "frame.time_delta_displayed": "0.000908000", + "frame.time_relative": "139.647154000", + "frame.number": "282", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000082cc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000035ee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "37265", + "udp.dstport": "53", + "udp.port": "37265", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00003fa3", + "udp.checksum.status": "2", + "udp.stream": "20" + }, + "dns": { + "dns.id": "0x00000f09", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.108291000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.108291000", + "frame.time_delta": "0.000451000", + "frame.time_delta_displayed": "0.000451000", + "frame.time_relative": "139.647605000", + "frame.number": "283", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00007595", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004315", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "37265", + "udp.port": "53", + "udp.port": "37265", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "20" + }, + "dns": { + "dns.response_to": "282", + "dns.time": "0.000451000", + "dns.id": "0x00000f09", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "46", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.109099000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.109099000", + "frame.time_delta": "0.000808000", + "frame.time_delta_displayed": "0.000808000", + "frame.time_relative": "139.648413000", + "frame.number": "284", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00005d77", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d858", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35286", + "tcp.dstport": "80", + "tcp.port": "35286", + "tcp.port": "80", + "tcp.stream": "10", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000082f4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.244593000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.244593000", + "frame.time_delta": "0.135494000", + "frame.time_delta_displayed": "0.135494000", + "frame.time_relative": "139.783907000", + "frame.number": "285", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x0000d6cf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000b403", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35286", + "tcp.port": "80", + "tcp.port": "35286", + "tcp.stream": "10", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x00008114", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "284", + "tcp.analysis.ack_rtt": "0.135494000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.245148000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.245148000", + "frame.time_delta": "0.000555000", + "frame.time_delta_displayed": "0.000555000", + "frame.time_relative": "139.784462000", + "frame.number": "286", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005d78", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d863", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35286", + "tcp.dstport": "80", + "tcp.port": "35286", + "tcp.port": "80", + "tcp.stream": "10", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00004aa3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "285", + "tcp.analysis.ack_rtt": "0.000555000", + "tcp.analysis.initial_rtt": "0.136049000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.245161000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.245161000", + "frame.time_delta": "0.000013000", + "frame.time_delta_displayed": "0.000013000", + "frame.time_relative": "139.784475000", + "frame.number": "287", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x00005d79", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d60a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35286", + "tcp.dstport": "80", + "tcp.port": "35286", + "tcp.port": "80", + "tcp.stream": "10", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000021e4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136049000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:37:36:22:2c:20:4e:6f:6e:63:65:3d:22:45:51:52:32:64:61:4f:62:33:78:47:35:49:4e:55:49:6e:30:76:43:47:41:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:66:78:67:38:61:75:38:44:5a:4e:72:78:63:43:49:34:41:61:52:32:4f:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.381729000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.381729000", + "frame.time_delta": "0.136568000", + "frame.time_delta_displayed": "0.136568000", + "frame.time_relative": "139.921043000", + "frame.number": "288", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001087", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00007a54", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35286", + "tcp.port": "80", + "tcp.port": "35286", + "tcp.stream": "10", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000a7d7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "287", + "tcp.analysis.ack_rtt": "0.136568000", + "tcp.analysis.initial_rtt": "0.136049000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.382367000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.382367000", + "frame.time_delta": "0.000638000", + "frame.time_delta_displayed": "0.000638000", + "frame.time_relative": "139.921681000", + "frame.number": "289", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x00005d7a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d381", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35286", + "tcp.dstport": "80", + "tcp.port": "35286", + "tcp.port": "80", + "tcp.stream": "10", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00002472", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136049000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "f8:23:49:33:2b:14:dd:ad:92:ab:30:c6:42:0a:9d:11:d5:5f:ae:20:07:c1:76:6c:63:44:31:a9:4f:88:50:6d:5f:bd:6f:3c:c5:30:22:78:cd:3a:3e:ca:f3:89:3c:8a:3b:30:a0:6f:b8:3e:58:ae:7b:61:3d:88:79:3b:dc:03:28:b4:3d:d0:aa:89:ed:a9:86:fe:4b:9a:00:c2:ec:aa:29:dd:82:41:6f:4d:64:7a:1c:86:29:3f:8a:72:5a:2e:9d:e1:a6:d3:c4:73:c8:36:fa:23:9e:ef:10:fd:59:b7:c6:95:5a:1d:18:c4:68:d1:b9:7b:eb:c3:90:78:ae:51:ff:9d:a4:19:48:21:10:99:66:56:08:59:09:19:d9:b8:75:16:89:d9:c6:9f:d9:8e:9d:12:bb:e8:e6:ef:06:0b:a9:c7:12:be:53:24:1a:ff:61:df:1a:d5:c4:9c:09:17:eb:dd:33:45:64:0f:ef:85:ed:44:9a:88:94:7d:a4:54:6f:d0:df:b6:47:3b:ba:98:69:96:13:2f:3f:56:95:bf:db:b6:d5:58:0c:8f:83:e8:5b:2c:d7:68:1a:81:03:e2:e2:bf:b9:00:f7:44:a1:9c:fe:90:1e:42:75:9c:68:48:b8:08:94:20:12:0f:9f:0f:07:89:b9:69:80:69:3f:93:6e:28:d8:09:0e:d5:a5:54:f9:7c:95:19:bd:5e:b6:62:43:53:52:e8:b3:8d:72:f9:aa:e3:7c:20:37:a6:36:aa:97:f6:ab:a9:90:7e:a8:cf:4f:8e:2b:7f:73:5f:a3:6d:fb:c3:02:e3:13:48:05:d6:56:6e:19:df:f9:3e:88:6a:58:4f:81:0b:5b:0e:64:2f:25:65:5a:85:c9:4a:35:64:d0:49:3b:ee:2e:68:ff:55:d1:a1:77:b1:c8:40:92:d1:07:1b:92:7a:ea:15:40:1a:0e:14:ab:2a:88:c2:a1:65:10:69:24:c9:12:7e:2c:ec:07:da:d0:9f:0c:54:5e:d8:f8:df:00:2e:b3:d9:6b:72:9e:be:0e:ca:53:9b:0e:0e:0d:ea:4f:ec:d3:9b:3e:92:44:9a:cc:eb:b9:d3:5b:b8:6f:15:dd:d1:82:05:45:fc:f3:1b:e4:a7:b6:b6:c9:f8:e6:e7:4e:56:0a:7f:b7:fb:2e:2d:39:c6:f6:44:1d:24:3e:3c:18:b5:6a:2c:66:fc:42:34:69:b7:cc:40:b7:28:75:ef:1a:66:91:b4:6e:79:81:d4:c1:b1:b7:8f:97:28:8b:9f:e9:1f:4b:e8:84:5f:8f:4d:b0:a3:2a:e6:3f:ee:87:64:4c:0f:fc:3b:26:ba:d1:bc:d6:e1:7d:7d:05:e1:31:a9:b0:eb:52:c1:6a:e3:af:4f:46:90:e1:27:73:e3:f1:3f:78:88:61:da:31:e9:7a:3f:4e:22:ce:c9:97:27:0c:33:2b:5b:88:e1:c5:57:bc:0f:af:35:52:01:0e:91:f4:46:e1:76:98:67:c9:ba:4c:f9:41:73:48:09:74:5a:3a:cd:e6:98:cb:a2:48:c9:2e:30:e4:b0:b5:cb:17:76:be:6c:cf:18:af:a4:c7:70:b0:c1:87:06:14:33:68:d1:9c:7a:db:ca:75:95:b1:0f:b4:f6:8b:ce:56:62:81:33:6b:dd:13:df:33:a1:d8:58:b7:eb:9d:31:2b:39:4e:25:7c:7d:27:e5:82:52:ee:95:01:51:fe:e9:e3:8f:fa:8b:e7:27:4c:b8:f1:98:8e:06:32:be:e4:e6:0f:6a:40:e6:e7:0b:8b:0e:28:8c:ed:99:e4:bc:18:b6:17:10:ff:2a:56:92:ad:7c:35:4c:58:fa:a7:5e:9b:43:fd:f6:63:83:4e:33:41:02:df:39:2f:05:c2:13:08:58:6f:89:95:7c:4a:81:e7:ac:8a:4c:ff:f7:16:a2:b2:d3:6d:6c:eb:da:b3:db:81:9f:3b:74:59:7d:6c:c9:f6:e1:3a:e2:26:c2:6e:c1:f0:c0:5e:da:0b:2a:51:6c:0f:53:bc:fd:32:83:f2:19:8e:97:37:a3:be:1c:f8:92:82:ce:51:7a:27:a1:c6:1e:4c:b5:81:76:27:75:44:ba:7a:ae:a0:c1:90:03:d7:05:43:b7:f8:99:6b:fd:5d:87:f2:79:6d:a2:9f:4e:5d:31:f5:97:bf:6b:b4:47:53:43:92:ee:b2:73:2f:4c:64:c0:c6:51:d4:42:f6:a0:e7:c8:b2:9c:c4:18:2f:c6:e6:0b:2a:eb:6b:4b:4f:42:6e:45:2a:7d:a2:2c:45:e8:df:30:fa:78:81:ba:aa:52:06:1f:5d:d9:51:d4:8c:2d:84:a8:d7:82:e4:a3:63:44:63:d7:c2:14:2b:d7:7e:f1:3d:37:3b:9b:78:04:2c:be:fa:1c:59:81:03:df:f3:97:7d:cc:63:95:22:92:f6:f1:f1:bf:b3:6a:83:f8:01:92:58:a5:e0:42:19:fc:85:38:df:66:e3:d3:45:8b:9e:0f:36:17:04:f1:ad:1d:c9:21:fb:df:41:d9:82:3b:f5:d3:77:56:f5:33:c6:ac:27:07:bd:fc:3b:d5:4c:19:be:81:24:c4:09:10:18:82:bb:c3:e3:b8:9b:28:bf:49:6f:24:7b:b9:31:d0:59:1a:a2:93:5f:e3:ce:08:b7:9d:82:2b:3f:32:cc:3f:5a:2e:f9:a0:74:bf:e0:02:06:6f:d5:b3:90:97:21:9d:7e:36:96:45:0e:06:a4:57:e0:9b:49:d4:8b:fd:04:b4:4c:d3:fd:57:c3:d4:66:16:ec:c1:29:7a:87:e0:b6:aa:23:2d:8b:39:6a:d5:34:5e:d6:25:e7:0e:f5:fe:10:19:4e:e2:f0:fa:98:88:10:83:e0:87:cf:7a:ae:33:ed:1a:45:13:cd:67:0b:de:98:b4:5a:84:f1:a4:a9:c6:73:27:3d:05:73:64:10:21:75:36:c5:34:5c:44:68:cd:f6:dc:27:cf:89:39:ba:36:3a:9e:71:dc:a6:02:bd:9c:93:36:69:fe:d0:b4:af:d3:dc:dd:9a:1a:93:85:06:99:ed:df:f6:86:25:80:de:d3:0f:d8:8f:ec:0e:03:eb:51:48:c9:cd:00:2b:4e:12:c7:52:bc:d9:ee:da:02:13:33:64:a5:26:52:2f:f3:40:32:bc:7d:e1:f7:33:66:21:47:a1:92:5c:33:b8:71:3f:8d:05:20:53:54:51:6a:24:b1:e3:83:88:58:bb:7f:99:7a:39:bf:88:14:72:e5:62:1f:33:b6:f2:f4:55:76:3b:2e:91:cf:c2:33:a5:5f" + }, + "tcp.segments": { + "tcp.segment": "287", + "tcp.segment": "289", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:37:36:22:2c:20:4e:6f:6e:63:65:3d:22:45:51:52:32:64:61:4f:62:33:78:47:35:49:4e:55:49:6e:30:76:43:47:41:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:66:78:67:38:61:75:38:44:5a:4e:72:78:63:43:49:34:41:61:52:32:4f:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:f8:23:49:33:2b:14:dd:ad:92:ab:30:c6:42:0a:9d:11:d5:5f:ae:20:07:c1:76:6c:63:44:31:a9:4f:88:50:6d:5f:bd:6f:3c:c5:30:22:78:cd:3a:3e:ca:f3:89:3c:8a:3b:30:a0:6f:b8:3e:58:ae:7b:61:3d:88:79:3b:dc:03:28:b4:3d:d0:aa:89:ed:a9:86:fe:4b:9a:00:c2:ec:aa:29:dd:82:41:6f:4d:64:7a:1c:86:29:3f:8a:72:5a:2e:9d:e1:a6:d3:c4:73:c8:36:fa:23:9e:ef:10:fd:59:b7:c6:95:5a:1d:18:c4:68:d1:b9:7b:eb:c3:90:78:ae:51:ff:9d:a4:19:48:21:10:99:66:56:08:59:09:19:d9:b8:75:16:89:d9:c6:9f:d9:8e:9d:12:bb:e8:e6:ef:06:0b:a9:c7:12:be:53:24:1a:ff:61:df:1a:d5:c4:9c:09:17:eb:dd:33:45:64:0f:ef:85:ed:44:9a:88:94:7d:a4:54:6f:d0:df:b6:47:3b:ba:98:69:96:13:2f:3f:56:95:bf:db:b6:d5:58:0c:8f:83:e8:5b:2c:d7:68:1a:81:03:e2:e2:bf:b9:00:f7:44:a1:9c:fe:90:1e:42:75:9c:68:48:b8:08:94:20:12:0f:9f:0f:07:89:b9:69:80:69:3f:93:6e:28:d8:09:0e:d5:a5:54:f9:7c:95:19:bd:5e:b6:62:43:53:52:e8:b3:8d:72:f9:aa:e3:7c:20:37:a6:36:aa:97:f6:ab:a9:90:7e:a8:cf:4f:8e:2b:7f:73:5f:a3:6d:fb:c3:02:e3:13:48:05:d6:56:6e:19:df:f9:3e:88:6a:58:4f:81:0b:5b:0e:64:2f:25:65:5a:85:c9:4a:35:64:d0:49:3b:ee:2e:68:ff:55:d1:a1:77:b1:c8:40:92:d1:07:1b:92:7a:ea:15:40:1a:0e:14:ab:2a:88:c2:a1:65:10:69:24:c9:12:7e:2c:ec:07:da:d0:9f:0c:54:5e:d8:f8:df:00:2e:b3:d9:6b:72:9e:be:0e:ca:53:9b:0e:0e:0d:ea:4f:ec:d3:9b:3e:92:44:9a:cc:eb:b9:d3:5b:b8:6f:15:dd:d1:82:05:45:fc:f3:1b:e4:a7:b6:b6:c9:f8:e6:e7:4e:56:0a:7f:b7:fb:2e:2d:39:c6:f6:44:1d:24:3e:3c:18:b5:6a:2c:66:fc:42:34:69:b7:cc:40:b7:28:75:ef:1a:66:91:b4:6e:79:81:d4:c1:b1:b7:8f:97:28:8b:9f:e9:1f:4b:e8:84:5f:8f:4d:b0:a3:2a:e6:3f:ee:87:64:4c:0f:fc:3b:26:ba:d1:bc:d6:e1:7d:7d:05:e1:31:a9:b0:eb:52:c1:6a:e3:af:4f:46:90:e1:27:73:e3:f1:3f:78:88:61:da:31:e9:7a:3f:4e:22:ce:c9:97:27:0c:33:2b:5b:88:e1:c5:57:bc:0f:af:35:52:01:0e:91:f4:46:e1:76:98:67:c9:ba:4c:f9:41:73:48:09:74:5a:3a:cd:e6:98:cb:a2:48:c9:2e:30:e4:b0:b5:cb:17:76:be:6c:cf:18:af:a4:c7:70:b0:c1:87:06:14:33:68:d1:9c:7a:db:ca:75:95:b1:0f:b4:f6:8b:ce:56:62:81:33:6b:dd:13:df:33:a1:d8:58:b7:eb:9d:31:2b:39:4e:25:7c:7d:27:e5:82:52:ee:95:01:51:fe:e9:e3:8f:fa:8b:e7:27:4c:b8:f1:98:8e:06:32:be:e4:e6:0f:6a:40:e6:e7:0b:8b:0e:28:8c:ed:99:e4:bc:18:b6:17:10:ff:2a:56:92:ad:7c:35:4c:58:fa:a7:5e:9b:43:fd:f6:63:83:4e:33:41:02:df:39:2f:05:c2:13:08:58:6f:89:95:7c:4a:81:e7:ac:8a:4c:ff:f7:16:a2:b2:d3:6d:6c:eb:da:b3:db:81:9f:3b:74:59:7d:6c:c9:f6:e1:3a:e2:26:c2:6e:c1:f0:c0:5e:da:0b:2a:51:6c:0f:53:bc:fd:32:83:f2:19:8e:97:37:a3:be:1c:f8:92:82:ce:51:7a:27:a1:c6:1e:4c:b5:81:76:27:75:44:ba:7a:ae:a0:c1:90:03:d7:05:43:b7:f8:99:6b:fd:5d:87:f2:79:6d:a2:9f:4e:5d:31:f5:97:bf:6b:b4:47:53:43:92:ee:b2:73:2f:4c:64:c0:c6:51:d4:42:f6:a0:e7:c8:b2:9c:c4:18:2f:c6:e6:0b:2a:eb:6b:4b:4f:42:6e:45:2a:7d:a2:2c:45:e8:df:30:fa:78:81:ba:aa:52:06:1f:5d:d9:51:d4:8c:2d:84:a8:d7:82:e4:a3:63:44:63:d7:c2:14:2b:d7:7e:f1:3d:37:3b:9b:78:04:2c:be:fa:1c:59:81:03:df:f3:97:7d:cc:63:95:22:92:f6:f1:f1:bf:b3:6a:83:f8:01:92:58:a5:e0:42:19:fc:85:38:df:66:e3:d3:45:8b:9e:0f:36:17:04:f1:ad:1d:c9:21:fb:df:41:d9:82:3b:f5:d3:77:56:f5:33:c6:ac:27:07:bd:fc:3b:d5:4c:19:be:81:24:c4:09:10:18:82:bb:c3:e3:b8:9b:28:bf:49:6f:24:7b:b9:31:d0:59:1a:a2:93:5f:e3:ce:08:b7:9d:82:2b:3f:32:cc:3f:5a:2e:f9:a0:74:bf:e0:02:06:6f:d5:b3:90:97:21:9d:7e:36:96:45:0e:06:a4:57:e0:9b:49:d4:8b:fd:04:b4:4c:d3:fd:57:c3:d4:66:16:ec:c1:29:7a:87:e0:b6:aa:23:2d:8b:39:6a:d5:34:5e:d6:25:e7:0e:f5:fe:10:19:4e:e2:f0:fa:98:88:10:83:e0:87:cf:7a:ae:33:ed:1a:45:13:cd:67:0b:de:98:b4:5a:84:f1:a4:a9:c6:73:27:3d:05:73:64:10:21:75:36:c5:34:5c:44:68:cd:f6:dc:27:cf:89:39:ba:36:3a:9e:71:dc:a6:02:bd:9c:93:36:69:fe:d0:b4:af:d3:dc:dd:9a:1a:93:85:06:99:ed:df:f6:86:25:80:de:d3:0f:d8:8f:ec:0e:03:eb:51:48:c9:cd:00:2b:4e:12:c7:52:bc:d9:ee:da:02:13:33:64:a5:26:52:2f:f3:40:32:bc:7d:e1:f7:33:66:21:47:a1:92:5c:33:b8:71:3f:8d:05:20:53:54:51:6a:24:b1:e3:83:88:58:bb:7f:99:7a:39:bf:88:14:72:e5:62:1f:33:b6:f2:f4:55:76:3b:2e:91:cf:c2:33:a5:5f" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"176\", Nonce=\"EQR2daOb3xG5INUIn0vCGA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"fxg8au8DZNrxcCI4AaR2Og==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"176\", Nonce=\"EQR2daOb3xG5INUIn0vCGA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"fxg8au8DZNrxcCI4AaR2Og==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "\u00ef\u00bf\u00bd#I3+\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd0\u00ef\u00bf\u00bdB\n\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bd_\u00ef\u00bf\u00bd \u0007\u00ef\u00bf\u00bdvlcD1\u00ef\u00bf\u00bdO\u00ef\u00bf\u00bdPm_\u00ef\u00bf\u00bdo<\u00ef\u00bf\u00bd0\"x\u00ef\u00bf\u00bd:>\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd<\u00ef\u00bf\u00bd;0\u00ef\u00bf\u00bdo\u00ef\u00bf\u00bd>X\u00ef\u00bf\u00bd{a=\u00ef\u00bf\u00bdy;\u00ef\u00bf\u00bd\u0003(\u00ef\u00bf\u00bd=\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdK\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "f8:23:49:33:2b:14:dd:ad:92:ab:30:c6:42:0a:9d:11:d5:5f:ae:20:07:c1:76:6c:63:44:31:a9:4f:88:50:6d:5f:bd:6f:3c:c5:30:22:78:cd:3a:3e:ca:f3:89:3c:8a:3b:30:a0:6f:b8:3e:58:ae:7b:61:3d:88:79:3b:dc:03:28:b4:3d:d0:aa:89:ed:a9:86:fe:4b:9a:00:c2:ec:aa:29:dd:82:41:6f:4d:64:7a:1c:86:29:3f:8a:72:5a:2e:9d:e1:a6:d3:c4:73:c8:36:fa:23:9e:ef:10:fd:59:b7:c6:95:5a:1d:18:c4:68:d1:b9:7b:eb:c3:90:78:ae:51:ff:9d:a4:19:48:21:10:99:66:56:08:59:09:19:d9:b8:75:16:89:d9:c6:9f:d9:8e:9d:12:bb:e8:e6:ef:06:0b:a9:c7:12:be:53:24:1a:ff:61:df:1a:d5:c4:9c:09:17:eb:dd:33:45:64:0f:ef:85:ed:44:9a:88:94:7d:a4:54:6f:d0:df:b6:47:3b:ba:98:69:96:13:2f:3f:56:95:bf:db:b6:d5:58:0c:8f:83:e8:5b:2c:d7:68:1a:81:03:e2:e2:bf:b9:00:f7:44:a1:9c:fe:90:1e:42:75:9c:68:48:b8:08:94:20:12:0f:9f:0f:07:89:b9:69:80:69:3f:93:6e:28:d8:09:0e:d5:a5:54:f9:7c:95:19:bd:5e:b6:62:43:53:52:e8:b3:8d:72:f9:aa:e3:7c:20:37:a6:36:aa:97:f6:ab:a9:90:7e:a8:cf:4f:8e:2b:7f:73:5f:a3:6d:fb:c3:02:e3:13:48:05:d6:56:6e:19:df:f9:3e:88:6a:58:4f:81:0b:5b:0e:64:2f:25:65:5a:85:c9:4a:35:64:d0:49:3b:ee:2e:68:ff:55:d1:a1:77:b1:c8:40:92:d1:07:1b:92:7a:ea:15:40:1a:0e:14:ab:2a:88:c2:a1:65:10:69:24:c9:12:7e:2c:ec:07:da:d0:9f:0c:54:5e:d8:f8:df:00:2e:b3:d9:6b:72:9e:be:0e:ca:53:9b:0e:0e:0d:ea:4f:ec:d3:9b:3e:92:44:9a:cc:eb:b9:d3:5b:b8:6f:15:dd:d1:82:05:45:fc:f3:1b:e4:a7:b6:b6:c9:f8:e6:e7:4e:56:0a:7f:b7:fb:2e:2d:39:c6:f6:44:1d:24:3e:3c:18:b5:6a:2c:66:fc:42:34:69:b7:cc:40:b7:28:75:ef:1a:66:91:b4:6e:79:81:d4:c1:b1:b7:8f:97:28:8b:9f:e9:1f:4b:e8:84:5f:8f:4d:b0:a3:2a:e6:3f:ee:87:64:4c:0f:fc:3b:26:ba:d1:bc:d6:e1:7d:7d:05:e1:31:a9:b0:eb:52:c1:6a:e3:af:4f:46:90:e1:27:73:e3:f1:3f:78:88:61:da:31:e9:7a:3f:4e:22:ce:c9:97:27:0c:33:2b:5b:88:e1:c5:57:bc:0f:af:35:52:01:0e:91:f4:46:e1:76:98:67:c9:ba:4c:f9:41:73:48:09:74:5a:3a:cd:e6:98:cb:a2:48:c9:2e:30:e4:b0:b5:cb:17:76:be:6c:cf:18:af:a4:c7:70:b0:c1:87:06:14:33:68:d1:9c:7a:db:ca:75:95:b1:0f:b4:f6:8b:ce:56:62:81:33:6b:dd:13:df:33:a1:d8:58:b7:eb:9d:31:2b:39:4e:25:7c:7d:27:e5:82:52:ee:95:01:51:fe:e9:e3:8f:fa:8b:e7:27:4c:b8:f1:98:8e:06:32:be:e4:e6:0f:6a:40:e6:e7:0b:8b:0e:28:8c:ed:99:e4:bc:18:b6:17:10:ff:2a:56:92:ad:7c:35:4c:58:fa:a7:5e:9b:43:fd:f6:63:83:4e:33:41:02:df:39:2f:05:c2:13:08:58:6f:89:95:7c:4a:81:e7:ac:8a:4c:ff:f7:16:a2:b2:d3:6d:6c:eb:da:b3:db:81:9f:3b:74:59:7d:6c:c9:f6:e1:3a:e2:26:c2:6e:c1:f0:c0:5e:da:0b:2a:51:6c:0f:53:bc:fd:32:83:f2:19:8e:97:37:a3:be:1c:f8:92:82:ce:51:7a:27:a1:c6:1e:4c:b5:81:76:27:75:44:ba:7a:ae:a0:c1:90:03:d7:05:43:b7:f8:99:6b:fd:5d:87:f2:79:6d:a2:9f:4e:5d:31:f5:97:bf:6b:b4:47:53:43:92:ee:b2:73:2f:4c:64:c0:c6:51:d4:42:f6:a0:e7:c8:b2:9c:c4:18:2f:c6:e6:0b:2a:eb:6b:4b:4f:42:6e:45:2a:7d:a2:2c:45:e8:df:30:fa:78:81:ba:aa:52:06:1f:5d:d9:51:d4:8c:2d:84:a8:d7:82:e4:a3:63:44:63:d7:c2:14:2b:d7:7e:f1:3d:37:3b:9b:78:04:2c:be:fa:1c:59:81:03:df:f3:97:7d:cc:63:95:22:92:f6:f1:f1:bf:b3:6a:83:f8:01:92:58:a5:e0:42:19:fc:85:38:df:66:e3:d3:45:8b:9e:0f:36:17:04:f1:ad:1d:c9:21:fb:df:41:d9:82:3b:f5:d3:77:56:f5:33:c6:ac:27:07:bd:fc:3b:d5:4c:19:be:81:24:c4:09:10:18:82:bb:c3:e3:b8:9b:28:bf:49:6f:24:7b:b9:31:d0:59:1a:a2:93:5f:e3:ce:08:b7:9d:82:2b:3f:32:cc:3f:5a:2e:f9:a0:74:bf:e0:02:06:6f:d5:b3:90:97:21:9d:7e:36:96:45:0e:06:a4:57:e0:9b:49:d4:8b:fd:04:b4:4c:d3:fd:57:c3:d4:66:16:ec:c1:29:7a:87:e0:b6:aa:23:2d:8b:39:6a:d5:34:5e:d6:25:e7:0e:f5:fe:10:19:4e:e2:f0:fa:98:88:10:83:e0:87:cf:7a:ae:33:ed:1a:45:13:cd:67:0b:de:98:b4:5a:84:f1:a4:a9:c6:73:27:3d:05:73:64:10:21:75:36:c5:34:5c:44:68:cd:f6:dc:27:cf:89:39:ba:36:3a:9e:71:dc:a6:02:bd:9c:93:36:69:fe:d0:b4:af:d3:dc:dd:9a:1a:93:85:06:99:ed:df:f6:86:25:80:de:d3:0f:d8:8f:ec:0e:03:eb:51:48:c9:cd:00:2b:4e:12:c7:52:bc:d9:ee:da:02:13:33:64:a5:26:52:2f:f3:40:32:bc:7d:e1:f7:33:66:21:47:a1:92:5c:33:b8:71:3f:8d:05:20:53:54:51:6a:24:b1:e3:83:88:58:bb:7f:99:7a:39:bf:88:14:72:e5:62:1f:33:b6:f2:f4:55:76:3b:2e:91:cf:c2:33:a5:5f" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.517981000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.517981000", + "frame.time_delta": "0.135614000", + "frame.time_delta_displayed": "0.135614000", + "frame.time_relative": "140.057295000", + "frame.number": "290", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000445d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000467e", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35286", + "tcp.port": "80", + "tcp.port": "35286", + "tcp.stream": "10", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00009e17", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "289", + "tcp.analysis.ack_rtt": "0.135614000", + "tcp.analysis.initial_rtt": "0.136049000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.521080000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.521080000", + "frame.time_delta": "0.003099000", + "frame.time_delta_displayed": "0.003099000", + "frame.time_relative": "140.060394000", + "frame.number": "291", + "frame.len": "1434", + "frame.cap_len": "1434", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1420", + "ip.id": "0x00004515", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00004062", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35286", + "tcp.port": "80", + "tcp.port": "35286", + "tcp.stream": "10", + "tcp.len": "1380", + "tcp.seq": "1", + "tcp.nxtseq": "1381", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00000a73", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136049000", + "tcp.analysis.bytes_in_flight": "1380", + "tcp.analysis.push_bytes_sent": "1380" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:34:30:31:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:70:72:69:76:61:74:65:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:74:65:78:74:2f:68:74:6d:6c:0d:0a:53:65:72:76:65:72:3a:20:4d:69:63:72:6f:73:6f:66:74:2d:49:49:53:2f:37:2e:35:0d:0a:57:57:57:2d:41:75:74:68:65:6e:74:69:63:61:74:65:3a:20:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:52:65:6e:65:77:4e:6f:6e:63:65:3d:22:54:72:75:65:22:2c:20:4e:6f:6e:63:65:3d:22:4a:73:6a:74:79:6b:4e:7a:52:66:43:35:49:4e:55:49:7a:52:72:69:4c:77:3d:3d:22:0d:0a:58:2d:41:73:70:4e:65:74:2d:56:65:72:73:69:6f:6e:3a:20:34:2e:30:2e:33:30:33:31:39:0d:0a:58:2d:50:6f:77:65:72:65:64:2d:42:79:3a:20:41:53:50:2e:4e:45:54:0d:0a:44:61:74:65:3a:20:54:75:65:2c:20:33:31:20:4f:63:74:20:32:30:31:37:20:32:33:3a:34:38:3a:35:31:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:39:33:0d:0a:0d:0a:3c:21:44:4f:43:54:59:50:45:20:68:74:6d:6c:20:50:55:42:4c:49:43:20:22:2d:2f:2f:57:33:43:2f:2f:44:54:44:20:58:48:54:4d:4c:20:31:2e:30:20:53:74:72:69:63:74:2f:2f:45:4e:22:20:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:54:52:2f:78:68:74:6d:6c:31:2f:44:54:44:2f:78:68:74:6d:6c:31:2d:73:74:72:69:63:74:2e:64:74:64:22:3e:0d:0a:3c:68:74:6d:6c:20:78:6d:6c:6e:73:3d:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:31:39:39:39:2f:78:68:74:6d:6c:22:3e:0d:0a:3c:68:65:61:64:3e:0d:0a:3c:6d:65:74:61:20:68:74:74:70:2d:65:71:75:69:76:3d:22:43:6f:6e:74:65:6e:74:2d:54:79:70:65:22:20:63:6f:6e:74:65:6e:74:3d:22:74:65:78:74:2f:68:74:6d:6c:3b:20:63:68:61:72:73:65:74:3d:69:73:6f:2d:38:38:35:39:2d:31:22:2f:3e:0d:0a:3c:74:69:74:6c:65:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:74:69:74:6c:65:3e:0d:0a:3c:73:74:79:6c:65:20:74:79:70:65:3d:22:74:65:78:74:2f:63:73:73:22:3e:0d:0a:3c:21:2d:2d:0d:0a:62:6f:64:79:7b:6d:61:72:67:69:6e:3a:30:3b:66:6f:6e:74:2d:73:69:7a:65:3a:2e:37:65:6d:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:56:65:72:64:61:6e:61:2c:20:41:72:69:61:6c:2c:20:48:65:6c:76:65:74:69:63:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:45:45:45:45:45:45:3b:7d:0d:0a:66:69:65:6c:64:73:65:74:7b:70:61:64:64:69:6e:67:3a:30:20:31:35:70:78:20:31:30:70:78:20:31:35:70:78:3b:7d:20:0d:0a:68:31:7b:66:6f:6e:74:2d:73:69:7a:65:3a:32:2e:34:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:7d:0d:0a:68:32:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:37:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:43:43:30:30:30:30:3b:7d:20:0d:0a:68:33:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:32:65:6d:3b:6d:61:72:67:69:6e:3a:31:30:70:78:20:30:20:30:20:30:3b:63:6f:6c:6f:72:3a:23:30:30:30:30:30:30:3b:7d:20:0d:0a:23:68:65:61:64:65:72:7b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:30:3b:70:61:64:64:69:6e:67:3a:36:70:78:20:32:25:20:36:70:78:20:32:25:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:22:74:72:65:62:75:63:68:65:74:20:4d:53:22:2c:20:56:65:72:64:61:6e:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:0d:0a:62:61:63:6b:67:72:6f:75:6e:64:2d:63:6f:6c:6f:72:3a:23:35:35:35:35:35:35:3b:7d:0d:0a:23:63:6f:6e:74:65:6e:74:7b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:32:25:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2e:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:7b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:46:46:46:3b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:2d:74:6f:70:3a:38:70:78:3b:70:61:64:64:69:6e:67:3a:31:30:70:78:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2d:2d:3e:0d:0a:3c:2f:73:74:79:6c:65:3e:0d:0a:3c:2f:68:65:61:64:3e:0d:0a:3c:62:6f:64:79:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:68:65:61:64:65:72:22:3e:3c:68:31:3e:53:65:72:76:65:72:20:45:72:72:6f:72:3c:2f:68:31:3e:3c:2f:64:69:76:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:63:6f:6e:74:65:6e:74:22:3e:0d:0a:20:3c:64:69:76:20:63:6c:61:73:73:3d:22:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:22:3e:3c:66:69:65:6c:64:73" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.521106000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.521106000", + "frame.time_delta": "0.000026000", + "frame.time_delta_displayed": "0.000026000", + "frame.time_relative": "140.060420000", + "frame.number": "292", + "frame.len": "134", + "frame.cap_len": "134", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "120", + "ip.id": "0x00004516", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00004575", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35286", + "tcp.port": "80", + "tcp.port": "35286", + "tcp.stream": "10", + "tcp.len": "80", + "tcp.seq": "1381", + "tcp.nxtseq": "1461", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000055f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136049000", + "tcp.analysis.bytes_in_flight": "1460", + "tcp.analysis.push_bytes_sent": "1460" + }, + "tcp.segment_data": "65:74:3e:0d:0a:20:20:3c:68:32:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:68:32:3e" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.521182000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.521182000", + "frame.time_delta": "0.000076000", + "frame.time_delta_displayed": "0.000076000", + "frame.time_relative": "140.060496000", + "frame.number": "293", + "frame.len": "213", + "frame.cap_len": "213", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "199", + "ip.id": "0x00004517", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00004525", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35286", + "tcp.port": "80", + "tcp.port": "35286", + "tcp.stream": "10", + "tcp.len": "159", + "tcp.seq": "1461", + "tcp.nxtseq": "1620", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003296", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136049000", + "tcp.analysis.bytes_in_flight": "1619", + "tcp.analysis.push_bytes_sent": "159" + }, + "tcp.segment_data": "0d:0a:20:20:3c:68:33:3e:59:6f:75:20:64:6f:20:6e:6f:74:20:68:61:76:65:20:70:65:72:6d:69:73:73:69:6f:6e:20:74:6f:20:76:69:65:77:20:74:68:69:73:20:64:69:72:65:63:74:6f:72:79:20:6f:72:20:70:61:67:65:20:75:73:69:6e:67:20:74:68:65:20:63:72:65:64:65:6e:74:69:61:6c:73:20:74:68:61:74:20:79:6f:75:20:73:75:70:70:6c:69:65:64:2e:3c:2f:68:33:3e:0d:0a:20:3c:2f:66:69:65:6c:64:73:65:74:3e:3c:2f:64:69:76:3e:0d:0a:3c:2f:64:69:76:3e:0d:0a:3c:2f:62:6f:64:79:3e:0d:0a:3c:2f:68:74:6d:6c:3e:0d:0a" + }, + "tcp.segments": { + "tcp.segment": "291", + "tcp.segment": "292", + "tcp.segment": "293", + "tcp.segment.count": "3", + "tcp.reassembled.length": "1619", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:34:30:31:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:70:72:69:76:61:74:65:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:74:65:78:74:2f:68:74:6d:6c:0d:0a:53:65:72:76:65:72:3a:20:4d:69:63:72:6f:73:6f:66:74:2d:49:49:53:2f:37:2e:35:0d:0a:57:57:57:2d:41:75:74:68:65:6e:74:69:63:61:74:65:3a:20:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:52:65:6e:65:77:4e:6f:6e:63:65:3d:22:54:72:75:65:22:2c:20:4e:6f:6e:63:65:3d:22:4a:73:6a:74:79:6b:4e:7a:52:66:43:35:49:4e:55:49:7a:52:72:69:4c:77:3d:3d:22:0d:0a:58:2d:41:73:70:4e:65:74:2d:56:65:72:73:69:6f:6e:3a:20:34:2e:30:2e:33:30:33:31:39:0d:0a:58:2d:50:6f:77:65:72:65:64:2d:42:79:3a:20:41:53:50:2e:4e:45:54:0d:0a:44:61:74:65:3a:20:54:75:65:2c:20:33:31:20:4f:63:74:20:32:30:31:37:20:32:33:3a:34:38:3a:35:31:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:39:33:0d:0a:0d:0a:3c:21:44:4f:43:54:59:50:45:20:68:74:6d:6c:20:50:55:42:4c:49:43:20:22:2d:2f:2f:57:33:43:2f:2f:44:54:44:20:58:48:54:4d:4c:20:31:2e:30:20:53:74:72:69:63:74:2f:2f:45:4e:22:20:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:54:52:2f:78:68:74:6d:6c:31:2f:44:54:44:2f:78:68:74:6d:6c:31:2d:73:74:72:69:63:74:2e:64:74:64:22:3e:0d:0a:3c:68:74:6d:6c:20:78:6d:6c:6e:73:3d:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:31:39:39:39:2f:78:68:74:6d:6c:22:3e:0d:0a:3c:68:65:61:64:3e:0d:0a:3c:6d:65:74:61:20:68:74:74:70:2d:65:71:75:69:76:3d:22:43:6f:6e:74:65:6e:74:2d:54:79:70:65:22:20:63:6f:6e:74:65:6e:74:3d:22:74:65:78:74:2f:68:74:6d:6c:3b:20:63:68:61:72:73:65:74:3d:69:73:6f:2d:38:38:35:39:2d:31:22:2f:3e:0d:0a:3c:74:69:74:6c:65:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:74:69:74:6c:65:3e:0d:0a:3c:73:74:79:6c:65:20:74:79:70:65:3d:22:74:65:78:74:2f:63:73:73:22:3e:0d:0a:3c:21:2d:2d:0d:0a:62:6f:64:79:7b:6d:61:72:67:69:6e:3a:30:3b:66:6f:6e:74:2d:73:69:7a:65:3a:2e:37:65:6d:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:56:65:72:64:61:6e:61:2c:20:41:72:69:61:6c:2c:20:48:65:6c:76:65:74:69:63:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:45:45:45:45:45:45:3b:7d:0d:0a:66:69:65:6c:64:73:65:74:7b:70:61:64:64:69:6e:67:3a:30:20:31:35:70:78:20:31:30:70:78:20:31:35:70:78:3b:7d:20:0d:0a:68:31:7b:66:6f:6e:74:2d:73:69:7a:65:3a:32:2e:34:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:7d:0d:0a:68:32:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:37:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:43:43:30:30:30:30:3b:7d:20:0d:0a:68:33:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:32:65:6d:3b:6d:61:72:67:69:6e:3a:31:30:70:78:20:30:20:30:20:30:3b:63:6f:6c:6f:72:3a:23:30:30:30:30:30:30:3b:7d:20:0d:0a:23:68:65:61:64:65:72:7b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:30:3b:70:61:64:64:69:6e:67:3a:36:70:78:20:32:25:20:36:70:78:20:32:25:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:22:74:72:65:62:75:63:68:65:74:20:4d:53:22:2c:20:56:65:72:64:61:6e:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:0d:0a:62:61:63:6b:67:72:6f:75:6e:64:2d:63:6f:6c:6f:72:3a:23:35:35:35:35:35:35:3b:7d:0d:0a:23:63:6f:6e:74:65:6e:74:7b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:32:25:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2e:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:7b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:46:46:46:3b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:2d:74:6f:70:3a:38:70:78:3b:70:61:64:64:69:6e:67:3a:31:30:70:78:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2d:2d:3e:0d:0a:3c:2f:73:74:79:6c:65:3e:0d:0a:3c:2f:68:65:61:64:3e:0d:0a:3c:62:6f:64:79:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:68:65:61:64:65:72:22:3e:3c:68:31:3e:53:65:72:76:65:72:20:45:72:72:6f:72:3c:2f:68:31:3e:3c:2f:64:69:76:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:63:6f:6e:74:65:6e:74:22:3e:0d:0a:20:3c:64:69:76:20:63:6c:61:73:73:3d:22:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:22:3e:3c:66:69:65:6c:64:73:65:74:3e:0d:0a:20:20:3c:68:32:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:68:32:3e:0d:0a:20:20:3c:68:33:3e:59:6f:75:20:64:6f:20:6e:6f:74:20:68:61:76:65:20:70:65:72:6d:69:73:73:69:6f:6e:20:74:6f:20:76:69:65:77:20:74:68:69:73:20:64:69:72:65:63:74:6f:72:79:20:6f:72:20:70:61:67:65:20:75:73:69:6e:67:20:74:68:65:20:63:72:65:64:65:6e:74:69:61:6c:73:20:74:68:61:74:20:79:6f:75:20:73:75:70:70:6c:69:65:64:2e:3c:2f:68:33:3e:0d:0a:20:3c:2f:66:69:65:6c:64:73:65:74:3e:3c:2f:64:69:76:3e:0d:0a:3c:2f:64:69:76:3e:0d:0a:3c:2f:62:6f:64:79:3e:0d:0a:3c:2f:68:74:6d:6c:3e:0d:0a" + }, + "http": { + "HTTP\/1.1 401 Unauthorized\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 401 Unauthorized\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "401", + "http.response.phrase": "Unauthorized" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_type": "text\/html", + "http.response.line": "Content-Type: text\/html\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Type=\"SSO\", RenewNonce=\"True\", Nonce=\"JsjtykNzRfC5INUIzRriLw==\"", + "http.response.line": "WWW-Authenticate: CBAuth Type=\"SSO\", RenewNonce=\"True\", Nonce=\"JsjtykNzRfC5INUIzRriLw==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Tue, 31 Oct 2017 23:48:51 GMT", + "http.response.line": "Date: Tue, 31 Oct 2017 23:48:51 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "http.content_length_header": "1293", + "http.content_length_header_tree": { + "http.content_length": "1293" + }, + "http.response.line": "Content-Length: 1293\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.138815000", + "http.request_in": "289", + "http.file_data": "\r\n\r\n\r\n\r\n401 - Unauthorized: Access is denied due to invalid credentials.<\/title>\r\n<style type=\"text\/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n<\/style>\r\n<\/head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error<\/h1><\/div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n <h2>401 - Unauthorized: Access is denied due to invalid credentials.<\/h2>\r\n <h3>You do not have permission to view this directory or page using the credentials that you supplied.<\/h3>\r\n <\/fieldset><\/div>\r\n<\/div>\r\n<\/body>\r\n<\/html>\r\n" + }, + "data-text-lines": { + "<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD XHTML 1.0 Strict\/\/EN\" \"http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-strict.dtd\">\\r\\n": "", + "<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\\r\\n": "", + "<head>\\r\\n": "", + "<meta http-equiv=\"Content-Type\" content=\"text\/html; charset=iso-8859-1\"\/>\\r\\n": "", + "<title>401 - Unauthorized: Access is denied due to invalid credentials.<\/title>\\r\\n": "", + "<style type=\"text\/css\">\\r\\n": "", + "<!--\\r\\n": "", + "body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\\r\\n": "", + "fieldset{padding:0 15px 10px 15px;} \\r\\n": "", + "h1{font-size:2.4em;margin:0;color:#FFF;}\\r\\n": "", + "h2{font-size:1.7em;margin:0;color:#CC0000;} \\r\\n": "", + "h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \\r\\n": "", + "#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\\r\\n": "", + "background-color:#555555;}\\r\\n": "", + "#content{margin:0 0 0 2%;position:relative;}\\r\\n": "", + ".content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\\r\\n": "", + "-->\\r\\n": "", + "<\/style>\\r\\n": "", + "<\/head>\\r\\n": "", + "<body>\\r\\n": "", + "<div id=\"header\"><h1>Server Error<\/h1><\/div>\\r\\n": "", + "<div id=\"content\">\\r\\n": "", + " <div class=\"content-container\"><fieldset>\\r\\n": "", + " <h2>401 - Unauthorized: Access is denied due to invalid credentials.<\/h2>\\r\\n": "", + " <h3>You do not have permission to view this directory or page using the credentials that you supplied.<\/h3>\\r\\n": "", + " <\/fieldset><\/div>\\r\\n": "", + "<\/div>\\r\\n": "", + "<\/body>\\r\\n": "", + "<\/html>\\r\\n": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.521259000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.521259000", + "frame.time_delta": "0.000077000", + "frame.time_delta_displayed": "0.000077000", + "frame.time_relative": "140.060573000", + "frame.number": "294", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004519", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x000045c2", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35286", + "tcp.port": "80", + "tcp.port": "35286", + "tcp.stream": "10", + "tcp.len": "0", + "tcp.seq": "1620", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000097c3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.521698000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.521698000", + "frame.time_delta": "0.000439000", + "frame.time_delta_displayed": "0.000439000", + "frame.time_relative": "140.061012000", + "frame.number": "295", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005d7b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d860", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35286", + "tcp.dstport": "80", + "tcp.port": "35286", + "tcp.port": "80", + "tcp.stream": "10", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "1381", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "31740", + "tcp.window_size": "31740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000341b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "291", + "tcp.analysis.ack_rtt": "0.000618000", + "tcp.analysis.initial_rtt": "0.136049000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.521711000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.521711000", + "frame.time_delta": "0.000013000", + "frame.time_delta_displayed": "0.000013000", + "frame.time_relative": "140.061025000", + "frame.number": "296", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005d7c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d85f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35286", + "tcp.dstport": "80", + "tcp.port": "35286", + "tcp.port": "80", + "tcp.stream": "10", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "1461", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "31740", + "tcp.window_size": "31740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000033cb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "292", + "tcp.analysis.ack_rtt": "0.000605000", + "tcp.analysis.initial_rtt": "0.136049000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.521720000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.521720000", + "frame.time_delta": "0.000009000", + "frame.time_delta_displayed": "0.000009000", + "frame.time_relative": "140.061034000", + "frame.number": "297", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005d7d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d85e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35286", + "tcp.dstport": "80", + "tcp.port": "35286", + "tcp.port": "80", + "tcp.stream": "10", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "1620", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "31740", + "tcp.window_size": "31740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000332c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "293", + "tcp.analysis.ack_rtt": "0.000538000", + "tcp.analysis.initial_rtt": "0.136049000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.522082000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.522082000", + "frame.time_delta": "0.000362000", + "frame.time_delta_displayed": "0.000362000", + "frame.time_relative": "140.061396000", + "frame.number": "298", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005d7e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d85d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35286", + "tcp.dstport": "80", + "tcp.port": "35286", + "tcp.port": "80", + "tcp.stream": "10", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "1621", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "31740", + "tcp.window_size": "31740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000332a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "294", + "tcp.analysis.ack_rtt": "0.000823000", + "tcp.analysis.initial_rtt": "0.136049000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.522980000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.522980000", + "frame.time_delta": "0.000898000", + "frame.time_delta_displayed": "0.000898000", + "frame.time_relative": "140.062294000", + "frame.number": "299", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000082ce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000035ec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "43891", + "udp.dstport": "53", + "udp.port": "43891", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00000ac0", + "udp.checksum.status": "2", + "udp.stream": "21" + }, + "dns": { + "dns.id": "0x00000f0a", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.523566000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.523566000", + "frame.time_delta": "0.000586000", + "frame.time_delta_displayed": "0.000586000", + "frame.time_relative": "140.062880000", + "frame.number": "300", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000075b9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004301", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "43891", + "udp.port": "53", + "udp.port": "43891", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "21" + }, + "dns": { + "dns.response_to": "299", + "dns.time": "0.000586000", + "dns.id": "0x00000f0a", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.524360000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.524360000", + "frame.time_delta": "0.000794000", + "frame.time_delta_displayed": "0.000794000", + "frame.time_relative": "140.063674000", + "frame.number": "301", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000082cf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000035eb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "59246", + "udp.dstport": "53", + "udp.port": "59246", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000e9c3", + "udp.checksum.status": "2", + "udp.stream": "22" + }, + "dns": { + "dns.id": "0x00000f0b", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.524893000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.524893000", + "frame.time_delta": "0.000533000", + "frame.time_delta_displayed": "0.000533000", + "frame.time_relative": "140.064207000", + "frame.number": "302", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x000075ba", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000042f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "59246", + "udp.port": "53", + "udp.port": "59246", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "22" + }, + "dns": { + "dns.response_to": "301", + "dns.time": "0.000533000", + "dns.id": "0x00000f0b", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "46", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.526070000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.526070000", + "frame.time_delta": "0.001177000", + "frame.time_delta_displayed": "0.001177000", + "frame.time_relative": "140.065384000", + "frame.number": "303", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000052d4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e2fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35287", + "tcp.dstport": "80", + "tcp.port": "35287", + "tcp.port": "80", + "tcp.stream": "11", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00000c3b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.657135000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.657135000", + "frame.time_delta": "0.131065000", + "frame.time_delta_displayed": "0.131065000", + "frame.time_relative": "140.196449000", + "frame.number": "304", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007ef0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00000beb", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35286", + "tcp.port": "80", + "tcp.port": "35286", + "tcp.stream": "10", + "tcp.len": "0", + "tcp.seq": "1621", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000097c2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "298", + "tcp.analysis.ack_rtt": "0.135053000", + "tcp.analysis.initial_rtt": "0.136049000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.662655000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.662655000", + "frame.time_delta": "0.005520000", + "frame.time_delta_displayed": "0.005520000", + "frame.time_relative": "140.201969000", + "frame.number": "305", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x0000efa1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00009b31", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35287", + "tcp.port": "80", + "tcp.port": "35287", + "tcp.stream": "11", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x0000fc37", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "303", + "tcp.analysis.ack_rtt": "0.136585000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.663154000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.663154000", + "frame.time_delta": "0.000499000", + "frame.time_delta_displayed": "0.000499000", + "frame.time_relative": "140.202468000", + "frame.number": "306", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000052d5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e306", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35287", + "tcp.dstport": "80", + "tcp.port": "35287", + "tcp.port": "80", + "tcp.stream": "11", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000c5c6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "305", + "tcp.analysis.ack_rtt": "0.000499000", + "tcp.analysis.initial_rtt": "0.137084000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.663439000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.663439000", + "frame.time_delta": "0.000285000", + "frame.time_delta_displayed": "0.000285000", + "frame.time_relative": "140.202753000", + "frame.number": "307", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x000052d6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e0ad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35287", + "tcp.dstport": "80", + "tcp.port": "35287", + "tcp.port": "80", + "tcp.stream": "11", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00006049", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137084000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:37:37:22:2c:20:4e:6f:6e:63:65:3d:22:4a:73:6a:74:79:6b:4e:7a:52:66:43:35:49:4e:55:49:7a:52:72:69:4c:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:41:2b:43:42:52:42:49:44:33:2f:54:5a:71:66:46:55:78:4d:67:70:67:77:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.800484000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.800484000", + "frame.time_delta": "0.137045000", + "frame.time_delta_displayed": "0.137045000", + "frame.time_relative": "140.339798000", + "frame.number": "308", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002ce8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00005df3", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35287", + "tcp.port": "80", + "tcp.port": "35287", + "tcp.stream": "11", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000022fb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "307", + "tcp.analysis.ack_rtt": "0.137045000", + "tcp.analysis.initial_rtt": "0.137084000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.801113000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.801113000", + "frame.time_delta": "0.000629000", + "frame.time_delta_displayed": "0.000629000", + "frame.time_relative": "140.340427000", + "frame.number": "309", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x000052d7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000de24", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35287", + "tcp.dstport": "80", + "tcp.port": "35287", + "tcp.port": "80", + "tcp.stream": "11", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000b40d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137084000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "2a:6d:fc:a6:7e:49:84:19:5e:c3:71:da:3f:36:c2:60:92:e9:cf:c0:d3:7f:32:a9:c8:2d:3c:1b:07:d7:6c:ec:c0:f6:ed:b2:9f:12:e1:99:c1:ed:8e:e5:1c:27:82:53:48:a6:7a:fe:99:da:da:f3:18:fd:9b:bb:f4:35:94:36:e6:7e:31:ce:15:c1:7a:47:83:ec:87:42:27:4e:ea:80:80:20:4b:b3:24:c6:0b:66:74:15:07:03:42:c6:bd:da:31:b7:2b:3e:dd:fa:8c:f0:57:3b:5f:17:bc:44:a0:70:81:48:34:1f:78:57:68:40:f9:40:be:4a:5f:30:71:89:10:95:f4:98:94:95:0d:3e:77:28:bd:d7:47:c4:04:2b:18:3c:83:29:44:30:f6:09:85:7e:40:b9:96:9b:18:44:58:02:f1:9a:36:c8:30:cf:41:08:6c:52:10:4c:26:8c:72:12:cd:12:24:64:a9:80:5d:0c:08:4d:a1:7d:fc:16:2c:95:14:dd:76:9f:b8:2f:79:73:a9:c3:ad:57:4e:40:e9:95:6e:21:7a:d8:0e:95:71:5e:69:b3:4e:5e:87:03:2d:5e:58:90:e0:e5:8b:a6:02:cd:c6:e0:cc:a2:8a:ab:ce:70:c9:05:8b:d5:d3:a1:22:e2:0e:ce:45:da:b9:24:35:d2:84:8f:a6:40:5f:98:7c:57:9b:0c:7f:6f:78:6a:27:13:9c:60:23:fc:35:a6:de:86:f4:2a:48:25:49:18:fa:dd:f0:1b:01:cd:21:31:84:45:73:9d:46:39:fe:54:b1:51:ce:dc:7d:a0:fb:cf:33:da:ad:1e:bf:9a:f6:43:5a:d3:cb:df:26:c8:e5:5c:c7:de:c3:3f:51:3e:ae:19:d9:cf:2f:18:e2:e4:39:d8:78:83:c1:8c:1b:46:e6:9c:bc:fa:ef:8f:8d:2c:7f:b6:f3:d3:ce:14:91:44:a8:b6:d2:0c:2b:55:1b:57:f2:e2:5d:d2:0c:e0:b4:2a:d9:7a:88:54:5a:e6:68:32:7d:d6:c8:e4:9c:7e:8e:4d:ae:0c:22:91:55:2d:11:ff:31:c9:66:e4:1c:9e:94:9d:65:c5:30:d1:26:f1:64:67:34:50:64:47:9c:29:ef:16:bf:4b:9a:eb:c8:15:40:43:39:34:06:57:12:b8:b0:96:b1:1f:e6:9a:e3:0a:e7:b7:61:2f:58:a5:39:e6:35:bf:d7:78:31:e2:d8:59:40:bf:00:80:e3:de:57:3d:40:7b:57:ac:63:e3:68:c1:23:c6:6c:47:5e:ce:d7:15:c6:c2:5b:41:91:c6:a8:a7:c9:46:5f:2a:b8:c9:c3:0f:52:e9:3b:f5:30:a7:b3:b1:bd:c8:dd:97:02:6f:3c:ef:af:b7:45:b7:2a:e5:97:f7:8b:3b:77:b9:9e:b8:21:16:6e:e9:0e:0f:44:8a:fa:aa:7a:63:4c:6c:ea:47:2f:06:33:09:8a:df:26:c2:47:56:72:43:4b:5c:2b:b4:3d:c3:98:46:d8:2a:7f:53:d9:bc:ed:94:74:00:5a:a8:9b:7e:d0:68:52:c2:a5:04:e7:6b:ab:4b:b0:bd:1c:43:d9:87:43:bb:ee:2b:16:e3:5f:84:4a:b5:97:2e:a3:6f:7a:ae:8e:e1:36:b6:54:00:12:5f:b2:c0:60:c4:d2:24:81:36:47:63:0e:18:bf:61:f4:c9:b8:ab:fb:dd:20:fa:31:ba:69:3f:03:7d:cb:54:01:33:7d:6c:e7:fb:c3:44:99:4e:1d:e7:25:38:00:18:84:43:5b:51:92:ea:b6:3a:09:6d:e5:4b:57:5e:dd:5c:94:a3:22:d0:61:43:d8:d9:2e:1e:b3:b8:d5:24:fd:96:83:ef:80:bf:90:7e:40:97:92:40:c0:17:45:d6:c0:75:8e:9c:0d:9c:80:db:bd:d8:15:39:1b:53:a4:5b:65:6e:4f:18:ae:73:ce:d0:4d:40:b0:70:d6:b2:ba:5c:75:9a:2d:1f:b0:fa:d2:c6:34:97:fd:18:2e:aa:b3:69:10:a9:63:c3:46:38:e5:ea:85:d9:01:e7:ef:87:2c:5f:57:e6:49:23:3c:bb:4e:5c:9f:37:02:1f:6f:db:11:95:4d:21:53:21:f2:88:f1:ff:b7:3d:ca:ea:52:f9:65:e1:c9:26:4a:30:19:86:f6:77:50:2a:f0:a8:f4:86:21:c7:e3:32:07:57:92:84:30:db:3b:37:2f:7f:a6:fe:3d:56:75:aa:04:35:b0:9f:3e:9b:fe:c0:2c:4a:4e:de:0d:f2:91:be:c8:38:9a:fa:bc:05:62:46:ca:e3:22:61:04:04:b7:01:44:6f:51:9d:e9:32:56:d3:a2:38:54:78:31:a3:35:84:f8:ab:09:69:17:a8:49:f7:bf:04:8b:ef:f3:0d:c0:04:5e:31:5b:dc:ac:8e:e6:b9:3a:79:03:2a:f6:a3:0d:80:44:da:72:b4:0e:4b:dd:fd:38:d1:12:18:46:e0:b7:22:f5:f4:ba:5f:95:7f:f5:00:73:c0:23:13:9f:3f:6f:7b:ab:42:b0:31:fc:b2:82:fe:a4:18:72:0d:fb:61:dc:6e:1b:ae:7e:b5:f4:e9:de:e5:a7:95:90:d3:80:b6:8c:4d:b8:29:b6:0e:be:dd:fd:5e:70:c3:1f:1b:9a:74:bc:d2:d8:73:ab:87:08:0c:ec:d5:49:ae:aa:a2:39:10:75:22:67:d9:55:ad:6f:2f:28:8c:80:33:52:19:39:09:08:9b:17:11:3d:a9:b9:e6:8d:28:7a:20:33:87:80:73:22:f0:aa:43:78:78:fc:fb:57:ab:49:0c:1d:09:26:61:9e:ae:04:c6:17:8d:05:8f:1a:7d:28:d6:51:91:6e:26:9b:d0:57:c6:bc:5f:23:78:44:6a:05:16:64:eb:cb:0a:be:a7:09:1c:15:7c:5b:fb:97:21:be:b2:1e:24:85:24:cc:f1:b3:bf:31:ee:85:83:0d:22:6c:47:6f:ec:76:5a:25:3a:c4:fa:f2:59:ff:ff:64:15:4b:86:43:3a:9a:62:bf:78:a1:a9:53:0c:13:9a:1e:fa:7f:9b:17:82:82:cb:b1:1a:e2:7b:43:95:af:5c:2a:d5:d5:ca:84:73:92:94:6f:a9:cf:4f:b5:1a:ba:47:64:7c:c3:94:df:c7:5a:d2:be:1e:bf:f0:d5:3c:82:b0:4a:09:b4:02:35:ee:3c:a1:2f:fc:53:1b:fe:2f:26:98:80:b8:1e:be:fd:8c:b4:ed:69:42:bd:c5:bc:59:63:f7:f2:47:6d:32:62:c9:10:12" + }, + "tcp.segments": { + "tcp.segment": "307", + "tcp.segment": "309", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:37:37:22:2c:20:4e:6f:6e:63:65:3d:22:4a:73:6a:74:79:6b:4e:7a:52:66:43:35:49:4e:55:49:7a:52:72:69:4c:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:41:2b:43:42:52:42:49:44:33:2f:54:5a:71:66:46:55:78:4d:67:70:67:77:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:2a:6d:fc:a6:7e:49:84:19:5e:c3:71:da:3f:36:c2:60:92:e9:cf:c0:d3:7f:32:a9:c8:2d:3c:1b:07:d7:6c:ec:c0:f6:ed:b2:9f:12:e1:99:c1:ed:8e:e5:1c:27:82:53:48:a6:7a:fe:99:da:da:f3:18:fd:9b:bb:f4:35:94:36:e6:7e:31:ce:15:c1:7a:47:83:ec:87:42:27:4e:ea:80:80:20:4b:b3:24:c6:0b:66:74:15:07:03:42:c6:bd:da:31:b7:2b:3e:dd:fa:8c:f0:57:3b:5f:17:bc:44:a0:70:81:48:34:1f:78:57:68:40:f9:40:be:4a:5f:30:71:89:10:95:f4:98:94:95:0d:3e:77:28:bd:d7:47:c4:04:2b:18:3c:83:29:44:30:f6:09:85:7e:40:b9:96:9b:18:44:58:02:f1:9a:36:c8:30:cf:41:08:6c:52:10:4c:26:8c:72:12:cd:12:24:64:a9:80:5d:0c:08:4d:a1:7d:fc:16:2c:95:14:dd:76:9f:b8:2f:79:73:a9:c3:ad:57:4e:40:e9:95:6e:21:7a:d8:0e:95:71:5e:69:b3:4e:5e:87:03:2d:5e:58:90:e0:e5:8b:a6:02:cd:c6:e0:cc:a2:8a:ab:ce:70:c9:05:8b:d5:d3:a1:22:e2:0e:ce:45:da:b9:24:35:d2:84:8f:a6:40:5f:98:7c:57:9b:0c:7f:6f:78:6a:27:13:9c:60:23:fc:35:a6:de:86:f4:2a:48:25:49:18:fa:dd:f0:1b:01:cd:21:31:84:45:73:9d:46:39:fe:54:b1:51:ce:dc:7d:a0:fb:cf:33:da:ad:1e:bf:9a:f6:43:5a:d3:cb:df:26:c8:e5:5c:c7:de:c3:3f:51:3e:ae:19:d9:cf:2f:18:e2:e4:39:d8:78:83:c1:8c:1b:46:e6:9c:bc:fa:ef:8f:8d:2c:7f:b6:f3:d3:ce:14:91:44:a8:b6:d2:0c:2b:55:1b:57:f2:e2:5d:d2:0c:e0:b4:2a:d9:7a:88:54:5a:e6:68:32:7d:d6:c8:e4:9c:7e:8e:4d:ae:0c:22:91:55:2d:11:ff:31:c9:66:e4:1c:9e:94:9d:65:c5:30:d1:26:f1:64:67:34:50:64:47:9c:29:ef:16:bf:4b:9a:eb:c8:15:40:43:39:34:06:57:12:b8:b0:96:b1:1f:e6:9a:e3:0a:e7:b7:61:2f:58:a5:39:e6:35:bf:d7:78:31:e2:d8:59:40:bf:00:80:e3:de:57:3d:40:7b:57:ac:63:e3:68:c1:23:c6:6c:47:5e:ce:d7:15:c6:c2:5b:41:91:c6:a8:a7:c9:46:5f:2a:b8:c9:c3:0f:52:e9:3b:f5:30:a7:b3:b1:bd:c8:dd:97:02:6f:3c:ef:af:b7:45:b7:2a:e5:97:f7:8b:3b:77:b9:9e:b8:21:16:6e:e9:0e:0f:44:8a:fa:aa:7a:63:4c:6c:ea:47:2f:06:33:09:8a:df:26:c2:47:56:72:43:4b:5c:2b:b4:3d:c3:98:46:d8:2a:7f:53:d9:bc:ed:94:74:00:5a:a8:9b:7e:d0:68:52:c2:a5:04:e7:6b:ab:4b:b0:bd:1c:43:d9:87:43:bb:ee:2b:16:e3:5f:84:4a:b5:97:2e:a3:6f:7a:ae:8e:e1:36:b6:54:00:12:5f:b2:c0:60:c4:d2:24:81:36:47:63:0e:18:bf:61:f4:c9:b8:ab:fb:dd:20:fa:31:ba:69:3f:03:7d:cb:54:01:33:7d:6c:e7:fb:c3:44:99:4e:1d:e7:25:38:00:18:84:43:5b:51:92:ea:b6:3a:09:6d:e5:4b:57:5e:dd:5c:94:a3:22:d0:61:43:d8:d9:2e:1e:b3:b8:d5:24:fd:96:83:ef:80:bf:90:7e:40:97:92:40:c0:17:45:d6:c0:75:8e:9c:0d:9c:80:db:bd:d8:15:39:1b:53:a4:5b:65:6e:4f:18:ae:73:ce:d0:4d:40:b0:70:d6:b2:ba:5c:75:9a:2d:1f:b0:fa:d2:c6:34:97:fd:18:2e:aa:b3:69:10:a9:63:c3:46:38:e5:ea:85:d9:01:e7:ef:87:2c:5f:57:e6:49:23:3c:bb:4e:5c:9f:37:02:1f:6f:db:11:95:4d:21:53:21:f2:88:f1:ff:b7:3d:ca:ea:52:f9:65:e1:c9:26:4a:30:19:86:f6:77:50:2a:f0:a8:f4:86:21:c7:e3:32:07:57:92:84:30:db:3b:37:2f:7f:a6:fe:3d:56:75:aa:04:35:b0:9f:3e:9b:fe:c0:2c:4a:4e:de:0d:f2:91:be:c8:38:9a:fa:bc:05:62:46:ca:e3:22:61:04:04:b7:01:44:6f:51:9d:e9:32:56:d3:a2:38:54:78:31:a3:35:84:f8:ab:09:69:17:a8:49:f7:bf:04:8b:ef:f3:0d:c0:04:5e:31:5b:dc:ac:8e:e6:b9:3a:79:03:2a:f6:a3:0d:80:44:da:72:b4:0e:4b:dd:fd:38:d1:12:18:46:e0:b7:22:f5:f4:ba:5f:95:7f:f5:00:73:c0:23:13:9f:3f:6f:7b:ab:42:b0:31:fc:b2:82:fe:a4:18:72:0d:fb:61:dc:6e:1b:ae:7e:b5:f4:e9:de:e5:a7:95:90:d3:80:b6:8c:4d:b8:29:b6:0e:be:dd:fd:5e:70:c3:1f:1b:9a:74:bc:d2:d8:73:ab:87:08:0c:ec:d5:49:ae:aa:a2:39:10:75:22:67:d9:55:ad:6f:2f:28:8c:80:33:52:19:39:09:08:9b:17:11:3d:a9:b9:e6:8d:28:7a:20:33:87:80:73:22:f0:aa:43:78:78:fc:fb:57:ab:49:0c:1d:09:26:61:9e:ae:04:c6:17:8d:05:8f:1a:7d:28:d6:51:91:6e:26:9b:d0:57:c6:bc:5f:23:78:44:6a:05:16:64:eb:cb:0a:be:a7:09:1c:15:7c:5b:fb:97:21:be:b2:1e:24:85:24:cc:f1:b3:bf:31:ee:85:83:0d:22:6c:47:6f:ec:76:5a:25:3a:c4:fa:f2:59:ff:ff:64:15:4b:86:43:3a:9a:62:bf:78:a1:a9:53:0c:13:9a:1e:fa:7f:9b:17:82:82:cb:b1:1a:e2:7b:43:95:af:5c:2a:d5:d5:ca:84:73:92:94:6f:a9:cf:4f:b5:1a:ba:47:64:7c:c3:94:df:c7:5a:d2:be:1e:bf:f0:d5:3c:82:b0:4a:09:b4:02:35:ee:3c:a1:2f:fc:53:1b:fe:2f:26:98:80:b8:1e:be:fd:8c:b4:ed:69:42:bd:c5:bc:59:63:f7:f2:47:6d:32:62:c9:10:12" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"177\", Nonce=\"JsjtykNzRfC5INUIzRriLw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"A+CBRBID3\/TZqfFUxMgpgw==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"177\", Nonce=\"JsjtykNzRfC5INUIzRriLw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"A+CBRBID3\/TZqfFUxMgpgw==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "*m\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~I\u00ef\u00bf\u00bd\u0019^\u00ef\u00bf\u00bdq\u00ef\u00bf\u00bd?6\u00ef\u00bf\u00bd`\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u007f2\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd-<\u001b\u0007\u00ef\u00bf\u00bdl\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0012\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c'\u00ef\u00bf\u00bdSH\u00ef\u00bf\u00bdz\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd5\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bd~1\u00ef\u00bf\u00bd\u0015\u00ef\u00bf\u00bdzG\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdB'N\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd K\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bd\u000bft\u0015\u0007\u0003B\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bd+>\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdW;_\u0017\u00ef\u00bf\u00bdD\u00ef\u00bf\u00bdp\u00ef\u00bf\u00bdH4\u001fxWh@\u00ef\u00bf\u00bd@\u00ef\u00bf\u00bdJ_0q\u00ef\u00bf\u00bd\u0010\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\r>w(\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdG\u00ef\u00bf\u00bd\u0004+\u0018<\u00ef\u00bf\u00bd)D0\u00ef\u00bf\u00bd\t\u00ef\u00bf\u00bd~@\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0018DX\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bd0\u00ef\u00bf\u00bdA\blR\u0010L&\u00ef\u00bf\u00bdr\u0012\u00ef\u00bf\u00bd\u0012$d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd]\f\bM\u00ef\u00bf\u00bd}\u00ef\u00bf\u00bd\u0016,\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bdv\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\/ys\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdWN@\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdn!z\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bdq^i\u00ef\u00bf\u00bdN^\u00ef\u00bf\u00bd\u0003-^X\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdp\u00ef\u00bf\u00bd\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bdE\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd$5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd@_\u00ef\u00bf\u00bd|W\u00ef\u00bf\u00bd\f\u007foxj'\u0013\u00ef\u00bf\u00bd`#\u00ef\u00bf\u00bd5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd*H%I\u0018\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001b\u0001\u00ef\u00bf\u00bd!1\u00ef\u00bf\u00bdEs\u00ef\u00bf\u00bdF9\u00ef\u00bf\u00bdT\u00ef\u00bf\u00bdQ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdCZ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\\\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd?Q>\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\/\u0018\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd9\u00ef\u00bf\u00bdx\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001bF\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd,\u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bdD\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\f+U\u001bW\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd]\u00ef\u00bf\u00bd\f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd*\u00ef\u00bf\u00bdz\u00ef\u00bf\u00bdTZ\u00ef\u00bf\u00bdh2}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bdM\u00ef\u00bf\u00bd\f\"\u00ef\u00bf\u00bdU-\u0011\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bdf\u00ef\u00bf\u00bd\u001c\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bde\u00ef\u00bf\u00bd0\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bddg4PdG\u00ef\u00bf\u00bd)\u00ef\u00bf\u00bd\u0016\u00ef\u00bf\u00bdK\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0015@C94\u0006W\u0012\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\n\u00ef\u00bf\u00bd\u00ef\u00bf\u00bda\/X\u00ef\u00bf\u00bd9\u00ef\u00bf\u00bd5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdx1\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdY@\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "2a:6d:fc:a6:7e:49:84:19:5e:c3:71:da:3f:36:c2:60:92:e9:cf:c0:d3:7f:32:a9:c8:2d:3c:1b:07:d7:6c:ec:c0:f6:ed:b2:9f:12:e1:99:c1:ed:8e:e5:1c:27:82:53:48:a6:7a:fe:99:da:da:f3:18:fd:9b:bb:f4:35:94:36:e6:7e:31:ce:15:c1:7a:47:83:ec:87:42:27:4e:ea:80:80:20:4b:b3:24:c6:0b:66:74:15:07:03:42:c6:bd:da:31:b7:2b:3e:dd:fa:8c:f0:57:3b:5f:17:bc:44:a0:70:81:48:34:1f:78:57:68:40:f9:40:be:4a:5f:30:71:89:10:95:f4:98:94:95:0d:3e:77:28:bd:d7:47:c4:04:2b:18:3c:83:29:44:30:f6:09:85:7e:40:b9:96:9b:18:44:58:02:f1:9a:36:c8:30:cf:41:08:6c:52:10:4c:26:8c:72:12:cd:12:24:64:a9:80:5d:0c:08:4d:a1:7d:fc:16:2c:95:14:dd:76:9f:b8:2f:79:73:a9:c3:ad:57:4e:40:e9:95:6e:21:7a:d8:0e:95:71:5e:69:b3:4e:5e:87:03:2d:5e:58:90:e0:e5:8b:a6:02:cd:c6:e0:cc:a2:8a:ab:ce:70:c9:05:8b:d5:d3:a1:22:e2:0e:ce:45:da:b9:24:35:d2:84:8f:a6:40:5f:98:7c:57:9b:0c:7f:6f:78:6a:27:13:9c:60:23:fc:35:a6:de:86:f4:2a:48:25:49:18:fa:dd:f0:1b:01:cd:21:31:84:45:73:9d:46:39:fe:54:b1:51:ce:dc:7d:a0:fb:cf:33:da:ad:1e:bf:9a:f6:43:5a:d3:cb:df:26:c8:e5:5c:c7:de:c3:3f:51:3e:ae:19:d9:cf:2f:18:e2:e4:39:d8:78:83:c1:8c:1b:46:e6:9c:bc:fa:ef:8f:8d:2c:7f:b6:f3:d3:ce:14:91:44:a8:b6:d2:0c:2b:55:1b:57:f2:e2:5d:d2:0c:e0:b4:2a:d9:7a:88:54:5a:e6:68:32:7d:d6:c8:e4:9c:7e:8e:4d:ae:0c:22:91:55:2d:11:ff:31:c9:66:e4:1c:9e:94:9d:65:c5:30:d1:26:f1:64:67:34:50:64:47:9c:29:ef:16:bf:4b:9a:eb:c8:15:40:43:39:34:06:57:12:b8:b0:96:b1:1f:e6:9a:e3:0a:e7:b7:61:2f:58:a5:39:e6:35:bf:d7:78:31:e2:d8:59:40:bf:00:80:e3:de:57:3d:40:7b:57:ac:63:e3:68:c1:23:c6:6c:47:5e:ce:d7:15:c6:c2:5b:41:91:c6:a8:a7:c9:46:5f:2a:b8:c9:c3:0f:52:e9:3b:f5:30:a7:b3:b1:bd:c8:dd:97:02:6f:3c:ef:af:b7:45:b7:2a:e5:97:f7:8b:3b:77:b9:9e:b8:21:16:6e:e9:0e:0f:44:8a:fa:aa:7a:63:4c:6c:ea:47:2f:06:33:09:8a:df:26:c2:47:56:72:43:4b:5c:2b:b4:3d:c3:98:46:d8:2a:7f:53:d9:bc:ed:94:74:00:5a:a8:9b:7e:d0:68:52:c2:a5:04:e7:6b:ab:4b:b0:bd:1c:43:d9:87:43:bb:ee:2b:16:e3:5f:84:4a:b5:97:2e:a3:6f:7a:ae:8e:e1:36:b6:54:00:12:5f:b2:c0:60:c4:d2:24:81:36:47:63:0e:18:bf:61:f4:c9:b8:ab:fb:dd:20:fa:31:ba:69:3f:03:7d:cb:54:01:33:7d:6c:e7:fb:c3:44:99:4e:1d:e7:25:38:00:18:84:43:5b:51:92:ea:b6:3a:09:6d:e5:4b:57:5e:dd:5c:94:a3:22:d0:61:43:d8:d9:2e:1e:b3:b8:d5:24:fd:96:83:ef:80:bf:90:7e:40:97:92:40:c0:17:45:d6:c0:75:8e:9c:0d:9c:80:db:bd:d8:15:39:1b:53:a4:5b:65:6e:4f:18:ae:73:ce:d0:4d:40:b0:70:d6:b2:ba:5c:75:9a:2d:1f:b0:fa:d2:c6:34:97:fd:18:2e:aa:b3:69:10:a9:63:c3:46:38:e5:ea:85:d9:01:e7:ef:87:2c:5f:57:e6:49:23:3c:bb:4e:5c:9f:37:02:1f:6f:db:11:95:4d:21:53:21:f2:88:f1:ff:b7:3d:ca:ea:52:f9:65:e1:c9:26:4a:30:19:86:f6:77:50:2a:f0:a8:f4:86:21:c7:e3:32:07:57:92:84:30:db:3b:37:2f:7f:a6:fe:3d:56:75:aa:04:35:b0:9f:3e:9b:fe:c0:2c:4a:4e:de:0d:f2:91:be:c8:38:9a:fa:bc:05:62:46:ca:e3:22:61:04:04:b7:01:44:6f:51:9d:e9:32:56:d3:a2:38:54:78:31:a3:35:84:f8:ab:09:69:17:a8:49:f7:bf:04:8b:ef:f3:0d:c0:04:5e:31:5b:dc:ac:8e:e6:b9:3a:79:03:2a:f6:a3:0d:80:44:da:72:b4:0e:4b:dd:fd:38:d1:12:18:46:e0:b7:22:f5:f4:ba:5f:95:7f:f5:00:73:c0:23:13:9f:3f:6f:7b:ab:42:b0:31:fc:b2:82:fe:a4:18:72:0d:fb:61:dc:6e:1b:ae:7e:b5:f4:e9:de:e5:a7:95:90:d3:80:b6:8c:4d:b8:29:b6:0e:be:dd:fd:5e:70:c3:1f:1b:9a:74:bc:d2:d8:73:ab:87:08:0c:ec:d5:49:ae:aa:a2:39:10:75:22:67:d9:55:ad:6f:2f:28:8c:80:33:52:19:39:09:08:9b:17:11:3d:a9:b9:e6:8d:28:7a:20:33:87:80:73:22:f0:aa:43:78:78:fc:fb:57:ab:49:0c:1d:09:26:61:9e:ae:04:c6:17:8d:05:8f:1a:7d:28:d6:51:91:6e:26:9b:d0:57:c6:bc:5f:23:78:44:6a:05:16:64:eb:cb:0a:be:a7:09:1c:15:7c:5b:fb:97:21:be:b2:1e:24:85:24:cc:f1:b3:bf:31:ee:85:83:0d:22:6c:47:6f:ec:76:5a:25:3a:c4:fa:f2:59:ff:ff:64:15:4b:86:43:3a:9a:62:bf:78:a1:a9:53:0c:13:9a:1e:fa:7f:9b:17:82:82:cb:b1:1a:e2:7b:43:95:af:5c:2a:d5:d5:ca:84:73:92:94:6f:a9:cf:4f:b5:1a:ba:47:64:7c:c3:94:df:c7:5a:d2:be:1e:bf:f0:d5:3c:82:b0:4a:09:b4:02:35:ee:3c:a1:2f:fc:53:1b:fe:2f:26:98:80:b8:1e:be:fd:8c:b4:ed:69:42:bd:c5:bc:59:63:f7:f2:47:6d:32:62:c9:10:12" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.937967000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.937967000", + "frame.time_delta": "0.136854000", + "frame.time_delta_displayed": "0.136854000", + "frame.time_relative": "140.477281000", + "frame.number": "310", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006dfb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00001ce0", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35287", + "tcp.port": "80", + "tcp.port": "35287", + "tcp.stream": "11", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000193b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "309", + "tcp.analysis.ack_rtt": "0.136854000", + "tcp.analysis.initial_rtt": "0.137084000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.981196000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.981196000", + "frame.time_delta": "0.043229000", + "frame.time_delta_displayed": "0.043229000", + "frame.time_relative": "140.520510000", + "frame.number": "311", + "frame.len": "925", + "frame.cap_len": "925", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "911", + "ip.id": "0x000082c4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x000004b0", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35287", + "tcp.port": "80", + "tcp.port": "35287", + "tcp.stream": "11", + "tcp.len": "871", + "tcp.seq": "1", + "tcp.nxtseq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00004f60", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137084000", + "tcp.analysis.bytes_in_flight": "871", + "tcp.analysis.push_bytes_sent": "871" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_length_header": "560", + "http.content_length_header_tree": { + "http.content_length": "560" + }, + "http.response.line": "Content-Length: 560\r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Nonce=\"k4+7poeHhvC5INUIIwONFg==\"", + "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"k4+7poeHhvC5INUIIwONFg==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Tue, 31 Oct 2017 23:48:51 GMT", + "http.response.line": "Date: Tue, 31 Oct 2017 23:48:51 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.180083000", + "http.request_in": "309", + "http.file_data": "*m\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~I\u00ef\u00bf\u00bd\u0019^\u00ef\u00bf\u00bdq\u00ef\u00bf\u00bd?6\u00ef\u00bf\u00bd`\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u007f2\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd-<\u001b\u0007\u00ef\u00bf\u00bdl\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bd4AV\u001f\u00ef\u00bf\u00bd.('\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd}z\u0010m{\u00ef\u00bf\u00bd\u0001\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdv\u000eK\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd^NU\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd^\u00ef\u00bf\u00bd#\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd1n\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd<F\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|i\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdF\u000f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdI\u00ef\u00bf\u00bd\u001d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd0" + }, + "media": { + "media.type": "2a:6d:fc:a6:7e:49:84:19:5e:c3:71:da:3f:36:c2:60:92:e9:cf:c0:d3:7f:32:a9:c8:2d:3c:1b:07:d7:6c:ec:f6:da:1d:d7:b4:bb:d9:a5:0e:e4:34:41:56:1f:e1:2e:28:27:a4:b4:94:2f:fe:da:d4:a2:7d:7a:10:6d:7b:ef:01:a5:c2:a2:d0:ed:8f:76:0e:4b:85:d6:5e:4e:55:d7:85:be:e3:fe:4e:ef:f5:af:5e:96:23:a0:a7:7e:f7:31:6e:b8:d6:98:3c:46:e8:d6:da:7c:69:a0:96:46:0f:e4:a0:49:db:1d:8f:ee:30:00:9e:eb:e2:fc:9c:f6:ea:94:aa:00:cd:d9:4d:23:bb:51:08:bb:a3:d7:01:67:7f:15:01:78:0b:7d:5e:f7:18:eb:51:36:11:7f:69:8e:f5:3e:e8:46:3e:f6:2d:34:7b:b2:b3:16:3a:45:a1:63:71:d8:1e:fe:13:7e:16:7e:29:ff:f7:42:59:9d:5e:21:68:b4:3c:5b:d3:58:14:a4:3a:06:8a:62:12:ee:1e:c6:cd:0f:df:f0:a8:11:79:74:dc:bf:bf:43:87:66:fb:2c:01:c6:ce:89:28:be:b0:b8:3d:fb:e6:02:4d:05:e9:fb:0c:9a:7f:55:97:af:38:87:aa:40:eb:f1:cb:3a:3d:b9:48:58:57:55:1e:35:34:d0:84:b5:a4:58:df:3c:7f:23:b2:b6:94:d4:38:79:88:c0:2c:8e:ad:fb:d5:07:94:57:3d:85:69:79:5c:72:09:42:48:54:84:ba:cb:61:16:76:c6:24:ac:74:70:df:33:c0:54:d2:2e:27:ba:b9:d9:76:83:41:e9:56:42:ce:94:56:16:7e:c5:37:23:22:5a:ed:27:db:51:c2:75:a7:f4:41:a8:13:f7:56:f5:79:d6:d1:00:c0:01:97:35:c0:d0:82:49:db:a3:e8:f6:9b:31:86:b6:c7:93:72:9b:de:18:0d:1b:6f:fb:8f:91:31:3b:1b:e1:70:fe:f3:7b:a0:5b:4e:fe:99:14:b6:c2:c4:3a:15:c0:e4:1f:16:aa:be:9f:4a:94:91:7e:8e:12:9f:e5:a5:53:09:08:29:13:f5:bc:eb:72:74:25:8a:57:14:3d:cb:e4:21:04:ad:96:9f:57:52:7f:61:37:82:d1:cf:c5:44:9c:e5:e8:be:00:2b:0e:76:84:d7:3c:54:9e:f3:b6:7b:f7:00:d9:1a:8f:83:16:da:be:73:f5:cf:65:5a:92:2d:89:14:91:aa:c5:8e:d6:02:94:cf:c9:50:ae:5a:39:35:d1:75:29:4a:fa:74:62:33:74:b7:84:73:1e:43:ac:4c:12:41:17:9c:f5:6f:d6:65:61:d0:46:24:8d:53:fe:b0:65:39:ef:b3:b7:10:00:f4:d2:ed:2a:68:85:10:4b:21:af:3b:9c:b4:24:c7:d2:e1:29:48:3b:5c:96:8e:55:7b:35:d5" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.981285000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.981285000", + "frame.time_delta": "0.000089000", + "frame.time_delta_displayed": "0.000089000", + "frame.time_relative": "140.520599000", + "frame.number": "312", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000082c6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00000815", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35287", + "tcp.port": "80", + "tcp.port": "35287", + "tcp.stream": "11", + "tcp.len": "0", + "tcp.seq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000015d3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.981753000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.981753000", + "frame.time_delta": "0.000468000", + "frame.time_delta_displayed": "0.000468000", + "frame.time_relative": "140.521067000", + "frame.number": "313", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000052d8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e303", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35287", + "tcp.dstport": "80", + "tcp.port": "35287", + "tcp.port": "80", + "tcp.stream": "11", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "872", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000b622", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "311", + "tcp.analysis.ack_rtt": "0.000557000", + "tcp.analysis.initial_rtt": "0.137084000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:51.982460000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493731.982460000", + "frame.time_delta": "0.000707000", + "frame.time_delta_displayed": "0.000707000", + "frame.time_relative": "140.521774000", + "frame.number": "314", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000052d9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e302", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35287", + "tcp.dstport": "80", + "tcp.port": "35287", + "tcp.port": "80", + "tcp.stream": "11", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "873", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000b620", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "312", + "tcp.analysis.ack_rtt": "0.001175000", + "tcp.analysis.initial_rtt": "0.137084000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:52.118868000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493732.118868000", + "frame.time_delta": "0.136408000", + "frame.time_delta_displayed": "0.136408000", + "frame.time_relative": "140.658182000", + "frame.number": "315", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c4b4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000c626", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35287", + "tcp.port": "80", + "tcp.port": "35287", + "tcp.stream": "11", + "tcp.len": "0", + "tcp.seq": "873", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000015d2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "314", + "tcp.analysis.ack_rtt": "0.136408000", + "tcp.analysis.initial_rtt": "0.137084000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:55.368751000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493735.368751000", + "frame.time_delta": "3.249883000", + "frame.time_delta_displayed": "3.249883000", + "frame.time_relative": "143.908065000", + "frame.number": "316", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00000a89", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ee2d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "58", + "udp.checksum": "0x000051cb", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "32:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:84:a4:56:cd:8d:cc:f2:14:11:00:00:00:ae:73:a3:3c:d8:1c:02:00:46:8f:01:00:00:00", + "data.len": "50" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:55.554278000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493735.554278000", + "frame.time_delta": "0.185527000", + "frame.time_delta_displayed": "0.185527000", + "frame.time_relative": "144.093592000", + "frame.number": "317", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ce4", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bb0c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000da8", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000025c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=604", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:55.554840000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493735.554840000", + "frame.time_delta": "0.000562000", + "frame.time_delta_displayed": "0.000562000", + "frame.time_relative": "144.094154000", + "frame.number": "318", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ce5", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009c07", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000eea3", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000025c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=604", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:55.555425000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493735.555425000", + "frame.time_delta": "0.000585000", + "frame.time_delta_displayed": "0.000585000", + "frame.time_relative": "144.094739000", + "frame.number": "319", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007c69", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000025c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=604", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:55.570183000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493735.570183000", + "frame.time_delta": "0.014758000", + "frame.time_delta_displayed": "0.014758000", + "frame.time_relative": "144.109497000", + "frame.number": "320", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:48:55.570600000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493735.570600000", + "frame.time_delta": "0.000417000", + "frame.time_delta_displayed": "0.000417000", + "frame.time_relative": "144.109914000", + "frame.number": "321", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:00.233997000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493740.233997000", + "frame.time_delta": "4.663397000", + "frame.time_delta_displayed": "4.663397000", + "frame.time_relative": "148.773311000", + "frame.number": "322", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00004c59", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007cfe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:00.286853000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493740.286853000", + "frame.time_delta": "0.052856000", + "frame.time_delta_displayed": "0.052856000", + "frame.time_relative": "148.826167000", + "frame.number": "323", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00004c5d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007cfa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:00.339708000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493740.339708000", + "frame.time_delta": "0.052855000", + "frame.time_delta_displayed": "0.052855000", + "frame.time_relative": "148.879022000", + "frame.number": "324", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00004c5e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007cf0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:00.392592000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493740.392592000", + "frame.time_delta": "0.052884000", + "frame.time_delta_displayed": "0.052884000", + "frame.time_relative": "148.931906000", + "frame.number": "325", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00004c62", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007cec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:00.445463000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493740.445463000", + "frame.time_delta": "0.052871000", + "frame.time_delta_displayed": "0.052871000", + "frame.time_relative": "148.984777000", + "frame.number": "326", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00004c65", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007cef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:00.498394000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493740.498394000", + "frame.time_delta": "0.052931000", + "frame.time_delta_displayed": "0.052931000", + "frame.time_relative": "149.037708000", + "frame.number": "327", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00004c67", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007ced", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:02.662755000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493742.662755000", + "frame.time_delta": "2.164361000", + "frame.time_delta_displayed": "2.164361000", + "frame.time_relative": "151.202069000", + "frame.number": "328", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00008492", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003428", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56551", + "udp.dstport": "53", + "udp.port": "56551", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000d949", + "udp.checksum.status": "2", + "udp.stream": "23" + }, + "dns": { + "dns.id": "0x00000f0c", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:02.663365000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493742.663365000", + "frame.time_delta": "0.000610000", + "frame.time_delta_displayed": "0.000610000", + "frame.time_relative": "151.202679000", + "frame.number": "329", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000798f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003f2b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "56551", + "udp.port": "53", + "udp.port": "56551", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "23" + }, + "dns": { + "dns.response_to": "328", + "dns.time": "0.000610000", + "dns.id": "0x00000f0c", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:02.664177000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493742.664177000", + "frame.time_delta": "0.000812000", + "frame.time_delta_displayed": "0.000812000", + "frame.time_relative": "151.203491000", + "frame.number": "330", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00008493", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003427", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "48862", + "udp.dstport": "53", + "udp.port": "48862", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00001252", + "udp.checksum.status": "2", + "udp.stream": "24" + }, + "dns": { + "dns.id": "0x00000f0d", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:02.664593000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493742.664593000", + "frame.time_delta": "0.000416000", + "frame.time_delta_displayed": "0.000416000", + "frame.time_relative": "151.203907000", + "frame.number": "331", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00007990", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003f1a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "48862", + "udp.port": "53", + "udp.port": "48862", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "24" + }, + "dns": { + "dns.response_to": "330", + "dns.time": "0.000416000", + "dns.id": "0x00000f0d", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "35", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:02.665670000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493742.665670000", + "frame.time_delta": "0.001077000", + "frame.time_delta_displayed": "0.001077000", + "frame.time_relative": "151.204984000", + "frame.number": "332", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000aa37", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008b98", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35288", + "tcp.dstport": "80", + "tcp.port": "35288", + "tcp.port": "80", + "tcp.stream": "12", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000051d0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:02.802696000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493742.802696000", + "frame.time_delta": "0.137026000", + "frame.time_delta_displayed": "0.137026000", + "frame.time_relative": "151.342010000", + "frame.number": "333", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x00001b99", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00006f3a", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35288", + "tcp.port": "80", + "tcp.port": "35288", + "tcp.stream": "12", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x00007514", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "332", + "tcp.analysis.ack_rtt": "0.137026000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:02.803234000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493742.803234000", + "frame.time_delta": "0.000538000", + "frame.time_delta_displayed": "0.000538000", + "frame.time_relative": "151.342548000", + "frame.number": "334", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000aa38", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008ba3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35288", + "tcp.dstport": "80", + "tcp.port": "35288", + "tcp.port": "80", + "tcp.stream": "12", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003ea3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "333", + "tcp.analysis.ack_rtt": "0.000538000", + "tcp.analysis.initial_rtt": "0.137564000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:02.803248000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493742.803248000", + "frame.time_delta": "0.000014000", + "frame.time_delta_displayed": "0.000014000", + "frame.time_relative": "151.342562000", + "frame.number": "335", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x0000aa39", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000894a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35288", + "tcp.dstport": "80", + "tcp.port": "35288", + "tcp.port": "80", + "tcp.stream": "12", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008c94", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137564000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:37:38:22:2c:20:4e:6f:6e:63:65:3d:22:6b:34:2b:37:70:6f:65:48:68:76:43:35:49:4e:55:49:49:77:4f:4e:46:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:47:48:50:49:47:43:2b:59:50:72:54:49:34:2b:38:47:73:6d:6b:6e:4d:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:02.940621000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493742.940621000", + "frame.time_delta": "0.137373000", + "frame.time_delta_displayed": "0.137373000", + "frame.time_relative": "151.479935000", + "frame.number": "336", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005a47", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00003094", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35288", + "tcp.port": "80", + "tcp.port": "35288", + "tcp.stream": "12", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00009bd7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "335", + "tcp.analysis.ack_rtt": "0.137373000", + "tcp.analysis.initial_rtt": "0.137564000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:02.941267000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493742.941267000", + "frame.time_delta": "0.000646000", + "frame.time_delta_displayed": "0.000646000", + "frame.time_relative": "151.480581000", + "frame.number": "337", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x0000aa3a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000086c1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35288", + "tcp.dstport": "80", + "tcp.port": "35288", + "tcp.port": "80", + "tcp.stream": "12", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003739", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137564000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "5b:d9:6c:c9:bc:95:28:0b:62:2f:1b:31:59:1f:cc:ad:a3:d1:95:75:03:72:71:3e:a1:7d:1f:8d:ad:54:5c:9f:18:11:b0:08:94:3d:55:76:16:63:ad:41:7c:e8:96:13:1c:f2:15:b4:41:94:ad:78:88:03:0b:5c:95:0e:b5:6a:c6:85:14:0f:49:b2:6e:35:17:4b:07:c2:5a:23:1d:cc:36:e9:5d:3d:ce:4d:58:88:18:d8:fa:14:1b:f3:1d:28:a3:d3:99:33:b7:15:68:a8:6a:c3:fe:2b:86:94:5a:0f:46:d6:42:4c:0b:47:5d:e4:f8:23:c8:76:ee:09:90:2f:88:c5:24:40:3f:25:df:63:f3:8c:88:0d:4c:6f:3e:31:3d:9b:cc:96:a7:a7:74:52:b3:26:93:ce:b9:a6:01:d4:2f:66:fd:6b:0d:f7:2d:ec:36:4a:c9:ab:52:71:1c:43:c5:d6:e1:3e:c4:2e:47:3b:6a:fc:ba:9b:82:42:44:6a:e0:0b:ec:a7:3c:d8:aa:ae:cc:91:3f:5a:d8:8a:a2:e1:c3:61:78:6a:3b:e4:f1:f7:03:20:b7:2f:f6:69:16:11:95:0d:0d:8a:01:8b:07:d3:21:75:03:60:30:52:36:05:15:29:36:7d:bd:fb:b3:f0:dd:e0:c0:9e:74:b2:a3:cd:3f:30:7d:7b:79:78:7e:7d:d3:f8:50:09:7d:dc:85:4f:29:8a:2c:22:83:79:8a:b8:87:61:f0:06:5d:7e:ef:5b:b5:27:e2:04:87:28:b0:2b:6f:ef:e0:f9:a3:b3:d1:1d:20:4d:bb:cb:01:8c:27:b5:ed:c2:bf:a6:ca:d8:7f:ca:f6:4b:cc:9e:22:0a:67:4d:61:de:bb:b9:be:a0:d7:16:fb:9c:ef:11:b2:e5:05:5f:23:67:54:42:81:e6:2b:0d:25:d9:41:20:c7:81:94:53:84:48:25:65:77:64:6c:d8:3a:1e:2d:51:e7:3c:4f:86:ef:96:03:84:dc:63:a4:a3:e5:18:c1:5f:f0:0b:7b:77:54:c2:24:df:1a:ee:52:ae:cb:1e:8b:fd:63:8f:7e:df:f3:f3:1e:d9:8b:84:82:15:a0:cf:63:ec:98:a8:ea:90:08:4b:00:3a:e7:32:3c:32:11:f4:30:61:c9:65:c0:a2:4f:e7:b0:e7:1f:f5:04:a3:b4:7d:9c:ea:21:66:59:07:6d:67:37:60:9a:a0:a7:22:e2:44:8d:7c:cd:25:aa:8a:6a:e3:fa:b0:37:e8:75:1c:01:4c:9c:7f:12:e7:c2:4d:55:5b:03:23:cc:15:d8:c4:50:a5:d3:2a:32:70:c7:1a:93:7b:be:7b:65:c9:9a:27:52:d0:8c:5c:70:84:2b:2a:78:c5:be:f4:07:15:69:26:fa:8b:52:e3:09:d7:8c:1c:07:e3:29:2f:f2:55:cc:98:37:cc:7b:9e:2b:bc:b8:60:84:59:09:c2:f2:ed:9a:81:82:b0:be:e2:22:24:fc:8f:97:8d:28:4e:81:ef:68:28:2b:6f:5c:93:64:36:86:0a:16:8c:81:35:0a:4c:26:44:4d:57:47:6e:0e:bd:cd:e9:3e:e6:48:bc:01:b8:26:45:d2:76:11:b4:67:74:c8:a7:9d:1c:27:79:d3:eb:43:81:03:85:88:f6:39:92:e1:6b:a2:9f:89:78:da:b4:1d:35:86:d9:33:36:06:18:0d:f7:4b:1f:f9:44:14:78:08:81:6b:33:e3:75:5a:fd:68:ca:17:5d:2d:5d:bf:f3:68:71:de:a0:dd:17:1e:b3:ee:b0:15:da:c1:21:41:8f:65:5e:61:24:27:86:61:5c:ec:30:18:a5:b2:7b:3d:0f:08:9b:0f:a4:33:48:9e:76:11:5f:3f:36:d9:32:90:3a:e9:89:64:ff:b7:7c:5c:bf:85:c7:fe:7a:58:fd:67:f7:40:48:83:25:c1:88:5e:da:12:2f:10:66:de:83:3a:8f:9d:32:60:47:15:6d:4a:fb:3a:d3:80:ed:9f:fb:16:27:43:ad:c3:fb:41:33:c3:ad:6e:64:82:a7:40:d4:20:1f:c2:68:62:44:df:34:f3:a7:07:32:92:46:d6:2f:13:76:bc:bb:13:6d:d6:3e:68:8d:e1:48:b4:a3:61:77:3b:63:f4:1e:ff:b2:ba:0b:6a:ff:53:44:5e:d9:8a:ed:57:a0:86:3f:0c:08:6c:c5:a4:22:b8:c8:45:70:c7:de:2b:c3:1a:2f:82:26:d4:f2:c3:3f:f3:97:2f:f1:d8:00:08:cb:b7:00:0c:5f:7c:e6:6c:de:67:a1:53:3d:0a:3a:b0:bb:fb:81:fb:27:ea:18:51:db:f7:f8:1f:d2:dd:55:b1:f8:e1:ea:3b:3c:9d:bc:25:72:a8:19:9a:34:c6:c2:b5:cc:d1:fd:15:00:2a:89:cc:d4:66:d5:fb:d8:50:0c:ef:47:80:82:5a:ea:e2:41:d5:48:83:15:5b:03:1e:0d:13:a9:d0:b7:b3:ae:72:24:9c:d2:d7:85:93:17:d9:77:b6:0c:42:0c:25:fa:dd:80:2b:19:a1:ad:0a:c5:a9:fd:26:ba:43:f8:9c:1d:ef:e5:e0:68:1c:cd:14:5e:9a:7f:19:0a:6d:b3:4b:26:08:b0:29:f0:24:ce:a1:88:62:aa:27:5c:4a:8f:32:a7:6e:e0:fe:2f:8a:78:8b:25:18:76:9d:28:f1:0d:ff:6c:ce:a1:32:7a:28:d3:75:72:c1:cc:9c:73:04:05:9f:32:a8:40:58:06:5d:ab:16:36:04:82:0c:4e:ba:c6:9f:dc:a5:5b:94:18:be:85:3d:c0:43:6b:51:98:82:2e:55:0c:f9:f2:7f:74:d3:32:48:c8:37:39:83:9d:17:72:d3:e9:10:0e:90:7b:96:3b:8a:bd:4a:b2:3f:11:cd:cf:69:33:8e:fc:a6:6a:d8:21:28:08:1a:80:a5:37:1f:cd:df:9d:c1:0b:1e:36:87:53:43:7f:65:31:bd:59:5b:aa:10:8f:6b:86:e4:85:33:ab:00:02:e9:6d:e4:ab:b6:ef:e7:df:90:d5:92:60:39:2a:07:4d:ac:91:a0:1f:28:05:4f:59:69:3f:15:6b:d4:f3:1d:ee:a1:1f:a0:f6:b5:56:ba:02:a9:32:82:2f:2f:58:be:bb:b5:ab:2e:6c:00:90:a7:27:90:51:fe:21:f1:7c:e7:14:54:78:2e:7e:3a:e8:2c:55:84:27:5f:af:d7:b5:d0:42:0e:8a:84:a5:54:76:d7:62:af:15:54:35:62:1f:84:19:0f:da:2e:97:05:25" + }, + "tcp.segments": { + "tcp.segment": "335", + "tcp.segment": "337", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:37:38:22:2c:20:4e:6f:6e:63:65:3d:22:6b:34:2b:37:70:6f:65:48:68:76:43:35:49:4e:55:49:49:77:4f:4e:46:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:47:48:50:49:47:43:2b:59:50:72:54:49:34:2b:38:47:73:6d:6b:6e:4d:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:5b:d9:6c:c9:bc:95:28:0b:62:2f:1b:31:59:1f:cc:ad:a3:d1:95:75:03:72:71:3e:a1:7d:1f:8d:ad:54:5c:9f:18:11:b0:08:94:3d:55:76:16:63:ad:41:7c:e8:96:13:1c:f2:15:b4:41:94:ad:78:88:03:0b:5c:95:0e:b5:6a:c6:85:14:0f:49:b2:6e:35:17:4b:07:c2:5a:23:1d:cc:36:e9:5d:3d:ce:4d:58:88:18:d8:fa:14:1b:f3:1d:28:a3:d3:99:33:b7:15:68:a8:6a:c3:fe:2b:86:94:5a:0f:46:d6:42:4c:0b:47:5d:e4:f8:23:c8:76:ee:09:90:2f:88:c5:24:40:3f:25:df:63:f3:8c:88:0d:4c:6f:3e:31:3d:9b:cc:96:a7:a7:74:52:b3:26:93:ce:b9:a6:01:d4:2f:66:fd:6b:0d:f7:2d:ec:36:4a:c9:ab:52:71:1c:43:c5:d6:e1:3e:c4:2e:47:3b:6a:fc:ba:9b:82:42:44:6a:e0:0b:ec:a7:3c:d8:aa:ae:cc:91:3f:5a:d8:8a:a2:e1:c3:61:78:6a:3b:e4:f1:f7:03:20:b7:2f:f6:69:16:11:95:0d:0d:8a:01:8b:07:d3:21:75:03:60:30:52:36:05:15:29:36:7d:bd:fb:b3:f0:dd:e0:c0:9e:74:b2:a3:cd:3f:30:7d:7b:79:78:7e:7d:d3:f8:50:09:7d:dc:85:4f:29:8a:2c:22:83:79:8a:b8:87:61:f0:06:5d:7e:ef:5b:b5:27:e2:04:87:28:b0:2b:6f:ef:e0:f9:a3:b3:d1:1d:20:4d:bb:cb:01:8c:27:b5:ed:c2:bf:a6:ca:d8:7f:ca:f6:4b:cc:9e:22:0a:67:4d:61:de:bb:b9:be:a0:d7:16:fb:9c:ef:11:b2:e5:05:5f:23:67:54:42:81:e6:2b:0d:25:d9:41:20:c7:81:94:53:84:48:25:65:77:64:6c:d8:3a:1e:2d:51:e7:3c:4f:86:ef:96:03:84:dc:63:a4:a3:e5:18:c1:5f:f0:0b:7b:77:54:c2:24:df:1a:ee:52:ae:cb:1e:8b:fd:63:8f:7e:df:f3:f3:1e:d9:8b:84:82:15:a0:cf:63:ec:98:a8:ea:90:08:4b:00:3a:e7:32:3c:32:11:f4:30:61:c9:65:c0:a2:4f:e7:b0:e7:1f:f5:04:a3:b4:7d:9c:ea:21:66:59:07:6d:67:37:60:9a:a0:a7:22:e2:44:8d:7c:cd:25:aa:8a:6a:e3:fa:b0:37:e8:75:1c:01:4c:9c:7f:12:e7:c2:4d:55:5b:03:23:cc:15:d8:c4:50:a5:d3:2a:32:70:c7:1a:93:7b:be:7b:65:c9:9a:27:52:d0:8c:5c:70:84:2b:2a:78:c5:be:f4:07:15:69:26:fa:8b:52:e3:09:d7:8c:1c:07:e3:29:2f:f2:55:cc:98:37:cc:7b:9e:2b:bc:b8:60:84:59:09:c2:f2:ed:9a:81:82:b0:be:e2:22:24:fc:8f:97:8d:28:4e:81:ef:68:28:2b:6f:5c:93:64:36:86:0a:16:8c:81:35:0a:4c:26:44:4d:57:47:6e:0e:bd:cd:e9:3e:e6:48:bc:01:b8:26:45:d2:76:11:b4:67:74:c8:a7:9d:1c:27:79:d3:eb:43:81:03:85:88:f6:39:92:e1:6b:a2:9f:89:78:da:b4:1d:35:86:d9:33:36:06:18:0d:f7:4b:1f:f9:44:14:78:08:81:6b:33:e3:75:5a:fd:68:ca:17:5d:2d:5d:bf:f3:68:71:de:a0:dd:17:1e:b3:ee:b0:15:da:c1:21:41:8f:65:5e:61:24:27:86:61:5c:ec:30:18:a5:b2:7b:3d:0f:08:9b:0f:a4:33:48:9e:76:11:5f:3f:36:d9:32:90:3a:e9:89:64:ff:b7:7c:5c:bf:85:c7:fe:7a:58:fd:67:f7:40:48:83:25:c1:88:5e:da:12:2f:10:66:de:83:3a:8f:9d:32:60:47:15:6d:4a:fb:3a:d3:80:ed:9f:fb:16:27:43:ad:c3:fb:41:33:c3:ad:6e:64:82:a7:40:d4:20:1f:c2:68:62:44:df:34:f3:a7:07:32:92:46:d6:2f:13:76:bc:bb:13:6d:d6:3e:68:8d:e1:48:b4:a3:61:77:3b:63:f4:1e:ff:b2:ba:0b:6a:ff:53:44:5e:d9:8a:ed:57:a0:86:3f:0c:08:6c:c5:a4:22:b8:c8:45:70:c7:de:2b:c3:1a:2f:82:26:d4:f2:c3:3f:f3:97:2f:f1:d8:00:08:cb:b7:00:0c:5f:7c:e6:6c:de:67:a1:53:3d:0a:3a:b0:bb:fb:81:fb:27:ea:18:51:db:f7:f8:1f:d2:dd:55:b1:f8:e1:ea:3b:3c:9d:bc:25:72:a8:19:9a:34:c6:c2:b5:cc:d1:fd:15:00:2a:89:cc:d4:66:d5:fb:d8:50:0c:ef:47:80:82:5a:ea:e2:41:d5:48:83:15:5b:03:1e:0d:13:a9:d0:b7:b3:ae:72:24:9c:d2:d7:85:93:17:d9:77:b6:0c:42:0c:25:fa:dd:80:2b:19:a1:ad:0a:c5:a9:fd:26:ba:43:f8:9c:1d:ef:e5:e0:68:1c:cd:14:5e:9a:7f:19:0a:6d:b3:4b:26:08:b0:29:f0:24:ce:a1:88:62:aa:27:5c:4a:8f:32:a7:6e:e0:fe:2f:8a:78:8b:25:18:76:9d:28:f1:0d:ff:6c:ce:a1:32:7a:28:d3:75:72:c1:cc:9c:73:04:05:9f:32:a8:40:58:06:5d:ab:16:36:04:82:0c:4e:ba:c6:9f:dc:a5:5b:94:18:be:85:3d:c0:43:6b:51:98:82:2e:55:0c:f9:f2:7f:74:d3:32:48:c8:37:39:83:9d:17:72:d3:e9:10:0e:90:7b:96:3b:8a:bd:4a:b2:3f:11:cd:cf:69:33:8e:fc:a6:6a:d8:21:28:08:1a:80:a5:37:1f:cd:df:9d:c1:0b:1e:36:87:53:43:7f:65:31:bd:59:5b:aa:10:8f:6b:86:e4:85:33:ab:00:02:e9:6d:e4:ab:b6:ef:e7:df:90:d5:92:60:39:2a:07:4d:ac:91:a0:1f:28:05:4f:59:69:3f:15:6b:d4:f3:1d:ee:a1:1f:a0:f6:b5:56:ba:02:a9:32:82:2f:2f:58:be:bb:b5:ab:2e:6c:00:90:a7:27:90:51:fe:21:f1:7c:e7:14:54:78:2e:7e:3a:e8:2c:55:84:27:5f:af:d7:b5:d0:42:0e:8a:84:a5:54:76:d7:62:af:15:54:35:62:1f:84:19:0f:da:2e:97:05:25" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"178\", Nonce=\"k4+7poeHhvC5INUIIwONFg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"GHPIGC+YPrTI4+8GsmknMg==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"178\", Nonce=\"k4+7poeHhvC5INUIIwONFg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"GHPIGC+YPrTI4+8GsmknMg==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "[\u00ef\u00bf\u00bdl\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd(\u000bb\/\u001b1Y\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdu\u0003rq>\u00ef\u00bf\u00bd}\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdT\\\u00ef\u00bf\u00bd\u0018\u0011\u00ef\u00bf\u00bd\b\u00ef\u00bf\u00bd=Uv\u0016c\u00ef\u00bf\u00bdA|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0013\u001c\u00ef\u00bf\u00bd\u0015\u00ef\u00bf\u00bdA\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdx\u00ef\u00bf\u00bd\u0003\u000b\\\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0014\u000fI\u00ef\u00bf\u00bdn5\u0017K\u0007\u00ef\u00bf\u00bdZ#\u001d\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bd]=\u00ef\u00bf\u00bdMX\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0014\u001b\u00ef\u00bf\u00bd\u001d(\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bd\u0015h\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd+\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdZ\u000fF\u00ef\u00bf\u00bdBL\u000bG]\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd#\u00ef\u00bf\u00bdv\u00ef\u00bf\u00bd\t\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd$@?%\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\rLo>1=\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdtR\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0001\u00ef\u00bf\u00bd\/f\u00ef\u00bf\u00bdk\r\u00ef\u00bf\u00bd-\u00ef\u00bf\u00bd6J\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdRq\u001cC\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd>\u00ef\u00bf\u00bd.G;j\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdBDj\u00ef\u00bf\u00bd\u000b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd<\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd?Z\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdaxj;\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003 \u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bdi\u0016\u0011\u00ef\u00bf\u00bd\r\r\u00ef\u00bf\u00bd\u0001\u00ef\u00bf\u00bd\u0007\u00ef\u00bf\u00bd!u\u0003`0R6\u0005\u0015)6}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdt\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd?0}{yx~}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdP\t}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdO)\u00ef\u00bf\u00bd,\"\u00ef\u00bf\u00bdy\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bda\u00ef\u00bf\u00bd\u0006]~\u00ef\u00bf\u00bd[\u00ef\u00bf\u00bd'\u00ef\u00bf\u00bd\u0004\u00ef\u00bf\u00bd(\u00ef\u00bf\u00bd+o\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001d M\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0001\u00ef\u00bf\u00bd'\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdK\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\"\ngMa\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0016\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0005_#gTB\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd+\r%\u00ef\u00bf\u00bdA \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bdH%ewdl\u00ef\u00bf\u00bd:\u001e-Q\u00ef\u00bf\u00bd<O\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bd_\u00ef\u00bf\u00bd\u000b{wT\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bd\u001a\u00ef\u00bf\u00bdR\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0015\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\bK" + }, + "media": { + "media.type": "5b:d9:6c:c9:bc:95:28:0b:62:2f:1b:31:59:1f:cc:ad:a3:d1:95:75:03:72:71:3e:a1:7d:1f:8d:ad:54:5c:9f:18:11:b0:08:94:3d:55:76:16:63:ad:41:7c:e8:96:13:1c:f2:15:b4:41:94:ad:78:88:03:0b:5c:95:0e:b5:6a:c6:85:14:0f:49:b2:6e:35:17:4b:07:c2:5a:23:1d:cc:36:e9:5d:3d:ce:4d:58:88:18:d8:fa:14:1b:f3:1d:28:a3:d3:99:33:b7:15:68:a8:6a:c3:fe:2b:86:94:5a:0f:46:d6:42:4c:0b:47:5d:e4:f8:23:c8:76:ee:09:90:2f:88:c5:24:40:3f:25:df:63:f3:8c:88:0d:4c:6f:3e:31:3d:9b:cc:96:a7:a7:74:52:b3:26:93:ce:b9:a6:01:d4:2f:66:fd:6b:0d:f7:2d:ec:36:4a:c9:ab:52:71:1c:43:c5:d6:e1:3e:c4:2e:47:3b:6a:fc:ba:9b:82:42:44:6a:e0:0b:ec:a7:3c:d8:aa:ae:cc:91:3f:5a:d8:8a:a2:e1:c3:61:78:6a:3b:e4:f1:f7:03:20:b7:2f:f6:69:16:11:95:0d:0d:8a:01:8b:07:d3:21:75:03:60:30:52:36:05:15:29:36:7d:bd:fb:b3:f0:dd:e0:c0:9e:74:b2:a3:cd:3f:30:7d:7b:79:78:7e:7d:d3:f8:50:09:7d:dc:85:4f:29:8a:2c:22:83:79:8a:b8:87:61:f0:06:5d:7e:ef:5b:b5:27:e2:04:87:28:b0:2b:6f:ef:e0:f9:a3:b3:d1:1d:20:4d:bb:cb:01:8c:27:b5:ed:c2:bf:a6:ca:d8:7f:ca:f6:4b:cc:9e:22:0a:67:4d:61:de:bb:b9:be:a0:d7:16:fb:9c:ef:11:b2:e5:05:5f:23:67:54:42:81:e6:2b:0d:25:d9:41:20:c7:81:94:53:84:48:25:65:77:64:6c:d8:3a:1e:2d:51:e7:3c:4f:86:ef:96:03:84:dc:63:a4:a3:e5:18:c1:5f:f0:0b:7b:77:54:c2:24:df:1a:ee:52:ae:cb:1e:8b:fd:63:8f:7e:df:f3:f3:1e:d9:8b:84:82:15:a0:cf:63:ec:98:a8:ea:90:08:4b:00:3a:e7:32:3c:32:11:f4:30:61:c9:65:c0:a2:4f:e7:b0:e7:1f:f5:04:a3:b4:7d:9c:ea:21:66:59:07:6d:67:37:60:9a:a0:a7:22:e2:44:8d:7c:cd:25:aa:8a:6a:e3:fa:b0:37:e8:75:1c:01:4c:9c:7f:12:e7:c2:4d:55:5b:03:23:cc:15:d8:c4:50:a5:d3:2a:32:70:c7:1a:93:7b:be:7b:65:c9:9a:27:52:d0:8c:5c:70:84:2b:2a:78:c5:be:f4:07:15:69:26:fa:8b:52:e3:09:d7:8c:1c:07:e3:29:2f:f2:55:cc:98:37:cc:7b:9e:2b:bc:b8:60:84:59:09:c2:f2:ed:9a:81:82:b0:be:e2:22:24:fc:8f:97:8d:28:4e:81:ef:68:28:2b:6f:5c:93:64:36:86:0a:16:8c:81:35:0a:4c:26:44:4d:57:47:6e:0e:bd:cd:e9:3e:e6:48:bc:01:b8:26:45:d2:76:11:b4:67:74:c8:a7:9d:1c:27:79:d3:eb:43:81:03:85:88:f6:39:92:e1:6b:a2:9f:89:78:da:b4:1d:35:86:d9:33:36:06:18:0d:f7:4b:1f:f9:44:14:78:08:81:6b:33:e3:75:5a:fd:68:ca:17:5d:2d:5d:bf:f3:68:71:de:a0:dd:17:1e:b3:ee:b0:15:da:c1:21:41:8f:65:5e:61:24:27:86:61:5c:ec:30:18:a5:b2:7b:3d:0f:08:9b:0f:a4:33:48:9e:76:11:5f:3f:36:d9:32:90:3a:e9:89:64:ff:b7:7c:5c:bf:85:c7:fe:7a:58:fd:67:f7:40:48:83:25:c1:88:5e:da:12:2f:10:66:de:83:3a:8f:9d:32:60:47:15:6d:4a:fb:3a:d3:80:ed:9f:fb:16:27:43:ad:c3:fb:41:33:c3:ad:6e:64:82:a7:40:d4:20:1f:c2:68:62:44:df:34:f3:a7:07:32:92:46:d6:2f:13:76:bc:bb:13:6d:d6:3e:68:8d:e1:48:b4:a3:61:77:3b:63:f4:1e:ff:b2:ba:0b:6a:ff:53:44:5e:d9:8a:ed:57:a0:86:3f:0c:08:6c:c5:a4:22:b8:c8:45:70:c7:de:2b:c3:1a:2f:82:26:d4:f2:c3:3f:f3:97:2f:f1:d8:00:08:cb:b7:00:0c:5f:7c:e6:6c:de:67:a1:53:3d:0a:3a:b0:bb:fb:81:fb:27:ea:18:51:db:f7:f8:1f:d2:dd:55:b1:f8:e1:ea:3b:3c:9d:bc:25:72:a8:19:9a:34:c6:c2:b5:cc:d1:fd:15:00:2a:89:cc:d4:66:d5:fb:d8:50:0c:ef:47:80:82:5a:ea:e2:41:d5:48:83:15:5b:03:1e:0d:13:a9:d0:b7:b3:ae:72:24:9c:d2:d7:85:93:17:d9:77:b6:0c:42:0c:25:fa:dd:80:2b:19:a1:ad:0a:c5:a9:fd:26:ba:43:f8:9c:1d:ef:e5:e0:68:1c:cd:14:5e:9a:7f:19:0a:6d:b3:4b:26:08:b0:29:f0:24:ce:a1:88:62:aa:27:5c:4a:8f:32:a7:6e:e0:fe:2f:8a:78:8b:25:18:76:9d:28:f1:0d:ff:6c:ce:a1:32:7a:28:d3:75:72:c1:cc:9c:73:04:05:9f:32:a8:40:58:06:5d:ab:16:36:04:82:0c:4e:ba:c6:9f:dc:a5:5b:94:18:be:85:3d:c0:43:6b:51:98:82:2e:55:0c:f9:f2:7f:74:d3:32:48:c8:37:39:83:9d:17:72:d3:e9:10:0e:90:7b:96:3b:8a:bd:4a:b2:3f:11:cd:cf:69:33:8e:fc:a6:6a:d8:21:28:08:1a:80:a5:37:1f:cd:df:9d:c1:0b:1e:36:87:53:43:7f:65:31:bd:59:5b:aa:10:8f:6b:86:e4:85:33:ab:00:02:e9:6d:e4:ab:b6:ef:e7:df:90:d5:92:60:39:2a:07:4d:ac:91:a0:1f:28:05:4f:59:69:3f:15:6b:d4:f3:1d:ee:a1:1f:a0:f6:b5:56:ba:02:a9:32:82:2f:2f:58:be:bb:b5:ab:2e:6c:00:90:a7:27:90:51:fe:21:f1:7c:e7:14:54:78:2e:7e:3a:e8:2c:55:84:27:5f:af:d7:b5:d0:42:0e:8a:84:a5:54:76:d7:62:af:15:54:35:62:1f:84:19:0f:da:2e:97:05:25" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:03.078116000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493743.078116000", + "frame.time_delta": "0.136849000", + "frame.time_delta_displayed": "0.136849000", + "frame.time_relative": "151.617430000", + "frame.number": "338", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000098f4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000f1e6", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35288", + "tcp.port": "80", + "tcp.port": "35288", + "tcp.stream": "12", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00009217", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "337", + "tcp.analysis.ack_rtt": "0.136849000", + "tcp.analysis.initial_rtt": "0.137564000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:04.481110000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493744.481110000", + "frame.time_delta": "1.402994000", + "frame.time_delta_displayed": "1.402994000", + "frame.time_relative": "153.020424000", + "frame.number": "339", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057d4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6bd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "41", + "tcp.ack": "37", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000673", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:04.625509000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493744.625509000", + "frame.time_delta": "0.144399000", + "frame.time_delta_displayed": "0.144399000", + "frame.time_relative": "153.164823000", + "frame.number": "340", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fc6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdcb", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "37", + "tcp.ack": "42", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000010e8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:05.057094000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493745.057094000", + "frame.time_delta": "0.431585000", + "frame.time_delta_displayed": "0.431585000", + "frame.time_relative": "153.596408000", + "frame.number": "341", + "frame.len": "925", + "frame.cap_len": "925", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "911", + "ip.id": "0x0000befa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000c879", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35288", + "tcp.port": "80", + "tcp.port": "35288", + "tcp.stream": "12", + "tcp.len": "871", + "tcp.seq": "1", + "tcp.nxtseq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000097d2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137564000", + "tcp.analysis.bytes_in_flight": "871", + "tcp.analysis.push_bytes_sent": "871" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_length_header": "560", + "http.content_length_header_tree": { + "http.content_length": "560" + }, + "http.response.line": "Content-Length: 560\r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Nonce=\"dfcGJLweJfe5INUI204GgQ==\"", + "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"dfcGJLweJfe5INUI204GgQ==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Tue, 31 Oct 2017 23:49:04 GMT", + "http.response.line": "Date: Tue, 31 Oct 2017 23:49:04 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "2.115827000", + "http.request_in": "337", + "http.file_data": "[\u00ef\u00bf\u00bdl\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd(\u000bb\/\u001b1Y\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdu\u0003rq>\u00ef\u00bf\u00bd}\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdT\\\u00ef\u00bf\u00bd;Mrro\u00ef\u00bf\u00bd>\u000b)%\u0006\"\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdw\\\u00ef\u00bf\u00bd{\u0007\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd#J\u00ef\u00bf\u00bd\u0001\u00ef\u00bf\u00bdUv\u00ef\u00bf\u00bdK\u0013_\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdkO\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd8\u00ef\u00bf\u00bd'\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bd\u001a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdm\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd 2\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdy\t\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bdC\u00ef\u00bf\u00bd?s\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdx\tu\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\t\u00ef\u00bf\u00bdR\u000bI\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdi\u0010\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd.K\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003\"\u00ef\u00bf\u00bd@t\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdI\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd.hW\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "5b:d9:6c:c9:bc:95:28:0b:62:2f:1b:31:59:1f:cc:ad:a3:d1:95:75:03:72:71:3e:a1:7d:1f:8d:ad:54:5c:9f:3b:4d:72:72:6f:ad:3e:0b:29:25:06:22:c9:de:77:5c:df:7b:07:ba:c1:e9:23:4a:9b:01:89:55:76:e1:4b:13:5f:f5:95:6b:4f:f1:fd:38:ae:27:83:25:ce:1a:b2:ec:93:6d:d0:d9:a2:ce:e8:83:8d:1c:b1:be:20:32:b7:df:79:09:a6:11:87:43:ff:3f:73:83:e8:dc:f6:78:09:75:90:c7:a2:09:e0:52:0b:49:98:11:ab:9f:69:10:b7:8e:f2:2e:4b:97:85:8b:bf:03:22:e1:40:74:8c:90:ea:d5:83:c9:c0:49:ad:f5:98:2e:68:57:b8:dc:82:da:84:00:0b:4a:51:ca:28:4d:2e:9a:92:11:f1:bc:87:ab:72:13:a2:00:ab:38:cc:8b:84:0d:a5:ea:1b:9f:7f:4a:0c:8e:34:e1:ef:b9:83:3c:70:0b:52:e8:72:3d:9d:0b:50:66:f5:27:90:f4:a6:55:c1:78:d2:13:25:4f:e9:ab:52:34:3b:e5:b3:69:58:0a:28:d3:05:73:c3:a4:21:b7:46:ba:a8:fc:91:ce:1e:84:bf:2b:cd:d0:ea:3b:ad:e0:44:02:f0:e6:4b:d7:7b:02:b4:44:69:24:56:5a:c0:b7:69:c3:a0:6c:c2:17:ce:bc:7a:d5:10:6a:a0:15:b1:a1:a7:b1:c3:8f:d0:42:bc:a0:51:48:a7:35:da:6d:5d:89:b4:68:ac:c4:b8:6d:29:8b:ff:58:98:a9:48:36:06:3b:dd:d9:ea:2c:40:ee:86:4d:37:63:85:4e:18:ce:ce:01:6b:df:b4:50:e0:18:4f:a2:83:b7:88:d3:c6:27:a7:28:70:43:7a:40:5f:74:74:68:cb:af:4a:24:90:35:8d:13:76:53:79:d3:fb:af:8e:83:76:74:7e:ab:c4:c6:fe:e2:6a:0c:57:4f:5c:e1:97:1d:70:c5:7c:21:d7:a5:63:bd:ca:5d:fd:f3:89:37:87:86:80:88:c7:2d:32:13:f2:e5:55:4a:34:1c:00:3b:aa:7b:de:36:16:8d:ba:29:df:9b:4b:9c:8c:b0:15:38:e6:a5:31:59:c7:0a:c2:91:b4:10:0c:ac:91:44:59:af:87:b7:3a:e4:62:3c:90:e7:1e:da:f5:2b:55:04:83:41:7e:4d:0b:e4:47:af:8e:df:14:08:db:78:f8:fc:fe:e0:78:57:b5:4d:24:6c:e3:2c:bf:6c:bc:88:3f:cb:96:e3:3e:7b:c4:da:5a:c8:4e:30:3e:c1:66:64:d3:d8:7d:24:a3:21:63:51:f3:f7:e8:8d:19:3f:9e:bf:23:fb:27:d8:53:1d:c5:72:f6:11:60:fe:40:8e:0f:b2:81:4a:83:26:83:ce:70:3a:5c:a2:12:de:a4:42:cb:d0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:05.057187000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493745.057187000", + "frame.time_delta": "0.000093000", + "frame.time_delta_displayed": "0.000093000", + "frame.time_relative": "153.596501000", + "frame.number": "342", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000befc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000cbde", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35288", + "tcp.port": "80", + "tcp.port": "35288", + "tcp.stream": "12", + "tcp.len": "0", + "tcp.seq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008eaf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:05.057686000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493745.057686000", + "frame.time_delta": "0.000499000", + "frame.time_delta_displayed": "0.000499000", + "frame.time_relative": "153.597000000", + "frame.number": "343", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000aa3b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008ba0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35288", + "tcp.dstport": "80", + "tcp.port": "35288", + "tcp.port": "80", + "tcp.stream": "12", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "872", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00002eff", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "341", + "tcp.analysis.ack_rtt": "0.000592000", + "tcp.analysis.initial_rtt": "0.137564000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:05.058398000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493745.058398000", + "frame.time_delta": "0.000712000", + "frame.time_delta_displayed": "0.000712000", + "frame.time_relative": "153.597712000", + "frame.number": "344", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000aa3c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008b9f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35288", + "tcp.dstport": "80", + "tcp.port": "35288", + "tcp.port": "80", + "tcp.stream": "12", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "873", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00002efd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "342", + "tcp.analysis.ack_rtt": "0.001211000", + "tcp.analysis.initial_rtt": "0.137564000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:05.194900000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493745.194900000", + "frame.time_delta": "0.136502000", + "frame.time_delta_displayed": "0.136502000", + "frame.time_relative": "153.734214000", + "frame.number": "345", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fed5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00008c05", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35288", + "tcp.port": "80", + "tcp.port": "35288", + "tcp.stream": "12", + "tcp.len": "0", + "tcp.seq": "873", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008eae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "344", + "tcp.analysis.ack_rtt": "0.136502000", + "tcp.analysis.initial_rtt": "0.137564000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:05.554846000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493745.554846000", + "frame.time_delta": "0.359946000", + "frame.time_delta_displayed": "0.359946000", + "frame.time_relative": "154.094160000", + "frame.number": "346", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ce6", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bb0a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000ca7", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000025d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=605", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:05.555405000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493745.555405000", + "frame.time_delta": "0.000559000", + "frame.time_delta_displayed": "0.000559000", + "frame.time_relative": "154.094719000", + "frame.number": "347", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ce7", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009c05", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000eda2", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000025d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=605", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:05.555988000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493745.555988000", + "frame.time_delta": "0.000583000", + "frame.time_delta_displayed": "0.000583000", + "frame.time_relative": "154.095302000", + "frame.number": "348", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007b68", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000025d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=605", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:06.087982000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493746.087982000", + "frame.time_delta": "0.531994000", + "frame.time_delta_displayed": "0.531994000", + "frame.time_relative": "154.627296000", + "frame.number": "349", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005af5", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005cf4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:07.670411000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493747.670411000", + "frame.time_delta": "1.582429000", + "frame.time_delta_displayed": "1.582429000", + "frame.time_relative": "156.209725000", + "frame.number": "350", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:07.670862000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493747.670862000", + "frame.time_delta": "0.000451000", + "frame.time_delta_displayed": "0.000451000", + "frame.time_relative": "156.210176000", + "frame.number": "351", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:10.556945000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493750.556945000", + "frame.time_delta": "2.886083000", + "frame.time_delta_displayed": "2.886083000", + "frame.time_relative": "159.096259000", + "frame.number": "352", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ce8", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bb08", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000ca7", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000025d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=605", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:10.557369000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493750.557369000", + "frame.time_delta": "0.000424000", + "frame.time_delta_displayed": "0.000424000", + "frame.time_relative": "159.096683000", + "frame.number": "353", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ce9", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009c03", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000eda2", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000025d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=605", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:10.558011000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493750.558011000", + "frame.time_delta": "0.000642000", + "frame.time_delta_displayed": "0.000642000", + "frame.time_relative": "159.097325000", + "frame.number": "354", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007b68", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000025d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=605", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:15.555416000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493755.555416000", + "frame.time_delta": "4.997405000", + "frame.time_delta_displayed": "4.997405000", + "frame.time_relative": "164.094730000", + "frame.number": "355", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001cea", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bb06", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000ca7", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000025d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=605", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:15.555974000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493755.555974000", + "frame.time_delta": "0.000558000", + "frame.time_delta_displayed": "0.000558000", + "frame.time_relative": "164.095288000", + "frame.number": "356", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ceb", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009c01", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000eda2", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000025d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=605", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:15.556550000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493755.556550000", + "frame.time_delta": "0.000576000", + "frame.time_delta_displayed": "0.000576000", + "frame.time_relative": "164.095864000", + "frame.number": "357", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007b68", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000025d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=605", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:21.601345000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493761.601345000", + "frame.time_delta": "6.044795000", + "frame.time_delta_displayed": "6.044795000", + "frame.time_relative": "170.140659000", + "frame.number": "358", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x000094fb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007853", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "3776", + "tcp.nxtseq": "3825", + "tcp.ack": "505", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002fb8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:f3:61:a7:9b:83:2e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2421601, TSecr 2811986734": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2421601", + "tcp.options.timestamp.tsecr": "2811986734" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:9e:01:f6:ab:8a:52:e1:31:95:2b:53:c2:84:6f:55:57:d6:57:22:c9:c4:78:11:29:c8:43:9c:1f:cc:c7:8f:51:f3:6c:87:b6:21" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:21.675740000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493761.675740000", + "frame.time_delta": "0.074395000", + "frame.time_delta_displayed": "0.074395000", + "frame.time_relative": "170.215054000", + "frame.number": "359", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002bf8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003950", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "505", + "tcp.nxtseq": "560", + "tcp.ack": "3825", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000068cc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9b:a1:8f:00:24:f3:61", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2811994511, TSecr 2421601": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2811994511", + "tcp.options.timestamp.tsecr": "2421601" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "358", + "tcp.analysis.ack_rtt": "0.074395000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:34:06:ec:b4:a6:82:03:e6:14:7d:bc:dc:1a:21:e0:ad:e8:36:31:b0:aa:27:1b:ea:93:c8:25:17:60:6a:5d:3b:8e:ff:a0:28:78:91:11:a3:b5:c1:c4" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:21.676248000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493761.676248000", + "frame.time_delta": "0.000508000", + "frame.time_delta_displayed": "0.000508000", + "frame.time_relative": "170.215562000", + "frame.number": "360", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000094fc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007883", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "3825", + "tcp.ack": "560", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000189", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:f3:69:a7:9b:a1:8f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2421609, TSecr 2811994511": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2421609", + "tcp.options.timestamp.tsecr": "2811994511" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "359", + "tcp.analysis.ack_rtt": "0.000508000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:25.555980000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493765.555980000", + "frame.time_delta": "3.879732000", + "frame.time_delta_displayed": "3.879732000", + "frame.time_relative": "174.095294000", + "frame.number": "361", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001cf1", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000baff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000ba6", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000025e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=606", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:25.557025000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493765.557025000", + "frame.time_delta": "0.001045000", + "frame.time_delta_displayed": "0.001045000", + "frame.time_relative": "174.096339000", + "frame.number": "362", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001cf2", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bfa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000eca1", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000025e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=606", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:25.557488000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493765.557488000", + "frame.time_delta": "0.000463000", + "frame.time_delta_displayed": "0.000463000", + "frame.time_relative": "174.096802000", + "frame.number": "363", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007a67", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000025e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=606", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:26.680222000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493766.680222000", + "frame.time_delta": "1.122734000", + "frame.time_delta_displayed": "1.122734000", + "frame.time_relative": "175.219536000", + "frame.number": "364", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:26.680654000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493766.680654000", + "frame.time_delta": "0.000432000", + "frame.time_delta_displayed": "0.000432000", + "frame.time_relative": "175.219968000", + "frame.number": "365", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:28.853459000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493768.853459000", + "frame.time_delta": "2.172805000", + "frame.time_delta_displayed": "2.172805000", + "frame.time_relative": "177.392773000", + "frame.number": "366", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:29.562799000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493769.562799000", + "frame.time_delta": "0.709340000", + "frame.time_delta_displayed": "0.709340000", + "frame.time_relative": "178.102113000", + "frame.number": "367", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.413952000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.413952000", + "frame.time_delta": "0.851153000", + "frame.time_delta_displayed": "0.851153000", + "frame.time_relative": "178.953266000", + "frame.number": "368", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x000094fd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007722", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "3825", + "tcp.nxtseq": "4177", + "tcp.ack": "560", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000113c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:f6:d3:a7:9b:a1:8f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2422483, TSecr 2811994511": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2422483", + "tcp.options.timestamp.tsecr": "2811994511" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "352", + "tcp.analysis.push_bytes_sent": "352" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "347", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:9f:60:73:5c:63:40:b5:88:75:52:82:bc:b1:aa:5a:0b:cc:8b:d3:2a:52:f4:b2:42:c0:2c:c0:fc:8a:38:4b:e6:9d:e4:5b:c1:76:16:05:33:8c:ae:c5:d4:ae:9d:90:c8:05:51:ba:91:f5:26:d2:fc:da:9d:34:31:5d:39:17:90:45:14:73:ab:48:c6:9e:67:02:9f:38:95:b0:f0:bd:fa:90:d7:9e:12:09:24:c1:87:09:21:9c:01:cf:72:54:e7:d9:3f:ac:70:eb:28:fd:a3:df:51:85:e4:65:10:a6:eb:8c:21:45:0a:18:8f:12:c8:b7:73:6e:ea:0b:d3:74:d7:cc:e2:32:e7:1f:90:8f:b3:67:b1:0e:75:4a:af:9b:1a:ce:fc:24:40:07:70:0a:93:47:d3:9b:c4:fe:07:8f:95:44:29:31:77:8c:fc:de:3c:32:8f:16:c2:e5:81:33:84:8b:52:bb:1d:6d:45:5d:d6:c2:dd:16:60:d3:7e:d3:94:87:8b:15:9f:bb:f2:12:fc:87:e6:ba:29:b3:32:37:02:4f:7a:2c:31:84:e4:f0:9a:ab:20:56:c8:44:13:47:cc:78:90:c1:21:f0:dd:b8:5c:20:66:61:c6:65:3d:e7:60:50:50:6c:2c:90:21:bc:01:87:2c:31:22:d6:6e:ba:2e:94:98:05:31:33:06:4a:1a:2b:a1:d4:35:29:80:10:45:2b:44:c0:80:13:c1:73:15:0d:97:d6:df:af:a6:cb:84:48:0f:5c:f1:f5:18:2d:6b:58:41:d3:b9:c4:6d:43:c5:7c:56:b0:d0:9c:a5:84:f3:eb:23:dc:e6:57:8a:50:e7:85:59:04:67:d0:80:76:f2:06:e9:ed:7e:31:fc:03:d2:86:40:1b:8f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.445098000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.445098000", + "frame.time_delta": "0.031146000", + "frame.time_delta_displayed": "0.031146000", + "frame.time_relative": "178.984412000", + "frame.number": "369", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x000020d3", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e771", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52117", + "udp.dstport": "1900", + "udp.port": "52117", + "udp.port": "1900", + "udp.length": "134", + "udp.checksum": "0x00004d48", + "udp.checksum.status": "2", + "udp.stream": "10" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "65" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.504716000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.504716000", + "frame.time_delta": "0.059618000", + "frame.time_delta_displayed": "0.059618000", + "frame.time_relative": "179.044030000", + "frame.number": "370", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002bf9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003957", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "560", + "tcp.nxtseq": "607", + "tcp.ack": "4177", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000239e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9b:aa:2e:00:24:f6:d3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2811996718, TSecr 2422483": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2811996718", + "tcp.options.timestamp.tsecr": "2422483" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "368", + "tcp.analysis.ack_rtt": "0.090764000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:35:a2:e2:27:9f:72:2b:de:c7:85:93:50:0b:c4:cd:d4:fd:a9:4a:fa:c1:3c:9f:8d:30:ca:f0:78:5a:0d:bd:75:89:b8:dd" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.505206000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.505206000", + "frame.time_delta": "0.000490000", + "frame.time_delta_displayed": "0.000490000", + "frame.time_relative": "179.044520000", + "frame.number": "371", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000094fe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007881", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "4177", + "tcp.ack": "607", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f3e7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:f6:dc:a7:9b:aa:2e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2422492, TSecr 2811996718": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2422492", + "tcp.options.timestamp.tsecr": "2811996718" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "370", + "tcp.analysis.ack_rtt": "0.000490000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.556239000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.556239000", + "frame.time_delta": "0.051033000", + "frame.time_delta_displayed": "0.051033000", + "frame.time_relative": "179.095553000", + "frame.number": "372", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001cf3", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bafd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000ba6", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000025e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=606", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.556797000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.556797000", + "frame.time_delta": "0.000558000", + "frame.time_delta_displayed": "0.000558000", + "frame.time_relative": "179.096111000", + "frame.number": "373", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001cf4", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bf8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000eca1", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000025e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=606", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.557392000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.557392000", + "frame.time_delta": "0.000595000", + "frame.time_delta_displayed": "0.000595000", + "frame.time_relative": "179.096706000", + "frame.number": "374", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007a67", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000025e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=606", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.914407000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.914407000", + "frame.time_delta": "0.357015000", + "frame.time_delta_displayed": "0.357015000", + "frame.time_relative": "179.453721000", + "frame.number": "375", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000ffc7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b783", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "123" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.917678000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.917678000", + "frame.time_delta": "0.003271000", + "frame.time_delta_displayed": "0.003271000", + "frame.time_relative": "179.456992000", + "frame.number": "376", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000188c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fdb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54507", + "tcp.dstport": "80", + "tcp.port": "54507", + "tcp.port": "80", + "tcp.stream": "13", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000e530", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.918216000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.918216000", + "frame.time_delta": "0.000538000", + "frame.time_delta_displayed": "0.000538000", + "frame.time_relative": "179.457530000", + "frame.number": "377", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54507", + "tcp.port": "80", + "tcp.port": "54507", + "tcp.stream": "13", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008a7f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "376", + "tcp.analysis.ack_rtt": "0.000538000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.920459000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.920459000", + "frame.time_delta": "0.002243000", + "frame.time_delta_displayed": "0.002243000", + "frame.time_relative": "179.459773000", + "frame.number": "378", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000188d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fe6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54507", + "tcp.dstport": "80", + "tcp.port": "54507", + "tcp.port": "80", + "tcp.stream": "13", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003c5e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "377", + "tcp.analysis.ack_rtt": "0.002243000", + "tcp.analysis.initial_rtt": "0.002781000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.921146000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.921146000", + "frame.time_delta": "0.000687000", + "frame.time_delta_displayed": "0.000687000", + "frame.time_relative": "179.460460000", + "frame.number": "379", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x0000188e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f3e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54507", + "tcp.dstport": "80", + "tcp.port": "54507", + "tcp.port": "80", + "tcp.stream": "13", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000051d7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002781000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.921644000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.921644000", + "frame.time_delta": "0.000498000", + "frame.time_delta_displayed": "0.000498000", + "frame.time_relative": "179.460958000", + "frame.number": "380", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d48d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e3e5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54507", + "tcp.port": "80", + "tcp.port": "54507", + "tcp.stream": "13", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002def", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "379", + "tcp.analysis.ack_rtt": "0.000498000", + "tcp.analysis.initial_rtt": "0.002781000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.922219000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.922219000", + "frame.time_delta": "0.000575000", + "frame.time_delta_displayed": "0.000575000", + "frame.time_relative": "179.461533000", + "frame.number": "381", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000d48e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e3d3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54507", + "tcp.port": "80", + "tcp.port": "54507", + "tcp.stream": "13", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006e10", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002781000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.922581000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.922581000", + "frame.time_delta": "0.000362000", + "frame.time_delta_displayed": "0.000362000", + "frame.time_relative": "179.461895000", + "frame.number": "382", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000d48f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e000", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54507", + "tcp.port": "80", + "tcp.port": "54507", + "tcp.stream": "13", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c079", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002781000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "381", + "tcp.segment": "382", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001435000", + "http.request_in": "379", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.925692000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.925692000", + "frame.time_delta": "0.003111000", + "frame.time_delta_displayed": "0.003111000", + "frame.time_relative": "179.465006000", + "frame.number": "383", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000188f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fe4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54507", + "tcp.dstport": "80", + "tcp.port": "54507", + "tcp.port": "80", + "tcp.stream": "13", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000037c6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "382", + "tcp.analysis.ack_rtt": "0.003111000", + "tcp.analysis.initial_rtt": "0.002781000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.926934000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.926934000", + "frame.time_delta": "0.001242000", + "frame.time_delta_displayed": "0.001242000", + "frame.time_relative": "179.466248000", + "frame.number": "384", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001890", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fe3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54507", + "tcp.dstport": "80", + "tcp.port": "54507", + "tcp.port": "80", + "tcp.stream": "13", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000037c5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.927390000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.927390000", + "frame.time_delta": "0.000456000", + "frame.time_delta_displayed": "0.000456000", + "frame.time_relative": "179.466704000", + "frame.number": "385", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cad5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ed9d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54507", + "tcp.port": "80", + "tcp.port": "54507", + "tcp.stream": "13", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000029f9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "384", + "tcp.analysis.ack_rtt": "0.000456000", + "tcp.analysis.initial_rtt": "0.002781000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.967256000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.967256000", + "frame.time_delta": "0.039866000", + "frame.time_delta_displayed": "0.039866000", + "frame.time_relative": "179.506570000", + "frame.number": "386", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000ffc8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b779", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "375" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.971207000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.971207000", + "frame.time_delta": "0.003951000", + "frame.time_delta_displayed": "0.003951000", + "frame.time_relative": "179.510521000", + "frame.number": "387", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001891", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fd6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54508", + "tcp.dstport": "80", + "tcp.port": "54508", + "tcp.port": "80", + "tcp.stream": "14", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000000db", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.971749000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.971749000", + "frame.time_delta": "0.000542000", + "frame.time_delta_displayed": "0.000542000", + "frame.time_relative": "179.511063000", + "frame.number": "388", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54508", + "tcp.port": "80", + "tcp.port": "54508", + "tcp.stream": "14", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000e8cb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "387", + "tcp.analysis.ack_rtt": "0.000542000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.974505000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.974505000", + "frame.time_delta": "0.002756000", + "frame.time_delta_displayed": "0.002756000", + "frame.time_relative": "179.513819000", + "frame.number": "389", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001892", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fe1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54508", + "tcp.dstport": "80", + "tcp.port": "54508", + "tcp.port": "80", + "tcp.stream": "14", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009aaa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "388", + "tcp.analysis.ack_rtt": "0.002756000", + "tcp.analysis.initial_rtt": "0.003298000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.975070000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.975070000", + "frame.time_delta": "0.000565000", + "frame.time_delta_displayed": "0.000565000", + "frame.time_relative": "179.514384000", + "frame.number": "390", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001893", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f39", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54508", + "tcp.dstport": "80", + "tcp.port": "54508", + "tcp.port": "80", + "tcp.stream": "14", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b023", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003298000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.975540000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.975540000", + "frame.time_delta": "0.000470000", + "frame.time_delta_displayed": "0.000470000", + "frame.time_relative": "179.514854000", + "frame.number": "391", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000067f7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000507c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54508", + "tcp.port": "80", + "tcp.port": "54508", + "tcp.stream": "14", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008c3b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "390", + "tcp.analysis.ack_rtt": "0.000470000", + "tcp.analysis.initial_rtt": "0.003298000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.976188000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.976188000", + "frame.time_delta": "0.000648000", + "frame.time_delta_displayed": "0.000648000", + "frame.time_relative": "179.515502000", + "frame.number": "392", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000067f8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000506a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54508", + "tcp.port": "80", + "tcp.port": "54508", + "tcp.stream": "14", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000cc5c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003298000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.976648000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.976648000", + "frame.time_delta": "0.000460000", + "frame.time_delta_displayed": "0.000460000", + "frame.time_relative": "179.515962000", + "frame.number": "393", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000067f9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004c97", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54508", + "tcp.port": "80", + "tcp.port": "54508", + "tcp.stream": "14", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001ec6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003298000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "392", + "tcp.segment": "393", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001578000", + "http.request_in": "390", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.980731000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.980731000", + "frame.time_delta": "0.004083000", + "frame.time_delta_displayed": "0.004083000", + "frame.time_relative": "179.520045000", + "frame.number": "394", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001894", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fdf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54508", + "tcp.dstport": "80", + "tcp.port": "54508", + "tcp.port": "80", + "tcp.stream": "14", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009612", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "393", + "tcp.analysis.ack_rtt": "0.004083000", + "tcp.analysis.initial_rtt": "0.003298000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.981178000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.981178000", + "frame.time_delta": "0.000447000", + "frame.time_delta_displayed": "0.000447000", + "frame.time_relative": "179.520492000", + "frame.number": "395", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000067fa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004c96", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54508", + "tcp.port": "80", + "tcp.port": "54508", + "tcp.stream": "14", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001ec6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003298000", + "tcp.analysis.bytes_in_flight": "996", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.spurious_retransmission": "", + "_ws.expert.message": "This frame is a (suspected) spurious retransmission", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + }, + "_ws.expert": { + "tcp.analysis.retransmission": "", + "_ws.expert.message": "This frame is a (suspected) retransmission", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.981397000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.981397000", + "frame.time_delta": "0.000219000", + "frame.time_delta_displayed": "0.000219000", + "frame.time_relative": "179.520711000", + "frame.number": "396", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001895", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fde", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54508", + "tcp.dstport": "80", + "tcp.port": "54508", + "tcp.port": "80", + "tcp.stream": "14", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009611", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "395", + "tcp.analysis.ack_rtt": "0.000219000", + "tcp.analysis.initial_rtt": "0.003298000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.981808000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.981808000", + "frame.time_delta": "0.000411000", + "frame.time_delta_displayed": "0.000411000", + "frame.time_relative": "179.521122000", + "frame.number": "397", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cad9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ed99", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54508", + "tcp.port": "80", + "tcp.port": "54508", + "tcp.stream": "14", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008845", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "396", + "tcp.analysis.ack_rtt": "0.000411000", + "tcp.analysis.initial_rtt": "0.003298000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:30.984260000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493770.984260000", + "frame.time_delta": "0.002452000", + "frame.time_delta_displayed": "0.002452000", + "frame.time_relative": "179.523574000", + "frame.number": "398", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001896", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fd1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54508", + "tcp.dstport": "80", + "tcp.port": "54508", + "tcp.port": "80", + "tcp.stream": "14", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001a2c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:c1:ab:df:49:c1:ab:e3:2c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003298000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "394", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.020212000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.020212000", + "frame.time_delta": "0.035952000", + "frame.time_delta_displayed": "0.035952000", + "frame.time_relative": "179.559526000", + "frame.number": "399", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000ffcb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b77c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "386" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.032595000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.032595000", + "frame.time_delta": "0.012383000", + "frame.time_delta_displayed": "0.012383000", + "frame.time_relative": "179.571909000", + "frame.number": "400", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001897", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fd0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54509", + "tcp.dstport": "80", + "tcp.port": "54509", + "tcp.port": "80", + "tcp.stream": "15", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000cf72", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.033156000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.033156000", + "frame.time_delta": "0.000561000", + "frame.time_delta_displayed": "0.000561000", + "frame.time_relative": "179.572470000", + "frame.number": "401", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54509", + "tcp.port": "80", + "tcp.port": "54509", + "tcp.stream": "15", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00002d5e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "400", + "tcp.analysis.ack_rtt": "0.000561000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.038332000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.038332000", + "frame.time_delta": "0.005176000", + "frame.time_delta_displayed": "0.005176000", + "frame.time_relative": "179.577646000", + "frame.number": "402", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001898", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fdb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54509", + "tcp.dstport": "80", + "tcp.port": "54509", + "tcp.port": "80", + "tcp.stream": "15", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000df3c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "401", + "tcp.analysis.ack_rtt": "0.005176000", + "tcp.analysis.initial_rtt": "0.005737000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.039604000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.039604000", + "frame.time_delta": "0.001272000", + "frame.time_delta_displayed": "0.001272000", + "frame.time_relative": "179.578918000", + "frame.number": "403", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001899", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f33", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54509", + "tcp.dstport": "80", + "tcp.port": "54509", + "tcp.port": "80", + "tcp.stream": "15", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f4b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005737000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.040166000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.040166000", + "frame.time_delta": "0.000562000", + "frame.time_delta_displayed": "0.000562000", + "frame.time_relative": "179.579480000", + "frame.number": "404", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b8c2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ffb0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54509", + "tcp.port": "80", + "tcp.port": "54509", + "tcp.stream": "15", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d0cd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "403", + "tcp.analysis.ack_rtt": "0.000562000", + "tcp.analysis.initial_rtt": "0.005737000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.040671000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.040671000", + "frame.time_delta": "0.000505000", + "frame.time_delta_displayed": "0.000505000", + "frame.time_relative": "179.579985000", + "frame.number": "405", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000b8c3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ff9e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54509", + "tcp.port": "80", + "tcp.port": "54509", + "tcp.stream": "15", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000010ef", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005737000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.041022000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.041022000", + "frame.time_delta": "0.000351000", + "frame.time_delta_displayed": "0.000351000", + "frame.time_relative": "179.580336000", + "frame.number": "406", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000b8c4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fbcb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54509", + "tcp.port": "80", + "tcp.port": "54509", + "tcp.stream": "15", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006358", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005737000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "405", + "tcp.segment": "406", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001418000", + "http.request_in": "403", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.041033000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.041033000", + "frame.time_delta": "0.000011000", + "frame.time_delta_displayed": "0.000011000", + "frame.time_relative": "179.580347000", + "frame.number": "407", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000b8c5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fbca", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54509", + "tcp.port": "80", + "tcp.port": "54509", + "tcp.stream": "15", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006358", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005737000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.045879000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.045879000", + "frame.time_delta": "0.004846000", + "frame.time_delta_displayed": "0.004846000", + "frame.time_relative": "179.585193000", + "frame.number": "408", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000189a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fcd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54509", + "tcp.dstport": "80", + "tcp.port": "54509", + "tcp.port": "80", + "tcp.stream": "15", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004ab4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:2a:d3:00:28:2a:d3:04:0b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "406", + "tcp.analysis.ack_rtt": "0.004857000", + "tcp.analysis.initial_rtt": "0.005737000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.046468000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.046468000", + "frame.time_delta": "0.000589000", + "frame.time_delta_displayed": "0.000589000", + "frame.time_relative": "179.585782000", + "frame.number": "409", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000189b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fd8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54509", + "tcp.dstport": "80", + "tcp.port": "54509", + "tcp.port": "80", + "tcp.stream": "15", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000daa3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.046917000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.046917000", + "frame.time_delta": "0.000449000", + "frame.time_delta_displayed": "0.000449000", + "frame.time_relative": "179.586231000", + "frame.number": "410", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cadb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ed97", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54509", + "tcp.port": "80", + "tcp.port": "54509", + "tcp.stream": "15", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ccd7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "409", + "tcp.analysis.ack_rtt": "0.000449000", + "tcp.analysis.initial_rtt": "0.005737000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.967526000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.967526000", + "frame.time_delta": "0.920609000", + "frame.time_delta_displayed": "0.920609000", + "frame.time_relative": "180.506840000", + "frame.number": "411", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000ffec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b75e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "399" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.971736000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.971736000", + "frame.time_delta": "0.004210000", + "frame.time_delta_displayed": "0.004210000", + "frame.time_relative": "180.511050000", + "frame.number": "412", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000189c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fcb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54510", + "tcp.dstport": "80", + "tcp.port": "54510", + "tcp.port": "80", + "tcp.stream": "16", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000bab9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.972272000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.972272000", + "frame.time_delta": "0.000536000", + "frame.time_delta_displayed": "0.000536000", + "frame.time_relative": "180.511586000", + "frame.number": "413", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54510", + "tcp.port": "80", + "tcp.port": "54510", + "tcp.stream": "16", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000159d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "412", + "tcp.analysis.ack_rtt": "0.000536000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.974482000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.974482000", + "frame.time_delta": "0.002210000", + "frame.time_delta_displayed": "0.002210000", + "frame.time_relative": "180.513796000", + "frame.number": "414", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000189d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fd6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54510", + "tcp.dstport": "80", + "tcp.port": "54510", + "tcp.port": "80", + "tcp.stream": "16", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c77b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "413", + "tcp.analysis.ack_rtt": "0.002210000", + "tcp.analysis.initial_rtt": "0.002746000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.975370000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.975370000", + "frame.time_delta": "0.000888000", + "frame.time_delta_displayed": "0.000888000", + "frame.time_relative": "180.514684000", + "frame.number": "415", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x0000189e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f2e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54510", + "tcp.dstport": "80", + "tcp.port": "54510", + "tcp.port": "80", + "tcp.stream": "16", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000dcf4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002746000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.975855000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.975855000", + "frame.time_delta": "0.000485000", + "frame.time_delta_displayed": "0.000485000", + "frame.time_relative": "180.515169000", + "frame.number": "416", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008f79", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000028fa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54510", + "tcp.port": "80", + "tcp.port": "54510", + "tcp.stream": "16", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b90c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "415", + "tcp.analysis.ack_rtt": "0.000485000", + "tcp.analysis.initial_rtt": "0.002746000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.976429000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.976429000", + "frame.time_delta": "0.000574000", + "frame.time_delta_displayed": "0.000574000", + "frame.time_relative": "180.515743000", + "frame.number": "417", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00008f7a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000028e8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54510", + "tcp.port": "80", + "tcp.port": "54510", + "tcp.stream": "16", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f92d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002746000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.976782000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.976782000", + "frame.time_delta": "0.000353000", + "frame.time_delta_displayed": "0.000353000", + "frame.time_relative": "180.516096000", + "frame.number": "418", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00008f7b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002515", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54510", + "tcp.port": "80", + "tcp.port": "54510", + "tcp.stream": "16", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004b97", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002746000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "417", + "tcp.segment": "418", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001412000", + "http.request_in": "415", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.979768000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.979768000", + "frame.time_delta": "0.002986000", + "frame.time_delta_displayed": "0.002986000", + "frame.time_relative": "180.519082000", + "frame.number": "419", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000189f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fd4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54510", + "tcp.dstport": "80", + "tcp.port": "54510", + "tcp.port": "80", + "tcp.stream": "16", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c2e3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "418", + "tcp.analysis.ack_rtt": "0.002986000", + "tcp.analysis.initial_rtt": "0.002746000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.980445000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.980445000", + "frame.time_delta": "0.000677000", + "frame.time_delta_displayed": "0.000677000", + "frame.time_relative": "180.519759000", + "frame.number": "420", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018a0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fd3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54510", + "tcp.dstport": "80", + "tcp.port": "54510", + "tcp.port": "80", + "tcp.stream": "16", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c2e2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:31.980880000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493771.980880000", + "frame.time_delta": "0.000435000", + "frame.time_delta_displayed": "0.000435000", + "frame.time_relative": "180.520194000", + "frame.number": "421", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000caeb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ed87", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54510", + "tcp.port": "80", + "tcp.port": "54510", + "tcp.stream": "16", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b516", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "420", + "tcp.analysis.ack_rtt": "0.000435000", + "tcp.analysis.initial_rtt": "0.002746000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.020436000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.020436000", + "frame.time_delta": "0.039556000", + "frame.time_delta_displayed": "0.039556000", + "frame.time_relative": "180.559750000", + "frame.number": "422", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000fff0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b751", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "411" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.034813000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.034813000", + "frame.time_delta": "0.014377000", + "frame.time_delta_displayed": "0.014377000", + "frame.time_relative": "180.574127000", + "frame.number": "423", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000018a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fc6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54511", + "tcp.dstport": "80", + "tcp.port": "54511", + "tcp.port": "80", + "tcp.stream": "17", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000f430", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.035364000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.035364000", + "frame.time_delta": "0.000551000", + "frame.time_delta_displayed": "0.000551000", + "frame.time_relative": "180.574678000", + "frame.number": "424", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54511", + "tcp.port": "80", + "tcp.port": "54511", + "tcp.stream": "17", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00003422", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "423", + "tcp.analysis.ack_rtt": "0.000551000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.037976000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.037976000", + "frame.time_delta": "0.002612000", + "frame.time_delta_displayed": "0.002612000", + "frame.time_relative": "180.577290000", + "frame.number": "425", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018a2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fd1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54511", + "tcp.dstport": "80", + "tcp.port": "54511", + "tcp.port": "80", + "tcp.stream": "17", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e600", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "424", + "tcp.analysis.ack_rtt": "0.002612000", + "tcp.analysis.initial_rtt": "0.003163000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.038654000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.038654000", + "frame.time_delta": "0.000678000", + "frame.time_delta_displayed": "0.000678000", + "frame.time_relative": "180.577968000", + "frame.number": "426", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000018a3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f29", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54511", + "tcp.dstport": "80", + "tcp.port": "54511", + "tcp.port": "80", + "tcp.stream": "17", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000fb79", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003163000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.039145000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.039145000", + "frame.time_delta": "0.000491000", + "frame.time_delta_displayed": "0.000491000", + "frame.time_relative": "180.578459000", + "frame.number": "427", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000abc0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000cb3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54511", + "tcp.port": "80", + "tcp.port": "54511", + "tcp.stream": "17", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d791", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "426", + "tcp.analysis.ack_rtt": "0.000491000", + "tcp.analysis.initial_rtt": "0.003163000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.039714000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.039714000", + "frame.time_delta": "0.000569000", + "frame.time_delta_displayed": "0.000569000", + "frame.time_relative": "180.579028000", + "frame.number": "428", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000abc1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000ca1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54511", + "tcp.port": "80", + "tcp.port": "54511", + "tcp.stream": "17", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000017b3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003163000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.040174000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.040174000", + "frame.time_delta": "0.000460000", + "frame.time_delta_displayed": "0.000460000", + "frame.time_relative": "180.579488000", + "frame.number": "429", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000abc2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000008ce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54511", + "tcp.port": "80", + "tcp.port": "54511", + "tcp.stream": "17", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006a1c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003163000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "428", + "tcp.segment": "429", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001520000", + "http.request_in": "426", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.041157000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.041157000", + "frame.time_delta": "0.000983000", + "frame.time_delta_displayed": "0.000983000", + "frame.time_relative": "180.580471000", + "frame.number": "430", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000abc3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000008cd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54511", + "tcp.port": "80", + "tcp.port": "54511", + "tcp.stream": "17", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006a1c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003163000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.043569000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.043569000", + "frame.time_delta": "0.002412000", + "frame.time_delta_displayed": "0.002412000", + "frame.time_relative": "180.582883000", + "frame.number": "431", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018a4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fcf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54511", + "tcp.dstport": "80", + "tcp.port": "54511", + "tcp.port": "80", + "tcp.stream": "17", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e168", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "429", + "tcp.analysis.ack_rtt": "0.003395000", + "tcp.analysis.initial_rtt": "0.003163000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.044241000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.044241000", + "frame.time_delta": "0.000672000", + "frame.time_delta_displayed": "0.000672000", + "frame.time_relative": "180.583555000", + "frame.number": "432", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018a5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54511", + "tcp.dstport": "80", + "tcp.port": "54511", + "tcp.port": "80", + "tcp.stream": "17", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e167", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.044677000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.044677000", + "frame.time_delta": "0.000436000", + "frame.time_delta_displayed": "0.000436000", + "frame.time_relative": "180.583991000", + "frame.number": "433", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000caf0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ed82", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54511", + "tcp.port": "80", + "tcp.port": "54511", + "tcp.stream": "17", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d39b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "432", + "tcp.analysis.ack_rtt": "0.000436000", + "tcp.analysis.initial_rtt": "0.003163000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.044918000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.044918000", + "frame.time_delta": "0.000241000", + "frame.time_delta_displayed": "0.000241000", + "frame.time_relative": "180.584232000", + "frame.number": "434", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000018a6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fc1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54511", + "tcp.dstport": "80", + "tcp.port": "54511", + "tcp.port": "80", + "tcp.stream": "17", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001583", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:35:eb:13:0a:35:eb:16:ed", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003163000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "431", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.073404000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.073404000", + "frame.time_delta": "0.028486000", + "frame.time_delta_displayed": "0.028486000", + "frame.time_relative": "180.612718000", + "frame.number": "435", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000fff3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b754", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "422" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.079234000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.079234000", + "frame.time_delta": "0.005830000", + "frame.time_delta_displayed": "0.005830000", + "frame.time_relative": "180.618548000", + "frame.number": "436", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000018a7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fc0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54512", + "tcp.dstport": "80", + "tcp.port": "54512", + "tcp.port": "80", + "tcp.stream": "18", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00005610", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.079774000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.079774000", + "frame.time_delta": "0.000540000", + "frame.time_delta_displayed": "0.000540000", + "frame.time_relative": "180.619088000", + "frame.number": "437", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54512", + "tcp.port": "80", + "tcp.port": "54512", + "tcp.stream": "18", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000b729", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "436", + "tcp.analysis.ack_rtt": "0.000540000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.082888000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.082888000", + "frame.time_delta": "0.003114000", + "frame.time_delta_displayed": "0.003114000", + "frame.time_relative": "180.622202000", + "frame.number": "438", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018a8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fcb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54512", + "tcp.dstport": "80", + "tcp.port": "54512", + "tcp.port": "80", + "tcp.stream": "18", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006908", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "437", + "tcp.analysis.ack_rtt": "0.003114000", + "tcp.analysis.initial_rtt": "0.003654000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.083493000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.083493000", + "frame.time_delta": "0.000605000", + "frame.time_delta_displayed": "0.000605000", + "frame.time_relative": "180.622807000", + "frame.number": "439", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000018a9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f23", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54512", + "tcp.dstport": "80", + "tcp.port": "54512", + "tcp.port": "80", + "tcp.stream": "18", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007e81", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003654000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.084248000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.084248000", + "frame.time_delta": "0.000755000", + "frame.time_delta_displayed": "0.000755000", + "frame.time_relative": "180.623562000", + "frame.number": "440", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005ffb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005878", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54512", + "tcp.port": "80", + "tcp.port": "54512", + "tcp.stream": "18", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005a99", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "439", + "tcp.analysis.ack_rtt": "0.000755000", + "tcp.analysis.initial_rtt": "0.003654000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.084818000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.084818000", + "frame.time_delta": "0.000570000", + "frame.time_delta_displayed": "0.000570000", + "frame.time_relative": "180.624132000", + "frame.number": "441", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00005ffc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005866", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54512", + "tcp.port": "80", + "tcp.port": "54512", + "tcp.stream": "18", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009aba", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003654000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.085168000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.085168000", + "frame.time_delta": "0.000350000", + "frame.time_delta_displayed": "0.000350000", + "frame.time_relative": "180.624482000", + "frame.number": "442", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00005ffd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005493", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54512", + "tcp.port": "80", + "tcp.port": "54512", + "tcp.stream": "18", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ed23", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003654000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "441", + "tcp.segment": "442", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001675000", + "http.request_in": "439", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.087332000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.087332000", + "frame.time_delta": "0.002164000", + "frame.time_delta_displayed": "0.002164000", + "frame.time_relative": "180.626646000", + "frame.number": "443", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018aa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fc9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54512", + "tcp.dstport": "80", + "tcp.port": "54512", + "tcp.port": "80", + "tcp.stream": "18", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006470", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "442", + "tcp.analysis.ack_rtt": "0.002164000", + "tcp.analysis.initial_rtt": "0.003654000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.088336000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.088336000", + "frame.time_delta": "0.001004000", + "frame.time_delta_displayed": "0.001004000", + "frame.time_relative": "180.627650000", + "frame.number": "444", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018ab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fc8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54512", + "tcp.dstport": "80", + "tcp.port": "54512", + "tcp.port": "80", + "tcp.stream": "18", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000646f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.088769000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.088769000", + "frame.time_delta": "0.000433000", + "frame.time_delta_displayed": "0.000433000", + "frame.time_relative": "180.628083000", + "frame.number": "445", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000caf3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ed7f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54512", + "tcp.port": "80", + "tcp.port": "54512", + "tcp.stream": "18", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000056a3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "444", + "tcp.analysis.ack_rtt": "0.000433000", + "tcp.analysis.initial_rtt": "0.003654000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:32.343033000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493772.343033000", + "frame.time_delta": "0.254264000", + "frame.time_delta_displayed": "0.254264000", + "frame.time_relative": "180.882347000", + "frame.number": "446", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:34.621085000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493774.621085000", + "frame.time_delta": "2.278052000", + "frame.time_delta_displayed": "2.278052000", + "frame.time_relative": "183.160399000", + "frame.number": "447", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057d5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "41", + "tcp.ack": "37", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000673", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:34.764961000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493774.764961000", + "frame.time_delta": "0.143876000", + "frame.time_delta_displayed": "0.143876000", + "frame.time_relative": "183.304275000", + "frame.number": "448", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fc7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdca", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "37", + "tcp.ack": "42", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000010e8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:35.556540000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493775.556540000", + "frame.time_delta": "0.791579000", + "frame.time_delta_displayed": "0.791579000", + "frame.time_relative": "184.095854000", + "frame.number": "449", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001cf5", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bafb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000ba6", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000025e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=606", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:35.557106000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493775.557106000", + "frame.time_delta": "0.000566000", + "frame.time_delta_displayed": "0.000566000", + "frame.time_relative": "184.096420000", + "frame.number": "450", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001cf6", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bf6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000eca1", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000025e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=606", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:35.557675000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493775.557675000", + "frame.time_delta": "0.000569000", + "frame.time_delta_displayed": "0.000569000", + "frame.time_relative": "184.096989000", + "frame.number": "451", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007a67", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000025e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=606", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:36.089770000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493776.089770000", + "frame.time_delta": "0.532095000", + "frame.time_delta_displayed": "0.532095000", + "frame.time_relative": "184.629084000", + "frame.number": "452", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005b1c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005ccd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:36.688110000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493776.688110000", + "frame.time_delta": "0.598340000", + "frame.time_delta_displayed": "0.598340000", + "frame.time_relative": "185.227424000", + "frame.number": "453", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020d4", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e740", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49589", + "udp.dstport": "1900", + "udp.port": "49589", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x000088a8", + "udp.checksum.status": "2", + "udp.stream": "25" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:37.345467000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493777.345467000", + "frame.time_delta": "0.657357000", + "frame.time_delta_displayed": "0.657357000", + "frame.time_relative": "185.884781000", + "frame.number": "454", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000000b7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b694", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "305", + "udp.checksum": "0x00000366", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:37.398228000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493777.398228000", + "frame.time_delta": "0.052761000", + "frame.time_delta_displayed": "0.052761000", + "frame.time_relative": "185.937542000", + "frame.number": "455", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000000ba", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b688", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "314", + "udp.checksum": "0x00001151", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "454" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:37.451104000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493777.451104000", + "frame.time_delta": "0.052876000", + "frame.time_delta_displayed": "0.052876000", + "frame.time_relative": "185.990418000", + "frame.number": "456", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000000bb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b68d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "308", + "udp.checksum": "0x000034db", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "455" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:37.688408000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493777.688408000", + "frame.time_delta": "0.237304000", + "frame.time_delta_displayed": "0.237304000", + "frame.time_relative": "186.227722000", + "frame.number": "457", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020d5", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e73f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49589", + "udp.dstport": "1900", + "udp.port": "49589", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x000088a8", + "udp.checksum.status": "2", + "udp.stream": "25" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "453" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:38.397805000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493778.397805000", + "frame.time_delta": "0.709397000", + "frame.time_delta_displayed": "0.709397000", + "frame.time_relative": "186.937119000", + "frame.number": "458", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000000cd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b67e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "305", + "udp.checksum": "0x00000366", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "456" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:38.450817000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493778.450817000", + "frame.time_delta": "0.053012000", + "frame.time_delta_displayed": "0.053012000", + "frame.time_relative": "186.990131000", + "frame.number": "459", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000000d0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b672", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "314", + "udp.checksum": "0x00001151", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "458" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:38.503622000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493778.503622000", + "frame.time_delta": "0.052805000", + "frame.time_delta_displayed": "0.052805000", + "frame.time_relative": "187.042936000", + "frame.number": "460", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000000d1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b677", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "308", + "udp.checksum": "0x000034db", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "459" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:38.689768000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493778.689768000", + "frame.time_delta": "0.186146000", + "frame.time_delta_displayed": "0.186146000", + "frame.time_relative": "187.229082000", + "frame.number": "461", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020d6", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e73e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49589", + "udp.dstport": "1900", + "udp.port": "49589", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x000088a8", + "udp.checksum.status": "2", + "udp.stream": "25" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "457" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:39.029338000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493779.029338000", + "frame.time_delta": "0.339570000", + "frame.time_delta_displayed": "0.339570000", + "frame.time_relative": "187.568652000", + "frame.number": "462", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000000ed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b65e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "305", + "udp.checksum": "0x00000366", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "460" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:39.082095000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493779.082095000", + "frame.time_delta": "0.052757000", + "frame.time_delta_displayed": "0.052757000", + "frame.time_relative": "187.621409000", + "frame.number": "463", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000000ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b654", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "314", + "udp.checksum": "0x00001151", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "462" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:39.134816000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493779.134816000", + "frame.time_delta": "0.052721000", + "frame.time_delta_displayed": "0.052721000", + "frame.time_relative": "187.674130000", + "frame.number": "464", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000000f3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b655", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "308", + "udp.checksum": "0x000034db", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "463" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:39.630992000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493779.630992000", + "frame.time_delta": "0.496176000", + "frame.time_delta_displayed": "0.496176000", + "frame.time_relative": "188.170306000", + "frame.number": "465", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:39.631156000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493779.631156000", + "frame.time_delta": "0.000164000", + "frame.time_delta_displayed": "0.000164000", + "frame.time_relative": "188.170470000", + "frame.number": "466", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:39.690358000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493779.690358000", + "frame.time_delta": "0.059202000", + "frame.time_delta_displayed": "0.059202000", + "frame.time_relative": "188.229672000", + "frame.number": "467", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020d7", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e73d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49589", + "udp.dstport": "1900", + "udp.port": "49589", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x000088a8", + "udp.checksum.status": "2", + "udp.stream": "25" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "461" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.081841000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.081841000", + "frame.time_delta": "0.391483000", + "frame.time_delta_displayed": "0.391483000", + "frame.time_relative": "188.621155000", + "frame.number": "468", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00000102", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b649", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "305", + "udp.checksum": "0x00000366", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "464" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.134613000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.134613000", + "frame.time_delta": "0.052772000", + "frame.time_delta_displayed": "0.052772000", + "frame.time_relative": "188.673927000", + "frame.number": "469", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00000105", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b63d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "314", + "udp.checksum": "0x00001151", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "468" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.187388000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.187388000", + "frame.time_delta": "0.052775000", + "frame.time_delta_displayed": "0.052775000", + "frame.time_relative": "188.726702000", + "frame.number": "470", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00000106", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b642", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "308", + "udp.checksum": "0x000034db", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "469" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.216252000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.216252000", + "frame.time_delta": "0.028864000", + "frame.time_delta_displayed": "0.028864000", + "frame.time_relative": "188.755566000", + "frame.number": "471", + "frame.len": "82", + "frame.cap_len": "82", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "68", + "ip.id": "0x00000a8c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ee34", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "48", + "udp.checksum": "0x0000764f", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "28:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:c4:12:8c:3e:98:cc:f2:14:96:01:00:00:54:0b:00:00", + "data.len": "40" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.398037000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.398037000", + "frame.time_delta": "0.181785000", + "frame.time_delta_displayed": "0.181785000", + "frame.time_relative": "188.937351000", + "frame.number": "472", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00000111", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b63a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "305", + "udp.checksum": "0x00000366", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "470" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.450772000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.450772000", + "frame.time_delta": "0.052735000", + "frame.time_delta_displayed": "0.052735000", + "frame.time_relative": "188.990086000", + "frame.number": "473", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00000114", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b62e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "314", + "udp.checksum": "0x00001151", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "472" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.503650000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.503650000", + "frame.time_delta": "0.052878000", + "frame.time_delta_displayed": "0.052878000", + "frame.time_relative": "189.042964000", + "frame.number": "474", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00000117", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b631", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "308", + "udp.checksum": "0x000034db", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "473" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.602573000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.602573000", + "frame.time_delta": "0.098923000", + "frame.time_delta_displayed": "0.098923000", + "frame.time_relative": "189.141887000", + "frame.number": "475", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x0000acbc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000ba5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53598", + "udp.dstport": "53", + "udp.port": "53598", + "udp.port": "53", + "udp.length": "52", + "udp.checksum": "0x00006694", + "udp.checksum.status": "2", + "udp.stream": "27" + }, + "dns": { + "dns.id": "0x0000dea8", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type A, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.602590000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.602590000", + "frame.time_delta": "0.000017000", + "frame.time_delta_displayed": "0.000017000", + "frame.time_relative": "189.141904000", + "frame.number": "476", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x0000acbd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000ba4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53598", + "udp.dstport": "53", + "udp.port": "53598", + "udp.port": "53", + "udp.length": "52", + "udp.checksum": "0x0000a474", + "udp.checksum.status": "2", + "udp.stream": "27" + }, + "dns": { + "dns.id": "0x0000a0ad", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type AAAA, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.606134000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.606134000", + "frame.time_delta": "0.003544000", + "frame.time_delta_displayed": "0.003544000", + "frame.time_relative": "189.145448000", + "frame.number": "477", + "frame.len": "447", + "frame.cap_len": "447", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "433", + "ip.id": "0x00008324", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000033d4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "53598", + "udp.port": "53", + "udp.port": "53598", + "udp.length": "413", + "udp.checksum": "0x000083f2", + "udp.checksum.status": "2", + "udp.stream": "27" + }, + "dns": { + "dns.response_to": "475", + "dns.time": "0.003561000", + "dns.id": "0x0000dea8", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "3", + "dns.count.auth_rr": "4", + "dns.count.add_rr": "8", + "Queries": { + "fw-update2.smartthings.com: type A, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "fw-update2.smartthings.com: type A, class IN, addr 52.70.238.171": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "40", + "dns.resp.len": "4", + "dns.a": "52.70.238.171" + }, + "fw-update2.smartthings.com: type A, class IN, addr 52.4.156.100": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "40", + "dns.resp.len": "4", + "dns.a": "52.4.156.100" + }, + "fw-update2.smartthings.com: type A, class IN, addr 34.231.50.247": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "40", + "dns.resp.len": "4", + "dns.a": "34.231.50.247" + } + }, + "Authoritative nameservers": { + "smartthings.com: type NS, class IN, ns ns-1275.awsdns-31.org": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "64949", + "dns.resp.len": "23", + "dns.ns": "ns-1275.awsdns-31.org" + }, + "smartthings.com: type NS, class IN, ns ns-779.awsdns-33.net": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "64949", + "dns.resp.len": "22", + "dns.ns": "ns-779.awsdns-33.net" + }, + "smartthings.com: type NS, class IN, ns ns-1610.awsdns-09.co.uk": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "64949", + "dns.resp.len": "25", + "dns.ns": "ns-1610.awsdns-09.co.uk" + }, + "smartthings.com: type NS, class IN, ns ns-442.awsdns-55.com": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "64949", + "dns.resp.len": "19", + "dns.ns": "ns-442.awsdns-55.com" + } + }, + "Additional records": { + "ns-442.awsdns-55.com: type A, class IN, addr 205.251.193.186": { + "dns.resp.name": "ns-442.awsdns-55.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "151773", + "dns.resp.len": "4", + "dns.a": "205.251.193.186" + }, + "ns-779.awsdns-33.net: type A, class IN, addr 205.251.195.11": { + "dns.resp.name": "ns-779.awsdns-33.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60810", + "dns.resp.len": "4", + "dns.a": "205.251.195.11" + }, + "ns-1275.awsdns-31.org: type A, class IN, addr 205.251.196.251": { + "dns.resp.name": "ns-1275.awsdns-31.org", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "59049", + "dns.resp.len": "4", + "dns.a": "205.251.196.251" + }, + "ns-1610.awsdns-09.co.uk: type A, class IN, addr 205.251.198.74": { + "dns.resp.name": "ns-1610.awsdns-09.co.uk", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "59151", + "dns.resp.len": "4", + "dns.a": "205.251.198.74" + }, + "ns-442.awsdns-55.com: type AAAA, class IN, addr 2600:9000:5301:ba00::1": { + "dns.resp.name": "ns-442.awsdns-55.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "102706", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5301:ba00::1" + }, + "ns-779.awsdns-33.net: type AAAA, class IN, addr 2600:9000:5303:b00::1": { + "dns.resp.name": "ns-779.awsdns-33.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60810", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5303:b00::1" + }, + "ns-1275.awsdns-31.org: type AAAA, class IN, addr 2600:9000:5304:fb00::1": { + "dns.resp.name": "ns-1275.awsdns-31.org", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "59049", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5304:fb00::1" + }, + "ns-1610.awsdns-09.co.uk: type AAAA, class IN, addr 2600:9000:5306:4a00::1": { + "dns.resp.name": "ns-1610.awsdns-09.co.uk", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "59151", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5306:4a00::1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.629950000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.629950000", + "frame.time_delta": "0.023816000", + "frame.time_delta_displayed": "0.023816000", + "frame.time_relative": "189.169264000", + "frame.number": "478", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x00008326", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000034e9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "53598", + "udp.port": "53", + "udp.port": "53598", + "udp.length": "134", + "udp.checksum": "0x000082db", + "udp.checksum.status": "2", + "udp.stream": "27" + }, + "dns": { + "dns.response_to": "476", + "dns.time": "0.027360000", + "dns.id": "0x0000a0ad", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type AAAA, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "smartthings.com: type SOA, class IN, mname ns-1275.awsdns-31.org": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "900", + "dns.resp.len": "70", + "dns.soa.mname": "ns-1275.awsdns-31.org", + "dns.soa.rname": "awsdns-hostmaster.amazon.com", + "dns.soa.serial_number": "1", + "dns.soa.refresh_interval": "7200", + "dns.soa.retry_interval": "900", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "86400" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.630729000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.630729000", + "frame.time_delta": "0.000779000", + "frame.time_delta_displayed": "0.000779000", + "frame.time_relative": "189.170043000", + "frame.number": "479", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000c60c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009023", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34221", + "tcp.dstport": "443", + "tcp.port": "34221", + "tcp.port": "443", + "tcp.stream": "19", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x00002281", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:24:fa:d0:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 2423504, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2423504", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.708371000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.708371000", + "frame.time_delta": "0.077642000", + "frame.time_delta_displayed": "0.077642000", + "frame.time_relative": "189.247685000", + "frame.number": "480", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000af2f", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34221", + "tcp.port": "443", + "tcp.port": "34221", + "tcp.stream": "19", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "26847", + "tcp.window_size": "26847", + "tcp.checksum": "0x0000bb98", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:4b:43:01:f8:00:24:fa:d0:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 1262682616, TSecr 2423504": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262682616", + "tcp.options.timestamp.tsecr": "2423504" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "479", + "tcp.analysis.ack_rtt": "0.077642000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.708892000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.708892000", + "frame.time_delta": "0.000521000", + "frame.time_delta_displayed": "0.000521000", + "frame.time_relative": "189.248206000", + "frame.number": "481", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000c60d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000902a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34221", + "tcp.dstport": "443", + "tcp.port": "34221", + "tcp.port": "443", + "tcp.stream": "19", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00005258", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:fa:d8:4b:43:01:f8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2423512, TSecr 1262682616": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2423512", + "tcp.options.timestamp.tsecr": "1262682616" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "480", + "tcp.analysis.ack_rtt": "0.000521000", + "tcp.analysis.initial_rtt": "0.078163000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.711059000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.711059000", + "frame.time_delta": "0.002167000", + "frame.time_delta_displayed": "0.002167000", + "frame.time_relative": "189.250373000", + "frame.number": "482", + "frame.len": "373", + "frame.cap_len": "373", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "359", + "ip.id": "0x0000c60e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008ef6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34221", + "tcp.dstport": "443", + "tcp.port": "34221", + "tcp.port": "443", + "tcp.stream": "19", + "tcp.len": "307", + "tcp.seq": "1", + "tcp.nxtseq": "308", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x000028fd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:fa:d8:4b:43:01:f8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2423512, TSecr 1262682616": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2423512", + "tcp.options.timestamp.tsecr": "1262682616" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.078163000", + "tcp.analysis.bytes_in_flight": "307", + "tcp.analysis.push_bytes_sent": "307" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000301", + "ssl.record.length": "302", + "ssl.handshake": { + "ssl.handshake.type": "1", + "ssl.handshake.length": "298", + "ssl.handshake.version": "0x00000303", + "Random": { + "ssl.handshake.random_time": "Jan 29, 1989 11:51:07.000000000 PST", + "ssl.handshake.random": "68:bf:a6:0c:d1:f1:98:2c:7b:63:7f:e8:6d:5c:f4:75:e4:a4:a9:ec:86:49:1f:da:9c:d3:54:c0" + }, + "ssl.handshake.session_id_length": "0", + "ssl.handshake.cipher_suites_length": "148", + "ssl.handshake.ciphersuites": { + "ssl.handshake.ciphersuite": "49200", + "ssl.handshake.ciphersuite": "49196", + "ssl.handshake.ciphersuite": "49192", + "ssl.handshake.ciphersuite": "49188", + "ssl.handshake.ciphersuite": "49172", + "ssl.handshake.ciphersuite": "49162", + "ssl.handshake.ciphersuite": "163", + "ssl.handshake.ciphersuite": "159", + "ssl.handshake.ciphersuite": "107", + "ssl.handshake.ciphersuite": "106", + "ssl.handshake.ciphersuite": "57", + "ssl.handshake.ciphersuite": "56", + "ssl.handshake.ciphersuite": "136", + "ssl.handshake.ciphersuite": "135", + "ssl.handshake.ciphersuite": "49202", + "ssl.handshake.ciphersuite": "49198", + "ssl.handshake.ciphersuite": "49194", + "ssl.handshake.ciphersuite": "49190", + "ssl.handshake.ciphersuite": "49167", + "ssl.handshake.ciphersuite": "49157", + "ssl.handshake.ciphersuite": "157", + "ssl.handshake.ciphersuite": "61", + "ssl.handshake.ciphersuite": "53", + "ssl.handshake.ciphersuite": "132", + "ssl.handshake.ciphersuite": "49199", + "ssl.handshake.ciphersuite": "49195", + "ssl.handshake.ciphersuite": "49191", + "ssl.handshake.ciphersuite": "49187", + "ssl.handshake.ciphersuite": "49171", + "ssl.handshake.ciphersuite": "49161", + "ssl.handshake.ciphersuite": "162", + "ssl.handshake.ciphersuite": "158", + "ssl.handshake.ciphersuite": "103", + "ssl.handshake.ciphersuite": "64", + "ssl.handshake.ciphersuite": "51", + "ssl.handshake.ciphersuite": "50", + "ssl.handshake.ciphersuite": "154", + "ssl.handshake.ciphersuite": "153", + "ssl.handshake.ciphersuite": "69", + "ssl.handshake.ciphersuite": "68", + "ssl.handshake.ciphersuite": "49201", + "ssl.handshake.ciphersuite": "49197", + "ssl.handshake.ciphersuite": "49193", + "ssl.handshake.ciphersuite": "49189", + "ssl.handshake.ciphersuite": "49166", + "ssl.handshake.ciphersuite": "49156", + "ssl.handshake.ciphersuite": "156", + "ssl.handshake.ciphersuite": "60", + "ssl.handshake.ciphersuite": "47", + "ssl.handshake.ciphersuite": "150", + "ssl.handshake.ciphersuite": "65", + "ssl.handshake.ciphersuite": "7", + "ssl.handshake.ciphersuite": "49169", + "ssl.handshake.ciphersuite": "49159", + "ssl.handshake.ciphersuite": "49164", + "ssl.handshake.ciphersuite": "49154", + "ssl.handshake.ciphersuite": "5", + "ssl.handshake.ciphersuite": "4", + "ssl.handshake.ciphersuite": "49170", + "ssl.handshake.ciphersuite": "49160", + "ssl.handshake.ciphersuite": "22", + "ssl.handshake.ciphersuite": "19", + "ssl.handshake.ciphersuite": "49165", + "ssl.handshake.ciphersuite": "49155", + "ssl.handshake.ciphersuite": "10", + "ssl.handshake.ciphersuite": "21", + "ssl.handshake.ciphersuite": "18", + "ssl.handshake.ciphersuite": "9", + "ssl.handshake.ciphersuite": "20", + "ssl.handshake.ciphersuite": "17", + "ssl.handshake.ciphersuite": "8", + "ssl.handshake.ciphersuite": "6", + "ssl.handshake.ciphersuite": "3", + "ssl.handshake.ciphersuite": "255" + }, + "ssl.handshake.comp_methods_length": "1", + "ssl.handshake.comp_methods": { + "ssl.handshake.comp_method": "0" + }, + "ssl.handshake.extensions_length": "109", + "Extension: ec_point_formats": { + "ssl.handshake.extension.type": "0x0000000b", + "ssl.handshake.extension.len": "4", + "ssl.handshake.extensions_ec_point_formats_length": "3", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_ec_point_format": "0", + "ssl.handshake.extensions_ec_point_format": "1", + "ssl.handshake.extensions_ec_point_format": "2" + } + }, + "Extension: elliptic_curves": { + "ssl.handshake.extension.type": "0x0000000a", + "ssl.handshake.extension.len": "52", + "ssl.handshake.extensions_elliptic_curves_length": "50", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_elliptic_curve": "0x0000000e", + "ssl.handshake.extensions_elliptic_curve": "0x0000000d", + "ssl.handshake.extensions_elliptic_curve": "0x00000019", + "ssl.handshake.extensions_elliptic_curve": "0x0000000b", + "ssl.handshake.extensions_elliptic_curve": "0x0000000c", + "ssl.handshake.extensions_elliptic_curve": "0x00000018", + "ssl.handshake.extensions_elliptic_curve": "0x00000009", + "ssl.handshake.extensions_elliptic_curve": "0x0000000a", + "ssl.handshake.extensions_elliptic_curve": "0x00000016", + "ssl.handshake.extensions_elliptic_curve": "0x00000017", + "ssl.handshake.extensions_elliptic_curve": "0x00000008", + "ssl.handshake.extensions_elliptic_curve": "0x00000006", + "ssl.handshake.extensions_elliptic_curve": "0x00000007", + "ssl.handshake.extensions_elliptic_curve": "0x00000014", + "ssl.handshake.extensions_elliptic_curve": "0x00000015", + "ssl.handshake.extensions_elliptic_curve": "0x00000004", + "ssl.handshake.extensions_elliptic_curve": "0x00000005", + "ssl.handshake.extensions_elliptic_curve": "0x00000012", + "ssl.handshake.extensions_elliptic_curve": "0x00000013", + "ssl.handshake.extensions_elliptic_curve": "0x00000001", + "ssl.handshake.extensions_elliptic_curve": "0x00000002", + "ssl.handshake.extensions_elliptic_curve": "0x00000003", + "ssl.handshake.extensions_elliptic_curve": "0x0000000f", + "ssl.handshake.extensions_elliptic_curve": "0x00000010", + "ssl.handshake.extensions_elliptic_curve": "0x00000011" + } + }, + "Extension: SessionTicket TLS": { + "ssl.handshake.extension.type": "0x00000023", + "ssl.handshake.extension.len": "0", + "ssl.handshake.extension.data": "" + }, + "Extension: signature_algorithms": { + "ssl.handshake.extension.type": "0x0000000d", + "ssl.handshake.extension.len": "32", + "ssl.handshake.sig_hash_alg_len": "30", + "ssl.handshake.sig_hash_algs": { + "ssl.handshake.sig_hash_alg": "0x00000601", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000602", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000603", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000501", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000502", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000503", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000401", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000402", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000403", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000301", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000302", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000303", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000201", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000202", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000203", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "3" + } + } + }, + "Extension: Heartbeat": { + "ssl.handshake.extension.type": "0x0000000f", + "ssl.handshake.extension.len": "1", + "ssl.handshake.extension.heartbeat.mode": "1" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.788846000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.788846000", + "frame.time_delta": "0.077787000", + "frame.time_delta_displayed": "0.077787000", + "frame.time_relative": "189.328160000", + "frame.number": "483", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000d67", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000a1d0", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34221", + "tcp.port": "443", + "tcp.port": "34221", + "tcp.stream": "19", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005187", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:43:02:0d:00:24:fa:d8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262682637, TSecr 2423512": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262682637", + "tcp.options.timestamp.tsecr": "2423512" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "482", + "tcp.analysis.ack_rtt": "0.077787000", + "tcp.analysis.initial_rtt": "0.078163000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.790137000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.790137000", + "frame.time_delta": "0.001291000", + "frame.time_delta_displayed": "0.001291000", + "frame.time_relative": "189.329451000", + "frame.number": "484", + "frame.len": "1514", + "frame.cap_len": "1514", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1500", + "ip.id": "0x00000d68", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x00009c27", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34221", + "tcp.port": "443", + "tcp.port": "34221", + "tcp.stream": "19", + "tcp.len": "1448", + "tcp.seq": "1", + "tcp.nxtseq": "1449", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ea5a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:43:02:0d:00:24:fa:d8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262682637, TSecr 2423512": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262682637", + "tcp.options.timestamp.tsecr": "2423512" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.078163000", + "tcp.analysis.bytes_in_flight": "1448", + "tcp.analysis.push_bytes_sent": "1448" + }, + "tcp.segment_data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e" + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "89", + "ssl.handshake": { + "ssl.handshake.type": "2", + "ssl.handshake.length": "85", + "ssl.handshake.version": "0x00000303", + "Random": { + "ssl.handshake.random_time": "Sep 24, 2053 02:32:48.000000000 PDT", + "ssl.handshake.random": "80:d0:b2:21:d7:fa:8f:5a:ee:21:e8:7e:8e:2c:f8:71:79:49:58:18:8e:b8:76:37:a3:7f:6b:17" + }, + "ssl.handshake.session_id_length": "32", + "ssl.handshake.session_id": "a2:dc:69:9e:55:03:c8:78:31:03:68:4f:05:ab:2f:b9:46:65:54:ca:d7:57:58:19:54:79:8e:f6:d2:a3:8f:e2", + "ssl.handshake.ciphersuite": "49199", + "ssl.handshake.comp_method": "0", + "ssl.handshake.extensions_length": "13", + "Extension: renegotiation_info": { + "ssl.handshake.extension.type": "0x0000ff01", + "ssl.handshake.extension.len": "1", + "Renegotiation Info extension": { + "ssl.handshake.extensions_reneg_info_len": "0" + } + }, + "Extension: ec_point_formats": { + "ssl.handshake.extension.type": "0x0000000b", + "ssl.handshake.extension.len": "4", + "ssl.handshake.extensions_ec_point_formats_length": "3", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_ec_point_format": "0", + "ssl.handshake.extensions_ec_point_format": "1", + "ssl.handshake.extensions_ec_point_format": "2" + } + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.790164000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.790164000", + "frame.time_delta": "0.000027000", + "frame.time_delta_displayed": "0.000027000", + "frame.time_relative": "189.329478000", + "frame.number": "485", + "frame.len": "289", + "frame.cap_len": "289", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:x509ce:ns_cert_exts:x509ce:x509ce:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "275", + "ip.id": "0x00000d69", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000a0ef", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34221", + "tcp.port": "443", + "tcp.port": "34221", + "tcp.stream": "19", + "tcp.len": "223", + "tcp.seq": "1449", + "tcp.nxtseq": "1672", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e591", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:43:02:0d:00:24:fa:d8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262682637, TSecr 2423512": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262682637", + "tcp.options.timestamp.tsecr": "2423512" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.078163000", + "tcp.analysis.bytes_in_flight": "1671", + "tcp.analysis.push_bytes_sent": "1671" + }, + "tcp.segment_data": "3a:cd:63:9f" + }, + "tcp.segments": { + "tcp.segment": "484", + "tcp.segment": "485", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1358", + "tcp.reassembled.data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1353", + "ssl.handshake": { + "ssl.handshake.type": "11", + "ssl.handshake.length": "1349", + "ssl.handshake.certificates_length": "1346", + "ssl.handshake.certificates": { + "ssl.handshake.certificate_length": "777", + "ssl.handshake.certificate": "30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79", + "ssl.handshake.certificate_tree": { + "x509af.signedCertificate_element": { + "x509af.version": "2", + "x509af.serialNumber": "0", + "x509af.signature_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "x509af.issuer": "0", + "x509af.issuer_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.validity_element": { + "x509af.notBefore": "0", + "x509af.notBefore_tree": { + "x509af.utcTime": "15-03-05 21:25:44 (UTC)" + }, + "x509af.notAfter": "0", + "x509af.notAfter_tree": { + "x509af.utcTime": "25-03-02 21:25:44 (UTC)" + } + }, + "x509af.subject": "0", + "x509af.subject_tree": { + "x509af.rdnSequence": "5", + "x509af.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STFWSRV" + } + } + } + } + }, + "x509af.subjectPublicKeyInfo_element": { + "x509af.algorithm_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.1" + }, + "x509af.subjectPublicKey": "30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01", + "x509af.subjectPublicKey_tree": { + "pkcs1.modulus": "00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b", + "pkcs1.publicExponent": "65537" + } + }, + "x509af.extensions": "4", + "x509af.extensions_tree": { + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.19", + "x509ce.BasicConstraintsSyntax_element": "" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.16.840.1.113730.1.13", + "ns_cert_exts.Comment": "OpenSSL Generated Certificate" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.14", + "x509ce.SubjectKeyIdentifier": "01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.35", + "x509ce.AuthorityKeyIdentifier_element": { + "x509ce.authorityCertIssuer": "1", + "x509ce.authorityCertIssuer_tree": { + "x509ce.GeneralName": "4", + "x509ce.GeneralName_tree": { + "x509ce.directoryName": "0", + "x509ce.directoryName_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + } + } + }, + "x509ce.authorityCertSerialNumber": "-2877719464742176835" + } + } + } + }, + "x509af.algorithmIdentifier_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "ber.bitstring.padding": "0", + "x509af.encrypted": "0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79" + }, + "ssl.handshake.certificate_length": "563", + "ssl.handshake.certificate": "30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f", + "ssl.handshake.certificate_tree": { + "x509af.signedCertificate_element": { + "x509af.serialNumber": "-2877719464742176835", + "x509af.signature_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "x509af.issuer": "0", + "x509af.issuer_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.validity_element": { + "x509af.notBefore": "0", + "x509af.notBefore_tree": { + "x509af.utcTime": "15-03-05 21:25:34 (UTC)" + }, + "x509af.notAfter": "0", + "x509af.notAfter_tree": { + "x509af.utcTime": "25-03-02 21:25:34 (UTC)" + } + }, + "x509af.subject": "0", + "x509af.subject_tree": { + "x509af.rdnSequence": "5", + "x509af.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.subjectPublicKeyInfo_element": { + "x509af.algorithm_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.1" + }, + "x509af.subjectPublicKey": "30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01", + "x509af.subjectPublicKey_tree": { + "pkcs1.modulus": "00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f", + "pkcs1.publicExponent": "65537" + } + } + }, + "x509af.algorithmIdentifier_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "ber.bitstring.padding": "0", + "x509af.encrypted": "48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" + } + } + } + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "205", + "ssl.handshake": { + "ssl.handshake.type": "12", + "ssl.handshake.length": "201", + "EC Diffie-Hellman Server Params": { + "ssl.handshake.server_curve_type": "0x00000003", + "ssl.handshake.server_named_curve": "0x00000017", + "ssl.handshake.server_point_len": "65", + "ssl.handshake.server_point": "04:67:c9:b5:ed:59:3c:ae:f2:ca:3c:a6:0c:6d:e2:48:0b:52:cc:fd:44:9c:51:12:57:09:52:46:24:31:44:50:05:3a:f8:94:92:43:5e:f6:63:ce:78:bb:2f:4a:fd:be:16:8f:c3:5e:57:00:de:3c:c4:cc:82:18:a4:d2:f0:40:c0", + "ssl.handshake.sig_hash_alg": "0x00000601", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_len": "128", + "ssl.handshake.sig": "b6:d6:e0:0c:95:90:90:5d:ea:72:8d:06:7d:56:45:b4:ef:ac:e7:83:42:2d:1d:8a:b2:5c:10:d0:82:16:1a:5a:73:5a:39:d3:14:f5:e3:27:de:5b:eb:b4:6b:88:cf:de:9f:0f:36:7c:3f:f5:ea:67:3d:e4:91:66:29:73:3b:79:6e:13:21:e2:d0:ba:4d:a9:1f:3e:7c:ac:19:55:92:a7:8b:08:2c:9c:42:84:e6:cd:51:d5:cf:b2:e9:07:2d:79:d6:fd:db:ef:85:a1:7e:c4:0b:ca:f4:46:b4:1b:6d:a8:fd:02:74:a6:88:2b:e1:d7:e4:6b:74:2e:3f:49:d0:0e" + } + } + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "4", + "ssl.handshake": { + "ssl.handshake.type": "14", + "ssl.handshake.length": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.790819000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.790819000", + "frame.time_delta": "0.000655000", + "frame.time_delta_displayed": "0.000655000", + "frame.time_relative": "189.330133000", + "frame.number": "486", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000c60f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009028", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34221", + "tcp.dstport": "443", + "tcp.port": "34221", + "tcp.port": "443", + "tcp.stream": "19", + "tcp.len": "0", + "tcp.seq": "308", + "tcp.ack": "1672", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00004a4d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:fa:e0:4b:43:02:0d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2423520, TSecr 1262682637": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2423520", + "tcp.options.timestamp.tsecr": "1262682637" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "485", + "tcp.analysis.ack_rtt": "0.000655000", + "tcp.analysis.initial_rtt": "0.078163000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.819310000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.819310000", + "frame.time_delta": "0.028491000", + "frame.time_delta_displayed": "0.028491000", + "frame.time_relative": "189.358624000", + "frame.number": "487", + "frame.len": "192", + "frame.cap_len": "192", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "178", + "ip.id": "0x0000c610", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008fa9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34221", + "tcp.dstport": "443", + "tcp.port": "34221", + "tcp.port": "443", + "tcp.stream": "19", + "tcp.len": "126", + "tcp.seq": "308", + "tcp.nxtseq": "434", + "tcp.ack": "1672", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x000056b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:fa:e3:4b:43:02:0d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2423523, TSecr 1262682637": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2423523", + "tcp.options.timestamp.tsecr": "1262682637" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.078163000", + "tcp.analysis.bytes_in_flight": "126", + "tcp.analysis.push_bytes_sent": "126" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "70", + "ssl.handshake": { + "ssl.handshake.type": "16", + "ssl.handshake.length": "66", + "EC Diffie-Hellman Client Params": { + "ssl.handshake.client_point_len": "65", + "ssl.handshake.client_point": "04:91:f4:14:c8:36:9a:15:71:de:15:aa:42:78:63:3c:09:0b:50:23:dd:d7:e4:96:43:ea:d3:d6:ce:fb:23:88:d5:95:25:2c:76:57:74:7a:f7:7a:6d:a7:ae:c6:ae:cb:2a:4f:0b:e4:87:58:c7:23:e6:55:bf:19:50:c3:6a:4f:c4" + } + } + }, + "ssl.record": { + "ssl.record.content_type": "20", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1", + "ssl.change_cipher_spec": "" + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "40", + "ssl.handshake": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.897361000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.897361000", + "frame.time_delta": "0.078051000", + "frame.time_delta_displayed": "0.078051000", + "frame.time_relative": "189.436675000", + "frame.number": "488", + "frame.len": "117", + "frame.cap_len": "117", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "103", + "ip.id": "0x00000d6a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000a19a", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34221", + "tcp.port": "443", + "tcp.port": "34221", + "tcp.stream": "19", + "tcp.len": "51", + "tcp.seq": "1672", + "tcp.nxtseq": "1723", + "tcp.ack": "434", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000077eb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:43:02:28:00:24:fa:e3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262682664, TSecr 2423523": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262682664", + "tcp.options.timestamp.tsecr": "2423523" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "487", + "tcp.analysis.ack_rtt": "0.078051000", + "tcp.analysis.initial_rtt": "0.078163000", + "tcp.analysis.bytes_in_flight": "51", + "tcp.analysis.push_bytes_sent": "51" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "20", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1", + "ssl.change_cipher_spec": "" + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "40", + "ssl.handshake": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.898414000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.898414000", + "frame.time_delta": "0.001053000", + "frame.time_delta_displayed": "0.001053000", + "frame.time_relative": "189.437728000", + "frame.number": "489", + "frame.len": "135", + "frame.cap_len": "135", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "121", + "ip.id": "0x0000c611", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008fe1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34221", + "tcp.dstport": "443", + "tcp.port": "34221", + "tcp.port": "443", + "tcp.stream": "19", + "tcp.len": "69", + "tcp.seq": "434", + "tcp.nxtseq": "503", + "tcp.ack": "1723", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000922c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:fa:eb:4b:43:02:28", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2423531, TSecr 1262682664": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2423531", + "tcp.options.timestamp.tsecr": "1262682664" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "488", + "tcp.analysis.ack_rtt": "0.001053000", + "tcp.analysis.initial_rtt": "0.078163000", + "tcp.analysis.bytes_in_flight": "69", + "tcp.analysis.push_bytes_sent": "69" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "64", + "ssl.app_data": "74:21:9b:30:9a:b6:bf:5d:41:8a:f8:9f:3b:7d:d3:82:b9:de:44:f3:2b:27:9f:6c:4f:74:5d:93:ef:6d:28:8e:73:59:3a:4e:38:8e:6f:b6:1a:e5:65:32:5e:84:a9:a3:25:ce:8f:58:c1:41:ed:b4:77:41:78:8d:df:a0:a6:a9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.977202000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.977202000", + "frame.time_delta": "0.078788000", + "frame.time_delta_displayed": "0.078788000", + "frame.time_relative": "189.516516000", + "frame.number": "490", + "frame.len": "135", + "frame.cap_len": "135", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "121", + "ip.id": "0x00000d6b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000a187", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34221", + "tcp.port": "443", + "tcp.port": "34221", + "tcp.stream": "19", + "tcp.len": "69", + "tcp.seq": "1723", + "tcp.nxtseq": "1792", + "tcp.ack": "503", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ae99", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:43:02:3c:00:24:fa:eb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262682684, TSecr 2423531": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262682684", + "tcp.options.timestamp.tsecr": "2423531" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "489", + "tcp.analysis.ack_rtt": "0.078788000", + "tcp.analysis.initial_rtt": "0.078163000", + "tcp.analysis.bytes_in_flight": "69", + "tcp.analysis.push_bytes_sent": "69" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "64", + "ssl.app_data": "60:5a:b5:67:5e:12:f7:ac:08:cf:00:01:31:78:73:89:53:49:e8:de:f1:77:40:ff:05:b5:55:0b:d7:74:9c:5b:7e:22:01:a5:6a:1d:40:65:da:d0:3d:e2:e4:b4:d5:05:a8:3c:8e:00:fd:e9:be:fd:ee:9f:ac:58:b2:65:4a:82" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:40.978137000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493780.978137000", + "frame.time_delta": "0.000935000", + "frame.time_delta_displayed": "0.000935000", + "frame.time_relative": "189.517451000", + "frame.number": "491", + "frame.len": "555", + "frame.cap_len": "555", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "541", + "ip.id": "0x0000c612", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008e3c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34221", + "tcp.dstport": "443", + "tcp.port": "34221", + "tcp.port": "443", + "tcp.stream": "19", + "tcp.len": "489", + "tcp.seq": "503", + "tcp.nxtseq": "992", + "tcp.ack": "1792", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000d7d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:fa:f3:4b:43:02:3c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2423539, TSecr 1262682684": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2423539", + "tcp.options.timestamp.tsecr": "1262682684" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "490", + "tcp.analysis.ack_rtt": "0.000935000", + "tcp.analysis.initial_rtt": "0.078163000", + "tcp.analysis.bytes_in_flight": "489", + "tcp.analysis.push_bytes_sent": "489" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "484", + "ssl.app_data": "74:21:9b:30:9a:b6:bf:5e:8d:9e:2a:b7:99:31:b2:d8:67:e8:14:f4:bd:36:8c:97:77:6b:a5:1d:85:09:1c:ac:fd:dd:66:ae:eb:14:f2:62:89:3f:af:41:e4:22:ea:9d:84:fe:7c:2e:7a:bd:1c:23:13:e4:5e:05:e8:6d:6a:9f:df:ce:6d:e9:28:d3:26:0c:81:f2:b5:92:09:30:98:db:30:9b:f2:7a:9a:6b:ea:68:8d:dc:dc:03:11:83:f7:00:6b:2b:31:fd:81:63:37:cc:f7:72:e4:13:94:e1:d0:bd:ad:be:1a:73:11:87:fa:4f:b3:88:db:4e:c3:cf:ee:3c:7a:5c:e4:a7:6b:6f:36:f5:fc:cf:dd:d4:bb:6c:ed:5a:04:09:26:20:84:5f:28:c0:e4:71:23:ef:84:07:0c:40:95:6d:74:fa:3c:6b:77:bf:42:d8:31:ea:23:72:42:fd:79:63:df:51:a4:65:21:9f:b7:92:97:70:eb:2e:2a:e5:b9:75:fe:d4:cc:ae:ba:84:89:f0:6a:b5:d7:73:f8:59:3c:3a:17:c9:e1:bb:67:66:44:af:a2:ee:29:69:20:ed:23:7a:3e:71:2e:a9:10:8b:2b:f7:60:a3:9d:e5:9d:d9:82:6f:2f:fe:86:46:8c:95:7f:15:68:f2:d4:37:2e:2c:98:8b:44:da:c5:ea:b1:9c:91:9e:10:fb:0e:da:fd:46:e2:96:e2:4f:eb:cc:81:a8:c5:70:c9:26:f8:f8:3b:7b:ae:69:51:c5:20:04:3e:93:7b:43:7d:60:32:df:52:41:f5:fc:bf:51:fd:8c:c4:a2:48:d7:2f:ee:65:8b:fe:49:dd:53:24:3d:74:e1:d4:7a:9a:8a:fc:20:c5:13:4c:4b:8f:00:65:c0:db:65:a7:f1:9e:5f:2d:70:38:5f:f3:6a:07:1f:42:21:f9:d1:67:4a:82:85:3e:a8:8e:40:59:5c:1b:ea:aa:52:82:33:0d:34:9e:d6:1d:19:9f:4d:9f:83:66:bb:41:99:f8:7e:1a:ab:61:8b:77:c3:c2:36:2b:a5:98:bf:20:62:9a:73:1d:00:44:a2:e7:b3:45:3c:6b:16:7a:82:8e:64:87:90:d0:01:16:70:fd:85:ca:50:99:0e:49:03:d9:ee:aa:c3:5d:66:2d:5d:2d:c7:18:8f:e4:49:63:40:45:f7:b2:87:2f:f3:07:54:2b:3d:35:9c:58:94:15:2f:99:fa:02:1e:d6:5c:65:d6:26:eb:67:ff:42:70:82:1e:4b:d6" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:41.057143000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493781.057143000", + "frame.time_delta": "0.079006000", + "frame.time_delta_displayed": "0.079006000", + "frame.time_relative": "189.596457000", + "frame.number": "492", + "frame.len": "141", + "frame.cap_len": "141", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "127", + "ip.id": "0x00000d6c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000a180", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34221", + "tcp.port": "443", + "tcp.port": "34221", + "tcp.stream": "19", + "tcp.len": "75", + "tcp.seq": "1792", + "tcp.nxtseq": "1867", + "tcp.ack": "992", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002409", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:43:02:50:00:24:fa:f3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262682704, TSecr 2423539": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262682704", + "tcp.options.timestamp.tsecr": "2423539" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "491", + "tcp.analysis.ack_rtt": "0.079006000", + "tcp.analysis.initial_rtt": "0.078163000", + "tcp.analysis.bytes_in_flight": "75", + "tcp.analysis.push_bytes_sent": "75" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "70", + "ssl.app_data": "60:5a:b5:67:5e:12:f7:ad:c5:c4:d1:06:3c:8b:35:ea:41:db:3b:5b:63:35:f8:74:8f:08:67:f2:2e:71:63:02:8f:8b:a0:7b:73:da:c9:4f:20:df:3c:df:48:84:b3:cc:2a:c8:e7:84:f5:1a:40:d6:c0:f4:f4:69:56:58:36:69:ad:43:69:08:dc:c4" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:41.057883000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493781.057883000", + "frame.time_delta": "0.000740000", + "frame.time_delta_displayed": "0.000740000", + "frame.time_relative": "189.597197000", + "frame.number": "493", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000c613", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009024", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34221", + "tcp.dstport": "443", + "tcp.port": "34221", + "tcp.port": "443", + "tcp.stream": "19", + "tcp.len": "0", + "tcp.seq": "992", + "tcp.ack": "1867", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000467f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:24:fa:fb:4b:43:02:50", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2423547, TSecr 1262682704": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2423547", + "tcp.options.timestamp.tsecr": "1262682704" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "492", + "tcp.analysis.ack_rtt": "0.000740000", + "tcp.analysis.initial_rtt": "0.078163000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:41.135628000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493781.135628000", + "frame.time_delta": "0.077745000", + "frame.time_delta_displayed": "0.077745000", + "frame.time_relative": "189.674942000", + "frame.number": "494", + "frame.len": "97", + "frame.cap_len": "97", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "83", + "ip.id": "0x00000d6d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000a1ab", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34221", + "tcp.port": "443", + "tcp.port": "34221", + "tcp.stream": "19", + "tcp.len": "31", + "tcp.seq": "1867", + "tcp.nxtseq": "1898", + "tcp.ack": "993", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007fe1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:43:02:63:00:24:fa:fb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262682723, TSecr 2423547": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262682723", + "tcp.options.timestamp.tsecr": "2423547" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "493", + "tcp.analysis.ack_rtt": "0.077745000", + "tcp.analysis.initial_rtt": "0.078163000", + "tcp.analysis.bytes_in_flight": "31", + "tcp.analysis.push_bytes_sent": "31" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "21", + "ssl.record.version": "0x00000303", + "ssl.record.length": "26", + "ssl.alert_message": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:41.135712000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493781.135712000", + "frame.time_delta": "0.000084000", + "frame.time_delta_displayed": "0.000084000", + "frame.time_relative": "189.675026000", + "frame.number": "495", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000d6e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000a1c9", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34221", + "tcp.port": "443", + "tcp.port": "34221", + "tcp.stream": "19", + "tcp.len": "0", + "tcp.seq": "1898", + "tcp.ack": "993", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000046f3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:43:02:63:00:24:fa:fb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262682723, TSecr 2423547": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262682723", + "tcp.options.timestamp.tsecr": "2423547" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:41.136136000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493781.136136000", + "frame.time_delta": "0.000424000", + "frame.time_delta_displayed": "0.000424000", + "frame.time_relative": "189.675450000", + "frame.number": "496", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000251d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003127", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34221", + "tcp.dstport": "443", + "tcp.port": "34221", + "tcp.port": "443", + "tcp.stream": "19", + "tcp.len": "0", + "tcp.seq": "993", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000ba7c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:41.136148000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493781.136148000", + "frame.time_delta": "0.000012000", + "frame.time_delta_displayed": "0.000012000", + "frame.time_relative": "189.675462000", + "frame.number": "497", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000251e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003126", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34221", + "tcp.dstport": "443", + "tcp.port": "34221", + "tcp.port": "443", + "tcp.stream": "19", + "tcp.len": "0", + "tcp.seq": "993", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000ba7c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:41.450057000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493781.450057000", + "frame.time_delta": "0.313909000", + "frame.time_delta_displayed": "0.313909000", + "frame.time_relative": "189.989371000", + "frame.number": "498", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000016f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b5dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "305", + "udp.checksum": "0x00000366", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "474" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:41.502783000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493781.502783000", + "frame.time_delta": "0.052726000", + "frame.time_delta_displayed": "0.052726000", + "frame.time_relative": "190.042097000", + "frame.number": "499", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00000174", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b5ce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "314", + "udp.checksum": "0x00001151", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "498" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:41.558559000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493781.558559000", + "frame.time_delta": "0.055776000", + "frame.time_delta_displayed": "0.055776000", + "frame.time_relative": "190.097873000", + "frame.number": "500", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00000176", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b5d2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "308", + "udp.checksum": "0x000034db", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "499" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:42.134269000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493782.134269000", + "frame.time_delta": "0.575710000", + "frame.time_delta_displayed": "0.575710000", + "frame.time_relative": "190.673583000", + "frame.number": "501", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00000183", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b5c8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "305", + "udp.checksum": "0x00000366", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "500" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:42.187061000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493782.187061000", + "frame.time_delta": "0.052792000", + "frame.time_delta_displayed": "0.052792000", + "frame.time_relative": "190.726375000", + "frame.number": "502", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00000187", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b5bb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "314", + "udp.checksum": "0x00001151", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "501" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:42.239966000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493782.239966000", + "frame.time_delta": "0.052905000", + "frame.time_delta_displayed": "0.052905000", + "frame.time_relative": "190.779280000", + "frame.number": "503", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000018c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b5bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "308", + "udp.checksum": "0x000034db", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "502" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:43.139097000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493783.139097000", + "frame.time_delta": "0.899131000", + "frame.time_delta_displayed": "0.899131000", + "frame.time_relative": "191.678411000", + "frame.number": "504", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000001da", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b571", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "305", + "udp.checksum": "0x00000366", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "503" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:43.191907000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493783.191907000", + "frame.time_delta": "0.052810000", + "frame.time_delta_displayed": "0.052810000", + "frame.time_relative": "191.731221000", + "frame.number": "505", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000001df", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b563", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "314", + "udp.checksum": "0x00001151", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "504" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:43.244744000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493783.244744000", + "frame.time_delta": "0.052837000", + "frame.time_delta_displayed": "0.052837000", + "frame.time_relative": "191.784058000", + "frame.number": "506", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000001e2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b566", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49589", + "udp.port": "1900", + "udp.port": "49589", + "udp.length": "308", + "udp.checksum": "0x000034db", + "udp.checksum.status": "2", + "udp.stream": "26" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "505" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:45.559961000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493785.559961000", + "frame.time_delta": "2.315217000", + "frame.time_delta_displayed": "2.315217000", + "frame.time_relative": "194.099275000", + "frame.number": "507", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001cf7", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000baf9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000aa5", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000025f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=607", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:45.562432000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493785.562432000", + "frame.time_delta": "0.002471000", + "frame.time_delta_displayed": "0.002471000", + "frame.time_relative": "194.101746000", + "frame.number": "508", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001cf8", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bf4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000eba0", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000025f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=607", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:45.562920000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493785.562920000", + "frame.time_delta": "0.000488000", + "frame.time_delta_displayed": "0.000488000", + "frame.time_relative": "194.102234000", + "frame.number": "509", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007966", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000025f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=607", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:45.992123000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493785.992123000", + "frame.time_delta": "0.429203000", + "frame.time_delta_displayed": "0.429203000", + "frame.time_relative": "194.531437000", + "frame.number": "510", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:nbns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00005b1f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005cc4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "137", + "udp.dstport": "137", + "udp.port": "137", + "udp.port": "137", + "udp.length": "58", + "udp.checksum": "0x0000a430", + "udp.checksum.status": "2", + "udp.stream": "28" + }, + "nbns": { + "nbns.id": "0x0000960d", + "nbns.flags": "0x00000110", + "nbns.flags_tree": { + "nbns.flags.response": "0", + "nbns.flags.opcode": "0", + "nbns.flags.truncated": "0", + "nbns.flags.recdesired": "1", + "nbns.flags.broadcast": "1" + }, + "nbns.count.queries": "1", + "nbns.count.answers": "0", + "nbns.count.auth_rr": "0", + "nbns.count.add_rr": "0", + "Queries": { + "WPAD<00>: type NB, class IN": { + "nbns.name": "WPAD<00>", + "nbns.type": "32", + "nbns.class": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:45.992791000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493785.992791000", + "frame.time_delta": "0.000668000", + "frame.time_delta_displayed": "0.000668000", + "frame.time_relative": "194.532105000", + "frame.number": "511", + "frame.len": "84", + "frame.cap_len": "84", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" + }, + "eth": { + "eth.dst": "33:33:00:01:00:03", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:03", + "eth.addr": "33:33:00:01:00:03", + "eth.addr_resolved": "IPv6mcast_01:00:03", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x0002d4a8", + "ipv6.plen": "30", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::790f:988f:49cf:68ba", + "ipv6.addr": "fe80::790f:988f:49cf:68ba", + "ipv6.src_host": "fe80::790f:988f:49cf:68ba", + "ipv6.host": "fe80::790f:988f:49cf:68ba", + "ipv6.dst": "ff02::1:3", + "ipv6.addr": "ff02::1:3", + "ipv6.dst_host": "ff02::1:3", + "ipv6.host": "ff02::1:3", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51449", + "udp.dstport": "5355", + "udp.port": "51449", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x000038cf", + "udp.checksum.status": "2", + "udp.stream": "29" + }, + "llmnr": { + "dns.id": "0x00004e72", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type A, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:45.993344000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493785.993344000", + "frame.time_delta": "0.000553000", + "frame.time_delta_displayed": "0.000553000", + "frame.time_relative": "194.532658000", + "frame.number": "512", + "frame.len": "64", + "frame.cap_len": "64", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:llmnr" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fc", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fc", + "eth.addr": "01:00:5e:00:00:fc", + "eth.addr_resolved": "IPv4mcast_fc", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "50", + "ip.id": "0x00000572", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00001239", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "224.0.0.252", + "ip.addr": "224.0.0.252", + "ip.dst_host": "224.0.0.252", + "ip.host": "224.0.0.252", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51449", + "udp.dstport": "5355", + "udp.port": "51449", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000586e", + "udp.checksum.status": "2", + "udp.stream": "30" + }, + "llmnr": { + "dns.id": "0x00004e72", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type A, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:45.993972000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493785.993972000", + "frame.time_delta": "0.000628000", + "frame.time_delta_displayed": "0.000628000", + "frame.time_relative": "194.533286000", + "frame.number": "513", + "frame.len": "84", + "frame.cap_len": "84", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" + }, + "eth": { + "eth.dst": "33:33:00:01:00:03", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:03", + "eth.addr": "33:33:00:01:00:03", + "eth.addr_resolved": "IPv6mcast_01:00:03", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x000598d0", + "ipv6.plen": "30", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::790f:988f:49cf:68ba", + "ipv6.addr": "fe80::790f:988f:49cf:68ba", + "ipv6.src_host": "fe80::790f:988f:49cf:68ba", + "ipv6.host": "fe80::790f:988f:49cf:68ba", + "ipv6.dst": "ff02::1:3", + "ipv6.addr": "ff02::1:3", + "ipv6.dst_host": "ff02::1:3", + "ipv6.host": "ff02::1:3", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "61999", + "udp.dstport": "5355", + "udp.port": "61999", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x00005e40", + "udp.checksum.status": "2", + "udp.stream": "31" + }, + "llmnr": { + "dns.id": "0x0000ffaf", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type AAAA, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:45.994561000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493785.994561000", + "frame.time_delta": "0.000589000", + "frame.time_delta_displayed": "0.000589000", + "frame.time_relative": "194.533875000", + "frame.number": "514", + "frame.len": "64", + "frame.cap_len": "64", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:llmnr" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fc", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fc", + "eth.addr": "01:00:5e:00:00:fc", + "eth.addr_resolved": "IPv4mcast_fc", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "50", + "ip.id": "0x00000573", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00001238", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "224.0.0.252", + "ip.addr": "224.0.0.252", + "ip.dst_host": "224.0.0.252", + "ip.host": "224.0.0.252", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "61999", + "udp.dstport": "5355", + "udp.port": "61999", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x00007ddf", + "udp.checksum.status": "2", + "udp.stream": "32" + }, + "llmnr": { + "dns.id": "0x0000ffaf", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type AAAA, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:46.404092000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493786.404092000", + "frame.time_delta": "0.409531000", + "frame.time_delta_displayed": "0.409531000", + "frame.time_relative": "194.943406000", + "frame.number": "515", + "frame.len": "84", + "frame.cap_len": "84", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" + }, + "eth": { + "eth.dst": "33:33:00:01:00:03", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:03", + "eth.addr": "33:33:00:01:00:03", + "eth.addr_resolved": "IPv6mcast_01:00:03", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x0002d4a8", + "ipv6.plen": "30", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::790f:988f:49cf:68ba", + "ipv6.addr": "fe80::790f:988f:49cf:68ba", + "ipv6.src_host": "fe80::790f:988f:49cf:68ba", + "ipv6.host": "fe80::790f:988f:49cf:68ba", + "ipv6.dst": "ff02::1:3", + "ipv6.addr": "ff02::1:3", + "ipv6.dst_host": "ff02::1:3", + "ipv6.host": "ff02::1:3", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51449", + "udp.dstport": "5355", + "udp.port": "51449", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x000038cf", + "udp.checksum.status": "2", + "udp.stream": "29" + }, + "llmnr": { + "dns.id": "0x00004e72", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type A, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:46.404663000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493786.404663000", + "frame.time_delta": "0.000571000", + "frame.time_delta_displayed": "0.000571000", + "frame.time_relative": "194.943977000", + "frame.number": "516", + "frame.len": "64", + "frame.cap_len": "64", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:llmnr" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fc", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fc", + "eth.addr": "01:00:5e:00:00:fc", + "eth.addr_resolved": "IPv4mcast_fc", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "50", + "ip.id": "0x00000574", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00001237", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "224.0.0.252", + "ip.addr": "224.0.0.252", + "ip.dst_host": "224.0.0.252", + "ip.host": "224.0.0.252", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51449", + "udp.dstport": "5355", + "udp.port": "51449", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000586e", + "udp.checksum.status": "2", + "udp.stream": "30" + }, + "llmnr": { + "dns.id": "0x00004e72", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type A, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:46.405259000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493786.405259000", + "frame.time_delta": "0.000596000", + "frame.time_delta_displayed": "0.000596000", + "frame.time_relative": "194.944573000", + "frame.number": "517", + "frame.len": "64", + "frame.cap_len": "64", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:llmnr" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fc", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fc", + "eth.addr": "01:00:5e:00:00:fc", + "eth.addr_resolved": "IPv4mcast_fc", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "50", + "ip.id": "0x00000575", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00001236", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "224.0.0.252", + "ip.addr": "224.0.0.252", + "ip.dst_host": "224.0.0.252", + "ip.host": "224.0.0.252", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "61999", + "udp.dstport": "5355", + "udp.port": "61999", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x00007ddf", + "udp.checksum.status": "2", + "udp.stream": "32" + }, + "llmnr": { + "dns.id": "0x0000ffaf", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type AAAA, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:46.405977000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493786.405977000", + "frame.time_delta": "0.000718000", + "frame.time_delta_displayed": "0.000718000", + "frame.time_relative": "194.945291000", + "frame.number": "518", + "frame.len": "84", + "frame.cap_len": "84", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" + }, + "eth": { + "eth.dst": "33:33:00:01:00:03", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:03", + "eth.addr": "33:33:00:01:00:03", + "eth.addr_resolved": "IPv6mcast_01:00:03", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x000598d0", + "ipv6.plen": "30", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::790f:988f:49cf:68ba", + "ipv6.addr": "fe80::790f:988f:49cf:68ba", + "ipv6.src_host": "fe80::790f:988f:49cf:68ba", + "ipv6.host": "fe80::790f:988f:49cf:68ba", + "ipv6.dst": "ff02::1:3", + "ipv6.addr": "ff02::1:3", + "ipv6.dst_host": "ff02::1:3", + "ipv6.host": "ff02::1:3", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "61999", + "udp.dstport": "5355", + "udp.port": "61999", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x00005e40", + "udp.checksum.status": "2", + "udp.stream": "31" + }, + "llmnr": { + "dns.id": "0x0000ffaf", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type AAAA, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:46.744253000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493786.744253000", + "frame.time_delta": "0.338276000", + "frame.time_delta_displayed": "0.338276000", + "frame.time_relative": "195.283567000", + "frame.number": "519", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:nbns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00005b20", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005cc3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "137", + "udp.dstport": "137", + "udp.port": "137", + "udp.port": "137", + "udp.length": "58", + "udp.checksum": "0x0000a430", + "udp.checksum.status": "2", + "udp.stream": "28" + }, + "nbns": { + "nbns.id": "0x0000960d", + "nbns.flags": "0x00000110", + "nbns.flags_tree": { + "nbns.flags.response": "0", + "nbns.flags.opcode": "0", + "nbns.flags.truncated": "0", + "nbns.flags.recdesired": "1", + "nbns.flags.broadcast": "1" + }, + "nbns.count.queries": "1", + "nbns.count.answers": "0", + "nbns.count.auth_rr": "0", + "nbns.count.add_rr": "0", + "Queries": { + "WPAD<00>: type NB, class IN": { + "nbns.name": "WPAD<00>", + "nbns.type": "32", + "nbns.class": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:47.495121000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493787.495121000", + "frame.time_delta": "0.750868000", + "frame.time_delta_displayed": "0.750868000", + "frame.time_relative": "196.034435000", + "frame.number": "520", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:nbns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00005b21", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005cc2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "137", + "udp.dstport": "137", + "udp.port": "137", + "udp.port": "137", + "udp.length": "58", + "udp.checksum": "0x0000a430", + "udp.checksum.status": "2", + "udp.stream": "28" + }, + "nbns": { + "nbns.id": "0x0000960d", + "nbns.flags": "0x00000110", + "nbns.flags_tree": { + "nbns.flags.response": "0", + "nbns.flags.opcode": "0", + "nbns.flags.truncated": "0", + "nbns.flags.recdesired": "1", + "nbns.flags.broadcast": "1" + }, + "nbns.count.queries": "1", + "nbns.count.answers": "0", + "nbns.count.auth_rr": "0", + "nbns.count.add_rr": "0", + "Queries": { + "WPAD<00>: type NB, class IN": { + "nbns.name": "WPAD<00>", + "nbns.type": "32", + "nbns.class": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:50.557387000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493790.557387000", + "frame.time_delta": "3.062266000", + "frame.time_delta_displayed": "3.062266000", + "frame.time_relative": "199.096701000", + "frame.number": "521", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001cf9", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000baf7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000aa5", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000025f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=607", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:50.557936000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493790.557936000", + "frame.time_delta": "0.000549000", + "frame.time_delta_displayed": "0.000549000", + "frame.time_relative": "199.097250000", + "frame.number": "522", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001cfa", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bf2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000eba0", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000025f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=607", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:50.558732000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493790.558732000", + "frame.time_delta": "0.000796000", + "frame.time_delta_displayed": "0.000796000", + "frame.time_relative": "199.098046000", + "frame.number": "523", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007966", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000025f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=607", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:55.560123000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493795.560123000", + "frame.time_delta": "5.001391000", + "frame.time_delta_displayed": "5.001391000", + "frame.time_relative": "204.099437000", + "frame.number": "524", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001cfb", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000baf5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000aa5", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000025f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=607", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:55.560618000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493795.560618000", + "frame.time_delta": "0.000495000", + "frame.time_delta_displayed": "0.000495000", + "frame.time_relative": "204.099932000", + "frame.number": "525", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001cfc", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bf0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000eba0", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000025f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=607", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:49:55.560875000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493795.560875000", + "frame.time_delta": "0.000257000", + "frame.time_delta_displayed": "0.000257000", + "frame.time_relative": "204.100189000", + "frame.number": "526", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007966", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000025f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=607", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:01.304374000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493801.304374000", + "frame.time_delta": "5.743499000", + "frame.time_delta_displayed": "5.743499000", + "frame.time_relative": "209.843688000", + "frame.number": "527", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00005a95", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00006ec2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:01.329843000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493801.329843000", + "frame.time_delta": "0.025469000", + "frame.time_delta_displayed": "0.025469000", + "frame.time_relative": "209.869157000", + "frame.number": "528", + "frame.len": "213", + "frame.cap_len": "213", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "199", + "ip.id": "0x000094ff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077ed", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "147", + "tcp.seq": "4177", + "tcp.nxtseq": "4324", + "tcp.ack": "607", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000041c1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:02:e6:a7:9b:aa:2e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2425574, TSecr 2811996718": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2425574", + "tcp.options.timestamp.tsecr": "2811996718" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "147", + "tcp.analysis.push_bytes_sent": "147" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "142", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:a0:e5:ce:5a:0e:b5:f0:fa:31:72:06:11:5d:12:82:c4:53:cc:7d:08:95:41:d4:d3:30:d9:7c:b4:ed:7a:6a:2d:82:a4:f6:41:cd:ca:ba:53:89:64:38:d5:d8:14:8f:1b:0f:35:1f:91:6c:0f:38:aa:32:93:47:f4:01:9a:a7:e1:b6:2d:70:6b:9c:77:9b:d4:84:f9:48:f0:d5:aa:09:ed:92:48:3f:0f:ee:aa:5b:5e:b2:e1:6b:7b:d3:f2:80:ac:06:11:10:dc:e0:7c:08:be:6f:0f:0a:bc:c9:57:8b:47:d9:45:6c:59:66:4d:88:09:b5:62:73:d9:b0:a0:a6:17:99:b7:19:40:cf:ca:b9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:01.357194000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493801.357194000", + "frame.time_delta": "0.027351000", + "frame.time_delta_displayed": "0.027351000", + "frame.time_relative": "209.896508000", + "frame.number": "529", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00005a97", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00006ec0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:01.410074000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493801.410074000", + "frame.time_delta": "0.052880000", + "frame.time_delta_displayed": "0.052880000", + "frame.time_relative": "209.949388000", + "frame.number": "530", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00005a9b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00006eb3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:01.426192000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493801.426192000", + "frame.time_delta": "0.016118000", + "frame.time_delta_displayed": "0.016118000", + "frame.time_relative": "209.965506000", + "frame.number": "531", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002bfa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003985", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "607", + "tcp.ack": "4324", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ca06", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9b:c8:61:00:25:02:e6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812004449, TSecr 2425574": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812004449", + "tcp.options.timestamp.tsecr": "2425574" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "528", + "tcp.analysis.ack_rtt": "0.096349000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:01.442618000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493801.442618000", + "frame.time_delta": "0.016426000", + "frame.time_delta_displayed": "0.016426000", + "frame.time_relative": "209.981932000", + "frame.number": "532", + "frame.len": "196", + "frame.cap_len": "196", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "182", + "ip.id": "0x00009500", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "130", + "tcp.seq": "4324", + "tcp.nxtseq": "4454", + "tcp.ack": "607", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001bb2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:02:f2:a7:9b:c8:61", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2425586, TSecr 2812004449": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2425586", + "tcp.options.timestamp.tsecr": "2812004449" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "130", + "tcp.analysis.push_bytes_sent": "130" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "125", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:a1:25:8b:13:f0:99:a7:bc:d3:99:b3:29:2c:1c:25:6f:a9:86:0f:bf:2f:99:5b:4b:f0:4d:d7:56:49:b9:3e:49:36:7e:e9:a1:bf:c1:0f:34:bd:76:57:4c:67:fc:79:e2:a7:17:c0:ca:fd:7a:ad:fd:e5:a3:f6:97:aa:8c:a5:45:51:22:52:ee:db:fb:29:09:f3:4d:11:20:80:bb:b0:9f:61:63:5a:69:ba:a1:17:f6:a6:c3:18:03:4b:9f:7e:46:ed:c2:99:ab:e3:d8:a6:5c:a4:5f:a9:5b:ad:53:9c:f6:9c:2e:8b:12:3d:04" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:01.462995000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493801.462995000", + "frame.time_delta": "0.020377000", + "frame.time_delta_displayed": "0.020377000", + "frame.time_relative": "210.002309000", + "frame.number": "533", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00005aa0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00006eae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:01.502803000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493801.502803000", + "frame.time_delta": "0.039808000", + "frame.time_delta_displayed": "0.039808000", + "frame.time_relative": "210.042117000", + "frame.number": "534", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002bfb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003984", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "607", + "tcp.ack": "4454", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c965", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9b:c8:74:00:25:02:f2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812004468, TSecr 2425586": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812004468", + "tcp.options.timestamp.tsecr": "2425586" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "532", + "tcp.analysis.ack_rtt": "0.060185000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:01.515229000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493801.515229000", + "frame.time_delta": "0.012426000", + "frame.time_delta_displayed": "0.012426000", + "frame.time_relative": "210.054543000", + "frame.number": "535", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009501", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000784d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "4454", + "tcp.nxtseq": "4503", + "tcp.ack": "607", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005b96", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:02:f9:a7:9b:c8:74", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2425593, TSecr 2812004468": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2425593", + "tcp.options.timestamp.tsecr": "2812004468" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:a2:99:56:88:bd:78:ee:d3:e0:78:1f:84:36:d4:f9:30:eb:8b:7d:3e:d0:21:37:d3:be:8d:25:5e:12:a5:e6:59:54:50:aa:15:49" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:01.515866000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493801.515866000", + "frame.time_delta": "0.000637000", + "frame.time_delta_displayed": "0.000637000", + "frame.time_relative": "210.055180000", + "frame.number": "536", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00005aa1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00006eb3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:01.568701000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493801.568701000", + "frame.time_delta": "0.052835000", + "frame.time_delta_displayed": "0.052835000", + "frame.time_relative": "210.108015000", + "frame.number": "537", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00005aa5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00006eaf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:01.575364000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493801.575364000", + "frame.time_delta": "0.006663000", + "frame.time_delta_displayed": "0.006663000", + "frame.time_relative": "210.114678000", + "frame.number": "538", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002bfc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003983", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "607", + "tcp.ack": "4503", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c91b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9b:c8:86:00:25:02:f9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812004486, TSecr 2425593": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812004486", + "tcp.options.timestamp.tsecr": "2425593" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "535", + "tcp.analysis.ack_rtt": "0.060135000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:01.575839000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493801.575839000", + "frame.time_delta": "0.000475000", + "frame.time_delta_displayed": "0.000475000", + "frame.time_relative": "210.115153000", + "frame.number": "539", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002bfd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000394b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "607", + "tcp.nxtseq": "662", + "tcp.ack": "4503", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cf62", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9b:c8:86:00:25:02:f9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812004486, TSecr 2425593": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812004486", + "tcp.options.timestamp.tsecr": "2425593" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:36:84:e6:dd:6c:59:32:98:1d:97:c3:5e:97:54:4f:0a:e1:a6:1d:96:09:f8:33:86:8e:82:0b:fd:ab:fc:6e:c5:0f:09:92:d8:19:ae:30:e6:f8:9c:26" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:01.576331000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493801.576331000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "210.115645000", + "frame.number": "540", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009502", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000787d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "4503", + "tcp.ack": "662", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c7ef", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:02:ff:a7:9b:c8:86", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2425599, TSecr 2812004486": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2425599", + "tcp.options.timestamp.tsecr": "2812004486" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "539", + "tcp.analysis.ack_rtt": "0.000492000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:04.474499000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493804.474499000", + "frame.time_delta": "2.898168000", + "frame.time_delta_displayed": "2.898168000", + "frame.time_relative": "213.013813000", + "frame.number": "541", + "frame.len": "94", + "frame.cap_len": "94", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "80", + "ip.id": "0x000057d6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a693", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "40", + "tcp.seq": "42", + "tcp.nxtseq": "82", + "tcp.ack": "37", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000083c5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "40", + "tcp.analysis.push_bytes_sent": "40" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "35", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:dd:ca:6b:b9:13:cc:e0:4e:eb:a9:a7:cb:a4:73:66:2a:c7:31:a0:fa:64:cd:17:3a:92:3d:e8:cc" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:04.617587000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493804.617587000", + "frame.time_delta": "0.143088000", + "frame.time_delta_displayed": "0.143088000", + "frame.time_relative": "213.156901000", + "frame.number": "542", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fc8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdc9", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "37", + "tcp.ack": "82", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000010c0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "541", + "tcp.analysis.ack_rtt": "0.143088000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:04.695063000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493804.695063000", + "frame.time_delta": "0.077476000", + "frame.time_delta_displayed": "0.077476000", + "frame.time_relative": "213.234377000", + "frame.number": "543", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00000fc9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fda4", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "36", + "tcp.seq": "37", + "tcp.nxtseq": "73", + "tcp.ack": "82", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002752", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "36", + "tcp.analysis.push_bytes_sent": "36" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "31", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:63:fa:b4:1b:a9:a9:65:db:a3:6f:c0:7e:1b:5a:e9:30:14:f9:f2:2d:cd:15:8d:07" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:04.695557000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493804.695557000", + "frame.time_delta": "0.000494000", + "frame.time_delta_displayed": "0.000494000", + "frame.time_relative": "213.234871000", + "frame.number": "544", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057d7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "82", + "tcp.ack": "73", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000626", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "543", + "tcp.analysis.ack_rtt": "0.000494000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:05.558225000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493805.558225000", + "frame.time_delta": "0.862668000", + "frame.time_delta_displayed": "0.862668000", + "frame.time_relative": "214.097539000", + "frame.number": "545", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d00", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000baf0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x000009a4", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000260", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=608", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:05.558796000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493805.558796000", + "frame.time_delta": "0.000571000", + "frame.time_delta_displayed": "0.000571000", + "frame.time_relative": "214.098110000", + "frame.number": "546", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d01", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009beb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ea9f", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000260", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=608", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:05.559354000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493805.559354000", + "frame.time_delta": "0.000558000", + "frame.time_delta_displayed": "0.000558000", + "frame.time_relative": "214.098668000", + "frame.number": "547", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007865", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000260", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=608", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:06.092211000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493806.092211000", + "frame.time_delta": "0.532857000", + "frame.time_delta_displayed": "0.532857000", + "frame.time_relative": "214.631525000", + "frame.number": "548", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005b26", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005cc3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:06.430432000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493806.430432000", + "frame.time_delta": "0.338221000", + "frame.time_delta_displayed": "0.338221000", + "frame.time_relative": "214.969746000", + "frame.number": "549", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:06.430874000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493806.430874000", + "frame.time_delta": "0.000442000", + "frame.time_delta_displayed": "0.000442000", + "frame.time_relative": "214.970188000", + "frame.number": "550", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:09.360347000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493809.360347000", + "frame.time_delta": "2.929473000", + "frame.time_delta_displayed": "2.929473000", + "frame.time_relative": "217.899661000", + "frame.number": "551", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "50:c7:bf:59:d5:84", + "eth.src_tree": { + "eth.src_resolved": "Tp-LinkT_59:d5:84", + "eth.addr": "50:c7:bf:59:d5:84", + "eth.addr_resolved": "Tp-LinkT_59:d5:84", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "50:c7:bf:59:d5:84", + "arp.src.proto_ipv4": "192.168.0.221", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:09.630173000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493809.630173000", + "frame.time_delta": "0.269826000", + "frame.time_delta_displayed": "0.269826000", + "frame.time_relative": "218.169487000", + "frame.number": "552", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:09.630672000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493809.630672000", + "frame.time_delta": "0.000499000", + "frame.time_delta_displayed": "0.000499000", + "frame.time_relative": "218.169986000", + "frame.number": "553", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:10.558500000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493810.558500000", + "frame.time_delta": "0.927828000", + "frame.time_delta_displayed": "0.927828000", + "frame.time_relative": "219.097814000", + "frame.number": "554", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d02", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000baee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x000009a4", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000260", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=608", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:10.559061000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493810.559061000", + "frame.time_delta": "0.000561000", + "frame.time_delta_displayed": "0.000561000", + "frame.time_relative": "219.098375000", + "frame.number": "555", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d03", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009be9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ea9f", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000260", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=608", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:10.559631000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493810.559631000", + "frame.time_delta": "0.000570000", + "frame.time_delta_displayed": "0.000570000", + "frame.time_relative": "219.098945000", + "frame.number": "556", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007865", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000260", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=608", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:15.558793000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493815.558793000", + "frame.time_delta": "4.999162000", + "frame.time_delta_displayed": "4.999162000", + "frame.time_relative": "224.098107000", + "frame.number": "557", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d04", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000baec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x000009a4", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000260", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=608", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:15.559345000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493815.559345000", + "frame.time_delta": "0.000552000", + "frame.time_delta_displayed": "0.000552000", + "frame.time_relative": "224.098659000", + "frame.number": "558", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d05", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009be7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ea9f", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000260", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=608", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:15.559982000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493815.559982000", + "frame.time_delta": "0.000637000", + "frame.time_delta_displayed": "0.000637000", + "frame.time_relative": "224.099296000", + "frame.number": "559", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007865", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000260", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=608", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:19.830441000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493819.830441000", + "frame.time_delta": "4.270459000", + "frame.time_delta_displayed": "4.270459000", + "frame.time_relative": "228.369755000", + "frame.number": "560", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:20.095018000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493820.095018000", + "frame.time_delta": "0.264577000", + "frame.time_delta_displayed": "0.264577000", + "frame.time_relative": "228.634332000", + "frame.number": "561", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:20.130180000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493820.130180000", + "frame.time_delta": "0.035162000", + "frame.time_delta_displayed": "0.035162000", + "frame.time_relative": "228.669494000", + "frame.number": "562", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:20.183514000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493820.183514000", + "frame.time_delta": "0.053334000", + "frame.time_delta_displayed": "0.053334000", + "frame.time_relative": "228.722828000", + "frame.number": "563", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:20.498099000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493820.498099000", + "frame.time_delta": "0.314585000", + "frame.time_delta_displayed": "0.314585000", + "frame.time_relative": "229.037413000", + "frame.number": "564", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:25.214445000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493825.214445000", + "frame.time_delta": "4.716346000", + "frame.time_delta_displayed": "4.716346000", + "frame.time_relative": "233.753759000", + "frame.number": "565", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:25.559331000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493825.559331000", + "frame.time_delta": "0.344886000", + "frame.time_delta_displayed": "0.344886000", + "frame.time_relative": "234.098645000", + "frame.number": "566", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d08", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bae8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x000008a3", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000261", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=609", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:25.559891000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493825.559891000", + "frame.time_delta": "0.000560000", + "frame.time_delta_displayed": "0.000560000", + "frame.time_relative": "234.099205000", + "frame.number": "567", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d09", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009be3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000e99e", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000261", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=609", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:25.560467000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493825.560467000", + "frame.time_delta": "0.000576000", + "frame.time_delta_displayed": "0.000576000", + "frame.time_relative": "234.099781000", + "frame.number": "568", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007764", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000261", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=609", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:28.758226000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493828.758226000", + "frame.time_delta": "3.197759000", + "frame.time_delta_displayed": "3.197759000", + "frame.time_relative": "237.297540000", + "frame.number": "569", + "frame.len": "142", + "frame.cap_len": "142", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:adwin_config" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "128", + "ip.id": "0x00000a8f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edf5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "108", + "udp.checksum": "0x00007b2a", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "adwin_config": { + "adwin_config.command": "1409286244", + "adwin_config.version": "1380667970", + "adwin_config.mac": "d0:73:d5:02:41:da", + "adwin_config.unused": "", + "adwin_config.server_ip": "88.70.73.76", + "adwin_config.unused": "", + "adwin_config.netmask": "139.208.244.4", + "adwin_config.unused": "", + "adwin_config.gateway": "0.0.0.59", + "adwin_config.unused": "", + "adwin_config.dhcp": "1", + "adwin_config.port": "351456418", + "adwin_config.password": "", + "adwin_config.bootloader": "0", + "adwin_config.unused": "", + "adwin_config.description": "", + "adwin_config.date": "", + "adwin_config.revision": "", + "adwin_config.processor_type_raw": "", + "adwin_config.processor_type": "Unknown", + "adwin_config.system_type_raw": "", + "adwin_config.system_type": "Unknown" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:28.853430000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493828.853430000", + "frame.time_delta": "0.095204000", + "frame.time_delta_displayed": "0.095204000", + "frame.time_relative": "237.392744000", + "frame.number": "570", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:30.559641000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493830.559641000", + "frame.time_delta": "1.706211000", + "frame.time_delta_displayed": "1.706211000", + "frame.time_relative": "239.098955000", + "frame.number": "571", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d0a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bae6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x000008a3", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000261", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=609", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:30.560204000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493830.560204000", + "frame.time_delta": "0.000563000", + "frame.time_delta_displayed": "0.000563000", + "frame.time_relative": "239.099518000", + "frame.number": "572", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d0b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009be1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000e99e", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000261", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=609", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:30.560765000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493830.560765000", + "frame.time_delta": "0.000561000", + "frame.time_delta_displayed": "0.000561000", + "frame.time_relative": "239.100079000", + "frame.number": "573", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007764", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000261", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=609", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:32.591021000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493832.591021000", + "frame.time_delta": "2.030256000", + "frame.time_delta_displayed": "2.030256000", + "frame.time_relative": "241.130335000", + "frame.number": "574", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009503", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000784b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "4503", + "tcp.nxtseq": "4552", + "tcp.ack": "662", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008a14", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:0f:1d:a7:9b:c8:86", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2428701, TSecr 2812004486": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2428701", + "tcp.options.timestamp.tsecr": "2812004486" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:a3:ac:89:27:45:98:c2:b3:10:98:7f:49:d2:4b:cb:99:e8:96:5c:a9:30:96:81:94:05:c9:0b:0c:b1:bc:3d:9c:44:6c:ce:77:c2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:32.651741000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493832.651741000", + "frame.time_delta": "0.060720000", + "frame.time_delta_displayed": "0.060720000", + "frame.time_relative": "241.191055000", + "frame.number": "575", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002bfe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000394a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "662", + "tcp.nxtseq": "717", + "tcp.ack": "4552", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000126f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9b:e6:df:00:25:0f:1d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812012255, TSecr 2428701": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812012255", + "tcp.options.timestamp.tsecr": "2428701" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "574", + "tcp.analysis.ack_rtt": "0.060720000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:37:e3:28:0f:e5:f7:96:4a:f4:6a:c7:ef:5a:73:bf:a7:46:d7:f5:2d:c7:66:85:4f:a2:42:36:76:ef:c5:00:cf:d2:db:00:19:04:40:85:cb:33:12:7e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:32.652241000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493832.652241000", + "frame.time_delta": "0.000500000", + "frame.time_delta_displayed": "0.000500000", + "frame.time_relative": "241.191555000", + "frame.number": "576", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009504", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000787b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "4552", + "tcp.ack": "717", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009d0a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:0f:23:a7:9b:e6:df", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2428707, TSecr 2812012255": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2428707", + "tcp.options.timestamp.tsecr": "2812012255" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "575", + "tcp.analysis.ack_rtt": "0.000500000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:34.691002000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493834.691002000", + "frame.time_delta": "2.038761000", + "frame.time_delta_displayed": "2.038761000", + "frame.time_relative": "243.230316000", + "frame.number": "577", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057d8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6b9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "81", + "tcp.ack": "73", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000627", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:34.834148000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493834.834148000", + "frame.time_delta": "0.143146000", + "frame.time_delta_displayed": "0.143146000", + "frame.time_relative": "243.373462000", + "frame.number": "578", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdc7", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "73", + "tcp.ack": "82", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000109c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:35.559897000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493835.559897000", + "frame.time_delta": "0.725749000", + "frame.time_delta_displayed": "0.725749000", + "frame.time_relative": "244.099211000", + "frame.number": "579", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d0c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bae4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x000008a3", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000261", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=609", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:35.560458000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493835.560458000", + "frame.time_delta": "0.000561000", + "frame.time_delta_displayed": "0.000561000", + "frame.time_relative": "244.099772000", + "frame.number": "580", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d0d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bdf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000e99e", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000261", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=609", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:35.561047000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493835.561047000", + "frame.time_delta": "0.000589000", + "frame.time_delta_displayed": "0.000589000", + "frame.time_relative": "244.100361000", + "frame.number": "581", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007764", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000261", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=609", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:36.093897000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493836.093897000", + "frame.time_delta": "0.532850000", + "frame.time_delta_displayed": "0.532850000", + "frame.time_relative": "244.633211000", + "frame.number": "582", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005b2d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005cbc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:37.660409000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493837.660409000", + "frame.time_delta": "1.566512000", + "frame.time_delta_displayed": "1.566512000", + "frame.time_relative": "246.199723000", + "frame.number": "583", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:37.660831000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493837.660831000", + "frame.time_delta": "0.000422000", + "frame.time_delta_displayed": "0.000422000", + "frame.time_relative": "246.200145000", + "frame.number": "584", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:38.766089000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493838.766089000", + "frame.time_delta": "1.105258000", + "frame.time_delta_displayed": "1.105258000", + "frame.time_relative": "247.305403000", + "frame.number": "585", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x00009505", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000771a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "4552", + "tcp.nxtseq": "4904", + "tcp.ack": "717", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000950f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:11:86:a7:9b:e6:df", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2429318, TSecr 2812012255": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2429318", + "tcp.options.timestamp.tsecr": "2812012255" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "352", + "tcp.analysis.push_bytes_sent": "352" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "347", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:a4:9f:ba:73:58:d2:92:77:40:06:d9:54:3d:f8:9e:53:97:0f:3c:fa:a6:d1:92:94:af:28:f6:95:37:db:8b:32:25:f6:b6:6e:c3:13:53:08:1b:30:3b:55:9a:48:a3:49:a3:21:84:b4:e2:52:df:e0:03:89:66:42:84:ef:03:de:e2:77:2e:ad:81:68:be:39:d2:94:89:36:c8:f1:d2:c3:33:c3:2d:6d:db:74:26:38:0f:0b:a3:59:bd:aa:7d:7e:7b:c0:51:d7:a3:80:5e:d7:41:95:96:f1:cf:ef:08:0e:b5:66:8a:2f:ac:3c:bc:67:4f:33:2c:b1:6c:f8:13:72:bd:9a:20:9d:12:24:50:8f:98:6d:3b:24:b6:e6:27:8e:39:f5:87:03:4f:e5:94:17:5f:db:9a:19:6d:98:22:3b:97:e1:44:34:96:3f:9c:02:30:5f:52:b9:aa:e0:85:f2:64:35:0d:46:4e:a4:ea:c4:8c:bd:b6:0d:6b:a4:ba:bd:8d:92:38:df:bd:56:4f:c4:aa:ed:be:5b:4a:b2:b4:8f:b3:03:42:db:cc:f9:48:dc:24:7b:54:9c:1e:ad:2c:07:08:b6:bc:94:71:8e:04:41:d0:de:90:65:18:1a:af:37:f7:83:c4:a9:a8:02:4b:76:c4:ac:f7:38:ea:5d:38:91:68:5b:03:5d:00:12:45:01:53:b8:0e:ef:e5:6f:ff:b2:cb:69:dd:e4:40:d8:ea:5b:a6:ce:2a:f2:45:0f:01:fe:4b:4f:57:2b:14:f6:8a:f9:35:90:1f:d3:45:0c:f7:b2:95:67:25:e0:e3:c1:5b:06:60:95:7b:d2:8b:24:11:e6:56:a7:80:e4:22:75:57:77:11:82:72:c1:a2:75:f5:9d:37:fb:32:56" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:38.827248000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493838.827248000", + "frame.time_delta": "0.061159000", + "frame.time_delta_displayed": "0.061159000", + "frame.time_relative": "247.366562000", + "frame.number": "586", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002bff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003951", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "717", + "tcp.nxtseq": "764", + "tcp.ack": "4904", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007898", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9b:ec:e7:00:25:11:86", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812013799, TSecr 2429318": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812013799", + "tcp.options.timestamp.tsecr": "2429318" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "585", + "tcp.analysis.ack_rtt": "0.061159000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:38:18:66:b1:ff:7a:f5:20:71:ea:c6:8f:69:47:92:85:09:22:47:db:93:89:e3:0d:89:93:ba:7f:54:0b:4d:25:1b:18:1b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:38.827686000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493838.827686000", + "frame.time_delta": "0.000438000", + "frame.time_delta_displayed": "0.000438000", + "frame.time_relative": "247.367000000", + "frame.number": "587", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009506", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007879", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "4904", + "tcp.ack": "764", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000930a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:11:8c:a7:9b:ec:e7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2429324, TSecr 2812013799": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2429324", + "tcp.options.timestamp.tsecr": "2812013799" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "586", + "tcp.analysis.ack_rtt": "0.000438000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:39.700924000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493839.700924000", + "frame.time_delta": "0.873238000", + "frame.time_delta_displayed": "0.873238000", + "frame.time_relative": "248.240238000", + "frame.number": "588", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:39.701107000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493839.701107000", + "frame.time_delta": "0.000183000", + "frame.time_delta_displayed": "0.000183000", + "frame.time_relative": "248.240421000", + "frame.number": "589", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:45.560506000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493845.560506000", + "frame.time_delta": "5.859399000", + "frame.time_delta_displayed": "5.859399000", + "frame.time_relative": "254.099820000", + "frame.number": "590", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d0e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bae2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x000011a1", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000262", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=610", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:45.561049000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493845.561049000", + "frame.time_delta": "0.000543000", + "frame.time_delta_displayed": "0.000543000", + "frame.time_relative": "254.100363000", + "frame.number": "591", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d0f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bdd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f29c", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000262", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=610", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:45.561610000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493845.561610000", + "frame.time_delta": "0.000561000", + "frame.time_delta_displayed": "0.000561000", + "frame.time_relative": "254.100924000", + "frame.number": "592", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008062", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000262", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=610", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:50.560732000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493850.560732000", + "frame.time_delta": "4.999122000", + "frame.time_delta_displayed": "4.999122000", + "frame.time_relative": "259.100046000", + "frame.number": "593", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d13", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000badd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x000011a1", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000262", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=610", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:50.561298000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493850.561298000", + "frame.time_delta": "0.000566000", + "frame.time_delta_displayed": "0.000566000", + "frame.time_relative": "259.100612000", + "frame.number": "594", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d14", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bd8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f29c", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000262", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=610", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:50.561869000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493850.561869000", + "frame.time_delta": "0.000571000", + "frame.time_delta_displayed": "0.000571000", + "frame.time_relative": "259.101183000", + "frame.number": "595", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008062", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000262", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=610", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:54.369662000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493854.369662000", + "frame.time_delta": "3.807793000", + "frame.time_delta_displayed": "3.807793000", + "frame.time_relative": "262.908976000", + "frame.number": "596", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00006482", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000064d5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:54.422563000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493854.422563000", + "frame.time_delta": "0.052901000", + "frame.time_delta_displayed": "0.052901000", + "frame.time_relative": "262.961877000", + "frame.number": "597", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00006484", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000064d3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:54.475463000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493854.475463000", + "frame.time_delta": "0.052900000", + "frame.time_delta_displayed": "0.052900000", + "frame.time_relative": "263.014777000", + "frame.number": "598", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00006485", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000064c9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:54.528304000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493854.528304000", + "frame.time_delta": "0.052841000", + "frame.time_delta_displayed": "0.052841000", + "frame.time_relative": "263.067618000", + "frame.number": "599", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00006486", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000064c8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:54.581211000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493854.581211000", + "frame.time_delta": "0.052907000", + "frame.time_delta_displayed": "0.052907000", + "frame.time_relative": "263.120525000", + "frame.number": "600", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00006489", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000064cb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:54.634042000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493854.634042000", + "frame.time_delta": "0.052831000", + "frame.time_delta_displayed": "0.052831000", + "frame.time_relative": "263.173356000", + "frame.number": "601", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000648e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000064c6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:55.561032000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493855.561032000", + "frame.time_delta": "0.926990000", + "frame.time_delta_displayed": "0.926990000", + "frame.time_relative": "264.100346000", + "frame.number": "602", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d15", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000badb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x000011a1", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000262", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=610", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:55.561584000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493855.561584000", + "frame.time_delta": "0.000552000", + "frame.time_delta_displayed": "0.000552000", + "frame.time_relative": "264.100898000", + "frame.number": "603", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d16", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bd6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f29c", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000262", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=610", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:50:55.562516000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493855.562516000", + "frame.time_delta": "0.000932000", + "frame.time_delta_displayed": "0.000932000", + "frame.time_relative": "264.101830000", + "frame.number": "604", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008062", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000262", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=610", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:04.830945000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493864.830945000", + "frame.time_delta": "9.268429000", + "frame.time_delta_displayed": "9.268429000", + "frame.time_relative": "273.370259000", + "frame.number": "605", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057d9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6b8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "81", + "tcp.ack": "73", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000627", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:04.974176000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493864.974176000", + "frame.time_delta": "0.143231000", + "frame.time_delta_displayed": "0.143231000", + "frame.time_relative": "273.513490000", + "frame.number": "606", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fcb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdc6", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "73", + "tcp.ack": "82", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000109c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:05.561584000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493865.561584000", + "frame.time_delta": "0.587408000", + "frame.time_delta_displayed": "0.587408000", + "frame.time_relative": "274.100898000", + "frame.number": "607", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d17", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bad9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x000010a0", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000263", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=611", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:05.562148000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493865.562148000", + "frame.time_delta": "0.000564000", + "frame.time_delta_displayed": "0.000564000", + "frame.time_relative": "274.101462000", + "frame.number": "608", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d18", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bd4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f19b", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000263", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=611", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:05.562714000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493865.562714000", + "frame.time_delta": "0.000566000", + "frame.time_delta_displayed": "0.000566000", + "frame.time_relative": "274.102028000", + "frame.number": "609", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007f61", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000263", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=611", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:06.096828000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493866.096828000", + "frame.time_delta": "0.534114000", + "frame.time_delta_displayed": "0.534114000", + "frame.time_relative": "274.636142000", + "frame.number": "610", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005b34", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005cb5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:09.840882000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493869.840882000", + "frame.time_delta": "3.744054000", + "frame.time_delta_displayed": "3.744054000", + "frame.time_relative": "278.380196000", + "frame.number": "611", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:09.841057000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493869.841057000", + "frame.time_delta": "0.000175000", + "frame.time_delta_displayed": "0.000175000", + "frame.time_relative": "278.380371000", + "frame.number": "612", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:09.848518000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493869.848518000", + "frame.time_delta": "0.007461000", + "frame.time_delta_displayed": "0.007461000", + "frame.time_relative": "278.387832000", + "frame.number": "613", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009507", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007847", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "4904", + "tcp.nxtseq": "4953", + "tcp.ack": "764", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c0ac", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:1d:ab:a7:9b:ec:e7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2432427, TSecr 2812013799": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2432427", + "tcp.options.timestamp.tsecr": "2812013799" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:a5:8e:7f:ea:00:23:35:85:fe:f1:06:ea:49:13:c1:78:25:a4:0e:30:63:d1:b3:df:9b:2d:c4:43:28:14:7a:59:91:83:3d:75:3c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:09.909242000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493869.909242000", + "frame.time_delta": "0.060724000", + "frame.time_delta_displayed": "0.060724000", + "frame.time_relative": "278.448556000", + "frame.number": "614", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002c00", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003948", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "764", + "tcp.nxtseq": "819", + "tcp.ack": "4953", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000091fa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9c:0b:41:00:25:1d:ab", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812021569, TSecr 2432427": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812021569", + "tcp.options.timestamp.tsecr": "2432427" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "613", + "tcp.analysis.ack_rtt": "0.060724000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:39:dd:e1:c4:7c:c3:0e:b0:da:83:eb:48:6a:73:e0:7f:49:24:1b:83:80:bb:4e:a2:d4:30:13:1e:f9:52:5c:bd:d5:5b:b0:60:87:da:4c:45:75:3d:66" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:09.909761000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493869.909761000", + "frame.time_delta": "0.000519000", + "frame.time_delta_displayed": "0.000519000", + "frame.time_relative": "278.449075000", + "frame.number": "615", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009508", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007877", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "4953", + "tcp.ack": "819", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006823", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:1d:b1:a7:9c:0b:41", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2432433, TSecr 2812021569": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2432433", + "tcp.options.timestamp.tsecr": "2812021569" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "614", + "tcp.analysis.ack_rtt": "0.000519000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:10.215661000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493870.215661000", + "frame.time_delta": "0.305900000", + "frame.time_delta_displayed": "0.305900000", + "frame.time_relative": "278.754975000", + "frame.number": "616", + "frame.len": "134", + "frame.cap_len": "134", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:adwin_config" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "120", + "ip.id": "0x00000a92", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edfa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "100", + "udp.checksum": "0x0000cba7", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "adwin_config": { + "adwin_config.pattern": "0x5c000054", + "adwin_config.version": "1112689490", + "adwin_config.scan_id": "0xd073d502", + "adwin_config.status": "0x41da0000", + "adwin_config.timeout": "1279870552", + "adwin_config.filename": "V2", + "adwin_config.mac": "02:d3:af:c3:9f:42", + "adwin_config.unused": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:10.561848000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493870.561848000", + "frame.time_delta": "0.346187000", + "frame.time_delta_displayed": "0.346187000", + "frame.time_relative": "279.101162000", + "frame.number": "617", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d19", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bad7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x000010a0", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000263", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=611", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:10.562417000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493870.562417000", + "frame.time_delta": "0.000569000", + "frame.time_delta_displayed": "0.000569000", + "frame.time_relative": "279.101731000", + "frame.number": "618", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d1a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bd2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f19b", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000263", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=611", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:10.562982000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493870.562982000", + "frame.time_delta": "0.000565000", + "frame.time_delta_displayed": "0.000565000", + "frame.time_relative": "279.102296000", + "frame.number": "619", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007f61", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000263", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=611", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:14.910252000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493874.910252000", + "frame.time_delta": "4.347270000", + "frame.time_delta_displayed": "4.347270000", + "frame.time_relative": "283.449566000", + "frame.number": "620", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:14.910729000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493874.910729000", + "frame.time_delta": "0.000477000", + "frame.time_delta_displayed": "0.000477000", + "frame.time_relative": "283.450043000", + "frame.number": "621", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:15.563795000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493875.563795000", + "frame.time_delta": "0.653066000", + "frame.time_delta_displayed": "0.653066000", + "frame.time_relative": "284.103109000", + "frame.number": "622", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d1b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bad5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x000010a0", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000263", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=611", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:15.564201000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493875.564201000", + "frame.time_delta": "0.000406000", + "frame.time_delta_displayed": "0.000406000", + "frame.time_relative": "284.103515000", + "frame.number": "623", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d1c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bd0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f19b", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000263", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=611", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:15.564546000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493875.564546000", + "frame.time_delta": "0.000345000", + "frame.time_delta_displayed": "0.000345000", + "frame.time_relative": "284.103860000", + "frame.number": "624", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007f61", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000263", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=611", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:25.598929000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493885.598929000", + "frame.time_delta": "10.034383000", + "frame.time_delta_displayed": "10.034383000", + "frame.time_relative": "294.138243000", + "frame.number": "625", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d1f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bad1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000f9f", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000264", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=612", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:25.598992000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493885.598992000", + "frame.time_delta": "0.000063000", + "frame.time_delta_displayed": "0.000063000", + "frame.time_relative": "294.138306000", + "frame.number": "626", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d20", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bcc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f09a", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000264", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=612", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:25.599093000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493885.599093000", + "frame.time_delta": "0.000101000", + "frame.time_delta_displayed": "0.000101000", + "frame.time_relative": "294.138407000", + "frame.number": "627", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007e60", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000264", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=612", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:28.854409000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493888.854409000", + "frame.time_delta": "3.255316000", + "frame.time_delta_displayed": "3.255316000", + "frame.time_relative": "297.393723000", + "frame.number": "628", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.444727000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.444727000", + "frame.time_delta": "1.590318000", + "frame.time_delta_displayed": "1.590318000", + "frame.time_relative": "298.984041000", + "frame.number": "629", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x000020d8", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e76c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52117", + "udp.dstport": "1900", + "udp.port": "52117", + "udp.port": "1900", + "udp.length": "134", + "udp.checksum": "0x00004d48", + "udp.checksum.status": "2", + "udp.stream": "10" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "369" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.562960000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.562960000", + "frame.time_delta": "0.118233000", + "frame.time_delta_displayed": "0.118233000", + "frame.time_relative": "299.102274000", + "frame.number": "630", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d21", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bacf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000f9f", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000264", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=612", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.563555000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.563555000", + "frame.time_delta": "0.000595000", + "frame.time_delta_displayed": "0.000595000", + "frame.time_relative": "299.102869000", + "frame.number": "631", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d22", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bca", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f09a", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000264", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=612", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.564140000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.564140000", + "frame.time_delta": "0.000585000", + "frame.time_delta_displayed": "0.000585000", + "frame.time_relative": "299.103454000", + "frame.number": "632", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007e60", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000264", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=612", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.911222000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.911222000", + "frame.time_delta": "0.347082000", + "frame.time_delta_displayed": "0.347082000", + "frame.time_relative": "299.450536000", + "frame.number": "633", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000261c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000912f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "435" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.914315000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.914315000", + "frame.time_delta": "0.003093000", + "frame.time_delta_displayed": "0.003093000", + "frame.time_relative": "299.453629000", + "frame.number": "634", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000018cb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f9c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54514", + "tcp.dstport": "80", + "tcp.port": "54514", + "tcp.port": "80", + "tcp.stream": "20", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00000ce2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.914878000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.914878000", + "frame.time_delta": "0.000563000", + "frame.time_delta_displayed": "0.000563000", + "frame.time_relative": "299.454192000", + "frame.number": "635", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54514", + "tcp.port": "80", + "tcp.port": "54514", + "tcp.stream": "20", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008f9a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "634", + "tcp.analysis.ack_rtt": "0.000563000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.917756000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.917756000", + "frame.time_delta": "0.002878000", + "frame.time_delta_displayed": "0.002878000", + "frame.time_relative": "299.457070000", + "frame.number": "636", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018cc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fa7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54514", + "tcp.dstport": "80", + "tcp.port": "54514", + "tcp.port": "80", + "tcp.stream": "20", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004179", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "635", + "tcp.analysis.ack_rtt": "0.002878000", + "tcp.analysis.initial_rtt": "0.003441000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.918451000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.918451000", + "frame.time_delta": "0.000695000", + "frame.time_delta_displayed": "0.000695000", + "frame.time_relative": "299.457765000", + "frame.number": "637", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000018cd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005eff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54514", + "tcp.dstport": "80", + "tcp.port": "54514", + "tcp.port": "80", + "tcp.stream": "20", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000056f2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003441000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.918935000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.918935000", + "frame.time_delta": "0.000484000", + "frame.time_delta_displayed": "0.000484000", + "frame.time_relative": "299.458249000", + "frame.number": "638", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000093bd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000024b6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54514", + "tcp.port": "80", + "tcp.port": "54514", + "tcp.stream": "20", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000330a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "637", + "tcp.analysis.ack_rtt": "0.000484000", + "tcp.analysis.initial_rtt": "0.003441000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.919521000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.919521000", + "frame.time_delta": "0.000586000", + "frame.time_delta_displayed": "0.000586000", + "frame.time_relative": "299.458835000", + "frame.number": "639", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000093be", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000024a4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54514", + "tcp.port": "80", + "tcp.port": "54514", + "tcp.stream": "20", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000732b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003441000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.919874000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.919874000", + "frame.time_delta": "0.000353000", + "frame.time_delta_displayed": "0.000353000", + "frame.time_relative": "299.459188000", + "frame.number": "640", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000093bf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000020d1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54514", + "tcp.port": "80", + "tcp.port": "54514", + "tcp.stream": "20", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c594", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003441000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "639", + "tcp.segment": "640", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001423000", + "http.request_in": "637", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.921000000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.921000000", + "frame.time_delta": "0.001126000", + "frame.time_delta_displayed": "0.001126000", + "frame.time_relative": "299.460314000", + "frame.number": "641", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000093c0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000020d0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54514", + "tcp.port": "80", + "tcp.port": "54514", + "tcp.stream": "20", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c594", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003441000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.923928000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.923928000", + "frame.time_delta": "0.002928000", + "frame.time_delta_displayed": "0.002928000", + "frame.time_relative": "299.463242000", + "frame.number": "642", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000018ce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f99", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54514", + "tcp.dstport": "80", + "tcp.port": "54514", + "tcp.port": "80", + "tcp.stream": "20", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f68a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:92:08:74:25:92:08:78:08", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "640", + "tcp.analysis.ack_rtt": "0.004054000", + "tcp.analysis.initial_rtt": "0.003441000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.924496000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.924496000", + "frame.time_delta": "0.000568000", + "frame.time_delta_displayed": "0.000568000", + "frame.time_relative": "299.463810000", + "frame.number": "643", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018cf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fa4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54514", + "tcp.dstport": "80", + "tcp.port": "54514", + "tcp.port": "80", + "tcp.stream": "20", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003ce0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.924933000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.924933000", + "frame.time_delta": "0.000437000", + "frame.time_delta_displayed": "0.000437000", + "frame.time_relative": "299.464247000", + "frame.number": "644", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e9f3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ce7f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54514", + "tcp.port": "80", + "tcp.port": "54514", + "tcp.stream": "20", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002f14", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "643", + "tcp.analysis.ack_rtt": "0.000437000", + "tcp.analysis.initial_rtt": "0.003441000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.964185000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.964185000", + "frame.time_delta": "0.039252000", + "frame.time_delta_displayed": "0.039252000", + "frame.time_relative": "299.503499000", + "frame.number": "645", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000261f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009123", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "633" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.967507000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.967507000", + "frame.time_delta": "0.003322000", + "frame.time_delta_displayed": "0.003322000", + "frame.time_relative": "299.506821000", + "frame.number": "646", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000018d0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f97", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54515", + "tcp.dstport": "80", + "tcp.port": "54515", + "tcp.port": "80", + "tcp.stream": "21", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000e292", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.968037000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.968037000", + "frame.time_delta": "0.000530000", + "frame.time_delta_displayed": "0.000530000", + "frame.time_relative": "299.507351000", + "frame.number": "647", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54515", + "tcp.port": "80", + "tcp.port": "54515", + "tcp.stream": "21", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00006d88", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "646", + "tcp.analysis.ack_rtt": "0.000530000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.970805000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.970805000", + "frame.time_delta": "0.002768000", + "frame.time_delta_displayed": "0.002768000", + "frame.time_relative": "299.510119000", + "frame.number": "648", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018d1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fa2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54515", + "tcp.dstport": "80", + "tcp.port": "54515", + "tcp.port": "80", + "tcp.stream": "21", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001f67", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "647", + "tcp.analysis.ack_rtt": "0.002768000", + "tcp.analysis.initial_rtt": "0.003298000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.971392000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.971392000", + "frame.time_delta": "0.000587000", + "frame.time_delta_displayed": "0.000587000", + "frame.time_relative": "299.510706000", + "frame.number": "649", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000018d2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005efa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54515", + "tcp.dstport": "80", + "tcp.port": "54515", + "tcp.port": "80", + "tcp.stream": "21", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000034e0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003298000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.971889000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.971889000", + "frame.time_delta": "0.000497000", + "frame.time_delta_displayed": "0.000497000", + "frame.time_relative": "299.511203000", + "frame.number": "650", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a0f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009e64", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54515", + "tcp.port": "80", + "tcp.port": "54515", + "tcp.stream": "21", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000010f8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "649", + "tcp.analysis.ack_rtt": "0.000497000", + "tcp.analysis.initial_rtt": "0.003298000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.972466000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.972466000", + "frame.time_delta": "0.000577000", + "frame.time_delta_displayed": "0.000577000", + "frame.time_relative": "299.511780000", + "frame.number": "651", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00001a10", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009e52", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54515", + "tcp.port": "80", + "tcp.port": "54515", + "tcp.stream": "21", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005119", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003298000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.972815000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.972815000", + "frame.time_delta": "0.000349000", + "frame.time_delta_displayed": "0.000349000", + "frame.time_relative": "299.512129000", + "frame.number": "652", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00001a11", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009a7f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54515", + "tcp.port": "80", + "tcp.port": "54515", + "tcp.stream": "21", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a382", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003298000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "651", + "tcp.segment": "652", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001423000", + "http.request_in": "649", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.974964000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.974964000", + "frame.time_delta": "0.002149000", + "frame.time_delta_displayed": "0.002149000", + "frame.time_relative": "299.514278000", + "frame.number": "653", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018d3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005fa0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54515", + "tcp.dstport": "80", + "tcp.port": "54515", + "tcp.port": "80", + "tcp.stream": "21", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001acf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "652", + "tcp.analysis.ack_rtt": "0.002149000", + "tcp.analysis.initial_rtt": "0.003298000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.975636000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.975636000", + "frame.time_delta": "0.000672000", + "frame.time_delta_displayed": "0.000672000", + "frame.time_relative": "299.514950000", + "frame.number": "654", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018d4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f9f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54515", + "tcp.dstport": "80", + "tcp.port": "54515", + "tcp.port": "80", + "tcp.stream": "21", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001ace", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:30.976083000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493890.976083000", + "frame.time_delta": "0.000447000", + "frame.time_delta_displayed": "0.000447000", + "frame.time_relative": "299.515397000", + "frame.number": "655", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e9f6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ce7c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54515", + "tcp.port": "80", + "tcp.port": "54515", + "tcp.stream": "21", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000d02", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "654", + "tcp.analysis.ack_rtt": "0.000447000", + "tcp.analysis.initial_rtt": "0.003298000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:31.017034000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493891.017034000", + "frame.time_delta": "0.040951000", + "frame.time_delta_displayed": "0.040951000", + "frame.time_relative": "299.556348000", + "frame.number": "656", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002623", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009125", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "645" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:31.026364000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493891.026364000", + "frame.time_delta": "0.009330000", + "frame.time_delta_displayed": "0.009330000", + "frame.time_relative": "299.565678000", + "frame.number": "657", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000018d5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f92", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54516", + "tcp.dstport": "80", + "tcp.port": "54516", + "tcp.port": "80", + "tcp.stream": "22", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000dcb3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:31.026906000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493891.026906000", + "frame.time_delta": "0.000542000", + "frame.time_delta_displayed": "0.000542000", + "frame.time_relative": "299.566220000", + "frame.number": "658", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54516", + "tcp.port": "80", + "tcp.port": "54516", + "tcp.stream": "22", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000e80f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "657", + "tcp.analysis.ack_rtt": "0.000542000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:31.030539000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493891.030539000", + "frame.time_delta": "0.003633000", + "frame.time_delta_displayed": "0.003633000", + "frame.time_relative": "299.569853000", + "frame.number": "659", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018d6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f9d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54516", + "tcp.dstport": "80", + "tcp.port": "54516", + "tcp.port": "80", + "tcp.stream": "22", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000099ee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "658", + "tcp.analysis.ack_rtt": "0.003633000", + "tcp.analysis.initial_rtt": "0.004175000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:31.031218000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493891.031218000", + "frame.time_delta": "0.000679000", + "frame.time_delta_displayed": "0.000679000", + "frame.time_relative": "299.570532000", + "frame.number": "660", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000018d7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ef5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54516", + "tcp.dstport": "80", + "tcp.port": "54516", + "tcp.port": "80", + "tcp.stream": "22", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000af67", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004175000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:31.031715000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493891.031715000", + "frame.time_delta": "0.000497000", + "frame.time_delta_displayed": "0.000497000", + "frame.time_relative": "299.571029000", + "frame.number": "661", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d956", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000df1c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54516", + "tcp.port": "80", + "tcp.port": "54516", + "tcp.stream": "22", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008b7f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "660", + "tcp.analysis.ack_rtt": "0.000497000", + "tcp.analysis.initial_rtt": "0.004175000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:31.032283000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493891.032283000", + "frame.time_delta": "0.000568000", + "frame.time_delta_displayed": "0.000568000", + "frame.time_relative": "299.571597000", + "frame.number": "662", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000d957", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000df0a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54516", + "tcp.port": "80", + "tcp.port": "54516", + "tcp.stream": "22", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000cba0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004175000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:31.032718000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493891.032718000", + "frame.time_delta": "0.000435000", + "frame.time_delta_displayed": "0.000435000", + "frame.time_relative": "299.572032000", + "frame.number": "663", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000d958", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000db37", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54516", + "tcp.port": "80", + "tcp.port": "54516", + "tcp.stream": "22", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001e0a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004175000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "662", + "tcp.segment": "663", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001500000", + "http.request_in": "660", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:31.034938000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493891.034938000", + "frame.time_delta": "0.002220000", + "frame.time_delta_displayed": "0.002220000", + "frame.time_relative": "299.574252000", + "frame.number": "664", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018d8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f9b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54516", + "tcp.dstport": "80", + "tcp.port": "54516", + "tcp.port": "80", + "tcp.stream": "22", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009556", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "663", + "tcp.analysis.ack_rtt": "0.002220000", + "tcp.analysis.initial_rtt": "0.004175000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:31.036138000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493891.036138000", + "frame.time_delta": "0.001200000", + "frame.time_delta_displayed": "0.001200000", + "frame.time_relative": "299.575452000", + "frame.number": "665", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018d9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f9a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54516", + "tcp.dstport": "80", + "tcp.port": "54516", + "tcp.port": "80", + "tcp.stream": "22", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009555", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:31.036570000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493891.036570000", + "frame.time_delta": "0.000432000", + "frame.time_delta_displayed": "0.000432000", + "frame.time_relative": "299.575884000", + "frame.number": "666", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e9fa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ce78", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54516", + "tcp.port": "80", + "tcp.port": "54516", + "tcp.stream": "22", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008789", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "665", + "tcp.analysis.ack_rtt": "0.000432000", + "tcp.analysis.initial_rtt": "0.004175000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:31.964076000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493891.964076000", + "frame.time_delta": "0.927506000", + "frame.time_delta_displayed": "0.927506000", + "frame.time_relative": "300.503390000", + "frame.number": "667", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002670", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000090db", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "656" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:31.967371000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493891.967371000", + "frame.time_delta": "0.003295000", + "frame.time_delta_displayed": "0.003295000", + "frame.time_relative": "300.506685000", + "frame.number": "668", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000018da", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f8d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54517", + "tcp.dstport": "80", + "tcp.port": "54517", + "tcp.port": "80", + "tcp.stream": "23", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00000f82", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:31.967911000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493891.967911000", + "frame.time_delta": "0.000540000", + "frame.time_delta_displayed": "0.000540000", + "frame.time_relative": "300.507225000", + "frame.number": "669", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54517", + "tcp.port": "80", + "tcp.port": "54517", + "tcp.stream": "23", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00000a43", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "668", + "tcp.analysis.ack_rtt": "0.000540000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:31.973019000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493891.973019000", + "frame.time_delta": "0.005108000", + "frame.time_delta_displayed": "0.005108000", + "frame.time_relative": "300.512333000", + "frame.number": "670", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018db", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f98", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54517", + "tcp.dstport": "80", + "tcp.port": "54517", + "tcp.port": "80", + "tcp.stream": "23", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bc21", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "669", + "tcp.analysis.ack_rtt": "0.005108000", + "tcp.analysis.initial_rtt": "0.005648000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:31.973985000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493891.973985000", + "frame.time_delta": "0.000966000", + "frame.time_delta_displayed": "0.000966000", + "frame.time_relative": "300.513299000", + "frame.number": "671", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000018dc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ef0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54517", + "tcp.dstport": "80", + "tcp.port": "54517", + "tcp.port": "80", + "tcp.stream": "23", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d19a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005648000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:31.974489000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493891.974489000", + "frame.time_delta": "0.000504000", + "frame.time_delta_displayed": "0.000504000", + "frame.time_relative": "300.513803000", + "frame.number": "672", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007614", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000425f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54517", + "tcp.port": "80", + "tcp.port": "54517", + "tcp.stream": "23", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000adb2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "671", + "tcp.analysis.ack_rtt": "0.000504000", + "tcp.analysis.initial_rtt": "0.005648000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:31.975086000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493891.975086000", + "frame.time_delta": "0.000597000", + "frame.time_delta_displayed": "0.000597000", + "frame.time_relative": "300.514400000", + "frame.number": "673", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00007615", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000424d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54517", + "tcp.port": "80", + "tcp.port": "54517", + "tcp.stream": "23", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000edd3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005648000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:31.975440000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493891.975440000", + "frame.time_delta": "0.000354000", + "frame.time_delta_displayed": "0.000354000", + "frame.time_relative": "300.514754000", + "frame.number": "674", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00007616", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003e7a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54517", + "tcp.port": "80", + "tcp.port": "54517", + "tcp.stream": "23", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000403d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005648000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "673", + "tcp.segment": "674", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001455000", + "http.request_in": "671", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:31.982700000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493891.982700000", + "frame.time_delta": "0.007260000", + "frame.time_delta_displayed": "0.007260000", + "frame.time_relative": "300.522014000", + "frame.number": "675", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018dd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f96", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54517", + "tcp.dstport": "80", + "tcp.port": "54517", + "tcp.port": "80", + "tcp.stream": "23", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b789", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "674", + "tcp.analysis.ack_rtt": "0.007260000", + "tcp.analysis.initial_rtt": "0.005648000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:31.983322000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493891.983322000", + "frame.time_delta": "0.000622000", + "frame.time_delta_displayed": "0.000622000", + "frame.time_relative": "300.522636000", + "frame.number": "676", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018de", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f95", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54517", + "tcp.dstport": "80", + "tcp.port": "54517", + "tcp.port": "80", + "tcp.stream": "23", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b788", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:31.983758000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493891.983758000", + "frame.time_delta": "0.000436000", + "frame.time_delta_displayed": "0.000436000", + "frame.time_relative": "300.523072000", + "frame.number": "677", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ea47", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ce2b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54517", + "tcp.port": "80", + "tcp.port": "54517", + "tcp.stream": "23", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a9bc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "676", + "tcp.analysis.ack_rtt": "0.000436000", + "tcp.analysis.initial_rtt": "0.005648000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.017940000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.017940000", + "frame.time_delta": "0.034182000", + "frame.time_delta_displayed": "0.034182000", + "frame.time_relative": "300.557254000", + "frame.number": "678", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002675", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000090cd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "667" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.034212000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.034212000", + "frame.time_delta": "0.016272000", + "frame.time_delta_displayed": "0.016272000", + "frame.time_relative": "300.573526000", + "frame.number": "679", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000018df", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f88", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54518", + "tcp.dstport": "80", + "tcp.port": "54518", + "tcp.port": "80", + "tcp.stream": "24", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00005bf1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.034758000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.034758000", + "frame.time_delta": "0.000546000", + "frame.time_delta_displayed": "0.000546000", + "frame.time_relative": "300.574072000", + "frame.number": "680", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54518", + "tcp.port": "80", + "tcp.port": "54518", + "tcp.stream": "24", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000a01f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "679", + "tcp.analysis.ack_rtt": "0.000546000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.037381000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.037381000", + "frame.time_delta": "0.002623000", + "frame.time_delta_displayed": "0.002623000", + "frame.time_relative": "300.576695000", + "frame.number": "681", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018e0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f93", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54518", + "tcp.dstport": "80", + "tcp.port": "54518", + "tcp.port": "80", + "tcp.stream": "24", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000051fe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "680", + "tcp.analysis.ack_rtt": "0.002623000", + "tcp.analysis.initial_rtt": "0.003169000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.038080000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.038080000", + "frame.time_delta": "0.000699000", + "frame.time_delta_displayed": "0.000699000", + "frame.time_relative": "300.577394000", + "frame.number": "682", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000018e1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005eeb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54518", + "tcp.dstport": "80", + "tcp.port": "54518", + "tcp.port": "80", + "tcp.stream": "24", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006777", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003169000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.038556000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.038556000", + "frame.time_delta": "0.000476000", + "frame.time_delta_displayed": "0.000476000", + "frame.time_relative": "300.577870000", + "frame.number": "683", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000068eb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004f88", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54518", + "tcp.port": "80", + "tcp.port": "54518", + "tcp.stream": "24", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000438f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "682", + "tcp.analysis.ack_rtt": "0.000476000", + "tcp.analysis.initial_rtt": "0.003169000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.039145000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.039145000", + "frame.time_delta": "0.000589000", + "frame.time_delta_displayed": "0.000589000", + "frame.time_relative": "300.578459000", + "frame.number": "684", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000068ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004f76", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54518", + "tcp.port": "80", + "tcp.port": "54518", + "tcp.stream": "24", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000083b0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003169000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.039596000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.039596000", + "frame.time_delta": "0.000451000", + "frame.time_delta_displayed": "0.000451000", + "frame.time_relative": "300.578910000", + "frame.number": "685", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000068ed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004ba3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54518", + "tcp.port": "80", + "tcp.port": "54518", + "tcp.stream": "24", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d619", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003169000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "684", + "tcp.segment": "685", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001516000", + "http.request_in": "682", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.041008000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.041008000", + "frame.time_delta": "0.001412000", + "frame.time_delta_displayed": "0.001412000", + "frame.time_relative": "300.580322000", + "frame.number": "686", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000068ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004ba2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54518", + "tcp.port": "80", + "tcp.port": "54518", + "tcp.stream": "24", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d619", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003169000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.043335000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.043335000", + "frame.time_delta": "0.002327000", + "frame.time_delta_displayed": "0.002327000", + "frame.time_relative": "300.582649000", + "frame.number": "687", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018e2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f91", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54518", + "tcp.dstport": "80", + "tcp.port": "54518", + "tcp.port": "80", + "tcp.stream": "24", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004d66", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "685", + "tcp.analysis.ack_rtt": "0.003739000", + "tcp.analysis.initial_rtt": "0.003169000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.043930000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.043930000", + "frame.time_delta": "0.000595000", + "frame.time_delta_displayed": "0.000595000", + "frame.time_relative": "300.583244000", + "frame.number": "688", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018e3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f90", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54518", + "tcp.dstport": "80", + "tcp.port": "54518", + "tcp.port": "80", + "tcp.stream": "24", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004d65", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.044364000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.044364000", + "frame.time_delta": "0.000434000", + "frame.time_delta_displayed": "0.000434000", + "frame.time_relative": "300.583678000", + "frame.number": "689", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ea4d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ce25", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54518", + "tcp.port": "80", + "tcp.port": "54518", + "tcp.stream": "24", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003f99", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "688", + "tcp.analysis.ack_rtt": "0.000434000", + "tcp.analysis.initial_rtt": "0.003169000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.044645000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.044645000", + "frame.time_delta": "0.000281000", + "frame.time_delta_displayed": "0.000281000", + "frame.time_relative": "300.583959000", + "frame.number": "690", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000018e4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f83", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54518", + "tcp.dstport": "80", + "tcp.port": "54518", + "tcp.port": "80", + "tcp.stream": "24", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000089fa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:c3:b4:81:03:c3:b4:84:e6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003169000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "687", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.071576000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.071576000", + "frame.time_delta": "0.026931000", + "frame.time_delta_displayed": "0.026931000", + "frame.time_relative": "300.610890000", + "frame.number": "691", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002679", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000090cf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "678" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.075961000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.075961000", + "frame.time_delta": "0.004385000", + "frame.time_delta_displayed": "0.004385000", + "frame.time_relative": "300.615275000", + "frame.number": "692", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000018e5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f82", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54519", + "tcp.dstport": "80", + "tcp.port": "54519", + "tcp.port": "80", + "tcp.stream": "25", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00007cfb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.076519000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.076519000", + "frame.time_delta": "0.000558000", + "frame.time_delta_displayed": "0.000558000", + "frame.time_relative": "300.615833000", + "frame.number": "693", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54519", + "tcp.port": "80", + "tcp.port": "54519", + "tcp.stream": "25", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000bd8c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "692", + "tcp.analysis.ack_rtt": "0.000558000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.079110000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.079110000", + "frame.time_delta": "0.002591000", + "frame.time_delta_displayed": "0.002591000", + "frame.time_relative": "300.618424000", + "frame.number": "694", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018e6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f8d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54519", + "tcp.dstport": "80", + "tcp.port": "54519", + "tcp.port": "80", + "tcp.stream": "25", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006f6b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "693", + "tcp.analysis.ack_rtt": "0.002591000", + "tcp.analysis.initial_rtt": "0.003149000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.079807000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.079807000", + "frame.time_delta": "0.000697000", + "frame.time_delta_displayed": "0.000697000", + "frame.time_relative": "300.619121000", + "frame.number": "695", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000018e7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ee5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54519", + "tcp.dstport": "80", + "tcp.port": "54519", + "tcp.port": "80", + "tcp.stream": "25", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000084e4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003149000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.080300000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.080300000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "300.619614000", + "frame.number": "696", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000065d9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000529a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54519", + "tcp.port": "80", + "tcp.port": "54519", + "tcp.stream": "25", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000060fc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "695", + "tcp.analysis.ack_rtt": "0.000493000", + "tcp.analysis.initial_rtt": "0.003149000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.080915000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.080915000", + "frame.time_delta": "0.000615000", + "frame.time_delta_displayed": "0.000615000", + "frame.time_relative": "300.620229000", + "frame.number": "697", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000065da", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005288", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54519", + "tcp.port": "80", + "tcp.port": "54519", + "tcp.stream": "25", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a11d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003149000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.081275000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.081275000", + "frame.time_delta": "0.000360000", + "frame.time_delta_displayed": "0.000360000", + "frame.time_relative": "300.620589000", + "frame.number": "698", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000065db", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004eb5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54519", + "tcp.port": "80", + "tcp.port": "54519", + "tcp.stream": "25", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f386", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003149000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "697", + "tcp.segment": "698", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001468000", + "http.request_in": "695", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.085265000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.085265000", + "frame.time_delta": "0.003990000", + "frame.time_delta_displayed": "0.003990000", + "frame.time_relative": "300.624579000", + "frame.number": "699", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018e8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f8b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54519", + "tcp.dstport": "80", + "tcp.port": "54519", + "tcp.port": "80", + "tcp.stream": "25", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006ad3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "698", + "tcp.analysis.ack_rtt": "0.003990000", + "tcp.analysis.initial_rtt": "0.003149000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.086278000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.086278000", + "frame.time_delta": "0.001013000", + "frame.time_delta_displayed": "0.001013000", + "frame.time_relative": "300.625592000", + "frame.number": "700", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000018e9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f8a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54519", + "tcp.dstport": "80", + "tcp.port": "54519", + "tcp.port": "80", + "tcp.stream": "25", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006ad2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:32.086739000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493892.086739000", + "frame.time_delta": "0.000461000", + "frame.time_delta_displayed": "0.000461000", + "frame.time_relative": "300.626053000", + "frame.number": "701", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ea4f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ce23", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54519", + "tcp.port": "80", + "tcp.port": "54519", + "tcp.stream": "25", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005d06", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "700", + "tcp.analysis.ack_rtt": "0.000461000", + "tcp.analysis.initial_rtt": "0.003149000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:34.970926000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493894.970926000", + "frame.time_delta": "2.884187000", + "frame.time_delta_displayed": "2.884187000", + "frame.time_relative": "303.510240000", + "frame.number": "702", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057da", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6b7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "81", + "tcp.ack": "73", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000627", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:35.114367000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493895.114367000", + "frame.time_delta": "0.143441000", + "frame.time_delta_displayed": "0.143441000", + "frame.time_relative": "303.653681000", + "frame.number": "703", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fcc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdc5", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "73", + "tcp.ack": "82", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000109c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:35.565958000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493895.565958000", + "frame.time_delta": "0.451591000", + "frame.time_delta_displayed": "0.451591000", + "frame.time_relative": "304.105272000", + "frame.number": "704", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d26", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000baca", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000f9f", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000264", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=612", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:35.566401000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493895.566401000", + "frame.time_delta": "0.000443000", + "frame.time_delta_displayed": "0.000443000", + "frame.time_relative": "304.105715000", + "frame.number": "705", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d27", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bc5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f09a", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000264", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=612", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:35.566835000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493895.566835000", + "frame.time_delta": "0.000434000", + "frame.time_delta_displayed": "0.000434000", + "frame.time_relative": "304.106149000", + "frame.number": "706", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007e60", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000264", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=612", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:36.115936000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493896.115936000", + "frame.time_delta": "0.549101000", + "frame.time_delta_displayed": "0.549101000", + "frame.time_relative": "304.655250000", + "frame.number": "707", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005b5a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005c8f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:36.687335000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493896.687335000", + "frame.time_delta": "0.571399000", + "frame.time_delta_displayed": "0.571399000", + "frame.time_relative": "305.226649000", + "frame.number": "708", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020d9", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e73b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "54789", + "udp.dstport": "1900", + "udp.port": "54789", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00007458", + "udp.checksum.status": "2", + "udp.stream": "33" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:37.342115000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493897.342115000", + "frame.time_delta": "0.654780000", + "frame.time_delta_displayed": "0.654780000", + "frame.time_relative": "305.881429000", + "frame.number": "709", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000286c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008edf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "305", + "udp.checksum": "0x0000ef15", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:37.394910000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493897.394910000", + "frame.time_delta": "0.052795000", + "frame.time_delta_displayed": "0.052795000", + "frame.time_relative": "305.934224000", + "frame.number": "710", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000286f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008ed3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "314", + "udp.checksum": "0x0000fd00", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "709" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:37.447768000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493897.447768000", + "frame.time_delta": "0.052858000", + "frame.time_delta_displayed": "0.052858000", + "frame.time_relative": "305.987082000", + "frame.number": "711", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002871", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008ed7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "308", + "udp.checksum": "0x0000208b", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "710" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:37.688439000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493897.688439000", + "frame.time_delta": "0.240671000", + "frame.time_delta_displayed": "0.240671000", + "frame.time_relative": "306.227753000", + "frame.number": "712", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020da", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e73a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "54789", + "udp.dstport": "1900", + "udp.port": "54789", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00007458", + "udp.checksum.status": "2", + "udp.stream": "33" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "708" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:38.395194000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493898.395194000", + "frame.time_delta": "0.706755000", + "frame.time_delta_displayed": "0.706755000", + "frame.time_relative": "306.934508000", + "frame.number": "713", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000288d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008ebe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "305", + "udp.checksum": "0x0000ef15", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "711" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:38.447948000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493898.447948000", + "frame.time_delta": "0.052754000", + "frame.time_delta_displayed": "0.052754000", + "frame.time_relative": "306.987262000", + "frame.number": "714", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002890", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008eb2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "314", + "udp.checksum": "0x0000fd00", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "713" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:38.500795000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493898.500795000", + "frame.time_delta": "0.052847000", + "frame.time_delta_displayed": "0.052847000", + "frame.time_relative": "307.040109000", + "frame.number": "715", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002895", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008eb3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "308", + "udp.checksum": "0x0000208b", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "714" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:38.689932000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493898.689932000", + "frame.time_delta": "0.189137000", + "frame.time_delta_displayed": "0.189137000", + "frame.time_relative": "307.229246000", + "frame.number": "716", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020db", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e739", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "54789", + "udp.dstport": "1900", + "udp.port": "54789", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00007458", + "udp.checksum.status": "2", + "udp.stream": "33" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "712" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:39.026907000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493899.026907000", + "frame.time_delta": "0.336975000", + "frame.time_delta_displayed": "0.336975000", + "frame.time_relative": "307.566221000", + "frame.number": "717", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000028a2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008ea9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "305", + "udp.checksum": "0x0000ef15", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "715" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:39.079745000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493899.079745000", + "frame.time_delta": "0.052838000", + "frame.time_delta_displayed": "0.052838000", + "frame.time_relative": "307.619059000", + "frame.number": "718", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000028a6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008e9c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "314", + "udp.checksum": "0x0000fd00", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "717" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:39.132606000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493899.132606000", + "frame.time_delta": "0.052861000", + "frame.time_delta_displayed": "0.052861000", + "frame.time_relative": "307.671920000", + "frame.number": "719", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000028ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008e9c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "308", + "udp.checksum": "0x0000208b", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "718" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:39.690580000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493899.690580000", + "frame.time_delta": "0.557974000", + "frame.time_delta_displayed": "0.557974000", + "frame.time_relative": "308.229894000", + "frame.number": "720", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020dc", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e738", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "54789", + "udp.dstport": "1900", + "udp.port": "54789", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00007458", + "udp.checksum.status": "2", + "udp.stream": "33" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "716" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:39.980841000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493899.980841000", + "frame.time_delta": "0.290261000", + "frame.time_delta_displayed": "0.290261000", + "frame.time_relative": "308.520155000", + "frame.number": "721", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:39.981023000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493899.981023000", + "frame.time_delta": "0.000182000", + "frame.time_delta_displayed": "0.000182000", + "frame.time_relative": "308.520337000", + "frame.number": "722", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:40.079272000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493900.079272000", + "frame.time_delta": "0.098249000", + "frame.time_delta_displayed": "0.098249000", + "frame.time_relative": "308.618586000", + "frame.number": "723", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000028fc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008e4f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "305", + "udp.checksum": "0x0000ef15", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "719" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:40.132076000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493900.132076000", + "frame.time_delta": "0.052804000", + "frame.time_delta_displayed": "0.052804000", + "frame.time_relative": "308.671390000", + "frame.number": "724", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002900", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008e42", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "314", + "udp.checksum": "0x0000fd00", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "723" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:40.184822000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493900.184822000", + "frame.time_delta": "0.052746000", + "frame.time_delta_displayed": "0.052746000", + "frame.time_relative": "308.724136000", + "frame.number": "725", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002903", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008e45", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "308", + "udp.checksum": "0x0000208b", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "724" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:40.395807000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493900.395807000", + "frame.time_delta": "0.210985000", + "frame.time_delta_displayed": "0.210985000", + "frame.time_relative": "308.935121000", + "frame.number": "726", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002914", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008e37", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "305", + "udp.checksum": "0x0000ef15", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "725" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:40.448586000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493900.448586000", + "frame.time_delta": "0.052779000", + "frame.time_delta_displayed": "0.052779000", + "frame.time_relative": "308.987900000", + "frame.number": "727", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002916", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008e2c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "314", + "udp.checksum": "0x0000fd00", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "726" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:40.501448000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493900.501448000", + "frame.time_delta": "0.052862000", + "frame.time_delta_displayed": "0.052862000", + "frame.time_relative": "309.040762000", + "frame.number": "728", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002919", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008e2f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "308", + "udp.checksum": "0x0000208b", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "727" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:40.926995000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493900.926995000", + "frame.time_delta": "0.425547000", + "frame.time_delta_displayed": "0.425547000", + "frame.time_relative": "309.466309000", + "frame.number": "729", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009509", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007845", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "4953", + "tcp.nxtseq": "5002", + "tcp.ack": "819", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000af17", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:29:cf:a7:9c:0b:41", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2435535, TSecr 2812021569": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2435535", + "tcp.options.timestamp.tsecr": "2812021569" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:a6:88:aa:e5:33:f2:3a:cf:8d:c7:89:63:3e:49:39:4c:2c:49:c3:ae:13:20:a4:3f:60:f1:3d:4d:18:7e:5f:8c:f5:51:a5:b2:03" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:40.987654000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493900.987654000", + "frame.time_delta": "0.060659000", + "frame.time_delta_displayed": "0.060659000", + "frame.time_relative": "309.526968000", + "frame.number": "730", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002c01", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003947", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "819", + "tcp.nxtseq": "874", + "tcp.ack": "5002", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000772", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9c:29:9b:00:25:29:cf", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812029339, TSecr 2435535": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812029339", + "tcp.options.timestamp.tsecr": "2435535" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "729", + "tcp.analysis.ack_rtt": "0.060659000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:3a:df:6c:32:3e:9b:e5:b2:70:cd:fe:62:57:42:20:99:4a:39:76:cf:89:15:dc:4a:f5:d3:d8:ab:ba:15:62:70:c0:65:f2:50:de:23:82:e7:50:59:96" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:40.988146000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493900.988146000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "309.527460000", + "frame.number": "731", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000950a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007875", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "5002", + "tcp.ack": "874", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003d3d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:29:d5:a7:9c:29:9b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2435541, TSecr 2812029339": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2435541", + "tcp.options.timestamp.tsecr": "2812029339" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "730", + "tcp.analysis.ack_rtt": "0.000492000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:41.447435000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493901.447435000", + "frame.time_delta": "0.459289000", + "frame.time_delta_displayed": "0.459289000", + "frame.time_relative": "309.986749000", + "frame.number": "732", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002948", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008e03", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "305", + "udp.checksum": "0x0000ef15", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "728" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:41.500440000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493901.500440000", + "frame.time_delta": "0.053005000", + "frame.time_delta_displayed": "0.053005000", + "frame.time_relative": "310.039754000", + "frame.number": "733", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000294b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008df7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "314", + "udp.checksum": "0x0000fd00", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "732" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:41.553333000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493901.553333000", + "frame.time_delta": "0.052893000", + "frame.time_delta_displayed": "0.052893000", + "frame.time_relative": "310.092647000", + "frame.number": "734", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000294c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008dfc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "308", + "udp.checksum": "0x0000208b", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "733" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:42.132032000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493902.132032000", + "frame.time_delta": "0.578699000", + "frame.time_delta_displayed": "0.578699000", + "frame.time_relative": "310.671346000", + "frame.number": "735", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002952", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008df9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "305", + "udp.checksum": "0x0000ef15", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "734" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:42.238498000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493902.238498000", + "frame.time_delta": "0.106466000", + "frame.time_delta_displayed": "0.106466000", + "frame.time_relative": "310.777812000", + "frame.number": "736", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002955", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008ded", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "314", + "udp.checksum": "0x0000fd00", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "735" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:42.238513000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493902.238513000", + "frame.time_delta": "0.000015000", + "frame.time_delta_displayed": "0.000015000", + "frame.time_relative": "310.777827000", + "frame.number": "737", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002958", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008df0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "308", + "udp.checksum": "0x0000208b", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "736" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:43.136813000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493903.136813000", + "frame.time_delta": "0.898300000", + "frame.time_delta_displayed": "0.898300000", + "frame.time_relative": "311.676127000", + "frame.number": "738", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002987", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008dc4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "305", + "udp.checksum": "0x0000ef15", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "737" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:43.189603000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493903.189603000", + "frame.time_delta": "0.052790000", + "frame.time_delta_displayed": "0.052790000", + "frame.time_relative": "311.728917000", + "frame.number": "739", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000298c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008db6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "314", + "udp.checksum": "0x0000fd00", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "738" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:43.242411000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493903.242411000", + "frame.time_delta": "0.052808000", + "frame.time_delta_displayed": "0.052808000", + "frame.time_relative": "311.781725000", + "frame.number": "740", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002992", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008db6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "54789", + "udp.port": "1900", + "udp.port": "54789", + "udp.length": "308", + "udp.checksum": "0x0000208b", + "udp.checksum.status": "2", + "udp.stream": "34" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "739" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:45.563826000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493905.563826000", + "frame.time_delta": "2.321415000", + "frame.time_delta_displayed": "2.321415000", + "frame.time_relative": "314.103140000", + "frame.number": "741", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d28", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bac8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000e9e", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000265", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=613", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:45.564384000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493905.564384000", + "frame.time_delta": "0.000558000", + "frame.time_delta_displayed": "0.000558000", + "frame.time_relative": "314.103698000", + "frame.number": "742", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d29", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bc3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ef99", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000265", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=613", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:45.564977000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493905.564977000", + "frame.time_delta": "0.000593000", + "frame.time_delta_displayed": "0.000593000", + "frame.time_relative": "314.104291000", + "frame.number": "743", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007d5f", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000265", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=613", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:45.990162000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493905.990162000", + "frame.time_delta": "0.425185000", + "frame.time_delta_displayed": "0.425185000", + "frame.time_relative": "314.529476000", + "frame.number": "744", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:45.990598000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493905.990598000", + "frame.time_delta": "0.000436000", + "frame.time_delta_displayed": "0.000436000", + "frame.time_relative": "314.529912000", + "frame.number": "745", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:50.564586000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493910.564586000", + "frame.time_delta": "4.573988000", + "frame.time_delta_displayed": "4.573988000", + "frame.time_relative": "319.103900000", + "frame.number": "746", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d2a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bac6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000e9e", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000265", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=613", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:50.565633000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493910.565633000", + "frame.time_delta": "0.001047000", + "frame.time_delta_displayed": "0.001047000", + "frame.time_relative": "319.104947000", + "frame.number": "747", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d2b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bc1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ef99", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000265", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=613", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:50.566034000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493910.566034000", + "frame.time_delta": "0.000401000", + "frame.time_delta_displayed": "0.000401000", + "frame.time_relative": "319.105348000", + "frame.number": "748", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007d5f", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000265", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=613", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:55.365061000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493915.365061000", + "frame.time_delta": "4.799027000", + "frame.time_delta_displayed": "4.799027000", + "frame.time_relative": "323.904375000", + "frame.number": "749", + "frame.len": "134", + "frame.cap_len": "134", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:adwin_config" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "120", + "ip.id": "0x00000a95", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edf7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "100", + "udp.checksum": "0x00000d4b", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "adwin_config": { + "adwin_config.pattern": "0x5c000054", + "adwin_config.version": "1112689490", + "adwin_config.scan_id": "0xd073d502", + "adwin_config.status": "0x41da0000", + "adwin_config.timeout": "1279870552", + "adwin_config.filename": "V2", + "adwin_config.mac": "fc:de:8e:3a:f3:96", + "adwin_config.unused": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:55.418469000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493915.418469000", + "frame.time_delta": "0.053408000", + "frame.time_delta_displayed": "0.053408000", + "frame.time_relative": "323.957783000", + "frame.number": "750", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x000077a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000051b6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:55.471570000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493915.471570000", + "frame.time_delta": "0.053101000", + "frame.time_delta_displayed": "0.053101000", + "frame.time_relative": "324.010884000", + "frame.number": "751", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x000077a4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000051b3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:55.524487000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493915.524487000", + "frame.time_delta": "0.052917000", + "frame.time_delta_displayed": "0.052917000", + "frame.time_relative": "324.063801000", + "frame.number": "752", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x000077a9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000051a5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:55.564365000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493915.564365000", + "frame.time_delta": "0.039878000", + "frame.time_delta_displayed": "0.039878000", + "frame.time_relative": "324.103679000", + "frame.number": "753", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d2c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bac4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000e9e", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000265", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=613", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:55.564926000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493915.564926000", + "frame.time_delta": "0.000561000", + "frame.time_delta_displayed": "0.000561000", + "frame.time_relative": "324.104240000", + "frame.number": "754", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d2d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bbf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ef99", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000265", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=613", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:55.565514000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493915.565514000", + "frame.time_delta": "0.000588000", + "frame.time_delta_displayed": "0.000588000", + "frame.time_relative": "324.104828000", + "frame.number": "755", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007d5f", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000265", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=613", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:55.577408000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493915.577408000", + "frame.time_delta": "0.011894000", + "frame.time_delta_displayed": "0.011894000", + "frame.time_relative": "324.116722000", + "frame.number": "756", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x000077ae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000051a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:55.630339000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493915.630339000", + "frame.time_delta": "0.052931000", + "frame.time_delta_displayed": "0.052931000", + "frame.time_relative": "324.169653000", + "frame.number": "757", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x000077b3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000051a1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:51:55.683240000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493915.683240000", + "frame.time_delta": "0.052901000", + "frame.time_delta_displayed": "0.052901000", + "frame.time_relative": "324.222554000", + "frame.number": "758", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x000077b7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000519d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:01.841719000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493921.841719000", + "frame.time_delta": "6.158479000", + "frame.time_delta_displayed": "6.158479000", + "frame.time_relative": "330.381033000", + "frame.number": "759", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:02.101543000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493922.101543000", + "frame.time_delta": "0.259824000", + "frame.time_delta_displayed": "0.259824000", + "frame.time_relative": "330.640857000", + "frame.number": "760", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:02.125766000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493922.125766000", + "frame.time_delta": "0.024223000", + "frame.time_delta_displayed": "0.024223000", + "frame.time_relative": "330.665080000", + "frame.number": "761", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:02.140397000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493922.140397000", + "frame.time_delta": "0.014631000", + "frame.time_delta_displayed": "0.014631000", + "frame.time_relative": "330.679711000", + "frame.number": "762", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:02.516280000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493922.516280000", + "frame.time_delta": "0.375883000", + "frame.time_delta_displayed": "0.375883000", + "frame.time_relative": "331.055594000", + "frame.number": "763", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:04.402484000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493924.402484000", + "frame.time_delta": "1.886204000", + "frame.time_delta_displayed": "1.886204000", + "frame.time_relative": "332.941798000", + "frame.number": "764", + "frame.len": "94", + "frame.cap_len": "94", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "80", + "ip.id": "0x000057db", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a68e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "40", + "tcp.seq": "82", + "tcp.nxtseq": "122", + "tcp.ack": "73", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c935", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "40", + "tcp.analysis.push_bytes_sent": "40" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "35", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:de:04:f5:9a:5f:5c:73:72:4d:36:4e:bd:d8:5f:57:47:31:94:1d:db:88:04:08:a4:1f:69:83:aa" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:04.545768000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493924.545768000", + "frame.time_delta": "0.143284000", + "frame.time_delta_displayed": "0.143284000", + "frame.time_relative": "333.085082000", + "frame.number": "765", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fcd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdc4", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "73", + "tcp.ack": "122", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001074", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "764", + "tcp.analysis.ack_rtt": "0.143284000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:04.545855000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493924.545855000", + "frame.time_delta": "0.000087000", + "frame.time_delta_displayed": "0.000087000", + "frame.time_relative": "333.085169000", + "frame.number": "766", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00000fce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd9f", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "36", + "tcp.seq": "73", + "tcp.nxtseq": "109", + "tcp.ack": "122", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009007", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "36", + "tcp.analysis.push_bytes_sent": "36" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "31", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:64:a3:a5:2e:1f:a0:dd:48:a6:ae:f9:d7:1f:c2:d6:f7:8e:c6:4e:17:11:a3:fb:da" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:04.546293000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493924.546293000", + "frame.time_delta": "0.000438000", + "frame.time_delta_displayed": "0.000438000", + "frame.time_relative": "333.085607000", + "frame.number": "767", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057dc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6b5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "122", + "tcp.ack": "109", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000005da", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "766", + "tcp.analysis.ack_rtt": "0.000438000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:06.164504000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493926.164504000", + "frame.time_delta": "1.618211000", + "frame.time_delta_displayed": "1.618211000", + "frame.time_relative": "334.703818000", + "frame.number": "768", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005b61", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005c88", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:07.225698000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493927.225698000", + "frame.time_delta": "1.061194000", + "frame.time_delta_displayed": "1.061194000", + "frame.time_relative": "335.765012000", + "frame.number": "769", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:07.565780000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493927.565780000", + "frame.time_delta": "0.340082000", + "frame.time_delta_displayed": "0.340082000", + "frame.time_relative": "336.105094000", + "frame.number": "770", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000a97", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edf9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x0000e941", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2a:84:dd:1c:8d:ba:cc:f2:14:6b:00:00:00:52:a0:21:21:33:33:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:09.550183000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493929.550183000", + "frame.time_delta": "1.984403000", + "frame.time_delta_displayed": "1.984403000", + "frame.time_relative": "338.089497000", + "frame.number": "771", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:09.550580000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493929.550580000", + "frame.time_delta": "0.000397000", + "frame.time_delta_displayed": "0.000397000", + "frame.time_relative": "338.089894000", + "frame.number": "772", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:10.565242000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493930.565242000", + "frame.time_delta": "1.014662000", + "frame.time_delta_displayed": "1.014662000", + "frame.time_relative": "339.104556000", + "frame.number": "773", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d31", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000babf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000d9d", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000266", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=614", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:10.565777000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493930.565777000", + "frame.time_delta": "0.000535000", + "frame.time_delta_displayed": "0.000535000", + "frame.time_relative": "339.105091000", + "frame.number": "774", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d32", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ee98", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000266", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=614", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:10.566348000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493930.566348000", + "frame.time_delta": "0.000571000", + "frame.time_delta_displayed": "0.000571000", + "frame.time_relative": "339.105662000", + "frame.number": "775", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007c5e", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000266", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=614", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:12.006213000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493932.006213000", + "frame.time_delta": "1.439865000", + "frame.time_delta_displayed": "1.439865000", + "frame.time_relative": "340.545527000", + "frame.number": "776", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x0000950b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007843", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "5002", + "tcp.nxtseq": "5051", + "tcp.ack": "874", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008d2f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:35:f3:a7:9c:29:9b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2438643, TSecr 2812029339": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2438643", + "tcp.options.timestamp.tsecr": "2812029339" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:a7:23:7f:07:7f:c2:15:c9:40:4c:fb:22:7c:ac:ed:0c:39:73:1d:3f:d6:24:09:41:9d:57:6e:77:da:d4:bd:b4:c0:0a:4f:3c:57" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:12.067179000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493932.067179000", + "frame.time_delta": "0.060966000", + "frame.time_delta_displayed": "0.060966000", + "frame.time_relative": "340.606493000", + "frame.number": "777", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002c02", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003946", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "874", + "tcp.nxtseq": "929", + "tcp.ack": "5051", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d7be", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9c:47:f5:00:25:35:f3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812037109, TSecr 2438643": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812037109", + "tcp.options.timestamp.tsecr": "2438643" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "776", + "tcp.analysis.ack_rtt": "0.060966000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:3b:6e:66:99:d5:69:cd:de:94:d9:5c:be:85:cf:97:6d:5e:4c:81:e3:d4:a9:dc:f6:17:d3:50:99:4b:f4:82:b4:8d:6e:9c:8f:29:4a:bc:28:4d:47:49" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:12.067671000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493932.067671000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "340.606985000", + "frame.number": "778", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000950c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007873", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "5051", + "tcp.ack": "929", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001257", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:35:f9:a7:9c:47:f5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2438649, TSecr 2812037109": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2438649", + "tcp.options.timestamp.tsecr": "2812037109" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "777", + "tcp.analysis.ack_rtt": "0.000492000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:15.565325000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493935.565325000", + "frame.time_delta": "3.497654000", + "frame.time_delta_displayed": "3.497654000", + "frame.time_relative": "344.104639000", + "frame.number": "779", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d33", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000babd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000d9d", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000266", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=614", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:15.565943000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493935.565943000", + "frame.time_delta": "0.000618000", + "frame.time_delta_displayed": "0.000618000", + "frame.time_relative": "344.105257000", + "frame.number": "780", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d34", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bb8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ee98", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000266", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=614", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:15.566475000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493935.566475000", + "frame.time_delta": "0.000532000", + "frame.time_delta_displayed": "0.000532000", + "frame.time_relative": "344.105789000", + "frame.number": "781", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007c5e", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000266", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=614", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:17.070218000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493937.070218000", + "frame.time_delta": "1.503743000", + "frame.time_delta_displayed": "1.503743000", + "frame.time_relative": "345.609532000", + "frame.number": "782", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:17.070650000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493937.070650000", + "frame.time_delta": "0.000432000", + "frame.time_delta_displayed": "0.000432000", + "frame.time_relative": "345.609964000", + "frame.number": "783", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:20.565803000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493940.565803000", + "frame.time_delta": "3.495153000", + "frame.time_delta_displayed": "3.495153000", + "frame.time_relative": "349.105117000", + "frame.number": "784", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d3a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bab6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000d9d", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000266", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=614", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:20.566358000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493940.566358000", + "frame.time_delta": "0.000555000", + "frame.time_delta_displayed": "0.000555000", + "frame.time_relative": "349.105672000", + "frame.number": "785", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d3b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bb1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ee98", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000266", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=614", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:20.566929000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493940.566929000", + "frame.time_delta": "0.000571000", + "frame.time_delta_displayed": "0.000571000", + "frame.time_relative": "349.106243000", + "frame.number": "786", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007c5e", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000266", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=614", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:21.534055000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493941.534055000", + "frame.time_delta": "0.967126000", + "frame.time_delta_displayed": "0.967126000", + "frame.time_relative": "350.073369000", + "frame.number": "787", + "frame.len": "318", + "frame.cap_len": "318", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "304", + "ip.id": "0x00005471", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x00003e59", + "ip.checksum.status": "2", + "ip.src": "54.241.191.236", + "ip.addr": "54.241.191.236", + "ip.src_host": "54.241.191.236", + "ip.host": "54.241.191.236", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49766", + "tcp.port": "80", + "tcp.port": "49766", + "tcp.stream": "9", + "tcp.len": "264", + "tcp.seq": "1", + "tcp.nxtseq": "265", + "tcp.ack": "258", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30016", + "tcp.window_size": "30016", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00009722", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.016845000", + "tcp.analysis.bytes_in_flight": "264", + "tcp.analysis.push_bytes_sent": "264" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.date": "Tue, 31 Oct 2017 23:52:21 GMT", + "http.response.line": "Date: Tue, 31 Oct 2017 23:52:21 GMT\r\n", + "http.content_type": "text\/javascript; charset=\"UTF-8\"", + "http.response.line": "Content-Type: text\/javascript; charset=\"UTF-8\"\r\n", + "http.content_length_header": "24", + "http.content_length_header_tree": { + "http.content_length": "24" + }, + "http.response.line": "Content-Length: 24\r\n", + "http.connection": "keep-alive", + "http.response.line": "Connection: keep-alive\r\n", + "http.cache_control": "no-cache", + "http.response.line": "Cache-Control: no-cache\r\n", + "http.response.line": "Access-Control-Allow-Origin: *\r\n", + "http.response.line": "Access-Control-Allow-Methods: GET\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "280.020846000", + "http.request_in": "173", + "http.file_data": "[[],\"15094933571306917\"]" + }, + "data-text-lines": { + "[[],\"15094933571306917\"]": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:21.567706000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493941.567706000", + "frame.time_delta": "0.033651000", + "frame.time_delta_displayed": "0.033651000", + "frame.time_relative": "350.107020000", + "frame.number": "788", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001012", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f3bf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.236", + "ip.addr": "54.241.191.236", + "ip.dst_host": "54.241.191.236", + "ip.host": "54.241.191.236", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49766", + "tcp.dstport": "80", + "tcp.port": "49766", + "tcp.port": "80", + "tcp.stream": "9", + "tcp.len": "0", + "tcp.seq": "258", + "tcp.ack": "265", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5336", + "tcp.window_size": "5336", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000ee94", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "787", + "tcp.analysis.ack_rtt": "0.033651000", + "tcp.analysis.initial_rtt": "0.016845000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:21.579031000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493941.579031000", + "frame.time_delta": "0.011325000", + "frame.time_delta_displayed": "0.011325000", + "frame.time_relative": "350.118345000", + "frame.number": "789", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005472", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x00003f60", + "ip.checksum.status": "2", + "ip.src": "54.241.191.236", + "ip.addr": "54.241.191.236", + "ip.src_host": "54.241.191.236", + "ip.host": "54.241.191.236", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49766", + "tcp.port": "80", + "tcp.port": "49766", + "tcp.stream": "9", + "tcp.len": "0", + "tcp.seq": "265", + "tcp.ack": "259", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30016", + "tcp.window_size": "30016", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008e2b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "788", + "tcp.analysis.ack_rtt": "0.011325000", + "tcp.analysis.initial_rtt": "0.016845000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:21.584793000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493941.584793000", + "frame.time_delta": "0.005762000", + "frame.time_delta_displayed": "0.005762000", + "frame.time_relative": "350.124107000", + "frame.number": "790", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001013", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f3be", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.236", + "ip.addr": "54.241.191.236", + "ip.dst_host": "54.241.191.236", + "ip.host": "54.241.191.236", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49766", + "tcp.dstport": "80", + "tcp.port": "49766", + "tcp.port": "80", + "tcp.stream": "9", + "tcp.len": "0", + "tcp.seq": "259", + "tcp.ack": "266", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5335", + "tcp.window_size": "5335", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000ee94", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "789", + "tcp.analysis.ack_rtt": "0.005762000", + "tcp.analysis.initial_rtt": "0.016845000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:22.574109000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493942.574109000", + "frame.time_delta": "0.989316000", + "frame.time_delta_displayed": "0.989316000", + "frame.time_relative": "351.113423000", + "frame.number": "791", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00001014", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f3b9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.236", + "ip.addr": "54.241.191.236", + "ip.dst_host": "54.241.191.236", + "ip.host": "54.241.191.236", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49767", + "tcp.dstport": "80", + "tcp.port": "49767", + "tcp.port": "80", + "tcp.stream": "26", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.checksum": "0x0000e10a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:78", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1400" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:22.587036000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493942.587036000", + "frame.time_delta": "0.012927000", + "frame.time_delta_displayed": "0.012927000", + "frame.time_relative": "351.126350000", + "frame.number": "792", + "frame.len": "58", + "frame.cap_len": "58", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "46", + "ip.proto": "6", + "ip.checksum": "0x000094ce", + "ip.checksum.status": "2", + "ip.src": "54.241.191.236", + "ip.addr": "54.241.191.236", + "ip.src_host": "54.241.191.236", + "ip.host": "54.241.191.236", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49767", + "tcp.port": "80", + "tcp.port": "49767", + "tcp.stream": "26", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000147e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "791", + "tcp.analysis.ack_rtt": "0.012927000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:22.592122000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493942.592122000", + "frame.time_delta": "0.005086000", + "frame.time_delta_displayed": "0.005086000", + "frame.time_relative": "351.131436000", + "frame.number": "793", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001015", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f3bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.236", + "ip.addr": "54.241.191.236", + "ip.dst_host": "54.241.191.236", + "ip.host": "54.241.191.236", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49767", + "tcp.dstport": "80", + "tcp.port": "49767", + "tcp.port": "80", + "tcp.stream": "26", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000886b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "792", + "tcp.analysis.ack_rtt": "0.005086000", + "tcp.analysis.initial_rtt": "0.018013000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:22.611405000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493942.611405000", + "frame.time_delta": "0.019283000", + "frame.time_delta_displayed": "0.019283000", + "frame.time_relative": "351.150719000", + "frame.number": "794", + "frame.len": "69", + "frame.cap_len": "69", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "55", + "ip.id": "0x00001016", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f3ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.236", + "ip.addr": "54.241.191.236", + "ip.dst_host": "54.241.191.236", + "ip.host": "54.241.191.236", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49767", + "tcp.dstport": "80", + "tcp.port": "49767", + "tcp.port": "80", + "tcp.stream": "26", + "tcp.len": "15", + "tcp.seq": "1", + "tcp.nxtseq": "16", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000d0e6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018013000", + "tcp.analysis.bytes_in_flight": "15", + "tcp.analysis.push_bytes_sent": "15" + }, + "tcp.segment_data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:22.623765000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493942.623765000", + "frame.time_delta": "0.012360000", + "frame.time_delta_displayed": "0.012360000", + "frame.time_relative": "351.163079000", + "frame.number": "795", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008a05", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "46", + "ip.proto": "6", + "ip.checksum": "0x00000acd", + "ip.checksum.status": "2", + "ip.src": "54.241.191.236", + "ip.addr": "54.241.191.236", + "ip.src_host": "54.241.191.236", + "ip.host": "54.241.191.236", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49767", + "tcp.port": "80", + "tcp.port": "49767", + "tcp.stream": "26", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "16", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00002c2c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "794", + "tcp.analysis.ack_rtt": "0.012360000", + "tcp.analysis.initial_rtt": "0.018013000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:22.628942000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493942.628942000", + "frame.time_delta": "0.005177000", + "frame.time_delta_displayed": "0.005177000", + "frame.time_relative": "351.168256000", + "frame.number": "796", + "frame.len": "296", + "frame.cap_len": "296", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "282", + "ip.id": "0x00001017", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f2c8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.236", + "ip.addr": "54.241.191.236", + "ip.dst_host": "54.241.191.236", + "ip.host": "54.241.191.236", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49767", + "tcp.dstport": "80", + "tcp.port": "49767", + "tcp.port": "80", + "tcp.stream": "26", + "tcp.len": "242", + "tcp.seq": "16", + "tcp.nxtseq": "258", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00001679", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018013000", + "tcp.analysis.bytes_in_flight": "242", + "tcp.analysis.push_bytes_sent": "242" + }, + "tcp.segment_data": "73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:33:33:35:37:31:33:30:36:39:31:37:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" + }, + "tcp.segments": { + "tcp.segment": "794", + "tcp.segment": "796", + "tcp.segment.count": "2", + "tcp.reassembled.length": "257", + "tcp.reassembled.data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f:73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:33:33:35:37:31:33:30:36:39:31:37:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" + }, + "http": { + "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917 HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917 HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "pubsub.pubnub.com", + "http.request.line": "Host: pubsub.pubnub.com\r\n", + "http.user_agent": "lwsockets\/0.1", + "http.request.line": "User-Agent: lwsockets\/0.1\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.cache_control": "no-cache, no-store, max-age=0", + "http.request.line": "Cache-Control: no-cache, no-store, max-age=0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/pubsub.pubnub.com\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:22.643142000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493942.643142000", + "frame.time_delta": "0.014200000", + "frame.time_delta_displayed": "0.014200000", + "frame.time_relative": "351.182456000", + "frame.number": "797", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008a06", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "46", + "ip.proto": "6", + "ip.checksum": "0x00000acc", + "ip.checksum.status": "2", + "ip.src": "54.241.191.236", + "ip.addr": "54.241.191.236", + "ip.src_host": "54.241.191.236", + "ip.host": "54.241.191.236", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49767", + "tcp.port": "80", + "tcp.port": "49767", + "tcp.stream": "26", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "258", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30016", + "tcp.window_size": "30016", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000280a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "796", + "tcp.analysis.ack_rtt": "0.014200000", + "tcp.analysis.initial_rtt": "0.018013000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:26.091797000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493946.091797000", + "frame.time_delta": "3.448655000", + "frame.time_delta_displayed": "3.448655000", + "frame.time_relative": "354.631111000", + "frame.number": "798", + "frame.len": "264", + "frame.cap_len": "264", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "250", + "ip.id": "0x00002c03", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038b6", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "198", + "tcp.seq": "929", + "tcp.nxtseq": "1127", + "tcp.ack": "5051", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000575b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9c:55:a7:00:25:35:f9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812040615, TSecr 2438649": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812040615", + "tcp.options.timestamp.tsecr": "2438649" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "198", + "tcp.analysis.push_bytes_sent": "198" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "193", + "ssl.app_data": "34:cd:34:17:47:48:0e:3c:ae:f9:fe:b9:80:08:84:d1:55:2c:4e:a1:c5:27:f3:26:ce:8a:36:77:20:83:4a:fc:f6:a0:e4:8f:b2:ee:5d:8d:b5:57:2f:f0:aa:ca:33:e7:50:18:ff:37:c9:f6:03:c7:91:b5:6e:64:ec:e3:e2:e2:a5:40:f6:ee:90:9d:6c:bc:c7:c3:3b:8e:0b:dc:c2:08:cc:b8:5c:ba:61:d7:a9:0b:59:de:64:8c:7f:89:3a:60:2d:22:63:70:72:15:24:46:1e:4c:9f:27:fb:39:99:07:d3:45:b7:06:5a:1e:89:41:de:4f:61:00:4e:cc:dd:59:da:29:ff:bd:6d:40:7b:a7:15:80:7f:a0:b1:fb:ba:e2:78:6d:a8:fc:41:41:c7:d0:a4:42:35:28:a6:56:2c:a6:d1:8a:85:1f:d8:71:f0:f5:10:36:78:29:54:90:f3:06:37:59:dc:d4:7c:30:cc:83:72:f7:f8:41:91:7f:82:1f:bc" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:26.092292000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493946.092292000", + "frame.time_delta": "0.000495000", + "frame.time_delta_displayed": "0.000495000", + "frame.time_relative": "354.631606000", + "frame.number": "799", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000950d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007872", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "5051", + "tcp.ack": "1127", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fe64", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:3b:73:a7:9c:55:a7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2440051, TSecr 2812040615": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2440051", + "tcp.options.timestamp.tsecr": "2812040615" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "798", + "tcp.analysis.ack_rtt": "0.000495000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:26.100063000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493946.100063000", + "frame.time_delta": "0.007771000", + "frame.time_delta_displayed": "0.007771000", + "frame.time_relative": "354.639377000", + "frame.number": "800", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x0000950e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000783c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "5051", + "tcp.nxtseq": "5104", + "tcp.ack": "1127", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000562e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:3b:74:a7:9c:55:a7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2440052, TSecr 2812040615": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2440052", + "tcp.options.timestamp.tsecr": "2812040615" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:a8:86:80:00:18:f4:1f:fd:4e:9d:81:9d:24:9d:16:62:0b:dc:fc:47:40:63:05:6e:68:ed:97:44:7d:c9:eb:8d:79:35:64:c8:4a:05:52:a5:03" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:26.198301000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493946.198301000", + "frame.time_delta": "0.098238000", + "frame.time_delta_displayed": "0.098238000", + "frame.time_relative": "354.737615000", + "frame.number": "801", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c04", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000397b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "1127", + "tcp.ack": "5104", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ff02", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9c:55:c2:00:25:3b:74", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812040642, TSecr 2440052": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812040642", + "tcp.options.timestamp.tsecr": "2440052" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "800", + "tcp.analysis.ack_rtt": "0.098238000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:26.198922000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493946.198922000", + "frame.time_delta": "0.000621000", + "frame.time_delta_displayed": "0.000621000", + "frame.time_relative": "354.738236000", + "frame.number": "802", + "frame.len": "1442", + "frame.cap_len": "1442", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1428", + "ip.id": "0x0000950f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007310", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1376", + "tcp.seq": "5104", + "tcp.nxtseq": "6480", + "tcp.ack": "1127", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000023bd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:3b:7e:a7:9c:55:c2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2440062, TSecr 2812040642": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2440062", + "tcp.options.timestamp.tsecr": "2812040642" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1376", + "tcp.analysis.push_bytes_sent": "1376" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:a9:3e:fb:e9:c1:bf:d0:df:49:38:73:38:46:34:99:d5:8f:ed:05:e9:e6:31:2c:31:4b:a5:a7:6b:8d:13:56:5a:cd:20:5d:5d:7c:f7:12:97:7a:61" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:aa:c2:6a:79:6a:64:d5:a4:e6:09:fc:21:11:61:b0:e5:7e:42:d3:f7:79:c1:50:96:58:23:6b:4e:7e:c3:35:37:56:f2:fe:9b:d4:76:72:82:1e:b9:ca:82:72:62:1c:a0:64:7e:72:2b:df:8e:79:10:5b:d3:74:d4:ce:2c:70:36:af:a0:0c:24:b5:bd:96:df:13:9d:70:18:2c:fa:1b:be:04:4b:83:6a:7a:8a:90:c1:de" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1078", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:ab:50:3f:bf:ed:cb:4d:04:e9:dd:ea:9a:f8:7c:e9:82:63:ad:b5:c0:5d:05:2d:fe:c5:31:a4:14:7f:61:18:39:7d:36:79:b3:2d:27:c6:7f:70:be:44:32:ca:d8:31:83:90:a2:b1:a6:f6:b6:6d:2a:a2:31:9a:d4:ec:b2:79:89:f9:50:d6:ba:d2:cd:1c:d8:de:05:4b:2c:b6:f5:17:7e:fc:70:87:cd:7b:bc:12:8e:91:f8:05:87:0e:30:e1:cd:dd:12:2c:66:9c:3d:e7:2b:b7:21:88:c6:26:96:19:40:eb:d8:a3:1c:f6:ef:21:42:4f:9f:36:db:71:48:c0:5e:ef:93:38:91:09:87:13:b5:8e:00:14:6c:7f:8a:32:ec:92:3b:fd:d0:15:86:d1:73:2d:1c:a4:40:87:b9:ff:33:e4:cf:55:ef:f0:a6:6f:a1:96:13:aa:99:22:12:17:fa:59:f4:30:29:29:2e:87:b5:c2:c6:af:2e:87:2c:16:7b:e7:e3:91:5d:d5:a0:95:fc:ed:bc:ca:16:66:7a:c7:78:61:c4:cd:2c:68:d0:26:22:43:8e:d2:98:04:83:4a:78:08:3f:e5:8e:5c:38:e2:d9:fc:df:99:78:82:eb:68:b7:5e:63:94:81:95:23:17:d3:0e:7e:51:1f:44:cf:73:26:ba:3e:c9:7e:73:81:6c:88:b9:3c:4d:f3:c5:30:3f:54:bb:d1:8a:e8:f0:93:01:b5:ab:e7:25:9a:6f:c3:93:92:4e:6a:7e:29:f8:57:07:b8:08:64:30:f9:36:85:69:81:75:89:6f:21:31:0b:ff:4c:3f:41:b8:31:bb:13:cd:46:c1:c8:78:2d:4c:60:d1:a9:8c:da:f5:86:ae:88:74:c9:5e:1c:02:31:93:5d:f9:4d:4b:15:54:90:a0:7b:51:a5:f8:c3:63:e3:83:44:12:35:01:a2:a3:ef:39:38:c9:d1:15:fe:cc:32:a2:b2:7c:68:86:1b:d8:fa:e3:cd:75:25:3f:69:1c:4c:cd:3f:87:59:f8:c1:e2:9e:bc:41:90:76:2e:80:2c:e2:cd:02:ed:b0:40:0c:06:92:c4:34:bd:23:6e:fb:a5:2e:30:87:f4:f5:fe:57:8c:6c:e4:46:7b:cc:95:15:59:f8:f5:51:4b:23:b2:73:b6:2d:ec:6a:2d:60:31:4a:9f:80:4c:e8:f9:6d:06:5d:4b:be:16:68:4c:78:8a:59:2a:63:26:e7:59:c2:9b:b7:08:83:ed:b7:e6:9d:5e:b1:7b:76:1d:a8:54:62:1b:bc:43:3f:70:bd:5c:e4:96:b0:bc:03:14:d5:a6:69:35:7b:32:1c:a5:8f:d9:b4:5f:d3:35:4b:dc:25:95:c3:0f:62:bc:a5:ef:b4:19:35:4e:bc:ff:df:10:e1:18:2c:06:e4:36:10:b1:2c:34:9f:d9:1f:3b:3b:57:c3:b1:47:08:42:e2:fc:5a:77:0e:12:c6:14:8d:f8:e0:49:6d:39:a2:8b:30:88:1f:16:11:04:6a:3d:d5:f5:eb:95:73:74:38:30:89:2f:0d:61:5a:26:7f:53:18:45:e2:4f:8e:d8:fe:3b:c0:46:8c:97:ca:41:42:32:3b:fd:cc:c6:ca:e7:c2:fa:55:96:e1:0e:77:0c:45:22:5e:b2:cb:45:cc:2c:7d:04:d2:fc:7f:e4:dc:7e:2e:65:b9:17:53:e0:db:6a:16:5c:27:39:91:3d:45:84:27:b9:fe:67:cc:33:e0:03:41:3e:c7:9b:b9:41:87:67:a2:64:a5:25:ee:76:d2:16:7f:d3:c7:52:12:b5:76:2e:17:4c:74:0a:1f:7c:f9:4a:b3:c3:99:28:81:a8:77:20:4f:07:59:49:3e:09:ad:ff:18:fe:c1:cc:ca:8e:2c:4f:93:f4:b1:ca:bc:d0:9b:8a:80:07:7c:12:09:45:11:9a:eb:51:5e:ba:0b:94:ec:c2:64:e4:ae:2e:35:27:6f:5d:07:99:89:2f:8c:4d:e7:7a:91:47:5b:89:4a:49:29:e4:43:d6:48:31:92:35:cc:e8:6f:e7:3a:08:59:7a:55:55:45:59:04:00:79:34:da:6f:8a:09:9f:a5:fd:ad:2d:22:c4:37:12:58:30:7c:72:cb:fd:b7:9b:e7:a6:dc:df:73:b8:2d:6f:c1:df:19:4e:34:9d:e4:8e:45:8f:8b:41:eb:58:bd:15:eb:e1:3e:09:ad:f5:f9:56:34:43:8f:fc:4a:ce:7a:ae:03:55:97:a0:af:35:48:8f:16:82:6f:64:b7:20:43:b2:18:ef:1e:1d:f0:fe:75:f1:68:09:6d:2a:fb:38:f6:39:74:3c:b8:9d:25:a1:37:6c:25:7e:1f:89:a5:f2:fe:cf:f4:c0:d8:00:a6:72:7a:f1:f7:10:50:ed:6c:fc:d8:1f:7b:06:b9:a2:80:d2:10:21:fb:69:ba:36:c4:72:8a:37:27:8f:e0:6c:90:49:6f:48:ff:25:19:fb:66:f6:6c:73:71:5c:f4:97:f4:4d:d4:43:6c:37:c0:0f:30:9b:96:0b:4f:de:6f:8d:6c:3d:2e:d1:ac:05:8f:26:55:c6:aa:01:79:85:e1:40:68:16:93:04:9c:ac:ae:23:92:ba:97:65:4d:b7:d2:35:4d:59:a4:3e:17:d0:33:d9:ad:05:93:4c:92:25:3b:61:3e:e6:26:8d:65:35:92:b0:23:d6:df:dd:6b:f7:8f:aa:e3:b6:bd:26:40:1b:b5:26:54:ab:35:61:98:c8:42:dd:c2:bc:09:1b:86:3f:35:bf:93:aa:04:d6:74:76:07:87:dd:7e:90:6f:ad:c1:93:f7" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "133", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:ac:b0:0c:f9:f6:b8:c2:63:89:00:71:6a:3e:3e:d1:63:0e:8e:5a:af:c5:62:c8:10:60:49:9f:f2:41:18:90:da:d3:7f:79:15:2b:21:f7:d6:d3:de:93:8f:86:fc:a1:fb:7d:26:78:b2:a5:5f:53:62:f0:f0:e4:f3:12:71:a6:0f:07:9c:c3:61:22:7e:a4:96:dd:9f:68:4f:53:1d:e5:c0:dc:cb:73:b8:86:0d:29:83:e6:c6:79:19:bd:d5:12:a1:49:fd:20:f7:b5:31:fa:ce:2c:c1:bd:a2:b0:93:20:1f:48:8f:f1:1a:11:de:73:b8:e6:d8:87:e1:be:07" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:26.259105000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493946.259105000", + "frame.time_delta": "0.060183000", + "frame.time_delta_displayed": "0.060183000", + "frame.time_relative": "354.798419000", + "frame.number": "803", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c05", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000397a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "1127", + "tcp.ack": "6480", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f989", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9c:55:d1:00:25:3b:7e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812040657, TSecr 2440062": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812040657", + "tcp.options.timestamp.tsecr": "2440062" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "802", + "tcp.analysis.ack_rtt": "0.060183000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:26.514695000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493946.514695000", + "frame.time_delta": "0.255590000", + "frame.time_delta_displayed": "0.255590000", + "frame.time_relative": "355.054009000", + "frame.number": "804", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009510", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007839", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "6480", + "tcp.nxtseq": "6534", + "tcp.ack": "1127", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001b89", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:3b:9e:a7:9c:55:d1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2440094, TSecr 2812040657": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2440094", + "tcp.options.timestamp.tsecr": "2812040657" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:ad:fc:85:23:72:ef:8f:d0:c9:8b:de:d2:64:fd:92:52:65:39:d7:68:17:4b:fe:59:c6:6d:1e:c7:78:70:8e:2c:e2:9a:1f:3d:68:1a:4f:4a:08:b0" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:26.540911000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493946.540911000", + "frame.time_delta": "0.026216000", + "frame.time_delta_displayed": "0.026216000", + "frame.time_relative": "355.080225000", + "frame.number": "805", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.120" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:26.546881000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493946.546881000", + "frame.time_delta": "0.005970000", + "frame.time_delta_displayed": "0.005970000", + "frame.time_relative": "355.086195000", + "frame.number": "806", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "e4:95:6e:b0:20:39", + "arp.src.proto_ipv4": "192.168.0.120", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:26.574878000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493946.574878000", + "frame.time_delta": "0.027997000", + "frame.time_delta_displayed": "0.027997000", + "frame.time_relative": "355.114192000", + "frame.number": "807", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c06", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003979", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "1127", + "tcp.ack": "6534", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f8e4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9c:56:20:00:25:3b:9e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812040736, TSecr 2440094": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812040736", + "tcp.options.timestamp.tsecr": "2440094" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "804", + "tcp.analysis.ack_rtt": "0.060183000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:28.854733000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493948.854733000", + "frame.time_delta": "2.279855000", + "frame.time_delta_displayed": "2.279855000", + "frame.time_relative": "357.394047000", + "frame.number": "808", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:30.286774000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493950.286774000", + "frame.time_delta": "1.432041000", + "frame.time_delta_displayed": "1.432041000", + "frame.time_relative": "358.826088000", + "frame.number": "809", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:57:18:8e:aa:94", + "arp.src.proto_ipv4": "192.168.0.108", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:34.580847000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493954.580847000", + "frame.time_delta": "4.294073000", + "frame.time_delta_displayed": "4.294073000", + "frame.time_relative": "363.120161000", + "frame.number": "810", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057dd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6b4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "121", + "tcp.ack": "109", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000005db", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:34.723944000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493954.723944000", + "frame.time_delta": "0.143097000", + "frame.time_delta_displayed": "0.143097000", + "frame.time_relative": "363.263258000", + "frame.number": "811", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fcf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdc2", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "109", + "tcp.ack": "122", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001050", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:35.824404000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493955.824404000", + "frame.time_delta": "1.100460000", + "frame.time_delta_displayed": "1.100460000", + "frame.time_relative": "364.363718000", + "frame.number": "812", + "frame.len": "412", + "frame.cap_len": "412", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "398", + "ip.id": "0x00009511", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007714", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "346", + "tcp.seq": "6534", + "tcp.nxtseq": "6880", + "tcp.ack": "1127", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009feb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:3f:41:a7:9c:56:20", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2441025, TSecr 2812040736": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2441025", + "tcp.options.timestamp.tsecr": "2812040736" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "346", + "tcp.analysis.push_bytes_sent": "346" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "341", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:ae:d4:2b:32:d4:ac:2e:d4:9a:b1:8e:74:06:5f:65:48:d1:03:0e:51:aa:16:05:04:34:a4:63:d9:21:b0:70:b0:96:45:8a:6b:c7:70:a0:28:b8:21:a8:3f:99:0c:e4:1b:da:d5:2f:2d:c2:90:75:dc:ef:22:b4:38:63:73:72:95:86:0e:54:a6:ad:e4:06:85:ca:7c:f4:d4:1f:af:f9:90:1a:ff:dc:fe:4d:e1:8f:21:f5:77:b7:d5:31:68:5d:2a:85:ff:2c:4c:3b:ec:d5:ba:8d:1f:e1:6e:ce:d9:f6:1f:5b:44:9e:be:e2:fb:c7:01:11:2d:06:9f:01:25:a3:66:88:c4:69:7c:98:9b:89:d6:a4:5d:d7:a8:11:ca:57:1b:6f:5c:21:6c:e8:5a:35:2d:2b:d3:c7:fc:40:ca:e3:88:80:c7:6b:2b:7e:8b:98:aa:c6:0b:ce:5a:f3:05:e8:53:88:04:14:f6:2e:9c:c3:36:01:5c:42:94:82:f2:68:67:a9:7f:68:08:3e:bb:93:04:d6:76:2e:e8:59:8c:f6:e6:46:9f:23:39:b1:f0:5b:a4:bb:6d:fb:2c:30:2f:43:85:6b:ac:13:0a:68:ab:f1:3c:93:46:b3:23:3c:79:3e:88:74:0e:06:23:a3:60:79:6b:f3:f4:45:b5:da:cc:5a:9b:d6:1b:d5:f4:85:45:e9:83:fd:32:89:c4:d3:85:70:9b:89:16:6d:85:dd:3d:81:6a:2e:01:e6:8c:d6:a5:3f:b3:f2:c7:3f:4d:84:93:8d:6c:c1:78:2c:09:0f:19:0a:4c:e7:3a:1f:87:cb:6d:7e:e2:7b:e5:8e:e5:4d:7b:34:c4:d9:93:be:5e:d1:ec:2c:2a:f4:85:0d:ce:76:99" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:35.884637000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493955.884637000", + "frame.time_delta": "0.060233000", + "frame.time_delta_displayed": "0.060233000", + "frame.time_relative": "364.423951000", + "frame.number": "813", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c07", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003978", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "1127", + "tcp.ack": "6880", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ead0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9c:5f:37:00:25:3f:41", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812043063, TSecr 2441025": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812043063", + "tcp.options.timestamp.tsecr": "2441025" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "812", + "tcp.analysis.ack_rtt": "0.060233000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:35.885594000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493955.885594000", + "frame.time_delta": "0.000957000", + "frame.time_delta_displayed": "0.000957000", + "frame.time_relative": "364.424908000", + "frame.number": "814", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002c08", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003948", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "1127", + "tcp.nxtseq": "1174", + "tcp.ack": "6880", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bdd2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9c:5f:37:00:25:3f:41", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812043063, TSecr 2441025": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812043063", + "tcp.options.timestamp.tsecr": "2441025" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:3d:53:55:5a:34:0b:fb:01:cd:0d:6b:87:d9:fc:7e:99:7f:80:21:04:00:43:9d:67:71:d0:08:4c:6d:39:7f:01:bf:98:05" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:35.924070000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493955.924070000", + "frame.time_delta": "0.038476000", + "frame.time_delta_displayed": "0.038476000", + "frame.time_relative": "364.463384000", + "frame.number": "815", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009512", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000786d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "6880", + "tcp.ack": "1174", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e9a8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:3f:4b:a7:9c:5f:37", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2441035, TSecr 2812043063": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2441035", + "tcp.options.timestamp.tsecr": "2812043063" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "814", + "tcp.analysis.ack_rtt": "0.038476000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:36.167164000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493956.167164000", + "frame.time_delta": "0.243094000", + "frame.time_delta_displayed": "0.243094000", + "frame.time_relative": "364.706478000", + "frame.number": "816", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005b68", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005c81", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:39.590889000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493959.590889000", + "frame.time_delta": "3.423725000", + "frame.time_delta_displayed": "3.423725000", + "frame.time_relative": "368.130203000", + "frame.number": "817", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:39.591073000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493959.591073000", + "frame.time_delta": "0.000184000", + "frame.time_delta_displayed": "0.000184000", + "frame.time_relative": "368.130387000", + "frame.number": "818", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:40.214797000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493960.214797000", + "frame.time_delta": "0.623724000", + "frame.time_delta_displayed": "0.623724000", + "frame.time_relative": "368.754111000", + "frame.number": "819", + "frame.len": "134", + "frame.cap_len": "134", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:adwin_config" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "120", + "ip.id": "0x00000a9a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edf2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "100", + "udp.checksum": "0x00000814", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "adwin_config": { + "adwin_config.pattern": "0x5c000054", + "adwin_config.version": "1112689490", + "adwin_config.scan_id": "0xd073d502", + "adwin_config.status": "0x41da0000", + "adwin_config.timeout": "1279870552", + "adwin_config.filename": "V2", + "adwin_config.mac": "9f:36:19:4e:7a:42", + "adwin_config.unused": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:40.891183000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493960.891183000", + "frame.time_delta": "0.676386000", + "frame.time_delta_displayed": "0.676386000", + "frame.time_relative": "369.430497000", + "frame.number": "820", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:40.891614000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493960.891614000", + "frame.time_delta": "0.000431000", + "frame.time_delta_displayed": "0.000431000", + "frame.time_relative": "369.430928000", + "frame.number": "821", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:45.567172000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493965.567172000", + "frame.time_delta": "4.675558000", + "frame.time_delta_displayed": "4.675558000", + "frame.time_relative": "374.106486000", + "frame.number": "822", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d3c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bab4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000c9c", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000267", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=615", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:45.567738000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493965.567738000", + "frame.time_delta": "0.000566000", + "frame.time_delta_displayed": "0.000566000", + "frame.time_relative": "374.107052000", + "frame.number": "823", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d3d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009baf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ed97", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000267", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=615", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:45.568312000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493965.568312000", + "frame.time_delta": "0.000574000", + "frame.time_delta_displayed": "0.000574000", + "frame.time_relative": "374.107626000", + "frame.number": "824", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007b5d", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000267", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=615", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:48.614140000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493968.614140000", + "frame.time_delta": "3.045828000", + "frame.time_delta_displayed": "3.045828000", + "frame.time_relative": "377.153454000", + "frame.number": "825", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000796d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004fea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:48.667016000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493968.667016000", + "frame.time_delta": "0.052876000", + "frame.time_delta_displayed": "0.052876000", + "frame.time_relative": "377.206330000", + "frame.number": "826", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00007970", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004fe7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:48.719949000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493968.719949000", + "frame.time_delta": "0.052933000", + "frame.time_delta_displayed": "0.052933000", + "frame.time_relative": "377.259263000", + "frame.number": "827", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00007973", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004fdb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:48.818763000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493968.818763000", + "frame.time_delta": "0.098814000", + "frame.time_delta_displayed": "0.098814000", + "frame.time_relative": "377.358077000", + "frame.number": "828", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00007975", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004fd9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:48.825582000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493968.825582000", + "frame.time_delta": "0.006819000", + "frame.time_delta_displayed": "0.006819000", + "frame.time_relative": "377.364896000", + "frame.number": "829", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00007979", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004fdb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:48.878482000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493968.878482000", + "frame.time_delta": "0.052900000", + "frame.time_delta_displayed": "0.052900000", + "frame.time_relative": "377.417796000", + "frame.number": "830", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000797d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004fd7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:50.458405000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493970.458405000", + "frame.time_delta": "1.579923000", + "frame.time_delta_displayed": "1.579923000", + "frame.time_relative": "378.997719000", + "frame.number": "831", + "frame.len": "419", + "frame.cap_len": "419", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "405", + "ip.id": "0x00009513", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000770b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "353", + "tcp.seq": "6880", + "tcp.nxtseq": "7233", + "tcp.ack": "1174", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000cf9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:44:f8:a7:9c:5f:37", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2442488, TSecr 2812043063": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2442488", + "tcp.options.timestamp.tsecr": "2812043063" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "353", + "tcp.analysis.push_bytes_sent": "353" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "348", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:af:5c:a6:1b:72:08:c1:4c:33:93:33:30:7f:e4:ba:90:db:0a:2f:88:34:50:eb:e1:35:4b:62:d3:17:c9:d0:5d:95:fe:f7:e9:97:83:f8:ac:34:ad:03:40:fe:aa:89:26:9a:8c:d3:5b:66:d9:1e:fb:f1:1b:1b:3e:e7:ab:a7:cf:95:a1:bb:5c:e8:6c:b4:23:b9:59:4c:53:ca:40:07:c3:9b:85:85:cc:0f:74:22:b2:79:4a:41:3e:52:ce:c9:b1:65:da:04:f5:dc:25:8d:d5:74:f2:aa:9b:85:a4:4d:59:c6:25:8e:54:d7:20:c6:78:98:94:c3:4b:87:7e:78:fb:a1:ba:fb:79:7e:6f:e2:26:86:77:aa:9c:f5:11:e8:4e:e8:90:e8:68:ca:50:79:28:fd:a4:74:d9:ed:54:6e:67:f1:56:19:38:d9:62:07:03:9b:63:72:85:8f:04:a0:90:59:00:0d:82:18:5a:d2:58:fe:85:f9:52:00:7e:0a:d3:93:d0:5d:c7:da:a7:4d:8b:81:4b:45:73:cb:73:96:43:d4:6e:c6:cc:fd:a8:68:eb:60:8c:e8:eb:f8:49:46:6f:2c:c6:70:5a:3f:8d:1b:63:c4:12:96:50:8a:e6:00:d7:ed:ab:0f:02:f0:82:ff:2e:3d:d8:f0:5a:18:47:6d:24:e5:2e:27:23:d5:4b:b0:c5:2b:65:18:52:c8:c9:02:82:ac:cb:25:02:ea:0d:3d:ca:a2:2c:7f:00:d6:1d:31:85:54:cc:7a:c9:d0:68:be:b4:43:87:b7:33:2b:7c:b5:3d:99:d2:1f:3c:5c:11:25:db:c8:85:18:7f:c7:82:75:55:2a:bd:76:5c:20:86:81:4b:64:e8:21:03:32:5f:92:21:5c:bc:66:52:fe" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:50.519173000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493970.519173000", + "frame.time_delta": "0.060768000", + "frame.time_delta_displayed": "0.060768000", + "frame.time_relative": "379.058487000", + "frame.number": "832", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002c09", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003947", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "1174", + "tcp.nxtseq": "1221", + "tcp.ack": "7233", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d83b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9c:6d:82:00:25:44:f8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812046722, TSecr 2442488": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812046722", + "tcp.options.timestamp.tsecr": "2442488" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "831", + "tcp.analysis.ack_rtt": "0.060768000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:3e:72:98:5e:17:69:74:d8:5a:4c:18:44:2c:2e:1f:b0:26:cc:ad:8e:b4:5f:3c:00:29:1b:fe:df:0f:1f:83:49:0a:6a:e1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:50.519599000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493970.519599000", + "frame.time_delta": "0.000426000", + "frame.time_delta_displayed": "0.000426000", + "frame.time_relative": "379.058913000", + "frame.number": "833", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009514", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000786b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "7233", + "tcp.ack": "1221", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d41a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:44:fe:a7:9c:6d:82", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2442494, TSecr 2812046722": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2442494", + "tcp.options.timestamp.tsecr": "2812046722" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "832", + "tcp.analysis.ack_rtt": "0.000426000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:50.567480000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493970.567480000", + "frame.time_delta": "0.047881000", + "frame.time_delta_displayed": "0.047881000", + "frame.time_relative": "379.106794000", + "frame.number": "834", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d3e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bab2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000c9c", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000267", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=615", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:50.568036000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493970.568036000", + "frame.time_delta": "0.000556000", + "frame.time_delta_displayed": "0.000556000", + "frame.time_relative": "379.107350000", + "frame.number": "835", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d3f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ed97", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000267", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=615", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:50.568615000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493970.568615000", + "frame.time_delta": "0.000579000", + "frame.time_delta_displayed": "0.000579000", + "frame.time_relative": "379.107929000", + "frame.number": "836", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007b5d", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000267", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=615", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:55.568215000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493975.568215000", + "frame.time_delta": "4.999600000", + "frame.time_delta_displayed": "4.999600000", + "frame.time_relative": "384.107529000", + "frame.number": "837", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d40", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000bab0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000c9c", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000267", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=615", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:55.568616000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493975.568616000", + "frame.time_delta": "0.000401000", + "frame.time_delta_displayed": "0.000401000", + "frame.time_relative": "384.107930000", + "frame.number": "838", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d41", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009bab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ed97", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000267", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=615", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:55.569023000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493975.569023000", + "frame.time_delta": "0.000407000", + "frame.time_delta_displayed": "0.000407000", + "frame.time_relative": "384.108337000", + "frame.number": "839", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007b5d", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000267", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=615", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:56.549414000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493976.549414000", + "frame.time_delta": "0.980391000", + "frame.time_delta_displayed": "0.980391000", + "frame.time_relative": "385.088728000", + "frame.number": "840", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:57:18:8e:aa:94", + "arp.src.proto_ipv4": "192.168.0.108", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:58.503572000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493978.503572000", + "frame.time_delta": "1.954158000", + "frame.time_delta_displayed": "1.954158000", + "frame.time_relative": "387.042886000", + "frame.number": "841", + "frame.len": "1325", + "frame.cap_len": "1325", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1311", + "ip.id": "0x00009515", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000737f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1259", + "tcp.seq": "7233", + "tcp.nxtseq": "8492", + "tcp.ack": "1221", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007125", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:48:1d:a7:9c:6d:82", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2443293, TSecr 2812046722": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2443293", + "tcp.options.timestamp.tsecr": "2812046722" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1259", + "tcp.analysis.push_bytes_sent": "1259" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1254", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:b0:e7:77:12:bf:71:32:81:38:4d:18:e6:c6:9f:52:7d:06:91:d5:48:40:0b:cf:7d:4b:69:30:7b:8e:28:f0:e2:9b:f4:18:a9:1b:6f:90:f7:7b:64:93:78:ff:a2:06:21:31:d8:18:23:86:28:b7:04:69:60:86:d1:f8:82:34:0f:0c:46:25:1f:2f:c5:a0:0e:11:24:1e:4f:24:18:f9:1c:96:c7:97:65:4f:2c:be:aa:4b:f3:26:60:71:9c:4f:19:76:67:c4:6e:2c:a7:ef:16:98:f8:54:e6:57:e2:ff:31:5c:29:c7:ee:bb:be:a1:70:5e:87:79:bb:3e:fb:ea:f0:4e:61:5c:30:7a:91:d9:81:9b:a4:4d:7f:ab:f3:8b:f3:71:cf:4b:d0:74:9e:cf:b2:a1:e8:ac:f0:50:63:6a:e5:3a:19:49:14:7f:f9:45:6f:b8:4e:9c:b6:ac:a6:e5:2f:df:8f:d6:90:38:89:3d:67:1f:45:ee:c7:50:47:6c:af:25:92:d7:60:ae:46:8d:53:16:f5:b5:4b:ba:57:b0:f6:7e:c0:11:87:20:b7:02:dd:ab:58:ce:85:5a:c1:8a:25:9b:22:cc:6d:b9:b7:97:ad:db:da:c5:cc:59:79:4a:02:f1:d4:27:0b:c5:c0:2a:1c:de:83:a8:5c:d4:55:93:9b:ff:69:80:48:c1:56:46:8a:6b:6b:b3:3c:b6:36:7b:ee:fa:1a:9e:b2:8b:9c:2b:91:95:d7:ab:15:d5:9f:2b:0e:c2:55:2d:bb:67:45:0a:41:56:11:28:c2:e5:34:5d:d2:31:8b:f4:72:a5:ba:84:21:ac:0b:44:15:78:f9:18:f4:c2:0e:93:ff:2e:cd:8d:5a:51:7b:03:0f:d6:45:9f:be:d2:23:1c:8d:8d:cf:50:73:19:95:8c:14:45:6d:91:21:7b:82:94:3e:54:8e:f3:64:7d:42:d2:bf:4e:f8:8d:95:29:96:f6:55:43:49:6d:c8:27:37:91:c3:6b:a4:ed:57:50:f7:4e:09:82:2f:91:8e:b1:72:de:b4:13:48:3d:d7:f5:32:9e:fc:74:ef:40:6d:fc:92:9e:58:31:b8:d0:0e:ef:bf:06:fc:b7:22:d7:c1:45:5c:26:de:9c:b5:99:8d:32:fc:96:88:ed:d1:e8:ac:7b:e9:b4:5b:67:ad:a7:7e:5e:85:31:0c:68:d2:a5:f0:ba:9a:6d:79:74:79:2a:ac:b8:53:46:d7:a3:ef:8f:3e:81:bc:d5:de:d6:3d:19:05:c6:9b:44:ad:6e:f8:2c:e1:f5:13:ea:d0:89:6d:c1:e2:ed:28:17:bf:7b:0d:1c:91:28:e7:67:3e:8b:1f:2a:7a:04:85:a4:57:42:bc:8e:8e:e7:58:6f:9e:9c:5a:a4:ef:ec:28:ed:1b:5a:25:f2:06:e1:fa:1e:4c:42:66:96:5a:72:ca:84:83:4d:a2:99:fe:ec:3a:be:c9:3d:ae:53:a2:0b:d8:6e:75:7c:b0:62:14:f2:b2:34:8d:09:62:77:4e:76:4c:2c:2e:fe:f6:3c:f8:e1:5e:3a:c8:e0:2f:67:dd:35:8d:a7:33:1e:6a:44:ef:85:8a:d3:b4:01:80:ff:dd:d0:e7:98:ad:b5:bd:72:dd:9d:10:55:f4:71:a6:78:a9:be:2f:ae:8c:9a:b9:c6:96:cf:b2:9c:46:9d:0a:1a:4a:84:da:ad:97:62:0b:ad:24:17:f7:be:25:6d:e5:94:01:eb:46:62:27:16:1e:a0:29:6e:d4:21:27:56:ff:ff:6f:2d:47:b2:a9:54:0d:e2:0c:a5:83:48:ba:19:37:1a:ab:cc:02:29:6d:ea:02:81:e0:b6:ab:78:98:58:c7:dc:53:bb:28:e9:6d:a0:2f:1a:81:21:ee:7e:9d:47:ab:00:1d:80:ae:ed:0d:71:d2:b2:72:4f:6d:d2:3d:b1:44:ad:8e:ae:18:bd:99:80:17:38:97:50:70:82:b3:91:9f:6c:f5:38:f6:2a:1f:7d:3b:c4:66:38:85:9c:8c:e4:8c:dc:9c:5f:ec:4e:d6:f3:03:bf:16:6b:c6:06:2c:c5:e1:69:98:37:c2:1e:a3:89:05:11:de:f7:7b:f1:80:6f:7f:f3:23:54:a3:4d:cb:77:fd:56:86:f9:23:e3:1d:19:39:ec:eb:2a:4d:1f:2e:c1:4f:24:34:d9:09:e8:cb:d0:cd:e3:d1:6f:e8:cb:6d:28:c9:05:b8:9f:c0:ef:71:9a:6c:95:22:59:94:84:74:4e:58:c4:ad:8d:d1:a3:c5:d9:84:e8:c1:a5:41:b2:0b:69:dc:cf:1a:4a:23:61:f7:84:a1:a1:9b:e2:8b:dc:ff:8d:11:17:24:bf:40:de:39:06:88:18:3c:21:8e:d5:9b:45:7c:6f:77:5f:29:3d:ec:a2:f9:8a:db:cd:53:89:39:e2:81:bf:b5:bd:a0:2a:e7:f7:71:48:51:4e:ff:59:5b:31:67:7a:de:da:62:6f:09:dd:ec:6a:c7:37:fd:c9:e6:a4:a3:c0:00:e8:87:95:ee:9b:44:f0:d7:8b:5a:69:81:1d:32:db:96:35:26:11:f8:ee:84:41:47:14:40:4b:db:b0:c5:94:97:34:92:da:4c:3c:bb:95:51:b4:f1:a8:55:59:93:88:6a:75:cc:17:89:96:29:f2:56:44:4e:68:93:13:2d:4f:d8:de:9f:5b:a7:9d:91:ec:a8:eb:87:1b:9b:e6:b9:51:53:38:f5:22:92:cf:21:c0:0e:48:42:6e:7d:5c:fd:14:ed:f6:dc:fa:c5:e4:cd:64:77:5f:87:5f:dd:82:49:bf:fb:7b:ea:97:9f:58:f3:e4:0e:3d:49:34:60:a6:df:87:0e:47:e8:c4:d9:a3:94:74:47:0b:73:3c:ea:c7:3b:3d:e3:a2:d8:65:9e:31:d6:50:69:1a:c5:29:72:a2:ed:7c:d7:73:9e:01:72:20:49:08:77:c8:dd:65:20:90:d4:b1:46:49:1f:43:52:df:38:34:61:5c:ac:7b:fe:51:3d:5c:0f:57:c7:36:8b:e8:c7:fa:c9:54:c4:d8:eb:8a:0b:c4:10:11:0e:c1:2f:ec:2e:99:52:8e:8e:fd:1f:89:39:60:78:54:f9:6d:ba:70:1c:6a:1e:39:02:50:c3:df:c8:ef:35:bc:ec:74:7b:46:f4:4f:5e:18:ee:c4:37:7f:cf:9b:be:66:1d:7b:f9:f6:ba:e0:fd:81:1e:c2:20:73:3c:cb:9d:af:5b:7a:be:dd:da:cf:0a:91:62:c8:18:a2:f6:89:48:90:a8:c0:50:07:f8:37" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:52:58.602223000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493978.602223000", + "frame.time_delta": "0.098651000", + "frame.time_delta_displayed": "0.098651000", + "frame.time_relative": "387.141537000", + "frame.number": "842", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c0a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003975", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "1221", + "tcp.ack": "8492", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c51a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9c:75:67:00:25:48:1d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812048743, TSecr 2443293": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812048743", + "tcp.options.timestamp.tsecr": "2443293" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "841", + "tcp.analysis.ack_rtt": "0.098651000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:03.610697000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493983.610697000", + "frame.time_delta": "5.008474000", + "frame.time_delta_displayed": "5.008474000", + "frame.time_relative": "392.150011000", + "frame.number": "843", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:03.611135000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493983.611135000", + "frame.time_delta": "0.000438000", + "frame.time_delta_displayed": "0.000438000", + "frame.time_relative": "392.150449000", + "frame.number": "844", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:04.720817000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493984.720817000", + "frame.time_delta": "1.109682000", + "frame.time_delta_displayed": "1.109682000", + "frame.time_relative": "393.260131000", + "frame.number": "845", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057de", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6b3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "121", + "tcp.ack": "109", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000005db", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:04.864007000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493984.864007000", + "frame.time_delta": "0.143190000", + "frame.time_delta_displayed": "0.143190000", + "frame.time_relative": "393.403321000", + "frame.number": "846", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fd0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdc1", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "109", + "tcp.ack": "122", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001050", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:06.169911000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493986.169911000", + "frame.time_delta": "1.305904000", + "frame.time_delta_displayed": "1.305904000", + "frame.time_relative": "394.709225000", + "frame.number": "847", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005b70", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005c79", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:09.730697000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493989.730697000", + "frame.time_delta": "3.560786000", + "frame.time_delta_displayed": "3.560786000", + "frame.time_relative": "398.270011000", + "frame.number": "848", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:09.730823000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493989.730823000", + "frame.time_delta": "0.000126000", + "frame.time_delta_displayed": "0.000126000", + "frame.time_relative": "398.270137000", + "frame.number": "849", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:11.475641000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509493991.475641000", + "frame.time_delta": "1.744818000", + "frame.time_delta_displayed": "1.744818000", + "frame.time_relative": "400.014955000", + "frame.number": "850", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:21.535807000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494001.535807000", + "frame.time_delta": "10.060166000", + "frame.time_delta_displayed": "10.060166000", + "frame.time_relative": "410.075121000", + "frame.number": "851", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009516", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007838", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "8492", + "tcp.nxtseq": "8541", + "tcp.ack": "1221", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bc48", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:51:1c:a7:9c:75:67", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2445596, TSecr 2812048743": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2445596", + "tcp.options.timestamp.tsecr": "2812048743" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:b1:12:de:30:63:a1:37:cd:a0:c4:0e:88:5a:41:cc:99:16:ea:ee:e2:33:8a:a3:7d:5e:99:22:7a:01:21:d6:db:9a:82:57:49:d4" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:21.595961000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494001.595961000", + "frame.time_delta": "0.060154000", + "frame.time_delta_displayed": "0.060154000", + "frame.time_relative": "410.135275000", + "frame.number": "852", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c0b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003974", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "1221", + "tcp.ack": "8541", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a576", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9c:8b:db:00:25:51:1c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812054491, TSecr 2445596": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812054491", + "tcp.options.timestamp.tsecr": "2445596" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "851", + "tcp.analysis.ack_rtt": "0.060154000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:21.596493000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494001.596493000", + "frame.time_delta": "0.000532000", + "frame.time_delta_displayed": "0.000532000", + "frame.time_relative": "410.135807000", + "frame.number": "853", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002c0c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000393c", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "1221", + "tcp.nxtseq": "1276", + "tcp.ack": "8541", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e7a3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9c:8b:db:00:25:51:1c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812054491, TSecr 2445596": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812054491", + "tcp.options.timestamp.tsecr": "2445596" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:3f:35:c1:31:a6:6e:37:42:29:d6:6c:77:74:2a:80:e5:b3:03:4d:c6:7d:14:14:dd:7b:d0:25:2d:3f:8e:8d:f6:14:3f:a1:5c:c1:50:ee:d6:ff:5a:75" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:21.596926000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494001.596926000", + "frame.time_delta": "0.000433000", + "frame.time_delta_displayed": "0.000433000", + "frame.time_relative": "410.136240000", + "frame.number": "854", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009517", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007868", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8541", + "tcp.ack": "1276", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a44a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:51:22:a7:9c:8b:db", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2445602, TSecr 2812054491": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2445602", + "tcp.options.timestamp.tsecr": "2812054491" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "853", + "tcp.analysis.ack_rtt": "0.000433000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:24.955768000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494004.955768000", + "frame.time_delta": "3.358842000", + "frame.time_delta_displayed": "3.358842000", + "frame.time_relative": "413.495082000", + "frame.number": "855", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "50:c7:bf:59:d5:84", + "eth.src_tree": { + "eth.src_resolved": "Tp-LinkT_59:d5:84", + "eth.addr": "50:c7:bf:59:d5:84", + "eth.addr_resolved": "Tp-LinkT_59:d5:84", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "50:c7:bf:59:d5:84", + "arp.src.proto_ipv4": "192.168.0.221", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:25.363856000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494005.363856000", + "frame.time_delta": "0.408088000", + "frame.time_delta_displayed": "0.408088000", + "frame.time_relative": "413.903170000", + "frame.number": "856", + "frame.len": "98", + "frame.cap_len": "98", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "84", + "ip.id": "0x00000a9c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ee14", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "64", + "udp.checksum": "0x00006129", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "38:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:44:65:4b:aa:cc:cc:f2:14:0f:00:00:00:00:a6:d4:73:1a:21:e0:13:ff:c9:9a:3b:00:00:00:00:01:00:02:00", + "data.len": "56" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:28.843965000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494008.843965000", + "frame.time_delta": "3.480109000", + "frame.time_delta_displayed": "3.480109000", + "frame.time_relative": "417.383279000", + "frame.number": "857", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.442147000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.442147000", + "frame.time_delta": "1.598182000", + "frame.time_delta_displayed": "1.598182000", + "frame.time_relative": "418.981461000", + "frame.number": "858", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x000020dd", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e767", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52117", + "udp.dstport": "1900", + "udp.port": "52117", + "udp.port": "1900", + "udp.length": "134", + "udp.checksum": "0x00004d48", + "udp.checksum.status": "2", + "udp.stream": "10" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "629" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.837840000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.837840000", + "frame.time_delta": "0.395693000", + "frame.time_delta_displayed": "0.395693000", + "frame.time_relative": "419.377154000", + "frame.number": "859", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000038b0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007e9b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "691" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.841505000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.841505000", + "frame.time_delta": "0.003665000", + "frame.time_delta_displayed": "0.003665000", + "frame.time_relative": "419.380819000", + "frame.number": "860", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001907", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54535", + "tcp.dstport": "80", + "tcp.port": "54535", + "tcp.port": "80", + "tcp.stream": "27", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000068e0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.842056000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.842056000", + "frame.time_delta": "0.000551000", + "frame.time_delta_displayed": "0.000551000", + "frame.time_relative": "419.381370000", + "frame.number": "861", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54535", + "tcp.port": "80", + "tcp.port": "54535", + "tcp.stream": "27", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00004169", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "860", + "tcp.analysis.ack_rtt": "0.000551000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.845068000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.845068000", + "frame.time_delta": "0.003012000", + "frame.time_delta_displayed": "0.003012000", + "frame.time_relative": "419.384382000", + "frame.number": "862", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001908", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f6b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54535", + "tcp.dstport": "80", + "tcp.port": "54535", + "tcp.port": "80", + "tcp.stream": "27", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f347", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "861", + "tcp.analysis.ack_rtt": "0.003012000", + "tcp.analysis.initial_rtt": "0.003563000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.845941000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.845941000", + "frame.time_delta": "0.000873000", + "frame.time_delta_displayed": "0.000873000", + "frame.time_relative": "419.385255000", + "frame.number": "863", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001909", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ec3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54535", + "tcp.dstport": "80", + "tcp.port": "54535", + "tcp.port": "80", + "tcp.stream": "27", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000008c1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003563000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.846423000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.846423000", + "frame.time_delta": "0.000482000", + "frame.time_delta_displayed": "0.000482000", + "frame.time_relative": "419.385737000", + "frame.number": "864", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e597", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d2db", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54535", + "tcp.port": "80", + "tcp.port": "54535", + "tcp.stream": "27", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e4d8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "863", + "tcp.analysis.ack_rtt": "0.000482000", + "tcp.analysis.initial_rtt": "0.003563000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.846991000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.846991000", + "frame.time_delta": "0.000568000", + "frame.time_delta_displayed": "0.000568000", + "frame.time_relative": "419.386305000", + "frame.number": "865", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000e598", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d2c9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54535", + "tcp.port": "80", + "tcp.port": "54535", + "tcp.stream": "27", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000024fa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003563000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.847339000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.847339000", + "frame.time_delta": "0.000348000", + "frame.time_delta_displayed": "0.000348000", + "frame.time_relative": "419.386653000", + "frame.number": "866", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000e599", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cef6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54535", + "tcp.port": "80", + "tcp.port": "54535", + "tcp.stream": "27", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007763", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003563000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "865", + "tcp.segment": "866", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001398000", + "http.request_in": "863", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.850949000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.850949000", + "frame.time_delta": "0.003610000", + "frame.time_delta_displayed": "0.003610000", + "frame.time_relative": "419.390263000", + "frame.number": "867", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000e59a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cef5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54535", + "tcp.port": "80", + "tcp.port": "54535", + "tcp.stream": "27", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007763", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003563000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.retransmission": "", + "_ws.expert.message": "This frame is a (suspected) retransmission", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + }, + "tcp.analysis.rto": "0.003610000", + "tcp.analysis.rto_frame": "866" + } + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.851237000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.851237000", + "frame.time_delta": "0.000288000", + "frame.time_delta_displayed": "0.000288000", + "frame.time_relative": "419.390551000", + "frame.number": "868", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000190a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f69", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54535", + "tcp.dstport": "80", + "tcp.port": "54535", + "tcp.port": "80", + "tcp.stream": "27", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000eeaf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "866", + "tcp.analysis.ack_rtt": "0.003898000", + "tcp.analysis.initial_rtt": "0.003563000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.851700000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.851700000", + "frame.time_delta": "0.000463000", + "frame.time_delta_displayed": "0.000463000", + "frame.time_relative": "419.391014000", + "frame.number": "869", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000190b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f68", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54535", + "tcp.dstport": "80", + "tcp.port": "54535", + "tcp.port": "80", + "tcp.stream": "27", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000eeae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.852117000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.852117000", + "frame.time_delta": "0.000417000", + "frame.time_delta_displayed": "0.000417000", + "frame.time_relative": "419.391431000", + "frame.number": "870", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ec41", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cc31", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54535", + "tcp.port": "80", + "tcp.port": "54535", + "tcp.stream": "27", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e0e2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "869", + "tcp.analysis.ack_rtt": "0.000417000", + "tcp.analysis.initial_rtt": "0.003563000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.853417000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.853417000", + "frame.time_delta": "0.001300000", + "frame.time_delta_displayed": "0.001300000", + "frame.time_relative": "419.392731000", + "frame.number": "871", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000190c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f5b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54535", + "tcp.dstport": "80", + "tcp.port": "54535", + "tcp.port": "80", + "tcp.stream": "27", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000053f9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:bd:36:f3:26:bd:36:f7:09", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003563000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "868", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.890791000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.890791000", + "frame.time_delta": "0.037374000", + "frame.time_delta_displayed": "0.037374000", + "frame.time_relative": "419.430105000", + "frame.number": "872", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000038b3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007e8f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "859" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.894680000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.894680000", + "frame.time_delta": "0.003889000", + "frame.time_delta_displayed": "0.003889000", + "frame.time_relative": "419.433994000", + "frame.number": "873", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000190d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f5a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54536", + "tcp.dstport": "80", + "tcp.port": "54536", + "tcp.port": "80", + "tcp.stream": "28", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000047ce", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.895214000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.895214000", + "frame.time_delta": "0.000534000", + "frame.time_delta_displayed": "0.000534000", + "frame.time_relative": "419.434528000", + "frame.number": "874", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54536", + "tcp.port": "80", + "tcp.port": "54536", + "tcp.stream": "28", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000fe60", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "873", + "tcp.analysis.ack_rtt": "0.000534000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.900168000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.900168000", + "frame.time_delta": "0.004954000", + "frame.time_delta_displayed": "0.004954000", + "frame.time_relative": "419.439482000", + "frame.number": "875", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000190e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f65", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54536", + "tcp.dstport": "80", + "tcp.port": "54536", + "tcp.port": "80", + "tcp.stream": "28", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b03f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "874", + "tcp.analysis.ack_rtt": "0.004954000", + "tcp.analysis.initial_rtt": "0.005488000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.901243000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.901243000", + "frame.time_delta": "0.001075000", + "frame.time_delta_displayed": "0.001075000", + "frame.time_relative": "419.440557000", + "frame.number": "876", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x0000190f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ebd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54536", + "tcp.dstport": "80", + "tcp.port": "54536", + "tcp.port": "80", + "tcp.stream": "28", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c5b8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005488000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.901747000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.901747000", + "frame.time_delta": "0.000504000", + "frame.time_delta_displayed": "0.000504000", + "frame.time_relative": "419.441061000", + "frame.number": "877", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009b46", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001d2d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54536", + "tcp.port": "80", + "tcp.port": "54536", + "tcp.stream": "28", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a1d0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "876", + "tcp.analysis.ack_rtt": "0.000504000", + "tcp.analysis.initial_rtt": "0.005488000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.902323000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.902323000", + "frame.time_delta": "0.000576000", + "frame.time_delta_displayed": "0.000576000", + "frame.time_relative": "419.441637000", + "frame.number": "878", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00009b47", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001d1b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54536", + "tcp.port": "80", + "tcp.port": "54536", + "tcp.stream": "28", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e1f1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005488000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.902672000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.902672000", + "frame.time_delta": "0.000349000", + "frame.time_delta_displayed": "0.000349000", + "frame.time_relative": "419.441986000", + "frame.number": "879", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00009b48", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001948", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54536", + "tcp.port": "80", + "tcp.port": "54536", + "tcp.stream": "28", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000345b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005488000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "878", + "tcp.segment": "879", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001429000", + "http.request_in": "876", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.905356000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.905356000", + "frame.time_delta": "0.002684000", + "frame.time_delta_displayed": "0.002684000", + "frame.time_relative": "419.444670000", + "frame.number": "880", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001910", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f63", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54536", + "tcp.dstport": "80", + "tcp.port": "54536", + "tcp.port": "80", + "tcp.stream": "28", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000aba7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "879", + "tcp.analysis.ack_rtt": "0.002684000", + "tcp.analysis.initial_rtt": "0.005488000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.905982000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.905982000", + "frame.time_delta": "0.000626000", + "frame.time_delta_displayed": "0.000626000", + "frame.time_relative": "419.445296000", + "frame.number": "881", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001911", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f62", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54536", + "tcp.dstport": "80", + "tcp.port": "54536", + "tcp.port": "80", + "tcp.stream": "28", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000aba6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.906410000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.906410000", + "frame.time_delta": "0.000428000", + "frame.time_delta_displayed": "0.000428000", + "frame.time_relative": "419.445724000", + "frame.number": "882", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ec44", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cc2e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54536", + "tcp.port": "80", + "tcp.port": "54536", + "tcp.stream": "28", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009dda", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "881", + "tcp.analysis.ack_rtt": "0.000428000", + "tcp.analysis.initial_rtt": "0.005488000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.943735000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.943735000", + "frame.time_delta": "0.037325000", + "frame.time_delta_displayed": "0.037325000", + "frame.time_relative": "419.483049000", + "frame.number": "883", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000038b7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007e91", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "872" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.957093000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.957093000", + "frame.time_delta": "0.013358000", + "frame.time_delta_displayed": "0.013358000", + "frame.time_relative": "419.496407000", + "frame.number": "884", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001912", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f55", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54537", + "tcp.dstport": "80", + "tcp.port": "54537", + "tcp.port": "80", + "tcp.stream": "29", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00003778", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.957644000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.957644000", + "frame.time_delta": "0.000551000", + "frame.time_delta_displayed": "0.000551000", + "frame.time_relative": "419.496958000", + "frame.number": "885", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54537", + "tcp.port": "80", + "tcp.port": "54537", + "tcp.stream": "29", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000be32", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "884", + "tcp.analysis.ack_rtt": "0.000551000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.961949000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.961949000", + "frame.time_delta": "0.004305000", + "frame.time_delta_displayed": "0.004305000", + "frame.time_relative": "419.501263000", + "frame.number": "886", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001913", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54537", + "tcp.dstport": "80", + "tcp.port": "54537", + "tcp.port": "80", + "tcp.stream": "29", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007011", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "885", + "tcp.analysis.ack_rtt": "0.004305000", + "tcp.analysis.initial_rtt": "0.004856000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.962526000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.962526000", + "frame.time_delta": "0.000577000", + "frame.time_delta_displayed": "0.000577000", + "frame.time_relative": "419.501840000", + "frame.number": "887", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001914", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005eb8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54537", + "tcp.dstport": "80", + "tcp.port": "54537", + "tcp.port": "80", + "tcp.stream": "29", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000858a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004856000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.962999000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.962999000", + "frame.time_delta": "0.000473000", + "frame.time_delta_displayed": "0.000473000", + "frame.time_relative": "419.502313000", + "frame.number": "888", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009ad8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001d9b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54537", + "tcp.port": "80", + "tcp.port": "54537", + "tcp.stream": "29", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000061a2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "887", + "tcp.analysis.ack_rtt": "0.000473000", + "tcp.analysis.initial_rtt": "0.004856000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.963562000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.963562000", + "frame.time_delta": "0.000563000", + "frame.time_delta_displayed": "0.000563000", + "frame.time_relative": "419.502876000", + "frame.number": "889", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00009ad9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001d89", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54537", + "tcp.port": "80", + "tcp.port": "54537", + "tcp.stream": "29", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a1c3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004856000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.963910000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.963910000", + "frame.time_delta": "0.000348000", + "frame.time_delta_displayed": "0.000348000", + "frame.time_relative": "419.503224000", + "frame.number": "890", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00009ada", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000019b6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54537", + "tcp.port": "80", + "tcp.port": "54537", + "tcp.stream": "29", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f42c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004856000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "889", + "tcp.segment": "890", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001384000", + "http.request_in": "887", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.966196000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.966196000", + "frame.time_delta": "0.002286000", + "frame.time_delta_displayed": "0.002286000", + "frame.time_relative": "419.505510000", + "frame.number": "891", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001915", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f5e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54537", + "tcp.dstport": "80", + "tcp.port": "54537", + "tcp.port": "80", + "tcp.stream": "29", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006b79", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "890", + "tcp.analysis.ack_rtt": "0.002286000", + "tcp.analysis.initial_rtt": "0.004856000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.966817000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.966817000", + "frame.time_delta": "0.000621000", + "frame.time_delta_displayed": "0.000621000", + "frame.time_relative": "419.506131000", + "frame.number": "892", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001916", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f5d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54537", + "tcp.dstport": "80", + "tcp.port": "54537", + "tcp.port": "80", + "tcp.stream": "29", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006b78", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:30.967240000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494010.967240000", + "frame.time_delta": "0.000423000", + "frame.time_delta_displayed": "0.000423000", + "frame.time_relative": "419.506554000", + "frame.number": "893", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ec46", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cc2c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54537", + "tcp.port": "80", + "tcp.port": "54537", + "tcp.stream": "29", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005dac", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "892", + "tcp.analysis.ack_rtt": "0.000423000", + "tcp.analysis.initial_rtt": "0.004856000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.843286000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.843286000", + "frame.time_delta": "0.876046000", + "frame.time_delta_displayed": "0.876046000", + "frame.time_relative": "420.382600000", + "frame.number": "894", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000038fa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007e51", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "883" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.846448000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.846448000", + "frame.time_delta": "0.003162000", + "frame.time_delta_displayed": "0.003162000", + "frame.time_relative": "420.385762000", + "frame.number": "895", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001917", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f50", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54538", + "tcp.dstport": "80", + "tcp.port": "54538", + "tcp.port": "80", + "tcp.stream": "30", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000d3a7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.846987000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.846987000", + "frame.time_delta": "0.000539000", + "frame.time_delta_displayed": "0.000539000", + "frame.time_relative": "420.386301000", + "frame.number": "896", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54538", + "tcp.port": "80", + "tcp.port": "54538", + "tcp.stream": "30", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000b8fa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "895", + "tcp.analysis.ack_rtt": "0.000539000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.849728000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.849728000", + "frame.time_delta": "0.002741000", + "frame.time_delta_displayed": "0.002741000", + "frame.time_relative": "420.389042000", + "frame.number": "897", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001918", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f5b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54538", + "tcp.dstport": "80", + "tcp.port": "54538", + "tcp.port": "80", + "tcp.stream": "30", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006ad9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "896", + "tcp.analysis.ack_rtt": "0.002741000", + "tcp.analysis.initial_rtt": "0.003280000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.850343000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.850343000", + "frame.time_delta": "0.000615000", + "frame.time_delta_displayed": "0.000615000", + "frame.time_relative": "420.389657000", + "frame.number": "898", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001919", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005eb3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54538", + "tcp.dstport": "80", + "tcp.port": "54538", + "tcp.port": "80", + "tcp.stream": "30", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008052", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003280000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.850836000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.850836000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "420.390150000", + "frame.number": "899", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000662c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005247", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54538", + "tcp.port": "80", + "tcp.port": "54538", + "tcp.stream": "30", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005c6a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "898", + "tcp.analysis.ack_rtt": "0.000493000", + "tcp.analysis.initial_rtt": "0.003280000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.851482000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.851482000", + "frame.time_delta": "0.000646000", + "frame.time_delta_displayed": "0.000646000", + "frame.time_relative": "420.390796000", + "frame.number": "900", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000662d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005235", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54538", + "tcp.port": "80", + "tcp.port": "54538", + "tcp.stream": "30", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009c8b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003280000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.851839000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.851839000", + "frame.time_delta": "0.000357000", + "frame.time_delta_displayed": "0.000357000", + "frame.time_relative": "420.391153000", + "frame.number": "901", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000662e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004e62", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54538", + "tcp.port": "80", + "tcp.port": "54538", + "tcp.stream": "30", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000eef4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003280000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "900", + "tcp.segment": "901", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001496000", + "http.request_in": "898", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.853893000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.853893000", + "frame.time_delta": "0.002054000", + "frame.time_delta_displayed": "0.002054000", + "frame.time_relative": "420.393207000", + "frame.number": "902", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000191a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f59", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54538", + "tcp.dstport": "80", + "tcp.port": "54538", + "tcp.port": "80", + "tcp.stream": "30", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006641", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "901", + "tcp.analysis.ack_rtt": "0.002054000", + "tcp.analysis.initial_rtt": "0.003280000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.854575000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.854575000", + "frame.time_delta": "0.000682000", + "frame.time_delta_displayed": "0.000682000", + "frame.time_relative": "420.393889000", + "frame.number": "903", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000191b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f58", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54538", + "tcp.dstport": "80", + "tcp.port": "54538", + "tcp.port": "80", + "tcp.stream": "30", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006640", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.855010000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.855010000", + "frame.time_delta": "0.000435000", + "frame.time_delta_displayed": "0.000435000", + "frame.time_relative": "420.394324000", + "frame.number": "904", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ec5c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cc16", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54538", + "tcp.port": "80", + "tcp.port": "54538", + "tcp.stream": "30", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005874", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "903", + "tcp.analysis.ack_rtt": "0.000435000", + "tcp.analysis.initial_rtt": "0.003280000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.896114000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.896114000", + "frame.time_delta": "0.041104000", + "frame.time_delta_displayed": "0.041104000", + "frame.time_relative": "420.435428000", + "frame.number": "905", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000038fc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007e46", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "894" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.899695000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.899695000", + "frame.time_delta": "0.003581000", + "frame.time_delta_displayed": "0.003581000", + "frame.time_relative": "420.439009000", + "frame.number": "906", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000191c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f4b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54539", + "tcp.dstport": "80", + "tcp.port": "54539", + "tcp.port": "80", + "tcp.stream": "31", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000009b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.900287000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.900287000", + "frame.time_delta": "0.000592000", + "frame.time_delta_displayed": "0.000592000", + "frame.time_relative": "420.439601000", + "frame.number": "907", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54539", + "tcp.port": "80", + "tcp.port": "54539", + "tcp.stream": "31", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000968b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "906", + "tcp.analysis.ack_rtt": "0.000592000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.903066000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.903066000", + "frame.time_delta": "0.002779000", + "frame.time_delta_displayed": "0.002779000", + "frame.time_relative": "420.442380000", + "frame.number": "908", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000191d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f56", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54539", + "tcp.dstport": "80", + "tcp.port": "54539", + "tcp.port": "80", + "tcp.stream": "31", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000486a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "907", + "tcp.analysis.ack_rtt": "0.002779000", + "tcp.analysis.initial_rtt": "0.003371000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.903672000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.903672000", + "frame.time_delta": "0.000606000", + "frame.time_delta_displayed": "0.000606000", + "frame.time_relative": "420.442986000", + "frame.number": "909", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x0000191e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005eae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54539", + "tcp.dstport": "80", + "tcp.port": "54539", + "tcp.port": "80", + "tcp.stream": "31", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005de3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003371000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.904160000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.904160000", + "frame.time_delta": "0.000488000", + "frame.time_delta_displayed": "0.000488000", + "frame.time_relative": "420.443474000", + "frame.number": "910", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000437a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000074f9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54539", + "tcp.port": "80", + "tcp.port": "54539", + "tcp.stream": "31", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000039fb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "909", + "tcp.analysis.ack_rtt": "0.000488000", + "tcp.analysis.initial_rtt": "0.003371000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.904734000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.904734000", + "frame.time_delta": "0.000574000", + "frame.time_delta_displayed": "0.000574000", + "frame.time_relative": "420.444048000", + "frame.number": "911", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000437b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000074e7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54539", + "tcp.port": "80", + "tcp.port": "54539", + "tcp.stream": "31", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007a1c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003371000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.905083000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.905083000", + "frame.time_delta": "0.000349000", + "frame.time_delta_displayed": "0.000349000", + "frame.time_relative": "420.444397000", + "frame.number": "912", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000437c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007114", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54539", + "tcp.port": "80", + "tcp.port": "54539", + "tcp.stream": "31", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000cc85", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003371000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "911", + "tcp.segment": "912", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001411000", + "http.request_in": "909", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.907333000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.907333000", + "frame.time_delta": "0.002250000", + "frame.time_delta_displayed": "0.002250000", + "frame.time_relative": "420.446647000", + "frame.number": "913", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000191f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f54", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54539", + "tcp.dstport": "80", + "tcp.port": "54539", + "tcp.port": "80", + "tcp.stream": "31", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000043d2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "912", + "tcp.analysis.ack_rtt": "0.002250000", + "tcp.analysis.initial_rtt": "0.003371000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.908005000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.908005000", + "frame.time_delta": "0.000672000", + "frame.time_delta_displayed": "0.000672000", + "frame.time_relative": "420.447319000", + "frame.number": "914", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001920", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f53", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54539", + "tcp.dstport": "80", + "tcp.port": "54539", + "tcp.port": "80", + "tcp.stream": "31", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000043d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.908452000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.908452000", + "frame.time_delta": "0.000447000", + "frame.time_delta_displayed": "0.000447000", + "frame.time_relative": "420.447766000", + "frame.number": "915", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ec5f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cc13", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54539", + "tcp.port": "80", + "tcp.port": "54539", + "tcp.stream": "31", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003605", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "914", + "tcp.analysis.ack_rtt": "0.000447000", + "tcp.analysis.initial_rtt": "0.003371000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.948991000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.948991000", + "frame.time_delta": "0.040539000", + "frame.time_delta_displayed": "0.040539000", + "frame.time_relative": "420.488305000", + "frame.number": "916", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00003901", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007e47", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "905" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.958611000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.958611000", + "frame.time_delta": "0.009620000", + "frame.time_delta_displayed": "0.009620000", + "frame.time_relative": "420.497925000", + "frame.number": "917", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001921", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f46", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54540", + "tcp.dstport": "80", + "tcp.port": "54540", + "tcp.port": "80", + "tcp.stream": "32", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000510a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.959156000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.959156000", + "frame.time_delta": "0.000545000", + "frame.time_delta_displayed": "0.000545000", + "frame.time_relative": "420.498470000", + "frame.number": "918", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54540", + "tcp.port": "80", + "tcp.port": "54540", + "tcp.stream": "32", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000025e7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "917", + "tcp.analysis.ack_rtt": "0.000545000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.961262000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.961262000", + "frame.time_delta": "0.002106000", + "frame.time_delta_displayed": "0.002106000", + "frame.time_relative": "420.500576000", + "frame.number": "919", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001922", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f51", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54540", + "tcp.dstport": "80", + "tcp.port": "54540", + "tcp.port": "80", + "tcp.stream": "32", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d7c5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "918", + "tcp.analysis.ack_rtt": "0.002106000", + "tcp.analysis.initial_rtt": "0.002651000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.961909000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.961909000", + "frame.time_delta": "0.000647000", + "frame.time_delta_displayed": "0.000647000", + "frame.time_relative": "420.501223000", + "frame.number": "920", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001923", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ea9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54540", + "tcp.dstport": "80", + "tcp.port": "54540", + "tcp.port": "80", + "tcp.stream": "32", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ed3e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002651000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.962389000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.962389000", + "frame.time_delta": "0.000480000", + "frame.time_delta_displayed": "0.000480000", + "frame.time_relative": "420.501703000", + "frame.number": "921", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005db0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005ac3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54540", + "tcp.port": "80", + "tcp.port": "54540", + "tcp.stream": "32", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c956", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "920", + "tcp.analysis.ack_rtt": "0.000480000", + "tcp.analysis.initial_rtt": "0.002651000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.963038000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.963038000", + "frame.time_delta": "0.000649000", + "frame.time_delta_displayed": "0.000649000", + "frame.time_relative": "420.502352000", + "frame.number": "922", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00005db1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005ab1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54540", + "tcp.port": "80", + "tcp.port": "54540", + "tcp.stream": "32", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000978", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002651000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.963467000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.963467000", + "frame.time_delta": "0.000429000", + "frame.time_delta_displayed": "0.000429000", + "frame.time_relative": "420.502781000", + "frame.number": "923", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00005db2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000056de", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54540", + "tcp.port": "80", + "tcp.port": "54540", + "tcp.stream": "32", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005be1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002651000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "922", + "tcp.segment": "923", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001558000", + "http.request_in": "920", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.967223000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.967223000", + "frame.time_delta": "0.003756000", + "frame.time_delta_displayed": "0.003756000", + "frame.time_relative": "420.506537000", + "frame.number": "924", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001924", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f4f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54540", + "tcp.dstport": "80", + "tcp.port": "54540", + "tcp.port": "80", + "tcp.stream": "32", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d32d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "923", + "tcp.analysis.ack_rtt": "0.003756000", + "tcp.analysis.initial_rtt": "0.002651000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.967808000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.967808000", + "frame.time_delta": "0.000585000", + "frame.time_delta_displayed": "0.000585000", + "frame.time_relative": "420.507122000", + "frame.number": "925", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001925", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f4e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54540", + "tcp.dstport": "80", + "tcp.port": "54540", + "tcp.port": "80", + "tcp.stream": "32", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d32c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:31.968236000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494011.968236000", + "frame.time_delta": "0.000428000", + "frame.time_delta_displayed": "0.000428000", + "frame.time_relative": "420.507550000", + "frame.number": "926", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ec62", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cc10", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54540", + "tcp.port": "80", + "tcp.port": "54540", + "tcp.stream": "32", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c560", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "925", + "tcp.analysis.ack_rtt": "0.000428000", + "tcp.analysis.initial_rtt": "0.002651000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:34.860759000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494014.860759000", + "frame.time_delta": "2.892523000", + "frame.time_delta_displayed": "2.892523000", + "frame.time_relative": "423.400073000", + "frame.number": "927", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057df", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6b2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "121", + "tcp.ack": "109", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000005db", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:35.004702000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494015.004702000", + "frame.time_delta": "0.143943000", + "frame.time_delta_displayed": "0.143943000", + "frame.time_relative": "423.544016000", + "frame.number": "928", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fd1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdc0", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "109", + "tcp.ack": "122", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001050", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:36.171616000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494016.171616000", + "frame.time_delta": "1.166914000", + "frame.time_delta_displayed": "1.166914000", + "frame.time_relative": "424.710930000", + "frame.number": "929", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005b96", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005c53", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:36.685843000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494016.685843000", + "frame.time_delta": "0.514227000", + "frame.time_delta_displayed": "0.514227000", + "frame.time_relative": "425.225157000", + "frame.number": "930", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020de", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e736", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "64497", + "udp.dstport": "1900", + "udp.port": "64497", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00004e6c", + "udp.checksum.status": "2", + "udp.stream": "35" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:37.272418000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494017.272418000", + "frame.time_delta": "0.586575000", + "frame.time_delta_displayed": "0.586575000", + "frame.time_relative": "425.811732000", + "frame.number": "931", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00003a0b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007d40", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "305", + "udp.checksum": "0x0000c929", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:37.325208000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494017.325208000", + "frame.time_delta": "0.052790000", + "frame.time_delta_displayed": "0.052790000", + "frame.time_relative": "425.864522000", + "frame.number": "932", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00003a0c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007d36", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "314", + "udp.checksum": "0x0000d714", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "931" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:37.377955000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494017.377955000", + "frame.time_delta": "0.052747000", + "frame.time_delta_displayed": "0.052747000", + "frame.time_relative": "425.917269000", + "frame.number": "933", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00003a0f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007d39", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "308", + "udp.checksum": "0x0000fa9e", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "932" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:37.687013000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494017.687013000", + "frame.time_delta": "0.309058000", + "frame.time_delta_displayed": "0.309058000", + "frame.time_relative": "426.226327000", + "frame.number": "934", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020df", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e735", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "64497", + "udp.dstport": "1900", + "udp.port": "64497", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00004e6c", + "udp.checksum.status": "2", + "udp.stream": "35" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "930" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:38.325267000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494018.325267000", + "frame.time_delta": "0.638254000", + "frame.time_delta_displayed": "0.638254000", + "frame.time_relative": "426.864581000", + "frame.number": "935", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00003a40", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007d0b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "305", + "udp.checksum": "0x0000c929", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "933" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:38.378039000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494018.378039000", + "frame.time_delta": "0.052772000", + "frame.time_delta_displayed": "0.052772000", + "frame.time_relative": "426.917353000", + "frame.number": "936", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00003a45", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007cfd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "314", + "udp.checksum": "0x0000d714", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "935" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:38.430815000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494018.430815000", + "frame.time_delta": "0.052776000", + "frame.time_delta_displayed": "0.052776000", + "frame.time_relative": "426.970129000", + "frame.number": "937", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00003a48", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007d00", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "308", + "udp.checksum": "0x0000fa9e", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "936" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:38.687738000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494018.687738000", + "frame.time_delta": "0.256923000", + "frame.time_delta_displayed": "0.256923000", + "frame.time_relative": "427.227052000", + "frame.number": "938", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020e0", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e734", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "64497", + "udp.dstport": "1900", + "udp.port": "64497", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00004e6c", + "udp.checksum.status": "2", + "udp.stream": "35" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "934" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:38.904813000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494018.904813000", + "frame.time_delta": "0.217075000", + "frame.time_delta_displayed": "0.217075000", + "frame.time_relative": "427.444127000", + "frame.number": "939", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00003a4f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007cfc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "305", + "udp.checksum": "0x0000c929", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "937" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:38.957621000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494018.957621000", + "frame.time_delta": "0.052808000", + "frame.time_delta_displayed": "0.052808000", + "frame.time_relative": "427.496935000", + "frame.number": "940", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00003a51", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007cf1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "314", + "udp.checksum": "0x0000d714", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "939" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:39.010454000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494019.010454000", + "frame.time_delta": "0.052833000", + "frame.time_delta_displayed": "0.052833000", + "frame.time_relative": "427.549768000", + "frame.number": "941", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00003a56", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007cf2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "308", + "udp.checksum": "0x0000fa9e", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "940" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:39.688810000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494019.688810000", + "frame.time_delta": "0.678356000", + "frame.time_delta_displayed": "0.678356000", + "frame.time_relative": "428.228124000", + "frame.number": "942", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020e1", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e733", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "64497", + "udp.dstport": "1900", + "udp.port": "64497", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00004e6c", + "udp.checksum.status": "2", + "udp.stream": "35" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "938" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:39.797646000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494019.797646000", + "frame.time_delta": "0.108836000", + "frame.time_delta_displayed": "0.108836000", + "frame.time_relative": "428.336960000", + "frame.number": "943", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:39.870677000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494019.870677000", + "frame.time_delta": "0.073031000", + "frame.time_delta_displayed": "0.073031000", + "frame.time_relative": "428.409991000", + "frame.number": "944", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:39.870850000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494019.870850000", + "frame.time_delta": "0.000173000", + "frame.time_delta_displayed": "0.000173000", + "frame.time_relative": "428.410164000", + "frame.number": "945", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:39.956768000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494019.956768000", + "frame.time_delta": "0.085918000", + "frame.time_delta_displayed": "0.085918000", + "frame.time_relative": "428.496082000", + "frame.number": "946", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00003a9f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007cac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "305", + "udp.checksum": "0x0000c929", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "941" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:40.009577000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494020.009577000", + "frame.time_delta": "0.052809000", + "frame.time_delta_displayed": "0.052809000", + "frame.time_relative": "428.548891000", + "frame.number": "947", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00003aa2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007ca0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "314", + "udp.checksum": "0x0000d714", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "946" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:40.062411000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494020.062411000", + "frame.time_delta": "0.052834000", + "frame.time_delta_displayed": "0.052834000", + "frame.time_relative": "428.601725000", + "frame.number": "948", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00003aa5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007ca3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "308", + "udp.checksum": "0x0000fa9e", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "947" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:40.570328000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494020.570328000", + "frame.time_delta": "0.507917000", + "frame.time_delta_displayed": "0.507917000", + "frame.time_relative": "429.109642000", + "frame.number": "949", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d47", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000baa9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000b9b", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000268", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=616", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:40.570817000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494020.570817000", + "frame.time_delta": "0.000489000", + "frame.time_delta_displayed": "0.000489000", + "frame.time_relative": "429.110131000", + "frame.number": "950", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d48", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009ba4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ec96", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000268", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=616", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:40.571405000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494020.571405000", + "frame.time_delta": "0.000588000", + "frame.time_delta_displayed": "0.000588000", + "frame.time_relative": "429.110719000", + "frame.number": "951", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007a5c", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000268", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=616", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:41.172349000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494021.172349000", + "frame.time_delta": "0.600944000", + "frame.time_delta_displayed": "0.600944000", + "frame.time_relative": "429.711663000", + "frame.number": "952", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00003b13", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007c38", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "305", + "udp.checksum": "0x0000c929", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "948" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:41.225245000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494021.225245000", + "frame.time_delta": "0.052896000", + "frame.time_delta_displayed": "0.052896000", + "frame.time_relative": "429.764559000", + "frame.number": "953", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00003b15", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007c2d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "314", + "udp.checksum": "0x0000d714", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "952" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:41.278025000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494021.278025000", + "frame.time_delta": "0.052780000", + "frame.time_delta_displayed": "0.052780000", + "frame.time_relative": "429.817339000", + "frame.number": "954", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00003b18", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007c30", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "308", + "udp.checksum": "0x0000fa9e", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "953" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:42.225320000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494022.225320000", + "frame.time_delta": "0.947295000", + "frame.time_delta_displayed": "0.947295000", + "frame.time_relative": "430.764634000", + "frame.number": "955", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00003b33", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007c18", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "305", + "udp.checksum": "0x0000c929", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "954" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:42.278199000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494022.278199000", + "frame.time_delta": "0.052879000", + "frame.time_delta_displayed": "0.052879000", + "frame.time_relative": "430.817513000", + "frame.number": "956", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00003b36", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007c0c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "314", + "udp.checksum": "0x0000d714", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "955" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:42.330991000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494022.330991000", + "frame.time_delta": "0.052792000", + "frame.time_delta_displayed": "0.052792000", + "frame.time_relative": "430.870305000", + "frame.number": "957", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00003b38", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007c10", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "308", + "udp.checksum": "0x0000fa9e", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "956" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:42.699580000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494022.699580000", + "frame.time_delta": "0.368589000", + "frame.time_delta_displayed": "0.368589000", + "frame.time_relative": "431.238894000", + "frame.number": "958", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00003b48", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007c03", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "305", + "udp.checksum": "0x0000c929", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "957" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:42.752402000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494022.752402000", + "frame.time_delta": "0.052822000", + "frame.time_delta_displayed": "0.052822000", + "frame.time_relative": "431.291716000", + "frame.number": "959", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00003b49", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007bf9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "314", + "udp.checksum": "0x0000d714", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "958" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:42.805191000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494022.805191000", + "frame.time_delta": "0.052789000", + "frame.time_delta_displayed": "0.052789000", + "frame.time_relative": "431.344505000", + "frame.number": "960", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00003b4b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007bfd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "308", + "udp.checksum": "0x0000fa9e", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "959" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:43.693495000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494023.693495000", + "frame.time_delta": "0.888304000", + "frame.time_delta_displayed": "0.888304000", + "frame.time_relative": "432.232809000", + "frame.number": "961", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:43.751167000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494023.751167000", + "frame.time_delta": "0.057672000", + "frame.time_delta_displayed": "0.057672000", + "frame.time_relative": "432.290481000", + "frame.number": "962", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00003b78", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007bd3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "305", + "udp.checksum": "0x0000c929", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "960" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:43.803903000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494023.803903000", + "frame.time_delta": "0.052736000", + "frame.time_delta_displayed": "0.052736000", + "frame.time_relative": "432.343217000", + "frame.number": "963", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00003b7d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007bc5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "314", + "udp.checksum": "0x0000d714", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "962" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:43.856966000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494023.856966000", + "frame.time_delta": "0.053063000", + "frame.time_delta_displayed": "0.053063000", + "frame.time_relative": "432.396280000", + "frame.number": "964", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00003b7f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007bc9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "64497", + "udp.port": "1900", + "udp.port": "64497", + "udp.length": "308", + "udp.checksum": "0x0000fa9e", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "963" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:43.953577000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494023.953577000", + "frame.time_delta": "0.096611000", + "frame.time_delta_displayed": "0.096611000", + "frame.time_relative": "432.492891000", + "frame.number": "965", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:44.000746000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494024.000746000", + "frame.time_delta": "0.047169000", + "frame.time_delta_displayed": "0.047169000", + "frame.time_relative": "432.540060000", + "frame.number": "966", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:44.009446000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494024.009446000", + "frame.time_delta": "0.008700000", + "frame.time_delta_displayed": "0.008700000", + "frame.time_relative": "432.548760000", + "frame.number": "967", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:44.091448000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494024.091448000", + "frame.time_delta": "0.082002000", + "frame.time_delta_displayed": "0.082002000", + "frame.time_relative": "432.630762000", + "frame.number": "968", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:45.570553000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494025.570553000", + "frame.time_delta": "1.479105000", + "frame.time_delta_displayed": "1.479105000", + "frame.time_relative": "434.109867000", + "frame.number": "969", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d49", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000baa7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000b9b", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000268", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=616", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:45.571107000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494025.571107000", + "frame.time_delta": "0.000554000", + "frame.time_delta_displayed": "0.000554000", + "frame.time_relative": "434.110421000", + "frame.number": "970", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d4a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009ba2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ec96", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000268", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=616", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:45.571699000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494025.571699000", + "frame.time_delta": "0.000592000", + "frame.time_delta_displayed": "0.000592000", + "frame.time_relative": "434.111013000", + "frame.number": "971", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007a5c", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000268", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=616", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:49.208385000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494029.208385000", + "frame.time_delta": "3.636686000", + "frame.time_delta_displayed": "3.636686000", + "frame.time_relative": "437.747699000", + "frame.number": "972", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:50.184427000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494030.184427000", + "frame.time_delta": "0.976042000", + "frame.time_delta_displayed": "0.976042000", + "frame.time_relative": "438.723741000", + "frame.number": "973", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00007adf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004e78", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:50.237669000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494030.237669000", + "frame.time_delta": "0.053242000", + "frame.time_delta_displayed": "0.053242000", + "frame.time_relative": "438.776983000", + "frame.number": "974", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00007ae0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004e77", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:50.290517000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494030.290517000", + "frame.time_delta": "0.052848000", + "frame.time_delta_displayed": "0.052848000", + "frame.time_relative": "438.829831000", + "frame.number": "975", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00007ae5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004e69", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:50.343583000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494030.343583000", + "frame.time_delta": "0.053066000", + "frame.time_delta_displayed": "0.053066000", + "frame.time_relative": "438.882897000", + "frame.number": "976", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00007ae9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004e65", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:50.396429000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494030.396429000", + "frame.time_delta": "0.052846000", + "frame.time_delta_displayed": "0.052846000", + "frame.time_relative": "438.935743000", + "frame.number": "977", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00007aee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004e66", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:50.449451000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494030.449451000", + "frame.time_delta": "0.053022000", + "frame.time_delta_displayed": "0.053022000", + "frame.time_relative": "438.988765000", + "frame.number": "978", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00007aef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004e65", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:50.570804000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494030.570804000", + "frame.time_delta": "0.121353000", + "frame.time_delta_displayed": "0.121353000", + "frame.time_relative": "439.110118000", + "frame.number": "979", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d4e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000baa2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000b9b", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000268", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=616", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:50.571364000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494030.571364000", + "frame.time_delta": "0.000560000", + "frame.time_delta_displayed": "0.000560000", + "frame.time_relative": "439.110678000", + "frame.number": "980", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d4f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b9d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ec96", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000268", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=616", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:50.571950000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494030.571950000", + "frame.time_delta": "0.000586000", + "frame.time_delta_displayed": "0.000586000", + "frame.time_relative": "439.111264000", + "frame.number": "981", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007a5c", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000268", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=616", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:52.617012000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494032.617012000", + "frame.time_delta": "2.045062000", + "frame.time_delta_displayed": "2.045062000", + "frame.time_relative": "441.156326000", + "frame.number": "982", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009518", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007836", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "8541", + "tcp.nxtseq": "8590", + "tcp.ack": "1276", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009056", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:5d:40:a7:9c:8b:db", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2448704, TSecr 2812054491": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2448704", + "tcp.options.timestamp.tsecr": "2812054491" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:b2:03:8a:2f:25:d0:ea:c0:6c:7b:23:45:41:a5:a7:ad:b9:be:bb:84:8d:fd:e8:df:db:83:9a:8f:5e:1a:ff:22:25:b0:47:84:13" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:52.677983000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494032.677983000", + "frame.time_delta": "0.060971000", + "frame.time_delta_displayed": "0.060971000", + "frame.time_relative": "441.217297000", + "frame.number": "983", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002c0d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000393b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "1276", + "tcp.nxtseq": "1331", + "tcp.ack": "8590", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e6d2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9c:aa:35:00:25:5d:40", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812062261, TSecr 2448704": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812062261", + "tcp.options.timestamp.tsecr": "2448704" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "982", + "tcp.analysis.ack_rtt": "0.060971000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:40:1e:9a:30:20:13:2f:49:1c:3e:fe:04:fc:52:38:76:e8:1a:0d:e8:d4:c8:37:2d:c2:14:3d:ea:8c:1e:ba:a6:3f:e3:14:7c:7b:04:f8:57:51:8c:40" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:52.678494000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494032.678494000", + "frame.time_delta": "0.000511000", + "frame.time_delta_displayed": "0.000511000", + "frame.time_relative": "441.217808000", + "frame.number": "984", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009519", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007866", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8590", + "tcp.ack": "1331", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007964", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:5d:46:a7:9c:aa:35", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2448710, TSecr 2812062261": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2448710", + "tcp.options.timestamp.tsecr": "2812062261" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "983", + "tcp.analysis.ack_rtt": "0.000511000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:52.892805000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494032.892805000", + "frame.time_delta": "0.214311000", + "frame.time_delta_displayed": "0.214311000", + "frame.time_relative": "441.432119000", + "frame.number": "985", + "frame.len": "171", + "frame.cap_len": "171", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "157", + "ip.id": "0x000062e5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00006572", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "137", + "udp.checksum": "0x00007fb2", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:52.893543000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494032.893543000", + "frame.time_delta": "0.000738000", + "frame.time_delta_displayed": "0.000738000", + "frame.time_relative": "441.432857000", + "frame.number": "986", + "frame.len": "171", + "frame.cap_len": "171", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "157", + "ip.id": "0x000062e6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00006571", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "137", + "udp.checksum": "0x00007fb2", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "985" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:52.893693000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494032.893693000", + "frame.time_delta": "0.000150000", + "frame.time_delta_displayed": "0.000150000", + "frame.time_relative": "441.433007000", + "frame.number": "987", + "frame.len": "171", + "frame.cap_len": "171", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "157", + "ip.id": "0x000062e7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00006570", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "137", + "udp.checksum": "0x00007fb2", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "986" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:52.894185000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494032.894185000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "441.433499000", + "frame.number": "988", + "frame.len": "171", + "frame.cap_len": "171", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "157", + "ip.id": "0x000062e8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000656f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "137", + "udp.checksum": "0x00007fb2", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "987" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:52.894328000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494032.894328000", + "frame.time_delta": "0.000143000", + "frame.time_delta_displayed": "0.000143000", + "frame.time_relative": "441.433642000", + "frame.number": "989", + "frame.len": "171", + "frame.cap_len": "171", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "157", + "ip.id": "0x000062e9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000656e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "137", + "udp.checksum": "0x00007fb2", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "5", + "http.prev_request_in": "988" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:52.895513000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494032.895513000", + "frame.time_delta": "0.001185000", + "frame.time_delta_displayed": "0.001185000", + "frame.time_relative": "441.434827000", + "frame.number": "990", + "frame.len": "169", + "frame.cap_len": "169", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "155", + "ip.id": "0x000062ea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000656f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "135", + "udp.checksum": "0x0000e016", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "6", + "http.prev_request_in": "989" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:52.895664000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494032.895664000", + "frame.time_delta": "0.000151000", + "frame.time_delta_displayed": "0.000151000", + "frame.time_relative": "441.434978000", + "frame.number": "991", + "frame.len": "169", + "frame.cap_len": "169", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "155", + "ip.id": "0x000062eb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000656e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "135", + "udp.checksum": "0x0000e016", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "7", + "http.prev_request_in": "990" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:52.897265000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494032.897265000", + "frame.time_delta": "0.001601000", + "frame.time_delta_displayed": "0.001601000", + "frame.time_relative": "441.436579000", + "frame.number": "992", + "frame.len": "169", + "frame.cap_len": "169", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "155", + "ip.id": "0x000062ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000656d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "135", + "udp.checksum": "0x0000e016", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "8", + "http.prev_request_in": "991" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:52.897408000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494032.897408000", + "frame.time_delta": "0.000143000", + "frame.time_delta_displayed": "0.000143000", + "frame.time_relative": "441.436722000", + "frame.number": "993", + "frame.len": "169", + "frame.cap_len": "169", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "155", + "ip.id": "0x000062ed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000656c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "135", + "udp.checksum": "0x0000e016", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "9", + "http.prev_request_in": "992" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:52.898062000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494032.898062000", + "frame.time_delta": "0.000654000", + "frame.time_delta_displayed": "0.000654000", + "frame.time_relative": "441.437376000", + "frame.number": "994", + "frame.len": "169", + "frame.cap_len": "169", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "155", + "ip.id": "0x000062ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000656b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "135", + "udp.checksum": "0x0000e016", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "10", + "http.prev_request_in": "993" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:52.898210000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494032.898210000", + "frame.time_delta": "0.000148000", + "frame.time_delta_displayed": "0.000148000", + "frame.time_relative": "441.437524000", + "frame.number": "995", + "frame.len": "166", + "frame.cap_len": "166", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "152", + "ip.id": "0x000062ef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000656d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "132", + "udp.checksum": "0x00005fa7", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "11", + "http.prev_request_in": "994" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:52.898354000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494032.898354000", + "frame.time_delta": "0.000144000", + "frame.time_delta_displayed": "0.000144000", + "frame.time_relative": "441.437668000", + "frame.number": "996", + "frame.len": "166", + "frame.cap_len": "166", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "152", + "ip.id": "0x000062f0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000656c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "132", + "udp.checksum": "0x00005fa7", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "12", + "http.prev_request_in": "995" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:52.898989000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494032.898989000", + "frame.time_delta": "0.000635000", + "frame.time_delta_displayed": "0.000635000", + "frame.time_relative": "441.438303000", + "frame.number": "997", + "frame.len": "166", + "frame.cap_len": "166", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "152", + "ip.id": "0x000062f1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000656b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "132", + "udp.checksum": "0x00005fa7", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "13", + "http.prev_request_in": "996" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:52.899148000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494032.899148000", + "frame.time_delta": "0.000159000", + "frame.time_delta_displayed": "0.000159000", + "frame.time_relative": "441.438462000", + "frame.number": "998", + "frame.len": "166", + "frame.cap_len": "166", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "152", + "ip.id": "0x000062f2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000656a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "132", + "udp.checksum": "0x00005fa7", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "14", + "http.prev_request_in": "997" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:52.899722000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494032.899722000", + "frame.time_delta": "0.000574000", + "frame.time_delta_displayed": "0.000574000", + "frame.time_relative": "441.439036000", + "frame.number": "999", + "frame.len": "166", + "frame.cap_len": "166", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "152", + "ip.id": "0x000062f3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00006569", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "132", + "udp.checksum": "0x00005fa7", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "15", + "http.prev_request_in": "998" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:52.902777000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494032.902777000", + "frame.time_delta": "0.003055000", + "frame.time_delta_displayed": "0.003055000", + "frame.time_relative": "441.442091000", + "frame.number": "1000", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000ea03", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 239.255.255.250 Change To Exclude Mode": { + "igmp.record_type": "4", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "239.255.255.250" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:52.962325000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494032.962325000", + "frame.time_delta": "0.059548000", + "frame.time_delta_displayed": "0.059548000", + "frame.time_relative": "441.501639000", + "frame.number": "1001", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x00000507", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "2", + "Group Record : 224.0.0.251 Change To Exclude Mode": { + "igmp.record_type": "4", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + }, + "Group Record : 239.255.255.250 Change To Exclude Mode": { + "igmp.record_type": "4", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "239.255.255.250" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:52.966673000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494032.966673000", + "frame.time_delta": "0.004348000", + "frame.time_delta_displayed": "0.004348000", + "frame.time_relative": "441.505987000", + "frame.number": "1002", + "frame.len": "103", + "frame.cap_len": "103", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "89", + "ip.id": "0x0000fec6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000dad2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "69", + "udp.checksum": "0x00000e5b", + "udp.checksum.status": "2", + "udp.stream": "38" + }, + "mdns": { + "dns.id": "0x00000001", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", + "dns.qry.name.len": "37", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.198839000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.198839000", + "frame.time_delta": "0.232166000", + "frame.time_delta_displayed": "0.232166000", + "frame.time_relative": "441.738153000", + "frame.number": "1003", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000f902", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Exclude Mode": { + "igmp.record_type": "4", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.768173000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.768173000", + "frame.time_delta": "0.569334000", + "frame.time_delta_displayed": "0.569334000", + "frame.time_relative": "442.307487000", + "frame.number": "1004", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00009175", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000025ec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.796616000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.796616000", + "frame.time_delta": "0.028443000", + "frame.time_delta_displayed": "0.028443000", + "frame.time_relative": "442.335930000", + "frame.number": "1005", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00001eda", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000999b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47388", + "tcp.dstport": "80", + "tcp.port": "47388", + "tcp.port": "80", + "tcp.stream": "33", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00000d31", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:00:3c:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 917564, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "917564", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.797172000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.797172000", + "frame.time_delta": "0.000556000", + "frame.time_delta_displayed": "0.000556000", + "frame.time_relative": "442.336486000", + "frame.number": "1006", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47388", + "tcp.port": "80", + "tcp.port": "47388", + "tcp.stream": "33", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000b446", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1005", + "tcp.analysis.ack_rtt": "0.000556000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.800868000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.800868000", + "frame.time_delta": "0.003696000", + "frame.time_delta_displayed": "0.003696000", + "frame.time_relative": "442.340182000", + "frame.number": "1007", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001edb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000099ae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47388", + "tcp.dstport": "80", + "tcp.port": "47388", + "tcp.port": "80", + "tcp.stream": "33", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000065ce", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1006", + "tcp.analysis.ack_rtt": "0.003696000", + "tcp.analysis.initial_rtt": "0.004252000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.801594000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.801594000", + "frame.time_delta": "0.000726000", + "frame.time_delta_displayed": "0.000726000", + "frame.time_relative": "442.340908000", + "frame.number": "1008", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00001edc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000098ed", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47388", + "tcp.dstport": "80", + "tcp.port": "47388", + "tcp.port": "80", + "tcp.stream": "33", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c548", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004252000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.802079000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.802079000", + "frame.time_delta": "0.000485000", + "frame.time_delta_displayed": "0.000485000", + "frame.time_relative": "442.341393000", + "frame.number": "1009", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b750", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000139", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47388", + "tcp.port": "80", + "tcp.port": "47388", + "tcp.stream": "33", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000579d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1008", + "tcp.analysis.ack_rtt": "0.000485000", + "tcp.analysis.initial_rtt": "0.004252000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.802806000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.802806000", + "frame.time_delta": "0.000727000", + "frame.time_delta_displayed": "0.000727000", + "frame.time_relative": "442.342120000", + "frame.number": "1010", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000b751", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000127", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47388", + "tcp.port": "80", + "tcp.port": "47388", + "tcp.stream": "33", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000097be", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004252000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.803165000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.803165000", + "frame.time_delta": "0.000359000", + "frame.time_delta_displayed": "0.000359000", + "frame.time_relative": "442.342479000", + "frame.number": "1011", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000b752", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fd53", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47388", + "tcp.port": "80", + "tcp.port": "47388", + "tcp.stream": "33", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ea27", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004252000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1010", + "tcp.segment": "1011", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001571000", + "http.request_in": "1008", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.810566000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.810566000", + "frame.time_delta": "0.007401000", + "frame.time_delta_displayed": "0.007401000", + "frame.time_relative": "442.349880000", + "frame.number": "1012", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001edd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000099ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47388", + "tcp.dstport": "80", + "tcp.port": "47388", + "tcp.port": "80", + "tcp.stream": "33", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000064fd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1010", + "tcp.analysis.ack_rtt": "0.007760000", + "tcp.analysis.initial_rtt": "0.004252000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.810670000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.810670000", + "frame.time_delta": "0.000104000", + "frame.time_delta_displayed": "0.000104000", + "frame.time_relative": "442.349984000", + "frame.number": "1013", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001ede", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000099ab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47388", + "tcp.dstport": "80", + "tcp.port": "47388", + "tcp.port": "80", + "tcp.stream": "33", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006112", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1011", + "tcp.analysis.ack_rtt": "0.007505000", + "tcp.analysis.initial_rtt": "0.004252000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.812905000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.812905000", + "frame.time_delta": "0.002235000", + "frame.time_delta_displayed": "0.002235000", + "frame.time_relative": "442.352219000", + "frame.number": "1014", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001edf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000099aa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47388", + "tcp.dstport": "80", + "tcp.port": "47388", + "tcp.port": "80", + "tcp.stream": "33", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006111", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.813438000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.813438000", + "frame.time_delta": "0.000533000", + "frame.time_delta_displayed": "0.000533000", + "frame.time_relative": "442.352752000", + "frame.number": "1015", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d520", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e368", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47388", + "tcp.port": "80", + "tcp.port": "47388", + "tcp.stream": "33", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000053a7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1014", + "tcp.analysis.ack_rtt": "0.000533000", + "tcp.analysis.initial_rtt": "0.004252000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.817329000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.817329000", + "frame.time_delta": "0.003891000", + "frame.time_delta_displayed": "0.003891000", + "frame.time_relative": "442.356643000", + "frame.number": "1016", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e679", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d20f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47388", + "tcp.dstport": "80", + "tcp.port": "47388", + "tcp.port": "80", + "tcp.stream": "33", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000749a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.820971000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.820971000", + "frame.time_delta": "0.003642000", + "frame.time_delta_displayed": "0.003642000", + "frame.time_relative": "442.360285000", + "frame.number": "1017", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00009179", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000025df", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "1004" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.831121000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.831121000", + "frame.time_delta": "0.010150000", + "frame.time_delta_displayed": "0.010150000", + "frame.time_relative": "442.370435000", + "frame.number": "1018", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000115c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a719", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47389", + "tcp.dstport": "80", + "tcp.port": "47389", + "tcp.port": "80", + "tcp.stream": "34", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000d6b7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:00:3f:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 917567, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "917567", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.831677000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.831677000", + "frame.time_delta": "0.000556000", + "frame.time_delta_displayed": "0.000556000", + "frame.time_relative": "442.370991000", + "frame.number": "1019", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47389", + "tcp.port": "80", + "tcp.port": "47389", + "tcp.stream": "34", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000653b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1018", + "tcp.analysis.ack_rtt": "0.000556000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.835874000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.835874000", + "frame.time_delta": "0.004197000", + "frame.time_delta_displayed": "0.004197000", + "frame.time_relative": "442.375188000", + "frame.number": "1020", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000115d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a72c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47389", + "tcp.dstport": "80", + "tcp.port": "47389", + "tcp.port": "80", + "tcp.stream": "34", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000016c3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1019", + "tcp.analysis.ack_rtt": "0.004197000", + "tcp.analysis.initial_rtt": "0.004753000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.836348000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.836348000", + "frame.time_delta": "0.000474000", + "frame.time_delta_displayed": "0.000474000", + "frame.time_relative": "442.375662000", + "frame.number": "1021", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000115e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a66b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47389", + "tcp.dstport": "80", + "tcp.port": "47389", + "tcp.port": "80", + "tcp.stream": "34", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000763d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004753000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.836827000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.836827000", + "frame.time_delta": "0.000479000", + "frame.time_delta_displayed": "0.000479000", + "frame.time_relative": "442.376141000", + "frame.number": "1022", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057b1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000060d8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47389", + "tcp.port": "80", + "tcp.port": "47389", + "tcp.stream": "34", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000892", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1021", + "tcp.analysis.ack_rtt": "0.000479000", + "tcp.analysis.initial_rtt": "0.004753000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.837548000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.837548000", + "frame.time_delta": "0.000721000", + "frame.time_delta_displayed": "0.000721000", + "frame.time_relative": "442.376862000", + "frame.number": "1023", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000057b2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000060c6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47389", + "tcp.port": "80", + "tcp.port": "47389", + "tcp.stream": "34", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000048b3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004753000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.837911000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.837911000", + "frame.time_delta": "0.000363000", + "frame.time_delta_displayed": "0.000363000", + "frame.time_relative": "442.377225000", + "frame.number": "1024", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000057b3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005cf3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47389", + "tcp.port": "80", + "tcp.port": "47389", + "tcp.stream": "34", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009b1c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004753000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1023", + "tcp.segment": "1024", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001563000", + "http.request_in": "1021", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.840797000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.840797000", + "frame.time_delta": "0.002886000", + "frame.time_delta_displayed": "0.002886000", + "frame.time_relative": "442.380111000", + "frame.number": "1025", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000057b4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005cf2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47389", + "tcp.port": "80", + "tcp.port": "47389", + "tcp.stream": "34", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009b1c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004753000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.843358000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.843358000", + "frame.time_delta": "0.002561000", + "frame.time_delta_displayed": "0.002561000", + "frame.time_relative": "442.382672000", + "frame.number": "1026", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000115f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a72a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47389", + "tcp.dstport": "80", + "tcp.port": "47389", + "tcp.port": "80", + "tcp.stream": "34", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000015f2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1023", + "tcp.analysis.ack_rtt": "0.005810000", + "tcp.analysis.initial_rtt": "0.004753000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.854065000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.854065000", + "frame.time_delta": "0.010707000", + "frame.time_delta_displayed": "0.010707000", + "frame.time_relative": "442.393379000", + "frame.number": "1027", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001160", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a729", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47389", + "tcp.dstport": "80", + "tcp.port": "47389", + "tcp.port": "80", + "tcp.stream": "34", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001207", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1024", + "tcp.analysis.ack_rtt": "0.016154000", + "tcp.analysis.initial_rtt": "0.004753000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.854115000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.854115000", + "frame.time_delta": "0.000050000", + "frame.time_delta_displayed": "0.000050000", + "frame.time_relative": "442.393429000", + "frame.number": "1028", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001161", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a728", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47389", + "tcp.dstport": "80", + "tcp.port": "47389", + "tcp.port": "80", + "tcp.stream": "34", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001206", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.854692000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.854692000", + "frame.time_delta": "0.000577000", + "frame.time_delta_displayed": "0.000577000", + "frame.time_relative": "442.394006000", + "frame.number": "1029", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e67c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d20c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47389", + "tcp.dstport": "80", + "tcp.port": "47389", + "tcp.port": "80", + "tcp.stream": "34", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003e25", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.854687000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.854687000", + "frame.time_delta": "-0.000005000", + "frame.time_delta_displayed": "-0.000005000", + "frame.time_relative": "442.394001000", + "frame.number": "1030", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d522", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e366", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47389", + "tcp.port": "80", + "tcp.port": "47389", + "tcp.stream": "34", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000049c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1028", + "tcp.analysis.ack_rtt": "0.000572000", + "tcp.analysis.initial_rtt": "0.004753000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.859410000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.859410000", + "frame.time_delta": "0.004723000", + "frame.time_delta_displayed": "0.004723000", + "frame.time_relative": "442.398724000", + "frame.number": "1031", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e67d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d20b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47389", + "tcp.dstport": "80", + "tcp.port": "47389", + "tcp.port": "80", + "tcp.stream": "34", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003e24", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.875098000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.875098000", + "frame.time_delta": "0.015688000", + "frame.time_delta_displayed": "0.015688000", + "frame.time_relative": "442.414412000", + "frame.number": "1032", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000917d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000025e1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "1017" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.970374000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.970374000", + "frame.time_delta": "0.095276000", + "frame.time_delta_displayed": "0.095276000", + "frame.time_relative": "442.509688000", + "frame.number": "1033", + "frame.len": "103", + "frame.cap_len": "103", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "89", + "ip.id": "0x0000ff1d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000da7b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "69", + "udp.checksum": "0x00000f5a", + "udp.checksum.status": "2", + "udp.stream": "38" + }, + "mdns": { + "dns.id": "0x00000002", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", + "dns.qry.name.len": "37", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.986564000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.986564000", + "frame.time_delta": "0.016190000", + "frame.time_delta_displayed": "0.016190000", + "frame.time_relative": "442.525878000", + "frame.number": "1034", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000560f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006266", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47390", + "tcp.dstport": "80", + "tcp.port": "47390", + "tcp.port": "80", + "tcp.stream": "35", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000a029", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:00:4f:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 917583, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "917583", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.987132000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.987132000", + "frame.time_delta": "0.000568000", + "frame.time_delta_displayed": "0.000568000", + "frame.time_relative": "442.526446000", + "frame.number": "1035", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47390", + "tcp.port": "80", + "tcp.port": "47390", + "tcp.stream": "35", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000e0c4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1034", + "tcp.analysis.ack_rtt": "0.000568000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.995523000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.995523000", + "frame.time_delta": "0.008391000", + "frame.time_delta_displayed": "0.008391000", + "frame.time_relative": "442.534837000", + "frame.number": "1036", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005610", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006279", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47390", + "tcp.dstport": "80", + "tcp.port": "47390", + "tcp.port": "80", + "tcp.stream": "35", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000924c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1035", + "tcp.analysis.ack_rtt": "0.008391000", + "tcp.analysis.initial_rtt": "0.008959000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.996067000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.996067000", + "frame.time_delta": "0.000544000", + "frame.time_delta_displayed": "0.000544000", + "frame.time_relative": "442.535381000", + "frame.number": "1037", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00005611", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000061b8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47390", + "tcp.dstport": "80", + "tcp.port": "47390", + "tcp.port": "80", + "tcp.stream": "35", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f1c6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008959000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.996560000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.996560000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "442.535874000", + "frame.number": "1038", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f079", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c80f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47390", + "tcp.port": "80", + "tcp.port": "47390", + "tcp.stream": "35", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000841b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1037", + "tcp.analysis.ack_rtt": "0.000493000", + "tcp.analysis.initial_rtt": "0.008959000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.997206000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.997206000", + "frame.time_delta": "0.000646000", + "frame.time_delta_displayed": "0.000646000", + "frame.time_relative": "442.536520000", + "frame.number": "1039", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000f07a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c7fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47390", + "tcp.port": "80", + "tcp.port": "47390", + "tcp.stream": "35", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c43c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008959000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:53.997560000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494033.997560000", + "frame.time_delta": "0.000354000", + "frame.time_delta_displayed": "0.000354000", + "frame.time_relative": "442.536874000", + "frame.number": "1040", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000f07b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c42a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47390", + "tcp.port": "80", + "tcp.port": "47390", + "tcp.stream": "35", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000016a6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008959000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1039", + "tcp.segment": "1040", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001493000", + "http.request_in": "1037", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:54.003671000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494034.003671000", + "frame.time_delta": "0.006111000", + "frame.time_delta_displayed": "0.006111000", + "frame.time_relative": "442.542985000", + "frame.number": "1041", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005612", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006277", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47390", + "tcp.dstport": "80", + "tcp.port": "47390", + "tcp.port": "80", + "tcp.stream": "35", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000917b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1039", + "tcp.analysis.ack_rtt": "0.006465000", + "tcp.analysis.initial_rtt": "0.008959000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:54.003790000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494034.003790000", + "frame.time_delta": "0.000119000", + "frame.time_delta_displayed": "0.000119000", + "frame.time_relative": "442.543104000", + "frame.number": "1042", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005613", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006276", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47390", + "tcp.dstport": "80", + "tcp.port": "47390", + "tcp.port": "80", + "tcp.stream": "35", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008d90", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1040", + "tcp.analysis.ack_rtt": "0.006230000", + "tcp.analysis.initial_rtt": "0.008959000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:54.005414000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494034.005414000", + "frame.time_delta": "0.001624000", + "frame.time_delta_displayed": "0.001624000", + "frame.time_relative": "442.544728000", + "frame.number": "1043", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005614", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006275", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47390", + "tcp.dstport": "80", + "tcp.port": "47390", + "tcp.port": "80", + "tcp.stream": "35", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008d8f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:54.005898000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494034.005898000", + "frame.time_delta": "0.000484000", + "frame.time_delta_displayed": "0.000484000", + "frame.time_relative": "442.545212000", + "frame.number": "1044", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d52e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e35a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47390", + "tcp.port": "80", + "tcp.port": "47390", + "tcp.stream": "35", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008025", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1043", + "tcp.analysis.ack_rtt": "0.000484000", + "tcp.analysis.initial_rtt": "0.008959000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:54.013132000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494034.013132000", + "frame.time_delta": "0.007234000", + "frame.time_delta_displayed": "0.007234000", + "frame.time_relative": "442.552446000", + "frame.number": "1045", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e686", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d202", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47390", + "tcp.dstport": "80", + "tcp.port": "47390", + "tcp.port": "80", + "tcp.stream": "35", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000007a6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:54.822514000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494034.822514000", + "frame.time_delta": "0.809382000", + "frame.time_delta_displayed": "0.809382000", + "frame.time_relative": "443.361828000", + "frame.number": "1046", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000091d4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000258d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "1032" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:54.875298000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494034.875298000", + "frame.time_delta": "0.052784000", + "frame.time_delta_displayed": "0.052784000", + "frame.time_relative": "443.414612000", + "frame.number": "1047", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000091d7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002581", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "1046" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:54.904945000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494034.904945000", + "frame.time_delta": "0.029647000", + "frame.time_delta_displayed": "0.029647000", + "frame.time_relative": "443.444259000", + "frame.number": "1048", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00004a9c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006dd9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47391", + "tcp.dstport": "80", + "tcp.port": "47391", + "tcp.port": "80", + "tcp.stream": "36", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000f33d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:00:ab:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 917675, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "917675", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:54.905500000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494034.905500000", + "frame.time_delta": "0.000555000", + "frame.time_delta_displayed": "0.000555000", + "frame.time_relative": "443.444814000", + "frame.number": "1049", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47391", + "tcp.port": "80", + "tcp.port": "47391", + "tcp.stream": "36", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000b5bb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1048", + "tcp.analysis.ack_rtt": "0.000555000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:54.908873000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494034.908873000", + "frame.time_delta": "0.003373000", + "frame.time_delta_displayed": "0.003373000", + "frame.time_relative": "443.448187000", + "frame.number": "1050", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004a9d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006dec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47391", + "tcp.dstport": "80", + "tcp.port": "47391", + "tcp.port": "80", + "tcp.stream": "36", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006743", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1049", + "tcp.analysis.ack_rtt": "0.003373000", + "tcp.analysis.initial_rtt": "0.003928000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:54.909774000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494034.909774000", + "frame.time_delta": "0.000901000", + "frame.time_delta_displayed": "0.000901000", + "frame.time_relative": "443.449088000", + "frame.number": "1051", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00004a9e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006d2b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47391", + "tcp.dstport": "80", + "tcp.port": "47391", + "tcp.port": "80", + "tcp.stream": "36", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c6bd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003928000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:54.910248000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494034.910248000", + "frame.time_delta": "0.000474000", + "frame.time_delta_displayed": "0.000474000", + "frame.time_relative": "443.449562000", + "frame.number": "1052", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002c4a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008c3f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47391", + "tcp.port": "80", + "tcp.port": "47391", + "tcp.stream": "36", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005912", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1051", + "tcp.analysis.ack_rtt": "0.000474000", + "tcp.analysis.initial_rtt": "0.003928000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:54.910955000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494034.910955000", + "frame.time_delta": "0.000707000", + "frame.time_delta_displayed": "0.000707000", + "frame.time_relative": "443.450269000", + "frame.number": "1053", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00002c4b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008c2d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47391", + "tcp.port": "80", + "tcp.port": "47391", + "tcp.stream": "36", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009933", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003928000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:54.911398000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494034.911398000", + "frame.time_delta": "0.000443000", + "frame.time_delta_displayed": "0.000443000", + "frame.time_relative": "443.450712000", + "frame.number": "1054", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00002c4c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000885a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47391", + "tcp.port": "80", + "tcp.port": "47391", + "tcp.stream": "36", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000eb9c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003928000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1053", + "tcp.segment": "1054", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001624000", + "http.request_in": "1051", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:54.915225000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494034.915225000", + "frame.time_delta": "0.003827000", + "frame.time_delta_displayed": "0.003827000", + "frame.time_relative": "443.454539000", + "frame.number": "1055", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004a9f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006dea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47391", + "tcp.dstport": "80", + "tcp.port": "47391", + "tcp.port": "80", + "tcp.stream": "36", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006672", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1053", + "tcp.analysis.ack_rtt": "0.004270000", + "tcp.analysis.initial_rtt": "0.003928000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:54.916286000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494034.916286000", + "frame.time_delta": "0.001061000", + "frame.time_delta_displayed": "0.001061000", + "frame.time_relative": "443.455600000", + "frame.number": "1056", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004aa0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006de9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47391", + "tcp.dstport": "80", + "tcp.port": "47391", + "tcp.port": "80", + "tcp.stream": "36", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006287", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1054", + "tcp.analysis.ack_rtt": "0.004888000", + "tcp.analysis.initial_rtt": "0.003928000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:54.917178000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494034.917178000", + "frame.time_delta": "0.000892000", + "frame.time_delta_displayed": "0.000892000", + "frame.time_relative": "443.456492000", + "frame.number": "1057", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004aa1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006de8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47391", + "tcp.dstport": "80", + "tcp.port": "47391", + "tcp.port": "80", + "tcp.stream": "36", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006286", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:54.917633000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494034.917633000", + "frame.time_delta": "0.000455000", + "frame.time_delta_displayed": "0.000455000", + "frame.time_relative": "443.456947000", + "frame.number": "1058", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d568", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e320", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47391", + "tcp.port": "80", + "tcp.port": "47391", + "tcp.stream": "36", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000551c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1057", + "tcp.analysis.ack_rtt": "0.000455000", + "tcp.analysis.initial_rtt": "0.003928000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:54.928385000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494034.928385000", + "frame.time_delta": "0.010752000", + "frame.time_delta_displayed": "0.010752000", + "frame.time_relative": "443.467699000", + "frame.number": "1059", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000091da", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002584", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "1047" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:54.929610000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494034.929610000", + "frame.time_delta": "0.001225000", + "frame.time_delta_displayed": "0.001225000", + "frame.time_relative": "443.468924000", + "frame.number": "1060", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e6ba", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d1ce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47391", + "tcp.dstport": "80", + "tcp.port": "47391", + "tcp.port": "80", + "tcp.stream": "36", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005b16", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.079236000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.079236000", + "frame.time_delta": "0.149626000", + "frame.time_delta_displayed": "0.149626000", + "frame.time_relative": "443.618550000", + "frame.number": "1061", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000028c2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008fb3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47392", + "tcp.dstport": "80", + "tcp.port": "47392", + "tcp.port": "80", + "tcp.stream": "37", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00006a59", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:00:ae:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 917678, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "917678", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.079355000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.079355000", + "frame.time_delta": "0.000119000", + "frame.time_delta_displayed": "0.000119000", + "frame.time_relative": "443.618669000", + "frame.number": "1062", + "frame.len": "103", + "frame.cap_len": "103", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "89", + "ip.id": "0x0000ff4b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000da4d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "69", + "udp.checksum": "0x00000f59", + "udp.checksum.status": "2", + "udp.stream": "38" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", + "dns.qry.name.len": "37", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.079807000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.079807000", + "frame.time_delta": "0.000452000", + "frame.time_delta_displayed": "0.000452000", + "frame.time_relative": "443.619121000", + "frame.number": "1063", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47392", + "tcp.port": "80", + "tcp.port": "47392", + "tcp.stream": "37", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000269d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1061", + "tcp.analysis.ack_rtt": "0.000571000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.096780000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.096780000", + "frame.time_delta": "0.016973000", + "frame.time_delta_displayed": "0.016973000", + "frame.time_relative": "443.636094000", + "frame.number": "1064", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000028c3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008fc6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47392", + "tcp.dstport": "80", + "tcp.port": "47392", + "tcp.port": "80", + "tcp.stream": "37", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d824", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1063", + "tcp.analysis.ack_rtt": "0.016973000", + "tcp.analysis.initial_rtt": "0.017544000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.097544000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.097544000", + "frame.time_delta": "0.000764000", + "frame.time_delta_displayed": "0.000764000", + "frame.time_relative": "443.636858000", + "frame.number": "1065", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000028c4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008f05", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47392", + "tcp.dstport": "80", + "tcp.port": "47392", + "tcp.port": "80", + "tcp.stream": "37", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000379f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.017544000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.098035000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.098035000", + "frame.time_delta": "0.000491000", + "frame.time_delta_displayed": "0.000491000", + "frame.time_relative": "443.637349000", + "frame.number": "1066", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000096f7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002192", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47392", + "tcp.port": "80", + "tcp.port": "47392", + "tcp.stream": "37", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c9f3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1065", + "tcp.analysis.ack_rtt": "0.000491000", + "tcp.analysis.initial_rtt": "0.017544000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.098685000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.098685000", + "frame.time_delta": "0.000650000", + "frame.time_delta_displayed": "0.000650000", + "frame.time_relative": "443.637999000", + "frame.number": "1067", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000096f8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002180", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47392", + "tcp.port": "80", + "tcp.port": "47392", + "tcp.stream": "37", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000a15", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.017544000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.099033000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.099033000", + "frame.time_delta": "0.000348000", + "frame.time_delta_displayed": "0.000348000", + "frame.time_relative": "443.638347000", + "frame.number": "1068", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000096f9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001dad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47392", + "tcp.port": "80", + "tcp.port": "47392", + "tcp.stream": "37", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005c7e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.017544000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1067", + "tcp.segment": "1068", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001489000", + "http.request_in": "1065", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.103421000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.103421000", + "frame.time_delta": "0.004388000", + "frame.time_delta_displayed": "0.004388000", + "frame.time_relative": "443.642735000", + "frame.number": "1069", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000028c5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008fc4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47392", + "tcp.dstport": "80", + "tcp.port": "47392", + "tcp.port": "80", + "tcp.stream": "37", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d753", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1067", + "tcp.analysis.ack_rtt": "0.004736000", + "tcp.analysis.initial_rtt": "0.017544000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.103530000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.103530000", + "frame.time_delta": "0.000109000", + "frame.time_delta_displayed": "0.000109000", + "frame.time_relative": "443.642844000", + "frame.number": "1070", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000028c6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008fc3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47392", + "tcp.dstport": "80", + "tcp.port": "47392", + "tcp.port": "80", + "tcp.stream": "37", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d368", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1068", + "tcp.analysis.ack_rtt": "0.004497000", + "tcp.analysis.initial_rtt": "0.017544000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.105976000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.105976000", + "frame.time_delta": "0.002446000", + "frame.time_delta_displayed": "0.002446000", + "frame.time_relative": "443.645290000", + "frame.number": "1071", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000028c7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008fc2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47392", + "tcp.dstport": "80", + "tcp.port": "47392", + "tcp.port": "80", + "tcp.stream": "37", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d367", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.106434000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.106434000", + "frame.time_delta": "0.000458000", + "frame.time_delta_displayed": "0.000458000", + "frame.time_relative": "443.645748000", + "frame.number": "1072", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d579", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e30f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47392", + "tcp.port": "80", + "tcp.port": "47392", + "tcp.stream": "37", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c5fd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1071", + "tcp.analysis.ack_rtt": "0.000458000", + "tcp.analysis.initial_rtt": "0.017544000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.111731000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.111731000", + "frame.time_delta": "0.005297000", + "frame.time_delta_displayed": "0.005297000", + "frame.time_relative": "443.651045000", + "frame.number": "1073", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e6bc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d1cc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47392", + "tcp.dstport": "80", + "tcp.port": "47392", + "tcp.port": "80", + "tcp.stream": "37", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d234", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.875048000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.875048000", + "frame.time_delta": "0.763317000", + "frame.time_delta_displayed": "0.763317000", + "frame.time_relative": "444.414362000", + "frame.number": "1074", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000091f6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000256b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "1059" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.880637000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.880637000", + "frame.time_delta": "0.005589000", + "frame.time_delta_displayed": "0.005589000", + "frame.time_relative": "444.419951000", + "frame.number": "1075", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000ccf1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eb83", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47393", + "tcp.dstport": "80", + "tcp.port": "47393", + "tcp.port": "80", + "tcp.stream": "38", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000afe9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:01:0c:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 917772, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "917772", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.881178000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.881178000", + "frame.time_delta": "0.000541000", + "frame.time_delta_displayed": "0.000541000", + "frame.time_relative": "444.420492000", + "frame.number": "1076", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47393", + "tcp.port": "80", + "tcp.port": "47393", + "tcp.stream": "38", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000fcba", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1075", + "tcp.analysis.ack_rtt": "0.000541000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.885085000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.885085000", + "frame.time_delta": "0.003907000", + "frame.time_delta_displayed": "0.003907000", + "frame.time_relative": "444.424399000", + "frame.number": "1077", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ccf2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eb96", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47393", + "tcp.dstport": "80", + "tcp.port": "47393", + "tcp.port": "80", + "tcp.stream": "38", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ae42", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1076", + "tcp.analysis.ack_rtt": "0.003907000", + "tcp.analysis.initial_rtt": "0.004448000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.885748000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.885748000", + "frame.time_delta": "0.000663000", + "frame.time_delta_displayed": "0.000663000", + "frame.time_relative": "444.425062000", + "frame.number": "1078", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000ccf3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ead5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47393", + "tcp.dstport": "80", + "tcp.port": "47393", + "tcp.port": "80", + "tcp.stream": "38", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000dbd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004448000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.886238000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.886238000", + "frame.time_delta": "0.000490000", + "frame.time_delta_displayed": "0.000490000", + "frame.time_relative": "444.425552000", + "frame.number": "1079", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006e3d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004a4c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47393", + "tcp.port": "80", + "tcp.port": "47393", + "tcp.stream": "38", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a011", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1078", + "tcp.analysis.ack_rtt": "0.000490000", + "tcp.analysis.initial_rtt": "0.004448000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.886889000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.886889000", + "frame.time_delta": "0.000651000", + "frame.time_delta_displayed": "0.000651000", + "frame.time_relative": "444.426203000", + "frame.number": "1080", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00006e3e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004a3a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47393", + "tcp.port": "80", + "tcp.port": "47393", + "tcp.stream": "38", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e032", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004448000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.887328000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.887328000", + "frame.time_delta": "0.000439000", + "frame.time_delta_displayed": "0.000439000", + "frame.time_relative": "444.426642000", + "frame.number": "1081", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00006e3f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004667", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47393", + "tcp.port": "80", + "tcp.port": "47393", + "tcp.stream": "38", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000329c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004448000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1080", + "tcp.segment": "1081", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001580000", + "http.request_in": "1078", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.890798000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.890798000", + "frame.time_delta": "0.003470000", + "frame.time_delta_displayed": "0.003470000", + "frame.time_relative": "444.430112000", + "frame.number": "1082", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00006e40", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004666", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47393", + "tcp.port": "80", + "tcp.port": "47393", + "tcp.stream": "38", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000329c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004448000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.928065000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.928065000", + "frame.time_delta": "0.037267000", + "frame.time_delta_displayed": "0.037267000", + "frame.time_relative": "444.467379000", + "frame.number": "1083", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000091f9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000255f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "1074" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:55.980945000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494035.980945000", + "frame.time_delta": "0.052880000", + "frame.time_delta_displayed": "0.052880000", + "frame.time_relative": "444.520259000", + "frame.number": "1084", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000091fe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002560", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "1083" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.034499000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.034499000", + "frame.time_delta": "0.053554000", + "frame.time_delta_displayed": "0.053554000", + "frame.time_relative": "444.573813000", + "frame.number": "1085", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ccf4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eb94", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47393", + "tcp.dstport": "80", + "tcp.port": "47393", + "tcp.port": "80", + "tcp.stream": "38", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ad71", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1080", + "tcp.analysis.ack_rtt": "0.147610000", + "tcp.analysis.initial_rtt": "0.004448000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.036122000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.036122000", + "frame.time_delta": "0.001623000", + "frame.time_delta_displayed": "0.001623000", + "frame.time_relative": "444.575436000", + "frame.number": "1086", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ccf5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eb93", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47393", + "tcp.dstport": "80", + "tcp.port": "47393", + "tcp.port": "80", + "tcp.stream": "38", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a986", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1081", + "tcp.analysis.ack_rtt": "0.148794000", + "tcp.analysis.initial_rtt": "0.004448000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.036166000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.036166000", + "frame.time_delta": "0.000044000", + "frame.time_delta_displayed": "0.000044000", + "frame.time_relative": "444.575480000", + "frame.number": "1087", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000ccf6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eb86", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47393", + "tcp.dstport": "80", + "tcp.port": "47393", + "tcp.port": "80", + "tcp.stream": "38", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009cec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:1a:c7:4e:88:1a:c7:52:6c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004448000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "1086", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.036743000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.036743000", + "frame.time_delta": "0.000577000", + "frame.time_delta_displayed": "0.000577000", + "frame.time_relative": "444.576057000", + "frame.number": "1088", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ccf7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eb91", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47393", + "tcp.dstport": "80", + "tcp.port": "47393", + "tcp.port": "80", + "tcp.stream": "38", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a985", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.037191000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.037191000", + "frame.time_delta": "0.000448000", + "frame.time_delta_displayed": "0.000448000", + "frame.time_relative": "444.576505000", + "frame.number": "1089", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d5d3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e2b5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47393", + "tcp.port": "80", + "tcp.port": "47393", + "tcp.stream": "38", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009c1b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1088", + "tcp.analysis.ack_rtt": "0.000448000", + "tcp.analysis.initial_rtt": "0.004448000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.042618000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.042618000", + "frame.time_delta": "0.005427000", + "frame.time_delta_displayed": "0.005427000", + "frame.time_relative": "444.581932000", + "frame.number": "1090", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e6e7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d1a1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47393", + "tcp.dstport": "80", + "tcp.port": "47393", + "tcp.port": "80", + "tcp.stream": "38", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001823", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.045262000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.045262000", + "frame.time_delta": "0.002644000", + "frame.time_delta_displayed": "0.002644000", + "frame.time_relative": "444.584576000", + "frame.number": "1091", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00004b15", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006d60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47394", + "tcp.dstport": "80", + "tcp.port": "47394", + "tcp.port": "80", + "tcp.stream": "39", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00006fb7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:01:1d:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 917789, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "917789", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.045788000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.045788000", + "frame.time_delta": "0.000526000", + "frame.time_delta_displayed": "0.000526000", + "frame.time_relative": "444.585102000", + "frame.number": "1092", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47394", + "tcp.port": "80", + "tcp.port": "47394", + "tcp.stream": "39", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00009384", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1091", + "tcp.analysis.ack_rtt": "0.000526000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.050571000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.050571000", + "frame.time_delta": "0.004783000", + "frame.time_delta_displayed": "0.004783000", + "frame.time_relative": "444.589885000", + "frame.number": "1093", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004b16", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006d73", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47394", + "tcp.dstport": "80", + "tcp.port": "47394", + "tcp.port": "80", + "tcp.stream": "39", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000450c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1092", + "tcp.analysis.ack_rtt": "0.004783000", + "tcp.analysis.initial_rtt": "0.005309000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.051430000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.051430000", + "frame.time_delta": "0.000859000", + "frame.time_delta_displayed": "0.000859000", + "frame.time_relative": "444.590744000", + "frame.number": "1094", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00004b17", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006cb2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47394", + "tcp.dstport": "80", + "tcp.port": "47394", + "tcp.port": "80", + "tcp.stream": "39", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a486", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005309000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.051934000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.051934000", + "frame.time_delta": "0.000504000", + "frame.time_delta_displayed": "0.000504000", + "frame.time_relative": "444.591248000", + "frame.number": "1095", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000621d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000566c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47394", + "tcp.port": "80", + "tcp.port": "47394", + "tcp.stream": "39", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000036db", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1094", + "tcp.analysis.ack_rtt": "0.000504000", + "tcp.analysis.initial_rtt": "0.005309000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.052640000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.052640000", + "frame.time_delta": "0.000706000", + "frame.time_delta_displayed": "0.000706000", + "frame.time_relative": "444.591954000", + "frame.number": "1096", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000621e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000565a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47394", + "tcp.port": "80", + "tcp.port": "47394", + "tcp.stream": "39", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000076fc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005309000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.052997000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.052997000", + "frame.time_delta": "0.000357000", + "frame.time_delta_displayed": "0.000357000", + "frame.time_relative": "444.592311000", + "frame.number": "1097", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000621f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005287", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47394", + "tcp.port": "80", + "tcp.port": "47394", + "tcp.stream": "39", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c965", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005309000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1096", + "tcp.segment": "1097", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001567000", + "http.request_in": "1094", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.056797000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.056797000", + "frame.time_delta": "0.003800000", + "frame.time_delta_displayed": "0.003800000", + "frame.time_relative": "444.596111000", + "frame.number": "1098", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004b18", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006d71", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47394", + "tcp.dstport": "80", + "tcp.port": "47394", + "tcp.port": "80", + "tcp.stream": "39", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000443b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1096", + "tcp.analysis.ack_rtt": "0.004157000", + "tcp.analysis.initial_rtt": "0.005309000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.056841000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.056841000", + "frame.time_delta": "0.000044000", + "frame.time_delta_displayed": "0.000044000", + "frame.time_relative": "444.596155000", + "frame.number": "1099", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004b19", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006d70", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47394", + "tcp.dstport": "80", + "tcp.port": "47394", + "tcp.port": "80", + "tcp.stream": "39", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004050", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1097", + "tcp.analysis.ack_rtt": "0.003844000", + "tcp.analysis.initial_rtt": "0.005309000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.057433000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.057433000", + "frame.time_delta": "0.000592000", + "frame.time_delta_displayed": "0.000592000", + "frame.time_relative": "444.596747000", + "frame.number": "1100", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004b1a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006d6f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47394", + "tcp.dstport": "80", + "tcp.port": "47394", + "tcp.port": "80", + "tcp.stream": "39", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000404f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.057882000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.057882000", + "frame.time_delta": "0.000449000", + "frame.time_delta_displayed": "0.000449000", + "frame.time_relative": "444.597196000", + "frame.number": "1101", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d5d5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e2b3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47394", + "tcp.port": "80", + "tcp.port": "47394", + "tcp.stream": "39", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000032e5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1100", + "tcp.analysis.ack_rtt": "0.000449000", + "tcp.analysis.initial_rtt": "0.005309000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.061766000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.061766000", + "frame.time_delta": "0.003884000", + "frame.time_delta_displayed": "0.003884000", + "frame.time_relative": "444.601080000", + "frame.number": "1102", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e6e8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d1a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47394", + "tcp.dstport": "80", + "tcp.port": "47394", + "tcp.port": "80", + "tcp.stream": "39", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d801", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.881151000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.881151000", + "frame.time_delta": "0.819385000", + "frame.time_delta_displayed": "0.819385000", + "frame.time_relative": "445.420465000", + "frame.number": "1103", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000921f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002542", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "1084" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.933929000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.933929000", + "frame.time_delta": "0.052778000", + "frame.time_delta_displayed": "0.052778000", + "frame.time_relative": "445.473243000", + "frame.number": "1104", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00009220", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002538", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "1103" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.986691000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.986691000", + "frame.time_delta": "0.052762000", + "frame.time_delta_displayed": "0.052762000", + "frame.time_relative": "445.526005000", + "frame.number": "1105", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00009221", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000253d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "1104" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.997967000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.997967000", + "frame.time_delta": "0.011276000", + "frame.time_delta_displayed": "0.011276000", + "frame.time_relative": "445.537281000", + "frame.number": "1106", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000c7e4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f090", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47397", + "tcp.dstport": "80", + "tcp.port": "47397", + "tcp.port": "80", + "tcp.stream": "40", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000305e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:01:7c:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 917884, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "917884", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:56.998528000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494036.998528000", + "frame.time_delta": "0.000561000", + "frame.time_delta_displayed": "0.000561000", + "frame.time_relative": "445.537842000", + "frame.number": "1107", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47397", + "tcp.port": "80", + "tcp.port": "47397", + "tcp.stream": "40", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000d4f7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1106", + "tcp.analysis.ack_rtt": "0.000561000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.001665000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.001665000", + "frame.time_delta": "0.003137000", + "frame.time_delta_displayed": "0.003137000", + "frame.time_relative": "445.540979000", + "frame.number": "1108", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c7e5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f0a3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47397", + "tcp.dstport": "80", + "tcp.port": "47397", + "tcp.port": "80", + "tcp.stream": "40", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000867f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1107", + "tcp.analysis.ack_rtt": "0.003137000", + "tcp.analysis.initial_rtt": "0.003698000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.001797000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.001797000", + "frame.time_delta": "0.000132000", + "frame.time_delta_displayed": "0.000132000", + "frame.time_relative": "445.541111000", + "frame.number": "1109", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000c7e6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000efe2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47397", + "tcp.dstport": "80", + "tcp.port": "47397", + "tcp.port": "80", + "tcp.stream": "40", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e5f9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003698000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.002236000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.002236000", + "frame.time_delta": "0.000439000", + "frame.time_delta_displayed": "0.000439000", + "frame.time_relative": "445.541550000", + "frame.number": "1110", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d530", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e358", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47397", + "tcp.port": "80", + "tcp.port": "47397", + "tcp.stream": "40", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000784e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1109", + "tcp.analysis.ack_rtt": "0.000439000", + "tcp.analysis.initial_rtt": "0.003698000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.003009000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.003009000", + "frame.time_delta": "0.000773000", + "frame.time_delta_displayed": "0.000773000", + "frame.time_relative": "445.542323000", + "frame.number": "1111", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000d531", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e346", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47397", + "tcp.port": "80", + "tcp.port": "47397", + "tcp.stream": "40", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b86f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003698000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.003364000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.003364000", + "frame.time_delta": "0.000355000", + "frame.time_delta_displayed": "0.000355000", + "frame.time_relative": "445.542678000", + "frame.number": "1112", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000d532", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000df73", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47397", + "tcp.port": "80", + "tcp.port": "47397", + "tcp.stream": "40", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000ad9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003698000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1111", + "tcp.segment": "1112", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001567000", + "http.request_in": "1109", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.006207000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.006207000", + "frame.time_delta": "0.002843000", + "frame.time_delta_displayed": "0.002843000", + "frame.time_relative": "445.545521000", + "frame.number": "1113", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c7e7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f0a1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47397", + "tcp.dstport": "80", + "tcp.port": "47397", + "tcp.port": "80", + "tcp.stream": "40", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000085ae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1111", + "tcp.analysis.ack_rtt": "0.003198000", + "tcp.analysis.initial_rtt": "0.003698000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.006253000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.006253000", + "frame.time_delta": "0.000046000", + "frame.time_delta_displayed": "0.000046000", + "frame.time_relative": "445.545567000", + "frame.number": "1114", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c7e8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f0a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47397", + "tcp.dstport": "80", + "tcp.port": "47397", + "tcp.port": "80", + "tcp.stream": "40", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000081c3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1112", + "tcp.analysis.ack_rtt": "0.002889000", + "tcp.analysis.initial_rtt": "0.003698000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.011742000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.011742000", + "frame.time_delta": "0.005489000", + "frame.time_delta_displayed": "0.005489000", + "frame.time_relative": "445.551056000", + "frame.number": "1115", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c7e9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f09f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47397", + "tcp.dstport": "80", + "tcp.port": "47397", + "tcp.port": "80", + "tcp.stream": "40", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000081c2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.012221000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.012221000", + "frame.time_delta": "0.000479000", + "frame.time_delta_displayed": "0.000479000", + "frame.time_relative": "445.551535000", + "frame.number": "1116", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d629", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e25f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47397", + "tcp.port": "80", + "tcp.port": "47397", + "tcp.stream": "40", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007458", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1115", + "tcp.analysis.ack_rtt": "0.000479000", + "tcp.analysis.initial_rtt": "0.003698000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.014017000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.014017000", + "frame.time_delta": "0.001796000", + "frame.time_delta_displayed": "0.001796000", + "frame.time_relative": "445.553331000", + "frame.number": "1117", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00009262", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002613", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47398", + "tcp.dstport": "80", + "tcp.port": "47398", + "tcp.port": "80", + "tcp.stream": "41", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000d92b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:01:7e:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 917886, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "917886", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.014568000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.014568000", + "frame.time_delta": "0.000551000", + "frame.time_delta_displayed": "0.000551000", + "frame.time_relative": "445.553882000", + "frame.number": "1118", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47398", + "tcp.port": "80", + "tcp.port": "47398", + "tcp.stream": "41", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000bb26", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1117", + "tcp.analysis.ack_rtt": "0.000551000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.014805000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.014805000", + "frame.time_delta": "0.000237000", + "frame.time_delta_displayed": "0.000237000", + "frame.time_relative": "445.554119000", + "frame.number": "1119", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e717", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d171", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47397", + "tcp.dstport": "80", + "tcp.port": "47397", + "tcp.port": "80", + "tcp.stream": "40", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009907", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.017687000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.017687000", + "frame.time_delta": "0.002882000", + "frame.time_delta_displayed": "0.002882000", + "frame.time_relative": "445.557001000", + "frame.number": "1120", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009263", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002626", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47398", + "tcp.dstport": "80", + "tcp.port": "47398", + "tcp.port": "80", + "tcp.stream": "41", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006cae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1118", + "tcp.analysis.ack_rtt": "0.003119000", + "tcp.analysis.initial_rtt": "0.003670000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.020528000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.020528000", + "frame.time_delta": "0.002841000", + "frame.time_delta_displayed": "0.002841000", + "frame.time_relative": "445.559842000", + "frame.number": "1121", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00009264", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002565", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47398", + "tcp.dstport": "80", + "tcp.port": "47398", + "tcp.port": "80", + "tcp.stream": "41", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000cc28", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003670000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.021057000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.021057000", + "frame.time_delta": "0.000529000", + "frame.time_delta_displayed": "0.000529000", + "frame.time_relative": "445.560371000", + "frame.number": "1122", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000065ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000529b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47398", + "tcp.port": "80", + "tcp.port": "47398", + "tcp.stream": "41", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005e7d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1121", + "tcp.analysis.ack_rtt": "0.000529000", + "tcp.analysis.initial_rtt": "0.003670000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.021758000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.021758000", + "frame.time_delta": "0.000701000", + "frame.time_delta_displayed": "0.000701000", + "frame.time_relative": "445.561072000", + "frame.number": "1123", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000065ef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005289", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47398", + "tcp.port": "80", + "tcp.port": "47398", + "tcp.stream": "41", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009e9e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003670000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.022112000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.022112000", + "frame.time_delta": "0.000354000", + "frame.time_delta_displayed": "0.000354000", + "frame.time_relative": "445.561426000", + "frame.number": "1124", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000065f0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004eb6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47398", + "tcp.port": "80", + "tcp.port": "47398", + "tcp.stream": "41", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f107", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003670000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1123", + "tcp.segment": "1124", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001584000", + "http.request_in": "1121", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.026383000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.026383000", + "frame.time_delta": "0.004271000", + "frame.time_delta_displayed": "0.004271000", + "frame.time_relative": "445.565697000", + "frame.number": "1125", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009265", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002624", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47398", + "tcp.dstport": "80", + "tcp.port": "47398", + "tcp.port": "80", + "tcp.stream": "41", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006bdd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1123", + "tcp.analysis.ack_rtt": "0.004625000", + "tcp.analysis.initial_rtt": "0.003670000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.026428000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.026428000", + "frame.time_delta": "0.000045000", + "frame.time_delta_displayed": "0.000045000", + "frame.time_relative": "445.565742000", + "frame.number": "1126", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009266", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002623", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47398", + "tcp.dstport": "80", + "tcp.port": "47398", + "tcp.port": "80", + "tcp.stream": "41", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000067f2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1124", + "tcp.analysis.ack_rtt": "0.004316000", + "tcp.analysis.initial_rtt": "0.003670000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.029851000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.029851000", + "frame.time_delta": "0.003423000", + "frame.time_delta_displayed": "0.003423000", + "frame.time_relative": "445.569165000", + "frame.number": "1127", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009267", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002622", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47398", + "tcp.dstport": "80", + "tcp.port": "47398", + "tcp.port": "80", + "tcp.stream": "41", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000067f1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.030319000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.030319000", + "frame.time_delta": "0.000468000", + "frame.time_delta_displayed": "0.000468000", + "frame.time_relative": "445.569633000", + "frame.number": "1128", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d62a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e25e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47398", + "tcp.port": "80", + "tcp.port": "47398", + "tcp.stream": "41", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005a87", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1127", + "tcp.analysis.ack_rtt": "0.000468000", + "tcp.analysis.initial_rtt": "0.003670000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.180255000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.180255000", + "frame.time_delta": "0.149936000", + "frame.time_delta_displayed": "0.149936000", + "frame.time_relative": "445.719569000", + "frame.number": "1129", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e719", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d16f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47398", + "tcp.dstport": "80", + "tcp.port": "47398", + "tcp.port": "80", + "tcp.stream": "41", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000041d7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.680237000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.680237000", + "frame.time_delta": "0.499982000", + "frame.time_delta_displayed": "0.499982000", + "frame.time_relative": "446.219551000", + "frame.number": "1130", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.682612000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.682612000", + "frame.time_delta": "0.002375000", + "frame.time_delta_displayed": "0.002375000", + "frame.time_relative": "446.221926000", + "frame.number": "1131", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:57.984170000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494037.984170000", + "frame.time_delta": "0.301558000", + "frame.time_delta_displayed": "0.301558000", + "frame.time_relative": "446.523484000", + "frame.number": "1132", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000926c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000024f5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "1105" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:58.036945000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494038.036945000", + "frame.time_delta": "0.052775000", + "frame.time_delta_displayed": "0.052775000", + "frame.time_relative": "446.576259000", + "frame.number": "1133", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00009270", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000024e8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "1132" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:58.089844000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494038.089844000", + "frame.time_delta": "0.052899000", + "frame.time_delta_displayed": "0.052899000", + "frame.time_relative": "446.629158000", + "frame.number": "1134", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00009274", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000024ea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "1133" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:58.372692000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494038.372692000", + "frame.time_delta": "0.282848000", + "frame.time_delta_displayed": "0.282848000", + "frame.time_relative": "446.912006000", + "frame.number": "1135", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000015c8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a2ad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47401", + "tcp.dstport": "80", + "tcp.port": "47401", + "tcp.port": "80", + "tcp.stream": "42", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000c994", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:02:06:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918022, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918022", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:58.373266000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494038.373266000", + "frame.time_delta": "0.000574000", + "frame.time_delta_displayed": "0.000574000", + "frame.time_relative": "446.912580000", + "frame.number": "1136", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47401", + "tcp.port": "80", + "tcp.port": "47401", + "tcp.stream": "42", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000029e8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1135", + "tcp.analysis.ack_rtt": "0.000574000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:58.376745000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494038.376745000", + "frame.time_delta": "0.003479000", + "frame.time_delta_displayed": "0.003479000", + "frame.time_relative": "446.916059000", + "frame.number": "1137", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000015c9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a2c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47401", + "tcp.dstport": "80", + "tcp.port": "47401", + "tcp.port": "80", + "tcp.stream": "42", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000db6f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1136", + "tcp.analysis.ack_rtt": "0.003479000", + "tcp.analysis.initial_rtt": "0.004053000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:58.377921000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494038.377921000", + "frame.time_delta": "0.001176000", + "frame.time_delta_displayed": "0.001176000", + "frame.time_relative": "446.917235000", + "frame.number": "1138", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000015ca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a1ff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47401", + "tcp.dstport": "80", + "tcp.port": "47401", + "tcp.port": "80", + "tcp.stream": "42", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003aea", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004053000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:58.378408000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494038.378408000", + "frame.time_delta": "0.000487000", + "frame.time_delta_displayed": "0.000487000", + "frame.time_relative": "446.917722000", + "frame.number": "1139", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003cc6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007bc3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47401", + "tcp.port": "80", + "tcp.port": "47401", + "tcp.stream": "42", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000cd3e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1138", + "tcp.analysis.ack_rtt": "0.000487000", + "tcp.analysis.initial_rtt": "0.004053000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:58.379083000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494038.379083000", + "frame.time_delta": "0.000675000", + "frame.time_delta_displayed": "0.000675000", + "frame.time_relative": "446.918397000", + "frame.number": "1140", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00003cc7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007bb1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47401", + "tcp.port": "80", + "tcp.port": "47401", + "tcp.stream": "42", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000d60", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004053000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:58.379440000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494038.379440000", + "frame.time_delta": "0.000357000", + "frame.time_delta_displayed": "0.000357000", + "frame.time_relative": "446.918754000", + "frame.number": "1141", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00003cc8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077de", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47401", + "tcp.port": "80", + "tcp.port": "47401", + "tcp.stream": "42", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005fc9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004053000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1140", + "tcp.segment": "1141", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001519000", + "http.request_in": "1138", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:58.380805000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494038.380805000", + "frame.time_delta": "0.001365000", + "frame.time_delta_displayed": "0.001365000", + "frame.time_relative": "446.920119000", + "frame.number": "1142", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00003cc9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077dd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47401", + "tcp.port": "80", + "tcp.port": "47401", + "tcp.stream": "42", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005fc9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004053000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:58.381954000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494038.381954000", + "frame.time_delta": "0.001149000", + "frame.time_delta_displayed": "0.001149000", + "frame.time_relative": "446.921268000", + "frame.number": "1143", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000015cb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a2be", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47401", + "tcp.dstport": "80", + "tcp.port": "47401", + "tcp.port": "80", + "tcp.stream": "42", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000da9e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1140", + "tcp.analysis.ack_rtt": "0.002871000", + "tcp.analysis.initial_rtt": "0.004053000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:58.382951000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494038.382951000", + "frame.time_delta": "0.000997000", + "frame.time_delta_displayed": "0.000997000", + "frame.time_relative": "446.922265000", + "frame.number": "1144", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000015cc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a2bd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47401", + "tcp.dstport": "80", + "tcp.port": "47401", + "tcp.port": "80", + "tcp.stream": "42", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d6b3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1141", + "tcp.analysis.ack_rtt": "0.003511000", + "tcp.analysis.initial_rtt": "0.004053000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:58.383898000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494038.383898000", + "frame.time_delta": "0.000947000", + "frame.time_delta_displayed": "0.000947000", + "frame.time_relative": "446.923212000", + "frame.number": "1145", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000015cd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a2b0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47401", + "tcp.dstport": "80", + "tcp.port": "47401", + "tcp.port": "80", + "tcp.stream": "42", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ef29", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:39:31:1d:96:39:31:21:7a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004053000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "1144", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:58.391700000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494038.391700000", + "frame.time_delta": "0.007802000", + "frame.time_delta_displayed": "0.007802000", + "frame.time_relative": "446.931014000", + "frame.number": "1146", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000015ce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a2bb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47401", + "tcp.dstport": "80", + "tcp.port": "47401", + "tcp.port": "80", + "tcp.stream": "42", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d6b2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:58.392194000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494038.392194000", + "frame.time_delta": "0.000494000", + "frame.time_delta_displayed": "0.000494000", + "frame.time_relative": "446.931508000", + "frame.number": "1147", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d63e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e24a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47401", + "tcp.port": "80", + "tcp.port": "47401", + "tcp.stream": "42", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c948", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1146", + "tcp.analysis.ack_rtt": "0.000494000", + "tcp.analysis.initial_rtt": "0.004053000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:58.396578000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494038.396578000", + "frame.time_delta": "0.004384000", + "frame.time_delta_displayed": "0.004384000", + "frame.time_relative": "446.935892000", + "frame.number": "1148", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e724", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d164", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47401", + "tcp.dstport": "80", + "tcp.port": "47401", + "tcp.port": "80", + "tcp.stream": "42", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000032c8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:59.037661000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494039.037661000", + "frame.time_delta": "0.641083000", + "frame.time_delta_displayed": "0.641083000", + "frame.time_relative": "447.576975000", + "frame.number": "1149", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00009289", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000024d8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "1134" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:59.090447000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494039.090447000", + "frame.time_delta": "0.052786000", + "frame.time_delta_displayed": "0.052786000", + "frame.time_relative": "447.629761000", + "frame.number": "1150", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000928d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000024cb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "1149" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:59.142842000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494039.142842000", + "frame.time_delta": "0.052395000", + "frame.time_delta_displayed": "0.052395000", + "frame.time_relative": "447.682156000", + "frame.number": "1151", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00009291", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000024cd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "1150" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:59.300823000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494039.300823000", + "frame.time_delta": "0.157981000", + "frame.time_delta_displayed": "0.157981000", + "frame.time_relative": "447.840137000", + "frame.number": "1152", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00009298", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000024c9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "1151" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:59.353601000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494039.353601000", + "frame.time_delta": "0.052778000", + "frame.time_delta_displayed": "0.052778000", + "frame.time_relative": "447.892915000", + "frame.number": "1153", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000929c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000024bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "1152" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:59.406349000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494039.406349000", + "frame.time_delta": "0.052748000", + "frame.time_delta_displayed": "0.052748000", + "frame.time_relative": "447.945663000", + "frame.number": "1154", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000929e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000024c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "1153" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:59.559398000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494039.559398000", + "frame.time_delta": "0.153049000", + "frame.time_delta_displayed": "0.153049000", + "frame.time_relative": "448.098712000", + "frame.number": "1155", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000bd7c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000faf8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47403", + "tcp.dstport": "80", + "tcp.port": "47403", + "tcp.port": "80", + "tcp.stream": "43", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00000765", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:02:78:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918136, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918136", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:59.559938000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494039.559938000", + "frame.time_delta": "0.000540000", + "frame.time_delta_displayed": "0.000540000", + "frame.time_relative": "448.099252000", + "frame.number": "1156", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47403", + "tcp.port": "80", + "tcp.port": "47403", + "tcp.stream": "43", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000d9a4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1155", + "tcp.analysis.ack_rtt": "0.000540000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:59.563014000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494039.563014000", + "frame.time_delta": "0.003076000", + "frame.time_delta_displayed": "0.003076000", + "frame.time_relative": "448.102328000", + "frame.number": "1157", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000bd7d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fb0b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47403", + "tcp.dstport": "80", + "tcp.port": "47403", + "tcp.port": "80", + "tcp.stream": "43", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008b2c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1156", + "tcp.analysis.ack_rtt": "0.003076000", + "tcp.analysis.initial_rtt": "0.003616000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:59.563052000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494039.563052000", + "frame.time_delta": "0.000038000", + "frame.time_delta_displayed": "0.000038000", + "frame.time_relative": "448.102366000", + "frame.number": "1158", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000bd7e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fa4a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47403", + "tcp.dstport": "80", + "tcp.port": "47403", + "tcp.port": "80", + "tcp.stream": "43", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000eaa6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003616000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:59.563536000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494039.563536000", + "frame.time_delta": "0.000484000", + "frame.time_delta_displayed": "0.000484000", + "frame.time_relative": "448.102850000", + "frame.number": "1159", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000aa3f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000e4a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47403", + "tcp.port": "80", + "tcp.port": "47403", + "tcp.stream": "43", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007cfb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1158", + "tcp.analysis.ack_rtt": "0.000484000", + "tcp.analysis.initial_rtt": "0.003616000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:59.564267000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494039.564267000", + "frame.time_delta": "0.000731000", + "frame.time_delta_displayed": "0.000731000", + "frame.time_relative": "448.103581000", + "frame.number": "1160", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000aa40", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000e38", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47403", + "tcp.port": "80", + "tcp.port": "47403", + "tcp.stream": "43", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bd1c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003616000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:59.564653000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494039.564653000", + "frame.time_delta": "0.000386000", + "frame.time_delta_displayed": "0.000386000", + "frame.time_relative": "448.103967000", + "frame.number": "1161", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000aa41", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000a65", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47403", + "tcp.port": "80", + "tcp.port": "47403", + "tcp.stream": "43", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000f86", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003616000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1160", + "tcp.segment": "1161", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001601000", + "http.request_in": "1158", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:59.566981000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494039.566981000", + "frame.time_delta": "0.002328000", + "frame.time_delta_displayed": "0.002328000", + "frame.time_relative": "448.106295000", + "frame.number": "1162", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000bd7f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fb09", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47403", + "tcp.dstport": "80", + "tcp.port": "47403", + "tcp.port": "80", + "tcp.stream": "43", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008a5b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1160", + "tcp.analysis.ack_rtt": "0.002714000", + "tcp.analysis.initial_rtt": "0.003616000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:59.770805000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494039.770805000", + "frame.time_delta": "0.203824000", + "frame.time_delta_displayed": "0.203824000", + "frame.time_relative": "448.310119000", + "frame.number": "1163", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000aa42", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000a64", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47403", + "tcp.port": "80", + "tcp.port": "47403", + "tcp.stream": "43", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000f86", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003616000", + "tcp.analysis.bytes_in_flight": "996", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.retransmission": "", + "_ws.expert.message": "This frame is a (suspected) retransmission", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + }, + "tcp.analysis.rto": "0.206152000", + "tcp.analysis.rto_frame": "1161" + } + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:59.774254000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494039.774254000", + "frame.time_delta": "0.003449000", + "frame.time_delta_displayed": "0.003449000", + "frame.time_relative": "448.313568000", + "frame.number": "1164", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000bd80", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fb08", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47403", + "tcp.dstport": "80", + "tcp.port": "47403", + "tcp.port": "80", + "tcp.stream": "43", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008670", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1161", + "tcp.analysis.ack_rtt": "0.209601000", + "tcp.analysis.initial_rtt": "0.003616000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:59.774305000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494039.774305000", + "frame.time_delta": "0.000051000", + "frame.time_delta_displayed": "0.000051000", + "frame.time_relative": "448.313619000", + "frame.number": "1165", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000bd81", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fafb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47403", + "tcp.dstport": "80", + "tcp.port": "47403", + "tcp.port": "80", + "tcp.stream": "43", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000081db", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:59:b6:8b:96:59:b6:8f:7a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003616000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "1164", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:59.774921000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494039.774921000", + "frame.time_delta": "0.000616000", + "frame.time_delta_displayed": "0.000616000", + "frame.time_relative": "448.314235000", + "frame.number": "1166", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000bd82", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fb06", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47403", + "tcp.dstport": "80", + "tcp.port": "47403", + "tcp.port": "80", + "tcp.stream": "43", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000866f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:59.775344000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494039.775344000", + "frame.time_delta": "0.000423000", + "frame.time_delta_displayed": "0.000423000", + "frame.time_relative": "448.314658000", + "frame.number": "1167", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d694", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e1f4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47403", + "tcp.port": "80", + "tcp.port": "47403", + "tcp.stream": "43", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007905", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1166", + "tcp.analysis.ack_rtt": "0.000423000", + "tcp.analysis.initial_rtt": "0.003616000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:53:59.778734000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494039.778734000", + "frame.time_delta": "0.003390000", + "frame.time_delta_displayed": "0.003390000", + "frame.time_relative": "448.318048000", + "frame.number": "1168", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e794", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d0f4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47403", + "tcp.dstport": "80", + "tcp.port": "47403", + "tcp.port": "80", + "tcp.stream": "43", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000710a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.325267000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.325267000", + "frame.time_delta": "0.546533000", + "frame.time_delta_displayed": "0.546533000", + "frame.time_relative": "448.864581000", + "frame.number": "1169", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000092a8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000024b9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "1154" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.330975000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.330975000", + "frame.time_delta": "0.005708000", + "frame.time_delta_displayed": "0.005708000", + "frame.time_relative": "448.870289000", + "frame.number": "1170", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000094ea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000238b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47405", + "tcp.dstport": "80", + "tcp.port": "47405", + "tcp.port": "80", + "tcp.stream": "44", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x000081d2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:02:c9:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918217, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918217", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.331530000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.331530000", + "frame.time_delta": "0.000555000", + "frame.time_delta_displayed": "0.000555000", + "frame.time_relative": "448.870844000", + "frame.number": "1171", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47405", + "tcp.port": "80", + "tcp.port": "47405", + "tcp.stream": "44", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000088db", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1170", + "tcp.analysis.ack_rtt": "0.000555000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.334826000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.334826000", + "frame.time_delta": "0.003296000", + "frame.time_delta_displayed": "0.003296000", + "frame.time_relative": "448.874140000", + "frame.number": "1172", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000094eb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000239e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47405", + "tcp.dstport": "80", + "tcp.port": "47405", + "tcp.port": "80", + "tcp.stream": "44", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003a63", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1171", + "tcp.analysis.ack_rtt": "0.003296000", + "tcp.analysis.initial_rtt": "0.003851000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.335685000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.335685000", + "frame.time_delta": "0.000859000", + "frame.time_delta_displayed": "0.000859000", + "frame.time_relative": "448.874999000", + "frame.number": "1173", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000094ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000022dd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47405", + "tcp.dstport": "80", + "tcp.port": "47405", + "tcp.port": "80", + "tcp.stream": "44", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000099dd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003851000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.336179000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.336179000", + "frame.time_delta": "0.000494000", + "frame.time_delta_displayed": "0.000494000", + "frame.time_relative": "448.875493000", + "frame.number": "1174", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000aae7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000da2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47405", + "tcp.port": "80", + "tcp.port": "47405", + "tcp.stream": "44", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002c32", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1173", + "tcp.analysis.ack_rtt": "0.000494000", + "tcp.analysis.initial_rtt": "0.003851000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.336825000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.336825000", + "frame.time_delta": "0.000646000", + "frame.time_delta_displayed": "0.000646000", + "frame.time_relative": "448.876139000", + "frame.number": "1175", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000aae8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000d90", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47405", + "tcp.port": "80", + "tcp.port": "47405", + "tcp.stream": "44", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006c53", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003851000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.337176000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.337176000", + "frame.time_delta": "0.000351000", + "frame.time_delta_displayed": "0.000351000", + "frame.time_relative": "448.876490000", + "frame.number": "1176", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000aae9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000009bd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47405", + "tcp.port": "80", + "tcp.port": "47405", + "tcp.stream": "44", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bebc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003851000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1175", + "tcp.segment": "1176", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001491000", + "http.request_in": "1173", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.340793000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.340793000", + "frame.time_delta": "0.003617000", + "frame.time_delta_displayed": "0.003617000", + "frame.time_relative": "448.880107000", + "frame.number": "1177", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000aaea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000009bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47405", + "tcp.port": "80", + "tcp.port": "47405", + "tcp.stream": "44", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bebc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003851000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.341373000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.341373000", + "frame.time_delta": "0.000580000", + "frame.time_delta_displayed": "0.000580000", + "frame.time_relative": "448.880687000", + "frame.number": "1178", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000094ed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000239c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47405", + "tcp.dstport": "80", + "tcp.port": "47405", + "tcp.port": "80", + "tcp.stream": "44", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003992", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1175", + "tcp.analysis.ack_rtt": "0.004548000", + "tcp.analysis.initial_rtt": "0.003851000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.344646000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.344646000", + "frame.time_delta": "0.003273000", + "frame.time_delta_displayed": "0.003273000", + "frame.time_relative": "448.883960000", + "frame.number": "1179", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000094ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000239b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47405", + "tcp.dstport": "80", + "tcp.port": "47405", + "tcp.port": "80", + "tcp.stream": "44", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000035a7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1176", + "tcp.analysis.ack_rtt": "0.007470000", + "tcp.analysis.initial_rtt": "0.003851000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.344688000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.344688000", + "frame.time_delta": "0.000042000", + "frame.time_delta_displayed": "0.000042000", + "frame.time_relative": "448.884002000", + "frame.number": "1180", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000094ef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000238e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47405", + "tcp.dstport": "80", + "tcp.port": "47405", + "tcp.port": "80", + "tcp.stream": "44", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009a02", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:27:e3:88:f1:27:e3:8c:d5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003851000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "1179", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.345358000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.345358000", + "frame.time_delta": "0.000670000", + "frame.time_delta_displayed": "0.000670000", + "frame.time_relative": "448.884672000", + "frame.number": "1181", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000094f0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002399", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47405", + "tcp.dstport": "80", + "tcp.port": "47405", + "tcp.port": "80", + "tcp.stream": "44", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000035a6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.345800000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.345800000", + "frame.time_delta": "0.000442000", + "frame.time_delta_displayed": "0.000442000", + "frame.time_relative": "448.885114000", + "frame.number": "1182", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d6ba", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e1ce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47405", + "tcp.port": "80", + "tcp.port": "47405", + "tcp.stream": "44", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000283c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1181", + "tcp.analysis.ack_rtt": "0.000442000", + "tcp.analysis.initial_rtt": "0.003851000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.349824000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.349824000", + "frame.time_delta": "0.004024000", + "frame.time_delta_displayed": "0.004024000", + "frame.time_relative": "448.889138000", + "frame.number": "1183", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e7be", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d0ca", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47405", + "tcp.dstport": "80", + "tcp.port": "47405", + "tcp.port": "80", + "tcp.stream": "44", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ebc8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.378138000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.378138000", + "frame.time_delta": "0.028314000", + "frame.time_delta_displayed": "0.028314000", + "frame.time_relative": "448.917452000", + "frame.number": "1184", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000092ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000024ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "1169" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.383936000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.383936000", + "frame.time_delta": "0.005798000", + "frame.time_delta_displayed": "0.005798000", + "frame.time_relative": "448.923250000", + "frame.number": "1185", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000e847", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d02d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47406", + "tcp.dstport": "80", + "tcp.port": "47406", + "tcp.port": "80", + "tcp.stream": "45", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00004411", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:02:cf:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918223, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918223", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.384468000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.384468000", + "frame.time_delta": "0.000532000", + "frame.time_delta_displayed": "0.000532000", + "frame.time_relative": "448.923782000", + "frame.number": "1186", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47406", + "tcp.port": "80", + "tcp.port": "47406", + "tcp.stream": "45", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000d637", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1185", + "tcp.analysis.ack_rtt": "0.000532000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.387824000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.387824000", + "frame.time_delta": "0.003356000", + "frame.time_delta_displayed": "0.003356000", + "frame.time_relative": "448.927138000", + "frame.number": "1187", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e848", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d040", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47406", + "tcp.dstport": "80", + "tcp.port": "47406", + "tcp.port": "80", + "tcp.stream": "45", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000087bf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1186", + "tcp.analysis.ack_rtt": "0.003356000", + "tcp.analysis.initial_rtt": "0.003888000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.387950000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.387950000", + "frame.time_delta": "0.000126000", + "frame.time_delta_displayed": "0.000126000", + "frame.time_relative": "448.927264000", + "frame.number": "1188", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000e849", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cf7f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47406", + "tcp.dstport": "80", + "tcp.port": "47406", + "tcp.port": "80", + "tcp.stream": "45", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e739", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003888000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.388389000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.388389000", + "frame.time_delta": "0.000439000", + "frame.time_delta_displayed": "0.000439000", + "frame.time_relative": "448.927703000", + "frame.number": "1189", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001ac3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009dc6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47406", + "tcp.port": "80", + "tcp.port": "47406", + "tcp.stream": "45", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000798e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1188", + "tcp.analysis.ack_rtt": "0.000439000", + "tcp.analysis.initial_rtt": "0.003888000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.389107000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.389107000", + "frame.time_delta": "0.000718000", + "frame.time_delta_displayed": "0.000718000", + "frame.time_relative": "448.928421000", + "frame.number": "1190", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00001ac4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009db4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47406", + "tcp.port": "80", + "tcp.port": "47406", + "tcp.stream": "45", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b9af", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003888000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.389466000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.389466000", + "frame.time_delta": "0.000359000", + "frame.time_delta_displayed": "0.000359000", + "frame.time_relative": "448.928780000", + "frame.number": "1191", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00001ac5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000099e1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47406", + "tcp.port": "80", + "tcp.port": "47406", + "tcp.stream": "45", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000c19", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003888000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1190", + "tcp.segment": "1191", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001516000", + "http.request_in": "1188", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.390816000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.390816000", + "frame.time_delta": "0.001350000", + "frame.time_delta_displayed": "0.001350000", + "frame.time_relative": "448.930130000", + "frame.number": "1192", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00001ac6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000099e0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47406", + "tcp.port": "80", + "tcp.port": "47406", + "tcp.stream": "45", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000c19", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003888000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.392596000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.392596000", + "frame.time_delta": "0.001780000", + "frame.time_delta_displayed": "0.001780000", + "frame.time_relative": "448.931910000", + "frame.number": "1193", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e84a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d03e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47406", + "tcp.dstport": "80", + "tcp.port": "47406", + "tcp.port": "80", + "tcp.stream": "45", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000086ee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1190", + "tcp.analysis.ack_rtt": "0.003489000", + "tcp.analysis.initial_rtt": "0.003888000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.392644000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.392644000", + "frame.time_delta": "0.000048000", + "frame.time_delta_displayed": "0.000048000", + "frame.time_relative": "448.931958000", + "frame.number": "1194", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e84b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d03d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47406", + "tcp.dstport": "80", + "tcp.port": "47406", + "tcp.port": "80", + "tcp.stream": "45", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008303", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1191", + "tcp.analysis.ack_rtt": "0.003178000", + "tcp.analysis.initial_rtt": "0.003888000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.393372000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.393372000", + "frame.time_delta": "0.000728000", + "frame.time_delta_displayed": "0.000728000", + "frame.time_relative": "448.932686000", + "frame.number": "1195", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e84c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d03c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47406", + "tcp.dstport": "80", + "tcp.port": "47406", + "tcp.port": "80", + "tcp.stream": "45", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008302", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.393493000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.393493000", + "frame.time_delta": "0.000121000", + "frame.time_delta_displayed": "0.000121000", + "frame.time_relative": "448.932807000", + "frame.number": "1196", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e7c3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d0c5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47406", + "tcp.dstport": "80", + "tcp.port": "47406", + "tcp.port": "80", + "tcp.stream": "45", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ae0e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.393806000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.393806000", + "frame.time_delta": "0.000313000", + "frame.time_delta_displayed": "0.000313000", + "frame.time_relative": "448.933120000", + "frame.number": "1197", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d6be", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e1ca", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47406", + "tcp.port": "80", + "tcp.port": "47406", + "tcp.stream": "45", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007598", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1195", + "tcp.analysis.ack_rtt": "0.000434000", + "tcp.analysis.initial_rtt": "0.003888000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.397082000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.397082000", + "frame.time_delta": "0.003276000", + "frame.time_delta_displayed": "0.003276000", + "frame.time_relative": "448.936396000", + "frame.number": "1198", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e7c4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d0c4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47406", + "tcp.dstport": "80", + "tcp.port": "47406", + "tcp.port": "80", + "tcp.stream": "45", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ae0d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.431995000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.431995000", + "frame.time_delta": "0.034913000", + "frame.time_delta_displayed": "0.034913000", + "frame.time_relative": "448.971309000", + "frame.number": "1199", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000092ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000024b1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "1184" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.439775000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.439775000", + "frame.time_delta": "0.007780000", + "frame.time_delta_displayed": "0.007780000", + "frame.time_relative": "448.979089000", + "frame.number": "1200", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00004eab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000069ca", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47407", + "tcp.dstport": "80", + "tcp.port": "47407", + "tcp.port": "80", + "tcp.stream": "46", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000e0c5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:02:d4:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918228, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918228", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.440308000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.440308000", + "frame.time_delta": "0.000533000", + "frame.time_delta_displayed": "0.000533000", + "frame.time_relative": "448.979622000", + "frame.number": "1201", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47407", + "tcp.port": "80", + "tcp.port": "47407", + "tcp.stream": "46", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000ce53", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1200", + "tcp.analysis.ack_rtt": "0.000533000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.444927000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.444927000", + "frame.time_delta": "0.004619000", + "frame.time_delta_displayed": "0.004619000", + "frame.time_relative": "448.984241000", + "frame.number": "1202", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004eac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000069dd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47407", + "tcp.dstport": "80", + "tcp.port": "47407", + "tcp.port": "80", + "tcp.stream": "46", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007fdb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1201", + "tcp.analysis.ack_rtt": "0.004619000", + "tcp.analysis.initial_rtt": "0.005152000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.445414000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.445414000", + "frame.time_delta": "0.000487000", + "frame.time_delta_displayed": "0.000487000", + "frame.time_relative": "448.984728000", + "frame.number": "1203", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00004ead", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000691c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47407", + "tcp.dstport": "80", + "tcp.port": "47407", + "tcp.port": "80", + "tcp.stream": "46", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000df55", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005152000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.445888000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.445888000", + "frame.time_delta": "0.000474000", + "frame.time_delta_displayed": "0.000474000", + "frame.time_relative": "448.985202000", + "frame.number": "1204", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a357", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001532", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47407", + "tcp.port": "80", + "tcp.port": "47407", + "tcp.stream": "46", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000071aa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1203", + "tcp.analysis.ack_rtt": "0.000474000", + "tcp.analysis.initial_rtt": "0.005152000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.446558000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.446558000", + "frame.time_delta": "0.000670000", + "frame.time_delta_displayed": "0.000670000", + "frame.time_relative": "448.985872000", + "frame.number": "1205", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000a358", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001520", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47407", + "tcp.port": "80", + "tcp.port": "47407", + "tcp.stream": "46", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b1cb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005152000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.446903000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.446903000", + "frame.time_delta": "0.000345000", + "frame.time_delta_displayed": "0.000345000", + "frame.time_relative": "448.986217000", + "frame.number": "1206", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000a359", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000114d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47407", + "tcp.port": "80", + "tcp.port": "47407", + "tcp.stream": "46", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000435", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005152000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1205", + "tcp.segment": "1206", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001489000", + "http.request_in": "1203", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.451845000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.451845000", + "frame.time_delta": "0.004942000", + "frame.time_delta_displayed": "0.004942000", + "frame.time_relative": "448.991159000", + "frame.number": "1207", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004eae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000069db", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47407", + "tcp.dstport": "80", + "tcp.port": "47407", + "tcp.port": "80", + "tcp.stream": "46", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007f0a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1205", + "tcp.analysis.ack_rtt": "0.005287000", + "tcp.analysis.initial_rtt": "0.005152000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.451896000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.451896000", + "frame.time_delta": "0.000051000", + "frame.time_delta_displayed": "0.000051000", + "frame.time_relative": "448.991210000", + "frame.number": "1208", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004eaf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000069da", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47407", + "tcp.dstport": "80", + "tcp.port": "47407", + "tcp.port": "80", + "tcp.stream": "46", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007b1f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1206", + "tcp.analysis.ack_rtt": "0.004993000", + "tcp.analysis.initial_rtt": "0.005152000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.452518000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.452518000", + "frame.time_delta": "0.000622000", + "frame.time_delta_displayed": "0.000622000", + "frame.time_relative": "448.991832000", + "frame.number": "1209", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004eb0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000069d9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47407", + "tcp.dstport": "80", + "tcp.port": "47407", + "tcp.port": "80", + "tcp.stream": "46", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007b1e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.453108000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.453108000", + "frame.time_delta": "0.000590000", + "frame.time_delta_displayed": "0.000590000", + "frame.time_relative": "448.992422000", + "frame.number": "1210", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d6c3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e1c5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47407", + "tcp.port": "80", + "tcp.port": "47407", + "tcp.stream": "46", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006db4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1209", + "tcp.analysis.ack_rtt": "0.000590000", + "tcp.analysis.initial_rtt": "0.005152000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.457505000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.457505000", + "frame.time_delta": "0.004397000", + "frame.time_delta_displayed": "0.004397000", + "frame.time_relative": "448.996819000", + "frame.number": "1211", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e7c7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d0c1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47407", + "tcp.dstport": "80", + "tcp.port": "47407", + "tcp.port": "80", + "tcp.stream": "46", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004ac7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.905717000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.905717000", + "frame.time_delta": "0.448212000", + "frame.time_delta_displayed": "0.448212000", + "frame.time_relative": "449.445031000", + "frame.number": "1212", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000092be", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000024a3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "25", + "http.prev_response_in": "1199" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.935933000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.935933000", + "frame.time_delta": "0.030216000", + "frame.time_delta_displayed": "0.030216000", + "frame.time_relative": "449.475247000", + "frame.number": "1213", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000007ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b0c8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47408", + "tcp.dstport": "80", + "tcp.port": "47408", + "tcp.port": "80", + "tcp.stream": "47", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00001c5e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:03:06:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918278, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918278", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.936481000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.936481000", + "frame.time_delta": "0.000548000", + "frame.time_delta_displayed": "0.000548000", + "frame.time_relative": "449.475795000", + "frame.number": "1214", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47408", + "tcp.port": "80", + "tcp.port": "47408", + "tcp.stream": "47", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000f486", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1213", + "tcp.analysis.ack_rtt": "0.000548000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.941139000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.941139000", + "frame.time_delta": "0.004658000", + "frame.time_delta_displayed": "0.004658000", + "frame.time_relative": "449.480453000", + "frame.number": "1215", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000007ae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b0db", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47408", + "tcp.dstport": "80", + "tcp.port": "47408", + "tcp.port": "80", + "tcp.stream": "47", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a60e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1214", + "tcp.analysis.ack_rtt": "0.004658000", + "tcp.analysis.initial_rtt": "0.005206000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.941269000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.941269000", + "frame.time_delta": "0.000130000", + "frame.time_delta_displayed": "0.000130000", + "frame.time_relative": "449.480583000", + "frame.number": "1216", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000007af", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b01a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47408", + "tcp.dstport": "80", + "tcp.port": "47408", + "tcp.port": "80", + "tcp.stream": "47", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000589", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005206000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.941723000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.941723000", + "frame.time_delta": "0.000454000", + "frame.time_delta_displayed": "0.000454000", + "frame.time_relative": "449.481037000", + "frame.number": "1217", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000df41", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d947", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47408", + "tcp.port": "80", + "tcp.port": "47408", + "tcp.stream": "47", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000097dd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1216", + "tcp.analysis.ack_rtt": "0.000454000", + "tcp.analysis.initial_rtt": "0.005206000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.942413000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.942413000", + "frame.time_delta": "0.000690000", + "frame.time_delta_displayed": "0.000690000", + "frame.time_relative": "449.481727000", + "frame.number": "1218", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000df42", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d935", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47408", + "tcp.port": "80", + "tcp.port": "47408", + "tcp.stream": "47", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d7fe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005206000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.942804000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.942804000", + "frame.time_delta": "0.000391000", + "frame.time_delta_displayed": "0.000391000", + "frame.time_relative": "449.482118000", + "frame.number": "1219", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000df43", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d562", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47408", + "tcp.port": "80", + "tcp.port": "47408", + "tcp.stream": "47", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002a68", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005206000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1218", + "tcp.segment": "1219", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001535000", + "http.request_in": "1216", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.945663000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.945663000", + "frame.time_delta": "0.002859000", + "frame.time_delta_displayed": "0.002859000", + "frame.time_relative": "449.484977000", + "frame.number": "1220", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000007b0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b0d9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47408", + "tcp.dstport": "80", + "tcp.port": "47408", + "tcp.port": "80", + "tcp.stream": "47", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a53d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1218", + "tcp.analysis.ack_rtt": "0.003250000", + "tcp.analysis.initial_rtt": "0.005206000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.947219000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.947219000", + "frame.time_delta": "0.001556000", + "frame.time_delta_displayed": "0.001556000", + "frame.time_relative": "449.486533000", + "frame.number": "1221", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000007b1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b0d8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47408", + "tcp.dstport": "80", + "tcp.port": "47408", + "tcp.port": "80", + "tcp.stream": "47", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a152", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1219", + "tcp.analysis.ack_rtt": "0.004415000", + "tcp.analysis.initial_rtt": "0.005206000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.948171000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.948171000", + "frame.time_delta": "0.000952000", + "frame.time_delta_displayed": "0.000952000", + "frame.time_relative": "449.487485000", + "frame.number": "1222", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000007b2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b0d7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47408", + "tcp.dstport": "80", + "tcp.port": "47408", + "tcp.port": "80", + "tcp.stream": "47", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a151", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.948620000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.948620000", + "frame.time_delta": "0.000449000", + "frame.time_delta_displayed": "0.000449000", + "frame.time_relative": "449.487934000", + "frame.number": "1223", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d6e0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e1a8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47408", + "tcp.port": "80", + "tcp.port": "47408", + "tcp.stream": "47", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000093e7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1222", + "tcp.analysis.ack_rtt": "0.000449000", + "tcp.analysis.initial_rtt": "0.005206000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.951833000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.951833000", + "frame.time_delta": "0.003213000", + "frame.time_delta_displayed": "0.003213000", + "frame.time_relative": "449.491147000", + "frame.number": "1224", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e7c8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d0c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47408", + "tcp.dstport": "80", + "tcp.port": "47408", + "tcp.port": "80", + "tcp.stream": "47", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008691", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.958996000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.958996000", + "frame.time_delta": "0.007163000", + "frame.time_delta_displayed": "0.007163000", + "frame.time_relative": "449.498310000", + "frame.number": "1225", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000092c2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002496", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "26", + "http.prev_response_in": "1212" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.966066000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.966066000", + "frame.time_delta": "0.007070000", + "frame.time_delta_displayed": "0.007070000", + "frame.time_relative": "449.505380000", + "frame.number": "1226", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000c86a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f00a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47409", + "tcp.dstport": "80", + "tcp.port": "47409", + "tcp.port": "80", + "tcp.stream": "48", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x000045fb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:03:09:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918281, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918281", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.966602000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.966602000", + "frame.time_delta": "0.000536000", + "frame.time_delta_displayed": "0.000536000", + "frame.time_relative": "449.505916000", + "frame.number": "1227", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47409", + "tcp.port": "80", + "tcp.port": "47409", + "tcp.stream": "48", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00005d6e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1226", + "tcp.analysis.ack_rtt": "0.000536000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.969674000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.969674000", + "frame.time_delta": "0.003072000", + "frame.time_delta_displayed": "0.003072000", + "frame.time_relative": "449.508988000", + "frame.number": "1228", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c86b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f01d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47409", + "tcp.dstport": "80", + "tcp.port": "47409", + "tcp.port": "80", + "tcp.stream": "48", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000ef6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1227", + "tcp.analysis.ack_rtt": "0.003072000", + "tcp.analysis.initial_rtt": "0.003608000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.969818000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.969818000", + "frame.time_delta": "0.000144000", + "frame.time_delta_displayed": "0.000144000", + "frame.time_relative": "449.509132000", + "frame.number": "1229", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000c86c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ef5c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47409", + "tcp.dstport": "80", + "tcp.port": "47409", + "tcp.port": "80", + "tcp.stream": "48", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006e70", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003608000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.970241000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.970241000", + "frame.time_delta": "0.000423000", + "frame.time_delta_displayed": "0.000423000", + "frame.time_relative": "449.509555000", + "frame.number": "1230", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f47e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c40a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47409", + "tcp.port": "80", + "tcp.port": "47409", + "tcp.stream": "48", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000000c5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1229", + "tcp.analysis.ack_rtt": "0.000423000", + "tcp.analysis.initial_rtt": "0.003608000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.971014000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.971014000", + "frame.time_delta": "0.000773000", + "frame.time_delta_displayed": "0.000773000", + "frame.time_relative": "449.510328000", + "frame.number": "1231", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000f47f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c3f8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47409", + "tcp.port": "80", + "tcp.port": "47409", + "tcp.stream": "48", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000040e6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003608000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.971428000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.971428000", + "frame.time_delta": "0.000414000", + "frame.time_delta_displayed": "0.000414000", + "frame.time_relative": "449.510742000", + "frame.number": "1232", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000f480", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c025", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47409", + "tcp.port": "80", + "tcp.port": "47409", + "tcp.stream": "48", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000934f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003608000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1231", + "tcp.segment": "1232", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001610000", + "http.request_in": "1229", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.979141000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.979141000", + "frame.time_delta": "0.007713000", + "frame.time_delta_displayed": "0.007713000", + "frame.time_relative": "449.518455000", + "frame.number": "1233", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c86d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f01b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47409", + "tcp.dstport": "80", + "tcp.port": "47409", + "tcp.port": "80", + "tcp.stream": "48", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000e25", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1231", + "tcp.analysis.ack_rtt": "0.008127000", + "tcp.analysis.initial_rtt": "0.003608000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.979275000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.979275000", + "frame.time_delta": "0.000134000", + "frame.time_delta_displayed": "0.000134000", + "frame.time_relative": "449.518589000", + "frame.number": "1234", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c86e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f01a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47409", + "tcp.dstport": "80", + "tcp.port": "47409", + "tcp.port": "80", + "tcp.stream": "48", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000a3a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1232", + "tcp.analysis.ack_rtt": "0.007847000", + "tcp.analysis.initial_rtt": "0.003608000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.980419000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.980419000", + "frame.time_delta": "0.001144000", + "frame.time_delta_displayed": "0.001144000", + "frame.time_relative": "449.519733000", + "frame.number": "1235", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c86f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f019", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47409", + "tcp.dstport": "80", + "tcp.port": "47409", + "tcp.port": "80", + "tcp.stream": "48", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000a39", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.980897000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.980897000", + "frame.time_delta": "0.000478000", + "frame.time_delta_displayed": "0.000478000", + "frame.time_relative": "449.520211000", + "frame.number": "1236", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d6e1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e1a7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47409", + "tcp.port": "80", + "tcp.port": "47409", + "tcp.stream": "48", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000fcce", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1235", + "tcp.analysis.ack_rtt": "0.000478000", + "tcp.analysis.initial_rtt": "0.003608000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:00.985250000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494040.985250000", + "frame.time_delta": "0.004353000", + "frame.time_delta_displayed": "0.004353000", + "frame.time_relative": "449.524564000", + "frame.number": "1237", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e7c9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d0bf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47409", + "tcp.dstport": "80", + "tcp.port": "47409", + "tcp.port": "80", + "tcp.stream": "48", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b031", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:01.011966000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494041.011966000", + "frame.time_delta": "0.026716000", + "frame.time_delta_displayed": "0.026716000", + "frame.time_relative": "449.551280000", + "frame.number": "1238", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000092c3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000249b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "27", + "http.prev_response_in": "1225" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:01.020925000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494041.020925000", + "frame.time_delta": "0.008959000", + "frame.time_delta_displayed": "0.008959000", + "frame.time_relative": "449.560239000", + "frame.number": "1239", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000353a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000833b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47410", + "tcp.dstport": "80", + "tcp.port": "47410", + "tcp.port": "80", + "tcp.stream": "49", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00003e26", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:03:0e:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918286, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918286", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:01.021459000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494041.021459000", + "frame.time_delta": "0.000534000", + "frame.time_delta_displayed": "0.000534000", + "frame.time_relative": "449.560773000", + "frame.number": "1240", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47410", + "tcp.port": "80", + "tcp.port": "47410", + "tcp.stream": "49", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000e622", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1239", + "tcp.analysis.ack_rtt": "0.000534000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:01.025409000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494041.025409000", + "frame.time_delta": "0.003950000", + "frame.time_delta_displayed": "0.003950000", + "frame.time_relative": "449.564723000", + "frame.number": "1241", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000353b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000834e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47410", + "tcp.dstport": "80", + "tcp.port": "47410", + "tcp.port": "80", + "tcp.stream": "49", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000097aa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1240", + "tcp.analysis.ack_rtt": "0.003950000", + "tcp.analysis.initial_rtt": "0.004484000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:01.025528000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494041.025528000", + "frame.time_delta": "0.000119000", + "frame.time_delta_displayed": "0.000119000", + "frame.time_relative": "449.564842000", + "frame.number": "1242", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000353c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000828d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47410", + "tcp.dstport": "80", + "tcp.port": "47410", + "tcp.port": "80", + "tcp.stream": "49", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f724", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004484000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:01.025969000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494041.025969000", + "frame.time_delta": "0.000441000", + "frame.time_delta_displayed": "0.000441000", + "frame.time_relative": "449.565283000", + "frame.number": "1243", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000df71", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d917", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47410", + "tcp.port": "80", + "tcp.port": "47410", + "tcp.stream": "49", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008979", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1242", + "tcp.analysis.ack_rtt": "0.000441000", + "tcp.analysis.initial_rtt": "0.004484000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:01.026650000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494041.026650000", + "frame.time_delta": "0.000681000", + "frame.time_delta_displayed": "0.000681000", + "frame.time_relative": "449.565964000", + "frame.number": "1244", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000df72", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d905", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47410", + "tcp.port": "80", + "tcp.port": "47410", + "tcp.stream": "49", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c99a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004484000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:01.027093000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494041.027093000", + "frame.time_delta": "0.000443000", + "frame.time_delta_displayed": "0.000443000", + "frame.time_relative": "449.566407000", + "frame.number": "1245", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000df73", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d532", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47410", + "tcp.port": "80", + "tcp.port": "47410", + "tcp.stream": "49", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001c04", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004484000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1244", + "tcp.segment": "1245", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001565000", + "http.request_in": "1242", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:01.030791000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494041.030791000", + "frame.time_delta": "0.003698000", + "frame.time_delta_displayed": "0.003698000", + "frame.time_relative": "449.570105000", + "frame.number": "1246", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000df74", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d531", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47410", + "tcp.port": "80", + "tcp.port": "47410", + "tcp.stream": "49", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001c04", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004484000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:01.031323000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494041.031323000", + "frame.time_delta": "0.000532000", + "frame.time_delta_displayed": "0.000532000", + "frame.time_relative": "449.570637000", + "frame.number": "1247", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000353d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000834c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47410", + "tcp.dstport": "80", + "tcp.port": "47410", + "tcp.port": "80", + "tcp.stream": "49", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000096d9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1244", + "tcp.analysis.ack_rtt": "0.004673000", + "tcp.analysis.initial_rtt": "0.004484000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:01.031370000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494041.031370000", + "frame.time_delta": "0.000047000", + "frame.time_delta_displayed": "0.000047000", + "frame.time_relative": "449.570684000", + "frame.number": "1248", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000353e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000834b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47410", + "tcp.dstport": "80", + "tcp.port": "47410", + "tcp.port": "80", + "tcp.stream": "49", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000092ee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1245", + "tcp.analysis.ack_rtt": "0.004277000", + "tcp.analysis.initial_rtt": "0.004484000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:01.032062000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494041.032062000", + "frame.time_delta": "0.000692000", + "frame.time_delta_displayed": "0.000692000", + "frame.time_relative": "449.571376000", + "frame.number": "1249", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000353f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000834a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47410", + "tcp.dstport": "80", + "tcp.port": "47410", + "tcp.port": "80", + "tcp.stream": "49", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000092ed", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:01.032484000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494041.032484000", + "frame.time_delta": "0.000422000", + "frame.time_delta_displayed": "0.000422000", + "frame.time_relative": "449.571798000", + "frame.number": "1250", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d6e3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e1a5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47410", + "tcp.port": "80", + "tcp.port": "47410", + "tcp.stream": "49", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008583", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1249", + "tcp.analysis.ack_rtt": "0.000422000", + "tcp.analysis.initial_rtt": "0.004484000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:01.034656000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494041.034656000", + "frame.time_delta": "0.002172000", + "frame.time_delta_displayed": "0.002172000", + "frame.time_relative": "449.573970000", + "frame.number": "1251", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e7cd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d0bb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47410", + "tcp.dstport": "80", + "tcp.port": "47410", + "tcp.port": "80", + "tcp.stream": "49", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a862", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:01.035172000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494041.035172000", + "frame.time_delta": "0.000516000", + "frame.time_delta_displayed": "0.000516000", + "frame.time_relative": "449.574486000", + "frame.number": "1252", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e7ce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d0ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47410", + "tcp.dstport": "80", + "tcp.port": "47410", + "tcp.port": "80", + "tcp.stream": "49", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a861", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:01.959964000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494041.959964000", + "frame.time_delta": "0.924792000", + "frame.time_delta_displayed": "0.924792000", + "frame.time_relative": "450.499278000", + "frame.number": "1253", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000092fa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002467", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "28", + "http.prev_response_in": "1238" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:01.999113000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494041.999113000", + "frame.time_delta": "0.039149000", + "frame.time_delta_displayed": "0.039149000", + "frame.time_relative": "450.538427000", + "frame.number": "1254", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00002ea7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000089ce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47411", + "tcp.dstport": "80", + "tcp.port": "47411", + "tcp.port": "80", + "tcp.stream": "50", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00004b8d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:03:70:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918384, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918384", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:01.999682000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494041.999682000", + "frame.time_delta": "0.000569000", + "frame.time_delta_displayed": "0.000569000", + "frame.time_relative": "450.538996000", + "frame.number": "1255", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47411", + "tcp.port": "80", + "tcp.port": "47411", + "tcp.stream": "50", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00006764", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1254", + "tcp.analysis.ack_rtt": "0.000569000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.003599000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.003599000", + "frame.time_delta": "0.003917000", + "frame.time_delta_displayed": "0.003917000", + "frame.time_relative": "450.542913000", + "frame.number": "1256", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002ea8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000089e1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47411", + "tcp.dstport": "80", + "tcp.port": "47411", + "tcp.port": "80", + "tcp.stream": "50", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000018ec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1255", + "tcp.analysis.ack_rtt": "0.003917000", + "tcp.analysis.initial_rtt": "0.004486000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.004072000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.004072000", + "frame.time_delta": "0.000473000", + "frame.time_delta_displayed": "0.000473000", + "frame.time_relative": "450.543386000", + "frame.number": "1257", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00002ea9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008920", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47411", + "tcp.dstport": "80", + "tcp.port": "47411", + "tcp.port": "80", + "tcp.stream": "50", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007866", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004486000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.004559000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.004559000", + "frame.time_delta": "0.000487000", + "frame.time_delta_displayed": "0.000487000", + "frame.time_relative": "450.543873000", + "frame.number": "1258", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ba62", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fe26", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47411", + "tcp.port": "80", + "tcp.port": "47411", + "tcp.stream": "50", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000abb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1257", + "tcp.analysis.ack_rtt": "0.000487000", + "tcp.analysis.initial_rtt": "0.004486000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.005204000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.005204000", + "frame.time_delta": "0.000645000", + "frame.time_delta_displayed": "0.000645000", + "frame.time_relative": "450.544518000", + "frame.number": "1259", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000ba63", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fe14", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47411", + "tcp.port": "80", + "tcp.port": "47411", + "tcp.stream": "50", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004adc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004486000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.005631000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.005631000", + "frame.time_delta": "0.000427000", + "frame.time_delta_displayed": "0.000427000", + "frame.time_relative": "450.544945000", + "frame.number": "1260", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000ba64", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fa41", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47411", + "tcp.port": "80", + "tcp.port": "47411", + "tcp.stream": "50", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009d45", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004486000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1259", + "tcp.segment": "1260", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001559000", + "http.request_in": "1257", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.009025000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.009025000", + "frame.time_delta": "0.003394000", + "frame.time_delta_displayed": "0.003394000", + "frame.time_relative": "450.548339000", + "frame.number": "1261", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002eaa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000089df", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47411", + "tcp.dstport": "80", + "tcp.port": "47411", + "tcp.port": "80", + "tcp.stream": "50", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000181b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1259", + "tcp.analysis.ack_rtt": "0.003821000", + "tcp.analysis.initial_rtt": "0.004486000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.009143000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.009143000", + "frame.time_delta": "0.000118000", + "frame.time_delta_displayed": "0.000118000", + "frame.time_relative": "450.548457000", + "frame.number": "1262", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002eab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000089de", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47411", + "tcp.dstport": "80", + "tcp.port": "47411", + "tcp.port": "80", + "tcp.stream": "50", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001430", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1260", + "tcp.analysis.ack_rtt": "0.003512000", + "tcp.analysis.initial_rtt": "0.004486000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.012290000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.012290000", + "frame.time_delta": "0.003147000", + "frame.time_delta_displayed": "0.003147000", + "frame.time_relative": "450.551604000", + "frame.number": "1263", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002eac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000089dd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47411", + "tcp.dstport": "80", + "tcp.port": "47411", + "tcp.port": "80", + "tcp.stream": "50", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000142f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.012759000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.012759000", + "frame.time_delta": "0.000469000", + "frame.time_delta_displayed": "0.000469000", + "frame.time_relative": "450.552073000", + "frame.number": "1264", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d72e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e15a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47411", + "tcp.port": "80", + "tcp.port": "47411", + "tcp.stream": "50", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000006c5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1263", + "tcp.analysis.ack_rtt": "0.000469000", + "tcp.analysis.initial_rtt": "0.004486000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.012770000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.012770000", + "frame.time_delta": "0.000011000", + "frame.time_delta_displayed": "0.000011000", + "frame.time_relative": "450.552084000", + "frame.number": "1265", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000092fd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000245b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "29", + "http.prev_response_in": "1253" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.016098000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.016098000", + "frame.time_delta": "0.003328000", + "frame.time_delta_displayed": "0.003328000", + "frame.time_relative": "450.555412000", + "frame.number": "1266", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e80e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d07a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47411", + "tcp.dstport": "80", + "tcp.port": "47411", + "tcp.port": "80", + "tcp.stream": "50", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b62a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.020004000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.020004000", + "frame.time_delta": "0.003906000", + "frame.time_delta_displayed": "0.003906000", + "frame.time_relative": "450.559318000", + "frame.number": "1267", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000b6ef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000186", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47412", + "tcp.dstport": "80", + "tcp.port": "47412", + "tcp.port": "80", + "tcp.stream": "51", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00009ac7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:03:72:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918386, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918386", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.020519000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.020519000", + "frame.time_delta": "0.000515000", + "frame.time_delta_displayed": "0.000515000", + "frame.time_relative": "450.559833000", + "frame.number": "1268", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47412", + "tcp.port": "80", + "tcp.port": "47412", + "tcp.stream": "51", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000567b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1267", + "tcp.analysis.ack_rtt": "0.000515000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.025565000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.025565000", + "frame.time_delta": "0.005046000", + "frame.time_delta_displayed": "0.005046000", + "frame.time_relative": "450.564879000", + "frame.number": "1269", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b6f0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000199", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47412", + "tcp.dstport": "80", + "tcp.port": "47412", + "tcp.port": "80", + "tcp.stream": "51", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000803", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1268", + "tcp.analysis.ack_rtt": "0.005046000", + "tcp.analysis.initial_rtt": "0.005561000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.026138000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.026138000", + "frame.time_delta": "0.000573000", + "frame.time_delta_displayed": "0.000573000", + "frame.time_relative": "450.565452000", + "frame.number": "1270", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000b6f1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000000d8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47412", + "tcp.dstport": "80", + "tcp.port": "47412", + "tcp.port": "80", + "tcp.stream": "51", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000677d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005561000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.026630000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.026630000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "450.565944000", + "frame.number": "1271", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000078f3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003f96", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47412", + "tcp.port": "80", + "tcp.port": "47412", + "tcp.stream": "51", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f9d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1270", + "tcp.analysis.ack_rtt": "0.000492000", + "tcp.analysis.initial_rtt": "0.005561000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.027337000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.027337000", + "frame.time_delta": "0.000707000", + "frame.time_delta_displayed": "0.000707000", + "frame.time_relative": "450.566651000", + "frame.number": "1272", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000078f4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003f84", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47412", + "tcp.port": "80", + "tcp.port": "47412", + "tcp.stream": "51", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000039f3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005561000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.027698000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.027698000", + "frame.time_delta": "0.000361000", + "frame.time_delta_displayed": "0.000361000", + "frame.time_relative": "450.567012000", + "frame.number": "1273", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000078f5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003bb1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47412", + "tcp.port": "80", + "tcp.port": "47412", + "tcp.stream": "51", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008c5c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005561000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1272", + "tcp.segment": "1273", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001560000", + "http.request_in": "1270", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.038001000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.038001000", + "frame.time_delta": "0.010303000", + "frame.time_delta_displayed": "0.010303000", + "frame.time_relative": "450.577315000", + "frame.number": "1274", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b6f2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000197", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47412", + "tcp.dstport": "80", + "tcp.port": "47412", + "tcp.port": "80", + "tcp.stream": "51", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000732", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1272", + "tcp.analysis.ack_rtt": "0.010664000", + "tcp.analysis.initial_rtt": "0.005561000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.042509000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.042509000", + "frame.time_delta": "0.004508000", + "frame.time_delta_displayed": "0.004508000", + "frame.time_relative": "450.581823000", + "frame.number": "1275", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b6f3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000196", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47412", + "tcp.dstport": "80", + "tcp.port": "47412", + "tcp.port": "80", + "tcp.stream": "51", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000347", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1273", + "tcp.analysis.ack_rtt": "0.014811000", + "tcp.analysis.initial_rtt": "0.005561000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.042620000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.042620000", + "frame.time_delta": "0.000111000", + "frame.time_delta_displayed": "0.000111000", + "frame.time_relative": "450.581934000", + "frame.number": "1276", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b6f4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000195", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47412", + "tcp.dstport": "80", + "tcp.port": "47412", + "tcp.port": "80", + "tcp.stream": "51", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000346", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.043069000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.043069000", + "frame.time_delta": "0.000449000", + "frame.time_delta_displayed": "0.000449000", + "frame.time_relative": "450.582383000", + "frame.number": "1277", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d72f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e159", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47412", + "tcp.port": "80", + "tcp.port": "47412", + "tcp.stream": "51", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f5db", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1276", + "tcp.analysis.ack_rtt": "0.000449000", + "tcp.analysis.initial_rtt": "0.005561000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.047730000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.047730000", + "frame.time_delta": "0.004661000", + "frame.time_delta_displayed": "0.004661000", + "frame.time_relative": "450.587044000", + "frame.number": "1278", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e810", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d078", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47412", + "tcp.dstport": "80", + "tcp.port": "47412", + "tcp.port": "80", + "tcp.stream": "51", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000567", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.065799000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.065799000", + "frame.time_delta": "0.018069000", + "frame.time_delta_displayed": "0.018069000", + "frame.time_relative": "450.605113000", + "frame.number": "1279", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00009301", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000245d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "30", + "http.prev_response_in": "1265" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.073974000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.073974000", + "frame.time_delta": "0.008175000", + "frame.time_delta_displayed": "0.008175000", + "frame.time_relative": "450.613288000", + "frame.number": "1280", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00003b18", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007d5d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47413", + "tcp.dstport": "80", + "tcp.port": "47413", + "tcp.port": "80", + "tcp.stream": "52", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000d0e9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:03:78:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918392, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918392", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.074506000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.074506000", + "frame.time_delta": "0.000532000", + "frame.time_delta_displayed": "0.000532000", + "frame.time_relative": "450.613820000", + "frame.number": "1281", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47413", + "tcp.port": "80", + "tcp.port": "47413", + "tcp.stream": "52", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00009fb3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1280", + "tcp.analysis.ack_rtt": "0.000532000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.078276000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.078276000", + "frame.time_delta": "0.003770000", + "frame.time_delta_displayed": "0.003770000", + "frame.time_relative": "450.617590000", + "frame.number": "1282", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003b19", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007d70", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47413", + "tcp.dstport": "80", + "tcp.port": "47413", + "tcp.port": "80", + "tcp.stream": "52", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000513b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1281", + "tcp.analysis.ack_rtt": "0.003770000", + "tcp.analysis.initial_rtt": "0.004302000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.078687000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.078687000", + "frame.time_delta": "0.000411000", + "frame.time_delta_displayed": "0.000411000", + "frame.time_relative": "450.618001000", + "frame.number": "1283", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00003b1a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007caf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47413", + "tcp.dstport": "80", + "tcp.port": "47413", + "tcp.port": "80", + "tcp.stream": "52", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b0b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004302000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.079168000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.079168000", + "frame.time_delta": "0.000481000", + "frame.time_delta_displayed": "0.000481000", + "frame.time_relative": "450.618482000", + "frame.number": "1284", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f2a5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c5e3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47413", + "tcp.port": "80", + "tcp.port": "47413", + "tcp.stream": "52", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000430a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1283", + "tcp.analysis.ack_rtt": "0.000481000", + "tcp.analysis.initial_rtt": "0.004302000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.079886000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.079886000", + "frame.time_delta": "0.000718000", + "frame.time_delta_displayed": "0.000718000", + "frame.time_relative": "450.619200000", + "frame.number": "1285", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000f2a6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c5d1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47413", + "tcp.port": "80", + "tcp.port": "47413", + "tcp.stream": "52", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000832b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004302000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.080247000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.080247000", + "frame.time_delta": "0.000361000", + "frame.time_delta_displayed": "0.000361000", + "frame.time_relative": "450.619561000", + "frame.number": "1286", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000f2a7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c1fe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47413", + "tcp.port": "80", + "tcp.port": "47413", + "tcp.stream": "52", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d594", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004302000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1285", + "tcp.segment": "1286", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001560000", + "http.request_in": "1283", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.080857000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.080857000", + "frame.time_delta": "0.000610000", + "frame.time_delta_displayed": "0.000610000", + "frame.time_relative": "450.620171000", + "frame.number": "1287", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000f2a8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c1fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47413", + "tcp.port": "80", + "tcp.port": "47413", + "tcp.stream": "52", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d594", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004302000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.087340000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.087340000", + "frame.time_delta": "0.006483000", + "frame.time_delta_displayed": "0.006483000", + "frame.time_relative": "450.626654000", + "frame.number": "1288", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003b1b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007d6e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47413", + "tcp.dstport": "80", + "tcp.port": "47413", + "tcp.port": "80", + "tcp.stream": "52", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000506a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1285", + "tcp.analysis.ack_rtt": "0.007454000", + "tcp.analysis.initial_rtt": "0.004302000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.087455000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.087455000", + "frame.time_delta": "0.000115000", + "frame.time_delta_displayed": "0.000115000", + "frame.time_relative": "450.626769000", + "frame.number": "1289", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003b1c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007d6d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47413", + "tcp.dstport": "80", + "tcp.port": "47413", + "tcp.port": "80", + "tcp.stream": "52", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004c7f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1286", + "tcp.analysis.ack_rtt": "0.007208000", + "tcp.analysis.initial_rtt": "0.004302000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.087981000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.087981000", + "frame.time_delta": "0.000526000", + "frame.time_delta_displayed": "0.000526000", + "frame.time_relative": "450.627295000", + "frame.number": "1290", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00003b1d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007d60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47413", + "tcp.dstport": "80", + "tcp.port": "47413", + "tcp.port": "80", + "tcp.stream": "52", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003efe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:19:a1:d0:21:19:a1:d4:05", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004302000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "1289", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.090314000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.090314000", + "frame.time_delta": "0.002333000", + "frame.time_delta_displayed": "0.002333000", + "frame.time_relative": "450.629628000", + "frame.number": "1291", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003b1e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007d6b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47413", + "tcp.dstport": "80", + "tcp.port": "47413", + "tcp.port": "80", + "tcp.stream": "52", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004c7e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.090819000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.090819000", + "frame.time_delta": "0.000505000", + "frame.time_delta_displayed": "0.000505000", + "frame.time_relative": "450.630133000", + "frame.number": "1292", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d733", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e155", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47413", + "tcp.port": "80", + "tcp.port": "47413", + "tcp.stream": "52", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003f14", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1291", + "tcp.analysis.ack_rtt": "0.000505000", + "tcp.analysis.initial_rtt": "0.004302000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:02.094289000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494042.094289000", + "frame.time_delta": "0.003470000", + "frame.time_delta_displayed": "0.003470000", + "frame.time_relative": "450.633603000", + "frame.number": "1293", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e813", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d075", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47413", + "tcp.dstport": "80", + "tcp.port": "47413", + "tcp.port": "80", + "tcp.stream": "52", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003b8f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.170121000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.170121000", + "frame.time_delta": "1.075832000", + "frame.time_delta_displayed": "1.075832000", + "frame.time_relative": "451.709435000", + "frame.number": "1294", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000930e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002453", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "31", + "http.prev_response_in": "1279" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.222893000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.222893000", + "frame.time_delta": "0.052772000", + "frame.time_delta_displayed": "0.052772000", + "frame.time_relative": "451.762207000", + "frame.number": "1295", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00009312", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002446", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "32", + "http.prev_response_in": "1294" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.229216000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.229216000", + "frame.time_delta": "0.006323000", + "frame.time_delta_displayed": "0.006323000", + "frame.time_relative": "451.768530000", + "frame.number": "1296", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000dac2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ddb2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47414", + "tcp.dstport": "80", + "tcp.port": "47414", + "tcp.port": "80", + "tcp.stream": "53", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00003ece", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:03:eb:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918507, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918507", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.229763000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.229763000", + "frame.time_delta": "0.000547000", + "frame.time_delta_displayed": "0.000547000", + "frame.time_relative": "451.769077000", + "frame.number": "1297", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47414", + "tcp.port": "80", + "tcp.port": "47414", + "tcp.stream": "53", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000c2a7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1296", + "tcp.analysis.ack_rtt": "0.000547000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.233214000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.233214000", + "frame.time_delta": "0.003451000", + "frame.time_delta_displayed": "0.003451000", + "frame.time_relative": "451.772528000", + "frame.number": "1298", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000dac3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ddc5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47414", + "tcp.dstport": "80", + "tcp.port": "47414", + "tcp.port": "80", + "tcp.stream": "53", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000742f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1297", + "tcp.analysis.ack_rtt": "0.003451000", + "tcp.analysis.initial_rtt": "0.003998000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.233348000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.233348000", + "frame.time_delta": "0.000134000", + "frame.time_delta_displayed": "0.000134000", + "frame.time_relative": "451.772662000", + "frame.number": "1299", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000dac4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dd04", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47414", + "tcp.dstport": "80", + "tcp.port": "47414", + "tcp.port": "80", + "tcp.stream": "53", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d3a9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003998000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.233789000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.233789000", + "frame.time_delta": "0.000441000", + "frame.time_delta_displayed": "0.000441000", + "frame.time_relative": "451.773103000", + "frame.number": "1300", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000aa04", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000e85", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47414", + "tcp.port": "80", + "tcp.port": "47414", + "tcp.stream": "53", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000065fe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1299", + "tcp.analysis.ack_rtt": "0.000441000", + "tcp.analysis.initial_rtt": "0.003998000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.234609000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.234609000", + "frame.time_delta": "0.000820000", + "frame.time_delta_displayed": "0.000820000", + "frame.time_relative": "451.773923000", + "frame.number": "1301", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000aa05", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000e73", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47414", + "tcp.port": "80", + "tcp.port": "47414", + "tcp.stream": "53", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a61f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003998000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.234964000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.234964000", + "frame.time_delta": "0.000355000", + "frame.time_delta_displayed": "0.000355000", + "frame.time_relative": "451.774278000", + "frame.number": "1302", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000aa06", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000aa0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47414", + "tcp.port": "80", + "tcp.port": "47414", + "tcp.stream": "53", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f888", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003998000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1301", + "tcp.segment": "1302", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001616000", + "http.request_in": "1299", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.238435000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.238435000", + "frame.time_delta": "0.003471000", + "frame.time_delta_displayed": "0.003471000", + "frame.time_relative": "451.777749000", + "frame.number": "1303", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000dac5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ddc3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47414", + "tcp.dstport": "80", + "tcp.port": "47414", + "tcp.port": "80", + "tcp.stream": "53", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000735e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1301", + "tcp.analysis.ack_rtt": "0.003826000", + "tcp.analysis.initial_rtt": "0.003998000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.238563000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.238563000", + "frame.time_delta": "0.000128000", + "frame.time_delta_displayed": "0.000128000", + "frame.time_relative": "451.777877000", + "frame.number": "1304", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000dac6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ddc2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47414", + "tcp.dstport": "80", + "tcp.port": "47414", + "tcp.port": "80", + "tcp.stream": "53", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006f73", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1302", + "tcp.analysis.ack_rtt": "0.003599000", + "tcp.analysis.initial_rtt": "0.003998000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.239678000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.239678000", + "frame.time_delta": "0.001115000", + "frame.time_delta_displayed": "0.001115000", + "frame.time_relative": "451.778992000", + "frame.number": "1305", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000dac7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ddc1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47414", + "tcp.dstport": "80", + "tcp.port": "47414", + "tcp.port": "80", + "tcp.stream": "53", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006f72", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.240276000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.240276000", + "frame.time_delta": "0.000598000", + "frame.time_delta_displayed": "0.000598000", + "frame.time_relative": "451.779590000", + "frame.number": "1306", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d76f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e119", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47414", + "tcp.port": "80", + "tcp.port": "47414", + "tcp.stream": "53", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006208", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1305", + "tcp.analysis.ack_rtt": "0.000598000", + "tcp.analysis.initial_rtt": "0.003998000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.243546000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.243546000", + "frame.time_delta": "0.003270000", + "frame.time_delta_displayed": "0.003270000", + "frame.time_relative": "451.782860000", + "frame.number": "1307", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e842", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d046", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47414", + "tcp.dstport": "80", + "tcp.port": "47414", + "tcp.port": "80", + "tcp.stream": "53", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a9e6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.272036000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.272036000", + "frame.time_delta": "0.028490000", + "frame.time_delta_displayed": "0.028490000", + "frame.time_relative": "451.811350000", + "frame.number": "1308", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00009317", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002447", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "33", + "http.prev_response_in": "1295" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.278420000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.278420000", + "frame.time_delta": "0.006384000", + "frame.time_delta_displayed": "0.006384000", + "frame.time_relative": "451.817734000", + "frame.number": "1309", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000113b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a73a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47415", + "tcp.dstport": "80", + "tcp.port": "47415", + "tcp.port": "80", + "tcp.stream": "54", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000055b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:03:f0:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918512, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918512", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.278976000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.278976000", + "frame.time_delta": "0.000556000", + "frame.time_delta_displayed": "0.000556000", + "frame.time_relative": "451.818290000", + "frame.number": "1310", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47415", + "tcp.port": "80", + "tcp.port": "47415", + "tcp.stream": "54", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000c2cc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1309", + "tcp.analysis.ack_rtt": "0.000556000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.282470000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.282470000", + "frame.time_delta": "0.003494000", + "frame.time_delta_displayed": "0.003494000", + "frame.time_relative": "451.821784000", + "frame.number": "1311", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000113c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a74d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47415", + "tcp.dstport": "80", + "tcp.port": "47415", + "tcp.port": "80", + "tcp.stream": "54", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007454", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1310", + "tcp.analysis.ack_rtt": "0.003494000", + "tcp.analysis.initial_rtt": "0.004050000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.282601000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.282601000", + "frame.time_delta": "0.000131000", + "frame.time_delta_displayed": "0.000131000", + "frame.time_relative": "451.821915000", + "frame.number": "1312", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000113d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a68c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47415", + "tcp.dstport": "80", + "tcp.port": "47415", + "tcp.port": "80", + "tcp.stream": "54", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d3ce", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004050000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.283037000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.283037000", + "frame.time_delta": "0.000436000", + "frame.time_delta_displayed": "0.000436000", + "frame.time_relative": "451.822351000", + "frame.number": "1313", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008d88", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002b01", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47415", + "tcp.port": "80", + "tcp.port": "47415", + "tcp.stream": "54", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006623", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1312", + "tcp.analysis.ack_rtt": "0.000436000", + "tcp.analysis.initial_rtt": "0.004050000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.283812000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.283812000", + "frame.time_delta": "0.000775000", + "frame.time_delta_displayed": "0.000775000", + "frame.time_relative": "451.823126000", + "frame.number": "1314", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00008d89", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002aef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47415", + "tcp.port": "80", + "tcp.port": "47415", + "tcp.stream": "54", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a644", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004050000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.284150000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.284150000", + "frame.time_delta": "0.000338000", + "frame.time_delta_displayed": "0.000338000", + "frame.time_relative": "451.823464000", + "frame.number": "1315", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00008d8a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000271c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47415", + "tcp.port": "80", + "tcp.port": "47415", + "tcp.stream": "54", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f8ad", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004050000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1314", + "tcp.segment": "1315", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001549000", + "http.request_in": "1312", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.286499000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.286499000", + "frame.time_delta": "0.002349000", + "frame.time_delta_displayed": "0.002349000", + "frame.time_relative": "451.825813000", + "frame.number": "1316", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000113e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a74b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47415", + "tcp.dstport": "80", + "tcp.port": "47415", + "tcp.port": "80", + "tcp.stream": "54", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007383", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1314", + "tcp.analysis.ack_rtt": "0.002687000", + "tcp.analysis.initial_rtt": "0.004050000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.286540000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.286540000", + "frame.time_delta": "0.000041000", + "frame.time_delta_displayed": "0.000041000", + "frame.time_relative": "451.825854000", + "frame.number": "1317", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000113f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a74a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47415", + "tcp.dstport": "80", + "tcp.port": "47415", + "tcp.port": "80", + "tcp.stream": "54", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006f98", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1315", + "tcp.analysis.ack_rtt": "0.002390000", + "tcp.analysis.initial_rtt": "0.004050000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.287476000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.287476000", + "frame.time_delta": "0.000936000", + "frame.time_delta_displayed": "0.000936000", + "frame.time_relative": "451.826790000", + "frame.number": "1318", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001140", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a749", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47415", + "tcp.dstport": "80", + "tcp.port": "47415", + "tcp.port": "80", + "tcp.stream": "54", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006f97", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.287933000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.287933000", + "frame.time_delta": "0.000457000", + "frame.time_delta_displayed": "0.000457000", + "frame.time_relative": "451.827247000", + "frame.number": "1319", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d770", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e118", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47415", + "tcp.port": "80", + "tcp.port": "47415", + "tcp.stream": "54", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000622d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1318", + "tcp.analysis.ack_rtt": "0.000457000", + "tcp.analysis.initial_rtt": "0.004050000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:03.291384000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494043.291384000", + "frame.time_delta": "0.003451000", + "frame.time_delta_displayed": "0.003451000", + "frame.time_relative": "451.830698000", + "frame.number": "1320", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e845", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d043", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47415", + "tcp.dstport": "80", + "tcp.port": "47415", + "tcp.port": "80", + "tcp.stream": "54", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007078", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.220177000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.220177000", + "frame.time_delta": "0.928793000", + "frame.time_delta_displayed": "0.928793000", + "frame.time_relative": "452.759491000", + "frame.number": "1321", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00009354", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000240d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "34", + "http.prev_response_in": "1308" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.237042000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.237042000", + "frame.time_delta": "0.016865000", + "frame.time_delta_displayed": "0.016865000", + "frame.time_relative": "452.776356000", + "frame.number": "1322", + "frame.len": "94", + "frame.cap_len": "94", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "80", + "ip.id": "0x000057e0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a689", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "40", + "tcp.seq": "122", + "tcp.nxtseq": "162", + "tcp.ack": "109", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000957c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "40", + "tcp.analysis.push_bytes_sent": "40" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "35", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:df:c7:19:3f:1c:fa:df:8a:24:76:85:59:f1:9c:91:62:dc:e0:10:17:1d:bf:59:78:77:d2:2a:45" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.254395000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.254395000", + "frame.time_delta": "0.017353000", + "frame.time_delta_displayed": "0.017353000", + "frame.time_relative": "452.793709000", + "frame.number": "1323", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00009d31", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001b44", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47416", + "tcp.dstport": "80", + "tcp.port": "47416", + "tcp.port": "80", + "tcp.stream": "55", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000bc1b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:04:52:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918610, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918610", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.254948000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.254948000", + "frame.time_delta": "0.000553000", + "frame.time_delta_displayed": "0.000553000", + "frame.time_relative": "452.794262000", + "frame.number": "1324", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47416", + "tcp.port": "80", + "tcp.port": "47416", + "tcp.stream": "55", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000078ac", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1323", + "tcp.analysis.ack_rtt": "0.000553000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.258425000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.258425000", + "frame.time_delta": "0.003477000", + "frame.time_delta_displayed": "0.003477000", + "frame.time_relative": "452.797739000", + "frame.number": "1325", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009d32", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001b57", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47416", + "tcp.dstport": "80", + "tcp.port": "47416", + "tcp.port": "80", + "tcp.stream": "55", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002a34", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1324", + "tcp.analysis.ack_rtt": "0.003477000", + "tcp.analysis.initial_rtt": "0.004030000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.259387000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.259387000", + "frame.time_delta": "0.000962000", + "frame.time_delta_displayed": "0.000962000", + "frame.time_relative": "452.798701000", + "frame.number": "1326", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00009d33", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001a96", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47416", + "tcp.dstport": "80", + "tcp.port": "47416", + "tcp.port": "80", + "tcp.stream": "55", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000089ae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004030000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.259890000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.259890000", + "frame.time_delta": "0.000503000", + "frame.time_delta_displayed": "0.000503000", + "frame.time_relative": "452.799204000", + "frame.number": "1327", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000977a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000210f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47416", + "tcp.port": "80", + "tcp.port": "47416", + "tcp.stream": "55", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001c03", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1326", + "tcp.analysis.ack_rtt": "0.000503000", + "tcp.analysis.initial_rtt": "0.004030000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.260638000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.260638000", + "frame.time_delta": "0.000748000", + "frame.time_delta_displayed": "0.000748000", + "frame.time_relative": "452.799952000", + "frame.number": "1328", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000977b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000020fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47416", + "tcp.port": "80", + "tcp.port": "47416", + "tcp.stream": "55", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005c24", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004030000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.261020000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.261020000", + "frame.time_delta": "0.000382000", + "frame.time_delta_displayed": "0.000382000", + "frame.time_relative": "452.800334000", + "frame.number": "1329", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000977c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001d2a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47416", + "tcp.port": "80", + "tcp.port": "47416", + "tcp.stream": "55", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ae8d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004030000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1328", + "tcp.segment": "1329", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001633000", + "http.request_in": "1326", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.264358000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.264358000", + "frame.time_delta": "0.003338000", + "frame.time_delta_displayed": "0.003338000", + "frame.time_relative": "452.803672000", + "frame.number": "1330", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009d34", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001b55", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47416", + "tcp.dstport": "80", + "tcp.port": "47416", + "tcp.port": "80", + "tcp.stream": "55", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002963", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1328", + "tcp.analysis.ack_rtt": "0.003720000", + "tcp.analysis.initial_rtt": "0.004030000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.264404000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.264404000", + "frame.time_delta": "0.000046000", + "frame.time_delta_displayed": "0.000046000", + "frame.time_relative": "452.803718000", + "frame.number": "1331", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009d35", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001b54", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47416", + "tcp.dstport": "80", + "tcp.port": "47416", + "tcp.port": "80", + "tcp.stream": "55", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002578", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1329", + "tcp.analysis.ack_rtt": "0.003384000", + "tcp.analysis.initial_rtt": "0.004030000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.265035000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.265035000", + "frame.time_delta": "0.000631000", + "frame.time_delta_displayed": "0.000631000", + "frame.time_relative": "452.804349000", + "frame.number": "1332", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009d36", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001b53", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47416", + "tcp.dstport": "80", + "tcp.port": "47416", + "tcp.port": "80", + "tcp.stream": "55", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002577", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.265484000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.265484000", + "frame.time_delta": "0.000449000", + "frame.time_delta_displayed": "0.000449000", + "frame.time_relative": "452.804798000", + "frame.number": "1333", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d780", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e108", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47416", + "tcp.port": "80", + "tcp.port": "47416", + "tcp.stream": "55", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000180d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1332", + "tcp.analysis.ack_rtt": "0.000449000", + "tcp.analysis.initial_rtt": "0.004030000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.268686000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.268686000", + "frame.time_delta": "0.003202000", + "frame.time_delta_displayed": "0.003202000", + "frame.time_relative": "452.808000000", + "frame.number": "1334", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e847", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d041", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47416", + "tcp.dstport": "80", + "tcp.port": "47416", + "tcp.port": "80", + "tcp.stream": "55", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000279b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.272975000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.272975000", + "frame.time_delta": "0.004289000", + "frame.time_delta_displayed": "0.004289000", + "frame.time_relative": "452.812289000", + "frame.number": "1335", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000935a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000023fe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "35", + "http.prev_response_in": "1321" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.280629000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.280629000", + "frame.time_delta": "0.007654000", + "frame.time_delta_displayed": "0.007654000", + "frame.time_relative": "452.819943000", + "frame.number": "1336", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00008d8f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002ae6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47417", + "tcp.dstport": "80", + "tcp.port": "47417", + "tcp.port": "80", + "tcp.stream": "56", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00008a6a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:04:54:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918612, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918612", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.281172000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.281172000", + "frame.time_delta": "0.000543000", + "frame.time_delta_displayed": "0.000543000", + "frame.time_relative": "452.820486000", + "frame.number": "1337", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47417", + "tcp.port": "80", + "tcp.port": "47417", + "tcp.stream": "56", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00009479", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1336", + "tcp.analysis.ack_rtt": "0.000543000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.284516000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.284516000", + "frame.time_delta": "0.003344000", + "frame.time_delta_displayed": "0.003344000", + "frame.time_relative": "452.823830000", + "frame.number": "1338", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008d90", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002af9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47417", + "tcp.dstport": "80", + "tcp.port": "47417", + "tcp.port": "80", + "tcp.stream": "56", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004601", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1337", + "tcp.analysis.ack_rtt": "0.003344000", + "tcp.analysis.initial_rtt": "0.003887000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.284647000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.284647000", + "frame.time_delta": "0.000131000", + "frame.time_delta_displayed": "0.000131000", + "frame.time_relative": "452.823961000", + "frame.number": "1339", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00008d91", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002a38", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47417", + "tcp.dstport": "80", + "tcp.port": "47417", + "tcp.port": "80", + "tcp.stream": "56", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a57b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003887000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.285090000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.285090000", + "frame.time_delta": "0.000443000", + "frame.time_delta_displayed": "0.000443000", + "frame.time_relative": "452.824404000", + "frame.number": "1340", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002238", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009651", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47417", + "tcp.port": "80", + "tcp.port": "47417", + "tcp.stream": "56", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000037d0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1339", + "tcp.analysis.ack_rtt": "0.000443000", + "tcp.analysis.initial_rtt": "0.003887000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.285785000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.285785000", + "frame.time_delta": "0.000695000", + "frame.time_delta_displayed": "0.000695000", + "frame.time_relative": "452.825099000", + "frame.number": "1341", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00002239", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000963f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47417", + "tcp.port": "80", + "tcp.port": "47417", + "tcp.stream": "56", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000077f1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003887000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.286216000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.286216000", + "frame.time_delta": "0.000431000", + "frame.time_delta_displayed": "0.000431000", + "frame.time_relative": "452.825530000", + "frame.number": "1342", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000223a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000926c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47417", + "tcp.port": "80", + "tcp.port": "47417", + "tcp.stream": "56", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ca5a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003887000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1341", + "tcp.segment": "1342", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001569000", + "http.request_in": "1339", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.288485000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.288485000", + "frame.time_delta": "0.002269000", + "frame.time_delta_displayed": "0.002269000", + "frame.time_relative": "452.827799000", + "frame.number": "1343", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008d92", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002af7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47417", + "tcp.dstport": "80", + "tcp.port": "47417", + "tcp.port": "80", + "tcp.stream": "56", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004530", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1341", + "tcp.analysis.ack_rtt": "0.002700000", + "tcp.analysis.initial_rtt": "0.003887000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.290387000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.290387000", + "frame.time_delta": "0.001902000", + "frame.time_delta_displayed": "0.001902000", + "frame.time_relative": "452.829701000", + "frame.number": "1344", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008d93", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002af6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47417", + "tcp.dstport": "80", + "tcp.port": "47417", + "tcp.port": "80", + "tcp.stream": "56", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004145", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1342", + "tcp.analysis.ack_rtt": "0.004171000", + "tcp.analysis.initial_rtt": "0.003887000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.291419000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.291419000", + "frame.time_delta": "0.001032000", + "frame.time_delta_displayed": "0.001032000", + "frame.time_relative": "452.830733000", + "frame.number": "1345", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008d94", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002af5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47417", + "tcp.dstport": "80", + "tcp.port": "47417", + "tcp.port": "80", + "tcp.stream": "56", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004144", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.291858000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.291858000", + "frame.time_delta": "0.000439000", + "frame.time_delta_displayed": "0.000439000", + "frame.time_relative": "452.831172000", + "frame.number": "1346", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d782", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e106", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47417", + "tcp.port": "80", + "tcp.port": "47417", + "tcp.stream": "56", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000033da", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1345", + "tcp.analysis.ack_rtt": "0.000439000", + "tcp.analysis.initial_rtt": "0.003887000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.294981000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.294981000", + "frame.time_delta": "0.003123000", + "frame.time_delta_displayed": "0.003123000", + "frame.time_relative": "452.834295000", + "frame.number": "1347", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e84a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d03e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47417", + "tcp.dstport": "80", + "tcp.port": "47417", + "tcp.port": "80", + "tcp.stream": "56", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f5eb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.325922000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.325922000", + "frame.time_delta": "0.030941000", + "frame.time_delta_displayed": "0.030941000", + "frame.time_relative": "452.865236000", + "frame.number": "1348", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000935f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000023ff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "36", + "http.prev_response_in": "1335" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.333027000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.333027000", + "frame.time_delta": "0.007105000", + "frame.time_delta_displayed": "0.007105000", + "frame.time_relative": "452.872341000", + "frame.number": "1349", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00008172", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003703", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47418", + "tcp.dstport": "80", + "tcp.port": "47418", + "tcp.port": "80", + "tcp.stream": "57", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000a03c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:04:5a:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918618, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918618", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.333567000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.333567000", + "frame.time_delta": "0.000540000", + "frame.time_delta_displayed": "0.000540000", + "frame.time_relative": "452.872881000", + "frame.number": "1350", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47418", + "tcp.port": "80", + "tcp.port": "47418", + "tcp.stream": "57", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00001d54", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1349", + "tcp.analysis.ack_rtt": "0.000540000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.343641000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.343641000", + "frame.time_delta": "0.010074000", + "frame.time_delta_displayed": "0.010074000", + "frame.time_relative": "452.882955000", + "frame.number": "1351", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008173", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003716", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47418", + "tcp.dstport": "80", + "tcp.port": "47418", + "tcp.port": "80", + "tcp.stream": "57", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000cedb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1350", + "tcp.analysis.ack_rtt": "0.010074000", + "tcp.analysis.initial_rtt": "0.010614000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.343704000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.343704000", + "frame.time_delta": "0.000063000", + "frame.time_delta_displayed": "0.000063000", + "frame.time_relative": "452.883018000", + "frame.number": "1352", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00008174", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003655", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47418", + "tcp.dstport": "80", + "tcp.port": "47418", + "tcp.port": "80", + "tcp.stream": "57", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002e56", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.010614000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.344191000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.344191000", + "frame.time_delta": "0.000487000", + "frame.time_delta_displayed": "0.000487000", + "frame.time_relative": "452.883505000", + "frame.number": "1353", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005dbb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005ace", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47418", + "tcp.port": "80", + "tcp.port": "47418", + "tcp.stream": "57", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c0aa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1352", + "tcp.analysis.ack_rtt": "0.000487000", + "tcp.analysis.initial_rtt": "0.010614000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.344993000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.344993000", + "frame.time_delta": "0.000802000", + "frame.time_delta_displayed": "0.000802000", + "frame.time_relative": "452.884307000", + "frame.number": "1354", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00005dbc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005abc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47418", + "tcp.port": "80", + "tcp.port": "47418", + "tcp.stream": "57", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000000cc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.010614000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.345331000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.345331000", + "frame.time_delta": "0.000338000", + "frame.time_delta_displayed": "0.000338000", + "frame.time_relative": "452.884645000", + "frame.number": "1355", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00005dbd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000056e9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47418", + "tcp.port": "80", + "tcp.port": "47418", + "tcp.stream": "57", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005335", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.010614000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1354", + "tcp.segment": "1355", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001627000", + "http.request_in": "1352", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.350375000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.350375000", + "frame.time_delta": "0.005044000", + "frame.time_delta_displayed": "0.005044000", + "frame.time_relative": "452.889689000", + "frame.number": "1356", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008175", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003714", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47418", + "tcp.dstport": "80", + "tcp.port": "47418", + "tcp.port": "80", + "tcp.stream": "57", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ce0a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1354", + "tcp.analysis.ack_rtt": "0.005382000", + "tcp.analysis.initial_rtt": "0.010614000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.350425000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.350425000", + "frame.time_delta": "0.000050000", + "frame.time_delta_displayed": "0.000050000", + "frame.time_relative": "452.889739000", + "frame.number": "1357", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008176", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003713", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47418", + "tcp.dstport": "80", + "tcp.port": "47418", + "tcp.port": "80", + "tcp.stream": "57", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ca1f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1355", + "tcp.analysis.ack_rtt": "0.005094000", + "tcp.analysis.initial_rtt": "0.010614000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.351062000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.351062000", + "frame.time_delta": "0.000637000", + "frame.time_delta_displayed": "0.000637000", + "frame.time_relative": "452.890376000", + "frame.number": "1358", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008177", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003712", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47418", + "tcp.dstport": "80", + "tcp.port": "47418", + "tcp.port": "80", + "tcp.stream": "57", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ca1e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.351516000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.351516000", + "frame.time_delta": "0.000454000", + "frame.time_delta_displayed": "0.000454000", + "frame.time_relative": "452.890830000", + "frame.number": "1359", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d785", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e103", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47418", + "tcp.port": "80", + "tcp.port": "47418", + "tcp.stream": "57", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bcb4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1358", + "tcp.analysis.ack_rtt": "0.000454000", + "tcp.analysis.initial_rtt": "0.010614000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.353960000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.353960000", + "frame.time_delta": "0.002444000", + "frame.time_delta_displayed": "0.002444000", + "frame.time_relative": "452.893274000", + "frame.number": "1360", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e850", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d038", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47418", + "tcp.dstport": "80", + "tcp.port": "47418", + "tcp.port": "80", + "tcp.stream": "57", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000bc4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.380395000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.380395000", + "frame.time_delta": "0.026435000", + "frame.time_delta_displayed": "0.026435000", + "frame.time_relative": "452.919709000", + "frame.number": "1361", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00000fd2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd9b", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "36", + "tcp.seq": "109", + "tcp.nxtseq": "145", + "tcp.ack": "162", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005909", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1322", + "tcp.analysis.ack_rtt": "0.143353000", + "tcp.analysis.bytes_in_flight": "36", + "tcp.analysis.push_bytes_sent": "36" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "31", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:65:cd:53:15:d9:1a:b6:e0:d2:87:fe:25:ef:7c:b6:49:44:2f:e2:da:72:c4:65:e8" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.380909000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.380909000", + "frame.time_delta": "0.000514000", + "frame.time_delta_displayed": "0.000514000", + "frame.time_relative": "452.920223000", + "frame.number": "1362", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057e1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6b0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "162", + "tcp.ack": "145", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000058e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1361", + "tcp.analysis.ack_rtt": "0.000514000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.694333000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.694333000", + "frame.time_delta": "0.313424000", + "frame.time_delta_displayed": "0.313424000", + "frame.time_relative": "453.233647000", + "frame.number": "1363", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000937c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000023e5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "37", + "http.prev_response_in": "1348" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.747181000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.747181000", + "frame.time_delta": "0.052848000", + "frame.time_delta_displayed": "0.052848000", + "frame.time_relative": "453.286495000", + "frame.number": "1364", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000937e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000023da", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "38", + "http.prev_response_in": "1363" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.763936000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.763936000", + "frame.time_delta": "0.016755000", + "frame.time_delta_displayed": "0.016755000", + "frame.time_relative": "453.303250000", + "frame.number": "1365", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000065cd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000052a8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47419", + "tcp.dstport": "80", + "tcp.port": "47419", + "tcp.port": "80", + "tcp.stream": "58", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00004d39", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:04:85:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918661, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918661", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.764487000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.764487000", + "frame.time_delta": "0.000551000", + "frame.time_delta_displayed": "0.000551000", + "frame.time_relative": "453.303801000", + "frame.number": "1366", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47419", + "tcp.port": "80", + "tcp.port": "47419", + "tcp.stream": "58", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008d24", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1365", + "tcp.analysis.ack_rtt": "0.000551000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.768272000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.768272000", + "frame.time_delta": "0.003785000", + "frame.time_delta_displayed": "0.003785000", + "frame.time_relative": "453.307586000", + "frame.number": "1367", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000065ce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000052bb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47419", + "tcp.dstport": "80", + "tcp.port": "47419", + "tcp.port": "80", + "tcp.stream": "58", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003eac", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1366", + "tcp.analysis.ack_rtt": "0.003785000", + "tcp.analysis.initial_rtt": "0.004336000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.768399000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.768399000", + "frame.time_delta": "0.000127000", + "frame.time_delta_displayed": "0.000127000", + "frame.time_relative": "453.307713000", + "frame.number": "1368", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000065cf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000051fa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47419", + "tcp.dstport": "80", + "tcp.port": "47419", + "tcp.port": "80", + "tcp.stream": "58", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009e26", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004336000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.768834000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.768834000", + "frame.time_delta": "0.000435000", + "frame.time_delta_displayed": "0.000435000", + "frame.time_relative": "453.308148000", + "frame.number": "1369", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019a5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009ee4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47419", + "tcp.port": "80", + "tcp.port": "47419", + "tcp.stream": "58", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000307b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1368", + "tcp.analysis.ack_rtt": "0.000435000", + "tcp.analysis.initial_rtt": "0.004336000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.769568000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.769568000", + "frame.time_delta": "0.000734000", + "frame.time_delta_displayed": "0.000734000", + "frame.time_relative": "453.308882000", + "frame.number": "1370", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000019a6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009ed2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47419", + "tcp.port": "80", + "tcp.port": "47419", + "tcp.stream": "58", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000709c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004336000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.769928000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.769928000", + "frame.time_delta": "0.000360000", + "frame.time_delta_displayed": "0.000360000", + "frame.time_relative": "453.309242000", + "frame.number": "1371", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000019a7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009aff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47419", + "tcp.port": "80", + "tcp.port": "47419", + "tcp.stream": "58", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c305", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004336000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1370", + "tcp.segment": "1371", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001529000", + "http.request_in": "1368", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.770781000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.770781000", + "frame.time_delta": "0.000853000", + "frame.time_delta_displayed": "0.000853000", + "frame.time_relative": "453.310095000", + "frame.number": "1372", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000019a8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009afe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47419", + "tcp.port": "80", + "tcp.port": "47419", + "tcp.stream": "58", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c305", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004336000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.775363000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.775363000", + "frame.time_delta": "0.004582000", + "frame.time_delta_displayed": "0.004582000", + "frame.time_relative": "453.314677000", + "frame.number": "1373", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000065d0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000052b9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47419", + "tcp.dstport": "80", + "tcp.port": "47419", + "tcp.port": "80", + "tcp.stream": "58", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003ddb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1370", + "tcp.analysis.ack_rtt": "0.005795000", + "tcp.analysis.initial_rtt": "0.004336000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.775498000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.775498000", + "frame.time_delta": "0.000135000", + "frame.time_delta_displayed": "0.000135000", + "frame.time_relative": "453.314812000", + "frame.number": "1374", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000065d1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000052b8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47419", + "tcp.dstport": "80", + "tcp.port": "47419", + "tcp.port": "80", + "tcp.stream": "58", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000039f0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1371", + "tcp.analysis.ack_rtt": "0.005570000", + "tcp.analysis.initial_rtt": "0.004336000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.775991000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.775991000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "453.315305000", + "frame.number": "1375", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000065d2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000052ab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47419", + "tcp.dstport": "80", + "tcp.port": "47419", + "tcp.port": "80", + "tcp.stream": "58", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000c98", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:3f:36:3a:78:3f:36:3e:5c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004336000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "1374", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.776113000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.776113000", + "frame.time_delta": "0.000122000", + "frame.time_delta_displayed": "0.000122000", + "frame.time_relative": "453.315427000", + "frame.number": "1376", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000065d3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000052b6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47419", + "tcp.dstport": "80", + "tcp.port": "47419", + "tcp.port": "80", + "tcp.stream": "58", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000039ef", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.776519000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.776519000", + "frame.time_delta": "0.000406000", + "frame.time_delta_displayed": "0.000406000", + "frame.time_relative": "453.315833000", + "frame.number": "1377", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d797", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e0f1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47419", + "tcp.port": "80", + "tcp.port": "47419", + "tcp.stream": "58", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002c85", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1376", + "tcp.analysis.ack_rtt": "0.000406000", + "tcp.analysis.initial_rtt": "0.004336000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.779325000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.779325000", + "frame.time_delta": "0.002806000", + "frame.time_delta_displayed": "0.002806000", + "frame.time_relative": "453.318639000", + "frame.number": "1378", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e852", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d036", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47419", + "tcp.dstport": "80", + "tcp.port": "47419", + "tcp.port": "80", + "tcp.stream": "58", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b8eb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.800038000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.800038000", + "frame.time_delta": "0.020713000", + "frame.time_delta_displayed": "0.020713000", + "frame.time_relative": "453.339352000", + "frame.number": "1379", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00009383", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000023db", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "39", + "http.prev_response_in": "1364" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.807794000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.807794000", + "frame.time_delta": "0.007756000", + "frame.time_delta_displayed": "0.007756000", + "frame.time_relative": "453.347108000", + "frame.number": "1380", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000a5a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000012d4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47420", + "tcp.dstport": "80", + "tcp.port": "47420", + "tcp.port": "80", + "tcp.stream": "59", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000ba8e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:04:89:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918665, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918665", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.808336000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.808336000", + "frame.time_delta": "0.000542000", + "frame.time_delta_displayed": "0.000542000", + "frame.time_relative": "453.347650000", + "frame.number": "1381", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47420", + "tcp.port": "80", + "tcp.port": "47420", + "tcp.stream": "59", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000be0a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1380", + "tcp.analysis.ack_rtt": "0.000542000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.811587000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.811587000", + "frame.time_delta": "0.003251000", + "frame.time_delta_displayed": "0.003251000", + "frame.time_relative": "453.350901000", + "frame.number": "1382", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a5a2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000012e7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47420", + "tcp.dstport": "80", + "tcp.port": "47420", + "tcp.port": "80", + "tcp.stream": "59", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006f92", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1381", + "tcp.analysis.ack_rtt": "0.003251000", + "tcp.analysis.initial_rtt": "0.003793000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.811758000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.811758000", + "frame.time_delta": "0.000171000", + "frame.time_delta_displayed": "0.000171000", + "frame.time_relative": "453.351072000", + "frame.number": "1383", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000a5a3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001226", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47420", + "tcp.dstport": "80", + "tcp.port": "47420", + "tcp.port": "80", + "tcp.stream": "59", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000cf0c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003793000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.812220000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.812220000", + "frame.time_delta": "0.000462000", + "frame.time_delta_displayed": "0.000462000", + "frame.time_relative": "453.351534000", + "frame.number": "1384", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b9e1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fea7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47420", + "tcp.port": "80", + "tcp.port": "47420", + "tcp.stream": "59", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006161", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1383", + "tcp.analysis.ack_rtt": "0.000462000", + "tcp.analysis.initial_rtt": "0.003793000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.812873000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.812873000", + "frame.time_delta": "0.000653000", + "frame.time_delta_displayed": "0.000653000", + "frame.time_relative": "453.352187000", + "frame.number": "1385", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000b9e2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fe95", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47420", + "tcp.port": "80", + "tcp.port": "47420", + "tcp.stream": "59", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a182", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003793000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.813226000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.813226000", + "frame.time_delta": "0.000353000", + "frame.time_delta_displayed": "0.000353000", + "frame.time_relative": "453.352540000", + "frame.number": "1386", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000b9e3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fac2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47420", + "tcp.port": "80", + "tcp.port": "47420", + "tcp.stream": "59", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f3eb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003793000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1385", + "tcp.segment": "1386", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001468000", + "http.request_in": "1383", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.815734000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.815734000", + "frame.time_delta": "0.002508000", + "frame.time_delta_displayed": "0.002508000", + "frame.time_relative": "453.355048000", + "frame.number": "1387", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a5a4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000012e5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47420", + "tcp.dstport": "80", + "tcp.port": "47420", + "tcp.port": "80", + "tcp.stream": "59", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006ec1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1385", + "tcp.analysis.ack_rtt": "0.002861000", + "tcp.analysis.initial_rtt": "0.003793000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.816594000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.816594000", + "frame.time_delta": "0.000860000", + "frame.time_delta_displayed": "0.000860000", + "frame.time_relative": "453.355908000", + "frame.number": "1388", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a5a5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000012e4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47420", + "tcp.dstport": "80", + "tcp.port": "47420", + "tcp.port": "80", + "tcp.stream": "59", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006ad6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1386", + "tcp.analysis.ack_rtt": "0.003368000", + "tcp.analysis.initial_rtt": "0.003793000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.817430000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.817430000", + "frame.time_delta": "0.000836000", + "frame.time_delta_displayed": "0.000836000", + "frame.time_relative": "453.356744000", + "frame.number": "1389", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a5a6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000012e3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47420", + "tcp.dstport": "80", + "tcp.port": "47420", + "tcp.port": "80", + "tcp.stream": "59", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006ad5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.817888000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.817888000", + "frame.time_delta": "0.000458000", + "frame.time_delta_displayed": "0.000458000", + "frame.time_relative": "453.357202000", + "frame.number": "1390", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d799", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e0ef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47420", + "tcp.port": "80", + "tcp.port": "47420", + "tcp.stream": "59", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005d6b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1389", + "tcp.analysis.ack_rtt": "0.000458000", + "tcp.analysis.initial_rtt": "0.003793000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:04.821133000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494044.821133000", + "frame.time_delta": "0.003245000", + "frame.time_delta_displayed": "0.003245000", + "frame.time_relative": "453.360447000", + "frame.number": "1391", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e853", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d035", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47420", + "tcp.dstport": "80", + "tcp.port": "47420", + "tcp.port": "80", + "tcp.stream": "59", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002645", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:05.798775000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494045.798775000", + "frame.time_delta": "0.977642000", + "frame.time_delta_displayed": "0.977642000", + "frame.time_relative": "454.338089000", + "frame.number": "1392", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000093dd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002384", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "40", + "http.prev_response_in": "1379" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:05.799364000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494045.799364000", + "frame.time_delta": "0.000589000", + "frame.time_delta_displayed": "0.000589000", + "frame.time_relative": "454.338678000", + "frame.number": "1393", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000093e1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002377", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "41", + "http.prev_response_in": "1392" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:05.852199000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494045.852199000", + "frame.time_delta": "0.052835000", + "frame.time_delta_displayed": "0.052835000", + "frame.time_relative": "454.391513000", + "frame.number": "1394", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000093e5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002379", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "42", + "http.prev_response_in": "1393" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:05.885697000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494045.885697000", + "frame.time_delta": "0.033498000", + "frame.time_delta_displayed": "0.033498000", + "frame.time_relative": "454.425011000", + "frame.number": "1395", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000391b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007f5a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47421", + "tcp.dstport": "80", + "tcp.port": "47421", + "tcp.port": "80", + "tcp.stream": "60", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000548d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:04:f5:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918773, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918773", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:05.886251000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494045.886251000", + "frame.time_delta": "0.000554000", + "frame.time_delta_displayed": "0.000554000", + "frame.time_relative": "454.425565000", + "frame.number": "1396", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47421", + "tcp.port": "80", + "tcp.port": "47421", + "tcp.stream": "60", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008325", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1395", + "tcp.analysis.ack_rtt": "0.000554000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:05.891458000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494045.891458000", + "frame.time_delta": "0.005207000", + "frame.time_delta_displayed": "0.005207000", + "frame.time_relative": "454.430772000", + "frame.number": "1397", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000391c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007f6d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47421", + "tcp.dstport": "80", + "tcp.port": "47421", + "tcp.port": "80", + "tcp.stream": "60", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000034ad", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1396", + "tcp.analysis.ack_rtt": "0.005207000", + "tcp.analysis.initial_rtt": "0.005761000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:05.891577000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494045.891577000", + "frame.time_delta": "0.000119000", + "frame.time_delta_displayed": "0.000119000", + "frame.time_relative": "454.430891000", + "frame.number": "1398", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000391d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007eac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47421", + "tcp.dstport": "80", + "tcp.port": "47421", + "tcp.port": "80", + "tcp.stream": "60", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009427", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005761000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:05.892034000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494045.892034000", + "frame.time_delta": "0.000457000", + "frame.time_delta_displayed": "0.000457000", + "frame.time_relative": "454.431348000", + "frame.number": "1399", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e3df", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d4a9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47421", + "tcp.port": "80", + "tcp.port": "47421", + "tcp.stream": "60", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000267c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1398", + "tcp.analysis.ack_rtt": "0.000457000", + "tcp.analysis.initial_rtt": "0.005761000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:05.892716000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494045.892716000", + "frame.time_delta": "0.000682000", + "frame.time_delta_displayed": "0.000682000", + "frame.time_relative": "454.432030000", + "frame.number": "1400", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000e3e0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d497", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47421", + "tcp.port": "80", + "tcp.port": "47421", + "tcp.stream": "60", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000669d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005761000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:05.893067000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494045.893067000", + "frame.time_delta": "0.000351000", + "frame.time_delta_displayed": "0.000351000", + "frame.time_relative": "454.432381000", + "frame.number": "1401", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000e3e1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d0c4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47421", + "tcp.port": "80", + "tcp.port": "47421", + "tcp.stream": "60", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b906", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005761000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1400", + "tcp.segment": "1401", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001490000", + "http.request_in": "1398", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:05.895528000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494045.895528000", + "frame.time_delta": "0.002461000", + "frame.time_delta_displayed": "0.002461000", + "frame.time_relative": "454.434842000", + "frame.number": "1402", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000391e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007f6b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47421", + "tcp.dstport": "80", + "tcp.port": "47421", + "tcp.port": "80", + "tcp.stream": "60", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000033dc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1400", + "tcp.analysis.ack_rtt": "0.002812000", + "tcp.analysis.initial_rtt": "0.005761000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:05.896485000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494045.896485000", + "frame.time_delta": "0.000957000", + "frame.time_delta_displayed": "0.000957000", + "frame.time_relative": "454.435799000", + "frame.number": "1403", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000391f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007f6a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47421", + "tcp.dstport": "80", + "tcp.port": "47421", + "tcp.port": "80", + "tcp.stream": "60", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002ff1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1401", + "tcp.analysis.ack_rtt": "0.003418000", + "tcp.analysis.initial_rtt": "0.005761000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:05.896913000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494045.896913000", + "frame.time_delta": "0.000428000", + "frame.time_delta_displayed": "0.000428000", + "frame.time_relative": "454.436227000", + "frame.number": "1404", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003920", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007f69", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47421", + "tcp.dstport": "80", + "tcp.port": "47421", + "tcp.port": "80", + "tcp.stream": "60", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002ff0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:05.897357000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494045.897357000", + "frame.time_delta": "0.000444000", + "frame.time_delta_displayed": "0.000444000", + "frame.time_relative": "454.436671000", + "frame.number": "1405", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d7e3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e0a5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47421", + "tcp.port": "80", + "tcp.port": "47421", + "tcp.stream": "60", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002286", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1404", + "tcp.analysis.ack_rtt": "0.000444000", + "tcp.analysis.initial_rtt": "0.005761000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:05.899824000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494045.899824000", + "frame.time_delta": "0.002467000", + "frame.time_delta_displayed": "0.002467000", + "frame.time_relative": "454.439138000", + "frame.number": "1406", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e858", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d030", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47421", + "tcp.dstport": "80", + "tcp.port": "47421", + "tcp.port": "80", + "tcp.stream": "60", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c0af", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.173070000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.173070000", + "frame.time_delta": "0.273246000", + "frame.time_delta_displayed": "0.273246000", + "frame.time_relative": "454.712384000", + "frame.number": "1407", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005b9d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005c4c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.746943000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.746943000", + "frame.time_delta": "0.573873000", + "frame.time_delta_displayed": "0.573873000", + "frame.time_relative": "455.286257000", + "frame.number": "1408", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000943b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002326", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "43", + "http.prev_response_in": "1394" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.762356000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.762356000", + "frame.time_delta": "0.015413000", + "frame.time_delta_displayed": "0.015413000", + "frame.time_relative": "455.301670000", + "frame.number": "1409", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00001dc9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009aac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47422", + "tcp.dstport": "80", + "tcp.port": "47422", + "tcp.port": "80", + "tcp.stream": "61", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00005ecf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:05:4d:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918861, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918861", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.762907000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.762907000", + "frame.time_delta": "0.000551000", + "frame.time_delta_displayed": "0.000551000", + "frame.time_relative": "455.302221000", + "frame.number": "1410", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47422", + "tcp.port": "80", + "tcp.port": "47422", + "tcp.stream": "61", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000e69d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1409", + "tcp.analysis.ack_rtt": "0.000551000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.766125000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.766125000", + "frame.time_delta": "0.003218000", + "frame.time_delta_displayed": "0.003218000", + "frame.time_relative": "455.305439000", + "frame.number": "1411", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001dca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009abf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47422", + "tcp.dstport": "80", + "tcp.port": "47422", + "tcp.port": "80", + "tcp.stream": "61", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009825", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1410", + "tcp.analysis.ack_rtt": "0.003218000", + "tcp.analysis.initial_rtt": "0.003769000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.768355000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.768355000", + "frame.time_delta": "0.002230000", + "frame.time_delta_displayed": "0.002230000", + "frame.time_relative": "455.307669000", + "frame.number": "1412", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00001dcb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000099fe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47422", + "tcp.dstport": "80", + "tcp.port": "47422", + "tcp.port": "80", + "tcp.stream": "61", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f79f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003769000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.768850000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.768850000", + "frame.time_delta": "0.000495000", + "frame.time_delta_displayed": "0.000495000", + "frame.time_relative": "455.308164000", + "frame.number": "1413", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000045aa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000072df", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47422", + "tcp.port": "80", + "tcp.port": "47422", + "tcp.stream": "61", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000089f4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1412", + "tcp.analysis.ack_rtt": "0.000495000", + "tcp.analysis.initial_rtt": "0.003769000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.769501000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.769501000", + "frame.time_delta": "0.000651000", + "frame.time_delta_displayed": "0.000651000", + "frame.time_relative": "455.308815000", + "frame.number": "1414", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000045ab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000072cd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47422", + "tcp.port": "80", + "tcp.port": "47422", + "tcp.stream": "61", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ca15", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003769000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.769850000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.769850000", + "frame.time_delta": "0.000349000", + "frame.time_delta_displayed": "0.000349000", + "frame.time_relative": "455.309164000", + "frame.number": "1415", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000045ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006efa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47422", + "tcp.port": "80", + "tcp.port": "47422", + "tcp.stream": "61", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001c7f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003769000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1414", + "tcp.segment": "1415", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001495000", + "http.request_in": "1412", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.770787000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.770787000", + "frame.time_delta": "0.000937000", + "frame.time_delta_displayed": "0.000937000", + "frame.time_relative": "455.310101000", + "frame.number": "1416", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000045ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006ef9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47422", + "tcp.port": "80", + "tcp.port": "47422", + "tcp.stream": "61", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001c7f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003769000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.772211000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.772211000", + "frame.time_delta": "0.001424000", + "frame.time_delta_displayed": "0.001424000", + "frame.time_relative": "455.311525000", + "frame.number": "1417", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001dcc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009abd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47422", + "tcp.dstport": "80", + "tcp.port": "47422", + "tcp.port": "80", + "tcp.stream": "61", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009754", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1414", + "tcp.analysis.ack_rtt": "0.002710000", + "tcp.analysis.initial_rtt": "0.003769000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.774171000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.774171000", + "frame.time_delta": "0.001960000", + "frame.time_delta_displayed": "0.001960000", + "frame.time_relative": "455.313485000", + "frame.number": "1418", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001dcd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009abc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47422", + "tcp.dstport": "80", + "tcp.port": "47422", + "tcp.port": "80", + "tcp.stream": "61", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009369", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1415", + "tcp.analysis.ack_rtt": "0.004321000", + "tcp.analysis.initial_rtt": "0.003769000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.774216000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.774216000", + "frame.time_delta": "0.000045000", + "frame.time_delta_displayed": "0.000045000", + "frame.time_relative": "455.313530000", + "frame.number": "1419", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001dce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009aaf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47422", + "tcp.dstport": "80", + "tcp.port": "47422", + "tcp.port": "80", + "tcp.stream": "61", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f447", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:d1:61:61:31:d1:61:65:15", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003769000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "1418", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.774859000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.774859000", + "frame.time_delta": "0.000643000", + "frame.time_delta_displayed": "0.000643000", + "frame.time_relative": "455.314173000", + "frame.number": "1420", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001dcf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009aba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47422", + "tcp.dstport": "80", + "tcp.port": "47422", + "tcp.port": "80", + "tcp.stream": "61", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009368", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.775310000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.775310000", + "frame.time_delta": "0.000451000", + "frame.time_delta_displayed": "0.000451000", + "frame.time_relative": "455.314624000", + "frame.number": "1421", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d804", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e084", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47422", + "tcp.port": "80", + "tcp.port": "47422", + "tcp.stream": "61", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000085fe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1420", + "tcp.analysis.ack_rtt": "0.000451000", + "tcp.analysis.initial_rtt": "0.003769000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.778613000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.778613000", + "frame.time_delta": "0.003303000", + "frame.time_delta_displayed": "0.003303000", + "frame.time_relative": "455.317927000", + "frame.number": "1422", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e885", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d003", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47422", + "tcp.dstport": "80", + "tcp.port": "47422", + "tcp.port": "80", + "tcp.stream": "61", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000cb49", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.800025000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.800025000", + "frame.time_delta": "0.021412000", + "frame.time_delta_displayed": "0.021412000", + "frame.time_relative": "455.339339000", + "frame.number": "1423", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000943c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000231c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "44", + "http.prev_response_in": "1408" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.805424000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.805424000", + "frame.time_delta": "0.005399000", + "frame.time_delta_displayed": "0.005399000", + "frame.time_relative": "455.344738000", + "frame.number": "1424", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00004799", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000070dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47423", + "tcp.dstport": "80", + "tcp.port": "47423", + "tcp.port": "80", + "tcp.stream": "62", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00009513", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:05:51:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918865, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918865", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.805968000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.805968000", + "frame.time_delta": "0.000544000", + "frame.time_delta_displayed": "0.000544000", + "frame.time_relative": "455.345282000", + "frame.number": "1425", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47423", + "tcp.port": "80", + "tcp.port": "47423", + "tcp.stream": "62", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000018ce", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1424", + "tcp.analysis.ack_rtt": "0.000544000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.808644000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.808644000", + "frame.time_delta": "0.002676000", + "frame.time_delta_displayed": "0.002676000", + "frame.time_relative": "455.347958000", + "frame.number": "1426", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000479a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000070ef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47423", + "tcp.dstport": "80", + "tcp.port": "47423", + "tcp.port": "80", + "tcp.stream": "62", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ca55", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1425", + "tcp.analysis.ack_rtt": "0.002676000", + "tcp.analysis.initial_rtt": "0.003220000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.808794000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.808794000", + "frame.time_delta": "0.000150000", + "frame.time_delta_displayed": "0.000150000", + "frame.time_relative": "455.348108000", + "frame.number": "1427", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000479b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000702e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47423", + "tcp.dstport": "80", + "tcp.port": "47423", + "tcp.port": "80", + "tcp.stream": "62", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000029d0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003220000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.809242000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.809242000", + "frame.time_delta": "0.000448000", + "frame.time_delta_displayed": "0.000448000", + "frame.time_relative": "455.348556000", + "frame.number": "1428", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cd41", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eb47", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47423", + "tcp.port": "80", + "tcp.port": "47423", + "tcp.stream": "62", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bc24", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1427", + "tcp.analysis.ack_rtt": "0.000448000", + "tcp.analysis.initial_rtt": "0.003220000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.809982000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.809982000", + "frame.time_delta": "0.000740000", + "frame.time_delta_displayed": "0.000740000", + "frame.time_relative": "455.349296000", + "frame.number": "1429", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000cd42", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eb35", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47423", + "tcp.port": "80", + "tcp.port": "47423", + "tcp.stream": "62", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000fc45", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003220000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.810344000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.810344000", + "frame.time_delta": "0.000362000", + "frame.time_delta_displayed": "0.000362000", + "frame.time_relative": "455.349658000", + "frame.number": "1430", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000cd43", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e762", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47423", + "tcp.port": "80", + "tcp.port": "47423", + "tcp.stream": "62", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004eaf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003220000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1429", + "tcp.segment": "1430", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001550000", + "http.request_in": "1427", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.810773000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.810773000", + "frame.time_delta": "0.000429000", + "frame.time_delta_displayed": "0.000429000", + "frame.time_relative": "455.350087000", + "frame.number": "1431", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000cd44", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e761", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47423", + "tcp.port": "80", + "tcp.port": "47423", + "tcp.stream": "62", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004eaf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003220000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.814231000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.814231000", + "frame.time_delta": "0.003458000", + "frame.time_delta_displayed": "0.003458000", + "frame.time_relative": "455.353545000", + "frame.number": "1432", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000479c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000070ed", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47423", + "tcp.dstport": "80", + "tcp.port": "47423", + "tcp.port": "80", + "tcp.stream": "62", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c984", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1429", + "tcp.analysis.ack_rtt": "0.004249000", + "tcp.analysis.initial_rtt": "0.003220000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.814281000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.814281000", + "frame.time_delta": "0.000050000", + "frame.time_delta_displayed": "0.000050000", + "frame.time_relative": "455.353595000", + "frame.number": "1433", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000479d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000070ec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47423", + "tcp.dstport": "80", + "tcp.port": "47423", + "tcp.port": "80", + "tcp.stream": "62", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c599", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1430", + "tcp.analysis.ack_rtt": "0.003937000", + "tcp.analysis.initial_rtt": "0.003220000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.814965000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.814965000", + "frame.time_delta": "0.000684000", + "frame.time_delta_displayed": "0.000684000", + "frame.time_relative": "455.354279000", + "frame.number": "1434", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000479e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000070df", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47423", + "tcp.dstport": "80", + "tcp.port": "47423", + "tcp.port": "80", + "tcp.stream": "62", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001e48", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:4c:ca:e9:e0:4c:ca:ed:c4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003220000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "1433", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.815008000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.815008000", + "frame.time_delta": "0.000043000", + "frame.time_delta_displayed": "0.000043000", + "frame.time_relative": "455.354322000", + "frame.number": "1435", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000479f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000070ea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47423", + "tcp.dstport": "80", + "tcp.port": "47423", + "tcp.port": "80", + "tcp.stream": "62", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c598", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.815417000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.815417000", + "frame.time_delta": "0.000409000", + "frame.time_delta_displayed": "0.000409000", + "frame.time_relative": "455.354731000", + "frame.number": "1436", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d807", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e081", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47423", + "tcp.port": "80", + "tcp.port": "47423", + "tcp.stream": "62", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b82e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1435", + "tcp.analysis.ack_rtt": "0.000409000", + "tcp.analysis.initial_rtt": "0.003220000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.818810000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.818810000", + "frame.time_delta": "0.003393000", + "frame.time_delta_displayed": "0.003393000", + "frame.time_relative": "455.358124000", + "frame.number": "1437", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e889", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cfff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47423", + "tcp.dstport": "80", + "tcp.port": "47423", + "tcp.port": "80", + "tcp.stream": "62", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000192", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.853068000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.853068000", + "frame.time_delta": "0.034258000", + "frame.time_delta_displayed": "0.034258000", + "frame.time_relative": "455.392382000", + "frame.number": "1438", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00009441", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000231d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "45", + "http.prev_response_in": "1423" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.863066000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.863066000", + "frame.time_delta": "0.009998000", + "frame.time_delta_displayed": "0.009998000", + "frame.time_relative": "455.402380000", + "frame.number": "1439", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000a6bd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000011b8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47424", + "tcp.dstport": "80", + "tcp.port": "47424", + "tcp.port": "80", + "tcp.stream": "63", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00008b41", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:05:57:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918871, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918871", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.863624000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.863624000", + "frame.time_delta": "0.000558000", + "frame.time_delta_displayed": "0.000558000", + "frame.time_relative": "455.402938000", + "frame.number": "1440", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47424", + "tcp.port": "80", + "tcp.port": "47424", + "tcp.stream": "63", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00004407", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1439", + "tcp.analysis.ack_rtt": "0.000558000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.867004000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.867004000", + "frame.time_delta": "0.003380000", + "frame.time_delta_displayed": "0.003380000", + "frame.time_relative": "455.406318000", + "frame.number": "1441", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a6be", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000011cb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47424", + "tcp.dstport": "80", + "tcp.port": "47424", + "tcp.port": "80", + "tcp.stream": "63", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f58e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1440", + "tcp.analysis.ack_rtt": "0.003380000", + "tcp.analysis.initial_rtt": "0.003938000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.867130000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.867130000", + "frame.time_delta": "0.000126000", + "frame.time_delta_displayed": "0.000126000", + "frame.time_relative": "455.406444000", + "frame.number": "1442", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000a6bf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000110a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47424", + "tcp.dstport": "80", + "tcp.port": "47424", + "tcp.port": "80", + "tcp.stream": "63", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005509", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003938000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.867567000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.867567000", + "frame.time_delta": "0.000437000", + "frame.time_delta_displayed": "0.000437000", + "frame.time_relative": "455.406881000", + "frame.number": "1443", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003fcd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000078bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47424", + "tcp.port": "80", + "tcp.port": "47424", + "tcp.stream": "63", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e75d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1442", + "tcp.analysis.ack_rtt": "0.000437000", + "tcp.analysis.initial_rtt": "0.003938000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.868287000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.868287000", + "frame.time_delta": "0.000720000", + "frame.time_delta_displayed": "0.000720000", + "frame.time_relative": "455.407601000", + "frame.number": "1444", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00003fce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000078aa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47424", + "tcp.port": "80", + "tcp.port": "47424", + "tcp.stream": "63", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000277f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003938000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.868735000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.868735000", + "frame.time_delta": "0.000448000", + "frame.time_delta_displayed": "0.000448000", + "frame.time_relative": "455.408049000", + "frame.number": "1445", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00003fcf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000074d7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47424", + "tcp.port": "80", + "tcp.port": "47424", + "tcp.stream": "63", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000079e8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003938000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1444", + "tcp.segment": "1445", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001605000", + "http.request_in": "1442", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.870777000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.870777000", + "frame.time_delta": "0.002042000", + "frame.time_delta_displayed": "0.002042000", + "frame.time_relative": "455.410091000", + "frame.number": "1446", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00003fd0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000074d6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47424", + "tcp.port": "80", + "tcp.port": "47424", + "tcp.stream": "63", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000079e8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003938000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.871430000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.871430000", + "frame.time_delta": "0.000653000", + "frame.time_delta_displayed": "0.000653000", + "frame.time_relative": "455.410744000", + "frame.number": "1447", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a6c0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000011c9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47424", + "tcp.dstport": "80", + "tcp.port": "47424", + "tcp.port": "80", + "tcp.stream": "63", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f4bd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1444", + "tcp.analysis.ack_rtt": "0.003143000", + "tcp.analysis.initial_rtt": "0.003938000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.871480000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.871480000", + "frame.time_delta": "0.000050000", + "frame.time_delta_displayed": "0.000050000", + "frame.time_relative": "455.410794000", + "frame.number": "1448", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a6c1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000011c8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47424", + "tcp.dstport": "80", + "tcp.port": "47424", + "tcp.port": "80", + "tcp.stream": "63", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f0d2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1445", + "tcp.analysis.ack_rtt": "0.002745000", + "tcp.analysis.initial_rtt": "0.003938000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.876227000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.876227000", + "frame.time_delta": "0.004747000", + "frame.time_delta_displayed": "0.004747000", + "frame.time_relative": "455.415541000", + "frame.number": "1449", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000a6c2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000011bb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47424", + "tcp.dstport": "80", + "tcp.port": "47424", + "tcp.port": "80", + "tcp.stream": "63", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b38b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:e6:3b:1b:6a:e6:3b:1f:4e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003938000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "1448", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.876639000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.876639000", + "frame.time_delta": "0.000412000", + "frame.time_delta_displayed": "0.000412000", + "frame.time_relative": "455.415953000", + "frame.number": "1450", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a6c3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000011c6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47424", + "tcp.dstport": "80", + "tcp.port": "47424", + "tcp.port": "80", + "tcp.stream": "63", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f0d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.877051000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.877051000", + "frame.time_delta": "0.000412000", + "frame.time_delta_displayed": "0.000412000", + "frame.time_relative": "455.416365000", + "frame.number": "1451", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d80b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e07d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47424", + "tcp.port": "80", + "tcp.port": "47424", + "tcp.stream": "63", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e367", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1450", + "tcp.analysis.ack_rtt": "0.000412000", + "tcp.analysis.initial_rtt": "0.003938000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:06.880378000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494046.880378000", + "frame.time_delta": "0.003327000", + "frame.time_delta_displayed": "0.003327000", + "frame.time_relative": "455.419692000", + "frame.number": "1452", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e88e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cffa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47424", + "tcp.dstport": "80", + "tcp.port": "47424", + "tcp.port": "80", + "tcp.stream": "63", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f7c5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.799485000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.799485000", + "frame.time_delta": "0.919107000", + "frame.time_delta_displayed": "0.919107000", + "frame.time_relative": "456.338799000", + "frame.number": "1453", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00009458", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002309", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "46", + "http.prev_response_in": "1438" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.836035000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.836035000", + "frame.time_delta": "0.036550000", + "frame.time_delta_displayed": "0.036550000", + "frame.time_relative": "456.375349000", + "frame.number": "1454", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000038b0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007fc5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47425", + "tcp.dstport": "80", + "tcp.port": "47425", + "tcp.port": "80", + "tcp.stream": "64", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00004c53", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:05:b8:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918968, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918968", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.879638000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.879638000", + "frame.time_delta": "0.043603000", + "frame.time_delta_displayed": "0.043603000", + "frame.time_relative": "456.418952000", + "frame.number": "1455", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47425", + "tcp.port": "80", + "tcp.port": "47425", + "tcp.stream": "64", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00005132", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1454", + "tcp.analysis.ack_rtt": "0.043603000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.879650000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.879650000", + "frame.time_delta": "0.000012000", + "frame.time_delta_displayed": "0.000012000", + "frame.time_relative": "456.418964000", + "frame.number": "1456", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000945c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000022fc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "47", + "http.prev_response_in": "1453" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.884022000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.884022000", + "frame.time_delta": "0.004372000", + "frame.time_delta_displayed": "0.004372000", + "frame.time_relative": "456.423336000", + "frame.number": "1457", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000038b1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007fd8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47425", + "tcp.dstport": "80", + "tcp.port": "47425", + "tcp.port": "80", + "tcp.stream": "64", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000002ba", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1455", + "tcp.analysis.ack_rtt": "0.004384000", + "tcp.analysis.initial_rtt": "0.047987000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.884400000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.884400000", + "frame.time_delta": "0.000378000", + "frame.time_delta_displayed": "0.000378000", + "frame.time_relative": "456.423714000", + "frame.number": "1458", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000038b2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007f17", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47425", + "tcp.dstport": "80", + "tcp.port": "47425", + "tcp.port": "80", + "tcp.stream": "64", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006234", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.047987000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.884861000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.884861000", + "frame.time_delta": "0.000461000", + "frame.time_delta_displayed": "0.000461000", + "frame.time_relative": "456.424175000", + "frame.number": "1459", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002059", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009830", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47425", + "tcp.port": "80", + "tcp.port": "47425", + "tcp.stream": "64", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f488", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1458", + "tcp.analysis.ack_rtt": "0.000461000", + "tcp.analysis.initial_rtt": "0.047987000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.885589000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.885589000", + "frame.time_delta": "0.000728000", + "frame.time_delta_displayed": "0.000728000", + "frame.time_relative": "456.424903000", + "frame.number": "1460", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000205a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000981e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47425", + "tcp.port": "80", + "tcp.port": "47425", + "tcp.stream": "64", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000034aa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.047987000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.885947000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.885947000", + "frame.time_delta": "0.000358000", + "frame.time_delta_displayed": "0.000358000", + "frame.time_relative": "456.425261000", + "frame.number": "1461", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000205b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000944b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47425", + "tcp.port": "80", + "tcp.port": "47425", + "tcp.stream": "64", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008713", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.047987000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1460", + "tcp.segment": "1461", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001547000", + "http.request_in": "1458", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.889384000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.889384000", + "frame.time_delta": "0.003437000", + "frame.time_delta_displayed": "0.003437000", + "frame.time_relative": "456.428698000", + "frame.number": "1462", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000038b3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007fd6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47425", + "tcp.dstport": "80", + "tcp.port": "47425", + "tcp.port": "80", + "tcp.stream": "64", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000001e9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1460", + "tcp.analysis.ack_rtt": "0.003795000", + "tcp.analysis.initial_rtt": "0.047987000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.889503000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.889503000", + "frame.time_delta": "0.000119000", + "frame.time_delta_displayed": "0.000119000", + "frame.time_relative": "456.428817000", + "frame.number": "1463", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000038b4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007fd5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47425", + "tcp.dstport": "80", + "tcp.port": "47425", + "tcp.port": "80", + "tcp.stream": "64", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000fdfd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1461", + "tcp.analysis.ack_rtt": "0.003556000", + "tcp.analysis.initial_rtt": "0.047987000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.890062000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.890062000", + "frame.time_delta": "0.000559000", + "frame.time_delta_displayed": "0.000559000", + "frame.time_relative": "456.429376000", + "frame.number": "1464", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000038b5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007fd4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47425", + "tcp.dstport": "80", + "tcp.port": "47425", + "tcp.port": "80", + "tcp.stream": "64", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000fdfc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.890508000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.890508000", + "frame.time_delta": "0.000446000", + "frame.time_delta_displayed": "0.000446000", + "frame.time_relative": "456.429822000", + "frame.number": "1465", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d84f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e039", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47425", + "tcp.port": "80", + "tcp.port": "47425", + "tcp.stream": "64", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f092", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1464", + "tcp.analysis.ack_rtt": "0.000446000", + "tcp.analysis.initial_rtt": "0.047987000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.893758000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.893758000", + "frame.time_delta": "0.003250000", + "frame.time_delta_displayed": "0.003250000", + "frame.time_relative": "456.433072000", + "frame.number": "1466", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e8da", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cfae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47425", + "tcp.dstport": "80", + "tcp.port": "47425", + "tcp.port": "80", + "tcp.stream": "64", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b938", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.906059000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.906059000", + "frame.time_delta": "0.012301000", + "frame.time_delta_displayed": "0.012301000", + "frame.time_relative": "456.445373000", + "frame.number": "1467", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000945f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000022ff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "48", + "http.prev_response_in": "1456" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.913004000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.913004000", + "frame.time_delta": "0.006945000", + "frame.time_delta_displayed": "0.006945000", + "frame.time_relative": "456.452318000", + "frame.number": "1468", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000c0e6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f78e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47426", + "tcp.dstport": "80", + "tcp.port": "47426", + "tcp.port": "80", + "tcp.stream": "65", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000a2ce", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:05:c0:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 918976, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "918976", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.913519000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.913519000", + "frame.time_delta": "0.000515000", + "frame.time_delta_displayed": "0.000515000", + "frame.time_relative": "456.452833000", + "frame.number": "1469", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47426", + "tcp.port": "80", + "tcp.port": "47426", + "tcp.stream": "65", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000069b0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1468", + "tcp.analysis.ack_rtt": "0.000515000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.916562000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.916562000", + "frame.time_delta": "0.003043000", + "frame.time_delta_displayed": "0.003043000", + "frame.time_relative": "456.455876000", + "frame.number": "1470", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c0e7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f7a1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47426", + "tcp.dstport": "80", + "tcp.port": "47426", + "tcp.port": "80", + "tcp.stream": "65", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001b38", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1469", + "tcp.analysis.ack_rtt": "0.003043000", + "tcp.analysis.initial_rtt": "0.003558000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.917250000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.917250000", + "frame.time_delta": "0.000688000", + "frame.time_delta_displayed": "0.000688000", + "frame.time_relative": "456.456564000", + "frame.number": "1471", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000c0e8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f6e0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47426", + "tcp.dstport": "80", + "tcp.port": "47426", + "tcp.port": "80", + "tcp.stream": "65", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007ab2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003558000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.917695000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.917695000", + "frame.time_delta": "0.000445000", + "frame.time_delta_displayed": "0.000445000", + "frame.time_relative": "456.457009000", + "frame.number": "1472", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c46b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f41d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47426", + "tcp.port": "80", + "tcp.port": "47426", + "tcp.stream": "65", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000d07", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1471", + "tcp.analysis.ack_rtt": "0.000445000", + "tcp.analysis.initial_rtt": "0.003558000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.918445000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.918445000", + "frame.time_delta": "0.000750000", + "frame.time_delta_displayed": "0.000750000", + "frame.time_relative": "456.457759000", + "frame.number": "1473", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000c46c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f40b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47426", + "tcp.port": "80", + "tcp.port": "47426", + "tcp.stream": "65", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004d28", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003558000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.918771000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.918771000", + "frame.time_delta": "0.000326000", + "frame.time_delta_displayed": "0.000326000", + "frame.time_relative": "456.458085000", + "frame.number": "1474", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000c46d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f038", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47426", + "tcp.port": "80", + "tcp.port": "47426", + "tcp.stream": "65", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009f91", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003558000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1473", + "tcp.segment": "1474", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001521000", + "http.request_in": "1471", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.920766000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.920766000", + "frame.time_delta": "0.001995000", + "frame.time_delta_displayed": "0.001995000", + "frame.time_relative": "456.460080000", + "frame.number": "1475", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000c46e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f037", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47426", + "tcp.port": "80", + "tcp.port": "47426", + "tcp.stream": "65", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009f91", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003558000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.927038000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.927038000", + "frame.time_delta": "0.006272000", + "frame.time_delta_displayed": "0.006272000", + "frame.time_relative": "456.466352000", + "frame.number": "1476", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c0e9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f79f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47426", + "tcp.dstport": "80", + "tcp.port": "47426", + "tcp.port": "80", + "tcp.stream": "65", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001a67", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1473", + "tcp.analysis.ack_rtt": "0.008593000", + "tcp.analysis.initial_rtt": "0.003558000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.927071000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.927071000", + "frame.time_delta": "0.000033000", + "frame.time_delta_displayed": "0.000033000", + "frame.time_relative": "456.466385000", + "frame.number": "1477", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c0ea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f79e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47426", + "tcp.dstport": "80", + "tcp.port": "47426", + "tcp.port": "80", + "tcp.stream": "65", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000167c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1474", + "tcp.analysis.ack_rtt": "0.008300000", + "tcp.analysis.initial_rtt": "0.003558000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.927105000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.927105000", + "frame.time_delta": "0.000034000", + "frame.time_delta_displayed": "0.000034000", + "frame.time_relative": "456.466419000", + "frame.number": "1478", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000c0eb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f791", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47426", + "tcp.dstport": "80", + "tcp.port": "47426", + "tcp.port": "80", + "tcp.stream": "65", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f49a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:13:4b:e0:a7:13:4b:e4:8b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003558000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "1477", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.927624000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.927624000", + "frame.time_delta": "0.000519000", + "frame.time_delta_displayed": "0.000519000", + "frame.time_relative": "456.466938000", + "frame.number": "1479", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c0ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f79c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47426", + "tcp.dstport": "80", + "tcp.port": "47426", + "tcp.port": "80", + "tcp.stream": "65", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000167b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.927999000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.927999000", + "frame.time_delta": "0.000375000", + "frame.time_delta_displayed": "0.000375000", + "frame.time_relative": "456.467313000", + "frame.number": "1480", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d853", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e035", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47426", + "tcp.port": "80", + "tcp.port": "47426", + "tcp.stream": "65", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000911", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1479", + "tcp.analysis.ack_rtt": "0.000375000", + "tcp.analysis.initial_rtt": "0.003558000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:07.930776000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494047.930776000", + "frame.time_delta": "0.002777000", + "frame.time_delta_displayed": "0.002777000", + "frame.time_relative": "456.470090000", + "frame.number": "1481", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e8db", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cfad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47426", + "tcp.dstport": "80", + "tcp.port": "47426", + "tcp.port": "80", + "tcp.stream": "65", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000fbc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:08.853182000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494048.853182000", + "frame.time_delta": "0.922406000", + "frame.time_delta_displayed": "0.922406000", + "frame.time_relative": "457.392496000", + "frame.number": "1482", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00009480", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000022e1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "49", + "http.prev_response_in": "1467" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:08.906005000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494048.906005000", + "frame.time_delta": "0.052823000", + "frame.time_delta_displayed": "0.052823000", + "frame.time_relative": "457.445319000", + "frame.number": "1483", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00009481", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000022d7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "50", + "http.prev_response_in": "1482" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:08.958795000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494048.958795000", + "frame.time_delta": "0.052790000", + "frame.time_delta_displayed": "0.052790000", + "frame.time_relative": "457.498109000", + "frame.number": "1484", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00009484", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000022da", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "51", + "http.prev_response_in": "1483" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:08.962504000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494048.962504000", + "frame.time_delta": "0.003709000", + "frame.time_delta_displayed": "0.003709000", + "frame.time_relative": "457.501818000", + "frame.number": "1485", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000013bd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a4b8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47427", + "tcp.dstport": "80", + "tcp.port": "47427", + "tcp.port": "80", + "tcp.stream": "66", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00009131", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:06:28:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919080, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919080", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:08.963041000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494048.963041000", + "frame.time_delta": "0.000537000", + "frame.time_delta_displayed": "0.000537000", + "frame.time_relative": "457.502355000", + "frame.number": "1486", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47427", + "tcp.port": "80", + "tcp.port": "47427", + "tcp.stream": "66", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000428c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1485", + "tcp.analysis.ack_rtt": "0.000537000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:08.966782000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494048.966782000", + "frame.time_delta": "0.003741000", + "frame.time_delta_displayed": "0.003741000", + "frame.time_relative": "457.506096000", + "frame.number": "1487", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000013be", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a4cb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47427", + "tcp.dstport": "80", + "tcp.port": "47427", + "tcp.port": "80", + "tcp.stream": "66", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f413", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1486", + "tcp.analysis.ack_rtt": "0.003741000", + "tcp.analysis.initial_rtt": "0.004278000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:08.966889000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494048.966889000", + "frame.time_delta": "0.000107000", + "frame.time_delta_displayed": "0.000107000", + "frame.time_relative": "457.506203000", + "frame.number": "1488", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000013bf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a40a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47427", + "tcp.dstport": "80", + "tcp.port": "47427", + "tcp.port": "80", + "tcp.stream": "66", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000538e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004278000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:08.967329000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494048.967329000", + "frame.time_delta": "0.000440000", + "frame.time_delta_displayed": "0.000440000", + "frame.time_relative": "457.506643000", + "frame.number": "1489", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005a57", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005e32", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47427", + "tcp.port": "80", + "tcp.port": "47427", + "tcp.stream": "66", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e5e2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1488", + "tcp.analysis.ack_rtt": "0.000440000", + "tcp.analysis.initial_rtt": "0.004278000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:08.968010000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494048.968010000", + "frame.time_delta": "0.000681000", + "frame.time_delta_displayed": "0.000681000", + "frame.time_relative": "457.507324000", + "frame.number": "1490", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00005a58", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005e20", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47427", + "tcp.port": "80", + "tcp.port": "47427", + "tcp.stream": "66", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002604", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004278000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:08.968367000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494048.968367000", + "frame.time_delta": "0.000357000", + "frame.time_delta_displayed": "0.000357000", + "frame.time_relative": "457.507681000", + "frame.number": "1491", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00005a59", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005a4d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47427", + "tcp.port": "80", + "tcp.port": "47427", + "tcp.stream": "66", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000786d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004278000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1490", + "tcp.segment": "1491", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001478000", + "http.request_in": "1488", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:08.970777000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494048.970777000", + "frame.time_delta": "0.002410000", + "frame.time_delta_displayed": "0.002410000", + "frame.time_relative": "457.510091000", + "frame.number": "1492", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00005a5a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005a4c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47427", + "tcp.port": "80", + "tcp.port": "47427", + "tcp.stream": "66", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000786d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004278000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:08.972082000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494048.972082000", + "frame.time_delta": "0.001305000", + "frame.time_delta_displayed": "0.001305000", + "frame.time_relative": "457.511396000", + "frame.number": "1493", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000013c0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a4c9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47427", + "tcp.dstport": "80", + "tcp.port": "47427", + "tcp.port": "80", + "tcp.stream": "66", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f342", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1490", + "tcp.analysis.ack_rtt": "0.004072000", + "tcp.analysis.initial_rtt": "0.004278000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:08.972193000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494048.972193000", + "frame.time_delta": "0.000111000", + "frame.time_delta_displayed": "0.000111000", + "frame.time_relative": "457.511507000", + "frame.number": "1494", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000013c1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a4c8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47427", + "tcp.dstport": "80", + "tcp.port": "47427", + "tcp.port": "80", + "tcp.stream": "66", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ef57", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1491", + "tcp.analysis.ack_rtt": "0.003826000", + "tcp.analysis.initial_rtt": "0.004278000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:08.975072000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494048.975072000", + "frame.time_delta": "0.002879000", + "frame.time_delta_displayed": "0.002879000", + "frame.time_relative": "457.514386000", + "frame.number": "1495", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000013c2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a4bb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47427", + "tcp.dstport": "80", + "tcp.port": "47427", + "tcp.port": "80", + "tcp.stream": "66", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a198", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:8a:9f:7f:42:8a:9f:83:26", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004278000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "1494", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:08.975822000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494048.975822000", + "frame.time_delta": "0.000750000", + "frame.time_delta_displayed": "0.000750000", + "frame.time_relative": "457.515136000", + "frame.number": "1496", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000013c3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a4c6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47427", + "tcp.dstport": "80", + "tcp.port": "47427", + "tcp.port": "80", + "tcp.stream": "66", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ef56", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:08.976242000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494048.976242000", + "frame.time_delta": "0.000420000", + "frame.time_delta_displayed": "0.000420000", + "frame.time_relative": "457.515556000", + "frame.number": "1497", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d864", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e024", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47427", + "tcp.port": "80", + "tcp.port": "47427", + "tcp.stream": "66", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e1ec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1496", + "tcp.analysis.ack_rtt": "0.000420000", + "tcp.analysis.initial_rtt": "0.004278000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:08.979843000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494048.979843000", + "frame.time_delta": "0.003601000", + "frame.time_delta_displayed": "0.003601000", + "frame.time_relative": "457.519157000", + "frame.number": "1498", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e925", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cf63", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47427", + "tcp.dstport": "80", + "tcp.port": "47427", + "tcp.port": "80", + "tcp.stream": "66", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000fe86", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:09.390205000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494049.390205000", + "frame.time_delta": "0.410362000", + "frame.time_delta_displayed": "0.410362000", + "frame.time_relative": "457.929519000", + "frame.number": "1499", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:09.390627000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494049.390627000", + "frame.time_delta": "0.000422000", + "frame.time_delta_displayed": "0.000422000", + "frame.time_relative": "457.929941000", + "frame.number": "1500", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:09.904943000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494049.904943000", + "frame.time_delta": "0.514316000", + "frame.time_delta_displayed": "0.514316000", + "frame.time_relative": "458.444257000", + "frame.number": "1501", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000094aa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000022b7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "52", + "http.prev_response_in": "1484" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:09.958553000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494049.958553000", + "frame.time_delta": "0.053610000", + "frame.time_delta_displayed": "0.053610000", + "frame.time_relative": "458.497867000", + "frame.number": "1502", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000094ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000022ab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "53", + "http.prev_response_in": "1501" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:09.984525000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494049.984525000", + "frame.time_delta": "0.025972000", + "frame.time_delta_displayed": "0.025972000", + "frame.time_relative": "458.523839000", + "frame.number": "1503", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000dbe4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dc90", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47428", + "tcp.dstport": "80", + "tcp.port": "47428", + "tcp.port": "80", + "tcp.stream": "67", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000c12d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:06:8f:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919183, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919183", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:09.985049000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494049.985049000", + "frame.time_delta": "0.000524000", + "frame.time_delta_displayed": "0.000524000", + "frame.time_relative": "458.524363000", + "frame.number": "1504", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47428", + "tcp.port": "80", + "tcp.port": "47428", + "tcp.stream": "67", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00000e84", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1503", + "tcp.analysis.ack_rtt": "0.000524000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:09.988148000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494049.988148000", + "frame.time_delta": "0.003099000", + "frame.time_delta_displayed": "0.003099000", + "frame.time_relative": "458.527462000", + "frame.number": "1505", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000dbe5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dca3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47428", + "tcp.dstport": "80", + "tcp.port": "47428", + "tcp.port": "80", + "tcp.stream": "67", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c00b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1504", + "tcp.analysis.ack_rtt": "0.003099000", + "tcp.analysis.initial_rtt": "0.003623000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:09.988277000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494049.988277000", + "frame.time_delta": "0.000129000", + "frame.time_delta_displayed": "0.000129000", + "frame.time_relative": "458.527591000", + "frame.number": "1506", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000dbe6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dbe2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47428", + "tcp.dstport": "80", + "tcp.port": "47428", + "tcp.port": "80", + "tcp.stream": "67", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001f86", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003623000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:09.988690000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494049.988690000", + "frame.time_delta": "0.000413000", + "frame.time_delta_displayed": "0.000413000", + "frame.time_relative": "458.528004000", + "frame.number": "1507", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003cca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007bbf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47428", + "tcp.port": "80", + "tcp.port": "47428", + "tcp.stream": "67", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b1da", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1506", + "tcp.analysis.ack_rtt": "0.000413000", + "tcp.analysis.initial_rtt": "0.003623000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:09.989456000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494049.989456000", + "frame.time_delta": "0.000766000", + "frame.time_delta_displayed": "0.000766000", + "frame.time_relative": "458.528770000", + "frame.number": "1508", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00003ccb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007bad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47428", + "tcp.port": "80", + "tcp.port": "47428", + "tcp.stream": "67", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f1fb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003623000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:09.989809000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494049.989809000", + "frame.time_delta": "0.000353000", + "frame.time_delta_displayed": "0.000353000", + "frame.time_relative": "458.529123000", + "frame.number": "1509", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00003ccc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077da", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47428", + "tcp.port": "80", + "tcp.port": "47428", + "tcp.stream": "67", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004465", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003623000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1508", + "tcp.segment": "1509", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001532000", + "http.request_in": "1506", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:09.990764000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494049.990764000", + "frame.time_delta": "0.000955000", + "frame.time_delta_displayed": "0.000955000", + "frame.time_relative": "458.530078000", + "frame.number": "1510", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00003ccd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077d9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47428", + "tcp.port": "80", + "tcp.port": "47428", + "tcp.stream": "67", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004465", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003623000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:09.992664000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494049.992664000", + "frame.time_delta": "0.001900000", + "frame.time_delta_displayed": "0.001900000", + "frame.time_relative": "458.531978000", + "frame.number": "1511", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000dbe7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dca1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47428", + "tcp.dstport": "80", + "tcp.port": "47428", + "tcp.port": "80", + "tcp.stream": "67", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bf3a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1508", + "tcp.analysis.ack_rtt": "0.003208000", + "tcp.analysis.initial_rtt": "0.003623000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:09.992780000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494049.992780000", + "frame.time_delta": "0.000116000", + "frame.time_delta_displayed": "0.000116000", + "frame.time_relative": "458.532094000", + "frame.number": "1512", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000dbe8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dca0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47428", + "tcp.dstport": "80", + "tcp.port": "47428", + "tcp.port": "80", + "tcp.stream": "67", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bb4f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1509", + "tcp.analysis.ack_rtt": "0.002971000", + "tcp.analysis.initial_rtt": "0.003623000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:09.993567000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494049.993567000", + "frame.time_delta": "0.000787000", + "frame.time_delta_displayed": "0.000787000", + "frame.time_relative": "458.532881000", + "frame.number": "1513", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000dbe9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dc9f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47428", + "tcp.dstport": "80", + "tcp.port": "47428", + "tcp.port": "80", + "tcp.stream": "67", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bb4e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:09.993687000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494049.993687000", + "frame.time_delta": "0.000120000", + "frame.time_delta_displayed": "0.000120000", + "frame.time_relative": "458.533001000", + "frame.number": "1514", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e935", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cf53", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47428", + "tcp.dstport": "80", + "tcp.port": "47428", + "tcp.port": "80", + "tcp.stream": "67", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002eeb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:09.993961000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494049.993961000", + "frame.time_delta": "0.000274000", + "frame.time_delta_displayed": "0.000274000", + "frame.time_relative": "458.533275000", + "frame.number": "1515", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d89a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dfee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47428", + "tcp.port": "80", + "tcp.port": "47428", + "tcp.stream": "67", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ade4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1513", + "tcp.analysis.ack_rtt": "0.000394000", + "tcp.analysis.initial_rtt": "0.003623000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:09.997934000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494049.997934000", + "frame.time_delta": "0.003973000", + "frame.time_delta_displayed": "0.003973000", + "frame.time_relative": "458.537248000", + "frame.number": "1516", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e936", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cf52", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47428", + "tcp.dstport": "80", + "tcp.port": "47428", + "tcp.port": "80", + "tcp.stream": "67", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002eea", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:10.011238000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494050.011238000", + "frame.time_delta": "0.013304000", + "frame.time_delta_displayed": "0.013304000", + "frame.time_relative": "458.550552000", + "frame.number": "1517", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000094ae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000022b0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "54", + "http.prev_response_in": "1502" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:10.020486000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494050.020486000", + "frame.time_delta": "0.009248000", + "frame.time_delta_displayed": "0.009248000", + "frame.time_relative": "458.559800000", + "frame.number": "1518", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000c089", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f7eb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47429", + "tcp.dstport": "80", + "tcp.port": "47429", + "tcp.port": "80", + "tcp.stream": "68", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00003e53", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:06:92:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919186, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919186", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:10.021014000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494050.021014000", + "frame.time_delta": "0.000528000", + "frame.time_delta_displayed": "0.000528000", + "frame.time_relative": "458.560328000", + "frame.number": "1519", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47429", + "tcp.port": "80", + "tcp.port": "47429", + "tcp.stream": "68", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000a962", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1518", + "tcp.analysis.ack_rtt": "0.000528000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:10.024085000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494050.024085000", + "frame.time_delta": "0.003071000", + "frame.time_delta_displayed": "0.003071000", + "frame.time_relative": "458.563399000", + "frame.number": "1520", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c08a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f7fe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47429", + "tcp.dstport": "80", + "tcp.port": "47429", + "tcp.port": "80", + "tcp.stream": "68", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005aea", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1519", + "tcp.analysis.ack_rtt": "0.003071000", + "tcp.analysis.initial_rtt": "0.003599000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:10.024213000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494050.024213000", + "frame.time_delta": "0.000128000", + "frame.time_delta_displayed": "0.000128000", + "frame.time_relative": "458.563527000", + "frame.number": "1521", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000c08b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f73d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47429", + "tcp.dstport": "80", + "tcp.port": "47429", + "tcp.port": "80", + "tcp.stream": "68", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ba64", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003599000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:10.024622000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494050.024622000", + "frame.time_delta": "0.000409000", + "frame.time_delta_displayed": "0.000409000", + "frame.time_relative": "458.563936000", + "frame.number": "1522", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e158", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d730", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47429", + "tcp.port": "80", + "tcp.port": "47429", + "tcp.stream": "68", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004cb9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1521", + "tcp.analysis.ack_rtt": "0.000409000", + "tcp.analysis.initial_rtt": "0.003599000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:10.025316000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494050.025316000", + "frame.time_delta": "0.000694000", + "frame.time_delta_displayed": "0.000694000", + "frame.time_relative": "458.564630000", + "frame.number": "1523", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000e159", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d71e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47429", + "tcp.port": "80", + "tcp.port": "47429", + "tcp.stream": "68", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008cda", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003599000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:10.025755000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494050.025755000", + "frame.time_delta": "0.000439000", + "frame.time_delta_displayed": "0.000439000", + "frame.time_relative": "458.565069000", + "frame.number": "1524", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000e15a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d34b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47429", + "tcp.port": "80", + "tcp.port": "47429", + "tcp.stream": "68", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000df43", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003599000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1523", + "tcp.segment": "1524", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001542000", + "http.request_in": "1521", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:10.028000000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494050.028000000", + "frame.time_delta": "0.002245000", + "frame.time_delta_displayed": "0.002245000", + "frame.time_relative": "458.567314000", + "frame.number": "1525", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c08c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f7fc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47429", + "tcp.dstport": "80", + "tcp.port": "47429", + "tcp.port": "80", + "tcp.stream": "68", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005a19", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1523", + "tcp.analysis.ack_rtt": "0.002684000", + "tcp.analysis.initial_rtt": "0.003599000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:10.029152000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494050.029152000", + "frame.time_delta": "0.001152000", + "frame.time_delta_displayed": "0.001152000", + "frame.time_relative": "458.568466000", + "frame.number": "1526", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c08d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f7fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47429", + "tcp.dstport": "80", + "tcp.port": "47429", + "tcp.port": "80", + "tcp.stream": "68", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000562e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1524", + "tcp.analysis.ack_rtt": "0.003397000", + "tcp.analysis.initial_rtt": "0.003599000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:10.029842000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494050.029842000", + "frame.time_delta": "0.000690000", + "frame.time_delta_displayed": "0.000690000", + "frame.time_relative": "458.569156000", + "frame.number": "1527", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c08e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f7fa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47429", + "tcp.dstport": "80", + "tcp.port": "47429", + "tcp.port": "80", + "tcp.stream": "68", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000562d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:10.030288000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494050.030288000", + "frame.time_delta": "0.000446000", + "frame.time_delta_displayed": "0.000446000", + "frame.time_relative": "458.569602000", + "frame.number": "1528", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d89c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dfec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47429", + "tcp.port": "80", + "tcp.port": "47429", + "tcp.stream": "68", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000048c3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1527", + "tcp.analysis.ack_rtt": "0.000446000", + "tcp.analysis.initial_rtt": "0.003599000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:10.033579000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494050.033579000", + "frame.time_delta": "0.003291000", + "frame.time_delta_displayed": "0.003291000", + "frame.time_relative": "458.572893000", + "frame.number": "1529", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e938", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cf50", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47429", + "tcp.dstport": "80", + "tcp.port": "47429", + "tcp.port": "80", + "tcp.stream": "68", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ac12", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:10.212922000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494050.212922000", + "frame.time_delta": "0.179343000", + "frame.time_delta_displayed": "0.179343000", + "frame.time_relative": "458.752236000", + "frame.number": "1530", + "frame.len": "98", + "frame.cap_len": "98", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "84", + "ip.id": "0x00000aa2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ee0e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "64", + "udp.checksum": "0x0000ab7f", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "38:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:44:b5:65:1c:d7:cc:f2:14:13:00:00:00:00:70:a6:c7:74:f0:da:13:00:00:00:00:00:00:00:00:01:00:02:00", + "data.len": "56" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.063513000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.063513000", + "frame.time_delta": "0.850591000", + "frame.time_delta_displayed": "0.850591000", + "frame.time_relative": "459.602827000", + "frame.number": "1531", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00009506", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000225b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "55", + "http.prev_response_in": "1517" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.116348000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.116348000", + "frame.time_delta": "0.052835000", + "frame.time_delta_displayed": "0.052835000", + "frame.time_relative": "459.655662000", + "frame.number": "1532", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00009508", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002250", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "56", + "http.prev_response_in": "1531" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.117545000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.117545000", + "frame.time_delta": "0.001197000", + "frame.time_delta_displayed": "0.001197000", + "frame.time_relative": "459.656859000", + "frame.number": "1533", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000c8f0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ef84", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47430", + "tcp.dstport": "80", + "tcp.port": "47430", + "tcp.port": "80", + "tcp.stream": "69", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000cff4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:07:00:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919296, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919296", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.118069000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.118069000", + "frame.time_delta": "0.000524000", + "frame.time_delta_displayed": "0.000524000", + "frame.time_relative": "459.657383000", + "frame.number": "1534", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47430", + "tcp.port": "80", + "tcp.port": "47430", + "tcp.stream": "69", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000011fe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1533", + "tcp.analysis.ack_rtt": "0.000524000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.121667000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.121667000", + "frame.time_delta": "0.003598000", + "frame.time_delta_displayed": "0.003598000", + "frame.time_relative": "459.660981000", + "frame.number": "1535", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c8f1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ef97", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47430", + "tcp.dstport": "80", + "tcp.port": "47430", + "tcp.port": "80", + "tcp.stream": "69", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c385", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1534", + "tcp.analysis.ack_rtt": "0.003598000", + "tcp.analysis.initial_rtt": "0.004122000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.122481000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.122481000", + "frame.time_delta": "0.000814000", + "frame.time_delta_displayed": "0.000814000", + "frame.time_relative": "459.661795000", + "frame.number": "1536", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000c8f2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eed6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47430", + "tcp.dstport": "80", + "tcp.port": "47430", + "tcp.port": "80", + "tcp.stream": "69", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002300", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004122000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.122956000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.122956000", + "frame.time_delta": "0.000475000", + "frame.time_delta_displayed": "0.000475000", + "frame.time_relative": "459.662270000", + "frame.number": "1537", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d72f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e159", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47430", + "tcp.port": "80", + "tcp.port": "47430", + "tcp.stream": "69", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b554", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1536", + "tcp.analysis.ack_rtt": "0.000475000", + "tcp.analysis.initial_rtt": "0.004122000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.123681000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.123681000", + "frame.time_delta": "0.000725000", + "frame.time_delta_displayed": "0.000725000", + "frame.time_relative": "459.662995000", + "frame.number": "1538", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000d730", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e147", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47430", + "tcp.port": "80", + "tcp.port": "47430", + "tcp.stream": "69", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f575", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004122000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.124034000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.124034000", + "frame.time_delta": "0.000353000", + "frame.time_delta_displayed": "0.000353000", + "frame.time_relative": "459.663348000", + "frame.number": "1539", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000d731", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dd74", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47430", + "tcp.port": "80", + "tcp.port": "47430", + "tcp.stream": "69", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000047df", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004122000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1538", + "tcp.segment": "1539", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001553000", + "http.request_in": "1536", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.128164000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.128164000", + "frame.time_delta": "0.004130000", + "frame.time_delta_displayed": "0.004130000", + "frame.time_relative": "459.667478000", + "frame.number": "1540", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c8f3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ef95", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47430", + "tcp.dstport": "80", + "tcp.port": "47430", + "tcp.port": "80", + "tcp.stream": "69", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c2b4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1538", + "tcp.analysis.ack_rtt": "0.004483000", + "tcp.analysis.initial_rtt": "0.004122000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.129291000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.129291000", + "frame.time_delta": "0.001127000", + "frame.time_delta_displayed": "0.001127000", + "frame.time_relative": "459.668605000", + "frame.number": "1541", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c8f4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ef94", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47430", + "tcp.dstport": "80", + "tcp.port": "47430", + "tcp.port": "80", + "tcp.stream": "69", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bec9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1539", + "tcp.analysis.ack_rtt": "0.005257000", + "tcp.analysis.initial_rtt": "0.004122000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.130923000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.130923000", + "frame.time_delta": "0.001632000", + "frame.time_delta_displayed": "0.001632000", + "frame.time_relative": "459.670237000", + "frame.number": "1542", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c8f5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ef93", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47430", + "tcp.dstport": "80", + "tcp.port": "47430", + "tcp.port": "80", + "tcp.stream": "69", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bec8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.131378000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.131378000", + "frame.time_delta": "0.000455000", + "frame.time_delta_displayed": "0.000455000", + "frame.time_relative": "459.670692000", + "frame.number": "1543", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d8fe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000df8a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47430", + "tcp.port": "80", + "tcp.port": "47430", + "tcp.stream": "69", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b15e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1542", + "tcp.analysis.ack_rtt": "0.000455000", + "tcp.analysis.initial_rtt": "0.004122000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.135954000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.135954000", + "frame.time_delta": "0.004576000", + "frame.time_delta_displayed": "0.004576000", + "frame.time_relative": "459.675268000", + "frame.number": "1544", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e947", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cf41", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47430", + "tcp.dstport": "80", + "tcp.port": "47430", + "tcp.port": "80", + "tcp.stream": "69", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003e22", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.169018000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.169018000", + "frame.time_delta": "0.033064000", + "frame.time_delta_displayed": "0.033064000", + "frame.time_relative": "459.708332000", + "frame.number": "1545", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00009509", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002255", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "57", + "http.prev_response_in": "1532" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.185085000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.185085000", + "frame.time_delta": "0.016067000", + "frame.time_delta_displayed": "0.016067000", + "frame.time_relative": "459.724399000", + "frame.number": "1546", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000360b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000826a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47431", + "tcp.dstport": "80", + "tcp.port": "47431", + "tcp.port": "80", + "tcp.stream": "70", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000af7f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:07:07:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919303, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919303", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.185643000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.185643000", + "frame.time_delta": "0.000558000", + "frame.time_delta_displayed": "0.000558000", + "frame.time_relative": "459.724957000", + "frame.number": "1547", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47431", + "tcp.port": "80", + "tcp.port": "47431", + "tcp.stream": "70", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00007360", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1546", + "tcp.analysis.ack_rtt": "0.000558000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.190196000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.190196000", + "frame.time_delta": "0.004553000", + "frame.time_delta_displayed": "0.004553000", + "frame.time_relative": "459.729510000", + "frame.number": "1548", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000360c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000827d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47431", + "tcp.dstport": "80", + "tcp.port": "47431", + "tcp.port": "80", + "tcp.stream": "70", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000024e8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1547", + "tcp.analysis.ack_rtt": "0.004553000", + "tcp.analysis.initial_rtt": "0.005111000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.190776000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.190776000", + "frame.time_delta": "0.000580000", + "frame.time_delta_displayed": "0.000580000", + "frame.time_relative": "459.730090000", + "frame.number": "1549", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000360d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000081bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47431", + "tcp.dstport": "80", + "tcp.port": "47431", + "tcp.port": "80", + "tcp.stream": "70", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008462", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005111000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.191273000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.191273000", + "frame.time_delta": "0.000497000", + "frame.time_delta_displayed": "0.000497000", + "frame.time_relative": "459.730587000", + "frame.number": "1550", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000dee0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d9a8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47431", + "tcp.port": "80", + "tcp.port": "47431", + "tcp.stream": "70", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000016b7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1549", + "tcp.analysis.ack_rtt": "0.000497000", + "tcp.analysis.initial_rtt": "0.005111000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.191923000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.191923000", + "frame.time_delta": "0.000650000", + "frame.time_delta_displayed": "0.000650000", + "frame.time_relative": "459.731237000", + "frame.number": "1551", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000dee1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d996", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47431", + "tcp.port": "80", + "tcp.port": "47431", + "tcp.stream": "70", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000056d8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005111000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.192291000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.192291000", + "frame.time_delta": "0.000368000", + "frame.time_delta_displayed": "0.000368000", + "frame.time_relative": "459.731605000", + "frame.number": "1552", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000dee2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d5c3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47431", + "tcp.port": "80", + "tcp.port": "47431", + "tcp.stream": "70", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a941", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005111000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1551", + "tcp.segment": "1552", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001515000", + "http.request_in": "1549", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.197954000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.197954000", + "frame.time_delta": "0.005663000", + "frame.time_delta_displayed": "0.005663000", + "frame.time_relative": "459.737268000", + "frame.number": "1553", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000360e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000827b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47431", + "tcp.dstport": "80", + "tcp.port": "47431", + "tcp.port": "80", + "tcp.stream": "70", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002417", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1551", + "tcp.analysis.ack_rtt": "0.006031000", + "tcp.analysis.initial_rtt": "0.005111000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.198446000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.198446000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "459.737760000", + "frame.number": "1554", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000360f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000827a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47431", + "tcp.dstport": "80", + "tcp.port": "47431", + "tcp.port": "80", + "tcp.stream": "70", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000202c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1552", + "tcp.analysis.ack_rtt": "0.006155000", + "tcp.analysis.initial_rtt": "0.005111000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.199922000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.199922000", + "frame.time_delta": "0.001476000", + "frame.time_delta_displayed": "0.001476000", + "frame.time_relative": "459.739236000", + "frame.number": "1555", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003610", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008279", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47431", + "tcp.dstport": "80", + "tcp.port": "47431", + "tcp.port": "80", + "tcp.stream": "70", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000202b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.200381000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.200381000", + "frame.time_delta": "0.000459000", + "frame.time_delta_displayed": "0.000459000", + "frame.time_relative": "459.739695000", + "frame.number": "1556", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d8ff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000df89", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47431", + "tcp.port": "80", + "tcp.port": "47431", + "tcp.stream": "70", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000012c1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1555", + "tcp.analysis.ack_rtt": "0.000459000", + "tcp.analysis.initial_rtt": "0.005111000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.205455000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.205455000", + "frame.time_delta": "0.005074000", + "frame.time_delta_displayed": "0.005074000", + "frame.time_relative": "459.744769000", + "frame.number": "1557", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e948", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cf40", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47431", + "tcp.dstport": "80", + "tcp.port": "47431", + "tcp.port": "80", + "tcp.stream": "70", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001db4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:11.283622000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494051.283622000", + "frame.time_delta": "0.078167000", + "frame.time_delta_displayed": "0.078167000", + "frame.time_relative": "459.822936000", + "frame.number": "1558", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.115322000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.115322000", + "frame.time_delta": "0.831700000", + "frame.time_delta_displayed": "0.831700000", + "frame.time_relative": "460.654636000", + "frame.number": "1559", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00009541", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002220", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "58", + "http.prev_response_in": "1545" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.132119000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.132119000", + "frame.time_delta": "0.016797000", + "frame.time_delta_displayed": "0.016797000", + "frame.time_relative": "460.671433000", + "frame.number": "1560", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00002b2a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008d4b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47432", + "tcp.dstport": "80", + "tcp.port": "47432", + "tcp.port": "80", + "tcp.stream": "71", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00005c40", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:07:65:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919397, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919397", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.132627000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.132627000", + "frame.time_delta": "0.000508000", + "frame.time_delta_displayed": "0.000508000", + "frame.time_relative": "460.671941000", + "frame.number": "1561", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47432", + "tcp.port": "80", + "tcp.port": "47432", + "tcp.stream": "71", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000c04e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1560", + "tcp.analysis.ack_rtt": "0.000508000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.135762000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.135762000", + "frame.time_delta": "0.003135000", + "frame.time_delta_displayed": "0.003135000", + "frame.time_relative": "460.675076000", + "frame.number": "1562", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002b2b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008d5e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47432", + "tcp.dstport": "80", + "tcp.port": "47432", + "tcp.port": "80", + "tcp.stream": "71", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000071d6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1561", + "tcp.analysis.ack_rtt": "0.003135000", + "tcp.analysis.initial_rtt": "0.003643000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.135893000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.135893000", + "frame.time_delta": "0.000131000", + "frame.time_delta_displayed": "0.000131000", + "frame.time_relative": "460.675207000", + "frame.number": "1563", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00002b2c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008c9d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47432", + "tcp.dstport": "80", + "tcp.port": "47432", + "tcp.port": "80", + "tcp.stream": "71", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d150", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003643000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.136318000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.136318000", + "frame.time_delta": "0.000425000", + "frame.time_delta_displayed": "0.000425000", + "frame.time_relative": "460.675632000", + "frame.number": "1564", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a3a5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000014e4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47432", + "tcp.port": "80", + "tcp.port": "47432", + "tcp.stream": "71", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000063a5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1563", + "tcp.analysis.ack_rtt": "0.000425000", + "tcp.analysis.initial_rtt": "0.003643000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.137064000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.137064000", + "frame.time_delta": "0.000746000", + "frame.time_delta_displayed": "0.000746000", + "frame.time_relative": "460.676378000", + "frame.number": "1565", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000a3a6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000014d2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47432", + "tcp.port": "80", + "tcp.port": "47432", + "tcp.stream": "71", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a3c6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003643000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.137420000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.137420000", + "frame.time_delta": "0.000356000", + "frame.time_delta_displayed": "0.000356000", + "frame.time_relative": "460.676734000", + "frame.number": "1566", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000a3a7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000010ff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47432", + "tcp.port": "80", + "tcp.port": "47432", + "tcp.stream": "71", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f62f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003643000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1565", + "tcp.segment": "1566", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001527000", + "http.request_in": "1563", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.140784000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.140784000", + "frame.time_delta": "0.003364000", + "frame.time_delta_displayed": "0.003364000", + "frame.time_relative": "460.680098000", + "frame.number": "1567", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000a3a8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000010fe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47432", + "tcp.port": "80", + "tcp.port": "47432", + "tcp.stream": "71", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f62f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003643000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.141035000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.141035000", + "frame.time_delta": "0.000251000", + "frame.time_delta_displayed": "0.000251000", + "frame.time_relative": "460.680349000", + "frame.number": "1568", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002b2d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008d5c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47432", + "tcp.dstport": "80", + "tcp.port": "47432", + "tcp.port": "80", + "tcp.stream": "71", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007105", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1565", + "tcp.analysis.ack_rtt": "0.003971000", + "tcp.analysis.initial_rtt": "0.003643000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.143877000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.143877000", + "frame.time_delta": "0.002842000", + "frame.time_delta_displayed": "0.002842000", + "frame.time_relative": "460.683191000", + "frame.number": "1569", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002b2e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008d5b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47432", + "tcp.dstport": "80", + "tcp.port": "47432", + "tcp.port": "80", + "tcp.stream": "71", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006d1a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1566", + "tcp.analysis.ack_rtt": "0.006457000", + "tcp.analysis.initial_rtt": "0.003643000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.143920000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.143920000", + "frame.time_delta": "0.000043000", + "frame.time_delta_displayed": "0.000043000", + "frame.time_relative": "460.683234000", + "frame.number": "1570", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002b2f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008d4e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47432", + "tcp.dstport": "80", + "tcp.port": "47432", + "tcp.port": "80", + "tcp.stream": "71", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008248", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:d3:53:85:17:d3:53:88:fb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003643000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "1569", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.144576000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.144576000", + "frame.time_delta": "0.000656000", + "frame.time_delta_displayed": "0.000656000", + "frame.time_relative": "460.683890000", + "frame.number": "1571", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002b30", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008d59", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47432", + "tcp.dstport": "80", + "tcp.port": "47432", + "tcp.port": "80", + "tcp.stream": "71", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006d19", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.145006000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.145006000", + "frame.time_delta": "0.000430000", + "frame.time_delta_displayed": "0.000430000", + "frame.time_relative": "460.684320000", + "frame.number": "1572", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d945", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000df43", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47432", + "tcp.port": "80", + "tcp.port": "47432", + "tcp.stream": "71", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005faf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1571", + "tcp.analysis.ack_rtt": "0.000430000", + "tcp.analysis.initial_rtt": "0.003643000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.147969000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.147969000", + "frame.time_delta": "0.002963000", + "frame.time_delta_displayed": "0.002963000", + "frame.time_relative": "460.687283000", + "frame.number": "1573", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e98d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cefb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47432", + "tcp.dstport": "80", + "tcp.port": "47432", + "tcp.port": "80", + "tcp.stream": "71", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000cad2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.169330000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.169330000", + "frame.time_delta": "0.021361000", + "frame.time_delta_displayed": "0.021361000", + "frame.time_relative": "460.708644000", + "frame.number": "1574", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00009546", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002212", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "59", + "http.prev_response_in": "1559" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.174575000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.174575000", + "frame.time_delta": "0.005245000", + "frame.time_delta_displayed": "0.005245000", + "frame.time_relative": "460.713889000", + "frame.number": "1575", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000b88a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ffea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47433", + "tcp.dstport": "80", + "tcp.port": "47433", + "tcp.port": "80", + "tcp.stream": "72", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00006233", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:07:6a:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919402, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919402", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.175148000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.175148000", + "frame.time_delta": "0.000573000", + "frame.time_delta_displayed": "0.000573000", + "frame.time_relative": "460.714462000", + "frame.number": "1576", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47433", + "tcp.port": "80", + "tcp.port": "47433", + "tcp.stream": "72", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000db9f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1575", + "tcp.analysis.ack_rtt": "0.000573000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.177856000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.177856000", + "frame.time_delta": "0.002708000", + "frame.time_delta_displayed": "0.002708000", + "frame.time_relative": "460.717170000", + "frame.number": "1577", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b88b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fffd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47433", + "tcp.dstport": "80", + "tcp.port": "47433", + "tcp.port": "80", + "tcp.stream": "72", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008d27", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1576", + "tcp.analysis.ack_rtt": "0.002708000", + "tcp.analysis.initial_rtt": "0.003281000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.177901000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.177901000", + "frame.time_delta": "0.000045000", + "frame.time_delta_displayed": "0.000045000", + "frame.time_relative": "460.717215000", + "frame.number": "1578", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000b88c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ff3c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47433", + "tcp.dstport": "80", + "tcp.port": "47433", + "tcp.port": "80", + "tcp.stream": "72", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000eca1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003281000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.178387000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.178387000", + "frame.time_delta": "0.000486000", + "frame.time_delta_displayed": "0.000486000", + "frame.time_relative": "460.717701000", + "frame.number": "1579", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002e41", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008a48", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47433", + "tcp.port": "80", + "tcp.port": "47433", + "tcp.stream": "72", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007ef6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1578", + "tcp.analysis.ack_rtt": "0.000486000", + "tcp.analysis.initial_rtt": "0.003281000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.179075000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.179075000", + "frame.time_delta": "0.000688000", + "frame.time_delta_displayed": "0.000688000", + "frame.time_relative": "460.718389000", + "frame.number": "1580", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00002e42", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008a36", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47433", + "tcp.port": "80", + "tcp.port": "47433", + "tcp.stream": "72", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bf17", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003281000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.179517000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.179517000", + "frame.time_delta": "0.000442000", + "frame.time_delta_displayed": "0.000442000", + "frame.time_relative": "460.718831000", + "frame.number": "1581", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00002e43", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008663", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47433", + "tcp.port": "80", + "tcp.port": "47433", + "tcp.stream": "72", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001181", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003281000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1580", + "tcp.segment": "1581", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001616000", + "http.request_in": "1578", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.180773000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.180773000", + "frame.time_delta": "0.001256000", + "frame.time_delta_displayed": "0.001256000", + "frame.time_relative": "460.720087000", + "frame.number": "1582", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00002e44", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008662", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47433", + "tcp.port": "80", + "tcp.port": "47433", + "tcp.stream": "72", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001181", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003281000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.181623000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.181623000", + "frame.time_delta": "0.000850000", + "frame.time_delta_displayed": "0.000850000", + "frame.time_relative": "460.720937000", + "frame.number": "1583", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b88d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fffb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47433", + "tcp.dstport": "80", + "tcp.port": "47433", + "tcp.port": "80", + "tcp.stream": "72", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008c56", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1580", + "tcp.analysis.ack_rtt": "0.002548000", + "tcp.analysis.initial_rtt": "0.003281000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.181760000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.181760000", + "frame.time_delta": "0.000137000", + "frame.time_delta_displayed": "0.000137000", + "frame.time_relative": "460.721074000", + "frame.number": "1584", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b88e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fffa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47433", + "tcp.dstport": "80", + "tcp.port": "47433", + "tcp.port": "80", + "tcp.stream": "72", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000886b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1581", + "tcp.analysis.ack_rtt": "0.002243000", + "tcp.analysis.initial_rtt": "0.003281000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.182241000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.182241000", + "frame.time_delta": "0.000481000", + "frame.time_delta_displayed": "0.000481000", + "frame.time_relative": "460.721555000", + "frame.number": "1585", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b88f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fff9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47433", + "tcp.dstport": "80", + "tcp.port": "47433", + "tcp.port": "80", + "tcp.stream": "72", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000886a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.182671000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.182671000", + "frame.time_delta": "0.000430000", + "frame.time_delta_displayed": "0.000430000", + "frame.time_relative": "460.721985000", + "frame.number": "1586", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d949", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000df3f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47433", + "tcp.port": "80", + "tcp.port": "47433", + "tcp.stream": "72", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007b00", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1585", + "tcp.analysis.ack_rtt": "0.000430000", + "tcp.analysis.initial_rtt": "0.003281000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.184468000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.184468000", + "frame.time_delta": "0.001797000", + "frame.time_delta_displayed": "0.001797000", + "frame.time_relative": "460.723782000", + "frame.number": "1587", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e98f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cef9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47433", + "tcp.dstport": "80", + "tcp.port": "47433", + "tcp.port": "80", + "tcp.stream": "72", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d0cb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.184593000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.184593000", + "frame.time_delta": "0.000125000", + "frame.time_delta_displayed": "0.000125000", + "frame.time_relative": "460.723907000", + "frame.number": "1588", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e990", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cef8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47433", + "tcp.dstport": "80", + "tcp.port": "47433", + "tcp.port": "80", + "tcp.stream": "72", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d0ca", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.222223000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.222223000", + "frame.time_delta": "0.037630000", + "frame.time_delta_displayed": "0.037630000", + "frame.time_relative": "460.761537000", + "frame.number": "1589", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000954b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002213", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "60", + "http.prev_response_in": "1574" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.229612000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.229612000", + "frame.time_delta": "0.007389000", + "frame.time_delta_displayed": "0.007389000", + "frame.time_relative": "460.768926000", + "frame.number": "1590", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000022ab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000095ca", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47434", + "tcp.dstport": "80", + "tcp.port": "47434", + "tcp.port": "80", + "tcp.stream": "73", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00000edb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:07:6f:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919407, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919407", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.230263000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.230263000", + "frame.time_delta": "0.000651000", + "frame.time_delta_displayed": "0.000651000", + "frame.time_relative": "460.769577000", + "frame.number": "1591", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47434", + "tcp.port": "80", + "tcp.port": "47434", + "tcp.stream": "73", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00006107", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1590", + "tcp.analysis.ack_rtt": "0.000651000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.234576000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.234576000", + "frame.time_delta": "0.004313000", + "frame.time_delta_displayed": "0.004313000", + "frame.time_relative": "460.773890000", + "frame.number": "1592", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000022ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000095dd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47434", + "tcp.dstport": "80", + "tcp.port": "47434", + "tcp.port": "80", + "tcp.stream": "73", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000128f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1591", + "tcp.analysis.ack_rtt": "0.004313000", + "tcp.analysis.initial_rtt": "0.004964000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.235278000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.235278000", + "frame.time_delta": "0.000702000", + "frame.time_delta_displayed": "0.000702000", + "frame.time_relative": "460.774592000", + "frame.number": "1593", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000022ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000951c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47434", + "tcp.dstport": "80", + "tcp.port": "47434", + "tcp.port": "80", + "tcp.stream": "73", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007209", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004964000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.235750000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.235750000", + "frame.time_delta": "0.000472000", + "frame.time_delta_displayed": "0.000472000", + "frame.time_relative": "460.775064000", + "frame.number": "1594", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004189", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007700", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47434", + "tcp.port": "80", + "tcp.port": "47434", + "tcp.stream": "73", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000045e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1593", + "tcp.analysis.ack_rtt": "0.000472000", + "tcp.analysis.initial_rtt": "0.004964000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.236473000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.236473000", + "frame.time_delta": "0.000723000", + "frame.time_delta_displayed": "0.000723000", + "frame.time_relative": "460.775787000", + "frame.number": "1595", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000418a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076ee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47434", + "tcp.port": "80", + "tcp.port": "47434", + "tcp.stream": "73", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000447f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004964000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.236827000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.236827000", + "frame.time_delta": "0.000354000", + "frame.time_delta_displayed": "0.000354000", + "frame.time_relative": "460.776141000", + "frame.number": "1596", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000418b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000731b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47434", + "tcp.port": "80", + "tcp.port": "47434", + "tcp.stream": "73", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000096e8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004964000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1595", + "tcp.segment": "1596", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001549000", + "http.request_in": "1593", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.240381000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.240381000", + "frame.time_delta": "0.003554000", + "frame.time_delta_displayed": "0.003554000", + "frame.time_relative": "460.779695000", + "frame.number": "1597", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000022ae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000095db", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47434", + "tcp.dstport": "80", + "tcp.port": "47434", + "tcp.port": "80", + "tcp.stream": "73", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000011be", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1595", + "tcp.analysis.ack_rtt": "0.003908000", + "tcp.analysis.initial_rtt": "0.004964000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.240442000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.240442000", + "frame.time_delta": "0.000061000", + "frame.time_delta_displayed": "0.000061000", + "frame.time_relative": "460.779756000", + "frame.number": "1598", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000022af", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000095da", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47434", + "tcp.dstport": "80", + "tcp.port": "47434", + "tcp.port": "80", + "tcp.stream": "73", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000dd3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1596", + "tcp.analysis.ack_rtt": "0.003615000", + "tcp.analysis.initial_rtt": "0.004964000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.241073000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.241073000", + "frame.time_delta": "0.000631000", + "frame.time_delta_displayed": "0.000631000", + "frame.time_relative": "460.780387000", + "frame.number": "1599", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000022b0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000095d9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47434", + "tcp.dstport": "80", + "tcp.port": "47434", + "tcp.port": "80", + "tcp.stream": "73", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000dd2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.241496000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.241496000", + "frame.time_delta": "0.000423000", + "frame.time_delta_displayed": "0.000423000", + "frame.time_relative": "460.780810000", + "frame.number": "1600", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d94a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000df3e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47434", + "tcp.port": "80", + "tcp.port": "47434", + "tcp.stream": "73", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000068", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1599", + "tcp.analysis.ack_rtt": "0.000423000", + "tcp.analysis.initial_rtt": "0.004964000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.245235000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.245235000", + "frame.time_delta": "0.003739000", + "frame.time_delta_displayed": "0.003739000", + "frame.time_relative": "460.784549000", + "frame.number": "1601", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e995", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cef3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47434", + "tcp.dstport": "80", + "tcp.port": "47434", + "tcp.port": "80", + "tcp.stream": "73", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007d77", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.485366000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.485366000", + "frame.time_delta": "0.240131000", + "frame.time_delta_displayed": "0.240131000", + "frame.time_relative": "461.024680000", + "frame.number": "1602", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00009559", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002208", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "61", + "http.prev_response_in": "1589" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.538208000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.538208000", + "frame.time_delta": "0.052842000", + "frame.time_delta_displayed": "0.052842000", + "frame.time_relative": "461.077522000", + "frame.number": "1603", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000955d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000021fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "62", + "http.prev_response_in": "1602" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.546732000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.546732000", + "frame.time_delta": "0.008524000", + "frame.time_delta_displayed": "0.008524000", + "frame.time_relative": "461.086046000", + "frame.number": "1604", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00000675", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b200", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47435", + "tcp.dstport": "80", + "tcp.port": "47435", + "tcp.port": "80", + "tcp.stream": "74", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x000026aa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:07:8f:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919439, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919439", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.547278000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.547278000", + "frame.time_delta": "0.000546000", + "frame.time_delta_displayed": "0.000546000", + "frame.time_relative": "461.086592000", + "frame.number": "1605", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47435", + "tcp.port": "80", + "tcp.port": "47435", + "tcp.stream": "74", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00000a95", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1604", + "tcp.analysis.ack_rtt": "0.000546000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.550583000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.550583000", + "frame.time_delta": "0.003305000", + "frame.time_delta_displayed": "0.003305000", + "frame.time_relative": "461.089897000", + "frame.number": "1606", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000676", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b213", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47435", + "tcp.dstport": "80", + "tcp.port": "47435", + "tcp.port": "80", + "tcp.stream": "74", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bc1c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1605", + "tcp.analysis.ack_rtt": "0.003305000", + "tcp.analysis.initial_rtt": "0.003851000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.560914000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.560914000", + "frame.time_delta": "0.010331000", + "frame.time_delta_displayed": "0.010331000", + "frame.time_relative": "461.100228000", + "frame.number": "1607", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00000677", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b152", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47435", + "tcp.dstport": "80", + "tcp.port": "47435", + "tcp.port": "80", + "tcp.stream": "74", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001b97", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003851000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.561426000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.561426000", + "frame.time_delta": "0.000512000", + "frame.time_delta_displayed": "0.000512000", + "frame.time_relative": "461.100740000", + "frame.number": "1608", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002cf3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008b96", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47435", + "tcp.port": "80", + "tcp.port": "47435", + "tcp.stream": "74", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000adeb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1607", + "tcp.analysis.ack_rtt": "0.000512000", + "tcp.analysis.initial_rtt": "0.003851000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.562084000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.562084000", + "frame.time_delta": "0.000658000", + "frame.time_delta_displayed": "0.000658000", + "frame.time_relative": "461.101398000", + "frame.number": "1609", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00002cf4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008b84", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47435", + "tcp.port": "80", + "tcp.port": "47435", + "tcp.stream": "74", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ee0c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003851000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.562434000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.562434000", + "frame.time_delta": "0.000350000", + "frame.time_delta_displayed": "0.000350000", + "frame.time_relative": "461.101748000", + "frame.number": "1610", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00002cf5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000087b1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47435", + "tcp.port": "80", + "tcp.port": "47435", + "tcp.stream": "74", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004076", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003851000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1609", + "tcp.segment": "1610", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001520000", + "http.request_in": "1607", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.564627000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.564627000", + "frame.time_delta": "0.002193000", + "frame.time_delta_displayed": "0.002193000", + "frame.time_relative": "461.103941000", + "frame.number": "1611", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000678", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b211", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47435", + "tcp.dstport": "80", + "tcp.port": "47435", + "tcp.port": "80", + "tcp.stream": "74", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bb4b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1609", + "tcp.analysis.ack_rtt": "0.002543000", + "tcp.analysis.initial_rtt": "0.003851000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.567172000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.567172000", + "frame.time_delta": "0.002545000", + "frame.time_delta_displayed": "0.002545000", + "frame.time_relative": "461.106486000", + "frame.number": "1612", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000679", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b210", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47435", + "tcp.dstport": "80", + "tcp.port": "47435", + "tcp.port": "80", + "tcp.stream": "74", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b760", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1610", + "tcp.analysis.ack_rtt": "0.004738000", + "tcp.analysis.initial_rtt": "0.003851000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.568354000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.568354000", + "frame.time_delta": "0.001182000", + "frame.time_delta_displayed": "0.001182000", + "frame.time_relative": "461.107668000", + "frame.number": "1613", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000067a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b20f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47435", + "tcp.dstport": "80", + "tcp.port": "47435", + "tcp.port": "80", + "tcp.stream": "74", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b75f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.568792000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.568792000", + "frame.time_delta": "0.000438000", + "frame.time_delta_displayed": "0.000438000", + "frame.time_relative": "461.108106000", + "frame.number": "1614", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d952", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000df36", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47435", + "tcp.port": "80", + "tcp.port": "47435", + "tcp.stream": "74", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a9f5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1613", + "tcp.analysis.ack_rtt": "0.000438000", + "tcp.analysis.initial_rtt": "0.003851000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.572948000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.572948000", + "frame.time_delta": "0.004156000", + "frame.time_delta_displayed": "0.004156000", + "frame.time_relative": "461.112262000", + "frame.number": "1615", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e9aa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cede", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47435", + "tcp.dstport": "80", + "tcp.port": "47435", + "tcp.port": "80", + "tcp.stream": "74", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009566", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.591225000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.591225000", + "frame.time_delta": "0.018277000", + "frame.time_delta_displayed": "0.018277000", + "frame.time_relative": "461.130539000", + "frame.number": "1616", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000955e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002200", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "63", + "http.prev_response_in": "1603" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.598262000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.598262000", + "frame.time_delta": "0.007037000", + "frame.time_delta_displayed": "0.007037000", + "frame.time_relative": "461.137576000", + "frame.number": "1617", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000fad5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bd9f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47436", + "tcp.dstport": "80", + "tcp.port": "47436", + "tcp.port": "80", + "tcp.stream": "75", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000a6b9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:07:94:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919444, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919444", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.598823000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.598823000", + "frame.time_delta": "0.000561000", + "frame.time_delta_displayed": "0.000561000", + "frame.time_relative": "461.138137000", + "frame.number": "1618", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47436", + "tcp.port": "80", + "tcp.port": "47436", + "tcp.stream": "75", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00006beb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1617", + "tcp.analysis.ack_rtt": "0.000561000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.602462000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.602462000", + "frame.time_delta": "0.003639000", + "frame.time_delta_displayed": "0.003639000", + "frame.time_relative": "461.141776000", + "frame.number": "1619", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fad6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bdb2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47436", + "tcp.dstport": "80", + "tcp.port": "47436", + "tcp.port": "80", + "tcp.stream": "75", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001d73", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1618", + "tcp.analysis.ack_rtt": "0.003639000", + "tcp.analysis.initial_rtt": "0.004200000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.602595000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.602595000", + "frame.time_delta": "0.000133000", + "frame.time_delta_displayed": "0.000133000", + "frame.time_relative": "461.141909000", + "frame.number": "1620", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000fad7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bcf1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47436", + "tcp.dstport": "80", + "tcp.port": "47436", + "tcp.port": "80", + "tcp.stream": "75", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007ced", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004200000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.603048000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.603048000", + "frame.time_delta": "0.000453000", + "frame.time_delta_displayed": "0.000453000", + "frame.time_relative": "461.142362000", + "frame.number": "1621", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d3e6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e4a2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47436", + "tcp.port": "80", + "tcp.port": "47436", + "tcp.stream": "75", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000f42", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1620", + "tcp.analysis.ack_rtt": "0.000453000", + "tcp.analysis.initial_rtt": "0.004200000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.603842000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.603842000", + "frame.time_delta": "0.000794000", + "frame.time_delta_displayed": "0.000794000", + "frame.time_relative": "461.143156000", + "frame.number": "1622", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000d3e7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e490", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47436", + "tcp.port": "80", + "tcp.port": "47436", + "tcp.stream": "75", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004f63", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004200000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.604199000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.604199000", + "frame.time_delta": "0.000357000", + "frame.time_delta_displayed": "0.000357000", + "frame.time_relative": "461.143513000", + "frame.number": "1623", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000d3e8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e0bd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47436", + "tcp.port": "80", + "tcp.port": "47436", + "tcp.stream": "75", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a1cc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004200000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1622", + "tcp.segment": "1623", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001604000", + "http.request_in": "1620", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.608573000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.608573000", + "frame.time_delta": "0.004374000", + "frame.time_delta_displayed": "0.004374000", + "frame.time_relative": "461.147887000", + "frame.number": "1624", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fad8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bdb0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47436", + "tcp.dstport": "80", + "tcp.port": "47436", + "tcp.port": "80", + "tcp.stream": "75", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001ca2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1622", + "tcp.analysis.ack_rtt": "0.004731000", + "tcp.analysis.initial_rtt": "0.004200000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.608616000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.608616000", + "frame.time_delta": "0.000043000", + "frame.time_delta_displayed": "0.000043000", + "frame.time_relative": "461.147930000", + "frame.number": "1625", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fad9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bdaf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47436", + "tcp.dstport": "80", + "tcp.port": "47436", + "tcp.port": "80", + "tcp.stream": "75", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000018b7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1623", + "tcp.analysis.ack_rtt": "0.004417000", + "tcp.analysis.initial_rtt": "0.004200000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.610068000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.610068000", + "frame.time_delta": "0.001452000", + "frame.time_delta_displayed": "0.001452000", + "frame.time_relative": "461.149382000", + "frame.number": "1626", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fada", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bdae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47436", + "tcp.dstport": "80", + "tcp.port": "47436", + "tcp.port": "80", + "tcp.stream": "75", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000018b6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.610596000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.610596000", + "frame.time_delta": "0.000528000", + "frame.time_delta_displayed": "0.000528000", + "frame.time_relative": "461.149910000", + "frame.number": "1627", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d953", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000df35", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47436", + "tcp.port": "80", + "tcp.port": "47436", + "tcp.stream": "75", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000b4c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1626", + "tcp.analysis.ack_rtt": "0.000528000", + "tcp.analysis.initial_rtt": "0.004200000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:12.613744000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494052.613744000", + "frame.time_delta": "0.003148000", + "frame.time_delta_displayed": "0.003148000", + "frame.time_relative": "461.153058000", + "frame.number": "1628", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e9ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cedb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47436", + "tcp.dstport": "80", + "tcp.port": "47436", + "tcp.port": "80", + "tcp.stream": "75", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000157b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.537640000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.537640000", + "frame.time_delta": "0.923896000", + "frame.time_delta_displayed": "0.923896000", + "frame.time_relative": "462.076954000", + "frame.number": "1629", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000095a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000021c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "64", + "http.prev_response_in": "1616" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.573746000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.573746000", + "frame.time_delta": "0.036106000", + "frame.time_delta_displayed": "0.036106000", + "frame.time_relative": "462.113060000", + "frame.number": "1630", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00009477", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000023fe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47437", + "tcp.dstport": "80", + "tcp.port": "47437", + "tcp.port": "80", + "tcp.stream": "76", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000b424", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:07:f6:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919542, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919542", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.574304000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.574304000", + "frame.time_delta": "0.000558000", + "frame.time_delta_displayed": "0.000558000", + "frame.time_relative": "462.113618000", + "frame.number": "1631", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47437", + "tcp.port": "80", + "tcp.port": "47437", + "tcp.stream": "76", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000daea", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1630", + "tcp.analysis.ack_rtt": "0.000558000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.579219000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.579219000", + "frame.time_delta": "0.004915000", + "frame.time_delta_displayed": "0.004915000", + "frame.time_relative": "462.118533000", + "frame.number": "1632", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009478", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002411", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47437", + "tcp.dstport": "80", + "tcp.port": "47437", + "tcp.port": "80", + "tcp.stream": "76", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008c72", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1631", + "tcp.analysis.ack_rtt": "0.004915000", + "tcp.analysis.initial_rtt": "0.005473000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.580000000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.580000000", + "frame.time_delta": "0.000781000", + "frame.time_delta_displayed": "0.000781000", + "frame.time_relative": "462.119314000", + "frame.number": "1633", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00009479", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002350", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47437", + "tcp.dstport": "80", + "tcp.port": "47437", + "tcp.port": "80", + "tcp.stream": "76", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ebec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005473000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.580501000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.580501000", + "frame.time_delta": "0.000501000", + "frame.time_delta_displayed": "0.000501000", + "frame.time_relative": "462.119815000", + "frame.number": "1634", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003a58", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007e31", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47437", + "tcp.port": "80", + "tcp.port": "47437", + "tcp.stream": "76", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007e41", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1633", + "tcp.analysis.ack_rtt": "0.000501000", + "tcp.analysis.initial_rtt": "0.005473000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.581207000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.581207000", + "frame.time_delta": "0.000706000", + "frame.time_delta_displayed": "0.000706000", + "frame.time_relative": "462.120521000", + "frame.number": "1635", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00003a59", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007e1f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47437", + "tcp.port": "80", + "tcp.port": "47437", + "tcp.stream": "76", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000be62", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005473000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.581563000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.581563000", + "frame.time_delta": "0.000356000", + "frame.time_delta_displayed": "0.000356000", + "frame.time_relative": "462.120877000", + "frame.number": "1636", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00003a5a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007a4c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47437", + "tcp.port": "80", + "tcp.port": "47437", + "tcp.stream": "76", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000010cc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005473000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1635", + "tcp.segment": "1636", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001563000", + "http.request_in": "1633", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.585161000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.585161000", + "frame.time_delta": "0.003598000", + "frame.time_delta_displayed": "0.003598000", + "frame.time_relative": "462.124475000", + "frame.number": "1637", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000947a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000240f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47437", + "tcp.dstport": "80", + "tcp.port": "47437", + "tcp.port": "80", + "tcp.stream": "76", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008ba1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1635", + "tcp.analysis.ack_rtt": "0.003954000", + "tcp.analysis.initial_rtt": "0.005473000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.585290000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.585290000", + "frame.time_delta": "0.000129000", + "frame.time_delta_displayed": "0.000129000", + "frame.time_relative": "462.124604000", + "frame.number": "1638", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000947b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000240e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47437", + "tcp.dstport": "80", + "tcp.port": "47437", + "tcp.port": "80", + "tcp.stream": "76", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000087b6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1636", + "tcp.analysis.ack_rtt": "0.003727000", + "tcp.analysis.initial_rtt": "0.005473000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.587536000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.587536000", + "frame.time_delta": "0.002246000", + "frame.time_delta_displayed": "0.002246000", + "frame.time_relative": "462.126850000", + "frame.number": "1639", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000947c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000240d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47437", + "tcp.dstport": "80", + "tcp.port": "47437", + "tcp.port": "80", + "tcp.stream": "76", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000087b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.588009000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.588009000", + "frame.time_delta": "0.000473000", + "frame.time_delta_displayed": "0.000473000", + "frame.time_relative": "462.127323000", + "frame.number": "1640", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d99a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000deee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47437", + "tcp.port": "80", + "tcp.port": "47437", + "tcp.stream": "76", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007a4b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1639", + "tcp.analysis.ack_rtt": "0.000473000", + "tcp.analysis.initial_rtt": "0.005473000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.590668000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.590668000", + "frame.time_delta": "0.002659000", + "frame.time_delta_displayed": "0.002659000", + "frame.time_relative": "462.129982000", + "frame.number": "1641", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000095a5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000021b3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "65", + "http.prev_response_in": "1629" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.592635000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.592635000", + "frame.time_delta": "0.001967000", + "frame.time_delta_displayed": "0.001967000", + "frame.time_relative": "462.131949000", + "frame.number": "1642", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e9bc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cecc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47437", + "tcp.dstport": "80", + "tcp.port": "47437", + "tcp.port": "80", + "tcp.stream": "76", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002348", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.602244000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.602244000", + "frame.time_delta": "0.009609000", + "frame.time_delta_displayed": "0.009609000", + "frame.time_relative": "462.141558000", + "frame.number": "1643", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000cb14", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ed60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47438", + "tcp.dstport": "80", + "tcp.port": "47438", + "tcp.port": "80", + "tcp.stream": "77", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x000086a0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:07:f8:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919544, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919544", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.602783000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.602783000", + "frame.time_delta": "0.000539000", + "frame.time_delta_displayed": "0.000539000", + "frame.time_relative": "462.142097000", + "frame.number": "1644", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47438", + "tcp.port": "80", + "tcp.port": "47438", + "tcp.stream": "77", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008911", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1643", + "tcp.analysis.ack_rtt": "0.000539000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.608145000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.608145000", + "frame.time_delta": "0.005362000", + "frame.time_delta_displayed": "0.005362000", + "frame.time_relative": "462.147459000", + "frame.number": "1645", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cb15", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ed73", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47438", + "tcp.dstport": "80", + "tcp.port": "47438", + "tcp.port": "80", + "tcp.stream": "77", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003a99", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1644", + "tcp.analysis.ack_rtt": "0.005362000", + "tcp.analysis.initial_rtt": "0.005901000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.608562000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.608562000", + "frame.time_delta": "0.000417000", + "frame.time_delta_displayed": "0.000417000", + "frame.time_relative": "462.147876000", + "frame.number": "1646", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000cb16", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ecb2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47438", + "tcp.dstport": "80", + "tcp.port": "47438", + "tcp.port": "80", + "tcp.stream": "77", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009a13", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005901000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.609036000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.609036000", + "frame.time_delta": "0.000474000", + "frame.time_delta_displayed": "0.000474000", + "frame.time_relative": "462.148350000", + "frame.number": "1647", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009bb6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001cd3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47438", + "tcp.port": "80", + "tcp.port": "47438", + "tcp.stream": "77", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002c68", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1646", + "tcp.analysis.ack_rtt": "0.000474000", + "tcp.analysis.initial_rtt": "0.005901000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.609678000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.609678000", + "frame.time_delta": "0.000642000", + "frame.time_delta_displayed": "0.000642000", + "frame.time_relative": "462.148992000", + "frame.number": "1648", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00009bb7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001cc1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47438", + "tcp.port": "80", + "tcp.port": "47438", + "tcp.stream": "77", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006c89", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005901000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.610054000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.610054000", + "frame.time_delta": "0.000376000", + "frame.time_delta_displayed": "0.000376000", + "frame.time_relative": "462.149368000", + "frame.number": "1649", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00009bb8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000018ee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47438", + "tcp.port": "80", + "tcp.port": "47438", + "tcp.stream": "77", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bef2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005901000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1648", + "tcp.segment": "1649", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001492000", + "http.request_in": "1646", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.610769000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.610769000", + "frame.time_delta": "0.000715000", + "frame.time_delta_displayed": "0.000715000", + "frame.time_relative": "462.150083000", + "frame.number": "1650", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00009bb9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000018ed", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47438", + "tcp.port": "80", + "tcp.port": "47438", + "tcp.stream": "77", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bef2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005901000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.615083000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.615083000", + "frame.time_delta": "0.004314000", + "frame.time_delta_displayed": "0.004314000", + "frame.time_relative": "462.154397000", + "frame.number": "1651", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cb17", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ed71", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47438", + "tcp.dstport": "80", + "tcp.port": "47438", + "tcp.port": "80", + "tcp.stream": "77", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000039c8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1648", + "tcp.analysis.ack_rtt": "0.005405000", + "tcp.analysis.initial_rtt": "0.005901000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.615194000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.615194000", + "frame.time_delta": "0.000111000", + "frame.time_delta_displayed": "0.000111000", + "frame.time_relative": "462.154508000", + "frame.number": "1652", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cb18", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ed70", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47438", + "tcp.dstport": "80", + "tcp.port": "47438", + "tcp.port": "80", + "tcp.stream": "77", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000035dd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1649", + "tcp.analysis.ack_rtt": "0.005140000", + "tcp.analysis.initial_rtt": "0.005901000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.615726000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.615726000", + "frame.time_delta": "0.000532000", + "frame.time_delta_displayed": "0.000532000", + "frame.time_relative": "462.155040000", + "frame.number": "1653", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000cb19", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ed63", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47438", + "tcp.dstport": "80", + "tcp.port": "47438", + "tcp.port": "80", + "tcp.stream": "77", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000086aa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:fe:09:bc:91:fe:09:c0:75", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005901000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "1652", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.617662000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.617662000", + "frame.time_delta": "0.001936000", + "frame.time_delta_displayed": "0.001936000", + "frame.time_relative": "462.156976000", + "frame.number": "1654", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cb1a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ed6e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47438", + "tcp.dstport": "80", + "tcp.port": "47438", + "tcp.port": "80", + "tcp.stream": "77", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000035dc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.618091000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.618091000", + "frame.time_delta": "0.000429000", + "frame.time_delta_displayed": "0.000429000", + "frame.time_relative": "462.157405000", + "frame.number": "1655", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d99d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000deeb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47438", + "tcp.port": "80", + "tcp.port": "47438", + "tcp.stream": "77", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002872", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1654", + "tcp.analysis.ack_rtt": "0.000429000", + "tcp.analysis.initial_rtt": "0.005901000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.623116000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.623116000", + "frame.time_delta": "0.005025000", + "frame.time_delta_displayed": "0.005025000", + "frame.time_relative": "462.162430000", + "frame.number": "1656", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e9bd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cecb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47438", + "tcp.dstport": "80", + "tcp.port": "47438", + "tcp.port": "80", + "tcp.stream": "77", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f5c5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.643556000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.643556000", + "frame.time_delta": "0.020440000", + "frame.time_delta_displayed": "0.020440000", + "frame.time_relative": "462.182870000", + "frame.number": "1657", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000095a6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000021b8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "66", + "http.prev_response_in": "1641" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.663477000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.663477000", + "frame.time_delta": "0.019921000", + "frame.time_delta_displayed": "0.019921000", + "frame.time_relative": "462.202791000", + "frame.number": "1658", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00009eed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001988", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47439", + "tcp.dstport": "80", + "tcp.port": "47439", + "tcp.port": "80", + "tcp.stream": "78", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000aa6b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:07:ff:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919551, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919551", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.664023000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.664023000", + "frame.time_delta": "0.000546000", + "frame.time_delta_displayed": "0.000546000", + "frame.time_relative": "462.203337000", + "frame.number": "1659", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47439", + "tcp.port": "80", + "tcp.port": "47439", + "tcp.stream": "78", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00000fd7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1658", + "tcp.analysis.ack_rtt": "0.000546000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.668516000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.668516000", + "frame.time_delta": "0.004493000", + "frame.time_delta_displayed": "0.004493000", + "frame.time_relative": "462.207830000", + "frame.number": "1660", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009eee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000199b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47439", + "tcp.dstport": "80", + "tcp.port": "47439", + "tcp.port": "80", + "tcp.stream": "78", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c15e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1659", + "tcp.analysis.ack_rtt": "0.004493000", + "tcp.analysis.initial_rtt": "0.005039000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.669258000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.669258000", + "frame.time_delta": "0.000742000", + "frame.time_delta_displayed": "0.000742000", + "frame.time_relative": "462.208572000", + "frame.number": "1661", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00009eef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000018da", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47439", + "tcp.dstport": "80", + "tcp.port": "47439", + "tcp.port": "80", + "tcp.stream": "78", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000020d9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005039000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.669741000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.669741000", + "frame.time_delta": "0.000483000", + "frame.time_delta_displayed": "0.000483000", + "frame.time_relative": "462.209055000", + "frame.number": "1662", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000005a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b82f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47439", + "tcp.port": "80", + "tcp.port": "47439", + "tcp.stream": "78", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b32d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1661", + "tcp.analysis.ack_rtt": "0.000483000", + "tcp.analysis.initial_rtt": "0.005039000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.670414000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.670414000", + "frame.time_delta": "0.000673000", + "frame.time_delta_displayed": "0.000673000", + "frame.time_relative": "462.209728000", + "frame.number": "1663", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000005b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b81d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47439", + "tcp.port": "80", + "tcp.port": "47439", + "tcp.stream": "78", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f34e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005039000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.670810000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.670810000", + "frame.time_delta": "0.000396000", + "frame.time_delta_displayed": "0.000396000", + "frame.time_relative": "462.210124000", + "frame.number": "1664", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000005c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b44a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47439", + "tcp.port": "80", + "tcp.port": "47439", + "tcp.stream": "78", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000045b8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005039000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1663", + "tcp.segment": "1664", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001552000", + "http.request_in": "1661", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.676777000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.676777000", + "frame.time_delta": "0.005967000", + "frame.time_delta_displayed": "0.005967000", + "frame.time_relative": "462.216091000", + "frame.number": "1665", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009ef0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001999", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47439", + "tcp.dstport": "80", + "tcp.port": "47439", + "tcp.port": "80", + "tcp.stream": "78", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c08d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1663", + "tcp.analysis.ack_rtt": "0.006363000", + "tcp.analysis.initial_rtt": "0.005039000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.676885000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.676885000", + "frame.time_delta": "0.000108000", + "frame.time_delta_displayed": "0.000108000", + "frame.time_relative": "462.216199000", + "frame.number": "1666", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009ef1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001998", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47439", + "tcp.dstport": "80", + "tcp.port": "47439", + "tcp.port": "80", + "tcp.stream": "78", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bca2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1664", + "tcp.analysis.ack_rtt": "0.006075000", + "tcp.analysis.initial_rtt": "0.005039000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.678075000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.678075000", + "frame.time_delta": "0.001190000", + "frame.time_delta_displayed": "0.001190000", + "frame.time_relative": "462.217389000", + "frame.number": "1667", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009ef2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001997", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47439", + "tcp.dstport": "80", + "tcp.port": "47439", + "tcp.port": "80", + "tcp.stream": "78", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bca1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.678521000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.678521000", + "frame.time_delta": "0.000446000", + "frame.time_delta_displayed": "0.000446000", + "frame.time_relative": "462.217835000", + "frame.number": "1668", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d99e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000deea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47439", + "tcp.port": "80", + "tcp.port": "47439", + "tcp.stream": "78", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000af37", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1667", + "tcp.analysis.ack_rtt": "0.000446000", + "tcp.analysis.initial_rtt": "0.005039000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:13.683664000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494053.683664000", + "frame.time_delta": "0.005143000", + "frame.time_delta_displayed": "0.005143000", + "frame.time_relative": "462.222978000", + "frame.number": "1669", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e9c0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cec8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47439", + "tcp.dstport": "80", + "tcp.port": "47439", + "tcp.port": "80", + "tcp.stream": "78", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001998", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.328989000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.328989000", + "frame.time_delta": "0.645325000", + "frame.time_delta_displayed": "0.645325000", + "frame.time_relative": "462.868303000", + "frame.number": "1670", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000095bd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000021a4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "67", + "http.prev_response_in": "1657" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.381778000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.381778000", + "frame.time_delta": "0.052789000", + "frame.time_delta_displayed": "0.052789000", + "frame.time_relative": "462.921092000", + "frame.number": "1671", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000095bf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002199", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "68", + "http.prev_response_in": "1670" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.396058000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.396058000", + "frame.time_delta": "0.014280000", + "frame.time_delta_displayed": "0.014280000", + "frame.time_relative": "462.935372000", + "frame.number": "1672", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00001334", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a541", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47440", + "tcp.dstport": "80", + "tcp.port": "47440", + "tcp.port": "80", + "tcp.stream": "79", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00000b0f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:08:48:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919624, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919624", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.396585000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.396585000", + "frame.time_delta": "0.000527000", + "frame.time_delta_displayed": "0.000527000", + "frame.time_relative": "462.935899000", + "frame.number": "1673", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47440", + "tcp.port": "80", + "tcp.port": "47440", + "tcp.stream": "79", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000035de", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1672", + "tcp.analysis.ack_rtt": "0.000527000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.402477000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.402477000", + "frame.time_delta": "0.005892000", + "frame.time_delta_displayed": "0.005892000", + "frame.time_relative": "462.941791000", + "frame.number": "1674", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001335", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a554", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47440", + "tcp.dstport": "80", + "tcp.port": "47440", + "tcp.port": "80", + "tcp.stream": "79", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e765", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1673", + "tcp.analysis.ack_rtt": "0.005892000", + "tcp.analysis.initial_rtt": "0.006419000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.403234000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.403234000", + "frame.time_delta": "0.000757000", + "frame.time_delta_displayed": "0.000757000", + "frame.time_relative": "462.942548000", + "frame.number": "1675", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00001336", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a493", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47440", + "tcp.dstport": "80", + "tcp.port": "47440", + "tcp.port": "80", + "tcp.stream": "79", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000046e0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006419000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.403704000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.403704000", + "frame.time_delta": "0.000470000", + "frame.time_delta_displayed": "0.000470000", + "frame.time_relative": "462.943018000", + "frame.number": "1676", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d43c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e44c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47440", + "tcp.port": "80", + "tcp.port": "47440", + "tcp.stream": "79", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d934", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1675", + "tcp.analysis.ack_rtt": "0.000470000", + "tcp.analysis.initial_rtt": "0.006419000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.404351000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.404351000", + "frame.time_delta": "0.000647000", + "frame.time_delta_displayed": "0.000647000", + "frame.time_relative": "462.943665000", + "frame.number": "1677", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000d43d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e43a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47440", + "tcp.port": "80", + "tcp.port": "47440", + "tcp.stream": "79", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001956", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006419000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.404700000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.404700000", + "frame.time_delta": "0.000349000", + "frame.time_delta_displayed": "0.000349000", + "frame.time_relative": "462.944014000", + "frame.number": "1678", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000d43e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e067", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47440", + "tcp.port": "80", + "tcp.port": "47440", + "tcp.stream": "79", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006bbf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006419000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1677", + "tcp.segment": "1678", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001466000", + "http.request_in": "1675", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.408851000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.408851000", + "frame.time_delta": "0.004151000", + "frame.time_delta_displayed": "0.004151000", + "frame.time_relative": "462.948165000", + "frame.number": "1679", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001337", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a552", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47440", + "tcp.dstport": "80", + "tcp.port": "47440", + "tcp.port": "80", + "tcp.stream": "79", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e694", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1677", + "tcp.analysis.ack_rtt": "0.004500000", + "tcp.analysis.initial_rtt": "0.006419000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.434832000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.434832000", + "frame.time_delta": "0.025981000", + "frame.time_delta_displayed": "0.025981000", + "frame.time_relative": "462.974146000", + "frame.number": "1680", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000095c0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000219e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "69", + "http.prev_response_in": "1671" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.442080000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.442080000", + "frame.time_delta": "0.007248000", + "frame.time_delta_displayed": "0.007248000", + "frame.time_relative": "462.981394000", + "frame.number": "1681", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001338", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a551", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47440", + "tcp.dstport": "80", + "tcp.port": "47440", + "tcp.port": "80", + "tcp.stream": "79", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e2a9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1678", + "tcp.analysis.ack_rtt": "0.037380000", + "tcp.analysis.initial_rtt": "0.006419000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.443910000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.443910000", + "frame.time_delta": "0.001830000", + "frame.time_delta_displayed": "0.001830000", + "frame.time_relative": "462.983224000", + "frame.number": "1682", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001339", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a550", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47440", + "tcp.dstport": "80", + "tcp.port": "47440", + "tcp.port": "80", + "tcp.stream": "79", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e2a8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.444360000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.444360000", + "frame.time_delta": "0.000450000", + "frame.time_delta_displayed": "0.000450000", + "frame.time_relative": "462.983674000", + "frame.number": "1683", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d9dc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000deac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47440", + "tcp.port": "80", + "tcp.port": "47440", + "tcp.stream": "79", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d53e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1682", + "tcp.analysis.ack_rtt": "0.000450000", + "tcp.analysis.initial_rtt": "0.006419000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.447453000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.447453000", + "frame.time_delta": "0.003093000", + "frame.time_delta_displayed": "0.003093000", + "frame.time_relative": "462.986767000", + "frame.number": "1684", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e9d1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ceb7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47440", + "tcp.dstport": "80", + "tcp.port": "47440", + "tcp.port": "80", + "tcp.stream": "79", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007a84", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.451031000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.451031000", + "frame.time_delta": "0.003578000", + "frame.time_delta_displayed": "0.003578000", + "frame.time_relative": "462.990345000", + "frame.number": "1685", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00007670", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004205", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47441", + "tcp.dstport": "80", + "tcp.port": "47441", + "tcp.port": "80", + "tcp.stream": "80", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00007cb3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:08:4d:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919629, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919629", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.451556000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.451556000", + "frame.time_delta": "0.000525000", + "frame.time_delta_displayed": "0.000525000", + "frame.time_relative": "462.990870000", + "frame.number": "1686", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47441", + "tcp.port": "80", + "tcp.port": "47441", + "tcp.stream": "80", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000e844", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1685", + "tcp.analysis.ack_rtt": "0.000525000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.456318000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.456318000", + "frame.time_delta": "0.004762000", + "frame.time_delta_displayed": "0.004762000", + "frame.time_relative": "462.995632000", + "frame.number": "1687", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007671", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004218", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47441", + "tcp.dstport": "80", + "tcp.port": "47441", + "tcp.port": "80", + "tcp.stream": "80", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000099cc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1686", + "tcp.analysis.ack_rtt": "0.004762000", + "tcp.analysis.initial_rtt": "0.005287000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.457184000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.457184000", + "frame.time_delta": "0.000866000", + "frame.time_delta_displayed": "0.000866000", + "frame.time_relative": "462.996498000", + "frame.number": "1688", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00007672", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004157", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47441", + "tcp.dstport": "80", + "tcp.port": "47441", + "tcp.port": "80", + "tcp.stream": "80", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f946", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005287000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.457654000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.457654000", + "frame.time_delta": "0.000470000", + "frame.time_delta_displayed": "0.000470000", + "frame.time_relative": "462.996968000", + "frame.number": "1689", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008b64", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002d25", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47441", + "tcp.port": "80", + "tcp.port": "47441", + "tcp.stream": "80", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008b9b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1688", + "tcp.analysis.ack_rtt": "0.000470000", + "tcp.analysis.initial_rtt": "0.005287000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.458415000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.458415000", + "frame.time_delta": "0.000761000", + "frame.time_delta_displayed": "0.000761000", + "frame.time_relative": "462.997729000", + "frame.number": "1690", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00008b65", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002d13", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47441", + "tcp.port": "80", + "tcp.port": "47441", + "tcp.stream": "80", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000cbbc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005287000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.458775000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.458775000", + "frame.time_delta": "0.000360000", + "frame.time_delta_displayed": "0.000360000", + "frame.time_relative": "462.998089000", + "frame.number": "1691", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00008b66", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002940", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47441", + "tcp.port": "80", + "tcp.port": "47441", + "tcp.stream": "80", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001e26", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005287000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1690", + "tcp.segment": "1691", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001591000", + "http.request_in": "1688", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.460782000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.460782000", + "frame.time_delta": "0.002007000", + "frame.time_delta_displayed": "0.002007000", + "frame.time_relative": "463.000096000", + "frame.number": "1692", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00008b67", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000293f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47441", + "tcp.port": "80", + "tcp.port": "47441", + "tcp.stream": "80", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001e26", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005287000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.463906000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.463906000", + "frame.time_delta": "0.003124000", + "frame.time_delta_displayed": "0.003124000", + "frame.time_relative": "463.003220000", + "frame.number": "1693", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007673", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004216", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47441", + "tcp.dstport": "80", + "tcp.port": "47441", + "tcp.port": "80", + "tcp.stream": "80", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000098fb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1690", + "tcp.analysis.ack_rtt": "0.005491000", + "tcp.analysis.initial_rtt": "0.005287000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.464066000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.464066000", + "frame.time_delta": "0.000160000", + "frame.time_delta_displayed": "0.000160000", + "frame.time_relative": "463.003380000", + "frame.number": "1694", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007674", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004215", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47441", + "tcp.dstport": "80", + "tcp.port": "47441", + "tcp.port": "80", + "tcp.stream": "80", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009510", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1691", + "tcp.analysis.ack_rtt": "0.005291000", + "tcp.analysis.initial_rtt": "0.005287000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.464990000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.464990000", + "frame.time_delta": "0.000924000", + "frame.time_delta_displayed": "0.000924000", + "frame.time_relative": "463.004304000", + "frame.number": "1695", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00007675", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004208", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47441", + "tcp.dstport": "80", + "tcp.port": "47441", + "tcp.port": "80", + "tcp.stream": "80", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b774", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:a4:cf:ad:00:a4:cf:b0:e4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005287000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "1694", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.465118000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.465118000", + "frame.time_delta": "0.000128000", + "frame.time_delta_displayed": "0.000128000", + "frame.time_relative": "463.004432000", + "frame.number": "1696", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007676", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004213", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47441", + "tcp.dstport": "80", + "tcp.port": "47441", + "tcp.port": "80", + "tcp.stream": "80", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000950f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.465526000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.465526000", + "frame.time_delta": "0.000408000", + "frame.time_delta_displayed": "0.000408000", + "frame.time_relative": "463.004840000", + "frame.number": "1697", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d9dd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000deab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47441", + "tcp.port": "80", + "tcp.port": "47441", + "tcp.stream": "80", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000087a5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1696", + "tcp.analysis.ack_rtt": "0.000408000", + "tcp.analysis.initial_rtt": "0.005287000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.469458000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.469458000", + "frame.time_delta": "0.003932000", + "frame.time_delta_displayed": "0.003932000", + "frame.time_relative": "463.008772000", + "frame.number": "1698", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e9d3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ceb5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47441", + "tcp.dstport": "80", + "tcp.port": "47441", + "tcp.port": "80", + "tcp.stream": "80", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ec2d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:14.980228000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494054.980228000", + "frame.time_delta": "0.510770000", + "frame.time_delta_displayed": "0.510770000", + "frame.time_relative": "463.519542000", + "frame.number": "1699", + "frame.len": "103", + "frame.cap_len": "103", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "89", + "ip.id": "0x0000ff88", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000da10", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "69", + "udp.checksum": "0x00000f59", + "udp.checksum.status": "2", + "udp.stream": "38" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", + "dns.qry.name.len": "37", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.381698000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.381698000", + "frame.time_delta": "0.401470000", + "frame.time_delta_displayed": "0.401470000", + "frame.time_relative": "463.921012000", + "frame.number": "1700", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000961a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002147", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "70", + "http.prev_response_in": "1680" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.416258000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.416258000", + "frame.time_delta": "0.034560000", + "frame.time_delta_displayed": "0.034560000", + "frame.time_relative": "463.955572000", + "frame.number": "1701", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00002bbc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008cb9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47442", + "tcp.dstport": "80", + "tcp.port": "47442", + "tcp.port": "80", + "tcp.stream": "81", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000c5b6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:08:ae:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919726, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919726", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.416826000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.416826000", + "frame.time_delta": "0.000568000", + "frame.time_delta_displayed": "0.000568000", + "frame.time_relative": "463.956140000", + "frame.number": "1702", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47442", + "tcp.port": "80", + "tcp.port": "47442", + "tcp.stream": "81", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000f69d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1701", + "tcp.analysis.ack_rtt": "0.000568000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.421794000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.421794000", + "frame.time_delta": "0.004968000", + "frame.time_delta_displayed": "0.004968000", + "frame.time_relative": "463.961108000", + "frame.number": "1703", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002bbd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008ccc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47442", + "tcp.dstport": "80", + "tcp.port": "47442", + "tcp.port": "80", + "tcp.stream": "81", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a825", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1702", + "tcp.analysis.ack_rtt": "0.004968000", + "tcp.analysis.initial_rtt": "0.005536000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.422794000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.422794000", + "frame.time_delta": "0.001000000", + "frame.time_delta_displayed": "0.001000000", + "frame.time_relative": "463.962108000", + "frame.number": "1704", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00002bbe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008c0b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47442", + "tcp.dstport": "80", + "tcp.port": "47442", + "tcp.port": "80", + "tcp.stream": "81", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000007a0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005536000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.423273000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.423273000", + "frame.time_delta": "0.000479000", + "frame.time_delta_displayed": "0.000479000", + "frame.time_relative": "463.962587000", + "frame.number": "1705", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a206", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001683", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47442", + "tcp.port": "80", + "tcp.port": "47442", + "tcp.stream": "81", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000099f4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1704", + "tcp.analysis.ack_rtt": "0.000479000", + "tcp.analysis.initial_rtt": "0.005536000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.423959000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.423959000", + "frame.time_delta": "0.000686000", + "frame.time_delta_displayed": "0.000686000", + "frame.time_relative": "463.963273000", + "frame.number": "1706", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000a207", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001671", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47442", + "tcp.port": "80", + "tcp.port": "47442", + "tcp.stream": "81", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000da15", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005536000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.424389000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.424389000", + "frame.time_delta": "0.000430000", + "frame.time_delta_displayed": "0.000430000", + "frame.time_relative": "463.963703000", + "frame.number": "1707", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000a208", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000129e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47442", + "tcp.port": "80", + "tcp.port": "47442", + "tcp.stream": "81", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002c7f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005536000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1706", + "tcp.segment": "1707", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001595000", + "http.request_in": "1704", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.428887000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.428887000", + "frame.time_delta": "0.004498000", + "frame.time_delta_displayed": "0.004498000", + "frame.time_relative": "463.968201000", + "frame.number": "1708", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002bbf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008cca", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47442", + "tcp.dstport": "80", + "tcp.port": "47442", + "tcp.port": "80", + "tcp.stream": "81", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a754", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1706", + "tcp.analysis.ack_rtt": "0.004928000", + "tcp.analysis.initial_rtt": "0.005536000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.429379000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.429379000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "463.968693000", + "frame.number": "1709", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002bc0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008cc9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47442", + "tcp.dstport": "80", + "tcp.port": "47442", + "tcp.port": "80", + "tcp.stream": "81", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a369", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1707", + "tcp.analysis.ack_rtt": "0.004990000", + "tcp.analysis.initial_rtt": "0.005536000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.431538000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.431538000", + "frame.time_delta": "0.002159000", + "frame.time_delta_displayed": "0.002159000", + "frame.time_relative": "463.970852000", + "frame.number": "1710", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002bc1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008cc8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47442", + "tcp.dstport": "80", + "tcp.port": "47442", + "tcp.port": "80", + "tcp.stream": "81", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a368", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.432016000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.432016000", + "frame.time_delta": "0.000478000", + "frame.time_delta_displayed": "0.000478000", + "frame.time_relative": "463.971330000", + "frame.number": "1711", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000da0c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000de7c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47442", + "tcp.port": "80", + "tcp.port": "47442", + "tcp.stream": "81", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000095fe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1710", + "tcp.analysis.ack_rtt": "0.000478000", + "tcp.analysis.initial_rtt": "0.005536000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.435349000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.435349000", + "frame.time_delta": "0.003333000", + "frame.time_delta_displayed": "0.003333000", + "frame.time_relative": "463.974663000", + "frame.number": "1712", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000961b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000213d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "71", + "http.prev_response_in": "1700" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.436045000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.436045000", + "frame.time_delta": "0.000696000", + "frame.time_delta_displayed": "0.000696000", + "frame.time_relative": "463.975359000", + "frame.number": "1713", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ea2d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ce5b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47442", + "tcp.dstport": "80", + "tcp.port": "47442", + "tcp.port": "80", + "tcp.stream": "81", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003592", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.447638000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.447638000", + "frame.time_delta": "0.011593000", + "frame.time_delta_displayed": "0.011593000", + "frame.time_relative": "463.986952000", + "frame.number": "1714", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000ccf6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eb7e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47443", + "tcp.dstport": "80", + "tcp.port": "47443", + "tcp.port": "80", + "tcp.stream": "82", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000f330", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:08:b1:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919729, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919729", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.448161000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.448161000", + "frame.time_delta": "0.000523000", + "frame.time_delta_displayed": "0.000523000", + "frame.time_relative": "463.987475000", + "frame.number": "1715", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47443", + "tcp.port": "80", + "tcp.port": "47443", + "tcp.stream": "82", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000052ad", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1714", + "tcp.analysis.ack_rtt": "0.000523000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.451612000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.451612000", + "frame.time_delta": "0.003451000", + "frame.time_delta_displayed": "0.003451000", + "frame.time_relative": "463.990926000", + "frame.number": "1716", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ccf7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eb91", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47443", + "tcp.dstport": "80", + "tcp.port": "47443", + "tcp.port": "80", + "tcp.stream": "82", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000435", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1715", + "tcp.analysis.ack_rtt": "0.003451000", + "tcp.analysis.initial_rtt": "0.003974000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.452313000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.452313000", + "frame.time_delta": "0.000701000", + "frame.time_delta_displayed": "0.000701000", + "frame.time_relative": "463.991627000", + "frame.number": "1717", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000ccf8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ead0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47443", + "tcp.dstport": "80", + "tcp.port": "47443", + "tcp.port": "80", + "tcp.stream": "82", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000063af", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003974000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.452802000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.452802000", + "frame.time_delta": "0.000489000", + "frame.time_delta_displayed": "0.000489000", + "frame.time_relative": "463.992116000", + "frame.number": "1718", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000060d0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000057b9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47443", + "tcp.port": "80", + "tcp.port": "47443", + "tcp.stream": "82", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f603", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1717", + "tcp.analysis.ack_rtt": "0.000489000", + "tcp.analysis.initial_rtt": "0.003974000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.453455000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.453455000", + "frame.time_delta": "0.000653000", + "frame.time_delta_displayed": "0.000653000", + "frame.time_relative": "463.992769000", + "frame.number": "1719", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000060d1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000057a7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47443", + "tcp.port": "80", + "tcp.port": "47443", + "tcp.stream": "82", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003625", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003974000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.453805000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.453805000", + "frame.time_delta": "0.000350000", + "frame.time_delta_displayed": "0.000350000", + "frame.time_relative": "463.993119000", + "frame.number": "1720", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000060d2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000053d4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47443", + "tcp.port": "80", + "tcp.port": "47443", + "tcp.stream": "82", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000888e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003974000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1719", + "tcp.segment": "1720", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001492000", + "http.request_in": "1717", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.456529000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.456529000", + "frame.time_delta": "0.002724000", + "frame.time_delta_displayed": "0.002724000", + "frame.time_relative": "463.995843000", + "frame.number": "1721", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ccf9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eb8f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47443", + "tcp.dstport": "80", + "tcp.port": "47443", + "tcp.port": "80", + "tcp.stream": "82", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000364", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1719", + "tcp.analysis.ack_rtt": "0.003074000", + "tcp.analysis.initial_rtt": "0.003974000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.458362000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.458362000", + "frame.time_delta": "0.001833000", + "frame.time_delta_displayed": "0.001833000", + "frame.time_relative": "463.997676000", + "frame.number": "1722", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ccfa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eb8e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47443", + "tcp.dstport": "80", + "tcp.port": "47443", + "tcp.port": "80", + "tcp.stream": "82", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ff78", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1720", + "tcp.analysis.ack_rtt": "0.004557000", + "tcp.analysis.initial_rtt": "0.003974000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.459833000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.459833000", + "frame.time_delta": "0.001471000", + "frame.time_delta_displayed": "0.001471000", + "frame.time_relative": "463.999147000", + "frame.number": "1723", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ccfb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eb8d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47443", + "tcp.dstport": "80", + "tcp.port": "47443", + "tcp.port": "80", + "tcp.stream": "82", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ff77", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.460266000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.460266000", + "frame.time_delta": "0.000433000", + "frame.time_delta_displayed": "0.000433000", + "frame.time_relative": "463.999580000", + "frame.number": "1724", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000da0e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000de7a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47443", + "tcp.port": "80", + "tcp.port": "47443", + "tcp.stream": "82", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f20d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1723", + "tcp.analysis.ack_rtt": "0.000433000", + "tcp.analysis.initial_rtt": "0.003974000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.467677000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.467677000", + "frame.time_delta": "0.007411000", + "frame.time_delta_displayed": "0.007411000", + "frame.time_relative": "464.006991000", + "frame.number": "1725", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ea2f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ce59", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47443", + "tcp.dstport": "80", + "tcp.port": "47443", + "tcp.port": "80", + "tcp.stream": "82", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000630f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.488168000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.488168000", + "frame.time_delta": "0.020491000", + "frame.time_delta_displayed": "0.020491000", + "frame.time_relative": "464.027482000", + "frame.number": "1726", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000961c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002142", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "72", + "http.prev_response_in": "1712" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.498325000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.498325000", + "frame.time_delta": "0.010157000", + "frame.time_delta_displayed": "0.010157000", + "frame.time_relative": "464.037639000", + "frame.number": "1727", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00003087", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000087ee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47444", + "tcp.dstport": "80", + "tcp.port": "47444", + "tcp.port": "80", + "tcp.stream": "83", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000f529", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:08:b6:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919734, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919734", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.498877000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.498877000", + "frame.time_delta": "0.000552000", + "frame.time_delta_displayed": "0.000552000", + "frame.time_relative": "464.038191000", + "frame.number": "1728", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47444", + "tcp.port": "80", + "tcp.port": "47444", + "tcp.stream": "83", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000d8c7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1727", + "tcp.analysis.ack_rtt": "0.000552000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.502533000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.502533000", + "frame.time_delta": "0.003656000", + "frame.time_delta_displayed": "0.003656000", + "frame.time_relative": "464.041847000", + "frame.number": "1729", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003088", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008801", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47444", + "tcp.dstport": "80", + "tcp.port": "47444", + "tcp.port": "80", + "tcp.stream": "83", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008a4f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1728", + "tcp.analysis.ack_rtt": "0.003656000", + "tcp.analysis.initial_rtt": "0.004208000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.504843000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.504843000", + "frame.time_delta": "0.002310000", + "frame.time_delta_displayed": "0.002310000", + "frame.time_relative": "464.044157000", + "frame.number": "1730", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00003089", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008740", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47444", + "tcp.dstport": "80", + "tcp.port": "47444", + "tcp.port": "80", + "tcp.stream": "83", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e9c9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004208000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.505339000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.505339000", + "frame.time_delta": "0.000496000", + "frame.time_delta_displayed": "0.000496000", + "frame.time_relative": "464.044653000", + "frame.number": "1731", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b99c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000feec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47444", + "tcp.port": "80", + "tcp.port": "47444", + "tcp.stream": "83", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007c1e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1730", + "tcp.analysis.ack_rtt": "0.000496000", + "tcp.analysis.initial_rtt": "0.004208000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.506035000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.506035000", + "frame.time_delta": "0.000696000", + "frame.time_delta_displayed": "0.000696000", + "frame.time_relative": "464.045349000", + "frame.number": "1732", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000b99d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000feda", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47444", + "tcp.port": "80", + "tcp.port": "47444", + "tcp.stream": "83", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bc3f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004208000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.506415000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.506415000", + "frame.time_delta": "0.000380000", + "frame.time_delta_displayed": "0.000380000", + "frame.time_relative": "464.045729000", + "frame.number": "1733", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000b99e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fb07", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47444", + "tcp.port": "80", + "tcp.port": "47444", + "tcp.stream": "83", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000ea9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004208000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1732", + "tcp.segment": "1733", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001572000", + "http.request_in": "1730", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.509692000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.509692000", + "frame.time_delta": "0.003277000", + "frame.time_delta_displayed": "0.003277000", + "frame.time_relative": "464.049006000", + "frame.number": "1734", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000308a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000087ff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47444", + "tcp.dstport": "80", + "tcp.port": "47444", + "tcp.port": "80", + "tcp.stream": "83", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000897e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1732", + "tcp.analysis.ack_rtt": "0.003657000", + "tcp.analysis.initial_rtt": "0.004208000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.509734000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.509734000", + "frame.time_delta": "0.000042000", + "frame.time_delta_displayed": "0.000042000", + "frame.time_relative": "464.049048000", + "frame.number": "1735", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000308b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000087fe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47444", + "tcp.dstport": "80", + "tcp.port": "47444", + "tcp.port": "80", + "tcp.stream": "83", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008593", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1733", + "tcp.analysis.ack_rtt": "0.003319000", + "tcp.analysis.initial_rtt": "0.004208000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.510452000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.510452000", + "frame.time_delta": "0.000718000", + "frame.time_delta_displayed": "0.000718000", + "frame.time_relative": "464.049766000", + "frame.number": "1736", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000308c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000087fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47444", + "tcp.dstport": "80", + "tcp.port": "47444", + "tcp.port": "80", + "tcp.stream": "83", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008592", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.510927000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.510927000", + "frame.time_delta": "0.000475000", + "frame.time_delta_displayed": "0.000475000", + "frame.time_relative": "464.050241000", + "frame.number": "1737", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000da14", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000de74", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47444", + "tcp.port": "80", + "tcp.port": "47444", + "tcp.stream": "83", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007828", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1736", + "tcp.analysis.ack_rtt": "0.000475000", + "tcp.analysis.initial_rtt": "0.004208000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:15.515805000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494055.515805000", + "frame.time_delta": "0.004878000", + "frame.time_delta_displayed": "0.004878000", + "frame.time_relative": "464.055119000", + "frame.number": "1738", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ea32", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ce56", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47444", + "tcp.dstport": "80", + "tcp.port": "47444", + "tcp.port": "80", + "tcp.stream": "83", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000650d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:16.014627000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494056.014627000", + "frame.time_delta": "0.498822000", + "frame.time_delta_displayed": "0.498822000", + "frame.time_relative": "464.553941000", + "frame.number": "1739", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00009645", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000211c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "73", + "http.prev_response_in": "1726" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:16.067433000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494056.067433000", + "frame.time_delta": "0.052806000", + "frame.time_delta_displayed": "0.052806000", + "frame.time_relative": "464.606747000", + "frame.number": "1740", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00009647", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002111", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "74", + "http.prev_response_in": "1739" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:16.120285000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494056.120285000", + "frame.time_delta": "0.052852000", + "frame.time_delta_displayed": "0.052852000", + "frame.time_relative": "464.659599000", + "frame.number": "1741", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000964a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002114", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "75", + "http.prev_response_in": "1740" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:16.238527000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494056.238527000", + "frame.time_delta": "0.118242000", + "frame.time_delta_displayed": "0.118242000", + "frame.time_relative": "464.777841000", + "frame.number": "1742", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00009b3e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001d37", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47445", + "tcp.dstport": "80", + "tcp.port": "47445", + "tcp.port": "80", + "tcp.stream": "84", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00007190", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:09:00:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919808, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919808", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:16.239100000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494056.239100000", + "frame.time_delta": "0.000573000", + "frame.time_delta_displayed": "0.000573000", + "frame.time_relative": "464.778414000", + "frame.number": "1743", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47445", + "tcp.port": "80", + "tcp.port": "47445", + "tcp.stream": "84", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00006b99", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1742", + "tcp.analysis.ack_rtt": "0.000573000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:16.242991000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494056.242991000", + "frame.time_delta": "0.003891000", + "frame.time_delta_displayed": "0.003891000", + "frame.time_relative": "464.782305000", + "frame.number": "1744", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009b3f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001d4a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47445", + "tcp.dstport": "80", + "tcp.port": "47445", + "tcp.port": "80", + "tcp.stream": "84", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001d21", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1743", + "tcp.analysis.ack_rtt": "0.003891000", + "tcp.analysis.initial_rtt": "0.004464000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:16.243835000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494056.243835000", + "frame.time_delta": "0.000844000", + "frame.time_delta_displayed": "0.000844000", + "frame.time_relative": "464.783149000", + "frame.number": "1745", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00009b40", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001c89", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47445", + "tcp.dstport": "80", + "tcp.port": "47445", + "tcp.port": "80", + "tcp.stream": "84", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007c9b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004464000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:16.244311000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494056.244311000", + "frame.time_delta": "0.000476000", + "frame.time_delta_displayed": "0.000476000", + "frame.time_relative": "464.783625000", + "frame.number": "1746", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000078ce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003fbb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47445", + "tcp.port": "80", + "tcp.port": "47445", + "tcp.stream": "84", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000ef0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1745", + "tcp.analysis.ack_rtt": "0.000476000", + "tcp.analysis.initial_rtt": "0.004464000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:16.244954000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494056.244954000", + "frame.time_delta": "0.000643000", + "frame.time_delta_displayed": "0.000643000", + "frame.time_relative": "464.784268000", + "frame.number": "1747", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000078cf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003fa9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47445", + "tcp.port": "80", + "tcp.port": "47445", + "tcp.stream": "84", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004f11", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004464000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:16.245329000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494056.245329000", + "frame.time_delta": "0.000375000", + "frame.time_delta_displayed": "0.000375000", + "frame.time_relative": "464.784643000", + "frame.number": "1748", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000078d0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003bd6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47445", + "tcp.port": "80", + "tcp.port": "47445", + "tcp.stream": "84", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a17a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004464000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1747", + "tcp.segment": "1748", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001494000", + "http.request_in": "1745", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:16.248992000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494056.248992000", + "frame.time_delta": "0.003663000", + "frame.time_delta_displayed": "0.003663000", + "frame.time_relative": "464.788306000", + "frame.number": "1749", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009b41", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001d48", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47445", + "tcp.dstport": "80", + "tcp.port": "47445", + "tcp.port": "80", + "tcp.stream": "84", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001c50", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1747", + "tcp.analysis.ack_rtt": "0.004038000", + "tcp.analysis.initial_rtt": "0.004464000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:16.249416000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494056.249416000", + "frame.time_delta": "0.000424000", + "frame.time_delta_displayed": "0.000424000", + "frame.time_relative": "464.788730000", + "frame.number": "1750", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009b42", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001d47", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47445", + "tcp.dstport": "80", + "tcp.port": "47445", + "tcp.port": "80", + "tcp.stream": "84", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001865", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1748", + "tcp.analysis.ack_rtt": "0.004087000", + "tcp.analysis.initial_rtt": "0.004464000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:16.250893000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494056.250893000", + "frame.time_delta": "0.001477000", + "frame.time_delta_displayed": "0.001477000", + "frame.time_relative": "464.790207000", + "frame.number": "1751", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009b43", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001d46", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47445", + "tcp.dstport": "80", + "tcp.port": "47445", + "tcp.port": "80", + "tcp.stream": "84", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001864", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:16.251359000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494056.251359000", + "frame.time_delta": "0.000466000", + "frame.time_delta_displayed": "0.000466000", + "frame.time_relative": "464.790673000", + "frame.number": "1752", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000da25", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000de63", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47445", + "tcp.port": "80", + "tcp.port": "47445", + "tcp.stream": "84", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000afa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1751", + "tcp.analysis.ack_rtt": "0.000466000", + "tcp.analysis.initial_rtt": "0.004464000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:16.256409000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494056.256409000", + "frame.time_delta": "0.005050000", + "frame.time_delta_displayed": "0.005050000", + "frame.time_relative": "464.795723000", + "frame.number": "1753", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ea64", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ce24", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47445", + "tcp.dstport": "80", + "tcp.port": "47445", + "tcp.port": "80", + "tcp.stream": "84", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e1bd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.067431000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.067431000", + "frame.time_delta": "0.811022000", + "frame.time_delta_displayed": "0.811022000", + "frame.time_relative": "465.606745000", + "frame.number": "1754", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000096a3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000020be", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "76", + "http.prev_response_in": "1741" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.120193000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.120193000", + "frame.time_delta": "0.052762000", + "frame.time_delta_displayed": "0.052762000", + "frame.time_relative": "465.659507000", + "frame.number": "1755", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000096a7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000020b1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "77", + "http.prev_response_in": "1754" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.155173000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.155173000", + "frame.time_delta": "0.034980000", + "frame.time_delta_displayed": "0.034980000", + "frame.time_relative": "465.694487000", + "frame.number": "1756", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000de2f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000da45", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47446", + "tcp.dstport": "80", + "tcp.port": "47446", + "tcp.port": "80", + "tcp.stream": "85", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000e672", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:09:5c:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919900, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919900", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.155726000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.155726000", + "frame.time_delta": "0.000553000", + "frame.time_delta_displayed": "0.000553000", + "frame.time_relative": "465.695040000", + "frame.number": "1757", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47446", + "tcp.port": "80", + "tcp.port": "47446", + "tcp.stream": "85", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000a11e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1756", + "tcp.analysis.ack_rtt": "0.000553000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.159547000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.159547000", + "frame.time_delta": "0.003821000", + "frame.time_delta_displayed": "0.003821000", + "frame.time_relative": "465.698861000", + "frame.number": "1758", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000de30", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000da58", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47446", + "tcp.dstport": "80", + "tcp.port": "47446", + "tcp.port": "80", + "tcp.stream": "85", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000052a6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1757", + "tcp.analysis.ack_rtt": "0.003821000", + "tcp.analysis.initial_rtt": "0.004374000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.160034000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.160034000", + "frame.time_delta": "0.000487000", + "frame.time_delta_displayed": "0.000487000", + "frame.time_relative": "465.699348000", + "frame.number": "1759", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000de31", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d997", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47446", + "tcp.dstport": "80", + "tcp.port": "47446", + "tcp.port": "80", + "tcp.stream": "85", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b220", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004374000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.160517000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.160517000", + "frame.time_delta": "0.000483000", + "frame.time_delta_displayed": "0.000483000", + "frame.time_relative": "465.699831000", + "frame.number": "1760", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000026a5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000091e4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47446", + "tcp.port": "80", + "tcp.port": "47446", + "tcp.stream": "85", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004475", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1759", + "tcp.analysis.ack_rtt": "0.000483000", + "tcp.analysis.initial_rtt": "0.004374000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.161265000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.161265000", + "frame.time_delta": "0.000748000", + "frame.time_delta_displayed": "0.000748000", + "frame.time_relative": "465.700579000", + "frame.number": "1761", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000026a6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000091d2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47446", + "tcp.port": "80", + "tcp.port": "47446", + "tcp.stream": "85", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008496", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004374000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.161616000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.161616000", + "frame.time_delta": "0.000351000", + "frame.time_delta_displayed": "0.000351000", + "frame.time_relative": "465.700930000", + "frame.number": "1762", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000026a7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008dff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47446", + "tcp.port": "80", + "tcp.port": "47446", + "tcp.stream": "85", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d6ff", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004374000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1761", + "tcp.segment": "1762", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001582000", + "http.request_in": "1759", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.164444000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.164444000", + "frame.time_delta": "0.002828000", + "frame.time_delta_displayed": "0.002828000", + "frame.time_relative": "465.703758000", + "frame.number": "1763", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000de32", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000da56", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47446", + "tcp.dstport": "80", + "tcp.port": "47446", + "tcp.port": "80", + "tcp.stream": "85", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000051d5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1761", + "tcp.analysis.ack_rtt": "0.003179000", + "tcp.analysis.initial_rtt": "0.004374000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.164578000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.164578000", + "frame.time_delta": "0.000134000", + "frame.time_delta_displayed": "0.000134000", + "frame.time_relative": "465.703892000", + "frame.number": "1764", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000de33", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000da55", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47446", + "tcp.dstport": "80", + "tcp.port": "47446", + "tcp.port": "80", + "tcp.stream": "85", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004dea", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1762", + "tcp.analysis.ack_rtt": "0.002962000", + "tcp.analysis.initial_rtt": "0.004374000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.165498000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.165498000", + "frame.time_delta": "0.000920000", + "frame.time_delta_displayed": "0.000920000", + "frame.time_relative": "465.704812000", + "frame.number": "1765", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000de34", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000da54", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47446", + "tcp.dstport": "80", + "tcp.port": "47446", + "tcp.port": "80", + "tcp.stream": "85", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004de9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.165977000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.165977000", + "frame.time_delta": "0.000479000", + "frame.time_delta_displayed": "0.000479000", + "frame.time_relative": "465.705291000", + "frame.number": "1766", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000da2e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000de5a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47446", + "tcp.port": "80", + "tcp.port": "47446", + "tcp.stream": "85", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000407f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1765", + "tcp.analysis.ack_rtt": "0.000479000", + "tcp.analysis.initial_rtt": "0.004374000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.169488000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.169488000", + "frame.time_delta": "0.003511000", + "frame.time_delta_displayed": "0.003511000", + "frame.time_relative": "465.708802000", + "frame.number": "1767", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ea87", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ce01", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47446", + "tcp.dstport": "80", + "tcp.port": "47446", + "tcp.port": "80", + "tcp.stream": "85", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000056fc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.172714000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.172714000", + "frame.time_delta": "0.003226000", + "frame.time_delta_displayed": "0.003226000", + "frame.time_relative": "465.712028000", + "frame.number": "1768", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000096a9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000020b5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "78", + "http.prev_response_in": "1755" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.178819000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.178819000", + "frame.time_delta": "0.006105000", + "frame.time_delta_displayed": "0.006105000", + "frame.time_relative": "465.718133000", + "frame.number": "1769", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00002c9f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008bd6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47447", + "tcp.dstport": "80", + "tcp.port": "47447", + "tcp.port": "80", + "tcp.stream": "86", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00001968", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:09:5e:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919902, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919902", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.179363000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.179363000", + "frame.time_delta": "0.000544000", + "frame.time_delta_displayed": "0.000544000", + "frame.time_relative": "465.718677000", + "frame.number": "1770", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47447", + "tcp.port": "80", + "tcp.port": "47447", + "tcp.stream": "86", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000014d3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1769", + "tcp.analysis.ack_rtt": "0.000544000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.183040000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.183040000", + "frame.time_delta": "0.003677000", + "frame.time_delta_displayed": "0.003677000", + "frame.time_relative": "465.722354000", + "frame.number": "1771", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002ca0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008be9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47447", + "tcp.dstport": "80", + "tcp.port": "47447", + "tcp.port": "80", + "tcp.stream": "86", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c65a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1770", + "tcp.analysis.ack_rtt": "0.003677000", + "tcp.analysis.initial_rtt": "0.004221000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.183227000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.183227000", + "frame.time_delta": "0.000187000", + "frame.time_delta_displayed": "0.000187000", + "frame.time_relative": "465.722541000", + "frame.number": "1772", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00002ca1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008b28", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47447", + "tcp.dstport": "80", + "tcp.port": "47447", + "tcp.port": "80", + "tcp.stream": "86", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000025d5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004221000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.183679000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.183679000", + "frame.time_delta": "0.000452000", + "frame.time_delta_displayed": "0.000452000", + "frame.time_relative": "465.722993000", + "frame.number": "1773", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d317", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e571", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47447", + "tcp.port": "80", + "tcp.port": "47447", + "tcp.stream": "86", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b829", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1772", + "tcp.analysis.ack_rtt": "0.000452000", + "tcp.analysis.initial_rtt": "0.004221000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.184439000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.184439000", + "frame.time_delta": "0.000760000", + "frame.time_delta_displayed": "0.000760000", + "frame.time_relative": "465.723753000", + "frame.number": "1774", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000d318", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e55f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47447", + "tcp.port": "80", + "tcp.port": "47447", + "tcp.stream": "86", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f84a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004221000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.184794000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.184794000", + "frame.time_delta": "0.000355000", + "frame.time_delta_displayed": "0.000355000", + "frame.time_relative": "465.724108000", + "frame.number": "1775", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000d319", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e18c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47447", + "tcp.port": "80", + "tcp.port": "47447", + "tcp.stream": "86", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004ab4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004221000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1774", + "tcp.segment": "1775", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001567000", + "http.request_in": "1772", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.187326000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.187326000", + "frame.time_delta": "0.002532000", + "frame.time_delta_displayed": "0.002532000", + "frame.time_relative": "465.726640000", + "frame.number": "1776", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002ca2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008be7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47447", + "tcp.dstport": "80", + "tcp.port": "47447", + "tcp.port": "80", + "tcp.stream": "86", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c589", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1774", + "tcp.analysis.ack_rtt": "0.002887000", + "tcp.analysis.initial_rtt": "0.004221000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.187456000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.187456000", + "frame.time_delta": "0.000130000", + "frame.time_delta_displayed": "0.000130000", + "frame.time_relative": "465.726770000", + "frame.number": "1777", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002ca3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008be6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47447", + "tcp.dstport": "80", + "tcp.port": "47447", + "tcp.port": "80", + "tcp.stream": "86", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c19e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1775", + "tcp.analysis.ack_rtt": "0.002662000", + "tcp.analysis.initial_rtt": "0.004221000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.188001000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.188001000", + "frame.time_delta": "0.000545000", + "frame.time_delta_displayed": "0.000545000", + "frame.time_relative": "465.727315000", + "frame.number": "1778", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002ca4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008be5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47447", + "tcp.dstport": "80", + "tcp.port": "47447", + "tcp.port": "80", + "tcp.stream": "86", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c19d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.188445000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.188445000", + "frame.time_delta": "0.000444000", + "frame.time_delta_displayed": "0.000444000", + "frame.time_relative": "465.727759000", + "frame.number": "1779", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000da2f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000de59", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47447", + "tcp.port": "80", + "tcp.port": "47447", + "tcp.stream": "86", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b433", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1778", + "tcp.analysis.ack_rtt": "0.000444000", + "tcp.analysis.initial_rtt": "0.004221000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.192183000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.192183000", + "frame.time_delta": "0.003738000", + "frame.time_delta_displayed": "0.003738000", + "frame.time_relative": "465.731497000", + "frame.number": "1780", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ea88", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ce00", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47447", + "tcp.dstport": "80", + "tcp.port": "47447", + "tcp.port": "80", + "tcp.stream": "86", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000089f3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.383514000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.383514000", + "frame.time_delta": "0.191331000", + "frame.time_delta_displayed": "0.191331000", + "frame.time_relative": "465.922828000", + "frame.number": "1781", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000096b0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000020b1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "79", + "http.prev_response_in": "1768" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.393732000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.393732000", + "frame.time_delta": "0.010218000", + "frame.time_delta_displayed": "0.010218000", + "frame.time_relative": "465.933046000", + "frame.number": "1782", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00004cc4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006bb1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47448", + "tcp.dstport": "80", + "tcp.port": "47448", + "tcp.port": "80", + "tcp.stream": "87", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x000017f4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:09:74:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919924, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919924", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.394289000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.394289000", + "frame.time_delta": "0.000557000", + "frame.time_delta_displayed": "0.000557000", + "frame.time_relative": "465.933603000", + "frame.number": "1783", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47448", + "tcp.port": "80", + "tcp.port": "47448", + "tcp.stream": "87", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008563", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1782", + "tcp.analysis.ack_rtt": "0.000557000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.397850000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.397850000", + "frame.time_delta": "0.003561000", + "frame.time_delta_displayed": "0.003561000", + "frame.time_relative": "465.937164000", + "frame.number": "1784", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004cc5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006bc4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47448", + "tcp.dstport": "80", + "tcp.port": "47448", + "tcp.port": "80", + "tcp.stream": "87", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000036eb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1783", + "tcp.analysis.ack_rtt": "0.003561000", + "tcp.analysis.initial_rtt": "0.004118000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.397987000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.397987000", + "frame.time_delta": "0.000137000", + "frame.time_delta_displayed": "0.000137000", + "frame.time_relative": "465.937301000", + "frame.number": "1785", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00004cc6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006b03", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47448", + "tcp.dstport": "80", + "tcp.port": "47448", + "tcp.port": "80", + "tcp.stream": "87", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009665", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004118000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.398429000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.398429000", + "frame.time_delta": "0.000442000", + "frame.time_delta_displayed": "0.000442000", + "frame.time_relative": "465.937743000", + "frame.number": "1786", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000056ea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000619f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47448", + "tcp.port": "80", + "tcp.port": "47448", + "tcp.stream": "87", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000028ba", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1785", + "tcp.analysis.ack_rtt": "0.000442000", + "tcp.analysis.initial_rtt": "0.004118000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.399170000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.399170000", + "frame.time_delta": "0.000741000", + "frame.time_delta_displayed": "0.000741000", + "frame.time_relative": "465.938484000", + "frame.number": "1787", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000056eb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000618d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47448", + "tcp.port": "80", + "tcp.port": "47448", + "tcp.stream": "87", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000068db", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004118000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.399525000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.399525000", + "frame.time_delta": "0.000355000", + "frame.time_delta_displayed": "0.000355000", + "frame.time_relative": "465.938839000", + "frame.number": "1788", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000056ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005dba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47448", + "tcp.port": "80", + "tcp.port": "47448", + "tcp.stream": "87", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bb44", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004118000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1787", + "tcp.segment": "1788", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001538000", + "http.request_in": "1785", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.400785000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.400785000", + "frame.time_delta": "0.001260000", + "frame.time_delta_displayed": "0.001260000", + "frame.time_relative": "465.940099000", + "frame.number": "1789", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000056ed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005db9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47448", + "tcp.port": "80", + "tcp.port": "47448", + "tcp.stream": "87", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bb44", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004118000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.402426000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.402426000", + "frame.time_delta": "0.001641000", + "frame.time_delta_displayed": "0.001641000", + "frame.time_relative": "465.941740000", + "frame.number": "1790", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004cc7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006bc2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47448", + "tcp.dstport": "80", + "tcp.port": "47448", + "tcp.port": "80", + "tcp.stream": "87", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000361a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1787", + "tcp.analysis.ack_rtt": "0.003256000", + "tcp.analysis.initial_rtt": "0.004118000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.402474000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.402474000", + "frame.time_delta": "0.000048000", + "frame.time_delta_displayed": "0.000048000", + "frame.time_relative": "465.941788000", + "frame.number": "1791", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004cc8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006bc1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47448", + "tcp.dstport": "80", + "tcp.port": "47448", + "tcp.port": "80", + "tcp.stream": "87", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000322f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1788", + "tcp.analysis.ack_rtt": "0.002949000", + "tcp.analysis.initial_rtt": "0.004118000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.403354000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.403354000", + "frame.time_delta": "0.000880000", + "frame.time_delta_displayed": "0.000880000", + "frame.time_relative": "465.942668000", + "frame.number": "1792", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004cc9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006bc0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47448", + "tcp.dstport": "80", + "tcp.port": "47448", + "tcp.port": "80", + "tcp.stream": "87", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000322e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.403796000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.403796000", + "frame.time_delta": "0.000442000", + "frame.time_delta_displayed": "0.000442000", + "frame.time_relative": "465.943110000", + "frame.number": "1793", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000da32", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000de56", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47448", + "tcp.port": "80", + "tcp.port": "47448", + "tcp.stream": "87", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000024c4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1792", + "tcp.analysis.ack_rtt": "0.000442000", + "tcp.analysis.initial_rtt": "0.004118000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.405300000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.405300000", + "frame.time_delta": "0.001504000", + "frame.time_delta_displayed": "0.001504000", + "frame.time_relative": "465.944614000", + "frame.number": "1794", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ea8f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cdf9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47448", + "tcp.dstport": "80", + "tcp.port": "47448", + "tcp.port": "80", + "tcp.stream": "87", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008896", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.408081000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.408081000", + "frame.time_delta": "0.002781000", + "frame.time_delta_displayed": "0.002781000", + "frame.time_relative": "465.947395000", + "frame.number": "1795", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ea90", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cdf8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47448", + "tcp.dstport": "80", + "tcp.port": "47448", + "tcp.port": "80", + "tcp.stream": "87", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008895", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.436801000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.436801000", + "frame.time_delta": "0.028720000", + "frame.time_delta_displayed": "0.028720000", + "frame.time_relative": "465.976115000", + "frame.number": "1796", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000096b5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000020a3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "80", + "http.prev_response_in": "1781" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.444112000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.444112000", + "frame.time_delta": "0.007311000", + "frame.time_delta_displayed": "0.007311000", + "frame.time_relative": "465.983426000", + "frame.number": "1797", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00003fbd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000078b8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47449", + "tcp.dstport": "80", + "tcp.port": "47449", + "tcp.port": "80", + "tcp.stream": "88", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000e9f0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:09:79:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919929, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919929", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.444654000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.444654000", + "frame.time_delta": "0.000542000", + "frame.time_delta_displayed": "0.000542000", + "frame.time_relative": "465.983968000", + "frame.number": "1798", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47449", + "tcp.port": "80", + "tcp.port": "47449", + "tcp.stream": "88", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000085e1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1797", + "tcp.analysis.ack_rtt": "0.000542000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.447849000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.447849000", + "frame.time_delta": "0.003195000", + "frame.time_delta_displayed": "0.003195000", + "frame.time_relative": "465.987163000", + "frame.number": "1799", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003fbe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000078cb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47449", + "tcp.dstport": "80", + "tcp.port": "47449", + "tcp.port": "80", + "tcp.stream": "88", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003769", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1798", + "tcp.analysis.ack_rtt": "0.003195000", + "tcp.analysis.initial_rtt": "0.003737000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.447978000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.447978000", + "frame.time_delta": "0.000129000", + "frame.time_delta_displayed": "0.000129000", + "frame.time_relative": "465.987292000", + "frame.number": "1800", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00003fbf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000780a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47449", + "tcp.dstport": "80", + "tcp.port": "47449", + "tcp.port": "80", + "tcp.stream": "88", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000096e3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003737000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.448415000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.448415000", + "frame.time_delta": "0.000437000", + "frame.time_delta_displayed": "0.000437000", + "frame.time_relative": "465.987729000", + "frame.number": "1801", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000123e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a64b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47449", + "tcp.port": "80", + "tcp.port": "47449", + "tcp.stream": "88", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002938", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1800", + "tcp.analysis.ack_rtt": "0.000437000", + "tcp.analysis.initial_rtt": "0.003737000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.449102000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.449102000", + "frame.time_delta": "0.000687000", + "frame.time_delta_displayed": "0.000687000", + "frame.time_relative": "465.988416000", + "frame.number": "1802", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000123f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a639", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47449", + "tcp.port": "80", + "tcp.port": "47449", + "tcp.stream": "88", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006959", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003737000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.449455000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.449455000", + "frame.time_delta": "0.000353000", + "frame.time_delta_displayed": "0.000353000", + "frame.time_relative": "465.988769000", + "frame.number": "1803", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00001240", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a266", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47449", + "tcp.port": "80", + "tcp.port": "47449", + "tcp.stream": "88", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bbc2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003737000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1802", + "tcp.segment": "1803", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001477000", + "http.request_in": "1800", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.450767000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.450767000", + "frame.time_delta": "0.001312000", + "frame.time_delta_displayed": "0.001312000", + "frame.time_relative": "465.990081000", + "frame.number": "1804", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00001241", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a265", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47449", + "tcp.port": "80", + "tcp.port": "47449", + "tcp.stream": "88", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bbc2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003737000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.455803000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.455803000", + "frame.time_delta": "0.005036000", + "frame.time_delta_displayed": "0.005036000", + "frame.time_relative": "465.995117000", + "frame.number": "1805", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003fc0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000078c9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47449", + "tcp.dstport": "80", + "tcp.port": "47449", + "tcp.port": "80", + "tcp.stream": "88", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003698", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1802", + "tcp.analysis.ack_rtt": "0.006701000", + "tcp.analysis.initial_rtt": "0.003737000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.455935000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.455935000", + "frame.time_delta": "0.000132000", + "frame.time_delta_displayed": "0.000132000", + "frame.time_relative": "465.995249000", + "frame.number": "1806", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003fc1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000078c8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47449", + "tcp.dstport": "80", + "tcp.port": "47449", + "tcp.port": "80", + "tcp.stream": "88", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000032ad", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1803", + "tcp.analysis.ack_rtt": "0.006480000", + "tcp.analysis.initial_rtt": "0.003737000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.456442000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.456442000", + "frame.time_delta": "0.000507000", + "frame.time_delta_displayed": "0.000507000", + "frame.time_relative": "465.995756000", + "frame.number": "1807", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00003fc2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000078bb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47449", + "tcp.dstport": "80", + "tcp.port": "47449", + "tcp.port": "80", + "tcp.stream": "88", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b377", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:e8:03:3a:99:e8:03:3e:7d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003737000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "1806", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.456901000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.456901000", + "frame.time_delta": "0.000459000", + "frame.time_delta_displayed": "0.000459000", + "frame.time_relative": "465.996215000", + "frame.number": "1808", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003fc3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000078c6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47449", + "tcp.dstport": "80", + "tcp.port": "47449", + "tcp.port": "80", + "tcp.stream": "88", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000032ac", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.457316000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.457316000", + "frame.time_delta": "0.000415000", + "frame.time_delta_displayed": "0.000415000", + "frame.time_relative": "465.996630000", + "frame.number": "1809", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000da35", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000de53", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47449", + "tcp.port": "80", + "tcp.port": "47449", + "tcp.stream": "88", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002542", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1808", + "tcp.analysis.ack_rtt": "0.000415000", + "tcp.analysis.initial_rtt": "0.003737000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.464119000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.464119000", + "frame.time_delta": "0.006803000", + "frame.time_delta_displayed": "0.006803000", + "frame.time_relative": "466.003433000", + "frame.number": "1810", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ea94", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cdf4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47449", + "tcp.dstport": "80", + "tcp.port": "47449", + "tcp.port": "80", + "tcp.stream": "88", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005a97", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.489643000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.489643000", + "frame.time_delta": "0.025524000", + "frame.time_delta_displayed": "0.025524000", + "frame.time_relative": "466.028957000", + "frame.number": "1811", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000096b7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000020a7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "81", + "http.prev_response_in": "1796" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.496732000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.496732000", + "frame.time_delta": "0.007089000", + "frame.time_delta_displayed": "0.007089000", + "frame.time_relative": "466.036046000", + "frame.number": "1812", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000302d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008848", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47450", + "tcp.dstport": "80", + "tcp.port": "47450", + "tcp.port": "80", + "tcp.stream": "89", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00009d32", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:09:7e:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 919934, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "919934", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.497269000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.497269000", + "frame.time_delta": "0.000537000", + "frame.time_delta_displayed": "0.000537000", + "frame.time_relative": "466.036583000", + "frame.number": "1813", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47450", + "tcp.port": "80", + "tcp.port": "47450", + "tcp.stream": "89", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000b810", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1812", + "tcp.analysis.ack_rtt": "0.000537000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.500670000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.500670000", + "frame.time_delta": "0.003401000", + "frame.time_delta_displayed": "0.003401000", + "frame.time_relative": "466.039984000", + "frame.number": "1814", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000302e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000885b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47450", + "tcp.dstport": "80", + "tcp.port": "47450", + "tcp.port": "80", + "tcp.stream": "89", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006998", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1813", + "tcp.analysis.ack_rtt": "0.003401000", + "tcp.analysis.initial_rtt": "0.003938000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.500842000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.500842000", + "frame.time_delta": "0.000172000", + "frame.time_delta_displayed": "0.000172000", + "frame.time_relative": "466.040156000", + "frame.number": "1815", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000302f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000879a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47450", + "tcp.dstport": "80", + "tcp.port": "47450", + "tcp.port": "80", + "tcp.stream": "89", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c912", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003938000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.501309000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.501309000", + "frame.time_delta": "0.000467000", + "frame.time_delta_displayed": "0.000467000", + "frame.time_relative": "466.040623000", + "frame.number": "1816", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b3c4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000004c5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47450", + "tcp.port": "80", + "tcp.port": "47450", + "tcp.stream": "89", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005b67", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1815", + "tcp.analysis.ack_rtt": "0.000467000", + "tcp.analysis.initial_rtt": "0.003938000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.501949000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.501949000", + "frame.time_delta": "0.000640000", + "frame.time_delta_displayed": "0.000640000", + "frame.time_relative": "466.041263000", + "frame.number": "1817", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000b3c5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000004b3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47450", + "tcp.port": "80", + "tcp.port": "47450", + "tcp.stream": "89", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009b88", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003938000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.502304000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.502304000", + "frame.time_delta": "0.000355000", + "frame.time_delta_displayed": "0.000355000", + "frame.time_relative": "466.041618000", + "frame.number": "1818", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000b3c6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000000e0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47450", + "tcp.port": "80", + "tcp.port": "47450", + "tcp.stream": "89", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000edf1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003938000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1817", + "tcp.segment": "1818", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001462000", + "http.request_in": "1815", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.505732000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.505732000", + "frame.time_delta": "0.003428000", + "frame.time_delta_displayed": "0.003428000", + "frame.time_relative": "466.045046000", + "frame.number": "1819", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003030", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008859", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47450", + "tcp.dstport": "80", + "tcp.port": "47450", + "tcp.port": "80", + "tcp.stream": "89", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000068c7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1817", + "tcp.analysis.ack_rtt": "0.003783000", + "tcp.analysis.initial_rtt": "0.003938000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.506226000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.506226000", + "frame.time_delta": "0.000494000", + "frame.time_delta_displayed": "0.000494000", + "frame.time_relative": "466.045540000", + "frame.number": "1820", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003031", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008858", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47450", + "tcp.dstport": "80", + "tcp.port": "47450", + "tcp.port": "80", + "tcp.stream": "89", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000064dc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1818", + "tcp.analysis.ack_rtt": "0.003922000", + "tcp.analysis.initial_rtt": "0.003938000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.506842000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.506842000", + "frame.time_delta": "0.000616000", + "frame.time_delta_displayed": "0.000616000", + "frame.time_relative": "466.046156000", + "frame.number": "1821", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003032", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008857", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47450", + "tcp.dstport": "80", + "tcp.port": "47450", + "tcp.port": "80", + "tcp.stream": "89", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000064db", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.507288000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.507288000", + "frame.time_delta": "0.000446000", + "frame.time_delta_displayed": "0.000446000", + "frame.time_relative": "466.046602000", + "frame.number": "1822", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000da3a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000de4e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47450", + "tcp.port": "80", + "tcp.port": "47450", + "tcp.stream": "89", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005771", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1821", + "tcp.analysis.ack_rtt": "0.000446000", + "tcp.analysis.initial_rtt": "0.003938000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:17.511224000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494057.511224000", + "frame.time_delta": "0.003936000", + "frame.time_delta_displayed": "0.003936000", + "frame.time_relative": "466.050538000", + "frame.number": "1823", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ea96", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cdf2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47450", + "tcp.dstport": "80", + "tcp.port": "47450", + "tcp.port": "80", + "tcp.stream": "89", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000dde", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.436549000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.436549000", + "frame.time_delta": "0.925325000", + "frame.time_delta_displayed": "0.925325000", + "frame.time_relative": "466.975863000", + "frame.number": "1824", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000970d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002054", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "82", + "http.prev_response_in": "1811" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.489324000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.489324000", + "frame.time_delta": "0.052775000", + "frame.time_delta_displayed": "0.052775000", + "frame.time_relative": "467.028638000", + "frame.number": "1825", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000970e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000204a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "83", + "http.prev_response_in": "1824" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.490655000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.490655000", + "frame.time_delta": "0.001331000", + "frame.time_delta_displayed": "0.001331000", + "frame.time_relative": "467.029969000", + "frame.number": "1826", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000cb7c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ecf8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47451", + "tcp.dstport": "80", + "tcp.port": "47451", + "tcp.port": "80", + "tcp.stream": "90", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000e2f3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:09:e1:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 920033, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "920033", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.491203000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.491203000", + "frame.time_delta": "0.000548000", + "frame.time_delta_displayed": "0.000548000", + "frame.time_relative": "467.030517000", + "frame.number": "1827", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47451", + "tcp.port": "80", + "tcp.port": "47451", + "tcp.stream": "90", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00009d87", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1826", + "tcp.analysis.ack_rtt": "0.000548000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.495019000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.495019000", + "frame.time_delta": "0.003816000", + "frame.time_delta_displayed": "0.003816000", + "frame.time_relative": "467.034333000", + "frame.number": "1828", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cb7d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ed0b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47451", + "tcp.dstport": "80", + "tcp.port": "47451", + "tcp.port": "80", + "tcp.stream": "90", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004f0f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1827", + "tcp.analysis.ack_rtt": "0.003816000", + "tcp.analysis.initial_rtt": "0.004364000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.495718000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.495718000", + "frame.time_delta": "0.000699000", + "frame.time_delta_displayed": "0.000699000", + "frame.time_relative": "467.035032000", + "frame.number": "1829", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000cb7e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ec4a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47451", + "tcp.dstport": "80", + "tcp.port": "47451", + "tcp.port": "80", + "tcp.stream": "90", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ae89", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004364000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.496205000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.496205000", + "frame.time_delta": "0.000487000", + "frame.time_delta_displayed": "0.000487000", + "frame.time_relative": "467.035519000", + "frame.number": "1830", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000daaf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ddd9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47451", + "tcp.port": "80", + "tcp.port": "47451", + "tcp.stream": "90", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000040de", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1829", + "tcp.analysis.ack_rtt": "0.000487000", + "tcp.analysis.initial_rtt": "0.004364000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.496857000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.496857000", + "frame.time_delta": "0.000652000", + "frame.time_delta_displayed": "0.000652000", + "frame.time_relative": "467.036171000", + "frame.number": "1831", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000dab0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ddc7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47451", + "tcp.port": "80", + "tcp.port": "47451", + "tcp.stream": "90", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000080ff", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004364000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.497236000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.497236000", + "frame.time_delta": "0.000379000", + "frame.time_delta_displayed": "0.000379000", + "frame.time_relative": "467.036550000", + "frame.number": "1832", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000dab1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d9f4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47451", + "tcp.port": "80", + "tcp.port": "47451", + "tcp.stream": "90", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d368", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004364000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1831", + "tcp.segment": "1832", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001518000", + "http.request_in": "1829", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.500768000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.500768000", + "frame.time_delta": "0.003532000", + "frame.time_delta_displayed": "0.003532000", + "frame.time_relative": "467.040082000", + "frame.number": "1833", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000dab2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d9f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47451", + "tcp.port": "80", + "tcp.port": "47451", + "tcp.stream": "90", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d368", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004364000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.501131000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.501131000", + "frame.time_delta": "0.000363000", + "frame.time_delta_displayed": "0.000363000", + "frame.time_relative": "467.040445000", + "frame.number": "1834", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cb7f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ed09", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47451", + "tcp.dstport": "80", + "tcp.port": "47451", + "tcp.port": "80", + "tcp.stream": "90", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004e3e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1831", + "tcp.analysis.ack_rtt": "0.004274000", + "tcp.analysis.initial_rtt": "0.004364000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.502142000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.502142000", + "frame.time_delta": "0.001011000", + "frame.time_delta_displayed": "0.001011000", + "frame.time_relative": "467.041456000", + "frame.number": "1835", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cb80", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ed08", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47451", + "tcp.dstport": "80", + "tcp.port": "47451", + "tcp.port": "80", + "tcp.stream": "90", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004a53", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1832", + "tcp.analysis.ack_rtt": "0.004906000", + "tcp.analysis.initial_rtt": "0.004364000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.505084000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.505084000", + "frame.time_delta": "0.002942000", + "frame.time_delta_displayed": "0.002942000", + "frame.time_relative": "467.044398000", + "frame.number": "1836", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000cb81", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ecfb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47451", + "tcp.dstport": "80", + "tcp.port": "47451", + "tcp.port": "80", + "tcp.stream": "90", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000794", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:10:a0:f3:c1:10:a0:f7:a5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004364000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "1835", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.507016000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.507016000", + "frame.time_delta": "0.001932000", + "frame.time_delta_displayed": "0.001932000", + "frame.time_relative": "467.046330000", + "frame.number": "1837", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cb82", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ed06", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47451", + "tcp.dstport": "80", + "tcp.port": "47451", + "tcp.port": "80", + "tcp.stream": "90", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004a52", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.507470000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.507470000", + "frame.time_delta": "0.000454000", + "frame.time_delta_displayed": "0.000454000", + "frame.time_relative": "467.046784000", + "frame.number": "1838", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000da82", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000de06", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47451", + "tcp.port": "80", + "tcp.port": "47451", + "tcp.stream": "90", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003ce8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1837", + "tcp.analysis.ack_rtt": "0.000454000", + "tcp.analysis.initial_rtt": "0.004364000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.513988000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.513988000", + "frame.time_delta": "0.006518000", + "frame.time_delta_displayed": "0.006518000", + "frame.time_relative": "467.053302000", + "frame.number": "1839", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000eaa0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cde8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47451", + "tcp.dstport": "80", + "tcp.port": "47451", + "tcp.port": "80", + "tcp.stream": "90", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005402", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.542194000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.542194000", + "frame.time_delta": "0.028206000", + "frame.time_delta_displayed": "0.028206000", + "frame.time_relative": "467.081508000", + "frame.number": "1840", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00009714", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000204a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "84", + "http.prev_response_in": "1825" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.556219000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.556219000", + "frame.time_delta": "0.014025000", + "frame.time_delta_displayed": "0.014025000", + "frame.time_relative": "467.095533000", + "frame.number": "1841", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00000242", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b633", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47452", + "tcp.dstport": "80", + "tcp.port": "47452", + "tcp.port": "80", + "tcp.stream": "91", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00006fe1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:09:e8:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 920040, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "920040", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.556759000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.556759000", + "frame.time_delta": "0.000540000", + "frame.time_delta_displayed": "0.000540000", + "frame.time_relative": "467.096073000", + "frame.number": "1842", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47452", + "tcp.port": "80", + "tcp.port": "47452", + "tcp.stream": "91", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000016da", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1841", + "tcp.analysis.ack_rtt": "0.000540000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.561037000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.561037000", + "frame.time_delta": "0.004278000", + "frame.time_delta_displayed": "0.004278000", + "frame.time_relative": "467.100351000", + "frame.number": "1843", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000243", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b646", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47452", + "tcp.dstport": "80", + "tcp.port": "47452", + "tcp.port": "80", + "tcp.stream": "91", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c861", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1842", + "tcp.analysis.ack_rtt": "0.004278000", + "tcp.analysis.initial_rtt": "0.004818000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.562611000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.562611000", + "frame.time_delta": "0.001574000", + "frame.time_delta_displayed": "0.001574000", + "frame.time_relative": "467.101925000", + "frame.number": "1844", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00000244", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b585", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47452", + "tcp.dstport": "80", + "tcp.port": "47452", + "tcp.port": "80", + "tcp.stream": "91", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000027dc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004818000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.563100000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.563100000", + "frame.time_delta": "0.000489000", + "frame.time_delta_displayed": "0.000489000", + "frame.time_relative": "467.102414000", + "frame.number": "1845", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000aace", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000dbb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47452", + "tcp.port": "80", + "tcp.port": "47452", + "tcp.stream": "91", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ba30", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1844", + "tcp.analysis.ack_rtt": "0.000489000", + "tcp.analysis.initial_rtt": "0.004818000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.563769000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.563769000", + "frame.time_delta": "0.000669000", + "frame.time_delta_displayed": "0.000669000", + "frame.time_relative": "467.103083000", + "frame.number": "1846", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000aacf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000da9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47452", + "tcp.port": "80", + "tcp.port": "47452", + "tcp.stream": "91", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000fa51", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004818000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.564122000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.564122000", + "frame.time_delta": "0.000353000", + "frame.time_delta_displayed": "0.000353000", + "frame.time_relative": "467.103436000", + "frame.number": "1847", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000aad0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000009d6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47452", + "tcp.port": "80", + "tcp.port": "47452", + "tcp.stream": "91", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004cbb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004818000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1846", + "tcp.segment": "1847", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001511000", + "http.request_in": "1844", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.568003000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.568003000", + "frame.time_delta": "0.003881000", + "frame.time_delta_displayed": "0.003881000", + "frame.time_relative": "467.107317000", + "frame.number": "1848", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000245", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b644", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47452", + "tcp.dstport": "80", + "tcp.port": "47452", + "tcp.port": "80", + "tcp.stream": "91", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c790", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1846", + "tcp.analysis.ack_rtt": "0.004234000", + "tcp.analysis.initial_rtt": "0.004818000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.568463000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.568463000", + "frame.time_delta": "0.000460000", + "frame.time_delta_displayed": "0.000460000", + "frame.time_relative": "467.107777000", + "frame.number": "1849", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000246", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b643", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47452", + "tcp.dstport": "80", + "tcp.port": "47452", + "tcp.port": "80", + "tcp.stream": "91", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c3a5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1847", + "tcp.analysis.ack_rtt": "0.004341000", + "tcp.analysis.initial_rtt": "0.004818000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.571294000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.571294000", + "frame.time_delta": "0.002831000", + "frame.time_delta_displayed": "0.002831000", + "frame.time_relative": "467.110608000", + "frame.number": "1850", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000247", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b642", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47452", + "tcp.dstport": "80", + "tcp.port": "47452", + "tcp.port": "80", + "tcp.stream": "91", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c3a4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.571768000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.571768000", + "frame.time_delta": "0.000474000", + "frame.time_delta_displayed": "0.000474000", + "frame.time_relative": "467.111082000", + "frame.number": "1851", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000da86", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000de02", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47452", + "tcp.port": "80", + "tcp.port": "47452", + "tcp.stream": "91", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b63a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1850", + "tcp.analysis.ack_rtt": "0.000474000", + "tcp.analysis.initial_rtt": "0.004818000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:18.577017000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494058.577017000", + "frame.time_delta": "0.005249000", + "frame.time_delta_displayed": "0.005249000", + "frame.time_relative": "467.116331000", + "frame.number": "1852", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000eaa5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cde3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47452", + "tcp.dstport": "80", + "tcp.port": "47452", + "tcp.port": "80", + "tcp.stream": "91", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e0f6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.122537000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.122537000", + "frame.time_delta": "0.545520000", + "frame.time_delta_displayed": "0.545520000", + "frame.time_relative": "467.661851000", + "frame.number": "1853", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00009722", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000203f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "85", + "http.prev_response_in": "1840" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.174901000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.174901000", + "frame.time_delta": "0.052364000", + "frame.time_delta_displayed": "0.052364000", + "frame.time_relative": "467.714215000", + "frame.number": "1854", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00009725", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002033", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "86", + "http.prev_response_in": "1853" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.206584000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.206584000", + "frame.time_delta": "0.031683000", + "frame.time_delta_displayed": "0.031683000", + "frame.time_relative": "467.745898000", + "frame.number": "1855", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000001b7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b6be", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47453", + "tcp.dstport": "80", + "tcp.port": "47453", + "tcp.port": "80", + "tcp.stream": "92", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000ec4d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:0a:29:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 920105, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "920105", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.207150000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.207150000", + "frame.time_delta": "0.000566000", + "frame.time_delta_displayed": "0.000566000", + "frame.time_relative": "467.746464000", + "frame.number": "1856", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47453", + "tcp.port": "80", + "tcp.port": "47453", + "tcp.stream": "92", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00009e32", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1855", + "tcp.analysis.ack_rtt": "0.000566000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.211697000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.211697000", + "frame.time_delta": "0.004547000", + "frame.time_delta_displayed": "0.004547000", + "frame.time_relative": "467.751011000", + "frame.number": "1857", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000001b8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b6d1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47453", + "tcp.dstport": "80", + "tcp.port": "47453", + "tcp.port": "80", + "tcp.stream": "92", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004fba", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1856", + "tcp.analysis.ack_rtt": "0.004547000", + "tcp.analysis.initial_rtt": "0.005113000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.212842000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.212842000", + "frame.time_delta": "0.001145000", + "frame.time_delta_displayed": "0.001145000", + "frame.time_relative": "467.752156000", + "frame.number": "1858", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000001b9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b610", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47453", + "tcp.dstport": "80", + "tcp.port": "47453", + "tcp.port": "80", + "tcp.stream": "92", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000af34", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005113000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.213328000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.213328000", + "frame.time_delta": "0.000486000", + "frame.time_delta_displayed": "0.000486000", + "frame.time_relative": "467.752642000", + "frame.number": "1859", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000035a2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000082e7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47453", + "tcp.port": "80", + "tcp.port": "47453", + "tcp.stream": "92", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004189", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1858", + "tcp.analysis.ack_rtt": "0.000486000", + "tcp.analysis.initial_rtt": "0.005113000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.213972000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.213972000", + "frame.time_delta": "0.000644000", + "frame.time_delta_displayed": "0.000644000", + "frame.time_relative": "467.753286000", + "frame.number": "1860", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000035a3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000082d5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47453", + "tcp.port": "80", + "tcp.port": "47453", + "tcp.stream": "92", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000081aa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005113000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.214364000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.214364000", + "frame.time_delta": "0.000392000", + "frame.time_delta_displayed": "0.000392000", + "frame.time_relative": "467.753678000", + "frame.number": "1861", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000035a4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007f02", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47453", + "tcp.port": "80", + "tcp.port": "47453", + "tcp.stream": "92", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d413", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005113000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1860", + "tcp.segment": "1861", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001522000", + "http.request_in": "1858", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.219150000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.219150000", + "frame.time_delta": "0.004786000", + "frame.time_delta_displayed": "0.004786000", + "frame.time_relative": "467.758464000", + "frame.number": "1862", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000001ba", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b6cf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47453", + "tcp.dstport": "80", + "tcp.port": "47453", + "tcp.port": "80", + "tcp.stream": "92", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004ee9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1860", + "tcp.analysis.ack_rtt": "0.005178000", + "tcp.analysis.initial_rtt": "0.005113000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.219582000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.219582000", + "frame.time_delta": "0.000432000", + "frame.time_delta_displayed": "0.000432000", + "frame.time_relative": "467.758896000", + "frame.number": "1863", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000001bb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b6ce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47453", + "tcp.dstport": "80", + "tcp.port": "47453", + "tcp.port": "80", + "tcp.stream": "92", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004afe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1861", + "tcp.analysis.ack_rtt": "0.005218000", + "tcp.analysis.initial_rtt": "0.005113000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.223070000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.223070000", + "frame.time_delta": "0.003488000", + "frame.time_delta_displayed": "0.003488000", + "frame.time_relative": "467.762384000", + "frame.number": "1864", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000001bc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b6cd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47453", + "tcp.dstport": "80", + "tcp.port": "47453", + "tcp.port": "80", + "tcp.stream": "92", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004afd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.223539000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.223539000", + "frame.time_delta": "0.000469000", + "frame.time_delta_displayed": "0.000469000", + "frame.time_relative": "467.762853000", + "frame.number": "1865", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000daa6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dde2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47453", + "tcp.port": "80", + "tcp.port": "47453", + "tcp.stream": "92", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003d93", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1864", + "tcp.analysis.ack_rtt": "0.000469000", + "tcp.analysis.initial_rtt": "0.005113000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.227727000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.227727000", + "frame.time_delta": "0.004188000", + "frame.time_delta_displayed": "0.004188000", + "frame.time_relative": "467.767041000", + "frame.number": "1866", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00009728", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002036", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "87", + "http.prev_response_in": "1854" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.228055000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.228055000", + "frame.time_delta": "0.000328000", + "frame.time_delta_displayed": "0.000328000", + "frame.time_relative": "467.767369000", + "frame.number": "1867", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000eaa7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cde1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47453", + "tcp.dstport": "80", + "tcp.port": "47453", + "tcp.port": "80", + "tcp.stream": "92", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005da4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.239648000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.239648000", + "frame.time_delta": "0.011593000", + "frame.time_delta_displayed": "0.011593000", + "frame.time_relative": "467.778962000", + "frame.number": "1868", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000069ba", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004ebb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47454", + "tcp.dstport": "80", + "tcp.port": "47454", + "tcp.port": "80", + "tcp.stream": "93", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000f39a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:0a:2c:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 920108, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "920108", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.240284000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.240284000", + "frame.time_delta": "0.000636000", + "frame.time_delta_displayed": "0.000636000", + "frame.time_relative": "467.779598000", + "frame.number": "1869", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47454", + "tcp.port": "80", + "tcp.port": "47454", + "tcp.stream": "93", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000d717", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1868", + "tcp.analysis.ack_rtt": "0.000636000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.244649000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.244649000", + "frame.time_delta": "0.004365000", + "frame.time_delta_displayed": "0.004365000", + "frame.time_relative": "467.783963000", + "frame.number": "1870", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000069bb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004ece", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47454", + "tcp.dstport": "80", + "tcp.port": "47454", + "tcp.port": "80", + "tcp.stream": "93", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000889f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1869", + "tcp.analysis.ack_rtt": "0.004365000", + "tcp.analysis.initial_rtt": "0.005001000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.245523000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.245523000", + "frame.time_delta": "0.000874000", + "frame.time_delta_displayed": "0.000874000", + "frame.time_relative": "467.784837000", + "frame.number": "1871", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000069bc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004e0d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47454", + "tcp.dstport": "80", + "tcp.port": "47454", + "tcp.port": "80", + "tcp.stream": "93", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e819", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005001000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.245995000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.245995000", + "frame.time_delta": "0.000472000", + "frame.time_delta_displayed": "0.000472000", + "frame.time_relative": "467.785309000", + "frame.number": "1872", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b109", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000780", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47454", + "tcp.port": "80", + "tcp.port": "47454", + "tcp.stream": "93", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007a6e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1871", + "tcp.analysis.ack_rtt": "0.000472000", + "tcp.analysis.initial_rtt": "0.005001000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.246637000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.246637000", + "frame.time_delta": "0.000642000", + "frame.time_delta_displayed": "0.000642000", + "frame.time_relative": "467.785951000", + "frame.number": "1873", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000b10a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000076e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47454", + "tcp.port": "80", + "tcp.port": "47454", + "tcp.stream": "93", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ba8f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005001000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.246985000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.246985000", + "frame.time_delta": "0.000348000", + "frame.time_delta_displayed": "0.000348000", + "frame.time_relative": "467.786299000", + "frame.number": "1874", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000b10b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000039b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47454", + "tcp.port": "80", + "tcp.port": "47454", + "tcp.stream": "93", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000cf9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005001000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1873", + "tcp.segment": "1874", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001462000", + "http.request_in": "1871", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.251768000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.251768000", + "frame.time_delta": "0.004783000", + "frame.time_delta_displayed": "0.004783000", + "frame.time_relative": "467.791082000", + "frame.number": "1875", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000069bd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004ecc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47454", + "tcp.dstport": "80", + "tcp.port": "47454", + "tcp.port": "80", + "tcp.stream": "93", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000087ce", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1873", + "tcp.analysis.ack_rtt": "0.005131000", + "tcp.analysis.initial_rtt": "0.005001000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.460794000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.460794000", + "frame.time_delta": "0.209026000", + "frame.time_delta_displayed": "0.209026000", + "frame.time_relative": "468.000108000", + "frame.number": "1876", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000b10c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000039a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47454", + "tcp.port": "80", + "tcp.port": "47454", + "tcp.stream": "93", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000cf9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005001000", + "tcp.analysis.bytes_in_flight": "996", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.retransmission": "", + "_ws.expert.message": "This frame is a (suspected) retransmission", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + }, + "tcp.analysis.rto": "0.213809000", + "tcp.analysis.rto_frame": "1874" + } + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.611669000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.611669000", + "frame.time_delta": "0.150875000", + "frame.time_delta_displayed": "0.150875000", + "frame.time_relative": "468.150983000", + "frame.number": "1877", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000069be", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004ecb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47454", + "tcp.dstport": "80", + "tcp.port": "47454", + "tcp.port": "80", + "tcp.stream": "93", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000083e3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1874", + "tcp.analysis.ack_rtt": "0.364684000", + "tcp.analysis.initial_rtt": "0.005001000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.611721000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.611721000", + "frame.time_delta": "0.000052000", + "frame.time_delta_displayed": "0.000052000", + "frame.time_relative": "468.151035000", + "frame.number": "1878", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000069bf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004ebe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47454", + "tcp.dstport": "80", + "tcp.port": "47454", + "tcp.port": "80", + "tcp.stream": "93", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009260", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:43:4f:98:74:43:4f:9c:58", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005001000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "1877", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.612961000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.612961000", + "frame.time_delta": "0.001240000", + "frame.time_delta_displayed": "0.001240000", + "frame.time_relative": "468.152275000", + "frame.number": "1879", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000069c0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004ec9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47454", + "tcp.dstport": "80", + "tcp.port": "47454", + "tcp.port": "80", + "tcp.stream": "93", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000083e2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.613394000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.613394000", + "frame.time_delta": "0.000433000", + "frame.time_delta_displayed": "0.000433000", + "frame.time_relative": "468.152708000", + "frame.number": "1880", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000dacb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ddbd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47454", + "tcp.port": "80", + "tcp.port": "47454", + "tcp.stream": "93", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007678", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1879", + "tcp.analysis.ack_rtt": "0.000433000", + "tcp.analysis.initial_rtt": "0.005001000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:19.617894000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494059.617894000", + "frame.time_delta": "0.004500000", + "frame.time_delta_displayed": "0.004500000", + "frame.time_relative": "468.157208000", + "frame.number": "1881", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000eacb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cdbd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47454", + "tcp.dstport": "80", + "tcp.port": "47454", + "tcp.port": "80", + "tcp.stream": "93", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000064f4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:20.174241000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494060.174241000", + "frame.time_delta": "0.556347000", + "frame.time_delta_displayed": "0.556347000", + "frame.time_relative": "468.713555000", + "frame.number": "1882", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000973f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002022", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "88", + "http.prev_response_in": "1866" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:20.227244000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494060.227244000", + "frame.time_delta": "0.053003000", + "frame.time_delta_displayed": "0.053003000", + "frame.time_relative": "468.766558000", + "frame.number": "1883", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00009744", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002014", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "89", + "http.prev_response_in": "1882" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:20.280139000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494060.280139000", + "frame.time_delta": "0.052895000", + "frame.time_delta_displayed": "0.052895000", + "frame.time_relative": "468.819453000", + "frame.number": "1884", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00009746", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002018", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "90", + "http.prev_response_in": "1883" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:20.368495000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494060.368495000", + "frame.time_delta": "0.088356000", + "frame.time_delta_displayed": "0.088356000", + "frame.time_relative": "468.907809000", + "frame.number": "1885", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000045c5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000072b0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47455", + "tcp.dstport": "80", + "tcp.port": "47455", + "tcp.port": "80", + "tcp.stream": "94", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000b2e9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:0a:9a:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 920218, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "920218", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:20.369041000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494060.369041000", + "frame.time_delta": "0.000546000", + "frame.time_delta_displayed": "0.000546000", + "frame.time_relative": "468.908355000", + "frame.number": "1886", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47455", + "tcp.port": "80", + "tcp.port": "47455", + "tcp.stream": "94", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000554c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1885", + "tcp.analysis.ack_rtt": "0.000546000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:20.373377000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494060.373377000", + "frame.time_delta": "0.004336000", + "frame.time_delta_displayed": "0.004336000", + "frame.time_relative": "468.912691000", + "frame.number": "1887", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000045c6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000072c3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47455", + "tcp.dstport": "80", + "tcp.port": "47455", + "tcp.port": "80", + "tcp.stream": "94", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000006d4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1886", + "tcp.analysis.ack_rtt": "0.004336000", + "tcp.analysis.initial_rtt": "0.004882000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:20.373508000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494060.373508000", + "frame.time_delta": "0.000131000", + "frame.time_delta_displayed": "0.000131000", + "frame.time_relative": "468.912822000", + "frame.number": "1888", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000045c7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007202", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47455", + "tcp.dstport": "80", + "tcp.port": "47455", + "tcp.port": "80", + "tcp.stream": "94", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000664e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004882000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:20.373915000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494060.373915000", + "frame.time_delta": "0.000407000", + "frame.time_delta_displayed": "0.000407000", + "frame.time_relative": "468.913229000", + "frame.number": "1889", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000abbd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000ccc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47455", + "tcp.port": "80", + "tcp.port": "47455", + "tcp.stream": "94", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f8a2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1888", + "tcp.analysis.ack_rtt": "0.000407000", + "tcp.analysis.initial_rtt": "0.004882000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:20.374712000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494060.374712000", + "frame.time_delta": "0.000797000", + "frame.time_delta_displayed": "0.000797000", + "frame.time_relative": "468.914026000", + "frame.number": "1890", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000abbe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000cba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47455", + "tcp.port": "80", + "tcp.port": "47455", + "tcp.stream": "94", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000038c4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004882000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:20.375066000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494060.375066000", + "frame.time_delta": "0.000354000", + "frame.time_delta_displayed": "0.000354000", + "frame.time_relative": "468.914380000", + "frame.number": "1891", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000abbf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000008e7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47455", + "tcp.port": "80", + "tcp.port": "47455", + "tcp.stream": "94", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008b2d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004882000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1890", + "tcp.segment": "1891", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001558000", + "http.request_in": "1888", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:20.378342000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494060.378342000", + "frame.time_delta": "0.003276000", + "frame.time_delta_displayed": "0.003276000", + "frame.time_relative": "468.917656000", + "frame.number": "1892", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000045c8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000072c1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47455", + "tcp.dstport": "80", + "tcp.port": "47455", + "tcp.port": "80", + "tcp.stream": "94", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000603", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1890", + "tcp.analysis.ack_rtt": "0.003630000", + "tcp.analysis.initial_rtt": "0.004882000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:20.379645000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494060.379645000", + "frame.time_delta": "0.001303000", + "frame.time_delta_displayed": "0.001303000", + "frame.time_relative": "468.918959000", + "frame.number": "1893", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000045c9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000072c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47455", + "tcp.dstport": "80", + "tcp.port": "47455", + "tcp.port": "80", + "tcp.stream": "94", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000218", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1891", + "tcp.analysis.ack_rtt": "0.004579000", + "tcp.analysis.initial_rtt": "0.004882000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:20.383999000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494060.383999000", + "frame.time_delta": "0.004354000", + "frame.time_delta_displayed": "0.004354000", + "frame.time_relative": "468.923313000", + "frame.number": "1894", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000045ca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000072bf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47455", + "tcp.dstport": "80", + "tcp.port": "47455", + "tcp.port": "80", + "tcp.stream": "94", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000217", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:20.384426000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494060.384426000", + "frame.time_delta": "0.000427000", + "frame.time_delta_displayed": "0.000427000", + "frame.time_relative": "468.923740000", + "frame.number": "1895", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000daf0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dd98", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47455", + "tcp.port": "80", + "tcp.port": "47455", + "tcp.stream": "94", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f4ac", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1894", + "tcp.analysis.ack_rtt": "0.000427000", + "tcp.analysis.initial_rtt": "0.004882000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:20.387964000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494060.387964000", + "frame.time_delta": "0.003538000", + "frame.time_delta_displayed": "0.003538000", + "frame.time_relative": "468.927278000", + "frame.number": "1896", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000eafb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cd8d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47455", + "tcp.dstport": "80", + "tcp.port": "47455", + "tcp.port": "80", + "tcp.stream": "94", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000024b1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:23.708322000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494063.708322000", + "frame.time_delta": "3.320358000", + "frame.time_delta_displayed": "3.320358000", + "frame.time_relative": "472.247636000", + "frame.number": "1897", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x0000951a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007834", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "8590", + "tcp.nxtseq": "8639", + "tcp.ack": "1331", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002b4d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:69:65:a7:9c:aa:35", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2451813, TSecr 2812062261": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2451813", + "tcp.options.timestamp.tsecr": "2812062261" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:b3:10:88:5c:74:5d:93:87:81:db:4e:86:a8:3d:a4:75:57:6e:80:db:16:00:cc:f5:37:ba:a4:b8:e5:ac:35:4d:34:9f:8a:ec:6d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:23.769079000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494063.769079000", + "frame.time_delta": "0.060757000", + "frame.time_delta_displayed": "0.060757000", + "frame.time_relative": "472.308393000", + "frame.number": "1898", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002c0e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000393a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "1331", + "tcp.nxtseq": "1386", + "tcp.ack": "8639", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000014e9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9c:c8:92:00:25:69:65", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812070034, TSecr 2451813": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812070034", + "tcp.options.timestamp.tsecr": "2451813" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1897", + "tcp.analysis.ack_rtt": "0.060757000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:41:63:39:6b:ad:f9:0b:7f:29:ca:1e:5d:66:e4:dd:89:f4:cc:fd:6b:0f:42:b0:d4:32:6c:48:f0:f6:2e:3f:b5:0f:95:8c:42:08:71:ce:a8:de:5d:4c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:23.769517000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494063.769517000", + "frame.time_delta": "0.000438000", + "frame.time_delta_displayed": "0.000438000", + "frame.time_relative": "472.308831000", + "frame.number": "1899", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000951b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007864", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8639", + "tcp.ack": "1386", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004e7a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:69:6b:a7:9c:c8:92", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2451819, TSecr 2812070034": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2451819", + "tcp.options.timestamp.tsecr": "2812070034" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1898", + "tcp.analysis.ack_rtt": "0.000438000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:28.852524000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494068.852524000", + "frame.time_delta": "5.083007000", + "frame.time_delta_displayed": "5.083007000", + "frame.time_relative": "477.391838000", + "frame.number": "1900", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:29.562019000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494069.562019000", + "frame.time_delta": "0.709495000", + "frame.time_delta_displayed": "0.709495000", + "frame.time_relative": "478.101333000", + "frame.number": "1901", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:30.805566000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494070.805566000", + "frame.time_delta": "1.243547000", + "frame.time_delta_displayed": "1.243547000", + "frame.time_relative": "479.344880000", + "frame.number": "1902", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x0000951c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007703", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "8639", + "tcp.nxtseq": "8991", + "tcp.ack": "1386", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000087da", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:6c:2b:a7:9c:c8:92", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2452523, TSecr 2812070034": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2452523", + "tcp.options.timestamp.tsecr": "2812070034" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "352", + "tcp.analysis.push_bytes_sent": "352" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "347", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:b4:1a:27:9e:f1:dc:4d:f3:1f:19:39:15:cf:be:64:a1:86:29:b1:9f:6f:f0:46:03:92:03:33:33:18:cb:7f:2a:7b:5d:ce:cd:79:43:03:2e:43:a2:79:59:9a:15:58:9c:44:9d:4c:fc:43:94:4a:c4:63:99:70:2f:67:36:1a:49:8f:77:0e:13:59:fd:30:b5:3c:d7:57:cd:7d:e1:0d:b8:18:40:72:c4:2e:c1:d9:df:6a:8e:71:ef:98:b3:ae:d9:cf:ba:0b:48:61:1d:67:ec:a9:36:ac:f8:52:4b:a9:d6:c6:1e:31:5e:b3:c6:34:d9:a7:37:72:58:f1:46:57:26:4d:37:75:a6:57:97:96:41:ef:56:b2:ab:95:74:2f:c5:e5:8d:c3:6e:2a:7f:c1:e4:48:65:39:ba:3e:aa:43:0c:1b:67:f8:7e:b6:bf:73:f3:10:0a:d0:81:6f:6c:0f:e6:be:b4:a6:8a:9c:1e:3d:a1:41:52:44:89:6c:57:79:5c:8e:ec:7d:01:b0:19:28:1f:be:e2:eb:06:ef:90:6b:58:cd:f1:dc:0a:26:f4:3a:e7:3e:d7:e4:ce:93:bb:cc:91:f7:cf:83:63:ff:f0:47:3a:9d:c2:d3:0e:5d:bd:59:f3:2e:b9:dd:29:b2:86:e5:b6:8f:3b:89:8d:6c:fb:26:b3:a7:24:6f:35:2f:49:1e:a5:d9:1c:11:c8:49:75:bc:0c:32:ee:2f:cc:25:3e:39:b0:39:60:a9:9c:5d:33:7f:31:d1:4c:20:60:73:b5:20:f4:14:b7:83:76:44:6d:31:a3:74:7b:52:89:ee:2e:c8:d3:a3:1a:5f:a9:a8:e2:3d:55:40:4b:89:a8:5f:17:94:80:d2:72:f1:d6:4d:4c:4f:72:4f:2e:8c:aa" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:30.866667000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494070.866667000", + "frame.time_delta": "0.061101000", + "frame.time_delta_displayed": "0.061101000", + "frame.time_relative": "479.405981000", + "frame.number": "1903", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002c0f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003941", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "1386", + "tcp.nxtseq": "1433", + "tcp.ack": "8991", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d8fe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9c:cf:81:00:25:6c:2b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812071809, TSecr 2452523": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812071809", + "tcp.options.timestamp.tsecr": "2452523" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1902", + "tcp.analysis.ack_rtt": "0.061101000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:42:a8:3c:d2:a6:96:35:20:59:9d:e0:55:ea:ae:17:1c:49:6b:21:13:25:6d:d1:7e:59:fd:78:19:ac:fb:3d:cf:f5:26:50" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:30.867104000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494070.867104000", + "frame.time_delta": "0.000437000", + "frame.time_delta_displayed": "0.000437000", + "frame.time_relative": "479.406418000", + "frame.number": "1904", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000951d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007862", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8991", + "tcp.ack": "1433", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004336", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:6c:31:a7:9c:cf:81", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2452529, TSecr 2812071809": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2452529", + "tcp.options.timestamp.tsecr": "2812071809" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1903", + "tcp.analysis.ack_rtt": "0.000437000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:34.420661000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494074.420661000", + "frame.time_delta": "3.553557000", + "frame.time_delta_displayed": "3.553557000", + "frame.time_relative": "482.959975000", + "frame.number": "1905", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057e2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6af", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "161", + "tcp.ack": "145", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000058f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:34.563675000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494074.563675000", + "frame.time_delta": "0.143014000", + "frame.time_delta_displayed": "0.143014000", + "frame.time_relative": "483.102989000", + "frame.number": "1906", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fd3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdbe", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "145", + "tcp.ack": "162", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001004", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:34.972746000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494074.972746000", + "frame.time_delta": "0.409071000", + "frame.time_delta_displayed": "0.409071000", + "frame.time_relative": "483.512060000", + "frame.number": "1907", + "frame.len": "103", + "frame.cap_len": "103", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "89", + "ip.id": "0x000006f2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000d2a7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "69", + "udp.checksum": "0x00000f59", + "udp.checksum.status": "2", + "udp.stream": "38" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", + "dns.qry.name.len": "37", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:35.573331000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494075.573331000", + "frame.time_delta": "0.600585000", + "frame.time_delta_displayed": "0.600585000", + "frame.time_relative": "484.112645000", + "frame.number": "1908", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d55", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba9b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000a9a", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000269", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=617", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:35.576023000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494075.576023000", + "frame.time_delta": "0.002692000", + "frame.time_delta_displayed": "0.002692000", + "frame.time_relative": "484.115337000", + "frame.number": "1909", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d56", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b96", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000eb95", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000269", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=617", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:35.576478000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494075.576478000", + "frame.time_delta": "0.000455000", + "frame.time_delta_displayed": "0.000455000", + "frame.time_relative": "484.115792000", + "frame.number": "1910", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000795b", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000269", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=617", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:36.174789000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494076.174789000", + "frame.time_delta": "0.598311000", + "frame.time_delta_displayed": "0.598311000", + "frame.time_relative": "484.714103000", + "frame.number": "1911", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005ba4", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005c45", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:40.574155000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494080.574155000", + "frame.time_delta": "4.399366000", + "frame.time_delta_displayed": "4.399366000", + "frame.time_relative": "489.113469000", + "frame.number": "1912", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d57", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba99", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000a9a", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000269", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=617", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:40.574673000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494080.574673000", + "frame.time_delta": "0.000518000", + "frame.time_delta_displayed": "0.000518000", + "frame.time_relative": "489.113987000", + "frame.number": "1913", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d58", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b94", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000eb95", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000269", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=617", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:40.574967000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494080.574967000", + "frame.time_delta": "0.000294000", + "frame.time_delta_displayed": "0.000294000", + "frame.time_relative": "489.114281000", + "frame.number": "1914", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000795b", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000269", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=617", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:41.430208000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494081.430208000", + "frame.time_delta": "0.855241000", + "frame.time_delta_displayed": "0.855241000", + "frame.time_relative": "489.969522000", + "frame.number": "1915", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:41.454567000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494081.454567000", + "frame.time_delta": "0.024359000", + "frame.time_delta_displayed": "0.024359000", + "frame.time_relative": "489.993881000", + "frame.number": "1916", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:45.574652000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494085.574652000", + "frame.time_delta": "4.120085000", + "frame.time_delta_displayed": "4.120085000", + "frame.time_relative": "494.113966000", + "frame.number": "1917", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d59", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba97", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000a9a", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000269", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=617", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:45.575411000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494085.575411000", + "frame.time_delta": "0.000759000", + "frame.time_delta_displayed": "0.000759000", + "frame.time_relative": "494.114725000", + "frame.number": "1918", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d5a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b92", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000eb95", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000269", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=617", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:45.575795000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494085.575795000", + "frame.time_delta": "0.000384000", + "frame.time_delta_displayed": "0.000384000", + "frame.time_relative": "494.115109000", + "frame.number": "1919", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000795b", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000269", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=617", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:52.307571000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494092.307571000", + "frame.time_delta": "6.731776000", + "frame.time_delta_displayed": "6.731776000", + "frame.time_relative": "500.846885000", + "frame.number": "1920", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:57:18:8e:aa:94", + "arp.src.proto_ipv4": "192.168.0.108", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:54.088494000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494094.088494000", + "frame.time_delta": "1.780923000", + "frame.time_delta_displayed": "1.780923000", + "frame.time_relative": "502.627808000", + "frame.number": "1921", + "frame.len": "145", + "frame.cap_len": "145", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "131", + "ip.id": "0x0000951e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007812", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "79", + "tcp.seq": "8991", + "tcp.nxtseq": "9070", + "tcp.ack": "1433", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006dbd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:75:44:a7:9c:cf:81", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2454852, TSecr 2812071809": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2454852", + "tcp.options.timestamp.tsecr": "2812071809" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "79", + "tcp.analysis.push_bytes_sent": "79" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "74", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:b5:8e:33:62:a0:f3:ad:b0:1c:f5:d9:63:a1:47:c5:5b:2a:95:18:5d:ea:33:d9:9b:cc:e5:64:7d:17:fa:50:c6:68:96:31:a5:5f:db:46:ef:50:f3:a9:cb:b0:73:3d:f1:45:4c:0a:85:be:a7:c7:9f:98:e5:7e:88:f4:f8:f9:4a:74:82:fc" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:54.149521000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494094.149521000", + "frame.time_delta": "0.061027000", + "frame.time_delta_displayed": "0.061027000", + "frame.time_relative": "502.688835000", + "frame.number": "1922", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002c10", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003940", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "1433", + "tcp.nxtseq": "1480", + "tcp.ack": "9070", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004f48", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9c:e6:3d:00:25:75:44", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812077629, TSecr 2454852": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812077629", + "tcp.options.timestamp.tsecr": "2454852" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1921", + "tcp.analysis.ack_rtt": "0.061027000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:43:d0:b8:05:8c:ac:28:26:7c:41:b3:1e:8b:4d:73:6f:c3:73:2a:9b:4f:dc:c3:d1:60:36:6f:b3:32:26:22:47:ac:eb:b2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:54.150016000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494094.150016000", + "frame.time_delta": "0.000495000", + "frame.time_delta_displayed": "0.000495000", + "frame.time_relative": "502.689330000", + "frame.number": "1923", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000951f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007860", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9070", + "tcp.ack": "1480", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000022e3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:75:4a:a7:9c:e6:3d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2454858, TSecr 2812077629": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2454858", + "tcp.options.timestamp.tsecr": "2812077629" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1922", + "tcp.analysis.ack_rtt": "0.000495000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:54.986002000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494094.986002000", + "frame.time_delta": "0.835986000", + "frame.time_delta_displayed": "0.835986000", + "frame.time_relative": "503.525316000", + "frame.number": "1924", + "frame.len": "103", + "frame.cap_len": "103", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "89", + "ip.id": "0x00000a07", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000cf92", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "69", + "udp.checksum": "0x00000f59", + "udp.checksum.status": "2", + "udp.stream": "38" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", + "dns.qry.name.len": "37", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:55.213103000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494095.213103000", + "frame.time_delta": "0.227101000", + "frame.time_delta_displayed": "0.227101000", + "frame.time_relative": "503.752417000", + "frame.number": "1925", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00000aa5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ee13", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "56", + "udp.checksum": "0x0000a611", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "30:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:04:f5:8b:96:e1:cc:f2:14:21:00:00:00:01:00:00:00:01:00:00:00:06:00:00:00", + "data.len": "48" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:59.150232000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494099.150232000", + "frame.time_delta": "3.937129000", + "frame.time_delta_displayed": "3.937129000", + "frame.time_relative": "507.689546000", + "frame.number": "1926", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:54:59.150664000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494099.150664000", + "frame.time_delta": "0.000432000", + "frame.time_delta_displayed": "0.000432000", + "frame.time_relative": "507.689978000", + "frame.number": "1927", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:04.560628000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494104.560628000", + "frame.time_delta": "5.409964000", + "frame.time_delta_displayed": "5.409964000", + "frame.time_relative": "513.099942000", + "frame.number": "1928", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057e3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6ae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "161", + "tcp.ack": "145", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000058f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:04.703654000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494104.703654000", + "frame.time_delta": "0.143026000", + "frame.time_delta_displayed": "0.143026000", + "frame.time_relative": "513.242968000", + "frame.number": "1929", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fd4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdbd", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "145", + "tcp.ack": "162", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001004", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:06.176984000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494106.176984000", + "frame.time_delta": "1.473330000", + "frame.time_delta_displayed": "1.473330000", + "frame.time_relative": "514.716298000", + "frame.number": "1930", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005bab", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005c3e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:09.570563000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494109.570563000", + "frame.time_delta": "3.393579000", + "frame.time_delta_displayed": "3.393579000", + "frame.time_relative": "518.109877000", + "frame.number": "1931", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:09.570745000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494109.570745000", + "frame.time_delta": "0.000182000", + "frame.time_delta_displayed": "0.000182000", + "frame.time_relative": "518.110059000", + "frame.number": "1932", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:09.870662000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494109.870662000", + "frame.time_delta": "0.299917000", + "frame.time_delta_displayed": "0.299917000", + "frame.time_relative": "518.409976000", + "frame.number": "1933", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00007f7a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000049dd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:09.891649000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494109.891649000", + "frame.time_delta": "0.020987000", + "frame.time_delta_displayed": "0.020987000", + "frame.time_relative": "518.430963000", + "frame.number": "1934", + "frame.len": "213", + "frame.cap_len": "213", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "199", + "ip.id": "0x00009520", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077cc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "147", + "tcp.seq": "9070", + "tcp.nxtseq": "9217", + "tcp.ack": "1480", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cd8b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:7b:70:a7:9c:e6:3d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2456432, TSecr 2812077629": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2456432", + "tcp.options.timestamp.tsecr": "2812077629" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "147", + "tcp.analysis.push_bytes_sent": "147" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "142", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:b6:86:b2:3d:9f:50:cf:29:b9:fd:37:87:89:cc:f6:10:d4:2c:94:e1:06:c6:97:81:34:83:2b:a7:f1:40:2c:46:72:ba:ca:3a:75:ac:a6:cc:c1:a7:ff:7d:cd:4a:47:e6:54:4b:aa:3f:c5:0a:57:7d:d6:9e:ff:0d:8c:83:76:f0:c9:e0:11:ab:03:37:27:79:bb:20:6a:0e:23:48:2d:70:bc:6a:9f:49:a6:23:4e:b0:7a:2f:22:0d:08:29:04:79:1b:e4:18:dd:8d:38:e6:43:39:70:9b:b6:8a:41:4f:7f:2e:18:2c:24:34:f6:ea:48:f6:c0:50:bc:83:68:86:23:b7:da:6b:d9:29:ec:14" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:09.899927000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494109.899927000", + "frame.time_delta": "0.008278000", + "frame.time_delta_displayed": "0.008278000", + "frame.time_relative": "518.439241000", + "frame.number": "1935", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000b098", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000007dd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47459", + "tcp.dstport": "80", + "tcp.port": "47459", + "tcp.port": "80", + "tcp.stream": "95", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x000075a0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:1d:f6:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 925174, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "925174", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:09.900476000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494109.900476000", + "frame.time_delta": "0.000549000", + "frame.time_delta_displayed": "0.000549000", + "frame.time_relative": "518.439790000", + "frame.number": "1936", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47459", + "tcp.port": "80", + "tcp.port": "47459", + "tcp.stream": "95", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00002a47", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1935", + "tcp.analysis.ack_rtt": "0.000549000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:09.905435000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494109.905435000", + "frame.time_delta": "0.004959000", + "frame.time_delta_displayed": "0.004959000", + "frame.time_relative": "518.444749000", + "frame.number": "1937", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b099", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000007f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47459", + "tcp.dstport": "80", + "tcp.port": "47459", + "tcp.port": "80", + "tcp.stream": "95", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000dbce", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1936", + "tcp.analysis.ack_rtt": "0.004959000", + "tcp.analysis.initial_rtt": "0.005508000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:09.906178000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494109.906178000", + "frame.time_delta": "0.000743000", + "frame.time_delta_displayed": "0.000743000", + "frame.time_relative": "518.445492000", + "frame.number": "1938", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000b09a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000072f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47459", + "tcp.dstport": "80", + "tcp.port": "47459", + "tcp.port": "80", + "tcp.stream": "95", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003b49", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005508000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:09.906656000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494109.906656000", + "frame.time_delta": "0.000478000", + "frame.time_delta_displayed": "0.000478000", + "frame.time_relative": "518.445970000", + "frame.number": "1939", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000093ab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000024de", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47459", + "tcp.port": "80", + "tcp.port": "47459", + "tcp.stream": "95", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000cd9d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1938", + "tcp.analysis.ack_rtt": "0.000478000", + "tcp.analysis.initial_rtt": "0.005508000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:09.907300000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494109.907300000", + "frame.time_delta": "0.000644000", + "frame.time_delta_displayed": "0.000644000", + "frame.time_relative": "518.446614000", + "frame.number": "1940", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000093ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000024cc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47459", + "tcp.port": "80", + "tcp.port": "47459", + "tcp.stream": "95", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000dbf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005508000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:09.907705000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494109.907705000", + "frame.time_delta": "0.000405000", + "frame.time_delta_displayed": "0.000405000", + "frame.time_relative": "518.447019000", + "frame.number": "1941", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000093ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000020f9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47459", + "tcp.port": "80", + "tcp.port": "47459", + "tcp.stream": "95", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006028", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005508000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1940", + "tcp.segment": "1941", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001527000", + "http.request_in": "1938", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:09.913508000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494109.913508000", + "frame.time_delta": "0.005803000", + "frame.time_delta_displayed": "0.005803000", + "frame.time_relative": "518.452822000", + "frame.number": "1942", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b09b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000007ee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47459", + "tcp.dstport": "80", + "tcp.port": "47459", + "tcp.port": "80", + "tcp.stream": "95", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000dafd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1940", + "tcp.analysis.ack_rtt": "0.006208000", + "tcp.analysis.initial_rtt": "0.005508000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:09.923956000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494109.923956000", + "frame.time_delta": "0.010448000", + "frame.time_delta_displayed": "0.010448000", + "frame.time_relative": "518.463270000", + "frame.number": "1943", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00007f7e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000049d9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:09.976896000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494109.976896000", + "frame.time_delta": "0.052940000", + "frame.time_delta_displayed": "0.052940000", + "frame.time_relative": "518.516210000", + "frame.number": "1944", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00007f80", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000049ce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:09.990271000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494109.990271000", + "frame.time_delta": "0.013375000", + "frame.time_delta_displayed": "0.013375000", + "frame.time_relative": "518.529585000", + "frame.number": "1945", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c11", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000396e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "1480", + "tcp.ack": "9217", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000da0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9c:f5:b6:00:25:7b:70", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812081590, TSecr 2456432": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812081590", + "tcp.options.timestamp.tsecr": "2456432" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1934", + "tcp.analysis.ack_rtt": "0.098622000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.000565000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.000565000", + "frame.time_delta": "0.010294000", + "frame.time_delta_displayed": "0.010294000", + "frame.time_relative": "518.539879000", + "frame.number": "1946", + "frame.len": "196", + "frame.cap_len": "196", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "182", + "ip.id": "0x00009521", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "130", + "tcp.seq": "9217", + "tcp.nxtseq": "9347", + "tcp.ack": "1480", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f095", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:7b:7b:a7:9c:f5:b6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2456443, TSecr 2812081590": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2456443", + "tcp.options.timestamp.tsecr": "2812081590" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "130", + "tcp.analysis.push_bytes_sent": "130" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "125", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:b7:51:20:c9:f4:cf:a2:ec:9a:ca:ce:f3:ea:e7:30:e5:b8:c3:74:5c:3a:94:1b:f0:e2:7a:eb:a0:79:d5:84:7f:b2:25:d4:27:6f:17:87:eb:41:21:01:78:3e:f0:9c:1b:34:49:cf:06:f3:3b:0e:92:14:29:cc:a3:7b:fc:48:6c:e1:8a:72:17:13:e5:a4:98:b2:20:19:ec:17:08:1c:29:b0:32:75:49:31:57:1e:70:ea:7d:c6:26:26:38:8c:ac:27:59:d2:d4:54:dc:02:6c:df:9a:8d:ff:77:37:31:7c:72:95:37:b8:47:68" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.029745000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.029745000", + "frame.time_delta": "0.029180000", + "frame.time_delta_displayed": "0.029180000", + "frame.time_relative": "518.569059000", + "frame.number": "1947", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00007f83", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000049cb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.060789000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.060789000", + "frame.time_delta": "0.031044000", + "frame.time_delta_displayed": "0.031044000", + "frame.time_relative": "518.600103000", + "frame.number": "1948", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c12", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000396d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "1480", + "tcp.ack": "9347", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000d02", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9c:f5:c7:00:25:7b:7b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812081607, TSecr 2456443": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812081607", + "tcp.options.timestamp.tsecr": "2456443" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1946", + "tcp.analysis.ack_rtt": "0.060224000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.082579000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.082579000", + "frame.time_delta": "0.021790000", + "frame.time_delta_displayed": "0.021790000", + "frame.time_relative": "518.621893000", + "frame.number": "1949", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00007f88", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000049cc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.100474000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.100474000", + "frame.time_delta": "0.017895000", + "frame.time_delta_displayed": "0.017895000", + "frame.time_relative": "518.639788000", + "frame.number": "1950", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b09c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000007ed", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47459", + "tcp.dstport": "80", + "tcp.port": "47459", + "tcp.port": "80", + "tcp.stream": "95", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d712", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1941", + "tcp.analysis.ack_rtt": "0.192769000", + "tcp.analysis.initial_rtt": "0.005508000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.100526000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.100526000", + "frame.time_delta": "0.000052000", + "frame.time_delta_displayed": "0.000052000", + "frame.time_relative": "518.639840000", + "frame.number": "1951", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b09d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000007ec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47459", + "tcp.dstport": "80", + "tcp.port": "47459", + "tcp.port": "80", + "tcp.stream": "95", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d711", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.101063000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.101063000", + "frame.time_delta": "0.000537000", + "frame.time_delta_displayed": "0.000537000", + "frame.time_relative": "518.640377000", + "frame.number": "1952", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e0b5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d7d3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47459", + "tcp.port": "80", + "tcp.port": "47459", + "tcp.stream": "95", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c9a7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1951", + "tcp.analysis.ack_rtt": "0.000537000", + "tcp.analysis.initial_rtt": "0.005508000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.101278000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.101278000", + "frame.time_delta": "0.000215000", + "frame.time_delta_displayed": "0.000215000", + "frame.time_relative": "518.640592000", + "frame.number": "1953", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000011e8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a68d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47460", + "tcp.dstport": "80", + "tcp.port": "47460", + "tcp.port": "80", + "tcp.stream": "96", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00001a18", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:1e:0a:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 925194, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "925194", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.101745000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.101745000", + "frame.time_delta": "0.000467000", + "frame.time_delta_displayed": "0.000467000", + "frame.time_relative": "518.641059000", + "frame.number": "1954", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47460", + "tcp.port": "80", + "tcp.port": "47460", + "tcp.stream": "96", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000803d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1953", + "tcp.analysis.ack_rtt": "0.000467000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.106948000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.106948000", + "frame.time_delta": "0.005203000", + "frame.time_delta_displayed": "0.005203000", + "frame.time_relative": "518.646262000", + "frame.number": "1955", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f019", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c86f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47459", + "tcp.dstport": "80", + "tcp.port": "47459", + "tcp.port": "80", + "tcp.stream": "95", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000fac3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.107457000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.107457000", + "frame.time_delta": "0.000509000", + "frame.time_delta_displayed": "0.000509000", + "frame.time_relative": "518.646771000", + "frame.number": "1956", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000011e9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47460", + "tcp.dstport": "80", + "tcp.port": "47460", + "tcp.port": "80", + "tcp.stream": "96", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000031c5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1954", + "tcp.analysis.ack_rtt": "0.005712000", + "tcp.analysis.initial_rtt": "0.006179000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.108493000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.108493000", + "frame.time_delta": "0.001036000", + "frame.time_delta_displayed": "0.001036000", + "frame.time_relative": "518.647807000", + "frame.number": "1957", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000011ea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a5df", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47460", + "tcp.dstport": "80", + "tcp.port": "47460", + "tcp.port": "80", + "tcp.stream": "96", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000913f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006179000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.109207000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.109207000", + "frame.time_delta": "0.000714000", + "frame.time_delta_displayed": "0.000714000", + "frame.time_relative": "518.648521000", + "frame.number": "1958", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000023d2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000094b7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47460", + "tcp.port": "80", + "tcp.port": "47460", + "tcp.stream": "96", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002394", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1957", + "tcp.analysis.ack_rtt": "0.000714000", + "tcp.analysis.initial_rtt": "0.006179000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.109853000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.109853000", + "frame.time_delta": "0.000646000", + "frame.time_delta_displayed": "0.000646000", + "frame.time_relative": "518.649167000", + "frame.number": "1959", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000023d3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000094a5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47460", + "tcp.port": "80", + "tcp.port": "47460", + "tcp.stream": "96", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000063b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006179000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.110264000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.110264000", + "frame.time_delta": "0.000411000", + "frame.time_delta_displayed": "0.000411000", + "frame.time_relative": "518.649578000", + "frame.number": "1960", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000023d4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000090d2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47460", + "tcp.port": "80", + "tcp.port": "47460", + "tcp.stream": "96", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b61e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006179000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1959", + "tcp.segment": "1960", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001771000", + "http.request_in": "1957", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.110705000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.110705000", + "frame.time_delta": "0.000441000", + "frame.time_delta_displayed": "0.000441000", + "frame.time_relative": "518.650019000", + "frame.number": "1961", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000023d5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000090d1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47460", + "tcp.port": "80", + "tcp.port": "47460", + "tcp.stream": "96", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b61e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006179000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.113521000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.113521000", + "frame.time_delta": "0.002816000", + "frame.time_delta_displayed": "0.002816000", + "frame.time_relative": "518.652835000", + "frame.number": "1962", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000011eb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a69e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47460", + "tcp.dstport": "80", + "tcp.port": "47460", + "tcp.port": "80", + "tcp.stream": "96", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000030f4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1959", + "tcp.analysis.ack_rtt": "0.003668000", + "tcp.analysis.initial_rtt": "0.006179000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.116814000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.116814000", + "frame.time_delta": "0.003293000", + "frame.time_delta_displayed": "0.003293000", + "frame.time_relative": "518.656128000", + "frame.number": "1963", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000011ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a69d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47460", + "tcp.dstport": "80", + "tcp.port": "47460", + "tcp.port": "80", + "tcp.stream": "96", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002d09", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1960", + "tcp.analysis.ack_rtt": "0.006550000", + "tcp.analysis.initial_rtt": "0.006179000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.118392000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.118392000", + "frame.time_delta": "0.001578000", + "frame.time_delta_displayed": "0.001578000", + "frame.time_relative": "518.657706000", + "frame.number": "1964", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000011ed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a690", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47460", + "tcp.dstport": "80", + "tcp.port": "47460", + "tcp.port": "80", + "tcp.stream": "96", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000191b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:4e:4e:1e:ab:4e:4e:22:8f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006179000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "1963", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.118509000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.118509000", + "frame.time_delta": "0.000117000", + "frame.time_delta_displayed": "0.000117000", + "frame.time_relative": "518.657823000", + "frame.number": "1965", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000011ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a69b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47460", + "tcp.dstport": "80", + "tcp.port": "47460", + "tcp.port": "80", + "tcp.stream": "96", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002d08", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.118940000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.118940000", + "frame.time_delta": "0.000431000", + "frame.time_delta_displayed": "0.000431000", + "frame.time_relative": "518.658254000", + "frame.number": "1966", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e0b6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d7d2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47460", + "tcp.port": "80", + "tcp.port": "47460", + "tcp.stream": "96", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001f9e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1965", + "tcp.analysis.ack_rtt": "0.000431000", + "tcp.analysis.initial_rtt": "0.006179000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.123684000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.123684000", + "frame.time_delta": "0.004744000", + "frame.time_delta_displayed": "0.004744000", + "frame.time_relative": "518.662998000", + "frame.number": "1967", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f01a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c86e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47460", + "tcp.dstport": "80", + "tcp.port": "47460", + "tcp.port": "80", + "tcp.stream": "96", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009f4f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.136728000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.136728000", + "frame.time_delta": "0.013044000", + "frame.time_delta_displayed": "0.013044000", + "frame.time_relative": "518.676042000", + "frame.number": "1968", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00007f8c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000049c8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.305425000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.305425000", + "frame.time_delta": "0.168697000", + "frame.time_delta_displayed": "0.168697000", + "frame.time_relative": "518.844739000", + "frame.number": "1969", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000073f8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000447d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47461", + "tcp.dstport": "80", + "tcp.port": "47461", + "tcp.port": "80", + "tcp.stream": "97", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x000065b0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:1e:1f:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 925215, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "925215", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.305963000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.305963000", + "frame.time_delta": "0.000538000", + "frame.time_delta_displayed": "0.000538000", + "frame.time_relative": "518.845277000", + "frame.number": "1970", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47461", + "tcp.port": "80", + "tcp.port": "47461", + "tcp.stream": "97", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000d337", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1969", + "tcp.analysis.ack_rtt": "0.000538000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.310912000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.310912000", + "frame.time_delta": "0.004949000", + "frame.time_delta_displayed": "0.004949000", + "frame.time_relative": "518.850226000", + "frame.number": "1971", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000073f9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004490", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47461", + "tcp.dstport": "80", + "tcp.port": "47461", + "tcp.port": "80", + "tcp.stream": "97", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000084bf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1970", + "tcp.analysis.ack_rtt": "0.004949000", + "tcp.analysis.initial_rtt": "0.005487000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.311367000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.311367000", + "frame.time_delta": "0.000455000", + "frame.time_delta_displayed": "0.000455000", + "frame.time_relative": "518.850681000", + "frame.number": "1972", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000073fa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000043cf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47461", + "tcp.dstport": "80", + "tcp.port": "47461", + "tcp.port": "80", + "tcp.stream": "97", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e439", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005487000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.311831000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.311831000", + "frame.time_delta": "0.000464000", + "frame.time_delta_displayed": "0.000464000", + "frame.time_relative": "518.851145000", + "frame.number": "1973", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000639f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000054ea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47461", + "tcp.port": "80", + "tcp.port": "47461", + "tcp.stream": "97", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000768e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1972", + "tcp.analysis.ack_rtt": "0.000464000", + "tcp.analysis.initial_rtt": "0.005487000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.312505000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.312505000", + "frame.time_delta": "0.000674000", + "frame.time_delta_displayed": "0.000674000", + "frame.time_relative": "518.851819000", + "frame.number": "1974", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000063a0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000054d8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47461", + "tcp.port": "80", + "tcp.port": "47461", + "tcp.stream": "97", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b6af", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005487000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.312859000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.312859000", + "frame.time_delta": "0.000354000", + "frame.time_delta_displayed": "0.000354000", + "frame.time_relative": "518.852173000", + "frame.number": "1975", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000063a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005105", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47461", + "tcp.port": "80", + "tcp.port": "47461", + "tcp.stream": "97", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000919", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005487000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "1974", + "tcp.segment": "1975", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001492000", + "http.request_in": "1972", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.316612000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.316612000", + "frame.time_delta": "0.003753000", + "frame.time_delta_displayed": "0.003753000", + "frame.time_relative": "518.855926000", + "frame.number": "1976", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000073fb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000448e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47461", + "tcp.dstport": "80", + "tcp.port": "47461", + "tcp.port": "80", + "tcp.stream": "97", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000083ee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1974", + "tcp.analysis.ack_rtt": "0.004107000", + "tcp.analysis.initial_rtt": "0.005487000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.320246000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.320246000", + "frame.time_delta": "0.003634000", + "frame.time_delta_displayed": "0.003634000", + "frame.time_relative": "518.859560000", + "frame.number": "1977", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000073fc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000448d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47461", + "tcp.dstport": "80", + "tcp.port": "47461", + "tcp.port": "80", + "tcp.stream": "97", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008003", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1975", + "tcp.analysis.ack_rtt": "0.007387000", + "tcp.analysis.initial_rtt": "0.005487000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.323420000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.323420000", + "frame.time_delta": "0.003174000", + "frame.time_delta_displayed": "0.003174000", + "frame.time_relative": "518.862734000", + "frame.number": "1978", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000073fd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000448c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47461", + "tcp.dstport": "80", + "tcp.port": "47461", + "tcp.port": "80", + "tcp.stream": "97", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008002", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.323888000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.323888000", + "frame.time_delta": "0.000468000", + "frame.time_delta_displayed": "0.000468000", + "frame.time_relative": "518.863202000", + "frame.number": "1979", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e0c0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d7c8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47461", + "tcp.port": "80", + "tcp.port": "47461", + "tcp.stream": "97", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007298", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1978", + "tcp.analysis.ack_rtt": "0.000468000", + "tcp.analysis.initial_rtt": "0.005487000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:10.328373000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494110.328373000", + "frame.time_delta": "0.004485000", + "frame.time_delta_displayed": "0.004485000", + "frame.time_relative": "518.867687000", + "frame.number": "1980", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f01d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c86b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47461", + "tcp.dstport": "80", + "tcp.port": "47461", + "tcp.port": "80", + "tcp.stream": "97", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000eafc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:11.501924000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494111.501924000", + "frame.time_delta": "1.173551000", + "frame.time_delta_displayed": "1.173551000", + "frame.time_relative": "520.041238000", + "frame.number": "1981", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:14.986178000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494114.986178000", + "frame.time_delta": "3.484254000", + "frame.time_delta_displayed": "3.484254000", + "frame.time_relative": "523.525492000", + "frame.number": "1982", + "frame.len": "103", + "frame.cap_len": "103", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "89", + "ip.id": "0x00000ae1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ceb8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "69", + "udp.checksum": "0x00000f59", + "udp.checksum.status": "2", + "udp.stream": "38" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", + "dns.qry.name.len": "37", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:25.169710000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494125.169710000", + "frame.time_delta": "10.183532000", + "frame.time_delta_displayed": "10.183532000", + "frame.time_relative": "533.709024000", + "frame.number": "1983", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009522", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000782c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "9347", + "tcp.nxtseq": "9396", + "tcp.ack": "1480", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bba0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:81:68:a7:9c:f5:c7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2457960, TSecr 2812081607": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2457960", + "tcp.options.timestamp.tsecr": "2812081607" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:b8:d4:03:22:24:9e:e1:8e:e6:69:58:16:4a:97:0a:25:63:d1:30:d0:31:e9:f3:cc:ac:a5:7c:d8:36:ac:59:f0:04:2c:09:2e:71" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:25.230141000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494125.230141000", + "frame.time_delta": "0.060431000", + "frame.time_delta_displayed": "0.060431000", + "frame.time_relative": "533.769455000", + "frame.number": "1984", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c13", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000396c", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "1480", + "tcp.ack": "9396", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f813", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:04:97:00:25:81:68", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812085399, TSecr 2457960": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812085399", + "tcp.options.timestamp.tsecr": "2457960" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1983", + "tcp.analysis.ack_rtt": "0.060431000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:25.230609000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494125.230609000", + "frame.time_delta": "0.000468000", + "frame.time_delta_displayed": "0.000468000", + "frame.time_relative": "533.769923000", + "frame.number": "1985", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002c14", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003934", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "1480", + "tcp.nxtseq": "1535", + "tcp.ack": "9396", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005ecc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:04:98:00:25:81:68", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812085400, TSecr 2457960": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812085400", + "tcp.options.timestamp.tsecr": "2457960" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:44:5c:6d:13:12:c7:4f:db:de:9a:ff:34:2d:cf:a2:4f:d2:aa:10:c8:18:06:74:01:af:56:5e:0d:5c:62:e7:3e:de:5c:99:e2:8d:66:e8:1c:7b:02:35" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:25.231000000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494125.231000000", + "frame.time_delta": "0.000391000", + "frame.time_delta_displayed": "0.000391000", + "frame.time_relative": "533.770314000", + "frame.number": "1986", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009523", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000785c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9396", + "tcp.ack": "1535", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f6e6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:81:6e:a7:9d:04:98", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2457966, TSecr 2812085400": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2457966", + "tcp.options.timestamp.tsecr": "2812085400" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1985", + "tcp.analysis.ack_rtt": "0.000391000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:25.731944000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494125.731944000", + "frame.time_delta": "0.500944000", + "frame.time_delta_displayed": "0.500944000", + "frame.time_relative": "534.271258000", + "frame.number": "1987", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:25.984144000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494125.984144000", + "frame.time_delta": "0.252200000", + "frame.time_delta_displayed": "0.252200000", + "frame.time_relative": "534.523458000", + "frame.number": "1988", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:26.008264000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494126.008264000", + "frame.time_delta": "0.024120000", + "frame.time_delta_displayed": "0.024120000", + "frame.time_relative": "534.547578000", + "frame.number": "1989", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:26.065095000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494126.065095000", + "frame.time_delta": "0.056831000", + "frame.time_delta_displayed": "0.056831000", + "frame.time_relative": "534.604409000", + "frame.number": "1990", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:26.098865000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494126.098865000", + "frame.time_delta": "0.033770000", + "frame.time_delta_displayed": "0.033770000", + "frame.time_relative": "534.638179000", + "frame.number": "1991", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:28.851840000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494128.851840000", + "frame.time_delta": "2.752975000", + "frame.time_delta_displayed": "2.752975000", + "frame.time_relative": "537.391154000", + "frame.number": "1992", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.441539000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.441539000", + "frame.time_delta": "1.589699000", + "frame.time_delta_displayed": "1.589699000", + "frame.time_relative": "538.980853000", + "frame.number": "1993", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x000020e2", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e762", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52117", + "udp.dstport": "1900", + "udp.port": "52117", + "udp.port": "1900", + "udp.length": "134", + "udp.checksum": "0x00004d48", + "udp.checksum.status": "2", + "udp.stream": "10" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "5", + "http.prev_request_in": "858" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.576925000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.576925000", + "frame.time_delta": "0.135386000", + "frame.time_delta_displayed": "0.135386000", + "frame.time_relative": "539.116239000", + "frame.number": "1994", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d60", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba90", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000999", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000026a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=618", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.577328000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.577328000", + "frame.time_delta": "0.000403000", + "frame.time_delta_displayed": "0.000403000", + "frame.time_relative": "539.116642000", + "frame.number": "1995", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d61", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b8b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ea94", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000026a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=618", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.577713000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.577713000", + "frame.time_delta": "0.000385000", + "frame.time_delta_displayed": "0.000385000", + "frame.time_relative": "539.117027000", + "frame.number": "1996", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000785a", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000026a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=618", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.901986000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.901986000", + "frame.time_delta": "0.324273000", + "frame.time_delta_displayed": "0.324273000", + "frame.time_relative": "539.441300000", + "frame.number": "1997", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005c06", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005b45", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "25", + "http.prev_response_in": "916" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.905199000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.905199000", + "frame.time_delta": "0.003213000", + "frame.time_delta_displayed": "0.003213000", + "frame.time_relative": "539.444513000", + "frame.number": "1998", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001941", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f26", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54541", + "tcp.dstport": "80", + "tcp.port": "54541", + "tcp.port": "80", + "tcp.stream": "98", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00008d9f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.905721000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.905721000", + "frame.time_delta": "0.000522000", + "frame.time_delta_displayed": "0.000522000", + "frame.time_relative": "539.445035000", + "frame.number": "1999", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54541", + "tcp.port": "80", + "tcp.port": "54541", + "tcp.stream": "98", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000a145", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "1998", + "tcp.analysis.ack_rtt": "0.000522000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.908574000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.908574000", + "frame.time_delta": "0.002853000", + "frame.time_delta_displayed": "0.002853000", + "frame.time_relative": "539.447888000", + "frame.number": "2000", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001942", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f31", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54541", + "tcp.dstport": "80", + "tcp.port": "54541", + "tcp.port": "80", + "tcp.stream": "98", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005324", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "1999", + "tcp.analysis.ack_rtt": "0.002853000", + "tcp.analysis.initial_rtt": "0.003375000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.909228000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.909228000", + "frame.time_delta": "0.000654000", + "frame.time_delta_displayed": "0.000654000", + "frame.time_relative": "539.448542000", + "frame.number": "2001", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001943", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e89", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54541", + "tcp.dstport": "80", + "tcp.port": "54541", + "tcp.port": "80", + "tcp.stream": "98", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000689d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003375000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.909795000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.909795000", + "frame.time_delta": "0.000567000", + "frame.time_delta_displayed": "0.000567000", + "frame.time_relative": "539.449109000", + "frame.number": "2002", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006d7c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004af7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54541", + "tcp.port": "80", + "tcp.port": "54541", + "tcp.stream": "98", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000044b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2001", + "tcp.analysis.ack_rtt": "0.000567000", + "tcp.analysis.initial_rtt": "0.003375000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.910363000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.910363000", + "frame.time_delta": "0.000568000", + "frame.time_delta_displayed": "0.000568000", + "frame.time_relative": "539.449677000", + "frame.number": "2003", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00006d7d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004ae5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54541", + "tcp.port": "80", + "tcp.port": "54541", + "tcp.stream": "98", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000084d6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003375000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.910850000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.910850000", + "frame.time_delta": "0.000487000", + "frame.time_delta_displayed": "0.000487000", + "frame.time_relative": "539.450164000", + "frame.number": "2004", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00006d7e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004712", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54541", + "tcp.port": "80", + "tcp.port": "54541", + "tcp.stream": "98", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d73f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003375000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "2003", + "tcp.segment": "2004", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001622000", + "http.request_in": "2001", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.912958000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.912958000", + "frame.time_delta": "0.002108000", + "frame.time_delta_displayed": "0.002108000", + "frame.time_relative": "539.452272000", + "frame.number": "2005", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001944", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f2f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54541", + "tcp.dstport": "80", + "tcp.port": "54541", + "tcp.port": "80", + "tcp.stream": "98", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004e8c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2004", + "tcp.analysis.ack_rtt": "0.002108000", + "tcp.analysis.initial_rtt": "0.003375000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.914174000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.914174000", + "frame.time_delta": "0.001216000", + "frame.time_delta_displayed": "0.001216000", + "frame.time_relative": "539.453488000", + "frame.number": "2006", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001946", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f2d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54541", + "tcp.dstport": "80", + "tcp.port": "54541", + "tcp.port": "80", + "tcp.stream": "98", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004e8b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.914625000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.914625000", + "frame.time_delta": "0.000451000", + "frame.time_delta_displayed": "0.000451000", + "frame.time_relative": "539.453939000", + "frame.number": "2007", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f3d3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c49f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54541", + "tcp.port": "80", + "tcp.port": "54541", + "tcp.stream": "98", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000040bf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2006", + "tcp.analysis.ack_rtt": "0.000451000", + "tcp.analysis.initial_rtt": "0.003375000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.954893000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.954893000", + "frame.time_delta": "0.040268000", + "frame.time_delta_displayed": "0.040268000", + "frame.time_relative": "539.494207000", + "frame.number": "2008", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005c0a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005b38", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "26", + "http.prev_response_in": "1997" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.964239000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.964239000", + "frame.time_delta": "0.009346000", + "frame.time_delta_displayed": "0.009346000", + "frame.time_relative": "539.503553000", + "frame.number": "2009", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001947", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f20", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54542", + "tcp.dstport": "80", + "tcp.port": "54542", + "tcp.port": "80", + "tcp.stream": "99", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00003b77", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.964780000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.964780000", + "frame.time_delta": "0.000541000", + "frame.time_delta_displayed": "0.000541000", + "frame.time_relative": "539.504094000", + "frame.number": "2010", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54542", + "tcp.port": "80", + "tcp.port": "54542", + "tcp.stream": "99", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00007f32", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2009", + "tcp.analysis.ack_rtt": "0.000541000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.967426000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.967426000", + "frame.time_delta": "0.002646000", + "frame.time_delta_displayed": "0.002646000", + "frame.time_relative": "539.506740000", + "frame.number": "2011", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001948", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f2b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54542", + "tcp.dstport": "80", + "tcp.port": "54542", + "tcp.port": "80", + "tcp.stream": "99", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003111", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2010", + "tcp.analysis.ack_rtt": "0.002646000", + "tcp.analysis.initial_rtt": "0.003187000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.968018000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.968018000", + "frame.time_delta": "0.000592000", + "frame.time_delta_displayed": "0.000592000", + "frame.time_relative": "539.507332000", + "frame.number": "2012", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001949", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e83", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54542", + "tcp.dstport": "80", + "tcp.port": "54542", + "tcp.port": "80", + "tcp.stream": "99", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000468a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003187000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.968490000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.968490000", + "frame.time_delta": "0.000472000", + "frame.time_delta_displayed": "0.000472000", + "frame.time_relative": "539.507804000", + "frame.number": "2013", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005b15", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005d5e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54542", + "tcp.port": "80", + "tcp.port": "54542", + "tcp.stream": "99", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000022a2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2012", + "tcp.analysis.ack_rtt": "0.000472000", + "tcp.analysis.initial_rtt": "0.003187000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.969127000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.969127000", + "frame.time_delta": "0.000637000", + "frame.time_delta_displayed": "0.000637000", + "frame.time_relative": "539.508441000", + "frame.number": "2014", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00005b16", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005d4c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54542", + "tcp.port": "80", + "tcp.port": "54542", + "tcp.stream": "99", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000062c3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003187000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.969488000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.969488000", + "frame.time_delta": "0.000361000", + "frame.time_delta_displayed": "0.000361000", + "frame.time_relative": "539.508802000", + "frame.number": "2015", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00005b17", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005979", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54542", + "tcp.port": "80", + "tcp.port": "54542", + "tcp.stream": "99", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b52c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003187000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "2014", + "tcp.segment": "2015", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001470000", + "http.request_in": "2012", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.970696000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.970696000", + "frame.time_delta": "0.001208000", + "frame.time_delta_displayed": "0.001208000", + "frame.time_relative": "539.510010000", + "frame.number": "2016", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00005b18", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005978", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54542", + "tcp.port": "80", + "tcp.port": "54542", + "tcp.stream": "99", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b52c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003187000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.971585000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.971585000", + "frame.time_delta": "0.000889000", + "frame.time_delta_displayed": "0.000889000", + "frame.time_relative": "539.510899000", + "frame.number": "2017", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000194a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f29", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54542", + "tcp.dstport": "80", + "tcp.port": "54542", + "tcp.port": "80", + "tcp.stream": "99", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002c79", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2015", + "tcp.analysis.ack_rtt": "0.002097000", + "tcp.analysis.initial_rtt": "0.003187000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.973989000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.973989000", + "frame.time_delta": "0.002404000", + "frame.time_delta_displayed": "0.002404000", + "frame.time_relative": "539.513303000", + "frame.number": "2018", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000194b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f28", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54542", + "tcp.dstport": "80", + "tcp.port": "54542", + "tcp.port": "80", + "tcp.stream": "99", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002c78", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.974430000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.974430000", + "frame.time_delta": "0.000441000", + "frame.time_delta_displayed": "0.000441000", + "frame.time_relative": "539.513744000", + "frame.number": "2019", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f3d6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c49c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54542", + "tcp.port": "80", + "tcp.port": "54542", + "tcp.stream": "99", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001eac", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2018", + "tcp.analysis.ack_rtt": "0.000441000", + "tcp.analysis.initial_rtt": "0.003187000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:30.975824000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494130.975824000", + "frame.time_delta": "0.001394000", + "frame.time_delta_displayed": "0.001394000", + "frame.time_relative": "539.515138000", + "frame.number": "2020", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000194c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f1b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54542", + "tcp.dstport": "80", + "tcp.port": "54542", + "tcp.port": "80", + "tcp.stream": "99", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006827", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:26:9f:1e:8c:26:9f:22:6f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003187000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "2017", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.007901000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.007901000", + "frame.time_delta": "0.032077000", + "frame.time_delta_displayed": "0.032077000", + "frame.time_relative": "539.547215000", + "frame.number": "2021", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00005c0e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005b3a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "27", + "http.prev_response_in": "2008" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.093016000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.093016000", + "frame.time_delta": "0.085115000", + "frame.time_delta_displayed": "0.085115000", + "frame.time_relative": "539.632330000", + "frame.number": "2022", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000194d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f1a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54543", + "tcp.dstport": "80", + "tcp.port": "54543", + "tcp.port": "80", + "tcp.stream": "100", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00006365", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.093561000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.093561000", + "frame.time_delta": "0.000545000", + "frame.time_delta_displayed": "0.000545000", + "frame.time_relative": "539.632875000", + "frame.number": "2023", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54543", + "tcp.port": "80", + "tcp.port": "54543", + "tcp.stream": "100", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000044e2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2022", + "tcp.analysis.ack_rtt": "0.000545000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.096389000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.096389000", + "frame.time_delta": "0.002828000", + "frame.time_delta_displayed": "0.002828000", + "frame.time_relative": "539.635703000", + "frame.number": "2024", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000194e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f25", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54543", + "tcp.dstport": "80", + "tcp.port": "54543", + "tcp.port": "80", + "tcp.stream": "100", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f6c0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2023", + "tcp.analysis.ack_rtt": "0.002828000", + "tcp.analysis.initial_rtt": "0.003373000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.096979000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.096979000", + "frame.time_delta": "0.000590000", + "frame.time_delta_displayed": "0.000590000", + "frame.time_relative": "539.636293000", + "frame.number": "2025", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x0000194f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e7d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54543", + "tcp.dstport": "80", + "tcp.port": "54543", + "tcp.port": "80", + "tcp.stream": "100", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000c3a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003373000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.097453000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.097453000", + "frame.time_delta": "0.000474000", + "frame.time_delta_displayed": "0.000474000", + "frame.time_relative": "539.636767000", + "frame.number": "2026", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b783", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000000f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54543", + "tcp.port": "80", + "tcp.port": "54543", + "tcp.stream": "100", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e851", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2025", + "tcp.analysis.ack_rtt": "0.000474000", + "tcp.analysis.initial_rtt": "0.003373000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.098050000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.098050000", + "frame.time_delta": "0.000597000", + "frame.time_delta_displayed": "0.000597000", + "frame.time_relative": "539.637364000", + "frame.number": "2027", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000b784", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000000de", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54543", + "tcp.port": "80", + "tcp.port": "54543", + "tcp.stream": "100", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002873", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003373000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.098423000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.098423000", + "frame.time_delta": "0.000373000", + "frame.time_delta_displayed": "0.000373000", + "frame.time_relative": "539.637737000", + "frame.number": "2028", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000b785", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fd0a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54543", + "tcp.port": "80", + "tcp.port": "54543", + "tcp.stream": "100", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007adc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003373000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "2027", + "tcp.segment": "2028", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001444000", + "http.request_in": "2025", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.100500000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.100500000", + "frame.time_delta": "0.002077000", + "frame.time_delta_displayed": "0.002077000", + "frame.time_relative": "539.639814000", + "frame.number": "2029", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001950", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f23", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54543", + "tcp.dstport": "80", + "tcp.port": "54543", + "tcp.port": "80", + "tcp.stream": "100", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f228", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2028", + "tcp.analysis.ack_rtt": "0.002077000", + "tcp.analysis.initial_rtt": "0.003373000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.100652000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.100652000", + "frame.time_delta": "0.000152000", + "frame.time_delta_displayed": "0.000152000", + "frame.time_relative": "539.639966000", + "frame.number": "2030", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000b786", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fd09", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54543", + "tcp.port": "80", + "tcp.port": "54543", + "tcp.stream": "100", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007adc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003373000", + "tcp.analysis.bytes_in_flight": "996", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.101069000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.101069000", + "frame.time_delta": "0.000417000", + "frame.time_delta_displayed": "0.000417000", + "frame.time_relative": "539.640383000", + "frame.number": "2031", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001951", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f22", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54543", + "tcp.dstport": "80", + "tcp.port": "54543", + "tcp.port": "80", + "tcp.stream": "100", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f227", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2030", + "tcp.analysis.ack_rtt": "0.000417000", + "tcp.analysis.initial_rtt": "0.003373000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.101487000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.101487000", + "frame.time_delta": "0.000418000", + "frame.time_delta_displayed": "0.000418000", + "frame.time_relative": "539.640801000", + "frame.number": "2032", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f3e1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c491", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54543", + "tcp.port": "80", + "tcp.port": "54543", + "tcp.stream": "100", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e45b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2031", + "tcp.analysis.ack_rtt": "0.000418000", + "tcp.analysis.initial_rtt": "0.003373000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.103419000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.103419000", + "frame.time_delta": "0.001932000", + "frame.time_delta_displayed": "0.001932000", + "frame.time_relative": "539.642733000", + "frame.number": "2033", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001952", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f15", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54543", + "tcp.dstport": "80", + "tcp.port": "54543", + "tcp.port": "80", + "tcp.stream": "100", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000695a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:b4:5f:f3:09:b4:5f:f6:ec", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003373000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "2029", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.197622000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.197622000", + "frame.time_delta": "0.094203000", + "frame.time_delta_displayed": "0.094203000", + "frame.time_relative": "539.736936000", + "frame.number": "2034", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.955441000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.955441000", + "frame.time_delta": "0.757819000", + "frame.time_delta_displayed": "0.757819000", + "frame.time_relative": "540.494755000", + "frame.number": "2035", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005c64", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005ae7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "28", + "http.prev_response_in": "2021" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.959611000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.959611000", + "frame.time_delta": "0.004170000", + "frame.time_delta_displayed": "0.004170000", + "frame.time_relative": "540.498925000", + "frame.number": "2036", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001953", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f14", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54544", + "tcp.dstport": "80", + "tcp.port": "54544", + "tcp.port": "80", + "tcp.stream": "101", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000b902", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.960144000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.960144000", + "frame.time_delta": "0.000533000", + "frame.time_delta_displayed": "0.000533000", + "frame.time_relative": "540.499458000", + "frame.number": "2037", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54544", + "tcp.port": "80", + "tcp.port": "54544", + "tcp.stream": "101", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00001fe9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2036", + "tcp.analysis.ack_rtt": "0.000533000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.963043000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.963043000", + "frame.time_delta": "0.002899000", + "frame.time_delta_displayed": "0.002899000", + "frame.time_relative": "540.502357000", + "frame.number": "2038", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001954", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f1f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54544", + "tcp.dstport": "80", + "tcp.port": "54544", + "tcp.port": "80", + "tcp.stream": "101", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d1c7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2037", + "tcp.analysis.ack_rtt": "0.002899000", + "tcp.analysis.initial_rtt": "0.003432000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.963674000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.963674000", + "frame.time_delta": "0.000631000", + "frame.time_delta_displayed": "0.000631000", + "frame.time_relative": "540.502988000", + "frame.number": "2039", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001955", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e77", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54544", + "tcp.dstport": "80", + "tcp.port": "54544", + "tcp.port": "80", + "tcp.stream": "101", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e740", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003432000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.964162000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.964162000", + "frame.time_delta": "0.000488000", + "frame.time_delta_displayed": "0.000488000", + "frame.time_relative": "540.503476000", + "frame.number": "2040", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000427c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075f7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54544", + "tcp.port": "80", + "tcp.port": "54544", + "tcp.stream": "101", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c358", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2039", + "tcp.analysis.ack_rtt": "0.000488000", + "tcp.analysis.initial_rtt": "0.003432000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.964738000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.964738000", + "frame.time_delta": "0.000576000", + "frame.time_delta_displayed": "0.000576000", + "frame.time_relative": "540.504052000", + "frame.number": "2041", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000427d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075e5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54544", + "tcp.port": "80", + "tcp.port": "54544", + "tcp.stream": "101", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000037a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003432000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.965083000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.965083000", + "frame.time_delta": "0.000345000", + "frame.time_delta_displayed": "0.000345000", + "frame.time_relative": "540.504397000", + "frame.number": "2042", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000427e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007212", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54544", + "tcp.port": "80", + "tcp.port": "54544", + "tcp.stream": "101", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000055e3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003432000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "2041", + "tcp.segment": "2042", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001409000", + "http.request_in": "2039", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.967130000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.967130000", + "frame.time_delta": "0.002047000", + "frame.time_delta_displayed": "0.002047000", + "frame.time_relative": "540.506444000", + "frame.number": "2043", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001956", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f1d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54544", + "tcp.dstport": "80", + "tcp.port": "54544", + "tcp.port": "80", + "tcp.stream": "101", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000cd2f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2042", + "tcp.analysis.ack_rtt": "0.002047000", + "tcp.analysis.initial_rtt": "0.003432000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.967712000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.967712000", + "frame.time_delta": "0.000582000", + "frame.time_delta_displayed": "0.000582000", + "frame.time_relative": "540.507026000", + "frame.number": "2044", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001957", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f1c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54544", + "tcp.dstport": "80", + "tcp.port": "54544", + "tcp.port": "80", + "tcp.stream": "101", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000cd2e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:31.968155000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494131.968155000", + "frame.time_delta": "0.000443000", + "frame.time_delta_displayed": "0.000443000", + "frame.time_relative": "540.507469000", + "frame.number": "2045", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f3ff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c473", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54544", + "tcp.port": "80", + "tcp.port": "54544", + "tcp.stream": "101", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bf62", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2044", + "tcp.analysis.ack_rtt": "0.000443000", + "tcp.analysis.initial_rtt": "0.003432000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:32.008279000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494132.008279000", + "frame.time_delta": "0.040124000", + "frame.time_delta_displayed": "0.040124000", + "frame.time_relative": "540.547593000", + "frame.number": "2046", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005c66", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005adc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "29", + "http.prev_response_in": "2035" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:32.018861000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494132.018861000", + "frame.time_delta": "0.010582000", + "frame.time_delta_displayed": "0.010582000", + "frame.time_relative": "540.558175000", + "frame.number": "2047", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001958", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f0f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54545", + "tcp.dstport": "80", + "tcp.port": "54545", + "tcp.port": "80", + "tcp.stream": "102", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000058c8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:32.019409000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494132.019409000", + "frame.time_delta": "0.000548000", + "frame.time_delta_displayed": "0.000548000", + "frame.time_relative": "540.558723000", + "frame.number": "2048", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54545", + "tcp.port": "80", + "tcp.port": "54545", + "tcp.stream": "102", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00004618", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2047", + "tcp.analysis.ack_rtt": "0.000548000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:32.027365000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494132.027365000", + "frame.time_delta": "0.007956000", + "frame.time_delta_displayed": "0.007956000", + "frame.time_relative": "540.566679000", + "frame.number": "2049", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001959", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f1a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54545", + "tcp.dstport": "80", + "tcp.port": "54545", + "tcp.port": "80", + "tcp.stream": "102", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f7f6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2048", + "tcp.analysis.ack_rtt": "0.007956000", + "tcp.analysis.initial_rtt": "0.008504000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:32.028760000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494132.028760000", + "frame.time_delta": "0.001395000", + "frame.time_delta_displayed": "0.001395000", + "frame.time_relative": "540.568074000", + "frame.number": "2050", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x0000195a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e72", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54545", + "tcp.dstport": "80", + "tcp.port": "54545", + "tcp.port": "80", + "tcp.stream": "102", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000d70", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008504000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:32.029300000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494132.029300000", + "frame.time_delta": "0.000540000", + "frame.time_delta_displayed": "0.000540000", + "frame.time_relative": "540.568614000", + "frame.number": "2051", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fc9d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bbd5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54545", + "tcp.port": "80", + "tcp.port": "54545", + "tcp.stream": "102", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e987", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2050", + "tcp.analysis.ack_rtt": "0.000540000", + "tcp.analysis.initial_rtt": "0.008504000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:32.029885000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494132.029885000", + "frame.time_delta": "0.000585000", + "frame.time_delta_displayed": "0.000585000", + "frame.time_relative": "540.569199000", + "frame.number": "2052", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000fc9e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bbc3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54545", + "tcp.port": "80", + "tcp.port": "54545", + "tcp.stream": "102", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000029a9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008504000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:32.030309000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494132.030309000", + "frame.time_delta": "0.000424000", + "frame.time_delta_displayed": "0.000424000", + "frame.time_relative": "540.569623000", + "frame.number": "2053", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000fc9f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b7f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54545", + "tcp.port": "80", + "tcp.port": "54545", + "tcp.stream": "102", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007c12", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008504000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "2052", + "tcp.segment": "2053", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001549000", + "http.request_in": "2050", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:32.033432000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494132.033432000", + "frame.time_delta": "0.003123000", + "frame.time_delta_displayed": "0.003123000", + "frame.time_relative": "540.572746000", + "frame.number": "2054", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000195b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f18", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54545", + "tcp.dstport": "80", + "tcp.port": "54545", + "tcp.port": "80", + "tcp.stream": "102", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f35e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2053", + "tcp.analysis.ack_rtt": "0.003123000", + "tcp.analysis.initial_rtt": "0.008504000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:32.033824000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494132.033824000", + "frame.time_delta": "0.000392000", + "frame.time_delta_displayed": "0.000392000", + "frame.time_relative": "540.573138000", + "frame.number": "2055", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000195c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f17", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54545", + "tcp.dstport": "80", + "tcp.port": "54545", + "tcp.port": "80", + "tcp.stream": "102", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f35d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:32.034275000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494132.034275000", + "frame.time_delta": "0.000451000", + "frame.time_delta_displayed": "0.000451000", + "frame.time_relative": "540.573589000", + "frame.number": "2056", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f406", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c46c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54545", + "tcp.port": "80", + "tcp.port": "54545", + "tcp.stream": "102", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e591", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2055", + "tcp.analysis.ack_rtt": "0.000451000", + "tcp.analysis.initial_rtt": "0.008504000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:32.062203000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494132.062203000", + "frame.time_delta": "0.027928000", + "frame.time_delta_displayed": "0.027928000", + "frame.time_relative": "540.601517000", + "frame.number": "2057", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00005c67", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005ae1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "30", + "http.prev_response_in": "2046" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:32.065842000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494132.065842000", + "frame.time_delta": "0.003639000", + "frame.time_delta_displayed": "0.003639000", + "frame.time_relative": "540.605156000", + "frame.number": "2058", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000195d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f0a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54546", + "tcp.dstport": "80", + "tcp.port": "54546", + "tcp.port": "80", + "tcp.stream": "103", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000050b0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:32.066377000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494132.066377000", + "frame.time_delta": "0.000535000", + "frame.time_delta_displayed": "0.000535000", + "frame.time_relative": "540.605691000", + "frame.number": "2059", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54546", + "tcp.port": "80", + "tcp.port": "54546", + "tcp.stream": "103", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000588b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2058", + "tcp.analysis.ack_rtt": "0.000535000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:32.071253000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494132.071253000", + "frame.time_delta": "0.004876000", + "frame.time_delta_displayed": "0.004876000", + "frame.time_relative": "540.610567000", + "frame.number": "2060", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000195e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f15", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54546", + "tcp.dstport": "80", + "tcp.port": "54546", + "tcp.port": "80", + "tcp.stream": "103", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000a6a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2059", + "tcp.analysis.ack_rtt": "0.004876000", + "tcp.analysis.initial_rtt": "0.005411000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:32.071903000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494132.071903000", + "frame.time_delta": "0.000650000", + "frame.time_delta_displayed": "0.000650000", + "frame.time_relative": "540.611217000", + "frame.number": "2061", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x0000195f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e6d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54546", + "tcp.dstport": "80", + "tcp.port": "54546", + "tcp.port": "80", + "tcp.stream": "103", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001fe3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005411000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:32.072391000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494132.072391000", + "frame.time_delta": "0.000488000", + "frame.time_delta_displayed": "0.000488000", + "frame.time_relative": "540.611705000", + "frame.number": "2062", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c079", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f7f9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54546", + "tcp.port": "80", + "tcp.port": "54546", + "tcp.stream": "103", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000fbfa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2061", + "tcp.analysis.ack_rtt": "0.000488000", + "tcp.analysis.initial_rtt": "0.005411000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:32.072984000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494132.072984000", + "frame.time_delta": "0.000593000", + "frame.time_delta_displayed": "0.000593000", + "frame.time_relative": "540.612298000", + "frame.number": "2063", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000c07a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f7e7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54546", + "tcp.port": "80", + "tcp.port": "54546", + "tcp.stream": "103", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003c1c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005411000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:32.073334000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494132.073334000", + "frame.time_delta": "0.000350000", + "frame.time_delta_displayed": "0.000350000", + "frame.time_relative": "540.612648000", + "frame.number": "2064", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000c07b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f414", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54546", + "tcp.port": "80", + "tcp.port": "54546", + "tcp.stream": "103", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008e85", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005411000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "2063", + "tcp.segment": "2064", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001431000", + "http.request_in": "2061", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:32.076283000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494132.076283000", + "frame.time_delta": "0.002949000", + "frame.time_delta_displayed": "0.002949000", + "frame.time_relative": "540.615597000", + "frame.number": "2065", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001960", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f13", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54546", + "tcp.dstport": "80", + "tcp.port": "54546", + "tcp.port": "80", + "tcp.stream": "103", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000005d2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2064", + "tcp.analysis.ack_rtt": "0.002949000", + "tcp.analysis.initial_rtt": "0.005411000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:32.076973000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494132.076973000", + "frame.time_delta": "0.000690000", + "frame.time_delta_displayed": "0.000690000", + "frame.time_relative": "540.616287000", + "frame.number": "2066", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001961", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005f12", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54546", + "tcp.dstport": "80", + "tcp.port": "54546", + "tcp.port": "80", + "tcp.stream": "103", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000005d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:32.077405000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494132.077405000", + "frame.time_delta": "0.000432000", + "frame.time_delta_displayed": "0.000432000", + "frame.time_relative": "540.616719000", + "frame.number": "2067", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f407", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c46b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54546", + "tcp.port": "80", + "tcp.port": "54546", + "tcp.stream": "103", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f804", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2066", + "tcp.analysis.ack_rtt": "0.000432000", + "tcp.analysis.initial_rtt": "0.005411000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.044628000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.044628000", + "frame.time_delta": "1.967223000", + "frame.time_delta_displayed": "1.967223000", + "frame.time_relative": "542.583942000", + "frame.number": "2068", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x0000b5d7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000028a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50848", + "udp.dstport": "53", + "udp.port": "50848", + "udp.port": "53", + "udp.length": "52", + "udp.checksum": "0x0000ec36", + "udp.checksum.status": "2", + "udp.stream": "40" + }, + "dns": { + "dns.id": "0x000063c4", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type A, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.044643000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.044643000", + "frame.time_delta": "0.000015000", + "frame.time_delta_displayed": "0.000015000", + "frame.time_relative": "542.583957000", + "frame.number": "2069", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x0000b5d8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000289", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50848", + "udp.dstport": "53", + "udp.port": "50848", + "udp.port": "53", + "udp.length": "52", + "udp.checksum": "0x00001f05", + "udp.checksum.status": "2", + "udp.stream": "40" + }, + "dns": { + "dns.id": "0x000030db", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type AAAA, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.045820000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.045820000", + "frame.time_delta": "0.001177000", + "frame.time_delta_displayed": "0.001177000", + "frame.time_relative": "542.585134000", + "frame.number": "2070", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x0000e86c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000cff4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "50848", + "udp.port": "53", + "udp.port": "50848", + "udp.length": "52", + "udp.checksum": "0x00008289", + "udp.checksum.status": "2", + "udp.stream": "40" + }, + "dns": { + "dns.response_to": "2069", + "dns.time": "0.001177000", + "dns.id": "0x000030db", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type AAAA, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.046623000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.046623000", + "frame.time_delta": "0.000803000", + "frame.time_delta_displayed": "0.000803000", + "frame.time_relative": "542.585937000", + "frame.number": "2071", + "frame.len": "447", + "frame.cap_len": "447", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "433", + "ip.id": "0x0000e86d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ce8a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "50848", + "udp.port": "53", + "udp.port": "50848", + "udp.length": "413", + "udp.checksum": "0x000083f2", + "udp.checksum.status": "2", + "udp.stream": "40" + }, + "dns": { + "dns.response_to": "2068", + "dns.time": "0.001995000", + "dns.id": "0x000063c4", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "3", + "dns.count.auth_rr": "4", + "dns.count.add_rr": "8", + "Queries": { + "fw-update2.smartthings.com: type A, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "fw-update2.smartthings.com: type A, class IN, addr 34.231.50.247": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "34", + "dns.resp.len": "4", + "dns.a": "34.231.50.247" + }, + "fw-update2.smartthings.com: type A, class IN, addr 52.70.238.171": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "34", + "dns.resp.len": "4", + "dns.a": "52.70.238.171" + }, + "fw-update2.smartthings.com: type A, class IN, addr 52.4.156.100": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "34", + "dns.resp.len": "4", + "dns.a": "52.4.156.100" + } + }, + "Authoritative nameservers": { + "smartthings.com: type NS, class IN, ns ns-1275.awsdns-31.org": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "64595", + "dns.resp.len": "23", + "dns.ns": "ns-1275.awsdns-31.org" + }, + "smartthings.com: type NS, class IN, ns ns-442.awsdns-55.com": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "64595", + "dns.resp.len": "19", + "dns.ns": "ns-442.awsdns-55.com" + }, + "smartthings.com: type NS, class IN, ns ns-779.awsdns-33.net": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "64595", + "dns.resp.len": "22", + "dns.ns": "ns-779.awsdns-33.net" + }, + "smartthings.com: type NS, class IN, ns ns-1610.awsdns-09.co.uk": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "64595", + "dns.resp.len": "25", + "dns.ns": "ns-1610.awsdns-09.co.uk" + } + }, + "Additional records": { + "ns-442.awsdns-55.com: type A, class IN, addr 205.251.193.186": { + "dns.resp.name": "ns-442.awsdns-55.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "151419", + "dns.resp.len": "4", + "dns.a": "205.251.193.186" + }, + "ns-779.awsdns-33.net: type A, class IN, addr 205.251.195.11": { + "dns.resp.name": "ns-779.awsdns-33.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60456", + "dns.resp.len": "4", + "dns.a": "205.251.195.11" + }, + "ns-1275.awsdns-31.org: type A, class IN, addr 205.251.196.251": { + "dns.resp.name": "ns-1275.awsdns-31.org", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58695", + "dns.resp.len": "4", + "dns.a": "205.251.196.251" + }, + "ns-1610.awsdns-09.co.uk: type A, class IN, addr 205.251.198.74": { + "dns.resp.name": "ns-1610.awsdns-09.co.uk", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58797", + "dns.resp.len": "4", + "dns.a": "205.251.198.74" + }, + "ns-442.awsdns-55.com: type AAAA, class IN, addr 2600:9000:5301:ba00::1": { + "dns.resp.name": "ns-442.awsdns-55.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "102352", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5301:ba00::1" + }, + "ns-779.awsdns-33.net: type AAAA, class IN, addr 2600:9000:5303:b00::1": { + "dns.resp.name": "ns-779.awsdns-33.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60456", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5303:b00::1" + }, + "ns-1275.awsdns-31.org: type AAAA, class IN, addr 2600:9000:5304:fb00::1": { + "dns.resp.name": "ns-1275.awsdns-31.org", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58695", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5304:fb00::1" + }, + "ns-1610.awsdns-09.co.uk: type AAAA, class IN, addr 2600:9000:5306:4a00::1": { + "dns.resp.name": "ns-1610.awsdns-09.co.uk", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58797", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5306:4a00::1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.047684000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.047684000", + "frame.time_delta": "0.001061000", + "frame.time_delta_displayed": "0.001061000", + "frame.time_relative": "542.586998000", + "frame.number": "2072", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000a79a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007ba9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.dst_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.dst_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.dst_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + } + }, + "tcp": { + "tcp.srcport": "54359", + "tcp.dstport": "443", + "tcp.port": "54359", + "tcp.port": "443", + "tcp.stream": "104", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x00006990", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:25:84:e0:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 2458848, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2458848", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.121794000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.121794000", + "frame.time_delta": "0.074110000", + "frame.time_delta_displayed": "0.074110000", + "frame.time_relative": "542.661108000", + "frame.number": "2073", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "229", + "ip.proto": "6", + "ip.checksum": "0x00007e43", + "ip.checksum.status": "2", + "ip.src": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.src_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.src_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.src_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54359", + "tcp.port": "443", + "tcp.port": "54359", + "tcp.stream": "104", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "26847", + "tcp.window_size": "26847", + "tcp.checksum": "0x00004caf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:4b:44:4c:63:00:25:84:e0:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 1262767203, TSecr 2458848": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262767203", + "tcp.options.timestamp.tsecr": "2458848" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2072", + "tcp.analysis.ack_rtt": "0.074110000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.122294000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.122294000", + "frame.time_delta": "0.000500000", + "frame.time_delta_displayed": "0.000500000", + "frame.time_relative": "542.661608000", + "frame.number": "2074", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000a79b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007bb0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.dst_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.dst_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.dst_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + } + }, + "tcp": { + "tcp.srcport": "54359", + "tcp.dstport": "443", + "tcp.port": "54359", + "tcp.port": "443", + "tcp.stream": "104", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000e36f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:84:e7:4b:44:4c:63", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2458855, TSecr 1262767203": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2458855", + "tcp.options.timestamp.tsecr": "1262767203" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2073", + "tcp.analysis.ack_rtt": "0.000500000", + "tcp.analysis.initial_rtt": "0.074610000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.124420000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.124420000", + "frame.time_delta": "0.002126000", + "frame.time_delta_displayed": "0.002126000", + "frame.time_relative": "542.663734000", + "frame.number": "2075", + "frame.len": "373", + "frame.cap_len": "373", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "359", + "ip.id": "0x0000a79c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007a7c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.dst_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.dst_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.dst_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + } + }, + "tcp": { + "tcp.srcport": "54359", + "tcp.dstport": "443", + "tcp.port": "54359", + "tcp.port": "443", + "tcp.stream": "104", + "tcp.len": "307", + "tcp.seq": "1", + "tcp.nxtseq": "308", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x000076a7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:84:e7:4b:44:4c:63", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2458855, TSecr 1262767203": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2458855", + "tcp.options.timestamp.tsecr": "1262767203" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.074610000", + "tcp.analysis.bytes_in_flight": "307", + "tcp.analysis.push_bytes_sent": "307" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000301", + "ssl.record.length": "302", + "ssl.handshake": { + "ssl.handshake.type": "1", + "ssl.handshake.length": "298", + "ssl.handshake.version": "0x00000303", + "Random": { + "ssl.handshake.random_time": "Jun 25, 2043 04:08:39.000000000 PDT", + "ssl.handshake.random": "5c:db:c1:a4:f9:25:4b:76:fe:a0:76:93:60:73:7e:ab:9b:bf:a6:14:0c:9a:14:13:d5:b3:c1:10" + }, + "ssl.handshake.session_id_length": "0", + "ssl.handshake.cipher_suites_length": "148", + "ssl.handshake.ciphersuites": { + "ssl.handshake.ciphersuite": "49200", + "ssl.handshake.ciphersuite": "49196", + "ssl.handshake.ciphersuite": "49192", + "ssl.handshake.ciphersuite": "49188", + "ssl.handshake.ciphersuite": "49172", + "ssl.handshake.ciphersuite": "49162", + "ssl.handshake.ciphersuite": "163", + "ssl.handshake.ciphersuite": "159", + "ssl.handshake.ciphersuite": "107", + "ssl.handshake.ciphersuite": "106", + "ssl.handshake.ciphersuite": "57", + "ssl.handshake.ciphersuite": "56", + "ssl.handshake.ciphersuite": "136", + "ssl.handshake.ciphersuite": "135", + "ssl.handshake.ciphersuite": "49202", + "ssl.handshake.ciphersuite": "49198", + "ssl.handshake.ciphersuite": "49194", + "ssl.handshake.ciphersuite": "49190", + "ssl.handshake.ciphersuite": "49167", + "ssl.handshake.ciphersuite": "49157", + "ssl.handshake.ciphersuite": "157", + "ssl.handshake.ciphersuite": "61", + "ssl.handshake.ciphersuite": "53", + "ssl.handshake.ciphersuite": "132", + "ssl.handshake.ciphersuite": "49199", + "ssl.handshake.ciphersuite": "49195", + "ssl.handshake.ciphersuite": "49191", + "ssl.handshake.ciphersuite": "49187", + "ssl.handshake.ciphersuite": "49171", + "ssl.handshake.ciphersuite": "49161", + "ssl.handshake.ciphersuite": "162", + "ssl.handshake.ciphersuite": "158", + "ssl.handshake.ciphersuite": "103", + "ssl.handshake.ciphersuite": "64", + "ssl.handshake.ciphersuite": "51", + "ssl.handshake.ciphersuite": "50", + "ssl.handshake.ciphersuite": "154", + "ssl.handshake.ciphersuite": "153", + "ssl.handshake.ciphersuite": "69", + "ssl.handshake.ciphersuite": "68", + "ssl.handshake.ciphersuite": "49201", + "ssl.handshake.ciphersuite": "49197", + "ssl.handshake.ciphersuite": "49193", + "ssl.handshake.ciphersuite": "49189", + "ssl.handshake.ciphersuite": "49166", + "ssl.handshake.ciphersuite": "49156", + "ssl.handshake.ciphersuite": "156", + "ssl.handshake.ciphersuite": "60", + "ssl.handshake.ciphersuite": "47", + "ssl.handshake.ciphersuite": "150", + "ssl.handshake.ciphersuite": "65", + "ssl.handshake.ciphersuite": "7", + "ssl.handshake.ciphersuite": "49169", + "ssl.handshake.ciphersuite": "49159", + "ssl.handshake.ciphersuite": "49164", + "ssl.handshake.ciphersuite": "49154", + "ssl.handshake.ciphersuite": "5", + "ssl.handshake.ciphersuite": "4", + "ssl.handshake.ciphersuite": "49170", + "ssl.handshake.ciphersuite": "49160", + "ssl.handshake.ciphersuite": "22", + "ssl.handshake.ciphersuite": "19", + "ssl.handshake.ciphersuite": "49165", + "ssl.handshake.ciphersuite": "49155", + "ssl.handshake.ciphersuite": "10", + "ssl.handshake.ciphersuite": "21", + "ssl.handshake.ciphersuite": "18", + "ssl.handshake.ciphersuite": "9", + "ssl.handshake.ciphersuite": "20", + "ssl.handshake.ciphersuite": "17", + "ssl.handshake.ciphersuite": "8", + "ssl.handshake.ciphersuite": "6", + "ssl.handshake.ciphersuite": "3", + "ssl.handshake.ciphersuite": "255" + }, + "ssl.handshake.comp_methods_length": "1", + "ssl.handshake.comp_methods": { + "ssl.handshake.comp_method": "0" + }, + "ssl.handshake.extensions_length": "109", + "Extension: ec_point_formats": { + "ssl.handshake.extension.type": "0x0000000b", + "ssl.handshake.extension.len": "4", + "ssl.handshake.extensions_ec_point_formats_length": "3", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_ec_point_format": "0", + "ssl.handshake.extensions_ec_point_format": "1", + "ssl.handshake.extensions_ec_point_format": "2" + } + }, + "Extension: elliptic_curves": { + "ssl.handshake.extension.type": "0x0000000a", + "ssl.handshake.extension.len": "52", + "ssl.handshake.extensions_elliptic_curves_length": "50", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_elliptic_curve": "0x0000000e", + "ssl.handshake.extensions_elliptic_curve": "0x0000000d", + "ssl.handshake.extensions_elliptic_curve": "0x00000019", + "ssl.handshake.extensions_elliptic_curve": "0x0000000b", + "ssl.handshake.extensions_elliptic_curve": "0x0000000c", + "ssl.handshake.extensions_elliptic_curve": "0x00000018", + "ssl.handshake.extensions_elliptic_curve": "0x00000009", + "ssl.handshake.extensions_elliptic_curve": "0x0000000a", + "ssl.handshake.extensions_elliptic_curve": "0x00000016", + "ssl.handshake.extensions_elliptic_curve": "0x00000017", + "ssl.handshake.extensions_elliptic_curve": "0x00000008", + "ssl.handshake.extensions_elliptic_curve": "0x00000006", + "ssl.handshake.extensions_elliptic_curve": "0x00000007", + "ssl.handshake.extensions_elliptic_curve": "0x00000014", + "ssl.handshake.extensions_elliptic_curve": "0x00000015", + "ssl.handshake.extensions_elliptic_curve": "0x00000004", + "ssl.handshake.extensions_elliptic_curve": "0x00000005", + "ssl.handshake.extensions_elliptic_curve": "0x00000012", + "ssl.handshake.extensions_elliptic_curve": "0x00000013", + "ssl.handshake.extensions_elliptic_curve": "0x00000001", + "ssl.handshake.extensions_elliptic_curve": "0x00000002", + "ssl.handshake.extensions_elliptic_curve": "0x00000003", + "ssl.handshake.extensions_elliptic_curve": "0x0000000f", + "ssl.handshake.extensions_elliptic_curve": "0x00000010", + "ssl.handshake.extensions_elliptic_curve": "0x00000011" + } + }, + "Extension: SessionTicket TLS": { + "ssl.handshake.extension.type": "0x00000023", + "ssl.handshake.extension.len": "0", + "ssl.handshake.extension.data": "" + }, + "Extension: signature_algorithms": { + "ssl.handshake.extension.type": "0x0000000d", + "ssl.handshake.extension.len": "32", + "ssl.handshake.sig_hash_alg_len": "30", + "ssl.handshake.sig_hash_algs": { + "ssl.handshake.sig_hash_alg": "0x00000601", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000602", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000603", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000501", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000502", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000503", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000401", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000402", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000403", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000301", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000302", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000303", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000201", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000202", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000203", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "3" + } + } + }, + "Extension: Heartbeat": { + "ssl.handshake.extension.type": "0x0000000f", + "ssl.handshake.extension.len": "1", + "ssl.handshake.extension.heartbeat.mode": "1" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.198483000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.198483000", + "frame.time_delta": "0.074063000", + "frame.time_delta_displayed": "0.074063000", + "frame.time_relative": "542.737797000", + "frame.number": "2076", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000674e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "229", + "ip.proto": "6", + "ip.checksum": "0x000016fd", + "ip.checksum.status": "2", + "ip.src": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.src_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.src_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.src_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54359", + "tcp.port": "443", + "tcp.port": "54359", + "tcp.stream": "104", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e2a0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:44:4c:76:00:25:84:e7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262767222, TSecr 2458855": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262767222", + "tcp.options.timestamp.tsecr": "2458855" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2075", + "tcp.analysis.ack_rtt": "0.074063000", + "tcp.analysis.initial_rtt": "0.074610000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.199789000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.199789000", + "frame.time_delta": "0.001306000", + "frame.time_delta_displayed": "0.001306000", + "frame.time_relative": "542.739103000", + "frame.number": "2077", + "frame.len": "1514", + "frame.cap_len": "1514", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1500", + "ip.id": "0x0000674f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "229", + "ip.proto": "6", + "ip.checksum": "0x00001154", + "ip.checksum.status": "2", + "ip.src": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.src_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.src_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.src_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54359", + "tcp.port": "443", + "tcp.port": "54359", + "tcp.stream": "104", + "tcp.len": "1448", + "tcp.seq": "1", + "tcp.nxtseq": "1449", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001d47", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:44:4c:76:00:25:84:e7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262767222, TSecr 2458855": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262767222", + "tcp.options.timestamp.tsecr": "2458855" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.074610000", + "tcp.analysis.bytes_in_flight": "1448", + "tcp.analysis.push_bytes_sent": "1448" + }, + "tcp.segment_data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e" + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "89", + "ssl.handshake": { + "ssl.handshake.type": "2", + "ssl.handshake.length": "85", + "ssl.handshake.version": "0x00000303", + "Random": { + "ssl.handshake.random_time": "May 10, 1985 05:24:55.000000000 PDT", + "ssl.handshake.random": "8b:34:53:cd:cc:72:6d:2d:53:23:f2:57:30:4d:e1:d4:3c:55:72:20:a9:59:0c:a2:81:66:14:15" + }, + "ssl.handshake.session_id_length": "32", + "ssl.handshake.session_id": "a3:f7:4e:02:d2:1f:bf:80:dc:b6:1f:59:29:4d:4b:e3:89:ce:6d:39:1b:16:ab:4f:87:0e:3a:e2:f1:a3:2d:73", + "ssl.handshake.ciphersuite": "49199", + "ssl.handshake.comp_method": "0", + "ssl.handshake.extensions_length": "13", + "Extension: renegotiation_info": { + "ssl.handshake.extension.type": "0x0000ff01", + "ssl.handshake.extension.len": "1", + "Renegotiation Info extension": { + "ssl.handshake.extensions_reneg_info_len": "0" + } + }, + "Extension: ec_point_formats": { + "ssl.handshake.extension.type": "0x0000000b", + "ssl.handshake.extension.len": "4", + "ssl.handshake.extensions_ec_point_formats_length": "3", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_ec_point_format": "0", + "ssl.handshake.extensions_ec_point_format": "1", + "ssl.handshake.extensions_ec_point_format": "2" + } + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.199812000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.199812000", + "frame.time_delta": "0.000023000", + "frame.time_delta_displayed": "0.000023000", + "frame.time_relative": "542.739126000", + "frame.number": "2078", + "frame.len": "289", + "frame.cap_len": "289", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:x509ce:ns_cert_exts:x509ce:x509ce:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "275", + "ip.id": "0x00006750", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "229", + "ip.proto": "6", + "ip.checksum": "0x0000161c", + "ip.checksum.status": "2", + "ip.src": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.src_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.src_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.src_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54359", + "tcp.port": "443", + "tcp.port": "54359", + "tcp.stream": "104", + "tcp.len": "223", + "tcp.seq": "1449", + "tcp.nxtseq": "1672", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000187e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:44:4c:76:00:25:84:e7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262767222, TSecr 2458855": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262767222", + "tcp.options.timestamp.tsecr": "2458855" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.074610000", + "tcp.analysis.bytes_in_flight": "1671", + "tcp.analysis.push_bytes_sent": "1671" + }, + "tcp.segment_data": "3a:cd:63:9f" + }, + "tcp.segments": { + "tcp.segment": "2077", + "tcp.segment": "2078", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1358", + "tcp.reassembled.data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1353", + "ssl.handshake": { + "ssl.handshake.type": "11", + "ssl.handshake.length": "1349", + "ssl.handshake.certificates_length": "1346", + "ssl.handshake.certificates": { + "ssl.handshake.certificate_length": "777", + "ssl.handshake.certificate": "30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79", + "ssl.handshake.certificate_tree": { + "x509af.signedCertificate_element": { + "x509af.version": "2", + "x509af.serialNumber": "0", + "x509af.signature_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "x509af.issuer": "0", + "x509af.issuer_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.validity_element": { + "x509af.notBefore": "0", + "x509af.notBefore_tree": { + "x509af.utcTime": "15-03-05 21:25:44 (UTC)" + }, + "x509af.notAfter": "0", + "x509af.notAfter_tree": { + "x509af.utcTime": "25-03-02 21:25:44 (UTC)" + } + }, + "x509af.subject": "0", + "x509af.subject_tree": { + "x509af.rdnSequence": "5", + "x509af.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STFWSRV" + } + } + } + } + }, + "x509af.subjectPublicKeyInfo_element": { + "x509af.algorithm_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.1" + }, + "x509af.subjectPublicKey": "30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01", + "x509af.subjectPublicKey_tree": { + "pkcs1.modulus": "00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b", + "pkcs1.publicExponent": "65537" + } + }, + "x509af.extensions": "4", + "x509af.extensions_tree": { + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.19", + "x509ce.BasicConstraintsSyntax_element": "" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.16.840.1.113730.1.13", + "ns_cert_exts.Comment": "OpenSSL Generated Certificate" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.14", + "x509ce.SubjectKeyIdentifier": "01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.35", + "x509ce.AuthorityKeyIdentifier_element": { + "x509ce.authorityCertIssuer": "1", + "x509ce.authorityCertIssuer_tree": { + "x509ce.GeneralName": "4", + "x509ce.GeneralName_tree": { + "x509ce.directoryName": "0", + "x509ce.directoryName_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + } + } + }, + "x509ce.authorityCertSerialNumber": "-2877719464742176835" + } + } + } + }, + "x509af.algorithmIdentifier_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "ber.bitstring.padding": "0", + "x509af.encrypted": "0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79" + }, + "ssl.handshake.certificate_length": "563", + "ssl.handshake.certificate": "30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f", + "ssl.handshake.certificate_tree": { + "x509af.signedCertificate_element": { + "x509af.serialNumber": "-2877719464742176835", + "x509af.signature_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "x509af.issuer": "0", + "x509af.issuer_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.validity_element": { + "x509af.notBefore": "0", + "x509af.notBefore_tree": { + "x509af.utcTime": "15-03-05 21:25:34 (UTC)" + }, + "x509af.notAfter": "0", + "x509af.notAfter_tree": { + "x509af.utcTime": "25-03-02 21:25:34 (UTC)" + } + }, + "x509af.subject": "0", + "x509af.subject_tree": { + "x509af.rdnSequence": "5", + "x509af.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.subjectPublicKeyInfo_element": { + "x509af.algorithm_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.1" + }, + "x509af.subjectPublicKey": "30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01", + "x509af.subjectPublicKey_tree": { + "pkcs1.modulus": "00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f", + "pkcs1.publicExponent": "65537" + } + } + }, + "x509af.algorithmIdentifier_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "ber.bitstring.padding": "0", + "x509af.encrypted": "48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" + } + } + } + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "205", + "ssl.handshake": { + "ssl.handshake.type": "12", + "ssl.handshake.length": "201", + "EC Diffie-Hellman Server Params": { + "ssl.handshake.server_curve_type": "0x00000003", + "ssl.handshake.server_named_curve": "0x00000017", + "ssl.handshake.server_point_len": "65", + "ssl.handshake.server_point": "04:2c:9e:64:dd:a9:e7:df:55:48:2b:3e:dd:0e:1e:55:42:d4:b0:26:b3:96:8c:b2:c8:a1:db:96:2a:7c:d6:b4:e3:d6:2d:91:0b:62:7c:a6:c7:03:b2:71:3a:59:61:a3:72:e5:a6:09:b5:91:24:f0:fb:c3:b5:1e:3d:9f:60:48:d4", + "ssl.handshake.sig_hash_alg": "0x00000601", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_len": "128", + "ssl.handshake.sig": "96:df:03:d6:28:b0:77:9a:02:a2:bf:9f:0c:3b:6d:4c:be:99:59:cc:ce:0c:4b:d3:05:d3:5e:fa:5c:9f:0f:d9:87:29:90:49:bc:21:40:d0:b7:ce:8a:07:c8:14:32:42:c0:92:76:96:51:87:e0:95:31:8f:d9:59:fc:7f:b3:49:eb:6b:d4:d1:e0:49:94:55:47:a0:2b:78:b7:45:ba:b3:cf:45:d8:c0:ae:7b:f1:c1:11:4e:11:b1:e0:bf:24:1a:97:a6:14:b3:7f:57:be:d6:85:5a:14:5a:19:07:4b:65:d6:20:59:5f:26:ee:01:19:41:28:c3:8a:11:10:17:bb" + } + } + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "4", + "ssl.handshake": { + "ssl.handshake.type": "14", + "ssl.handshake.length": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.200480000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.200480000", + "frame.time_delta": "0.000668000", + "frame.time_delta_displayed": "0.000668000", + "frame.time_relative": "542.739794000", + "frame.number": "2079", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000a79d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007bae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.dst_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.dst_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.dst_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + } + }, + "tcp": { + "tcp.srcport": "54359", + "tcp.dstport": "443", + "tcp.port": "54359", + "tcp.port": "443", + "tcp.stream": "104", + "tcp.len": "0", + "tcp.seq": "308", + "tcp.ack": "1672", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000db66", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:84:ef:4b:44:4c:76", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2458863, TSecr 1262767222": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2458863", + "tcp.options.timestamp.tsecr": "1262767222" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2078", + "tcp.analysis.ack_rtt": "0.000668000", + "tcp.analysis.initial_rtt": "0.074610000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.230924000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.230924000", + "frame.time_delta": "0.030444000", + "frame.time_delta_displayed": "0.030444000", + "frame.time_relative": "542.770238000", + "frame.number": "2080", + "frame.len": "192", + "frame.cap_len": "192", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "178", + "ip.id": "0x0000a79e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007b2f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.dst_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.dst_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.dst_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + } + }, + "tcp": { + "tcp.srcport": "54359", + "tcp.dstport": "443", + "tcp.port": "54359", + "tcp.port": "443", + "tcp.stream": "104", + "tcp.len": "126", + "tcp.seq": "308", + "tcp.nxtseq": "434", + "tcp.ack": "1672", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000ee10", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:84:f2:4b:44:4c:76", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2458866, TSecr 1262767222": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2458866", + "tcp.options.timestamp.tsecr": "1262767222" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.074610000", + "tcp.analysis.bytes_in_flight": "126", + "tcp.analysis.push_bytes_sent": "126" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "70", + "ssl.handshake": { + "ssl.handshake.type": "16", + "ssl.handshake.length": "66", + "EC Diffie-Hellman Client Params": { + "ssl.handshake.client_point_len": "65", + "ssl.handshake.client_point": "04:36:03:d7:07:15:3d:76:0c:89:fc:50:cc:65:67:a8:77:65:11:b5:26:64:be:0e:21:1f:cf:f3:92:7b:ce:3d:86:4b:a9:9e:61:50:f0:88:4a:39:66:fa:86:dd:02:73:e5:ec:d4:24:f4:7d:27:b6:64:44:64:0b:68:be:c2:f6:58" + } + } + }, + "ssl.record": { + "ssl.record.content_type": "20", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1", + "ssl.change_cipher_spec": "" + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "40", + "ssl.handshake": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.305463000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.305463000", + "frame.time_delta": "0.074539000", + "frame.time_delta_displayed": "0.074539000", + "frame.time_relative": "542.844777000", + "frame.number": "2081", + "frame.len": "117", + "frame.cap_len": "117", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "103", + "ip.id": "0x00006751", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "229", + "ip.proto": "6", + "ip.checksum": "0x000016c7", + "ip.checksum.status": "2", + "ip.src": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.src_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.src_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.src_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54359", + "tcp.port": "443", + "tcp.port": "54359", + "tcp.stream": "104", + "tcp.len": "51", + "tcp.seq": "1672", + "tcp.nxtseq": "1723", + "tcp.ack": "434", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003a11", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:44:4c:91:00:25:84:f2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262767249, TSecr 2458866": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262767249", + "tcp.options.timestamp.tsecr": "2458866" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2080", + "tcp.analysis.ack_rtt": "0.074539000", + "tcp.analysis.initial_rtt": "0.074610000", + "tcp.analysis.bytes_in_flight": "51", + "tcp.analysis.push_bytes_sent": "51" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "20", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1", + "ssl.change_cipher_spec": "" + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "40", + "ssl.handshake": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.306606000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.306606000", + "frame.time_delta": "0.001143000", + "frame.time_delta_displayed": "0.001143000", + "frame.time_relative": "542.845920000", + "frame.number": "2082", + "frame.len": "135", + "frame.cap_len": "135", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "121", + "ip.id": "0x0000a79f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007b67", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.dst_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.dst_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.dst_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + } + }, + "tcp": { + "tcp.srcport": "54359", + "tcp.dstport": "443", + "tcp.port": "54359", + "tcp.port": "443", + "tcp.stream": "104", + "tcp.len": "69", + "tcp.seq": "434", + "tcp.nxtseq": "503", + "tcp.ack": "1723", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000eb68", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:84:fa:4b:44:4c:91", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2458874, TSecr 1262767249": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2458874", + "tcp.options.timestamp.tsecr": "1262767249" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2081", + "tcp.analysis.ack_rtt": "0.001143000", + "tcp.analysis.initial_rtt": "0.074610000", + "tcp.analysis.bytes_in_flight": "69", + "tcp.analysis.push_bytes_sent": "69" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "64", + "ssl.app_data": "5c:41:61:9e:0a:f7:28:87:40:26:de:e3:76:79:ea:f9:cb:62:c2:6c:d7:cd:bf:b1:0c:b9:43:74:ed:1c:c6:e1:9f:09:43:25:0b:72:13:de:12:ca:40:0c:7c:89:34:be:ce:8a:d1:f0:be:ee:a9:3e:b1:49:34:f9:e4:dc:61:d8" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.381001000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.381001000", + "frame.time_delta": "0.074395000", + "frame.time_delta_displayed": "0.074395000", + "frame.time_relative": "542.920315000", + "frame.number": "2083", + "frame.len": "135", + "frame.cap_len": "135", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "121", + "ip.id": "0x00006752", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "229", + "ip.proto": "6", + "ip.checksum": "0x000016b4", + "ip.checksum.status": "2", + "ip.src": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.src_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.src_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.src_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54359", + "tcp.port": "443", + "tcp.port": "54359", + "tcp.stream": "104", + "tcp.len": "69", + "tcp.seq": "1723", + "tcp.nxtseq": "1792", + "tcp.ack": "503", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000593d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:44:4c:a4:00:25:84:fa", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262767268, TSecr 2458874": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262767268", + "tcp.options.timestamp.tsecr": "2458874" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2082", + "tcp.analysis.ack_rtt": "0.074395000", + "tcp.analysis.initial_rtt": "0.074610000", + "tcp.analysis.bytes_in_flight": "69", + "tcp.analysis.push_bytes_sent": "69" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "64", + "ssl.app_data": "1a:86:c0:5d:71:8a:81:db:6b:55:6e:c3:2a:16:53:af:76:f9:98:0e:da:46:07:c5:3a:6a:f4:0f:67:82:2c:21:e3:88:49:99:47:88:a4:6d:c5:7c:92:d6:54:de:1c:db:82:bd:37:f2:a1:57:5e:4c:a3:80:52:19:4a:1a:9e:a0" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.381940000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.381940000", + "frame.time_delta": "0.000939000", + "frame.time_delta_displayed": "0.000939000", + "frame.time_relative": "542.921254000", + "frame.number": "2084", + "frame.len": "555", + "frame.cap_len": "555", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "541", + "ip.id": "0x0000a7a0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000079c2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.dst_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.dst_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.dst_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + } + }, + "tcp": { + "tcp.srcport": "54359", + "tcp.dstport": "443", + "tcp.port": "54359", + "tcp.port": "443", + "tcp.stream": "104", + "tcp.len": "489", + "tcp.seq": "503", + "tcp.nxtseq": "992", + "tcp.ack": "1792", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000afac", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:85:01:4b:44:4c:a4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2458881, TSecr 1262767268": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2458881", + "tcp.options.timestamp.tsecr": "1262767268" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2083", + "tcp.analysis.ack_rtt": "0.000939000", + "tcp.analysis.initial_rtt": "0.074610000", + "tcp.analysis.bytes_in_flight": "489", + "tcp.analysis.push_bytes_sent": "489" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "484", + "ssl.app_data": "5c:41:61:9e:0a:f7:28:88:77:74:14:19:fe:1d:8d:27:6c:b1:78:5b:48:0d:fd:ae:4f:38:f3:76:1e:5b:cf:f0:ab:e0:f4:a1:f0:3a:65:34:b2:37:60:d6:b5:d2:16:98:23:35:ba:c1:e2:d0:99:93:69:f1:eb:c4:14:3d:77:2d:9c:e7:87:4c:0b:41:b5:f8:62:24:be:74:ca:1f:1a:24:66:95:ab:30:f5:03:8d:81:7c:89:b7:b4:92:06:43:11:b6:46:7a:3e:c4:fd:34:9a:50:e1:ff:c6:c8:ad:e1:08:d7:0f:0b:43:7c:b3:3e:cb:e2:20:80:d9:61:b0:de:85:c0:3e:8f:7d:05:6d:f2:24:39:4c:35:fb:b9:7f:02:ef:62:4c:a2:9b:5f:7c:0f:3f:cd:7f:54:bb:58:21:ad:3b:df:82:96:5c:cb:9d:74:ac:03:6d:64:be:bd:1c:c5:7c:5e:d7:47:d8:72:de:7a:7d:72:92:23:41:16:e9:3e:b7:9b:16:01:78:3c:38:d5:72:61:27:85:5e:ec:12:46:d3:27:f2:b8:8e:ab:56:a9:6f:ea:99:0d:05:91:f0:44:0a:e0:78:6c:f9:f4:6d:3f:62:3f:41:c8:21:d1:f2:ec:14:81:75:dd:3a:c9:c2:ab:90:51:bd:68:a3:96:99:75:30:f8:14:a4:4c:ec:8f:45:bb:5b:c4:00:1b:3b:ab:38:41:f4:11:04:7b:84:dd:35:76:97:45:3c:ce:09:34:d2:09:ec:12:a6:ed:01:56:7a:70:03:04:4c:2e:86:7c:4a:ed:dc:eb:52:66:80:38:35:03:91:62:e1:da:91:60:d9:61:39:82:8a:63:97:7a:54:6a:b4:77:59:bd:3b:49:71:0c:58:38:29:30:c1:ce:22:ff:ed:55:d2:34:3a:a6:3a:06:0b:a6:3f:0f:26:84:81:51:98:8a:8e:bb:be:0b:38:c2:9c:fd:61:ba:93:48:bc:ae:ff:3e:c8:a0:92:95:48:87:2b:be:ad:5e:02:d4:e9:e3:53:71:43:12:b6:fb:b9:11:df:e6:95:48:e8:42:08:e1:3f:63:69:34:af:99:bd:da:f6:d0:22:a9:1f:be:2c:fd:80:a0:53:b7:3e:59:47:db:86:cd:7e:93:5e:0a:6c:67:34:4c:a2:0d:49:09:be:6a:48:a5:86:35:c7:3f:f8:a0:94:09:75:cc:10:e9:ed:8d:b6:f1:a1:cb:0e:16:7b:ee:41:c8:94:01:66:fd:ac:60:6d:3d:8b:cf" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.456667000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.456667000", + "frame.time_delta": "0.074727000", + "frame.time_delta_displayed": "0.074727000", + "frame.time_relative": "542.995981000", + "frame.number": "2085", + "frame.len": "141", + "frame.cap_len": "141", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "127", + "ip.id": "0x00006753", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "229", + "ip.proto": "6", + "ip.checksum": "0x000016ad", + "ip.checksum.status": "2", + "ip.src": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.src_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.src_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.src_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54359", + "tcp.port": "443", + "tcp.port": "54359", + "tcp.stream": "104", + "tcp.len": "75", + "tcp.seq": "1792", + "tcp.nxtseq": "1867", + "tcp.ack": "992", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000025da", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:44:4c:b6:00:25:85:01", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262767286, TSecr 2458881": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262767286", + "tcp.options.timestamp.tsecr": "2458881" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2084", + "tcp.analysis.ack_rtt": "0.074727000", + "tcp.analysis.initial_rtt": "0.074610000", + "tcp.analysis.bytes_in_flight": "75", + "tcp.analysis.push_bytes_sent": "75" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "70", + "ssl.app_data": "1a:86:c0:5d:71:8a:81:dc:06:2e:d6:e1:85:1f:56:3d:26:07:e3:3d:4b:70:39:e1:b7:a6:6a:10:35:1b:32:9f:05:7c:36:5d:f5:db:63:34:70:3d:6e:81:07:d9:ac:1c:78:f0:36:ae:a0:d2:da:00:a3:e0:e1:77:e1:a2:b8:7d:73:98:e9:6d:fa:02" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.457250000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.457250000", + "frame.time_delta": "0.000583000", + "frame.time_delta_displayed": "0.000583000", + "frame.time_relative": "542.996564000", + "frame.number": "2086", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000a7a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007baa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.dst_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.dst_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.dst_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + } + }, + "tcp": { + "tcp.srcport": "54359", + "tcp.dstport": "443", + "tcp.port": "54359", + "tcp.port": "443", + "tcp.stream": "104", + "tcp.len": "0", + "tcp.seq": "992", + "tcp.ack": "1867", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000d79c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:85:09:4b:44:4c:b6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2458889, TSecr 1262767286": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2458889", + "tcp.options.timestamp.tsecr": "1262767286" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2085", + "tcp.analysis.ack_rtt": "0.000583000", + "tcp.analysis.initial_rtt": "0.074610000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.531043000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.531043000", + "frame.time_delta": "0.073793000", + "frame.time_delta_displayed": "0.073793000", + "frame.time_relative": "543.070357000", + "frame.number": "2087", + "frame.len": "97", + "frame.cap_len": "97", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "83", + "ip.id": "0x00006754", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "229", + "ip.proto": "6", + "ip.checksum": "0x000016d8", + "ip.checksum.status": "2", + "ip.src": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.src_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.src_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.src_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54359", + "tcp.port": "443", + "tcp.port": "54359", + "tcp.stream": "104", + "tcp.len": "31", + "tcp.seq": "1867", + "tcp.nxtseq": "1898", + "tcp.ack": "993", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ae03", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:44:4c:c9:00:25:85:09", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262767305, TSecr 2458889": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262767305", + "tcp.options.timestamp.tsecr": "2458889" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2086", + "tcp.analysis.ack_rtt": "0.073793000", + "tcp.analysis.initial_rtt": "0.074610000", + "tcp.analysis.bytes_in_flight": "31", + "tcp.analysis.push_bytes_sent": "31" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "21", + "ssl.record.version": "0x00000303", + "ssl.record.length": "26", + "ssl.alert_message": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.531129000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.531129000", + "frame.time_delta": "0.000086000", + "frame.time_delta_displayed": "0.000086000", + "frame.time_relative": "543.070443000", + "frame.number": "2088", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00006755", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "229", + "ip.proto": "6", + "ip.checksum": "0x000016f6", + "ip.checksum.status": "2", + "ip.src": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.src_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.src_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.src_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54359", + "tcp.port": "443", + "tcp.port": "54359", + "tcp.stream": "104", + "tcp.len": "0", + "tcp.seq": "1898", + "tcp.ack": "993", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d810", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:44:4c:c9:00:25:85:09", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262767305, TSecr 2458889": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262767305", + "tcp.options.timestamp.tsecr": "2458889" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.531556000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.531556000", + "frame.time_delta": "0.000427000", + "frame.time_delta_displayed": "0.000427000", + "frame.time_relative": "543.070870000", + "frame.number": "2089", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000bf91", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000063c6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.dst_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.dst_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.dst_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + } + }, + "tcp": { + "tcp.srcport": "54359", + "tcp.dstport": "443", + "tcp.port": "54359", + "tcp.port": "443", + "tcp.stream": "104", + "tcp.len": "0", + "tcp.seq": "993", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00008b9c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.531568000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.531568000", + "frame.time_delta": "0.000012000", + "frame.time_delta_displayed": "0.000012000", + "frame.time_relative": "543.070882000", + "frame.number": "2090", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000bf92", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000063c5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.dst_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.dst_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.dst_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + } + }, + "tcp": { + "tcp.srcport": "54359", + "tcp.dstport": "443", + "tcp.port": "54359", + "tcp.port": "443", + "tcp.stream": "104", + "tcp.len": "0", + "tcp.seq": "993", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00008b9c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.700586000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.700586000", + "frame.time_delta": "0.169018000", + "frame.time_delta_displayed": "0.169018000", + "frame.time_relative": "543.239900000", + "frame.number": "2091", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057e4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6ad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "161", + "tcp.ack": "145", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000058f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.843903000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.843903000", + "frame.time_delta": "0.143317000", + "frame.time_delta_displayed": "0.143317000", + "frame.time_relative": "543.383217000", + "frame.number": "2092", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fd5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdbc", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "145", + "tcp.ack": "162", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001004", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:34.994667000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494134.994667000", + "frame.time_delta": "0.150764000", + "frame.time_delta_displayed": "0.150764000", + "frame.time_relative": "543.533981000", + "frame.number": "2093", + "frame.len": "103", + "frame.cap_len": "103", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "89", + "ip.id": "0x00000d04", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000cc95", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "69", + "udp.checksum": "0x00000f59", + "udp.checksum.status": "2", + "udp.stream": "38" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", + "dns.qry.name.len": "37", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:35.576695000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494135.576695000", + "frame.time_delta": "0.582028000", + "frame.time_delta_displayed": "0.582028000", + "frame.time_relative": "544.116009000", + "frame.number": "2094", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d62", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba8e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000999", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000026a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=618", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:35.577387000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494135.577387000", + "frame.time_delta": "0.000692000", + "frame.time_delta_displayed": "0.000692000", + "frame.time_relative": "544.116701000", + "frame.number": "2095", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d63", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b89", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ea94", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000026a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=618", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:35.577897000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494135.577897000", + "frame.time_delta": "0.000510000", + "frame.time_delta_displayed": "0.000510000", + "frame.time_relative": "544.117211000", + "frame.number": "2096", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000785a", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000026a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=618", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:36.226177000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494136.226177000", + "frame.time_delta": "0.648280000", + "frame.time_delta_displayed": "0.648280000", + "frame.time_relative": "544.765491000", + "frame.number": "2097", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005bd2", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005c17", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:36.685616000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494136.685616000", + "frame.time_delta": "0.459439000", + "frame.time_delta_displayed": "0.459439000", + "frame.time_relative": "545.224930000", + "frame.number": "2098", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020e3", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e731", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60446", + "udp.dstport": "1900", + "udp.port": "60446", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00005e3f", + "udp.checksum.status": "2", + "udp.stream": "41" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:37.333030000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494137.333030000", + "frame.time_delta": "0.647414000", + "frame.time_delta_displayed": "0.647414000", + "frame.time_relative": "545.872344000", + "frame.number": "2099", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005cf7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005a54", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "305", + "udp.checksum": "0x0000d8fc", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:37.385744000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494137.385744000", + "frame.time_delta": "0.052714000", + "frame.time_delta_displayed": "0.052714000", + "frame.time_relative": "545.925058000", + "frame.number": "2100", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005cfb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005a47", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "314", + "udp.checksum": "0x0000e6e7", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "2099" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:37.438788000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494137.438788000", + "frame.time_delta": "0.053044000", + "frame.time_delta_displayed": "0.053044000", + "frame.time_relative": "545.978102000", + "frame.number": "2101", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00005cff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005a49", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "308", + "udp.checksum": "0x00000a72", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "2100" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:37.686526000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494137.686526000", + "frame.time_delta": "0.247738000", + "frame.time_delta_displayed": "0.247738000", + "frame.time_relative": "546.225840000", + "frame.number": "2102", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020e4", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e730", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60446", + "udp.dstport": "1900", + "udp.port": "60446", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00005e3f", + "udp.checksum.status": "2", + "udp.stream": "41" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "2098" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:38.385694000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494138.385694000", + "frame.time_delta": "0.699168000", + "frame.time_delta_displayed": "0.699168000", + "frame.time_relative": "546.925008000", + "frame.number": "2103", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005d3b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005a10", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "305", + "udp.checksum": "0x0000d8fc", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "2101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:38.438460000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494138.438460000", + "frame.time_delta": "0.052766000", + "frame.time_delta_displayed": "0.052766000", + "frame.time_relative": "546.977774000", + "frame.number": "2104", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005d3d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005a05", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "314", + "udp.checksum": "0x0000e6e7", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "2103" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:38.491238000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494138.491238000", + "frame.time_delta": "0.052778000", + "frame.time_delta_displayed": "0.052778000", + "frame.time_relative": "547.030552000", + "frame.number": "2105", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00005d3f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005a09", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "308", + "udp.checksum": "0x00000a72", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "2104" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:38.687299000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494138.687299000", + "frame.time_delta": "0.196061000", + "frame.time_delta_displayed": "0.196061000", + "frame.time_relative": "547.226613000", + "frame.number": "2106", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020e5", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e72f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60446", + "udp.dstport": "1900", + "udp.port": "60446", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00005e3f", + "udp.checksum.status": "2", + "udp.stream": "41" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "2102" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:39.018082000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494139.018082000", + "frame.time_delta": "0.330783000", + "frame.time_delta_displayed": "0.330783000", + "frame.time_relative": "547.557396000", + "frame.number": "2107", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005d67", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000059e4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "305", + "udp.checksum": "0x0000d8fc", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "2105" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:39.060198000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494139.060198000", + "frame.time_delta": "0.042116000", + "frame.time_delta_displayed": "0.042116000", + "frame.time_relative": "547.599512000", + "frame.number": "2108", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:39.060640000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494139.060640000", + "frame.time_delta": "0.000442000", + "frame.time_delta_displayed": "0.000442000", + "frame.time_relative": "547.599954000", + "frame.number": "2109", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:39.070867000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494139.070867000", + "frame.time_delta": "0.010227000", + "frame.time_delta_displayed": "0.010227000", + "frame.time_relative": "547.610181000", + "frame.number": "2110", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005d69", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000059d9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "314", + "udp.checksum": "0x0000e6e7", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "2107" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:39.123700000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494139.123700000", + "frame.time_delta": "0.052833000", + "frame.time_delta_displayed": "0.052833000", + "frame.time_relative": "547.663014000", + "frame.number": "2111", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00005d6a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000059de", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "308", + "udp.checksum": "0x00000a72", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "2110" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:39.687522000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494139.687522000", + "frame.time_delta": "0.563822000", + "frame.time_delta_displayed": "0.563822000", + "frame.time_relative": "548.226836000", + "frame.number": "2112", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020e6", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e72e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60446", + "udp.dstport": "1900", + "udp.port": "60446", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00005e3f", + "udp.checksum.status": "2", + "udp.stream": "41" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "2106" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:39.850205000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494139.850205000", + "frame.time_delta": "0.162683000", + "frame.time_delta_displayed": "0.162683000", + "frame.time_relative": "548.389519000", + "frame.number": "2113", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:39.850595000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494139.850595000", + "frame.time_delta": "0.000390000", + "frame.time_delta_displayed": "0.000390000", + "frame.time_relative": "548.389909000", + "frame.number": "2114", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:40.070162000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494140.070162000", + "frame.time_delta": "0.219567000", + "frame.time_delta_displayed": "0.219567000", + "frame.time_relative": "548.609476000", + "frame.number": "2115", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005dbf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000598c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "305", + "udp.checksum": "0x0000d8fc", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "2111" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:40.122952000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494140.122952000", + "frame.time_delta": "0.052790000", + "frame.time_delta_displayed": "0.052790000", + "frame.time_relative": "548.662266000", + "frame.number": "2116", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005dc4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000597e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "314", + "udp.checksum": "0x0000e6e7", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "2115" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:40.175675000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494140.175675000", + "frame.time_delta": "0.052723000", + "frame.time_delta_displayed": "0.052723000", + "frame.time_relative": "548.714989000", + "frame.number": "2117", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00005dc5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005983", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "308", + "udp.checksum": "0x00000a72", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "2116" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:40.386374000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494140.386374000", + "frame.time_delta": "0.210699000", + "frame.time_delta_displayed": "0.210699000", + "frame.time_relative": "548.925688000", + "frame.number": "2118", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005dd2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005979", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "305", + "udp.checksum": "0x0000d8fc", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "2117" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:40.439163000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494140.439163000", + "frame.time_delta": "0.052789000", + "frame.time_delta_displayed": "0.052789000", + "frame.time_relative": "548.978477000", + "frame.number": "2119", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005dd6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000596c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "314", + "udp.checksum": "0x0000e6e7", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "2118" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:40.491980000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494140.491980000", + "frame.time_delta": "0.052817000", + "frame.time_delta_displayed": "0.052817000", + "frame.time_relative": "549.031294000", + "frame.number": "2120", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00005ddc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000596c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "308", + "udp.checksum": "0x00000a72", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "2119" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:40.576960000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494140.576960000", + "frame.time_delta": "0.084980000", + "frame.time_delta_displayed": "0.084980000", + "frame.time_relative": "549.116274000", + "frame.number": "2121", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d64", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba8c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000999", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000026a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=618", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:40.577532000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494140.577532000", + "frame.time_delta": "0.000572000", + "frame.time_delta_displayed": "0.000572000", + "frame.time_relative": "549.116846000", + "frame.number": "2122", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d65", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b87", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ea94", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000026a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=618", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:40.578134000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494140.578134000", + "frame.time_delta": "0.000602000", + "frame.time_delta_displayed": "0.000602000", + "frame.time_relative": "549.117448000", + "frame.number": "2123", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000785a", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000026a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=618", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:41.438507000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494141.438507000", + "frame.time_delta": "0.860373000", + "frame.time_delta_displayed": "0.860373000", + "frame.time_relative": "549.977821000", + "frame.number": "2124", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005e0e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000593d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "305", + "udp.checksum": "0x0000d8fc", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "2120" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:41.491328000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494141.491328000", + "frame.time_delta": "0.052821000", + "frame.time_delta_displayed": "0.052821000", + "frame.time_relative": "550.030642000", + "frame.number": "2125", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005e14", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000592e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "314", + "udp.checksum": "0x0000e6e7", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "2124" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:41.544127000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494141.544127000", + "frame.time_delta": "0.052799000", + "frame.time_delta_displayed": "0.052799000", + "frame.time_relative": "550.083441000", + "frame.number": "2126", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00005e17", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005931", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "308", + "udp.checksum": "0x00000a72", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "2125" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:41.549028000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494141.549028000", + "frame.time_delta": "0.004901000", + "frame.time_delta_displayed": "0.004901000", + "frame.time_relative": "550.088342000", + "frame.number": "2127", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:42.122948000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494142.122948000", + "frame.time_delta": "0.573920000", + "frame.time_delta_displayed": "0.573920000", + "frame.time_relative": "550.662262000", + "frame.number": "2128", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005e4c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000058ff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "305", + "udp.checksum": "0x0000d8fc", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "2126" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:42.175689000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494142.175689000", + "frame.time_delta": "0.052741000", + "frame.time_delta_displayed": "0.052741000", + "frame.time_relative": "550.715003000", + "frame.number": "2129", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005e51", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000058f1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "314", + "udp.checksum": "0x0000e6e7", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "2128" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:42.228396000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494142.228396000", + "frame.time_delta": "0.052707000", + "frame.time_delta_displayed": "0.052707000", + "frame.time_relative": "550.767710000", + "frame.number": "2130", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00005e56", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000058f2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "308", + "udp.checksum": "0x00000a72", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "2129" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:42.349435000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494142.349435000", + "frame.time_delta": "0.121039000", + "frame.time_delta_displayed": "0.121039000", + "frame.time_relative": "550.888749000", + "frame.number": "2131", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x00009524", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "9396", + "tcp.nxtseq": "9748", + "tcp.ack": "1535", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c700", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:88:1e:a7:9d:04:98", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2459678, TSecr 2812085400": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2459678", + "tcp.options.timestamp.tsecr": "2812085400" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "352", + "tcp.analysis.push_bytes_sent": "352" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "347", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:b9:e1:50:5a:de:34:98:f8:60:56:fa:d9:c9:43:91:64:2b:83:6f:e6:61:85:8f:4e:62:77:c1:c8:1a:ac:8f:43:4a:c9:8b:e0:f6:9d:93:3a:50:29:10:98:3f:04:b6:4a:8b:17:1e:ab:b3:05:3c:a7:2e:8a:24:8d:5f:6e:db:38:c7:c8:4c:47:65:9a:12:40:b3:4c:c4:67:4c:78:f1:d1:04:92:9d:a8:6c:41:47:d4:93:82:bf:c4:7c:e3:a5:02:4c:65:08:f9:24:0f:53:88:a0:17:69:6a:41:86:1d:19:07:c4:31:a8:f1:21:f8:c7:60:d8:e0:a0:50:d3:c4:67:09:8b:12:a8:14:1c:59:76:44:53:1c:86:4b:13:f8:c3:5f:eb:a4:df:1c:5e:84:85:ec:61:28:a6:5f:f9:c2:af:ff:00:c5:32:9d:36:53:3a:a6:e8:96:a2:25:10:cb:3b:2c:3d:ec:21:d1:3d:d1:28:23:ab:25:c3:8c:2d:05:d3:a0:13:72:ee:cb:40:52:65:80:b4:fe:62:d4:82:e2:7f:0c:c9:5e:d6:cb:61:6f:5b:35:e3:f3:6c:63:05:e8:c0:81:db:e2:51:f2:b5:80:5b:14:72:3a:5f:05:8c:30:3b:e7:c0:1f:1a:27:83:15:12:28:ba:81:88:39:bc:5e:dd:8e:53:63:5a:c9:a2:5b:e6:eb:38:ba:36:21:ee:a8:c7:8d:f5:e8:85:1a:47:e2:f7:5b:13:bb:77:67:ec:5e:07:52:2e:64:2f:df:ac:89:aa:c1:37:36:81:75:57:ae:a7:ac:8d:8f:63:54:91:6c:69:bd:64:d5:b5:26:59:1a:aa:af:c1:5c:c6:56:86:29:f2:92:d1:6e:80:a7:c8:60:11:6f:b8:f7:e2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:42.410389000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494142.410389000", + "frame.time_delta": "0.060954000", + "frame.time_delta_displayed": "0.060954000", + "frame.time_relative": "550.949703000", + "frame.number": "2132", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002c15", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000393b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "1535", + "tcp.nxtseq": "1582", + "tcp.ack": "9748", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002c49", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:15:5f:00:25:88:1e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812089695, TSecr 2459678": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812089695", + "tcp.options.timestamp.tsecr": "2459678" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2131", + "tcp.analysis.ack_rtt": "0.060954000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:45:d3:59:c5:ee:a1:59:d8:ac:d2:a0:04:03:fa:cc:f2:4f:71:8c:4f:0a:67:57:23:42:22:5b:41:80:de:65:a2:2b:b6:4f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:42.410828000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494142.410828000", + "frame.time_delta": "0.000439000", + "frame.time_delta_displayed": "0.000439000", + "frame.time_relative": "550.950142000", + "frame.number": "2133", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009525", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000785a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9748", + "tcp.ack": "1582", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ddda", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:88:24:a7:9d:15:5f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2459684, TSecr 2812089695": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2459684", + "tcp.options.timestamp.tsecr": "2812089695" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2132", + "tcp.analysis.ack_rtt": "0.000439000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:43.175613000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494143.175613000", + "frame.time_delta": "0.764785000", + "frame.time_delta_displayed": "0.764785000", + "frame.time_relative": "551.714927000", + "frame.number": "2134", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005e61", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000058ea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "305", + "udp.checksum": "0x0000d8fc", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "2130" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:43.228378000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494143.228378000", + "frame.time_delta": "0.052765000", + "frame.time_delta_displayed": "0.052765000", + "frame.time_relative": "551.767692000", + "frame.number": "2135", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005e66", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000058dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "314", + "udp.checksum": "0x0000e6e7", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "2134" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:43.280716000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494143.280716000", + "frame.time_delta": "0.052338000", + "frame.time_delta_displayed": "0.052338000", + "frame.time_relative": "551.820030000", + "frame.number": "2136", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00005e69", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000058df", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60446", + "udp.port": "1900", + "udp.port": "60446", + "udp.length": "308", + "udp.checksum": "0x00000a72", + "udp.checksum.status": "2", + "udp.stream": "42" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "2135" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:55:54.996715000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494154.996715000", + "frame.time_delta": "11.715999000", + "frame.time_delta_displayed": "11.715999000", + "frame.time_relative": "563.536029000", + "frame.number": "2137", + "frame.len": "103", + "frame.cap_len": "103", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "89", + "ip.id": "0x00000d54", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000cc45", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "69", + "udp.checksum": "0x00000f59", + "udp.checksum.status": "2", + "udp.stream": "38" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", + "dns.qry.name.len": "37", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:04.076970000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494164.076970000", + "frame.time_delta": "9.080255000", + "frame.time_delta_displayed": "9.080255000", + "frame.time_relative": "572.616284000", + "frame.number": "2138", + "frame.len": "94", + "frame.cap_len": "94", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "80", + "ip.id": "0x000057e5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a684", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "40", + "tcp.seq": "162", + "tcp.nxtseq": "202", + "tcp.ack": "145", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a652", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "40", + "tcp.analysis.push_bytes_sent": "40" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "35", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:e0:56:1a:bf:86:a1:ef:6c:86:9b:f6:69:41:6d:9d:05:cf:34:09:4b:d3:b7:11:07:d0:f6:bc:ad" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:04.220660000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494164.220660000", + "frame.time_delta": "0.143690000", + "frame.time_delta_displayed": "0.143690000", + "frame.time_relative": "572.759974000", + "frame.number": "2139", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00000fd6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd97", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "36", + "tcp.seq": "145", + "tcp.nxtseq": "181", + "tcp.ack": "202", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006035", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2138", + "tcp.analysis.ack_rtt": "0.143690000", + "tcp.analysis.bytes_in_flight": "36", + "tcp.analysis.push_bytes_sent": "36" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "31", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:66:c4:4c:ec:35:34:3a:02:fc:28:0b:d5:36:c3:65:5f:eb:6a:7f:9e:e5:85:9f:fa" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:04.221175000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494164.221175000", + "frame.time_delta": "0.000515000", + "frame.time_delta_displayed": "0.000515000", + "frame.time_relative": "572.760489000", + "frame.number": "2140", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057e6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6ab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "202", + "tcp.ack": "181", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000542", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2139", + "tcp.analysis.ack_rtt": "0.000515000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:06.274791000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494166.274791000", + "frame.time_delta": "2.053616000", + "frame.time_delta_displayed": "2.053616000", + "frame.time_relative": "574.814105000", + "frame.number": "2141", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005bd9", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005c10", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.009481000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.009481000", + "frame.time_delta": "4.734690000", + "frame.time_delta_displayed": "4.734690000", + "frame.time_relative": "579.548795000", + "frame.number": "2142", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00008450", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004507", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.062424000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.062424000", + "frame.time_delta": "0.052943000", + "frame.time_delta_displayed": "0.052943000", + "frame.time_relative": "579.601738000", + "frame.number": "2143", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00008455", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004502", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.115233000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.115233000", + "frame.time_delta": "0.052809000", + "frame.time_delta_displayed": "0.052809000", + "frame.time_relative": "579.654547000", + "frame.number": "2144", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000845a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000044f4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.129200000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.129200000", + "frame.time_delta": "0.013967000", + "frame.time_delta_displayed": "0.013967000", + "frame.time_relative": "579.668514000", + "frame.number": "2145", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00009207", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000266e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47470", + "tcp.dstport": "80", + "tcp.port": "47470", + "tcp.port": "80", + "tcp.stream": "105", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000cbf3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:35:e1:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 931297, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "931297", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.129749000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.129749000", + "frame.time_delta": "0.000549000", + "frame.time_delta_displayed": "0.000549000", + "frame.time_relative": "579.669063000", + "frame.number": "2146", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47470", + "tcp.port": "80", + "tcp.port": "47470", + "tcp.stream": "105", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008f17", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2145", + "tcp.analysis.ack_rtt": "0.000549000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.132960000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.132960000", + "frame.time_delta": "0.003211000", + "frame.time_delta_displayed": "0.003211000", + "frame.time_relative": "579.672274000", + "frame.number": "2147", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009208", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002681", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47470", + "tcp.dstport": "80", + "tcp.port": "47470", + "tcp.port": "80", + "tcp.stream": "105", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000409f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2146", + "tcp.analysis.ack_rtt": "0.003211000", + "tcp.analysis.initial_rtt": "0.003760000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.134092000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.134092000", + "frame.time_delta": "0.001132000", + "frame.time_delta_displayed": "0.001132000", + "frame.time_relative": "579.673406000", + "frame.number": "2148", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00009209", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000025c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47470", + "tcp.dstport": "80", + "tcp.port": "47470", + "tcp.port": "80", + "tcp.stream": "105", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a019", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003760000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.134566000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.134566000", + "frame.time_delta": "0.000474000", + "frame.time_delta_displayed": "0.000474000", + "frame.time_relative": "579.673880000", + "frame.number": "2149", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007db1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003ad8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47470", + "tcp.port": "80", + "tcp.port": "47470", + "tcp.stream": "105", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000326e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2148", + "tcp.analysis.ack_rtt": "0.000474000", + "tcp.analysis.initial_rtt": "0.003760000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.135237000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.135237000", + "frame.time_delta": "0.000671000", + "frame.time_delta_displayed": "0.000671000", + "frame.time_relative": "579.674551000", + "frame.number": "2150", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00007db2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003ac6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47470", + "tcp.port": "80", + "tcp.port": "47470", + "tcp.stream": "105", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000728f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003760000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.135662000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.135662000", + "frame.time_delta": "0.000425000", + "frame.time_delta_displayed": "0.000425000", + "frame.time_relative": "579.674976000", + "frame.number": "2151", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00007db3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000036f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47470", + "tcp.port": "80", + "tcp.port": "47470", + "tcp.stream": "105", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c4f8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003760000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "2150", + "tcp.segment": "2151", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001570000", + "http.request_in": "2148", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.139038000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.139038000", + "frame.time_delta": "0.003376000", + "frame.time_delta_displayed": "0.003376000", + "frame.time_relative": "579.678352000", + "frame.number": "2152", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000920a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000267f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47470", + "tcp.dstport": "80", + "tcp.port": "47470", + "tcp.port": "80", + "tcp.stream": "105", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003fce", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2150", + "tcp.analysis.ack_rtt": "0.003801000", + "tcp.analysis.initial_rtt": "0.003760000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.139079000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.139079000", + "frame.time_delta": "0.000041000", + "frame.time_delta_displayed": "0.000041000", + "frame.time_relative": "579.678393000", + "frame.number": "2153", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000920b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000267e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47470", + "tcp.dstport": "80", + "tcp.port": "47470", + "tcp.port": "80", + "tcp.stream": "105", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003be3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2151", + "tcp.analysis.ack_rtt": "0.003417000", + "tcp.analysis.initial_rtt": "0.003760000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.139576000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.139576000", + "frame.time_delta": "0.000497000", + "frame.time_delta_displayed": "0.000497000", + "frame.time_relative": "579.678890000", + "frame.number": "2154", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000920c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000267d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47470", + "tcp.dstport": "80", + "tcp.port": "47470", + "tcp.port": "80", + "tcp.stream": "105", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003be2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.140016000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.140016000", + "frame.time_delta": "0.000440000", + "frame.time_delta_displayed": "0.000440000", + "frame.time_relative": "579.679330000", + "frame.number": "2155", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f28d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c5fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47470", + "tcp.port": "80", + "tcp.port": "47470", + "tcp.stream": "105", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002e78", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2154", + "tcp.analysis.ack_rtt": "0.000440000", + "tcp.analysis.initial_rtt": "0.003760000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.143100000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.143100000", + "frame.time_delta": "0.003084000", + "frame.time_delta_displayed": "0.003084000", + "frame.time_relative": "579.682414000", + "frame.number": "2156", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000059d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b2ec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47470", + "tcp.dstport": "80", + "tcp.port": "47470", + "tcp.port": "80", + "tcp.stream": "105", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006902", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.168341000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.168341000", + "frame.time_delta": "0.025241000", + "frame.time_delta_displayed": "0.025241000", + "frame.time_relative": "579.707655000", + "frame.number": "2157", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000845f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000044ef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.221414000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.221414000", + "frame.time_delta": "0.053073000", + "frame.time_delta_displayed": "0.053073000", + "frame.time_relative": "579.760728000", + "frame.number": "2158", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00008464", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000044f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.274352000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.274352000", + "frame.time_delta": "0.052938000", + "frame.time_delta_displayed": "0.052938000", + "frame.time_relative": "579.813666000", + "frame.number": "2159", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00008469", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000044eb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.337510000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.337510000", + "frame.time_delta": "0.063158000", + "frame.time_delta_displayed": "0.063158000", + "frame.time_relative": "579.876824000", + "frame.number": "2160", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000ba66", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fe0e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47471", + "tcp.dstport": "80", + "tcp.port": "47471", + "tcp.port": "80", + "tcp.stream": "106", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000f263", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:35:f5:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 931317, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "931317", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.338081000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.338081000", + "frame.time_delta": "0.000571000", + "frame.time_delta_displayed": "0.000571000", + "frame.time_relative": "579.877395000", + "frame.number": "2161", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47471", + "tcp.port": "80", + "tcp.port": "47471", + "tcp.stream": "106", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000c30b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2160", + "tcp.analysis.ack_rtt": "0.000571000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.340623000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.340623000", + "frame.time_delta": "0.002542000", + "frame.time_delta_displayed": "0.002542000", + "frame.time_relative": "579.879937000", + "frame.number": "2162", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ba67", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fe21", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47471", + "tcp.dstport": "80", + "tcp.port": "47471", + "tcp.port": "80", + "tcp.stream": "106", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007493", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2161", + "tcp.analysis.ack_rtt": "0.002542000", + "tcp.analysis.initial_rtt": "0.003113000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.340757000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.340757000", + "frame.time_delta": "0.000134000", + "frame.time_delta_displayed": "0.000134000", + "frame.time_relative": "579.880071000", + "frame.number": "2163", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000ba68", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fd60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47471", + "tcp.dstport": "80", + "tcp.port": "47471", + "tcp.port": "80", + "tcp.stream": "106", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d40d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003113000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.341194000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.341194000", + "frame.time_delta": "0.000437000", + "frame.time_delta_displayed": "0.000437000", + "frame.time_relative": "579.880508000", + "frame.number": "2164", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009e3d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001a4c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47471", + "tcp.port": "80", + "tcp.port": "47471", + "tcp.stream": "106", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006662", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2163", + "tcp.analysis.ack_rtt": "0.000437000", + "tcp.analysis.initial_rtt": "0.003113000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.341922000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.341922000", + "frame.time_delta": "0.000728000", + "frame.time_delta_displayed": "0.000728000", + "frame.time_relative": "579.881236000", + "frame.number": "2165", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00009e3e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001a3a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47471", + "tcp.port": "80", + "tcp.port": "47471", + "tcp.stream": "106", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a683", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003113000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.342279000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.342279000", + "frame.time_delta": "0.000357000", + "frame.time_delta_displayed": "0.000357000", + "frame.time_relative": "579.881593000", + "frame.number": "2166", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00009e3f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001667", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47471", + "tcp.port": "80", + "tcp.port": "47471", + "tcp.stream": "106", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f8ec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003113000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "2165", + "tcp.segment": "2166", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001522000", + "http.request_in": "2163", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.344501000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.344501000", + "frame.time_delta": "0.002222000", + "frame.time_delta_displayed": "0.002222000", + "frame.time_relative": "579.883815000", + "frame.number": "2167", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ba69", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fe1f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47471", + "tcp.dstport": "80", + "tcp.port": "47471", + "tcp.port": "80", + "tcp.stream": "106", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000073c2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2165", + "tcp.analysis.ack_rtt": "0.002579000", + "tcp.analysis.initial_rtt": "0.003113000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.345620000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.345620000", + "frame.time_delta": "0.001119000", + "frame.time_delta_displayed": "0.001119000", + "frame.time_relative": "579.884934000", + "frame.number": "2168", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ba6a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fe1e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47471", + "tcp.dstport": "80", + "tcp.port": "47471", + "tcp.port": "80", + "tcp.stream": "106", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006fd7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2166", + "tcp.analysis.ack_rtt": "0.003341000", + "tcp.analysis.initial_rtt": "0.003113000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.346015000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.346015000", + "frame.time_delta": "0.000395000", + "frame.time_delta_displayed": "0.000395000", + "frame.time_relative": "579.885329000", + "frame.number": "2169", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ba6b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fe1d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47471", + "tcp.dstport": "80", + "tcp.port": "47471", + "tcp.port": "80", + "tcp.stream": "106", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006fd6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.346455000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.346455000", + "frame.time_delta": "0.000440000", + "frame.time_delta_displayed": "0.000440000", + "frame.time_relative": "579.885769000", + "frame.number": "2170", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f295", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c5f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47471", + "tcp.port": "80", + "tcp.port": "47471", + "tcp.stream": "106", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000626c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2169", + "tcp.analysis.ack_rtt": "0.000440000", + "tcp.analysis.initial_rtt": "0.003113000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.348811000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.348811000", + "frame.time_delta": "0.002356000", + "frame.time_delta_displayed": "0.002356000", + "frame.time_relative": "579.888125000", + "frame.number": "2171", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000005b1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b2d8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47471", + "tcp.dstport": "80", + "tcp.port": "47471", + "tcp.port": "80", + "tcp.stream": "106", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008f86", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:11.644703000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494171.644703000", + "frame.time_delta": "0.295892000", + "frame.time_delta_displayed": "0.295892000", + "frame.time_relative": "580.184017000", + "frame.number": "2172", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:13.412904000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494173.412904000", + "frame.time_delta": "1.768201000", + "frame.time_delta_displayed": "1.768201000", + "frame.time_relative": "581.952218000", + "frame.number": "2173", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009526", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007828", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "9748", + "tcp.nxtseq": "9797", + "tcp.ack": "1582", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e760", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:94:40:a7:9d:15:5f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2462784, TSecr 2812089695": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2462784", + "tcp.options.timestamp.tsecr": "2812089695" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:ba:7d:4e:f1:3c:48:af:ab:61:e8:8b:90:80:5b:c6:9a:34:8d:67:38:8e:20:a9:a2:fa:56:96:53:88:37:d6:86:2c:36:12:0b:bd" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:13.474866000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494173.474866000", + "frame.time_delta": "0.061962000", + "frame.time_delta_displayed": "0.061962000", + "frame.time_relative": "582.014180000", + "frame.number": "2174", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002c16", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003932", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "1582", + "tcp.nxtseq": "1637", + "tcp.ack": "9797", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e849", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:33:b5:00:25:94:40", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812097461, TSecr 2462784": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812097461", + "tcp.options.timestamp.tsecr": "2462784" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2173", + "tcp.analysis.ack_rtt": "0.061962000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:46:ed:8f:d0:ec:83:53:69:88:fc:81:0f:97:87:61:b1:ff:4a:f1:1e:9b:82:51:54:ce:c9:03:a8:34:ef:1b:a1:26:62:c5:cd:cf:6d:1d:73:d1:97:8e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:13.475360000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494173.475360000", + "frame.time_delta": "0.000494000", + "frame.time_delta_displayed": "0.000494000", + "frame.time_relative": "582.014674000", + "frame.number": "2175", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009527", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007858", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9797", + "tcp.ack": "1637", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b2f9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:94:47:a7:9d:33:b5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2462791, TSecr 2812097461": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2462791", + "tcp.options.timestamp.tsecr": "2812097461" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2174", + "tcp.analysis.ack_rtt": "0.000494000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:14.247508000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494174.247508000", + "frame.time_delta": "0.772148000", + "frame.time_delta_displayed": "0.772148000", + "frame.time_relative": "582.786822000", + "frame.number": "2176", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000fa02", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Include Mode": { + "igmp.record_type": "3", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:14.262482000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494174.262482000", + "frame.time_delta": "0.014974000", + "frame.time_delta_displayed": "0.014974000", + "frame.time_relative": "582.801796000", + "frame.number": "2177", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x00000707", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "2", + "Group Record : 239.255.255.250 Change To Include Mode": { + "igmp.record_type": "3", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "239.255.255.250" + }, + "Group Record : 224.0.0.251 Change To Include Mode": { + "igmp.record_type": "3", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:14.577121000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494174.577121000", + "frame.time_delta": "0.314639000", + "frame.time_delta_displayed": "0.314639000", + "frame.time_relative": "583.116435000", + "frame.number": "2178", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000eb03", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 239.255.255.250 Change To Include Mode": { + "igmp.record_type": "3", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "239.255.255.250" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:18.490172000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494178.490172000", + "frame.time_delta": "3.913051000", + "frame.time_delta_displayed": "3.913051000", + "frame.time_relative": "587.029486000", + "frame.number": "2179", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:18.490615000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494178.490615000", + "frame.time_delta": "0.000443000", + "frame.time_delta_displayed": "0.000443000", + "frame.time_relative": "587.029929000", + "frame.number": "2180", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:25.137521000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494185.137521000", + "frame.time_delta": "6.646906000", + "frame.time_delta_displayed": "6.646906000", + "frame.time_relative": "593.676835000", + "frame.number": "2181", + "frame.len": "412", + "frame.cap_len": "412", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "398", + "ip.id": "0x00009528", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "346", + "tcp.seq": "9797", + "tcp.nxtseq": "10143", + "tcp.ack": "1637", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002104", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:98:d5:a7:9d:33:b5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2463957, TSecr 2812097461": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2463957", + "tcp.options.timestamp.tsecr": "2812097461" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "346", + "tcp.analysis.push_bytes_sent": "346" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "341", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:bb:c3:b7:95:b7:81:6d:c1:4e:e2:84:45:61:60:4c:97:9d:68:4f:d0:f5:c1:a0:3e:a3:00:e6:4c:d5:ea:6f:ee:83:f4:e5:33:7d:54:b3:34:f7:1b:5b:db:0c:2d:13:92:8e:09:fe:fd:0b:5a:93:3e:07:32:8e:56:95:30:7f:54:14:10:91:95:aa:dd:b4:4d:b7:8d:72:7c:25:75:c8:06:cc:50:31:df:90:55:e9:08:85:42:55:6f:4a:3b:28:a9:02:12:77:cf:39:e3:d7:22:11:44:af:c9:c7:e4:8e:8b:d0:39:8d:d8:88:36:fa:c8:7f:3d:77:b5:3b:98:4b:61:93:4f:2d:f3:bb:12:c0:67:d5:70:ae:99:8c:79:f3:38:11:ad:ef:e3:f5:54:0c:60:43:06:8c:42:1d:bf:6d:29:93:97:11:9c:63:6d:2c:4a:59:32:6c:54:0c:e9:b6:54:b6:69:61:45:16:00:5d:98:8c:20:81:57:21:8c:71:2d:c1:d9:c8:0a:94:d7:a6:ff:6e:72:6a:a8:b9:af:b8:4f:8a:69:ac:03:99:15:9b:ee:23:5d:38:4a:52:11:7c:f2:64:38:80:51:e0:9a:1f:69:37:f9:1a:85:47:b6:fb:2c:8d:e2:88:da:5c:a8:08:08:31:d7:e9:ad:34:68:b5:2d:4a:e0:4a:d1:0a:fa:df:10:1a:d0:82:23:ed:d1:74:99:fa:5c:a3:bd:7a:8f:6b:b9:ed:15:72:2e:eb:b3:52:4b:4e:a0:b3:cf:0b:d2:90:2c:87:05:f6:5b:62:0e:30:2c:ca:6e:d0:1b:03:41:7f:b6:71:87:0f:c8:6b:c8:fb:6d:4b:48:2e:68:e5:39:ee:43:d8:a9:03:0d:89:93" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:25.198452000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494185.198452000", + "frame.time_delta": "0.060931000", + "frame.time_delta_displayed": "0.060931000", + "frame.time_relative": "593.737766000", + "frame.number": "2182", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002c17", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003939", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "1637", + "tcp.nxtseq": "1684", + "tcp.ack": "10143", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008a65", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:3f:28:00:25:98:d5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812100392, TSecr 2463957": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812100392", + "tcp.options.timestamp.tsecr": "2463957" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2181", + "tcp.analysis.ack_rtt": "0.060931000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:47:b3:b1:b2:f8:78:32:e4:8b:87:4e:dd:d5:68:46:cb:83:36:92:eb:ac:09:fc:3f:df:67:59:03:f0:4c:b3:98:d6:16:1b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:25.198843000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494185.198843000", + "frame.time_delta": "0.000391000", + "frame.time_delta_displayed": "0.000391000", + "frame.time_relative": "593.738157000", + "frame.number": "2183", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009529", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007856", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10143", + "tcp.ack": "1684", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a169", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:98:db:a7:9d:3f:28", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2463963, TSecr 2812100392": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2463963", + "tcp.options.timestamp.tsecr": "2812100392" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2182", + "tcp.analysis.ack_rtt": "0.000391000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:25.363133000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494185.363133000", + "frame.time_delta": "0.164290000", + "frame.time_delta_displayed": "0.164290000", + "frame.time_relative": "593.902447000", + "frame.number": "2184", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000aa9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ede7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x000096f2", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:04:46:c9:93:f6:cc:f2:14:6b:00:00:00:52:a0:21:21:33:33:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:25.579468000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494185.579468000", + "frame.time_delta": "0.216335000", + "frame.time_delta_displayed": "0.216335000", + "frame.time_relative": "594.118782000", + "frame.number": "2185", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d6b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba85", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000898", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000026b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=619", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:25.580128000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494185.580128000", + "frame.time_delta": "0.000660000", + "frame.time_delta_displayed": "0.000660000", + "frame.time_relative": "594.119442000", + "frame.number": "2186", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d6c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b80", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000e993", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000026b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=619", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:25.580637000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494185.580637000", + "frame.time_delta": "0.000509000", + "frame.time_delta_displayed": "0.000509000", + "frame.time_relative": "594.119951000", + "frame.number": "2187", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007759", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000026b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=619", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:28.851619000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494188.851619000", + "frame.time_delta": "3.270982000", + "frame.time_delta_displayed": "3.270982000", + "frame.time_relative": "597.390933000", + "frame.number": "2188", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:30.584227000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494190.584227000", + "frame.time_delta": "1.732608000", + "frame.time_delta_displayed": "1.732608000", + "frame.time_relative": "599.123541000", + "frame.number": "2189", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d6d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba83", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000898", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000026b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=619", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:30.584745000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494190.584745000", + "frame.time_delta": "0.000518000", + "frame.time_delta_displayed": "0.000518000", + "frame.time_relative": "599.124059000", + "frame.number": "2190", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d6e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b7e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000e993", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000026b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=619", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:30.585167000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494190.585167000", + "frame.time_delta": "0.000422000", + "frame.time_delta_displayed": "0.000422000", + "frame.time_relative": "599.124481000", + "frame.number": "2191", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007759", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000026b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=619", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:34.260491000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494194.260491000", + "frame.time_delta": "3.675324000", + "frame.time_delta_displayed": "3.675324000", + "frame.time_relative": "602.799805000", + "frame.number": "2192", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057e7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6aa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "201", + "tcp.ack": "181", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000543", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:34.403685000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494194.403685000", + "frame.time_delta": "0.143194000", + "frame.time_delta_displayed": "0.143194000", + "frame.time_relative": "602.942999000", + "frame.number": "2193", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fd7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdba", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "181", + "tcp.ack": "202", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000fb8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:35.579865000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494195.579865000", + "frame.time_delta": "1.176180000", + "frame.time_delta_displayed": "1.176180000", + "frame.time_relative": "604.119179000", + "frame.number": "2194", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d6f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba81", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000898", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000026b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=619", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:35.580486000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494195.580486000", + "frame.time_delta": "0.000621000", + "frame.time_delta_displayed": "0.000621000", + "frame.time_relative": "604.119800000", + "frame.number": "2195", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d70", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b7c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000e993", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000026b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=619", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:35.581006000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494195.581006000", + "frame.time_delta": "0.000520000", + "frame.time_delta_displayed": "0.000520000", + "frame.time_relative": "604.120320000", + "frame.number": "2196", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007759", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000026b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=619", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:36.278023000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494196.278023000", + "frame.time_delta": "0.697017000", + "frame.time_delta_displayed": "0.697017000", + "frame.time_relative": "604.817337000", + "frame.number": "2197", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005be0", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005c09", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:39.410234000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494199.410234000", + "frame.time_delta": "3.132211000", + "frame.time_delta_displayed": "3.132211000", + "frame.time_relative": "607.949548000", + "frame.number": "2198", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:39.410727000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494199.410727000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "607.950041000", + "frame.number": "2199", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:40.620026000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494200.620026000", + "frame.time_delta": "1.209299000", + "frame.time_delta_displayed": "1.209299000", + "frame.time_relative": "609.159340000", + "frame.number": "2200", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "50:c7:bf:59:d5:84", + "eth.src_tree": { + "eth.src_resolved": "Tp-LinkT_59:d5:84", + "eth.addr": "50:c7:bf:59:d5:84", + "eth.addr_resolved": "Tp-LinkT_59:d5:84", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "50:c7:bf:59:d5:84", + "arp.src.proto_ipv4": "192.168.0.221", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:56.207506000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494216.207506000", + "frame.time_delta": "15.587480000", + "frame.time_delta_displayed": "15.587480000", + "frame.time_relative": "624.746820000", + "frame.number": "2201", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x0000952a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007824", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "10143", + "tcp.nxtseq": "10192", + "tcp.ack": "1684", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d2b1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:a4:f8:a7:9d:3f:28", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2467064, TSecr 2812100392": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2467064", + "tcp.options.timestamp.tsecr": "2812100392" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:bc:38:79:a6:56:58:96:80:68:c3:dc:e5:c3:ee:7c:ec:20:e5:65:6c:65:cd:32:61:8a:95:ee:6b:f5:74:5a:a3:90:cd:1d:9e:81" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:56.268855000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494216.268855000", + "frame.time_delta": "0.061349000", + "frame.time_delta_displayed": "0.061349000", + "frame.time_relative": "624.808169000", + "frame.number": "2202", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002c18", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003930", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "1684", + "tcp.nxtseq": "1739", + "tcp.ack": "10192", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006a3a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:5d:7f:00:25:a4:f8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812108159, TSecr 2467064": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812108159", + "tcp.options.timestamp.tsecr": "2467064" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2201", + "tcp.analysis.ack_rtt": "0.061349000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:48:8d:cc:44:93:ca:e4:c4:8b:96:83:a2:12:a9:b8:e8:8f:20:9b:85:93:08:47:1c:06:9c:52:05:6f:2b:60:b2:4a:ed:c9:8a:07:e9:e1:5d:71:42:90" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:56:56.269352000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494216.269352000", + "frame.time_delta": "0.000497000", + "frame.time_delta_displayed": "0.000497000", + "frame.time_relative": "624.808666000", + "frame.number": "2203", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000952b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007854", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10192", + "tcp.ack": "1739", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007687", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:a4:fe:a7:9d:5d:7f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2467070, TSecr 2812108159": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2467070", + "tcp.options.timestamp.tsecr": "2812108159" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2202", + "tcp.analysis.ack_rtt": "0.000497000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:01.270178000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494221.270178000", + "frame.time_delta": "5.000826000", + "frame.time_delta_displayed": "5.000826000", + "frame.time_relative": "629.809492000", + "frame.number": "2204", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:01.270611000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494221.270611000", + "frame.time_delta": "0.000433000", + "frame.time_delta_displayed": "0.000433000", + "frame.time_relative": "629.809925000", + "frame.number": "2205", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:02.645738000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494222.645738000", + "frame.time_delta": "1.375127000", + "frame.time_delta_displayed": "1.375127000", + "frame.time_relative": "631.185052000", + "frame.number": "2206", + "frame.len": "318", + "frame.cap_len": "318", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "304", + "ip.id": "0x00008a07", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "46", + "ip.proto": "6", + "ip.checksum": "0x000009c3", + "ip.checksum.status": "2", + "ip.src": "54.241.191.236", + "ip.addr": "54.241.191.236", + "ip.src_host": "54.241.191.236", + "ip.host": "54.241.191.236", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49767", + "tcp.port": "80", + "tcp.port": "49767", + "tcp.stream": "26", + "tcp.len": "264", + "tcp.seq": "1", + "tcp.nxtseq": "265", + "tcp.ack": "258", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30016", + "tcp.window_size": "30016", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00002cf6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018013000", + "tcp.analysis.bytes_in_flight": "264", + "tcp.analysis.push_bytes_sent": "264" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.date": "Tue, 31 Oct 2017 23:57:02 GMT", + "http.response.line": "Date: Tue, 31 Oct 2017 23:57:02 GMT\r\n", + "http.content_type": "text\/javascript; charset=\"UTF-8\"", + "http.response.line": "Content-Type: text\/javascript; charset=\"UTF-8\"\r\n", + "http.content_length_header": "24", + "http.content_length_header_tree": { + "http.content_length": "24" + }, + "http.response.line": "Content-Length: 24\r\n", + "http.connection": "keep-alive", + "http.response.line": "Connection: keep-alive\r\n", + "http.cache_control": "no-cache", + "http.response.line": "Cache-Control: no-cache\r\n", + "http.response.line": "Access-Control-Allow-Origin: *\r\n", + "http.response.line": "Access-Control-Allow-Methods: GET\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "280.016796000", + "http.request_in": "796", + "http.file_data": "[[],\"15094933571306917\"]" + }, + "data-text-lines": { + "[[],\"15094933571306917\"]": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:02.679983000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494222.679983000", + "frame.time_delta": "0.034245000", + "frame.time_delta_displayed": "0.034245000", + "frame.time_relative": "631.219297000", + "frame.number": "2207", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001018", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f3b9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.236", + "ip.addr": "54.241.191.236", + "ip.dst_host": "54.241.191.236", + "ip.host": "54.241.191.236", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49767", + "tcp.dstport": "80", + "tcp.port": "49767", + "tcp.port": "80", + "tcp.stream": "26", + "tcp.len": "0", + "tcp.seq": "258", + "tcp.ack": "265", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5336", + "tcp.window_size": "5336", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008769", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2206", + "tcp.analysis.ack_rtt": "0.034245000", + "tcp.analysis.initial_rtt": "0.018013000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:02.692117000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494222.692117000", + "frame.time_delta": "0.012134000", + "frame.time_delta_displayed": "0.012134000", + "frame.time_relative": "631.231431000", + "frame.number": "2208", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008a08", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "46", + "ip.proto": "6", + "ip.checksum": "0x00000aca", + "ip.checksum.status": "2", + "ip.src": "54.241.191.236", + "ip.addr": "54.241.191.236", + "ip.src_host": "54.241.191.236", + "ip.host": "54.241.191.236", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49767", + "tcp.port": "80", + "tcp.port": "49767", + "tcp.stream": "26", + "tcp.len": "0", + "tcp.seq": "265", + "tcp.ack": "259", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30016", + "tcp.window_size": "30016", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00002700", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2207", + "tcp.analysis.ack_rtt": "0.012134000", + "tcp.analysis.initial_rtt": "0.018013000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:02.697952000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494222.697952000", + "frame.time_delta": "0.005835000", + "frame.time_delta_displayed": "0.005835000", + "frame.time_relative": "631.237266000", + "frame.number": "2209", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001019", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f3b8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.236", + "ip.addr": "54.241.191.236", + "ip.dst_host": "54.241.191.236", + "ip.host": "54.241.191.236", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49767", + "tcp.dstport": "80", + "tcp.port": "49767", + "tcp.port": "80", + "tcp.stream": "26", + "tcp.len": "0", + "tcp.seq": "259", + "tcp.ack": "266", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5335", + "tcp.window_size": "5335", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008769", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2208", + "tcp.analysis.ack_rtt": "0.005835000", + "tcp.analysis.initial_rtt": "0.018013000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:03.686894000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494223.686894000", + "frame.time_delta": "0.988942000", + "frame.time_delta_displayed": "0.988942000", + "frame.time_relative": "632.226208000", + "frame.number": "2210", + "frame.len": "77", + "frame.cap_len": "77", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "63", + "ip.id": "0x0000101a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000029ca", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49153", + "udp.dstport": "53", + "udp.port": "49153", + "udp.port": "53", + "udp.length": "43", + "udp.checksum": "0x0000ae31", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "pubsub.pubnub.com: type A, class IN": { + "dns.qry.name": "pubsub.pubnub.com", + "dns.qry.name.len": "17", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:03.702132000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494223.702132000", + "frame.time_delta": "0.015238000", + "frame.time_delta_displayed": "0.015238000", + "frame.time_relative": "632.241446000", + "frame.number": "2211", + "frame.len": "540", + "frame.cap_len": "540", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "526", + "ip.id": "0x00006660", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000050b5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49153", + "udp.port": "53", + "udp.port": "49153", + "udp.length": "506", + "udp.checksum": "0x000083d5", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.response_to": "2210", + "dns.time": "0.015238000", + "dns.id": "0x00000000", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "2", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "11", + "Queries": { + "pubsub.pubnub.com: type A, class IN": { + "dns.qry.name": "pubsub.pubnub.com", + "dns.qry.name.len": "17", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "pubsub.pubnub.com: type A, class IN, addr 52.9.63.129": { + "dns.resp.name": "pubsub.pubnub.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "27", + "dns.resp.len": "4", + "dns.a": "52.9.63.129" + }, + "pubsub.pubnub.com: type A, class IN, addr 54.241.191.242": { + "dns.resp.name": "pubsub.pubnub.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "27", + "dns.resp.len": "4", + "dns.a": "54.241.191.242" + } + }, + "Authoritative nameservers": { + "pubnub.com: type NS, class IN, ns ns1.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53336", + "dns.resp.len": "20", + "dns.ns": "ns1.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns3.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53336", + "dns.resp.len": "6", + "dns.ns": "ns3.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns-22.awsdns-02.com": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53336", + "dns.resp.len": "18", + "dns.ns": "ns-22.awsdns-02.com" + }, + "pubnub.com: type NS, class IN, ns ns-907.awsdns-49.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53336", + "dns.resp.len": "19", + "dns.ns": "ns-907.awsdns-49.net" + }, + "pubnub.com: type NS, class IN, ns ns-1127.awsdns-12.org": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53336", + "dns.resp.len": "23", + "dns.ns": "ns-1127.awsdns-12.org" + }, + "pubnub.com: type NS, class IN, ns ns-1979.awsdns-55.co.uk": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53336", + "dns.resp.len": "25", + "dns.ns": "ns-1979.awsdns-55.co.uk" + }, + "pubnub.com: type NS, class IN, ns ns2.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53336", + "dns.resp.len": "6", + "dns.ns": "ns2.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns4.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53336", + "dns.resp.len": "6", + "dns.ns": "ns4.p19.dynect.net" + } + }, + "Additional records": { + "ns1.p19.dynect.net: type A, class IN, addr 208.78.70.19": { + "dns.resp.name": "ns1.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5627", + "dns.resp.len": "4", + "dns.a": "208.78.70.19" + }, + "ns2.p19.dynect.net: type A, class IN, addr 204.13.250.19": { + "dns.resp.name": "ns2.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57587", + "dns.resp.len": "4", + "dns.a": "204.13.250.19" + }, + "ns3.p19.dynect.net: type A, class IN, addr 208.78.71.19": { + "dns.resp.name": "ns3.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3897", + "dns.resp.len": "4", + "dns.a": "208.78.71.19" + }, + "ns4.p19.dynect.net: type A, class IN, addr 204.13.251.19": { + "dns.resp.name": "ns4.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57588", + "dns.resp.len": "4", + "dns.a": "204.13.251.19" + }, + "ns-22.awsdns-02.com: type A, class IN, addr 205.251.192.22": { + "dns.resp.name": "ns-22.awsdns-02.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58329", + "dns.resp.len": "4", + "dns.a": "205.251.192.22" + }, + "ns-907.awsdns-49.net: type A, class IN, addr 205.251.195.139": { + "dns.resp.name": "ns-907.awsdns-49.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58437", + "dns.resp.len": "4", + "dns.a": "205.251.195.139" + }, + "ns-1127.awsdns-12.org: type A, class IN, addr 205.251.196.103": { + "dns.resp.name": "ns-1127.awsdns-12.org", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57979", + "dns.resp.len": "4", + "dns.a": "205.251.196.103" + }, + "ns-1979.awsdns-55.co.uk: type A, class IN, addr 205.251.199.187": { + "dns.resp.name": "ns-1979.awsdns-55.co.uk", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57780", + "dns.resp.len": "4", + "dns.a": "205.251.199.187" + }, + "ns-22.awsdns-02.com: type AAAA, class IN, addr 2600:9000:5300:1600::1": { + "dns.resp.name": "ns-22.awsdns-02.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58329", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5300:1600::1" + }, + "ns-907.awsdns-49.net: type AAAA, class IN, addr 2600:9000:5303:8b00::1": { + "dns.resp.name": "ns-907.awsdns-49.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58437", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5303:8b00::1" + }, + "ns-1127.awsdns-12.org: type AAAA, class IN, addr 2600:9000:5304:6700::1": { + "dns.resp.name": "ns-1127.awsdns-12.org", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57979", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5304:6700::1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:03.708670000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494223.708670000", + "frame.time_delta": "0.006538000", + "frame.time_delta_displayed": "0.006538000", + "frame.time_relative": "632.247984000", + "frame.number": "2212", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x0000101b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x00007706", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "52.9.63.129", + "ip.addr": "52.9.63.129", + "ip.dst_host": "52.9.63.129", + "ip.host": "52.9.63.129", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49768", + "tcp.dstport": "80", + "tcp.port": "49768", + "tcp.port": "80", + "tcp.stream": "107", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.checksum": "0x00000afc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:78", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1400" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:03.721404000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494223.721404000", + "frame.time_delta": "0.012734000", + "frame.time_delta_displayed": "0.012734000", + "frame.time_relative": "632.260718000", + "frame.number": "2213", + "frame.len": "58", + "frame.cap_len": "58", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "46", + "ip.proto": "6", + "ip.checksum": "0x00001822", + "ip.checksum.status": "2", + "ip.src": "52.9.63.129", + "ip.addr": "52.9.63.129", + "ip.src_host": "52.9.63.129", + "ip.host": "52.9.63.129", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49768", + "tcp.port": "80", + "tcp.port": "49768", + "tcp.stream": "107", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x00004874", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2212", + "tcp.analysis.ack_rtt": "0.012734000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:03.726670000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494223.726670000", + "frame.time_delta": "0.005266000", + "frame.time_delta_displayed": "0.005266000", + "frame.time_relative": "632.265984000", + "frame.number": "2214", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000101c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x00007709", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "52.9.63.129", + "ip.addr": "52.9.63.129", + "ip.dst_host": "52.9.63.129", + "ip.host": "52.9.63.129", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49768", + "tcp.dstport": "80", + "tcp.port": "49768", + "tcp.port": "80", + "tcp.stream": "107", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008359", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2213", + "tcp.analysis.ack_rtt": "0.005266000", + "tcp.analysis.initial_rtt": "0.018000000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:03.745782000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494223.745782000", + "frame.time_delta": "0.019112000", + "frame.time_delta_displayed": "0.019112000", + "frame.time_relative": "632.285096000", + "frame.number": "2215", + "frame.len": "69", + "frame.cap_len": "69", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "55", + "ip.id": "0x0000101d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000076f9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "52.9.63.129", + "ip.addr": "52.9.63.129", + "ip.dst_host": "52.9.63.129", + "ip.host": "52.9.63.129", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49768", + "tcp.dstport": "80", + "tcp.port": "49768", + "tcp.port": "80", + "tcp.stream": "107", + "tcp.len": "15", + "tcp.seq": "1", + "tcp.nxtseq": "16", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000cbd4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018000000", + "tcp.analysis.bytes_in_flight": "15", + "tcp.analysis.push_bytes_sent": "15" + }, + "tcp.segment_data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:03.758378000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494223.758378000", + "frame.time_delta": "0.012596000", + "frame.time_delta_displayed": "0.012596000", + "frame.time_relative": "632.297692000", + "frame.number": "2216", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000916d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "46", + "ip.proto": "6", + "ip.checksum": "0x000086b8", + "ip.checksum.status": "2", + "ip.src": "52.9.63.129", + "ip.addr": "52.9.63.129", + "ip.src_host": "52.9.63.129", + "ip.host": "52.9.63.129", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49768", + "tcp.port": "80", + "tcp.port": "49768", + "tcp.stream": "107", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "16", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00006022", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2215", + "tcp.analysis.ack_rtt": "0.012596000", + "tcp.analysis.initial_rtt": "0.018000000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:03.763495000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494223.763495000", + "frame.time_delta": "0.005117000", + "frame.time_delta_displayed": "0.005117000", + "frame.time_relative": "632.302809000", + "frame.number": "2217", + "frame.len": "296", + "frame.cap_len": "296", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "282", + "ip.id": "0x0000101e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x00007615", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "52.9.63.129", + "ip.addr": "52.9.63.129", + "ip.dst_host": "52.9.63.129", + "ip.host": "52.9.63.129", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49768", + "tcp.dstport": "80", + "tcp.port": "49768", + "tcp.port": "80", + "tcp.stream": "107", + "tcp.len": "242", + "tcp.seq": "16", + "tcp.nxtseq": "258", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00001167", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018000000", + "tcp.analysis.bytes_in_flight": "242", + "tcp.analysis.push_bytes_sent": "242" + }, + "tcp.segment_data": "73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:33:33:35:37:31:33:30:36:39:31:37:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" + }, + "tcp.segments": { + "tcp.segment": "2215", + "tcp.segment": "2217", + "tcp.segment.count": "2", + "tcp.reassembled.length": "257", + "tcp.reassembled.data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f:73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:33:33:35:37:31:33:30:36:39:31:37:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" + }, + "http": { + "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917 HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917 HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "pubsub.pubnub.com", + "http.request.line": "Host: pubsub.pubnub.com\r\n", + "http.user_agent": "lwsockets\/0.1", + "http.request.line": "User-Agent: lwsockets\/0.1\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.cache_control": "no-cache, no-store, max-age=0", + "http.request.line": "Cache-Control: no-cache, no-store, max-age=0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/pubsub.pubnub.com\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:03.776776000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494223.776776000", + "frame.time_delta": "0.013281000", + "frame.time_delta_displayed": "0.013281000", + "frame.time_relative": "632.316090000", + "frame.number": "2218", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000916e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "46", + "ip.proto": "6", + "ip.checksum": "0x000086b7", + "ip.checksum.status": "2", + "ip.src": "52.9.63.129", + "ip.addr": "52.9.63.129", + "ip.src_host": "52.9.63.129", + "ip.host": "52.9.63.129", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49768", + "tcp.port": "80", + "tcp.port": "49768", + "tcp.stream": "107", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "258", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "15544", + "tcp.window_size": "15544", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00005b80", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2217", + "tcp.analysis.ack_rtt": "0.013281000", + "tcp.analysis.initial_rtt": "0.018000000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:04.104406000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494224.104406000", + "frame.time_delta": "0.327630000", + "frame.time_delta_displayed": "0.327630000", + "frame.time_relative": "632.643720000", + "frame.number": "2219", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00008cfd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00003c5a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:04.157211000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494224.157211000", + "frame.time_delta": "0.052805000", + "frame.time_delta_displayed": "0.052805000", + "frame.time_relative": "632.696525000", + "frame.number": "2220", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00008d00", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00003c57", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:04.210257000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494224.210257000", + "frame.time_delta": "0.053046000", + "frame.time_delta_displayed": "0.053046000", + "frame.time_relative": "632.749571000", + "frame.number": "2221", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00008d02", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00003c4c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:04.263177000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494224.263177000", + "frame.time_delta": "0.052920000", + "frame.time_delta_displayed": "0.052920000", + "frame.time_relative": "632.802491000", + "frame.number": "2222", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00008d06", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00003c48", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:04.316053000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494224.316053000", + "frame.time_delta": "0.052876000", + "frame.time_delta_displayed": "0.052876000", + "frame.time_relative": "632.855367000", + "frame.number": "2223", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00008d09", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00003c4b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:04.368902000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494224.368902000", + "frame.time_delta": "0.052849000", + "frame.time_delta_displayed": "0.052849000", + "frame.time_relative": "632.908216000", + "frame.number": "2224", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00008d0e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00003c46", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:04.400457000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494224.400457000", + "frame.time_delta": "0.031555000", + "frame.time_delta_displayed": "0.031555000", + "frame.time_relative": "632.939771000", + "frame.number": "2225", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057e8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6a9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "201", + "tcp.ack": "181", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000543", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:04.543549000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494224.543549000", + "frame.time_delta": "0.143092000", + "frame.time_delta_displayed": "0.143092000", + "frame.time_relative": "633.082863000", + "frame.number": "2226", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fd8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdb9", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "181", + "tcp.ack": "202", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000fb8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:06.280367000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494226.280367000", + "frame.time_delta": "1.736818000", + "frame.time_delta_displayed": "1.736818000", + "frame.time_relative": "634.819681000", + "frame.number": "2227", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005be8", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005c01", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:07.361773000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494227.361773000", + "frame.time_delta": "1.081406000", + "frame.time_delta_displayed": "1.081406000", + "frame.time_relative": "635.901087000", + "frame.number": "2228", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000aac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ede4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x0000612a", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:29:c4:27:1f:5b:00:cd:f2:14:6b:00:00:00:52:a0:21:21:33:33:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:07.650256000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494227.650256000", + "frame.time_delta": "0.288483000", + "frame.time_delta_displayed": "0.288483000", + "frame.time_relative": "636.189570000", + "frame.number": "2229", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.120" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:07.656205000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494227.656205000", + "frame.time_delta": "0.005949000", + "frame.time_delta_displayed": "0.005949000", + "frame.time_relative": "636.195519000", + "frame.number": "2230", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "e4:95:6e:b0:20:39", + "arp.src.proto_ipv4": "192.168.0.120", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:07.739912000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494227.739912000", + "frame.time_delta": "0.083707000", + "frame.time_delta_displayed": "0.083707000", + "frame.time_relative": "636.279226000", + "frame.number": "2231", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:07.992182000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494227.992182000", + "frame.time_delta": "0.252270000", + "frame.time_delta_displayed": "0.252270000", + "frame.time_relative": "636.531496000", + "frame.number": "2232", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:08.008592000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494228.008592000", + "frame.time_delta": "0.016410000", + "frame.time_delta_displayed": "0.016410000", + "frame.time_relative": "636.547906000", + "frame.number": "2233", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:08.038728000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494228.038728000", + "frame.time_delta": "0.030136000", + "frame.time_delta_displayed": "0.030136000", + "frame.time_relative": "636.578042000", + "frame.number": "2234", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:08.115216000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494228.115216000", + "frame.time_delta": "0.076488000", + "frame.time_delta_displayed": "0.076488000", + "frame.time_relative": "636.654530000", + "frame.number": "2235", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:09.410375000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494229.410375000", + "frame.time_delta": "1.295159000", + "frame.time_delta_displayed": "1.295159000", + "frame.time_relative": "637.949689000", + "frame.number": "2236", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:09.410499000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494229.410499000", + "frame.time_delta": "0.000124000", + "frame.time_delta_displayed": "0.000124000", + "frame.time_relative": "637.949813000", + "frame.number": "2237", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:10.213739000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494230.213739000", + "frame.time_delta": "0.803240000", + "frame.time_delta_displayed": "0.803240000", + "frame.time_relative": "638.753053000", + "frame.number": "2238", + "frame.len": "80", + "frame.cap_len": "80", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "66", + "ip.id": "0x00000aae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ee14", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "46", + "udp.checksum": "0x0000e8eb", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "26:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:44:b4:fe:04:01:cd:f2:14:6f:00:00:00:af:0b", + "data.len": "38" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:13.203781000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494233.203781000", + "frame.time_delta": "2.990042000", + "frame.time_delta_displayed": "2.990042000", + "frame.time_relative": "641.743095000", + "frame.number": "2239", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:20.582571000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494240.582571000", + "frame.time_delta": "7.378790000", + "frame.time_delta_displayed": "7.378790000", + "frame.time_relative": "649.121885000", + "frame.number": "2240", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d79", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba77", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001196", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000026c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=620", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:20.583133000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494240.583133000", + "frame.time_delta": "0.000562000", + "frame.time_delta_displayed": "0.000562000", + "frame.time_relative": "649.122447000", + "frame.number": "2241", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d7a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b72", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f291", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000026c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=620", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:20.583691000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494240.583691000", + "frame.time_delta": "0.000558000", + "frame.time_delta_displayed": "0.000558000", + "frame.time_relative": "649.123005000", + "frame.number": "2242", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008057", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000026c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=620", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:25.582843000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494245.582843000", + "frame.time_delta": "4.999152000", + "frame.time_delta_displayed": "4.999152000", + "frame.time_relative": "654.122157000", + "frame.number": "2243", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d7b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba75", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001196", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000026c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=620", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:25.583410000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494245.583410000", + "frame.time_delta": "0.000567000", + "frame.time_delta_displayed": "0.000567000", + "frame.time_relative": "654.122724000", + "frame.number": "2244", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d7c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b70", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f291", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000026c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=620", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:25.583981000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494245.583981000", + "frame.time_delta": "0.000571000", + "frame.time_delta_displayed": "0.000571000", + "frame.time_relative": "654.123295000", + "frame.number": "2245", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008057", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000026c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=620", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:26.087384000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494246.087384000", + "frame.time_delta": "0.503403000", + "frame.time_delta_displayed": "0.503403000", + "frame.time_relative": "654.626698000", + "frame.number": "2246", + "frame.len": "264", + "frame.cap_len": "264", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "250", + "ip.id": "0x00002c19", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038a0", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "198", + "tcp.seq": "1739", + "tcp.nxtseq": "1937", + "tcp.ack": "10192", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fced", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:7a:9e:00:25:a4:fe", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812115614, TSecr 2467070": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812115614", + "tcp.options.timestamp.tsecr": "2467070" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "198", + "tcp.analysis.push_bytes_sent": "198" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "193", + "ssl.app_data": "34:cd:34:17:47:48:0e:49:bf:1a:db:bc:03:a7:77:09:8e:d5:38:bc:43:4e:5c:da:54:e2:1d:17:a2:20:40:ee:d9:22:29:06:21:3e:55:c5:10:59:66:a9:fc:b7:6b:2d:23:6b:c6:9b:3b:ff:a1:f8:1e:14:05:3e:e8:59:fd:63:7e:33:8f:1e:86:3e:05:a9:3d:8d:b6:c4:af:ad:88:d6:cd:84:b3:89:19:e1:a9:1d:1b:78:21:a1:e5:34:5e:1a:45:b4:21:03:cf:eb:ad:07:de:ea:12:40:ac:b2:04:a3:98:a4:f6:a4:c7:09:15:28:a4:e3:30:42:3a:86:f8:c4:c1:08:e6:c4:14:39:86:bf:a1:94:32:0f:cd:1f:61:70:70:40:5e:6f:1e:9d:7d:e9:d5:d9:74:e8:3d:44:2d:eb:9b:d4:d4:27:10:cc:09:9f:b6:fb:a1:d3:2d:07:4b:2b:4f:b6:d2:7e:84:e6:f6:2e:81:bd:0f:69:44:9c:20:67:04" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:26.087891000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494246.087891000", + "frame.time_delta": "0.000507000", + "frame.time_delta_displayed": "0.000507000", + "frame.time_relative": "654.627205000", + "frame.number": "2247", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000952c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007853", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10192", + "tcp.ack": "1937", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004cfc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:b0:a4:a7:9d:7a:9e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2470052, TSecr 2812115614": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2470052", + "tcp.options.timestamp.tsecr": "2812115614" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2246", + "tcp.analysis.ack_rtt": "0.000507000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:26.094415000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494246.094415000", + "frame.time_delta": "0.006524000", + "frame.time_delta_displayed": "0.006524000", + "frame.time_relative": "654.633729000", + "frame.number": "2248", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x0000952d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000781d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "10192", + "tcp.nxtseq": "10245", + "tcp.ack": "1937", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008fb1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:b0:a5:a7:9d:7a:9e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2470053, TSecr 2812115614": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2470053", + "tcp.options.timestamp.tsecr": "2812115614" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:bd:d0:07:ec:85:0f:c3:a8:23:8a:32:a6:a7:04:d7:54:da:9d:46:43:ee:f7:fd:ba:c5:1e:c3:36:07:96:2e:17:68:e7:69:34:7a:e4:d8:56:e3" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:26.194342000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494246.194342000", + "frame.time_delta": "0.099927000", + "frame.time_delta_displayed": "0.099927000", + "frame.time_relative": "654.733656000", + "frame.number": "2249", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c1a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003965", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "1937", + "tcp.ack": "10245", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004d9a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:7a:b9:00:25:b0:a5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812115641, TSecr 2470053": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812115641", + "tcp.options.timestamp.tsecr": "2470053" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2248", + "tcp.analysis.ack_rtt": "0.099927000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:26.194968000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494246.194968000", + "frame.time_delta": "0.000626000", + "frame.time_delta_displayed": "0.000626000", + "frame.time_relative": "654.734282000", + "frame.number": "2250", + "frame.len": "1442", + "frame.cap_len": "1442", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1428", + "ip.id": "0x0000952e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000072f1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1376", + "tcp.seq": "10245", + "tcp.nxtseq": "11621", + "tcp.ack": "1937", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007bd5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:b0:af:a7:9d:7a:b9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2470063, TSecr 2812115641": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2470063", + "tcp.options.timestamp.tsecr": "2812115641" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1376", + "tcp.analysis.push_bytes_sent": "1376" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:be:2c:32:6a:f7:3c:b7:28:cb:b9:37:ea:54:ab:46:24:99:20:a7:ed:f6:60:71:e8:eb:21:77:21:e1:57:94:28:f9:b7:42:1f:4f:e4:f1:9f:2f:06" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:bf:9d:0f:32:a7:c1:8b:2e:99:c0:f4:9c:87:3e:63:01:d2:f8:e7:16:27:71:6f:82:92:d8:ad:70:0f:86:ab:fc:9c:57:64:46:c4:21:b8:65:b4:d3:9f:f8:c2:92:40:fd:ac:1c:b2:b6:ef:20:d8:c9:d2:b1:81:58:3f:f9:99:be:a9:b9:68:01:06:26:5f:45:6a:d2:d6:38:8d:0c:5b:b4:85:1c:70:05:e5:d8:de:66:8b" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1078", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:c0:0a:39:3a:53:2b:55:d5:19:5b:b8:0f:73:ea:b9:1f:d1:8c:d0:20:65:46:68:88:b4:c0:df:98:c4:7e:65:a7:5c:d5:d5:e3:5b:27:47:dc:f9:af:3f:58:d3:65:fe:c2:46:97:db:25:e6:ae:c2:13:5b:d6:21:df:d2:53:42:20:a9:83:84:90:78:4f:9b:3a:10:07:1d:69:dc:e4:12:63:ba:2f:c6:67:c3:5d:dc:e4:8a:48:c3:2f:29:a3:5f:b9:8d:cd:ed:89:20:54:7c:20:c5:b0:63:f2:27:24:23:fc:1e:b6:d1:3f:91:2e:9f:af:0b:a8:2e:96:14:ce:19:2d:bd:25:21:83:cf:80:4a:0e:a3:93:c6:12:6d:9e:c8:79:52:f4:dc:34:d1:81:66:24:37:fe:80:18:4a:44:6c:e6:4b:9f:83:30:da:a6:03:54:99:fa:8e:d5:59:3a:df:e2:d2:88:c2:7f:90:fe:82:88:53:02:d6:4b:b4:8e:9d:9c:06:34:a0:c4:e3:0a:ff:e5:bb:e0:82:f5:2c:2f:c7:7a:e4:2c:18:c2:bf:79:9e:2a:33:95:a3:6a:05:3b:05:a9:88:06:54:c8:7f:96:62:5d:ea:27:88:67:5b:ed:8c:53:b9:30:64:c4:84:7e:2f:93:9e:93:77:a7:27:0a:36:60:ab:4e:c9:db:03:48:a5:96:67:eb:e8:4c:a5:64:7d:0f:78:c7:8a:77:49:b0:cf:c3:45:6b:1a:e7:f5:f9:a1:0f:30:30:77:9c:11:6e:13:bb:63:8c:e6:eb:93:22:11:14:9c:0e:11:fe:ef:d9:58:39:80:36:ee:65:a1:a2:d7:78:d2:d4:98:03:4a:0e:43:d6:6f:0c:67:ef:99:fd:28:1d:3a:ce:0c:a3:fb:48:8a:fe:d9:f8:c4:17:f0:92:85:80:09:64:54:f3:c7:f5:29:d5:9a:7a:bd:5f:c4:5b:dd:98:ed:72:6d:98:0f:f4:4d:71:32:db:f3:52:fb:43:bc:17:fc:c5:a3:bf:0c:f9:d0:bf:68:cb:5e:a1:2f:83:8d:c5:5a:c1:d9:f4:c4:c6:0b:52:3b:ed:00:ed:be:7c:0e:e8:5b:c5:30:12:11:0e:f9:1d:85:a9:fe:43:d7:00:58:22:cf:db:58:ba:4b:d9:fa:68:d2:c6:a5:bd:e0:68:38:cb:f9:fd:69:48:3f:c0:39:77:94:85:50:a5:f2:7f:1d:88:ca:37:fc:15:9d:45:0d:f9:45:78:52:ad:4a:66:a1:ed:69:ca:3c:97:a6:76:70:82:bb:7d:f5:bf:13:cf:7b:bd:4f:6e:7d:59:41:13:23:0c:d0:6b:34:ce:f4:f9:34:d0:ce:85:de:1c:7e:5a:ad:4d:22:a3:10:96:00:1f:54:33:1f:4e:e8:b5:e5:ff:b5:1b:89:bc:21:03:37:96:0d:6e:88:13:92:ce:6f:3b:90:e8:9c:1b:2c:88:71:08:03:6f:98:36:47:34:86:a4:5e:2d:82:92:2b:4e:2d:af:10:96:b9:3e:45:83:6e:69:55:3b:d5:3b:01:e1:52:97:eb:c0:37:2c:34:e8:2b:d2:51:c4:8e:ff:89:47:8d:8a:ce:ff:55:cd:c6:e2:22:c7:53:c9:33:f5:a6:29:df:ee:c9:dc:90:a1:c1:fa:80:e3:aa:34:9e:ed:d9:d8:8f:b4:a5:34:f2:6f:40:3c:d2:bf:fb:cc:8e:f8:26:b3:3e:f5:38:08:89:2f:a3:e2:94:42:7b:a3:08:58:fa:54:fe:da:6a:86:18:cb:a7:0a:0c:f2:d9:67:9c:51:48:7a:bb:73:b4:c6:ab:c3:eb:96:ef:50:2c:cb:00:3a:00:f5:75:51:de:45:b1:21:79:34:c0:cb:50:73:e5:92:5c:f8:a3:84:6b:03:b0:40:5c:68:a0:a0:15:d2:94:91:2b:bf:fe:b7:d1:2f:ae:ac:39:1c:4c:ef:65:a2:66:de:ee:9f:6c:d1:7d:8b:ff:a5:65:e3:4d:87:55:ec:cf:57:93:8e:0c:ce:ee:03:6f:81:79:31:f9:47:4c:21:e5:c1:c1:eb:e0:83:a1:8a:13:aa:ed:c9:df:15:74:12:ae:1d:67:8a:6e:02:45:44:d4:7d:72:b7:a6:4d:88:52:6f:9b:67:05:fe:14:aa:49:3a:cc:2f:56:04:c7:14:d2:2c:26:68:e7:d4:f7:5c:50:0b:71:83:4a:e9:b3:93:ec:26:15:45:58:f8:19:b2:cf:10:c9:01:ee:38:df:dd:e0:a9:b2:ba:91:f4:d3:cf:b7:fc:47:4b:95:b6:8b:e7:e9:30:af:00:c9:75:ae:01:5d:27:d4:3a:46:f8:11:03:19:fd:28:e9:de:d2:d5:a6:fb:79:a0:06:51:49:8e:9e:9c:e6:05:25:a8:6d:74:c7:12:b4:40:9b:a8:31:b9:82:19:44:07:ad:3e:83:0a:5d:61:db:49:b3:80:a8:ee:bb:5d:cc:ad:b3:57:80:e5:8f:a4:6d:8f:a2:ba:60:cb:15:aa:d2:9c:52:93:6f:57:0f:8b:0b:bc:11:02:b7:ca:d3:84:0c:2e:51:e2:f9:e7:e8:d2:7e:bb:26:7a:91:cb:d0:07:87:48:34:5c:2d:43:a8:c5:7d:d0:ba:3b:94:ed:6f:a9:02:cb:c5:55:26:f3:95:b1:8f:2c:09:66:ab:b6:f9:78:07:bd:64:b6:7b:b7:ee:1a:0a:a4:e6:26:3f:8d:89:eb:5e:a1:ac:5b:bd:72:22:34:23:78:7a:98:44:33:44:b3:f2:d4:97:a7:c6:74:e7:ef:1c:bc:32:95:37:07:6c:c3:30:b2:36:96:46:33:9e" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "133", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:c1:eb:74:d3:0e:f4:5d:9b:21:5f:32:80:15:b0:6e:a3:a1:b4:2c:71:9a:3e:22:c7:fd:04:f8:ef:90:9f:ae:8f:09:8c:12:d8:65:94:36:97:a7:4e:62:8f:c9:ba:9c:df:cb:02:25:4d:7e:30:18:20:e4:b8:5f:19:dc:a2:39:60:ee:a9:2b:67:15:5e:6f:46:b4:8f:fc:f5:34:8b:ec:23:a8:ac:70:45:cb:27:eb:ea:57:d6:b7:39:07:8e:25:17:af:0d:c1:47:83:ab:38:bf:b1:5d:f9:a4:71:21:a6:5c:3c:67:38:ca:e3:5d:fa:98:e8:4c:7a:b2:0d:fc" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:26.255126000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494246.255126000", + "frame.time_delta": "0.060158000", + "frame.time_delta_displayed": "0.060158000", + "frame.time_relative": "654.794440000", + "frame.number": "2251", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c1b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003964", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "1937", + "tcp.ack": "11621", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004821", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:7a:c8:00:25:b0:af", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812115656, TSecr 2470063": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812115656", + "tcp.options.timestamp.tsecr": "2470063" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2250", + "tcp.analysis.ack_rtt": "0.060158000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:26.511699000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494246.511699000", + "frame.time_delta": "0.256573000", + "frame.time_delta_displayed": "0.256573000", + "frame.time_relative": "655.051013000", + "frame.number": "2252", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x0000952f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000781a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "11621", + "tcp.nxtseq": "11675", + "tcp.ack": "1937", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c63b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:b0:ce:a7:9d:7a:c8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2470094, TSecr 2812115656": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2470094", + "tcp.options.timestamp.tsecr": "2812115656" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:c2:c6:54:eb:45:7b:46:4f:d6:e5:3b:8e:50:8a:6a:98:10:2e:84:8b:e6:24:34:af:f5:bb:f5:87:10:e0:3e:00:dc:c6:bb:3d:8b:83:29:90:d1:9c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:26.571835000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494246.571835000", + "frame.time_delta": "0.060136000", + "frame.time_delta_displayed": "0.060136000", + "frame.time_relative": "655.111149000", + "frame.number": "2253", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c1c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003963", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "1937", + "tcp.ack": "11675", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000477d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:7b:17:00:25:b0:ce", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812115735, TSecr 2470094": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812115735", + "tcp.options.timestamp.tsecr": "2470094" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2252", + "tcp.analysis.ack_rtt": "0.060136000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:28.854768000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494248.854768000", + "frame.time_delta": "2.282933000", + "frame.time_delta_displayed": "2.282933000", + "frame.time_relative": "657.394082000", + "frame.number": "2254", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.440778000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.440778000", + "frame.time_delta": "1.586010000", + "frame.time_delta_displayed": "1.586010000", + "frame.time_relative": "658.980092000", + "frame.number": "2255", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x000020e7", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e75d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52117", + "udp.dstport": "1900", + "udp.port": "52117", + "udp.port": "1900", + "udp.length": "134", + "udp.checksum": "0x00004d48", + "udp.checksum.status": "2", + "udp.stream": "10" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "6", + "http.prev_request_in": "1993" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.583098000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.583098000", + "frame.time_delta": "0.142320000", + "frame.time_delta_displayed": "0.142320000", + "frame.time_relative": "659.122412000", + "frame.number": "2256", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d7d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba73", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001196", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000026c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=620", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.583667000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.583667000", + "frame.time_delta": "0.000569000", + "frame.time_delta_displayed": "0.000569000", + "frame.time_relative": "659.122981000", + "frame.number": "2257", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d7e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b6e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f291", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000026c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=620", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.584265000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.584265000", + "frame.time_delta": "0.000598000", + "frame.time_delta_displayed": "0.000598000", + "frame.time_relative": "659.123579000", + "frame.number": "2258", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008057", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000026c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=620", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.834217000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.834217000", + "frame.time_delta": "0.249952000", + "frame.time_delta_displayed": "0.249952000", + "frame.time_relative": "659.373531000", + "frame.number": "2259", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005f95", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000057b6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "31", + "http.prev_response_in": "2057" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.837453000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.837453000", + "frame.time_delta": "0.003236000", + "frame.time_delta_displayed": "0.003236000", + "frame.time_relative": "659.376767000", + "frame.number": "2260", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000197e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ee9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54569", + "tcp.dstport": "80", + "tcp.port": "54569", + "tcp.port": "80", + "tcp.stream": "108", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000067d4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.837991000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.837991000", + "frame.time_delta": "0.000538000", + "frame.time_delta_displayed": "0.000538000", + "frame.time_relative": "659.377305000", + "frame.number": "2261", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54569", + "tcp.port": "80", + "tcp.port": "54569", + "tcp.stream": "108", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00005d4b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2260", + "tcp.analysis.ack_rtt": "0.000538000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.841239000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.841239000", + "frame.time_delta": "0.003248000", + "frame.time_delta_displayed": "0.003248000", + "frame.time_relative": "659.380553000", + "frame.number": "2262", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000197f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ef4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54569", + "tcp.dstport": "80", + "tcp.port": "54569", + "tcp.port": "80", + "tcp.stream": "108", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000f2a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2261", + "tcp.analysis.ack_rtt": "0.003248000", + "tcp.analysis.initial_rtt": "0.003786000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.841924000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.841924000", + "frame.time_delta": "0.000685000", + "frame.time_delta_displayed": "0.000685000", + "frame.time_relative": "659.381238000", + "frame.number": "2263", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001980", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e4c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54569", + "tcp.dstport": "80", + "tcp.port": "54569", + "tcp.port": "80", + "tcp.stream": "108", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000024a3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003786000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.842408000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.842408000", + "frame.time_delta": "0.000484000", + "frame.time_delta_displayed": "0.000484000", + "frame.time_relative": "659.381722000", + "frame.number": "2264", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d97d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000def5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54569", + "tcp.port": "80", + "tcp.port": "54569", + "tcp.stream": "108", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000000bb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2263", + "tcp.analysis.ack_rtt": "0.000484000", + "tcp.analysis.initial_rtt": "0.003786000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.842980000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.842980000", + "frame.time_delta": "0.000572000", + "frame.time_delta_displayed": "0.000572000", + "frame.time_relative": "659.382294000", + "frame.number": "2265", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000d97e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dee3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54569", + "tcp.port": "80", + "tcp.port": "54569", + "tcp.stream": "108", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000040dc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003786000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.843335000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.843335000", + "frame.time_delta": "0.000355000", + "frame.time_delta_displayed": "0.000355000", + "frame.time_relative": "659.382649000", + "frame.number": "2266", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000d97f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000db10", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54569", + "tcp.port": "80", + "tcp.port": "54569", + "tcp.stream": "108", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009345", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003786000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "2265", + "tcp.segment": "2266", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001411000", + "http.request_in": "2263", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.845584000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.845584000", + "frame.time_delta": "0.002249000", + "frame.time_delta_displayed": "0.002249000", + "frame.time_relative": "659.384898000", + "frame.number": "2267", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001981", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ef2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54569", + "tcp.dstport": "80", + "tcp.port": "54569", + "tcp.port": "80", + "tcp.stream": "108", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000a92", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2266", + "tcp.analysis.ack_rtt": "0.002249000", + "tcp.analysis.initial_rtt": "0.003786000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.846237000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.846237000", + "frame.time_delta": "0.000653000", + "frame.time_delta_displayed": "0.000653000", + "frame.time_relative": "659.385551000", + "frame.number": "2268", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001982", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ef1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54569", + "tcp.dstport": "80", + "tcp.port": "54569", + "tcp.port": "80", + "tcp.stream": "108", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000a91", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.846666000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.846666000", + "frame.time_delta": "0.000429000", + "frame.time_delta_displayed": "0.000429000", + "frame.time_relative": "659.385980000", + "frame.number": "2269", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000010b4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a7bf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54569", + "tcp.port": "80", + "tcp.port": "54569", + "tcp.stream": "108", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000fcc4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2268", + "tcp.analysis.ack_rtt": "0.000429000", + "tcp.analysis.initial_rtt": "0.003786000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.887115000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.887115000", + "frame.time_delta": "0.040449000", + "frame.time_delta_displayed": "0.040449000", + "frame.time_relative": "659.426429000", + "frame.number": "2270", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005f98", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000057aa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "32", + "http.prev_response_in": "2259" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.896970000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.896970000", + "frame.time_delta": "0.009855000", + "frame.time_delta_displayed": "0.009855000", + "frame.time_relative": "659.436284000", + "frame.number": "2271", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001983", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ee4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54570", + "tcp.dstport": "80", + "tcp.port": "54570", + "tcp.port": "80", + "tcp.stream": "109", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000a947", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.897532000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.897532000", + "frame.time_delta": "0.000562000", + "frame.time_delta_displayed": "0.000562000", + "frame.time_relative": "659.436846000", + "frame.number": "2272", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54570", + "tcp.port": "80", + "tcp.port": "54570", + "tcp.stream": "109", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000c3d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2271", + "tcp.analysis.ack_rtt": "0.000562000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.900872000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.900872000", + "frame.time_delta": "0.003340000", + "frame.time_delta_displayed": "0.003340000", + "frame.time_relative": "659.440186000", + "frame.number": "2273", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001984", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005eef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54570", + "tcp.dstport": "80", + "tcp.port": "54570", + "tcp.port": "80", + "tcp.stream": "109", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000075b0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2272", + "tcp.analysis.ack_rtt": "0.003340000", + "tcp.analysis.initial_rtt": "0.003902000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.901541000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.901541000", + "frame.time_delta": "0.000669000", + "frame.time_delta_displayed": "0.000669000", + "frame.time_relative": "659.440855000", + "frame.number": "2274", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001985", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e47", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54570", + "tcp.dstport": "80", + "tcp.port": "54570", + "tcp.port": "80", + "tcp.stream": "109", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008b29", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003902000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.902018000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.902018000", + "frame.time_delta": "0.000477000", + "frame.time_delta_displayed": "0.000477000", + "frame.time_relative": "659.441332000", + "frame.number": "2275", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001344", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a52f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54570", + "tcp.port": "80", + "tcp.port": "54570", + "tcp.stream": "109", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006741", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2274", + "tcp.analysis.ack_rtt": "0.000477000", + "tcp.analysis.initial_rtt": "0.003902000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.902676000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.902676000", + "frame.time_delta": "0.000658000", + "frame.time_delta_displayed": "0.000658000", + "frame.time_relative": "659.441990000", + "frame.number": "2276", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00001345", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a51d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54570", + "tcp.port": "80", + "tcp.port": "54570", + "tcp.stream": "109", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a762", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003902000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.903054000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.903054000", + "frame.time_delta": "0.000378000", + "frame.time_delta_displayed": "0.000378000", + "frame.time_relative": "659.442368000", + "frame.number": "2277", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00001346", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a14a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54570", + "tcp.port": "80", + "tcp.port": "54570", + "tcp.stream": "109", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f9cb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003902000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "2276", + "tcp.segment": "2277", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001513000", + "http.request_in": "2274", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.906208000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.906208000", + "frame.time_delta": "0.003154000", + "frame.time_delta_displayed": "0.003154000", + "frame.time_relative": "659.445522000", + "frame.number": "2278", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001986", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005eed", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54570", + "tcp.dstport": "80", + "tcp.port": "54570", + "tcp.port": "80", + "tcp.stream": "109", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007118", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2277", + "tcp.analysis.ack_rtt": "0.003154000", + "tcp.analysis.initial_rtt": "0.003902000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.906817000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.906817000", + "frame.time_delta": "0.000609000", + "frame.time_delta_displayed": "0.000609000", + "frame.time_relative": "659.446131000", + "frame.number": "2279", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001987", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005eec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54570", + "tcp.dstport": "80", + "tcp.port": "54570", + "tcp.port": "80", + "tcp.stream": "109", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007117", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.907246000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.907246000", + "frame.time_delta": "0.000429000", + "frame.time_delta_displayed": "0.000429000", + "frame.time_relative": "659.446560000", + "frame.number": "2280", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000010b5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a7be", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54570", + "tcp.port": "80", + "tcp.port": "54570", + "tcp.stream": "109", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000634b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2279", + "tcp.analysis.ack_rtt": "0.000429000", + "tcp.analysis.initial_rtt": "0.003902000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.940240000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.940240000", + "frame.time_delta": "0.032994000", + "frame.time_delta_displayed": "0.032994000", + "frame.time_relative": "659.479554000", + "frame.number": "2281", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00005f9c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000057ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "33", + "http.prev_response_in": "2270" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.943871000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.943871000", + "frame.time_delta": "0.003631000", + "frame.time_delta_displayed": "0.003631000", + "frame.time_relative": "659.483185000", + "frame.number": "2282", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001988", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005edf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54571", + "tcp.dstport": "80", + "tcp.port": "54571", + "tcp.port": "80", + "tcp.stream": "110", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000c705", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.944406000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.944406000", + "frame.time_delta": "0.000535000", + "frame.time_delta_displayed": "0.000535000", + "frame.time_relative": "659.483720000", + "frame.number": "2283", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54571", + "tcp.port": "80", + "tcp.port": "54571", + "tcp.stream": "110", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000f3ce", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2282", + "tcp.analysis.ack_rtt": "0.000535000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.947350000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.947350000", + "frame.time_delta": "0.002944000", + "frame.time_delta_displayed": "0.002944000", + "frame.time_relative": "659.486664000", + "frame.number": "2284", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001989", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005eea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54571", + "tcp.dstport": "80", + "tcp.port": "54571", + "tcp.port": "80", + "tcp.stream": "110", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a5ad", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2283", + "tcp.analysis.ack_rtt": "0.002944000", + "tcp.analysis.initial_rtt": "0.003479000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.948041000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.948041000", + "frame.time_delta": "0.000691000", + "frame.time_delta_displayed": "0.000691000", + "frame.time_relative": "659.487355000", + "frame.number": "2285", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x0000198a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e42", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54571", + "tcp.dstport": "80", + "tcp.port": "54571", + "tcp.port": "80", + "tcp.stream": "110", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bb26", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003479000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.948529000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.948529000", + "frame.time_delta": "0.000488000", + "frame.time_delta_displayed": "0.000488000", + "frame.time_relative": "659.487843000", + "frame.number": "2286", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008aed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002d86", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54571", + "tcp.port": "80", + "tcp.port": "54571", + "tcp.stream": "110", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000973e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2285", + "tcp.analysis.ack_rtt": "0.000488000", + "tcp.analysis.initial_rtt": "0.003479000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.949120000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.949120000", + "frame.time_delta": "0.000591000", + "frame.time_delta_displayed": "0.000591000", + "frame.time_relative": "659.488434000", + "frame.number": "2287", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00008aee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002d74", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54571", + "tcp.port": "80", + "tcp.port": "54571", + "tcp.stream": "110", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d75f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003479000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.949549000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.949549000", + "frame.time_delta": "0.000429000", + "frame.time_delta_displayed": "0.000429000", + "frame.time_relative": "659.488863000", + "frame.number": "2288", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00008aef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000029a1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54571", + "tcp.port": "80", + "tcp.port": "54571", + "tcp.stream": "110", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000029c9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003479000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "2287", + "tcp.segment": "2288", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001508000", + "http.request_in": "2285", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.950486000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.950486000", + "frame.time_delta": "0.000937000", + "frame.time_delta_displayed": "0.000937000", + "frame.time_relative": "659.489800000", + "frame.number": "2289", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00008af0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000029a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54571", + "tcp.port": "80", + "tcp.port": "54571", + "tcp.stream": "110", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000029c9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003479000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.956188000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.956188000", + "frame.time_delta": "0.005702000", + "frame.time_delta_displayed": "0.005702000", + "frame.time_relative": "659.495502000", + "frame.number": "2290", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000198b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005edc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54571", + "tcp.dstport": "80", + "tcp.port": "54571", + "tcp.port": "80", + "tcp.stream": "110", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000aee0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:5d:6a:fe:b2:5d:6b:02:95", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2288", + "tcp.analysis.ack_rtt": "0.006639000", + "tcp.analysis.initial_rtt": "0.003479000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.956772000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.956772000", + "frame.time_delta": "0.000584000", + "frame.time_delta_displayed": "0.000584000", + "frame.time_relative": "659.496086000", + "frame.number": "2291", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000198c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ee7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54571", + "tcp.dstport": "80", + "tcp.port": "54571", + "tcp.port": "80", + "tcp.stream": "110", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a114", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:30.957203000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494250.957203000", + "frame.time_delta": "0.000431000", + "frame.time_delta_displayed": "0.000431000", + "frame.time_relative": "659.496517000", + "frame.number": "2292", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000010b8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a7bb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54571", + "tcp.port": "80", + "tcp.port": "54571", + "tcp.stream": "110", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009348", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2291", + "tcp.analysis.ack_rtt": "0.000431000", + "tcp.analysis.initial_rtt": "0.003479000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.886896000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.886896000", + "frame.time_delta": "0.929693000", + "frame.time_delta_displayed": "0.929693000", + "frame.time_relative": "660.426210000", + "frame.number": "2293", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005ff0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000575b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "34", + "http.prev_response_in": "2281" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.890183000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.890183000", + "frame.time_delta": "0.003287000", + "frame.time_delta_displayed": "0.003287000", + "frame.time_relative": "660.429497000", + "frame.number": "2294", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000198e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ed9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54572", + "tcp.dstport": "80", + "tcp.port": "54572", + "tcp.port": "80", + "tcp.stream": "111", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00000753", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.890729000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.890729000", + "frame.time_delta": "0.000546000", + "frame.time_delta_displayed": "0.000546000", + "frame.time_relative": "660.430043000", + "frame.number": "2295", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54572", + "tcp.port": "80", + "tcp.port": "54572", + "tcp.stream": "111", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008be5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2294", + "tcp.analysis.ack_rtt": "0.000546000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.893841000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.893841000", + "frame.time_delta": "0.003112000", + "frame.time_delta_displayed": "0.003112000", + "frame.time_relative": "660.433155000", + "frame.number": "2296", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000198f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ee4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54572", + "tcp.dstport": "80", + "tcp.port": "54572", + "tcp.port": "80", + "tcp.stream": "111", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003dc4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2295", + "tcp.analysis.ack_rtt": "0.003112000", + "tcp.analysis.initial_rtt": "0.003658000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.894523000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.894523000", + "frame.time_delta": "0.000682000", + "frame.time_delta_displayed": "0.000682000", + "frame.time_relative": "660.433837000", + "frame.number": "2297", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001990", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e3c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54572", + "tcp.dstport": "80", + "tcp.port": "54572", + "tcp.port": "80", + "tcp.stream": "111", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000533d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003658000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.895047000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.895047000", + "frame.time_delta": "0.000524000", + "frame.time_delta_displayed": "0.000524000", + "frame.time_relative": "660.434361000", + "frame.number": "2298", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b5d5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000029e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54572", + "tcp.port": "80", + "tcp.port": "54572", + "tcp.stream": "111", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002f55", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2297", + "tcp.analysis.ack_rtt": "0.000524000", + "tcp.analysis.initial_rtt": "0.003658000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.895618000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.895618000", + "frame.time_delta": "0.000571000", + "frame.time_delta_displayed": "0.000571000", + "frame.time_relative": "660.434932000", + "frame.number": "2299", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000b5d6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000028c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54572", + "tcp.port": "80", + "tcp.port": "54572", + "tcp.stream": "111", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006f76", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003658000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.895968000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.895968000", + "frame.time_delta": "0.000350000", + "frame.time_delta_displayed": "0.000350000", + "frame.time_relative": "660.435282000", + "frame.number": "2300", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000b5d7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000feb8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54572", + "tcp.port": "80", + "tcp.port": "54572", + "tcp.stream": "111", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c1df", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003658000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "2299", + "tcp.segment": "2300", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001445000", + "http.request_in": "2297", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.899014000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.899014000", + "frame.time_delta": "0.003046000", + "frame.time_delta_displayed": "0.003046000", + "frame.time_relative": "660.438328000", + "frame.number": "2301", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001991", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ee2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54572", + "tcp.dstport": "80", + "tcp.port": "54572", + "tcp.port": "80", + "tcp.stream": "111", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000392c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2300", + "tcp.analysis.ack_rtt": "0.003046000", + "tcp.analysis.initial_rtt": "0.003658000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.899683000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.899683000", + "frame.time_delta": "0.000669000", + "frame.time_delta_displayed": "0.000669000", + "frame.time_relative": "660.438997000", + "frame.number": "2302", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001992", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ee1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54572", + "tcp.dstport": "80", + "tcp.port": "54572", + "tcp.port": "80", + "tcp.stream": "111", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000392b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.900217000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.900217000", + "frame.time_delta": "0.000534000", + "frame.time_delta_displayed": "0.000534000", + "frame.time_relative": "660.439531000", + "frame.number": "2303", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000010ff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a774", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54572", + "tcp.port": "80", + "tcp.port": "54572", + "tcp.stream": "111", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002b5f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2302", + "tcp.analysis.ack_rtt": "0.000534000", + "tcp.analysis.initial_rtt": "0.003658000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.939752000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.939752000", + "frame.time_delta": "0.039535000", + "frame.time_delta_displayed": "0.039535000", + "frame.time_relative": "660.479066000", + "frame.number": "2304", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005ff5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000574d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "35", + "http.prev_response_in": "2293" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.951067000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.951067000", + "frame.time_delta": "0.011315000", + "frame.time_delta_displayed": "0.011315000", + "frame.time_relative": "660.490381000", + "frame.number": "2305", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001993", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ed4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54573", + "tcp.dstport": "80", + "tcp.port": "54573", + "tcp.port": "80", + "tcp.stream": "112", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000f5f1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.951618000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.951618000", + "frame.time_delta": "0.000551000", + "frame.time_delta_displayed": "0.000551000", + "frame.time_relative": "660.490932000", + "frame.number": "2306", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54573", + "tcp.port": "80", + "tcp.port": "54573", + "tcp.stream": "112", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00006e1f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2305", + "tcp.analysis.ack_rtt": "0.000551000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.955238000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.955238000", + "frame.time_delta": "0.003620000", + "frame.time_delta_displayed": "0.003620000", + "frame.time_relative": "660.494552000", + "frame.number": "2307", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001994", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005edf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54573", + "tcp.dstport": "80", + "tcp.port": "54573", + "tcp.port": "80", + "tcp.stream": "112", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001ffe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2306", + "tcp.analysis.ack_rtt": "0.003620000", + "tcp.analysis.initial_rtt": "0.004171000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.956391000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.956391000", + "frame.time_delta": "0.001153000", + "frame.time_delta_displayed": "0.001153000", + "frame.time_relative": "660.495705000", + "frame.number": "2308", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001995", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e37", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54573", + "tcp.dstport": "80", + "tcp.port": "54573", + "tcp.port": "80", + "tcp.stream": "112", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003577", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004171000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.956883000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.956883000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "660.496197000", + "frame.number": "2309", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d5a2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e2d0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54573", + "tcp.port": "80", + "tcp.port": "54573", + "tcp.stream": "112", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000118f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2308", + "tcp.analysis.ack_rtt": "0.000492000", + "tcp.analysis.initial_rtt": "0.004171000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.957452000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.957452000", + "frame.time_delta": "0.000569000", + "frame.time_delta_displayed": "0.000569000", + "frame.time_relative": "660.496766000", + "frame.number": "2310", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000d5a3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e2be", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54573", + "tcp.port": "80", + "tcp.port": "54573", + "tcp.stream": "112", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000051b0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004171000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.957948000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.957948000", + "frame.time_delta": "0.000496000", + "frame.time_delta_displayed": "0.000496000", + "frame.time_relative": "660.497262000", + "frame.number": "2311", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000d5a4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000deeb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54573", + "tcp.port": "80", + "tcp.port": "54573", + "tcp.stream": "112", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a419", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004171000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "2310", + "tcp.segment": "2311", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001557000", + "http.request_in": "2308", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.960508000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.960508000", + "frame.time_delta": "0.002560000", + "frame.time_delta_displayed": "0.002560000", + "frame.time_relative": "660.499822000", + "frame.number": "2312", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000d5a5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000deea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54573", + "tcp.port": "80", + "tcp.port": "54573", + "tcp.stream": "112", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a419", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004171000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.963460000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.963460000", + "frame.time_delta": "0.002952000", + "frame.time_delta_displayed": "0.002952000", + "frame.time_relative": "660.502774000", + "frame.number": "2313", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001996", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005edd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54573", + "tcp.dstport": "80", + "tcp.port": "54573", + "tcp.port": "80", + "tcp.stream": "112", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001b66", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2311", + "tcp.analysis.ack_rtt": "0.005512000", + "tcp.analysis.initial_rtt": "0.004171000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.964024000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.964024000", + "frame.time_delta": "0.000564000", + "frame.time_delta_displayed": "0.000564000", + "frame.time_relative": "660.503338000", + "frame.number": "2314", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001997", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005edc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54573", + "tcp.dstport": "80", + "tcp.port": "54573", + "tcp.port": "80", + "tcp.stream": "112", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001b65", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.964522000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.964522000", + "frame.time_delta": "0.000498000", + "frame.time_delta_displayed": "0.000498000", + "frame.time_relative": "660.503836000", + "frame.number": "2315", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001100", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a773", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54573", + "tcp.port": "80", + "tcp.port": "54573", + "tcp.stream": "112", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000d99", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2314", + "tcp.analysis.ack_rtt": "0.000498000", + "tcp.analysis.initial_rtt": "0.004171000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.965086000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.965086000", + "frame.time_delta": "0.000564000", + "frame.time_delta_displayed": "0.000564000", + "frame.time_relative": "660.504400000", + "frame.number": "2316", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001998", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ecf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54573", + "tcp.dstport": "80", + "tcp.port": "54573", + "tcp.port": "80", + "tcp.stream": "112", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bff8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:6f:94:a1:24:6f:94:a5:07", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004171000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "2313", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:31.992806000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494251.992806000", + "frame.time_delta": "0.027720000", + "frame.time_delta_displayed": "0.027720000", + "frame.time_relative": "660.532120000", + "frame.number": "2317", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00005ffa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000574e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "36", + "http.prev_response_in": "2304" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:32.020264000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494252.020264000", + "frame.time_delta": "0.027458000", + "frame.time_delta_displayed": "0.027458000", + "frame.time_relative": "660.559578000", + "frame.number": "2318", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001999", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ece", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54574", + "tcp.dstport": "80", + "tcp.port": "54574", + "tcp.port": "80", + "tcp.stream": "113", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000dff1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:32.020796000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494252.020796000", + "frame.time_delta": "0.000532000", + "frame.time_delta_displayed": "0.000532000", + "frame.time_relative": "660.560110000", + "frame.number": "2319", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54574", + "tcp.port": "80", + "tcp.port": "54574", + "tcp.stream": "113", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000470e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2318", + "tcp.analysis.ack_rtt": "0.000532000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:32.026815000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494252.026815000", + "frame.time_delta": "0.006019000", + "frame.time_delta_displayed": "0.006019000", + "frame.time_relative": "660.566129000", + "frame.number": "2320", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000199a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ed9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54574", + "tcp.dstport": "80", + "tcp.port": "54574", + "tcp.port": "80", + "tcp.stream": "113", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f8ec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2319", + "tcp.analysis.ack_rtt": "0.006019000", + "tcp.analysis.initial_rtt": "0.006551000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:32.027390000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494252.027390000", + "frame.time_delta": "0.000575000", + "frame.time_delta_displayed": "0.000575000", + "frame.time_relative": "660.566704000", + "frame.number": "2321", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x0000199b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e31", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54574", + "tcp.dstport": "80", + "tcp.port": "54574", + "tcp.port": "80", + "tcp.stream": "113", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000e66", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006551000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:32.027866000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494252.027866000", + "frame.time_delta": "0.000476000", + "frame.time_delta_displayed": "0.000476000", + "frame.time_relative": "660.567180000", + "frame.number": "2322", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002178", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000096fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54574", + "tcp.port": "80", + "tcp.port": "54574", + "tcp.stream": "113", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ea7d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2321", + "tcp.analysis.ack_rtt": "0.000476000", + "tcp.analysis.initial_rtt": "0.006551000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:32.028432000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494252.028432000", + "frame.time_delta": "0.000566000", + "frame.time_delta_displayed": "0.000566000", + "frame.time_relative": "660.567746000", + "frame.number": "2323", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00002179", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000096e9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54574", + "tcp.port": "80", + "tcp.port": "54574", + "tcp.stream": "113", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002a9f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006551000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:32.028782000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494252.028782000", + "frame.time_delta": "0.000350000", + "frame.time_delta_displayed": "0.000350000", + "frame.time_relative": "660.568096000", + "frame.number": "2324", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000217a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009316", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54574", + "tcp.port": "80", + "tcp.port": "54574", + "tcp.stream": "113", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007d08", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006551000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "2323", + "tcp.segment": "2324", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001392000", + "http.request_in": "2321", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:32.030501000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494252.030501000", + "frame.time_delta": "0.001719000", + "frame.time_delta_displayed": "0.001719000", + "frame.time_relative": "660.569815000", + "frame.number": "2325", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000217b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009315", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54574", + "tcp.port": "80", + "tcp.port": "54574", + "tcp.stream": "113", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007d08", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006551000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:32.031232000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494252.031232000", + "frame.time_delta": "0.000731000", + "frame.time_delta_displayed": "0.000731000", + "frame.time_relative": "660.570546000", + "frame.number": "2326", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000199c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ed7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54574", + "tcp.dstport": "80", + "tcp.port": "54574", + "tcp.port": "80", + "tcp.stream": "113", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f454", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2324", + "tcp.analysis.ack_rtt": "0.002450000", + "tcp.analysis.initial_rtt": "0.006551000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:32.031902000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494252.031902000", + "frame.time_delta": "0.000670000", + "frame.time_delta_displayed": "0.000670000", + "frame.time_relative": "660.571216000", + "frame.number": "2327", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000199d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ed6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54574", + "tcp.dstport": "80", + "tcp.port": "54574", + "tcp.port": "80", + "tcp.stream": "113", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f453", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:32.032326000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494252.032326000", + "frame.time_delta": "0.000424000", + "frame.time_delta_displayed": "0.000424000", + "frame.time_relative": "660.571640000", + "frame.number": "2328", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001101", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a772", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54574", + "tcp.port": "80", + "tcp.port": "54574", + "tcp.stream": "113", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e687", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2327", + "tcp.analysis.ack_rtt": "0.000424000", + "tcp.analysis.initial_rtt": "0.006551000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:32.033781000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494252.033781000", + "frame.time_delta": "0.001455000", + "frame.time_delta_displayed": "0.001455000", + "frame.time_relative": "660.573095000", + "frame.number": "2329", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000199e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ec9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54574", + "tcp.dstport": "80", + "tcp.port": "54574", + "tcp.port": "80", + "tcp.stream": "113", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000076c5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:cb:f8:55:d1:cb:f8:59:b4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006551000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "2326", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:34.540411000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494254.540411000", + "frame.time_delta": "2.506630000", + "frame.time_delta_displayed": "2.506630000", + "frame.time_relative": "663.079725000", + "frame.number": "2330", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057e9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6a8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "201", + "tcp.ack": "181", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000543", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:34.683808000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494254.683808000", + "frame.time_delta": "0.143397000", + "frame.time_delta_displayed": "0.143397000", + "frame.time_relative": "663.223122000", + "frame.number": "2331", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fd9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdb8", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "181", + "tcp.ack": "202", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000fb8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:36.326434000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494256.326434000", + "frame.time_delta": "1.642626000", + "frame.time_delta_displayed": "1.642626000", + "frame.time_relative": "664.865748000", + "frame.number": "2332", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005c0f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005bda", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:36.684516000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494256.684516000", + "frame.time_delta": "0.358082000", + "frame.time_delta_displayed": "0.358082000", + "frame.time_relative": "665.223830000", + "frame.number": "2333", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020e8", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e72c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60111", + "udp.dstport": "1900", + "udp.port": "60111", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00005f8e", + "udp.checksum.status": "2", + "udp.stream": "43" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:36.783337000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494256.783337000", + "frame.time_delta": "0.098821000", + "frame.time_delta_displayed": "0.098821000", + "frame.time_relative": "665.322651000", + "frame.number": "2334", + "frame.len": "411", + "frame.cap_len": "411", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "397", + "ip.id": "0x00009530", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076f6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "345", + "tcp.seq": "11675", + "tcp.nxtseq": "12020", + "tcp.ack": "1937", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008f80", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:b4:d2:a7:9d:7b:17", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2471122, TSecr 2812115735": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2471122", + "tcp.options.timestamp.tsecr": "2812115735" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "345", + "tcp.analysis.push_bytes_sent": "345" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "340", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:c3:f8:87:6d:46:82:a2:9d:19:5b:26:67:6d:5e:a1:5c:fd:41:c3:46:d6:f3:5b:98:b1:db:70:31:97:4f:96:3c:55:a4:09:97:8f:2b:c5:72:1c:07:b0:9b:5b:0e:db:f6:7a:ab:fc:14:59:02:ea:b2:fd:95:0c:55:92:5e:e6:39:7f:d7:61:1c:3a:34:5d:be:ec:c7:1e:48:f2:5e:76:c8:e2:c0:0c:2b:97:bc:ed:4d:6d:a3:b8:e7:2c:1d:ca:b9:8a:df:e7:63:49:f0:2a:99:bd:b5:46:c8:f3:74:a8:aa:8b:ca:b1:41:67:10:0c:fa:85:e0:ba:1b:73:28:2e:0c:63:40:1f:0a:17:cd:8f:fe:29:64:fa:ec:f8:1f:b1:29:59:bc:8c:29:91:34:ff:7e:1c:b0:23:59:b9:a4:bc:64:cc:b9:b3:53:b5:26:88:bb:16:5e:17:bd:c4:18:58:8e:62:5a:8d:2c:69:6c:b7:93:32:9d:04:4e:77:45:0c:b1:a8:a9:5a:86:2b:1c:0c:f8:b0:ed:61:14:0f:82:99:d5:d4:f0:72:e2:5c:66:45:d2:41:64:09:e2:ce:5c:46:92:83:8a:65:98:f2:c4:a8:5c:25:66:ba:34:7d:6f:3d:12:df:1c:a4:a4:32:1a:d2:8e:49:40:75:e7:d4:d9:9e:17:53:bb:71:54:8c:51:c4:2e:c1:24:9c:da:d4:bc:e7:89:41:bf:f3:c4:57:bd:7c:1a:5e:51:64:77:cd:85:c9:1a:ee:90:ca:01:15:da:3e:4a:04:6c:dd:06:9e:d0:f9:a4:38:1f:2c:56:8b:f8:02:48:8e:c8:3e:21:d1:90:57:bb:fe:02:29:1f:10:bb:e2:c0:f3:ef:a2:41:70" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:36.843439000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494256.843439000", + "frame.time_delta": "0.060102000", + "frame.time_delta_displayed": "0.060102000", + "frame.time_relative": "665.382753000", + "frame.number": "2335", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c1d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003962", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "1937", + "tcp.ack": "12020", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003818", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:85:1f:00:25:b4:d2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812118303, TSecr 2471122": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812118303", + "tcp.options.timestamp.tsecr": "2471122" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2334", + "tcp.analysis.ack_rtt": "0.060102000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:36.852569000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494256.852569000", + "frame.time_delta": "0.009130000", + "frame.time_delta_displayed": "0.009130000", + "frame.time_relative": "665.391883000", + "frame.number": "2336", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002c1e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003932", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "1937", + "tcp.nxtseq": "1984", + "tcp.ack": "12020", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000027", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:85:21:00:25:b4:d2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812118305, TSecr 2471122": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812118305", + "tcp.options.timestamp.tsecr": "2471122" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:4a:ff:a2:28:4c:54:ba:2e:00:aa:57:90:17:70:51:ed:51:c4:35:22:d5:08:df:df:a0:f5:44:7d:09:66:77:4f:48:bc:27" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:36.891422000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494256.891422000", + "frame.time_delta": "0.038853000", + "frame.time_delta_displayed": "0.038853000", + "frame.time_relative": "665.430736000", + "frame.number": "2337", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009531", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000784e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "12020", + "tcp.ack": "1984", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000036ed", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:b4:dd:a7:9d:85:21", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2471133, TSecr 2812118305": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2471133", + "tcp.options.timestamp.tsecr": "2812118305" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2336", + "tcp.analysis.ack_rtt": "0.038853000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:37.367145000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494257.367145000", + "frame.time_delta": "0.475723000", + "frame.time_delta_displayed": "0.475723000", + "frame.time_relative": "665.906459000", + "frame.number": "2338", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000060be", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000568d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "305", + "udp.checksum": "0x0000da4b", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:37.420178000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494257.420178000", + "frame.time_delta": "0.053033000", + "frame.time_delta_displayed": "0.053033000", + "frame.time_relative": "665.959492000", + "frame.number": "2339", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000060c2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005680", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "314", + "udp.checksum": "0x0000e836", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "2338" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:37.477830000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494257.477830000", + "frame.time_delta": "0.057652000", + "frame.time_delta_displayed": "0.057652000", + "frame.time_relative": "666.017144000", + "frame.number": "2340", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000060c4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005684", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "308", + "udp.checksum": "0x00000bc1", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "2339" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:37.685754000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494257.685754000", + "frame.time_delta": "0.207924000", + "frame.time_delta_displayed": "0.207924000", + "frame.time_relative": "666.225068000", + "frame.number": "2341", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020e9", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e72b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60111", + "udp.dstport": "1900", + "udp.port": "60111", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00005f8e", + "udp.checksum.status": "2", + "udp.stream": "43" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "2333" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:38.424412000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494258.424412000", + "frame.time_delta": "0.738658000", + "frame.time_delta_displayed": "0.738658000", + "frame.time_relative": "666.963726000", + "frame.number": "2342", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000060ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000565f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "305", + "udp.checksum": "0x0000da4b", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "2340" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:38.477162000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494258.477162000", + "frame.time_delta": "0.052750000", + "frame.time_delta_displayed": "0.052750000", + "frame.time_relative": "667.016476000", + "frame.number": "2343", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000060ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005654", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "314", + "udp.checksum": "0x0000e836", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "2342" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:38.529959000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494258.529959000", + "frame.time_delta": "0.052797000", + "frame.time_delta_displayed": "0.052797000", + "frame.time_relative": "667.069273000", + "frame.number": "2344", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000060f0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005658", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "308", + "udp.checksum": "0x00000bc1", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "2343" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:38.686382000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494258.686382000", + "frame.time_delta": "0.156423000", + "frame.time_delta_displayed": "0.156423000", + "frame.time_relative": "667.225696000", + "frame.number": "2345", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020ea", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e72a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60111", + "udp.dstport": "1900", + "udp.port": "60111", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00005f8e", + "udp.checksum.status": "2", + "udp.stream": "43" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "2341" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:39.109162000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494259.109162000", + "frame.time_delta": "0.422780000", + "frame.time_delta_displayed": "0.422780000", + "frame.time_relative": "667.648476000", + "frame.number": "2346", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000060f5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005656", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "305", + "udp.checksum": "0x0000da4b", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "2344" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:39.161983000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494259.161983000", + "frame.time_delta": "0.052821000", + "frame.time_delta_displayed": "0.052821000", + "frame.time_relative": "667.701297000", + "frame.number": "2347", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000060fb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005647", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "314", + "udp.checksum": "0x0000e836", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "2346" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:39.214755000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494259.214755000", + "frame.time_delta": "0.052772000", + "frame.time_delta_displayed": "0.052772000", + "frame.time_relative": "667.754069000", + "frame.number": "2348", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00006100", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005648", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "308", + "udp.checksum": "0x00000bc1", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "2347" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:39.686570000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494259.686570000", + "frame.time_delta": "0.471815000", + "frame.time_delta_displayed": "0.471815000", + "frame.time_relative": "668.225884000", + "frame.number": "2349", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020eb", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e729", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60111", + "udp.dstport": "1900", + "udp.port": "60111", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00005f8e", + "udp.checksum.status": "2", + "udp.stream": "43" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "2345" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:39.690056000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494259.690056000", + "frame.time_delta": "0.003486000", + "frame.time_delta_displayed": "0.003486000", + "frame.time_relative": "668.229370000", + "frame.number": "2350", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:39.690452000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494259.690452000", + "frame.time_delta": "0.000396000", + "frame.time_delta_displayed": "0.000396000", + "frame.time_relative": "668.229766000", + "frame.number": "2351", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:40.161235000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494260.161235000", + "frame.time_delta": "0.470783000", + "frame.time_delta_displayed": "0.470783000", + "frame.time_relative": "668.700549000", + "frame.number": "2352", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00006145", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005606", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "305", + "udp.checksum": "0x0000da4b", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "2348" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:40.214042000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494260.214042000", + "frame.time_delta": "0.052807000", + "frame.time_delta_displayed": "0.052807000", + "frame.time_relative": "668.753356000", + "frame.number": "2353", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00006147", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000055fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "314", + "udp.checksum": "0x0000e836", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "2352" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:40.266869000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494260.266869000", + "frame.time_delta": "0.052827000", + "frame.time_delta_displayed": "0.052827000", + "frame.time_relative": "668.806183000", + "frame.number": "2354", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000614b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000055fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "308", + "udp.checksum": "0x00000bc1", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "2353" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:40.529914000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494260.529914000", + "frame.time_delta": "0.263045000", + "frame.time_delta_displayed": "0.263045000", + "frame.time_relative": "669.069228000", + "frame.number": "2355", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000615c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000055ef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "305", + "udp.checksum": "0x0000da4b", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "2354" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:40.582782000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494260.582782000", + "frame.time_delta": "0.052868000", + "frame.time_delta_displayed": "0.052868000", + "frame.time_relative": "669.122096000", + "frame.number": "2356", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000615f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000055e3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "314", + "udp.checksum": "0x0000e836", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "2355" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:40.635511000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494260.635511000", + "frame.time_delta": "0.052729000", + "frame.time_delta_displayed": "0.052729000", + "frame.time_relative": "669.174825000", + "frame.number": "2357", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00006160", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000055e8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "308", + "udp.checksum": "0x00000bc1", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "2356" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:41.587183000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494261.587183000", + "frame.time_delta": "0.951672000", + "frame.time_delta_displayed": "0.951672000", + "frame.time_relative": "670.126497000", + "frame.number": "2358", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00006176", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000055d5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "305", + "udp.checksum": "0x0000da4b", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "2357" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:41.639942000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494261.639942000", + "frame.time_delta": "0.052759000", + "frame.time_delta_displayed": "0.052759000", + "frame.time_relative": "670.179256000", + "frame.number": "2359", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00006179", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000055c9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "314", + "udp.checksum": "0x0000e836", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "2358" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:41.692776000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494261.692776000", + "frame.time_delta": "0.052834000", + "frame.time_delta_displayed": "0.052834000", + "frame.time_relative": "670.232090000", + "frame.number": "2360", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000617f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000055c9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "308", + "udp.checksum": "0x00000bc1", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "2359" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:41.850227000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494261.850227000", + "frame.time_delta": "0.157451000", + "frame.time_delta_displayed": "0.157451000", + "frame.time_relative": "670.389541000", + "frame.number": "2361", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:41.850665000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494261.850665000", + "frame.time_delta": "0.000438000", + "frame.time_delta_displayed": "0.000438000", + "frame.time_relative": "670.389979000", + "frame.number": "2362", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:42.429221000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494262.429221000", + "frame.time_delta": "0.578556000", + "frame.time_delta_displayed": "0.578556000", + "frame.time_relative": "670.968535000", + "frame.number": "2363", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000061bd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000558e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "305", + "udp.checksum": "0x0000da4b", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "2360" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:42.481990000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494262.481990000", + "frame.time_delta": "0.052769000", + "frame.time_delta_displayed": "0.052769000", + "frame.time_relative": "671.021304000", + "frame.number": "2364", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000061c1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005581", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "314", + "udp.checksum": "0x0000e836", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "2363" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:42.534908000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494262.534908000", + "frame.time_delta": "0.052918000", + "frame.time_delta_displayed": "0.052918000", + "frame.time_relative": "671.074222000", + "frame.number": "2365", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000061c5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005583", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "308", + "udp.checksum": "0x00000bc1", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "2364" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:43.486403000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494263.486403000", + "frame.time_delta": "0.951495000", + "frame.time_delta_displayed": "0.951495000", + "frame.time_relative": "672.025717000", + "frame.number": "2366", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00006221", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000552a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "305", + "udp.checksum": "0x0000da4b", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "2365" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:43.539242000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494263.539242000", + "frame.time_delta": "0.052839000", + "frame.time_delta_displayed": "0.052839000", + "frame.time_relative": "672.078556000", + "frame.number": "2367", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00006224", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000551e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "314", + "udp.checksum": "0x0000e836", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "2366" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:43.592070000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494263.592070000", + "frame.time_delta": "0.052828000", + "frame.time_delta_displayed": "0.052828000", + "frame.time_relative": "672.131384000", + "frame.number": "2368", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000622a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000551e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60111", + "udp.port": "1900", + "udp.port": "60111", + "udp.length": "308", + "udp.checksum": "0x00000bc1", + "udp.checksum.status": "2", + "udp.stream": "44" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "2367" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:46.861759000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494266.861759000", + "frame.time_delta": "3.269689000", + "frame.time_delta_displayed": "3.269689000", + "frame.time_relative": "675.401073000", + "frame.number": "2369", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000f902", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Exclude Mode": { + "igmp.record_type": "4", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:46.866935000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494266.866935000", + "frame.time_delta": "0.005176000", + "frame.time_delta_displayed": "0.005176000", + "frame.time_relative": "675.406249000", + "frame.number": "2370", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00001768", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c1f1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000001", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:46.880488000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494266.880488000", + "frame.time_delta": "0.013553000", + "frame.time_delta_displayed": "0.013553000", + "frame.time_relative": "675.419802000", + "frame.number": "2371", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00001769", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c1f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000001", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:46.946945000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494266.946945000", + "frame.time_delta": "0.066457000", + "frame.time_delta_displayed": "0.066457000", + "frame.time_relative": "675.486259000", + "frame.number": "2372", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:46.949657000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494266.949657000", + "frame.time_delta": "0.002712000", + "frame.time_delta_displayed": "0.002712000", + "frame.time_relative": "675.488971000", + "frame.number": "2373", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:46.979510000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494266.979510000", + "frame.time_delta": "0.029853000", + "frame.time_delta_displayed": "0.029853000", + "frame.time_relative": "675.518824000", + "frame.number": "2374", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:47.092543000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494267.092543000", + "frame.time_delta": "0.113033000", + "frame.time_delta_displayed": "0.113033000", + "frame.time_relative": "675.631857000", + "frame.number": "2375", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x00001786", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c208", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:47.092704000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494267.092704000", + "frame.time_delta": "0.000161000", + "frame.time_delta_displayed": "0.000161000", + "frame.time_relative": "675.632018000", + "frame.number": "2376", + "frame.len": "88", + "frame.cap_len": "88", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "74", + "ip.id": "0x00001787", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c202", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "54", + "udp.checksum": "0x0000fd7d", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_services._dns-sd._udp.local", + "dns.qry.name.len": "28", + "dns.count.labels": "4", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:47.092863000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494267.092863000", + "frame.time_delta": "0.000159000", + "frame.time_delta_displayed": "0.000159000", + "frame.time_relative": "675.632177000", + "frame.number": "2377", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x00001788", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c206", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:47.099473000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494267.099473000", + "frame.time_delta": "0.006610000", + "frame.time_delta_displayed": "0.006610000", + "frame.time_relative": "675.638787000", + "frame.number": "2378", + "frame.len": "211", + "frame.cap_len": "211", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "197", + "ip.id": "0x00000323", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000d56e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "177", + "udp.checksum": "0x00009320", + "udp.checksum.status": "2", + "udp.stream": "45" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "4", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { + "dns.resp.name": "_smartthings._tcp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "19", + "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { + "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "4500", + "dns.resp.len": "38", + "dns.txt.length": "6", + "dns.txt": "path=\/", + "dns.txt.length": "19", + "dns.txt": "id=D052A8A1D7EE0001", + "dns.txt.length": "10", + "dns.txt": "type=hubv2" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { + "dns.srv.service": "D052A8A1D7EE0001", + "dns.srv.proto": "_smartthings", + "dns.srv.name": "_tcp.local", + "dns.resp.type": "33", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "25", + "dns.srv.priority": "0", + "dns.srv.weight": "0", + "dns.srv.port": "8081", + "dns.srv.target": "D052A8A1D7EE0001.local" + }, + "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { + "dns.resp.name": "D052A8A1D7EE0001.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "4", + "dns.a": "192.168.0.242" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:47.173755000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494267.173755000", + "frame.time_delta": "0.074282000", + "frame.time_delta_displayed": "0.074282000", + "frame.time_relative": "675.713069000", + "frame.number": "2379", + "frame.len": "107", + "frame.cap_len": "107", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "93", + "ip.id": "0x0000f5ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e3b7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.71", + "ip.addr": "192.168.0.71", + "ip.src_host": "192.168.0.71", + "ip.host": "192.168.0.71", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "73", + "udp.checksum": "0x0000791d", + "udp.checksum.status": "2", + "udp.stream": "46" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _http._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "13", + "dns.ptr.domain_name": "_http._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:47.194958000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494267.194958000", + "frame.time_delta": "0.021203000", + "frame.time_delta_displayed": "0.021203000", + "frame.time_relative": "675.734272000", + "frame.number": "2380", + "frame.len": "114", + "frame.cap_len": "114", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "74:da:38:0d:05:55", + "eth.src_tree": { + "eth.src_resolved": "EdimaxTe_0d:05:55", + "eth.addr": "74:da:38:0d:05:55", + "eth.addr_resolved": "EdimaxTe_0d:05:55", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "100", + "ip.id": "0x00001af3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000be7a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.119", + "ip.addr": "192.168.0.119", + "ip.src_host": "192.168.0.119", + "ip.host": "192.168.0.119", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "80", + "udp.checksum": "0x00004200", + "udp.checksum.status": "2", + "udp.stream": "47" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _workstation._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "20", + "dns.ptr.domain_name": "_workstation._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:47.216232000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494267.216232000", + "frame.time_delta": "0.021274000", + "frame.time_delta_displayed": "0.021274000", + "frame.time_relative": "675.755546000", + "frame.number": "2381", + "frame.len": "108", + "frame.cap_len": "108", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "c4:12:f5:e3:dc:17", + "eth.src_tree": { + "eth.src_resolved": "D-LinkIn_e3:dc:17", + "eth.addr": "c4:12:f5:e3:dc:17", + "eth.addr_resolved": "D-LinkIn_e3:dc:17", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "94", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000d963", + "ip.checksum.status": "2", + "ip.src": "192.168.0.135", + "ip.addr": "192.168.0.135", + "ip.src_host": "192.168.0.135", + "ip.host": "192.168.0.135", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "74", + "udp.checksum": "0x00009b6b", + "udp.checksum.status": "2", + "udp.stream": "48" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "14", + "dns.ptr.domain_name": "_dhnap._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:47.228261000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494267.228261000", + "frame.time_delta": "0.012029000", + "frame.time_delta_displayed": "0.012029000", + "frame.time_relative": "675.767575000", + "frame.number": "2382", + "frame.len": "108", + "frame.cap_len": "108", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "90:8d:78:e3:81:0c", + "eth.src_tree": { + "eth.src_resolved": "D-LinkIn_e3:81:0c", + "eth.addr": "90:8d:78:e3:81:0c", + "eth.addr_resolved": "D-LinkIn_e3:81:0c", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "94", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000d8fa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.240", + "ip.addr": "192.168.0.240", + "ip.src_host": "192.168.0.240", + "ip.host": "192.168.0.240", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "74", + "udp.checksum": "0x00009b02", + "udp.checksum.status": "2", + "udp.stream": "49" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "14", + "dns.ptr.domain_name": "_dhnap._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:47.261398000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494267.261398000", + "frame.time_delta": "0.033137000", + "frame.time_delta_displayed": "0.033137000", + "frame.time_relative": "675.800712000", + "frame.number": "2383", + "frame.len": "108", + "frame.cap_len": "108", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "c4:12:f5:de:38:20", + "eth.src_tree": { + "eth.src_resolved": "D-LinkIn_de:38:20", + "eth.addr": "c4:12:f5:de:38:20", + "eth.addr_resolved": "D-LinkIn_de:38:20", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "94", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000d995", + "ip.checksum.status": "2", + "ip.src": "192.168.0.85", + "ip.addr": "192.168.0.85", + "ip.src_host": "192.168.0.85", + "ip.host": "192.168.0.85", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "74", + "udp.checksum": "0x00009b9d", + "udp.checksum.status": "2", + "udp.stream": "50" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "14", + "dns.ptr.domain_name": "_dhnap._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:47.322919000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494267.322919000", + "frame.time_delta": "0.061521000", + "frame.time_delta_displayed": "0.061521000", + "frame.time_relative": "675.862233000", + "frame.number": "2384", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x000017a6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c1e8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:47.323079000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494267.323079000", + "frame.time_delta": "0.000160000", + "frame.time_delta_displayed": "0.000160000", + "frame.time_relative": "675.862393000", + "frame.number": "2385", + "frame.len": "88", + "frame.cap_len": "88", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "74", + "ip.id": "0x000017a7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c1e2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "54", + "udp.checksum": "0x0000fd7d", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_services._dns-sd._udp.local", + "dns.qry.name.len": "28", + "dns.count.labels": "4", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:47.323227000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494267.323227000", + "frame.time_delta": "0.000148000", + "frame.time_delta_displayed": "0.000148000", + "frame.time_relative": "675.862541000", + "frame.number": "2386", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x000017a8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c1e6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:47.570307000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494267.570307000", + "frame.time_delta": "0.247080000", + "frame.time_delta_displayed": "0.247080000", + "frame.time_relative": "676.109621000", + "frame.number": "2387", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x000017c9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c1c5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:47.570471000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494267.570471000", + "frame.time_delta": "0.000164000", + "frame.time_delta_displayed": "0.000164000", + "frame.time_relative": "676.109785000", + "frame.number": "2388", + "frame.len": "88", + "frame.cap_len": "88", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "74", + "ip.id": "0x000017ca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c1bf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "54", + "udp.checksum": "0x0000fd7d", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_services._dns-sd._udp.local", + "dns.qry.name.len": "28", + "dns.count.labels": "4", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:47.570617000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494267.570617000", + "frame.time_delta": "0.000146000", + "frame.time_delta_displayed": "0.000146000", + "frame.time_relative": "676.109931000", + "frame.number": "2389", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x000017cb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c1c3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:47.810542000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494267.810542000", + "frame.time_delta": "0.239925000", + "frame.time_delta_displayed": "0.239925000", + "frame.time_relative": "676.349856000", + "frame.number": "2390", + "frame.len": "114", + "frame.cap_len": "114", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "74:da:38:0d:05:55", + "eth.src_tree": { + "eth.src_resolved": "EdimaxTe_0d:05:55", + "eth.addr": "74:da:38:0d:05:55", + "eth.addr_resolved": "EdimaxTe_0d:05:55", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "100", + "ip.id": "0x00001b15", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000be58", + "ip.checksum.status": "2", + "ip.src": "192.168.0.119", + "ip.addr": "192.168.0.119", + "ip.src_host": "192.168.0.119", + "ip.host": "192.168.0.119", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "80", + "udp.checksum": "0x00004200", + "udp.checksum.status": "2", + "udp.stream": "47" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _workstation._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "20", + "dns.ptr.domain_name": "_workstation._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:47.868780000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494267.868780000", + "frame.time_delta": "0.058238000", + "frame.time_delta_displayed": "0.058238000", + "frame.time_relative": "676.408094000", + "frame.number": "2391", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x000017f9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c189", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "61", + "udp.checksum": "0x0000e755", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "192-168-0-117.local: type ANY, class IN, \"QM\" question": { + "dns.qry.name": "192-168-0-117.local", + "dns.qry.name.len": "19", + "dns.count.labels": "2", + "dns.qry.type": "255", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + }, + "Authoritative nameservers": { + "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "3600", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:47.883544000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494267.883544000", + "frame.time_delta": "0.014764000", + "frame.time_delta_displayed": "0.014764000", + "frame.time_relative": "676.422858000", + "frame.number": "2392", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x000017fe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c15b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000002", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:47.970116000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494267.970116000", + "frame.time_delta": "0.086572000", + "frame.time_delta_displayed": "0.086572000", + "frame.time_relative": "676.509430000", + "frame.number": "2393", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:47.972831000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494267.972831000", + "frame.time_delta": "0.002715000", + "frame.time_delta_displayed": "0.002715000", + "frame.time_relative": "676.512145000", + "frame.number": "2394", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:48.007171000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494268.007171000", + "frame.time_delta": "0.034340000", + "frame.time_delta_displayed": "0.034340000", + "frame.time_relative": "676.546485000", + "frame.number": "2395", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:48.616221000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494268.616221000", + "frame.time_delta": "0.609050000", + "frame.time_delta_displayed": "0.609050000", + "frame.time_relative": "677.155535000", + "frame.number": "2396", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x0000cbf5", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x0068507f", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:48.617880000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494268.617880000", + "frame.time_delta": "0.001659000", + "frame.time_delta_displayed": "0.001659000", + "frame.time_relative": "677.157194000", + "frame.number": "2397", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:bf:34:7e", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:bf:34:7e", + "eth.addr": "33:33:ff:bf:34:7e", + "eth.addr_resolved": "IPv6mcast_ff:bf:34:7e", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "32", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1:ffbf:347e", + "ipv6.addr": "ff02::1:ffbf:347e", + "ipv6.dst_host": "ff02::1:ffbf:347e", + "ipv6.host": "ff02::1:ffbf:347e", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007df7", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fe80::1ab4:30ff:febf:347e", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:48.872679000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494268.872679000", + "frame.time_delta": "0.254799000", + "frame.time_delta_displayed": "0.254799000", + "frame.time_relative": "677.411993000", + "frame.number": "2398", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00001818", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c16a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "61", + "udp.checksum": "0x0000e755", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "192-168-0-117.local: type ANY, class IN, \"QM\" question": { + "dns.qry.name": "192-168-0-117.local", + "dns.qry.name.len": "19", + "dns.count.labels": "2", + "dns.qry.type": "255", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + }, + "Authoritative nameservers": { + "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "3600", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:48.947559000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494268.947559000", + "frame.time_delta": "0.074880000", + "frame.time_delta_displayed": "0.074880000", + "frame.time_relative": "677.486873000", + "frame.number": "2399", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x00001c05", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x00aaf565", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:48.977349000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494268.977349000", + "frame.time_delta": "0.029790000", + "frame.time_delta_displayed": "0.029790000", + "frame.time_relative": "677.516663000", + "frame.number": "2400", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:48.986158000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494268.986158000", + "frame.time_delta": "0.008809000", + "frame.time_delta_displayed": "0.008809000", + "frame.time_relative": "677.525472000", + "frame.number": "2401", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:48.993588000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494268.993588000", + "frame.time_delta": "0.007430000", + "frame.time_delta_displayed": "0.007430000", + "frame.time_relative": "677.532902000", + "frame.number": "2402", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000181d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c13c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:49.923888000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494269.923888000", + "frame.time_delta": "0.930300000", + "frame.time_delta_displayed": "0.930300000", + "frame.time_relative": "678.463202000", + "frame.number": "2403", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x0000182f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c153", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "61", + "udp.checksum": "0x0000e855", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "192-168-0-117.local: type ANY, class IN, \"QM\" question": { + "dns.qry.name": "192-168-0-117.local", + "dns.qry.name.len": "19", + "dns.count.labels": "2", + "dns.qry.type": "255", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + }, + "Authoritative nameservers": { + "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "3599", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:49.997189000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494269.997189000", + "frame.time_delta": "0.073301000", + "frame.time_delta_displayed": "0.073301000", + "frame.time_relative": "678.536503000", + "frame.number": "2404", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:50.000002000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494270.000002000", + "frame.time_delta": "0.002813000", + "frame.time_delta_displayed": "0.002813000", + "frame.time_relative": "678.539316000", + "frame.number": "2405", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:50.008380000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494270.008380000", + "frame.time_delta": "0.008378000", + "frame.time_delta_displayed": "0.008378000", + "frame.time_relative": "678.547694000", + "frame.number": "2406", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:50.058023000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494270.058023000", + "frame.time_delta": "0.049643000", + "frame.time_delta_displayed": "0.049643000", + "frame.time_relative": "678.597337000", + "frame.number": "2407", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:50.553292000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494270.553292000", + "frame.time_delta": "0.495269000", + "frame.time_delta_displayed": "0.495269000", + "frame.time_relative": "679.092606000", + "frame.number": "2408", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x00005d86", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x0074bee2", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:50.562965000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494270.562965000", + "frame.time_delta": "0.009673000", + "frame.time_delta_displayed": "0.009673000", + "frame.time_relative": "679.102279000", + "frame.number": "2409", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x00002ce7", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x00b6e477", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:50.572124000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494270.572124000", + "frame.time_delta": "0.009159000", + "frame.time_delta_displayed": "0.009159000", + "frame.time_relative": "679.111438000", + "frame.number": "2410", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:50.586904000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494270.586904000", + "frame.time_delta": "0.014780000", + "frame.time_delta_displayed": "0.014780000", + "frame.time_relative": "679.126218000", + "frame.number": "2411", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:50.885307000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494270.885307000", + "frame.time_delta": "0.298403000", + "frame.time_delta_displayed": "0.298403000", + "frame.time_relative": "679.424621000", + "frame.number": "2412", + "frame.len": "89", + "frame.cap_len": "89", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "75", + "ip.id": "0x00001950", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c038", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "55", + "udp.checksum": "0x00006fa3", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.response_to": "2403", + "dns.time": "0.961419000", + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "192-168-0-117.local: type A, class IN, cache flush, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "3600", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:51.125061000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494271.125061000", + "frame.time_delta": "0.239754000", + "frame.time_delta_displayed": "0.239754000", + "frame.time_relative": "679.664375000", + "frame.number": "2413", + "frame.len": "240", + "frame.cap_len": "240", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "74:da:38:0d:05:55", + "eth.src_tree": { + "eth.src_resolved": "EdimaxTe_0d:05:55", + "eth.addr": "74:da:38:0d:05:55", + "eth.addr_resolved": "EdimaxTe_0d:05:55", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x0004043b", + "ipv6.plen": "186", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::b7ce:468a:843f:9e05", + "ipv6.addr": "fe80::b7ce:468a:843f:9e05", + "ipv6.src_host": "fe80::b7ce:468a:843f:9e05", + "ipv6.host": "fe80::b7ce:468a:843f:9e05", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "186", + "udp.checksum": "0x00003a7f", + "udp.checksum.status": "2", + "udp.stream": "51" + }, + "dhcpv6": { + "dhcpv6.msgtype": "5", + "dhcpv6.xid": "0x0083051f", + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:20:4c:55:45:b8:27:eb:2b:b7:45", + "dhcpv6.duid.bytes": "00:01:00:01:20:4c:55:45:b8:27:eb:2b:b7:45", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Mar 3, 2017 08:24:37.000000000 PST", + "dhcpv6.duidllt.link_layer_addr": "b8:27:eb:2b:b7:45" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Vendor Class": { + "dhcpv6.option.type": "16", + "dhcpv6.option.length": "50", + "dhcpv6.option.value": "00:00:9f:08:00:2c:64:68:63:70:63:64:2d:36:2e:37:2e:31:3a:4c:69:6e:75:78:2d:34:2e:39:2e:31:37:2d:76:37:2b:3a:61:72:6d:76:37:6c:3a:42:43:4d:32:38:33:35", + "dhcpv6.vendorclass.enterprise": "40712", + "dhcpv6.vendorclass.data": "dhcpcd-6.7.1:Linux-4.9.17-v7+:armv7l:BCM2835" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "38:0d:05:55:00:00:00:00:00:00:00:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:04:2e:ff:ff:ff:ff:ff:ff:ff:ff", + "dhcpv6.iaid": "380d0555", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:04:2e:ff:ff:ff:ff:ff:ff:ff:ff", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::42e", + "dhcpv6.iaaddr.pref_lifetime": "4294967295", + "dhcpv6.iaaddr.valid_lifetime": "4294967295" + } + }, + "Fully Qualified Domain Name": { + "dhcpv6.option.type": "39", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "01:0c:72:61:73:70:62:65:72:72:79:70:69:32", + "dhcpv6.clientfqdn.reserved": "0x00000000", + "dhcpv6.clientfqdn.n": "0", + "dhcpv6.clientfqdn.o": "0", + "dhcpv6.clientfqdn.s": "1", + "dhcpv6.client_fqdn": "raspberrypi2" + }, + "Reconfigure Accept": { + "dhcpv6.option.type": "20", + "dhcpv6.option.length": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "00:17:00:18:00:1f:00:27:00:52:00:53", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31", + "dhcpv6.requested_option_code": "39", + "dhcpv6.requested_option_code": "82", + "dhcpv6.requested_option_code": "83" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:51.592032000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494271.592032000", + "frame.time_delta": "0.466971000", + "frame.time_delta_displayed": "0.466971000", + "frame.time_relative": "680.131346000", + "frame.number": "2414", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:51.594663000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494271.594663000", + "frame.time_delta": "0.002631000", + "frame.time_delta_displayed": "0.002631000", + "frame.time_relative": "680.133977000", + "frame.number": "2415", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:51.607462000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494271.607462000", + "frame.time_delta": "0.012799000", + "frame.time_delta_displayed": "0.012799000", + "frame.time_relative": "680.146776000", + "frame.number": "2416", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:51.696994000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494271.696994000", + "frame.time_delta": "0.089532000", + "frame.time_delta_displayed": "0.089532000", + "frame.time_relative": "680.236308000", + "frame.number": "2417", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:51.801376000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494271.801376000", + "frame.time_delta": "0.104382000", + "frame.time_delta_displayed": "0.104382000", + "frame.time_relative": "680.340690000", + "frame.number": "2418", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "36", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f315", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "1", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:51.878978000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494271.878978000", + "frame.time_delta": "0.077602000", + "frame.time_delta_displayed": "0.077602000", + "frame.time_relative": "680.418292000", + "frame.number": "2419", + "frame.len": "89", + "frame.cap_len": "89", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "75", + "ip.id": "0x00001a0a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000bf7e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "55", + "udp.checksum": "0x00006fa3", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.response_to": "2403", + "dns.time": "1.955090000", + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "192-168-0-117.local: type A, class IN, cache flush, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "3600", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:51.987282000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494271.987282000", + "frame.time_delta": "0.108304000", + "frame.time_delta_displayed": "0.108304000", + "frame.time_relative": "680.526596000", + "frame.number": "2420", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x000081c7", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x00d89a3d", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:52.009971000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494272.009971000", + "frame.time_delta": "0.022689000", + "frame.time_delta_displayed": "0.022689000", + "frame.time_relative": "680.549285000", + "frame.number": "2421", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x0000fefc", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x00881290", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:52.024639000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494272.024639000", + "frame.time_delta": "0.014668000", + "frame.time_delta_displayed": "0.014668000", + "frame.time_relative": "680.563953000", + "frame.number": "2422", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:52.036091000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494272.036091000", + "frame.time_delta": "0.011452000", + "frame.time_delta_displayed": "0.011452000", + "frame.time_relative": "680.575405000", + "frame.number": "2423", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "36", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f116", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "1", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:52.462337000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494272.462337000", + "frame.time_delta": "0.426246000", + "frame.time_delta_displayed": "0.426246000", + "frame.time_relative": "681.001651000", + "frame.number": "2424", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000f902", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Exclude Mode": { + "igmp.record_type": "4", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:52.599917000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494272.599917000", + "frame.time_delta": "0.137580000", + "frame.time_delta_displayed": "0.137580000", + "frame.time_relative": "681.139231000", + "frame.number": "2425", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x00009532", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076ed", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "12020", + "tcp.nxtseq": "12372", + "tcp.ack": "1984", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008942", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:ba:ff:a7:9d:85:21", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2472703, TSecr 2812118305": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2472703", + "tcp.options.timestamp.tsecr": "2812118305" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "352", + "tcp.analysis.push_bytes_sent": "352" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "347", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:c4:f3:87:d4:97:c5:d3:27:79:52:51:56:a6:d9:15:c2:5a:2e:c3:76:df:84:3c:fc:32:53:fa:09:07:09:d6:7e:52:67:0f:26:16:78:7b:fa:6c:2a:db:21:ee:29:f7:32:86:36:2d:ae:da:6a:cf:46:34:5c:bd:a8:c2:3c:e1:9d:24:c4:b4:78:d5:1f:60:1e:7a:18:88:ae:2d:b7:73:75:10:1c:2b:8c:cc:a1:51:fa:52:c1:db:15:df:3e:f0:c2:5f:57:ee:f1:08:74:2e:7d:10:c3:c5:4f:9e:03:73:12:70:b5:6d:b8:76:41:9f:65:a8:34:bb:ac:83:fe:4b:d5:5e:38:1b:b3:e8:5a:f9:db:be:55:a5:9e:54:85:f6:fd:51:95:54:c9:8c:f3:00:63:27:a3:2d:9d:ca:7b:19:f6:fd:83:16:8c:74:9f:52:4a:23:19:73:ea:91:26:78:a7:a7:6c:0b:08:6f:6c:df:b5:02:7b:25:ba:c4:9b:fa:cd:ae:24:0e:45:d8:7e:b6:68:eb:c7:55:d4:fc:7e:37:a8:58:3d:ba:90:ce:1d:28:d2:93:6d:19:20:27:39:81:eb:5e:75:73:ec:b3:60:f4:2b:24:4a:b7:6d:19:4d:6d:ac:ac:fa:2d:97:dd:dd:72:80:2e:c1:cb:f4:05:06:84:a3:8a:19:35:98:5c:96:6c:34:24:9d:7f:6a:4f:3b:ba:45:e9:5f:4b:d5:f2:d6:2e:c0:84:f5:89:ea:a1:69:6d:39:58:1c:0a:f0:8b:62:a4:3d:d5:03:bd:d8:bb:27:ee:c3:0d:7a:e0:5d:c8:93:73:cc:84:d3:a5:eb:6c:0e:60:08:ae:9f:ea:9c:8f:ce:a6:03:4e:c3:40:c6:8a:f3:44:ed:78:34:73:25" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:52.890877000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494272.890877000", + "frame.time_delta": "0.290960000", + "frame.time_delta_displayed": "0.290960000", + "frame.time_relative": "681.430191000", + "frame.number": "2426", + "frame.len": "1325", + "frame.cap_len": "1325", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1311", + "ip.id": "0x00009533", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007361", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1259", + "tcp.seq": "12372", + "tcp.nxtseq": "13631", + "tcp.ack": "1984", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d604", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:bb:1d:a7:9d:85:21", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2472733, TSecr 2812118305": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2472733", + "tcp.options.timestamp.tsecr": "2812118305" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1611", + "tcp.analysis.push_bytes_sent": "1259" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1254", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:c5:0e:25:fa:1a:d6:54:bd:0a:8c:9e:92:42:1c:a6:5b:5b:12:8d:42:4c:f9:40:84:55:47:d2:8a:62:6c:0b:e9:da:c4:a8:b3:90:be:bc:a4:16:63:06:91:c2:34:00:c3:8d:8d:41:b9:8c:fb:ec:b5:f3:68:08:1f:d0:2b:b3:b5:02:f3:70:a1:9f:ab:f3:d0:37:fe:7a:67:b1:bb:c7:7c:b3:89:89:27:14:48:df:62:f9:05:cd:88:bc:c8:f0:1c:9a:a9:f5:c5:51:ba:e8:62:be:b6:d1:3c:be:7a:7e:47:40:3b:3e:8c:c0:16:f1:da:47:95:0d:1c:6f:82:00:c5:4f:50:21:17:94:24:70:6e:0a:c5:ba:f5:95:44:86:63:93:f2:61:5a:fd:bc:cc:75:a7:aa:46:db:7f:f5:2d:38:df:2d:59:d6:48:9e:1d:18:46:6a:15:19:aa:aa:91:69:da:c8:60:73:5e:88:4f:38:01:38:b6:15:0e:53:67:39:e4:90:4f:09:5c:46:e4:e9:f3:3c:01:87:ec:35:9a:88:e6:29:b0:a9:86:c2:1b:8e:b7:34:b8:e7:d7:16:81:95:58:db:fc:75:3c:f7:d6:57:06:f6:20:7c:4e:3b:68:35:bf:5c:9f:3e:89:41:ac:2b:21:ef:06:50:65:f4:5d:89:6f:45:38:10:e9:b8:66:ad:11:f5:ec:c0:ad:4b:1f:26:75:fb:ed:53:e2:df:ec:d9:cb:8e:61:79:36:2b:c6:c6:ed:da:3a:13:ec:0c:05:13:8c:36:44:d2:ea:5c:e8:21:05:88:76:37:00:5f:d5:c6:ce:0e:de:3a:18:2f:27:df:21:39:04:2c:7a:9e:18:f1:2d:a7:90:14:f6:8a:b1:a1:00:85:5f:d3:45:79:f5:ad:2b:86:70:74:24:9b:d0:de:11:2a:32:bf:61:46:32:6d:da:4e:e0:14:cb:e1:fd:3d:6c:76:ab:02:64:53:ae:a1:78:ec:20:5b:12:48:a8:e9:7f:44:49:1c:4b:da:79:f0:0e:9a:40:3c:9f:15:0b:a1:0a:4c:fc:e4:09:41:f1:c4:53:db:2d:3a:0f:fc:60:8a:66:c2:ae:12:b1:ed:c1:79:d5:10:bb:8c:0b:66:af:d5:b8:08:d7:ce:42:8d:37:1f:d1:3e:c4:09:08:39:6f:40:48:98:0c:ec:77:db:e4:3a:80:43:b5:f8:89:6c:e4:28:20:c8:eb:5e:a2:63:44:29:d3:6b:97:95:28:86:8d:9f:e5:cf:50:04:3a:df:cd:cc:e0:24:1a:31:e9:43:8f:12:56:39:b0:59:f4:a0:ca:b7:74:44:52:65:23:73:38:6c:82:a1:0a:dc:37:28:68:4f:dd:80:cd:85:0e:6d:4e:84:51:d8:a7:03:e6:25:5c:30:6b:69:e5:ea:ad:60:b7:ef:43:cc:98:9d:e6:89:39:16:91:3b:45:19:0a:74:8e:49:48:ac:f4:0a:9a:b4:df:0c:41:f1:d5:42:24:c7:e2:0f:fa:d5:05:f1:d3:ef:7a:0b:16:ea:3c:cd:e0:f1:5f:2f:30:d6:e9:93:56:22:b2:dc:fa:04:33:15:61:bf:f7:d1:82:24:22:12:be:a7:6d:9a:9d:d8:ec:c7:89:ad:3d:13:fe:39:99:29:63:29:42:bb:53:57:e6:91:4b:48:17:5e:d1:99:e9:53:5f:b3:20:33:24:4e:a1:80:5f:f5:0c:bb:bd:c4:78:94:45:21:d7:45:86:f5:f6:85:a4:76:81:f5:8f:55:5d:c5:01:bc:65:c0:74:7b:9d:db:59:5f:0c:1f:30:df:ba:11:36:45:3d:2f:c5:4a:df:45:cf:0c:8e:e5:bf:e3:bf:3d:80:0a:31:3c:80:a0:1d:04:90:2d:34:00:73:96:fd:55:19:57:20:bd:ed:02:7a:0b:5e:ac:f0:ab:f6:db:65:a9:a4:a8:dc:c6:76:b7:95:46:fb:6b:38:05:5b:d1:a1:06:c7:56:2b:fe:37:e1:f5:56:82:46:ea:30:81:9a:bd:8f:b6:e6:eb:e3:a1:fa:80:af:93:be:28:3f:5e:a8:d7:17:2d:ef:2f:8b:98:c7:b3:b6:de:b3:10:a8:79:19:63:45:22:c8:79:14:cc:2c:1d:00:e2:a9:8e:04:46:a7:1b:f5:95:0e:b2:b4:b3:4d:d1:91:74:22:28:3b:b2:6c:d6:9c:b4:5f:7f:08:9a:70:32:bb:b9:e2:de:c9:06:16:e5:aa:64:8d:30:10:17:81:62:e6:f2:11:68:ec:83:da:57:f8:47:0e:bc:8d:d5:dd:a6:27:f8:91:0e:c6:d5:32:dd:04:0d:e2:e1:35:9b:5e:bb:8f:0e:1f:5f:21:e5:bb:ed:99:95:39:2c:ac:17:a8:c9:f5:5c:b2:d4:b9:a5:7d:74:44:46:fc:55:96:6d:88:67:6e:24:4e:11:d8:97:85:10:54:c3:ef:32:c9:2d:dd:fb:be:d0:57:72:90:52:dd:a8:19:7e:5d:4c:f7:e7:c0:2c:9c:20:44:67:de:f7:4f:d7:89:f0:fb:45:64:d0:5b:3c:5d:9e:4d:09:18:eb:89:73:fa:bf:72:15:19:a0:12:e2:42:32:9b:b1:ed:fe:aa:5e:fc:02:66:bb:3e:a9:3d:0e:09:99:6e:9a:7c:6e:6e:65:c6:c8:b8:88:a9:06:b2:eb:c2:99:f4:00:c4:35:ba:b7:bc:bc:99:48:f0:c1:bc:ba:29:3f:8f:a3:d8:04:01:06:aa:3d:57:14:35:dc:87:9d:b1:00:56:1e:6f:f9:3e:e6:55:a8:1f:c1:68:eb:96:f0:ab:e4:e1:5d:f3:7d:e6:3b:48:44:00:1c:be:18:25:ec:d0:30:f4:4d:df:da:de:45:27:4c:25:e2:50:b2:ea:ed:4c:16:75:68:07:da:58:f5:54:de:bd:29:9e:25:d9:52:54:fd:cc:63:89:22:b2:f4:54:a0:69:e3:27:d1:34:f3:5d:f3:48:4d:c0:9f:0c:a0:61:f3:4f:7f:63:c8:04:d4:05:f6:ef:39:69:8e:01:83:6e:dd:ac:34:ff:9f:6b:a4:9a:5f:58:a5:3f:f7:ec:4a:38:f0:ca:d4:db:cf:4d:29:61:97:03:85:f2:44:5e:fc:77:13:af:be:91:56:e7:51:d3:a3:cd:ff:67:f9:88:49:88:6c:c3:51:be:83:9b:5d:4f:1b:87:4b:93:c0:b1:09:88:a0:e8:f0:82:2e:1e:fa:39:7e:01:75:47:9d:a3:d5:20:ba:1a:ad:09:85:93:20:59:a9:19:98" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:53.043544000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494273.043544000", + "frame.time_delta": "0.152667000", + "frame.time_delta_displayed": "0.152667000", + "frame.time_relative": "681.582858000", + "frame.number": "2427", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:53.046072000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494273.046072000", + "frame.time_delta": "0.002528000", + "frame.time_delta_displayed": "0.002528000", + "frame.time_relative": "681.585386000", + "frame.number": "2428", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:53.046350000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494273.046350000", + "frame.time_delta": "0.000278000", + "frame.time_delta_displayed": "0.000278000", + "frame.time_relative": "681.585664000", + "frame.number": "2429", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:53.127175000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494273.127175000", + "frame.time_delta": "0.080825000", + "frame.time_delta_displayed": "0.080825000", + "frame.time_relative": "681.666489000", + "frame.number": "2430", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:53.190781000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494273.190781000", + "frame.time_delta": "0.063606000", + "frame.time_delta_displayed": "0.063606000", + "frame.time_relative": "681.730095000", + "frame.number": "2431", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x00009534", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076eb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "12020", + "tcp.nxtseq": "12372", + "tcp.ack": "1984", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008906", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:bb:3b:a7:9d:85:21", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2472763, TSecr 2812118305": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2472763", + "tcp.options.timestamp.tsecr": "2812118305" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1611", + "tcp.analysis.push_bytes_sent": "352", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.retransmission": "", + "_ws.expert.message": "This frame is a (suspected) retransmission", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + }, + "tcp.analysis.rto": "0.299904000", + "tcp.analysis.rto_frame": "2426" + } + }, + "tcp.segment_data": "17:03:03:01:5b:13:6b:24:d2:9f:7e:44:c4:f3:87:d4:97:c5:d3:27:79:52:51:56:a6:d9:15:c2:5a:2e:c3:76:df:84:3c:fc:32:53:fa:09:07:09:d6:7e:52:67:0f:26:16:78:7b:fa:6c:2a:db:21:ee:29:f7:32:86:36:2d:ae:da:6a:cf:46:34:5c:bd:a8:c2:3c:e1:9d:24:c4:b4:78:d5:1f:60:1e:7a:18:88:ae:2d:b7:73:75:10:1c:2b:8c:cc:a1:51:fa:52:c1:db:15:df:3e:f0:c2:5f:57:ee:f1:08:74:2e:7d:10:c3:c5:4f:9e:03:73:12:70:b5:6d:b8:76:41:9f:65:a8:34:bb:ac:83:fe:4b:d5:5e:38:1b:b3:e8:5a:f9:db:be:55:a5:9e:54:85:f6:fd:51:95:54:c9:8c:f3:00:63:27:a3:2d:9d:ca:7b:19:f6:fd:83:16:8c:74:9f:52:4a:23:19:73:ea:91:26:78:a7:a7:6c:0b:08:6f:6c:df:b5:02:7b:25:ba:c4:9b:fa:cd:ae:24:0e:45:d8:7e:b6:68:eb:c7:55:d4:fc:7e:37:a8:58:3d:ba:90:ce:1d:28:d2:93:6d:19:20:27:39:81:eb:5e:75:73:ec:b3:60:f4:2b:24:4a:b7:6d:19:4d:6d:ac:ac:fa:2d:97:dd:dd:72:80:2e:c1:cb:f4:05:06:84:a3:8a:19:35:98:5c:96:6c:34:24:9d:7f:6a:4f:3b:ba:45:e9:5f:4b:d5:f2:d6:2e:c0:84:f5:89:ea:a1:69:6d:39:58:1c:0a:f0:8b:62:a4:3d:d5:03:bd:d8:bb:27:ee:c3:0d:7a:e0:5d:c8:93:73:cc:84:d3:a5:eb:6c:0e:60:08:ae:9f:ea:9c:8f:ce:a6:03:4e:c3:40:c6:8a:f3:44:ed:78:34:73:25" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:53.582720000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494273.582720000", + "frame.time_delta": "0.391939000", + "frame.time_delta_displayed": "0.391939000", + "frame.time_relative": "682.122034000", + "frame.number": "2432", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x00007644", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x0065a633", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:53.589774000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494273.589774000", + "frame.time_delta": "0.007054000", + "frame.time_delta_displayed": "0.007054000", + "frame.time_relative": "682.129088000", + "frame.number": "2433", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x0000fd37", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x00a71436", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:53.598730000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494273.598730000", + "frame.time_delta": "0.008956000", + "frame.time_delta_displayed": "0.008956000", + "frame.time_relative": "682.138044000", + "frame.number": "2434", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:53.608523000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494273.608523000", + "frame.time_delta": "0.009793000", + "frame.time_delta_displayed": "0.009793000", + "frame.time_relative": "682.147837000", + "frame.number": "2435", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:53.790754000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494273.790754000", + "frame.time_delta": "0.182231000", + "frame.time_delta_displayed": "0.182231000", + "frame.time_relative": "682.330068000", + "frame.number": "2436", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x00009535", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076ea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "12020", + "tcp.nxtseq": "12372", + "tcp.ack": "1984", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000088ca", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:bb:77:a7:9d:85:21", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2472823, TSecr 2812118305": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2472823", + "tcp.options.timestamp.tsecr": "2812118305" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1611", + "tcp.analysis.push_bytes_sent": "352", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.retransmission": "", + "_ws.expert.message": "This frame is a (suspected) retransmission", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + }, + "tcp.analysis.rto": "0.899877000", + "tcp.analysis.rto_frame": "2426" + } + }, + "tcp.segment_data": "17:03:03:01:5b:13:6b:24:d2:9f:7e:44:c4:f3:87:d4:97:c5:d3:27:79:52:51:56:a6:d9:15:c2:5a:2e:c3:76:df:84:3c:fc:32:53:fa:09:07:09:d6:7e:52:67:0f:26:16:78:7b:fa:6c:2a:db:21:ee:29:f7:32:86:36:2d:ae:da:6a:cf:46:34:5c:bd:a8:c2:3c:e1:9d:24:c4:b4:78:d5:1f:60:1e:7a:18:88:ae:2d:b7:73:75:10:1c:2b:8c:cc:a1:51:fa:52:c1:db:15:df:3e:f0:c2:5f:57:ee:f1:08:74:2e:7d:10:c3:c5:4f:9e:03:73:12:70:b5:6d:b8:76:41:9f:65:a8:34:bb:ac:83:fe:4b:d5:5e:38:1b:b3:e8:5a:f9:db:be:55:a5:9e:54:85:f6:fd:51:95:54:c9:8c:f3:00:63:27:a3:2d:9d:ca:7b:19:f6:fd:83:16:8c:74:9f:52:4a:23:19:73:ea:91:26:78:a7:a7:6c:0b:08:6f:6c:df:b5:02:7b:25:ba:c4:9b:fa:cd:ae:24:0e:45:d8:7e:b6:68:eb:c7:55:d4:fc:7e:37:a8:58:3d:ba:90:ce:1d:28:d2:93:6d:19:20:27:39:81:eb:5e:75:73:ec:b3:60:f4:2b:24:4a:b7:6d:19:4d:6d:ac:ac:fa:2d:97:dd:dd:72:80:2e:c1:cb:f4:05:06:84:a3:8a:19:35:98:5c:96:6c:34:24:9d:7f:6a:4f:3b:ba:45:e9:5f:4b:d5:f2:d6:2e:c0:84:f5:89:ea:a1:69:6d:39:58:1c:0a:f0:8b:62:a4:3d:d5:03:bd:d8:bb:27:ee:c3:0d:7a:e0:5d:c8:93:73:cc:84:d3:a5:eb:6c:0e:60:08:ae:9f:ea:9c:8f:ce:a6:03:4e:c3:40:c6:8a:f3:44:ed:78:34:73:25" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:53.852066000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494273.852066000", + "frame.time_delta": "0.061312000", + "frame.time_delta_displayed": "0.061312000", + "frame.time_relative": "682.391380000", + "frame.number": "2437", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002c1f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003931", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "1984", + "tcp.nxtseq": "2031", + "tcp.ack": "12372", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003c0b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:95:bb:00:25:bb:77", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812122555, TSecr 2472823": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812122555", + "tcp.options.timestamp.tsecr": "2472823" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2425", + "tcp.analysis.ack_rtt": "1.252149000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:4b:10:19:7c:83:7a:fc:97:60:5d:74:cb:90:29:a5:b4:03:fd:7b:25:65:66:91:3b:f0:76:2d:03:77:43:db:02:99:19:04" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:53.852670000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494273.852670000", + "frame.time_delta": "0.000604000", + "frame.time_delta_displayed": "0.000604000", + "frame.time_relative": "682.391984000", + "frame.number": "2438", + "frame.len": "1325", + "frame.cap_len": "1325", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1311", + "ip.id": "0x00009536", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000735e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1259", + "tcp.seq": "12372", + "tcp.nxtseq": "13631", + "tcp.ack": "2031", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c4db", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:bb:7d:a7:9d:95:bb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2472829, TSecr 2812122555": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2472829", + "tcp.options.timestamp.tsecr": "2812122555" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2437", + "tcp.analysis.ack_rtt": "0.000604000", + "tcp.analysis.bytes_in_flight": "1259", + "tcp.analysis.push_bytes_sent": "1259", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.retransmission": "", + "_ws.expert.message": "This frame is a (suspected) retransmission", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + }, + "tcp.analysis.rto": "0.961793000", + "tcp.analysis.rto_frame": "2426" + } + }, + "tcp.segment_data": "17:03:03:04:e6:13:6b:24:d2:9f:7e:44:c5:0e:25:fa:1a:d6:54:bd:0a:8c:9e:92:42:1c:a6:5b:5b:12:8d:42:4c:f9:40:84:55:47:d2:8a:62:6c:0b:e9:da:c4:a8:b3:90:be:bc:a4:16:63:06:91:c2:34:00:c3:8d:8d:41:b9:8c:fb:ec:b5:f3:68:08:1f:d0:2b:b3:b5:02:f3:70:a1:9f:ab:f3:d0:37:fe:7a:67:b1:bb:c7:7c:b3:89:89:27:14:48:df:62:f9:05:cd:88:bc:c8:f0:1c:9a:a9:f5:c5:51:ba:e8:62:be:b6:d1:3c:be:7a:7e:47:40:3b:3e:8c:c0:16:f1:da:47:95:0d:1c:6f:82:00:c5:4f:50:21:17:94:24:70:6e:0a:c5:ba:f5:95:44:86:63:93:f2:61:5a:fd:bc:cc:75:a7:aa:46:db:7f:f5:2d:38:df:2d:59:d6:48:9e:1d:18:46:6a:15:19:aa:aa:91:69:da:c8:60:73:5e:88:4f:38:01:38:b6:15:0e:53:67:39:e4:90:4f:09:5c:46:e4:e9:f3:3c:01:87:ec:35:9a:88:e6:29:b0:a9:86:c2:1b:8e:b7:34:b8:e7:d7:16:81:95:58:db:fc:75:3c:f7:d6:57:06:f6:20:7c:4e:3b:68:35:bf:5c:9f:3e:89:41:ac:2b:21:ef:06:50:65:f4:5d:89:6f:45:38:10:e9:b8:66:ad:11:f5:ec:c0:ad:4b:1f:26:75:fb:ed:53:e2:df:ec:d9:cb:8e:61:79:36:2b:c6:c6:ed:da:3a:13:ec:0c:05:13:8c:36:44:d2:ea:5c:e8:21:05:88:76:37:00:5f:d5:c6:ce:0e:de:3a:18:2f:27:df:21:39:04:2c:7a:9e:18:f1:2d:a7:90:14:f6:8a:b1:a1:00:85:5f:d3:45:79:f5:ad:2b:86:70:74:24:9b:d0:de:11:2a:32:bf:61:46:32:6d:da:4e:e0:14:cb:e1:fd:3d:6c:76:ab:02:64:53:ae:a1:78:ec:20:5b:12:48:a8:e9:7f:44:49:1c:4b:da:79:f0:0e:9a:40:3c:9f:15:0b:a1:0a:4c:fc:e4:09:41:f1:c4:53:db:2d:3a:0f:fc:60:8a:66:c2:ae:12:b1:ed:c1:79:d5:10:bb:8c:0b:66:af:d5:b8:08:d7:ce:42:8d:37:1f:d1:3e:c4:09:08:39:6f:40:48:98:0c:ec:77:db:e4:3a:80:43:b5:f8:89:6c:e4:28:20:c8:eb:5e:a2:63:44:29:d3:6b:97:95:28:86:8d:9f:e5:cf:50:04:3a:df:cd:cc:e0:24:1a:31:e9:43:8f:12:56:39:b0:59:f4:a0:ca:b7:74:44:52:65:23:73:38:6c:82:a1:0a:dc:37:28:68:4f:dd:80:cd:85:0e:6d:4e:84:51:d8:a7:03:e6:25:5c:30:6b:69:e5:ea:ad:60:b7:ef:43:cc:98:9d:e6:89:39:16:91:3b:45:19:0a:74:8e:49:48:ac:f4:0a:9a:b4:df:0c:41:f1:d5:42:24:c7:e2:0f:fa:d5:05:f1:d3:ef:7a:0b:16:ea:3c:cd:e0:f1:5f:2f:30:d6:e9:93:56:22:b2:dc:fa:04:33:15:61:bf:f7:d1:82:24:22:12:be:a7:6d:9a:9d:d8:ec:c7:89:ad:3d:13:fe:39:99:29:63:29:42:bb:53:57:e6:91:4b:48:17:5e:d1:99:e9:53:5f:b3:20:33:24:4e:a1:80:5f:f5:0c:bb:bd:c4:78:94:45:21:d7:45:86:f5:f6:85:a4:76:81:f5:8f:55:5d:c5:01:bc:65:c0:74:7b:9d:db:59:5f:0c:1f:30:df:ba:11:36:45:3d:2f:c5:4a:df:45:cf:0c:8e:e5:bf:e3:bf:3d:80:0a:31:3c:80:a0:1d:04:90:2d:34:00:73:96:fd:55:19:57:20:bd:ed:02:7a:0b:5e:ac:f0:ab:f6:db:65:a9:a4:a8:dc:c6:76:b7:95:46:fb:6b:38:05:5b:d1:a1:06:c7:56:2b:fe:37:e1:f5:56:82:46:ea:30:81:9a:bd:8f:b6:e6:eb:e3:a1:fa:80:af:93:be:28:3f:5e:a8:d7:17:2d:ef:2f:8b:98:c7:b3:b6:de:b3:10:a8:79:19:63:45:22:c8:79:14:cc:2c:1d:00:e2:a9:8e:04:46:a7:1b:f5:95:0e:b2:b4:b3:4d:d1:91:74:22:28:3b:b2:6c:d6:9c:b4:5f:7f:08:9a:70:32:bb:b9:e2:de:c9:06:16:e5:aa:64:8d:30:10:17:81:62:e6:f2:11:68:ec:83:da:57:f8:47:0e:bc:8d:d5:dd:a6:27:f8:91:0e:c6:d5:32:dd:04:0d:e2:e1:35:9b:5e:bb:8f:0e:1f:5f:21:e5:bb:ed:99:95:39:2c:ac:17:a8:c9:f5:5c:b2:d4:b9:a5:7d:74:44:46:fc:55:96:6d:88:67:6e:24:4e:11:d8:97:85:10:54:c3:ef:32:c9:2d:dd:fb:be:d0:57:72:90:52:dd:a8:19:7e:5d:4c:f7:e7:c0:2c:9c:20:44:67:de:f7:4f:d7:89:f0:fb:45:64:d0:5b:3c:5d:9e:4d:09:18:eb:89:73:fa:bf:72:15:19:a0:12:e2:42:32:9b:b1:ed:fe:aa:5e:fc:02:66:bb:3e:a9:3d:0e:09:99:6e:9a:7c:6e:6e:65:c6:c8:b8:88:a9:06:b2:eb:c2:99:f4:00:c4:35:ba:b7:bc:bc:99:48:f0:c1:bc:ba:29:3f:8f:a3:d8:04:01:06:aa:3d:57:14:35:dc:87:9d:b1:00:56:1e:6f:f9:3e:e6:55:a8:1f:c1:68:eb:96:f0:ab:e4:e1:5d:f3:7d:e6:3b:48:44:00:1c:be:18:25:ec:d0:30:f4:4d:df:da:de:45:27:4c:25:e2:50:b2:ea:ed:4c:16:75:68:07:da:58:f5:54:de:bd:29:9e:25:d9:52:54:fd:cc:63:89:22:b2:f4:54:a0:69:e3:27:d1:34:f3:5d:f3:48:4d:c0:9f:0c:a0:61:f3:4f:7f:63:c8:04:d4:05:f6:ef:39:69:8e:01:83:6e:dd:ac:34:ff:9f:6b:a4:9a:5f:58:a5:3f:f7:ec:4a:38:f0:ca:d4:db:cf:4d:29:61:97:03:85:f2:44:5e:fc:77:13:af:be:91:56:e7:51:d3:a3:cd:ff:67:f9:88:49:88:6c:c3:51:be:83:9b:5d:4f:1b:87:4b:93:c0:b1:09:88:a0:e8:f0:82:2e:1e:fa:39:7e:01:75:47:9d:a3:d5:20:ba:1a:ad:09:85:93:20:59:a9:19:98" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:53.950357000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494273.950357000", + "frame.time_delta": "0.097687000", + "frame.time_delta_displayed": "0.097687000", + "frame.time_relative": "682.489671000", + "frame.number": "2439", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c20", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000395f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "2031", + "tcp.ack": "13631", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001a0f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:95:d4:00:25:bb:7d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812122580, TSecr 2472829": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812122580", + "tcp.options.timestamp.tsecr": "2472829" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2426", + "tcp.analysis.ack_rtt": "1.059480000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:55.015991000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494275.015991000", + "frame.time_delta": "1.065634000", + "frame.time_delta_displayed": "1.065634000", + "frame.time_relative": "683.555305000", + "frame.number": "2440", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "74:da:38:0d:05:55", + "eth.src_tree": { + "eth.src_resolved": "EdimaxTe_0d:05:55", + "eth.addr": "74:da:38:0d:05:55", + "eth.addr_resolved": "EdimaxTe_0d:05:55", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "74:da:38:0d:05:55", + "arp.src.proto_ipv4": "192.168.0.119", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.119" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:55.361168000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494275.361168000", + "frame.time_delta": "0.345177000", + "frame.time_delta_displayed": "0.345177000", + "frame.time_relative": "683.900482000", + "frame.number": "2441", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00000ab1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ee05", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "58", + "udp.checksum": "0x0000303a", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "32:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:84:c5:15:88:0b:cd:f2:14:0d:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:5c:11", + "data.len": "50" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:57:57.018379000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494277.018379000", + "frame.time_delta": "1.657211000", + "frame.time_delta_displayed": "1.657211000", + "frame.time_relative": "685.557693000", + "frame.number": "2442", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "74:da:38:0d:05:55", + "eth.src_tree": { + "eth.src_resolved": "EdimaxTe_0d:05:55", + "eth.addr": "74:da:38:0d:05:55", + "eth.addr_resolved": "EdimaxTe_0d:05:55", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "74:da:38:0d:05:55", + "arp.src.proto_ipv4": "192.168.0.119", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.119" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:04.398913000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494284.398913000", + "frame.time_delta": "7.380534000", + "frame.time_delta_displayed": "7.380534000", + "frame.time_relative": "692.938227000", + "frame.number": "2443", + "frame.len": "94", + "frame.cap_len": "94", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "80", + "ip.id": "0x000057ea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a67f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "40", + "tcp.seq": "202", + "tcp.nxtseq": "242", + "tcp.ack": "181", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006fc8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "40", + "tcp.analysis.push_bytes_sent": "40" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "35", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:e1:0a:f5:4d:7e:6a:bf:df:89:3d:3c:1f:0c:5e:f8:6b:6a:0a:45:68:c1:50:d8:00:a4:bd:81:72" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:04.542754000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494284.542754000", + "frame.time_delta": "0.143841000", + "frame.time_delta_displayed": "0.143841000", + "frame.time_relative": "693.082068000", + "frame.number": "2444", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00000fda", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd93", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "36", + "tcp.seq": "181", + "tcp.nxtseq": "217", + "tcp.ack": "242", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007515", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2443", + "tcp.analysis.ack_rtt": "0.143841000", + "tcp.analysis.bytes_in_flight": "36", + "tcp.analysis.push_bytes_sent": "36" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "31", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:67:88:4b:7e:fb:9d:a2:ee:65:29:9c:84:74:7e:8e:30:06:03:70:95:0b:2e:ca:ae" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:04.543278000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494284.543278000", + "frame.time_delta": "0.000524000", + "frame.time_delta_displayed": "0.000524000", + "frame.time_relative": "693.082592000", + "frame.number": "2445", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057eb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6a6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "242", + "tcp.ack": "217", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000004f6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2444", + "tcp.analysis.ack_rtt": "0.000524000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:05.419552000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494285.419552000", + "frame.time_delta": "0.876274000", + "frame.time_delta_displayed": "0.876274000", + "frame.time_relative": "693.958866000", + "frame.number": "2446", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00008ff4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00003963", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:05.472412000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494285.472412000", + "frame.time_delta": "0.052860000", + "frame.time_delta_displayed": "0.052860000", + "frame.time_relative": "694.011726000", + "frame.number": "2447", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00008ffa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000395d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:05.524808000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494285.524808000", + "frame.time_delta": "0.052396000", + "frame.time_delta_displayed": "0.052396000", + "frame.time_relative": "694.064122000", + "frame.number": "2448", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00008ffd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00003951", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:05.577779000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494285.577779000", + "frame.time_delta": "0.052971000", + "frame.time_delta_displayed": "0.052971000", + "frame.time_relative": "694.117093000", + "frame.number": "2449", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00009001", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000394d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:05.630658000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494285.630658000", + "frame.time_delta": "0.052879000", + "frame.time_delta_displayed": "0.052879000", + "frame.time_relative": "694.169972000", + "frame.number": "2450", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00009002", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00003952", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:05.683501000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494285.683501000", + "frame.time_delta": "0.052843000", + "frame.time_delta_displayed": "0.052843000", + "frame.time_relative": "694.222815000", + "frame.number": "2451", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00009005", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000394f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:06.359246000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494286.359246000", + "frame.time_delta": "0.675745000", + "frame.time_delta_displayed": "0.675745000", + "frame.time_relative": "694.898560000", + "frame.number": "2452", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005c15", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005bd4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:08.994324000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494288.994324000", + "frame.time_delta": "2.635078000", + "frame.time_delta_displayed": "2.635078000", + "frame.time_relative": "697.533638000", + "frame.number": "2453", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00002d61", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000abf8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:10.999044000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494290.999044000", + "frame.time_delta": "2.004720000", + "frame.time_delta_displayed": "2.004720000", + "frame.time_relative": "699.538358000", + "frame.number": "2454", + "frame.len": "343", + "frame.cap_len": "343", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "329", + "ip.id": "0x0000d4de", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000e281", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "309", + "udp.checksum": "0x0000a516", + "udp.checksum.status": "2", + "udp.stream": "52" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0x12a5ad49", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "192.168.0.242", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "d0:52:a8:a3:60:0f", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "61", + "bootp.option.type_tree": { + "bootp.option.length": "7", + "bootp.option.value": "01:d0:52:a8:a3:60:0f", + "bootp.hw.type": "0x00000001", + "bootp.hw.mac_addr": "d0:52:a8:a3:60:0f" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "02:40", + "bootp.option.dhcp_max_message_size": "576" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "7", + "bootp.option.value": "01:03:06:0c:0f:1c:2a", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "6", + "bootp.option.request_list_item": "12", + "bootp.option.request_list_item": "15", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "42" + }, + "bootp.option.type": "60", + "bootp.option.type_tree": { + "bootp.option.length": "12", + "bootp.option.value": "75:64:68:63:70:20:31:2e:32:32:2e:31", + "bootp.option.vendor_class_id": "udhcp 1.22.1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "19", + "bootp.option.value": "73:74:2d:44:30:35:32:41:38:41:31:44:37:45:45:30:30:30:31", + "bootp.option.hostname": "st-D052A8A1D7EE0001" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:11.003037000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494291.003037000", + "frame.time_delta": "0.003993000", + "frame.time_delta_displayed": "0.003993000", + "frame.time_relative": "699.542351000", + "frame.number": "2455", + "frame.len": "360", + "frame.cap_len": "360", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "346", + "ip.id": "0x000005ac", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f0e3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "67", + "udp.dstport": "68", + "udp.port": "67", + "udp.port": "68", + "udp.length": "326", + "udp.checksum": "0x0000839b", + "udp.checksum.status": "2", + "udp.stream": "52" + }, + "bootp": { + "bootp.type": "2", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0x12a5ad49", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "192.168.0.242", + "bootp.ip.your": "192.168.0.242", + "bootp.ip.server": "192.168.0.1", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "d0:52:a8:a3:60:0f", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "05", + "bootp.option.dhcp": "5" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "51", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "00:00:a8:c0", + "bootp.option.ip_address_lease_time": "43200" + }, + "bootp.option.type": "58", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "00:00:4a:ed", + "bootp.option.renewal_time_value": "19181" + }, + "bootp.option.type": "59", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "00:00:8a:35", + "bootp.option.rebinding_time_value": "35381" + }, + "bootp.option.type": "1", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "ff:ff:ff:00", + "bootp.option.subnet_mask": "255.255.255.0" + }, + "bootp.option.type": "28", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:ff", + "bootp.option.broadcast_address": "192.168.0.255" + }, + "bootp.option.type": "3", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.router": "192.168.0.1" + }, + "bootp.option.type": "6", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.domain_name_server": "192.168.0.1" + }, + "bootp.option.type": "15", + "bootp.option.type_tree": { + "bootp.option.length": "3", + "bootp.option.value": "6c:61:6e", + "bootp.option.domain_name": "lan" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "19", + "bootp.option.value": "73:74:2d:44:30:35:32:41:38:41:31:44:37:45:45:30:30:30:31", + "bootp.option.hostname": "st-D052A8A1D7EE0001" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:11.933238000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494291.933238000", + "frame.time_delta": "0.930201000", + "frame.time_delta_displayed": "0.930201000", + "frame.time_relative": "700.472552000", + "frame.number": "2456", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000e4bc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d2f6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "308", + "udp.checksum": "0x0000317c", + "udp.checksum.status": "2", + "udp.stream": "53" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0x371ce2b1", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "192.168.0.160", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "00:17:88:69:ee:e4", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "02:40", + "bootp.option.dhcp_max_message_size": "576" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "7", + "bootp.option.value": "01:03:06:0c:0f:1c:2a", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "6", + "bootp.option.request_list_item": "12", + "bootp.option.request_list_item": "15", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "42" + }, + "bootp.option.type": "60", + "bootp.option.type_tree": { + "bootp.option.length": "12", + "bootp.option.value": "75:64:68:63:70:20:31:2e:32:33:2e:32", + "bootp.option.vendor_class_id": "udhcp 1.23.2" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "11", + "bootp.option.value": "50:68:69:6c:69:70:73:2d:68:75:65", + "bootp.option.hostname": "Philips-hue" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:11.937030000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494291.937030000", + "frame.time_delta": "0.003792000", + "frame.time_delta_displayed": "0.003792000", + "frame.time_relative": "700.476344000", + "frame.number": "2457", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000228f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d45a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "67", + "udp.dstport": "68", + "udp.port": "67", + "udp.port": "68", + "udp.length": "318", + "udp.checksum": "0x00008341", + "udp.checksum.status": "2", + "udp.stream": "53" + }, + "bootp": { + "bootp.type": "2", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0x371ce2b1", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "192.168.0.160", + "bootp.ip.your": "192.168.0.160", + "bootp.ip.server": "192.168.0.1", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "00:17:88:69:ee:e4", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "05", + "bootp.option.dhcp": "5" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "51", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "00:00:a8:c0", + "bootp.option.ip_address_lease_time": "43200" + }, + "bootp.option.type": "58", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "00:00:4c:ed", + "bootp.option.renewal_time_value": "19693" + }, + "bootp.option.type": "59", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "00:00:8c:35", + "bootp.option.rebinding_time_value": "35893" + }, + "bootp.option.type": "1", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "ff:ff:ff:00", + "bootp.option.subnet_mask": "255.255.255.0" + }, + "bootp.option.type": "28", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:ff", + "bootp.option.broadcast_address": "192.168.0.255" + }, + "bootp.option.type": "3", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.router": "192.168.0.1" + }, + "bootp.option.type": "6", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.domain_name_server": "192.168.0.1" + }, + "bootp.option.type": "15", + "bootp.option.type_tree": { + "bootp.option.length": "3", + "bootp.option.value": "6c:61:6e", + "bootp.option.domain_name": "lan" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "11", + "bootp.option.value": "50:68:69:6c:69:70:73:2d:68:75:65", + "bootp.option.hostname": "Philips-hue" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:12.078731000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494292.078731000", + "frame.time_delta": "0.141701000", + "frame.time_delta_displayed": "0.141701000", + "frame.time_relative": "700.618045000", + "frame.number": "2458", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "50:c7:bf:59:d5:84", + "eth.src_tree": { + "eth.src_resolved": "Tp-LinkT_59:d5:84", + "eth.addr": "50:c7:bf:59:d5:84", + "eth.addr_resolved": "Tp-LinkT_59:d5:84", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "50:c7:bf:59:d5:84", + "arp.src.proto_ipv4": "192.168.0.221", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:15.242511000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494295.242511000", + "frame.time_delta": "3.163780000", + "frame.time_delta_displayed": "3.163780000", + "frame.time_relative": "703.781825000", + "frame.number": "2459", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:15.585631000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494295.585631000", + "frame.time_delta": "0.343120000", + "frame.time_delta_displayed": "0.343120000", + "frame.time_relative": "704.124945000", + "frame.number": "2460", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d82", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba6e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001095", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000026d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=621", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:15.586301000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494295.586301000", + "frame.time_delta": "0.000670000", + "frame.time_delta_displayed": "0.000670000", + "frame.time_relative": "704.125615000", + "frame.number": "2461", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d83", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b69", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f190", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000026d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=621", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:15.586770000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494295.586770000", + "frame.time_delta": "0.000469000", + "frame.time_delta_displayed": "0.000469000", + "frame.time_relative": "704.126084000", + "frame.number": "2462", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007f56", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000026d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=621", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:15.999758000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494295.999758000", + "frame.time_delta": "0.412988000", + "frame.time_delta_displayed": "0.412988000", + "frame.time_relative": "704.539072000", + "frame.number": "2463", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:15.999889000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494295.999889000", + "frame.time_delta": "0.000131000", + "frame.time_delta_displayed": "0.000131000", + "frame.time_relative": "704.539203000", + "frame.number": "2464", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "d0:52:a8:a3:60:0f", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:19.064370000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494299.064370000", + "frame.time_delta": "3.064481000", + "frame.time_delta_displayed": "3.064481000", + "frame.time_relative": "707.603684000", + "frame.number": "2465", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000e654", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d268", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "34348", + "udp.dstport": "53", + "udp.port": "34348", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000c87d", + "udp.checksum.status": "2", + "udp.stream": "54" + }, + "dns": { + "dns.id": "0x00000f0e", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:19.252032000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494299.252032000", + "frame.time_delta": "0.187662000", + "frame.time_delta_displayed": "0.187662000", + "frame.time_relative": "707.791346000", + "frame.number": "2466", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00002414", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000092f4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "34348", + "udp.port": "53", + "udp.port": "34348", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "54" + }, + "dns": { + "dns.response_to": "2465", + "dns.time": "0.187662000", + "dns.id": "0x00000f0e", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "300", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "17581", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.73" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.2" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2929", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2929", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2929", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2929", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2929", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2929", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2929", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2929", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2929", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "465", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.238": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6763", + "dns.resp.len": "4", + "dns.a": "165.254.134.238" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.134.238": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7157", + "dns.resp.len": "4", + "dns.a": "165.254.134.238" + }, + "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.245": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3894", + "dns.resp.len": "4", + "dns.a": "165.254.134.245" + }, + "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.242": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4485", + "dns.resp.len": "4", + "dns.a": "165.254.134.242" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.35": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "118", + "dns.resp.len": "4", + "dns.a": "204.1.137.35" + }, + "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.224": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "451", + "dns.resp.len": "4", + "dns.a": "204.2.166.224" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.137.93": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57", + "dns.resp.len": "4", + "dns.a": "165.254.137.93" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3284", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:19.252872000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494299.252872000", + "frame.time_delta": "0.000840000", + "frame.time_delta_displayed": "0.000840000", + "frame.time_relative": "707.792186000", + "frame.number": "2467", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000a811", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ef41", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "173.223.52.73", + "ip.addr": "173.223.52.73", + "ip.dst_host": "173.223.52.73", + "ip.host": "173.223.52.73", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", + "ip.geoip.asnum": "AS20940 Akamai International B.V.", + "ip.geoip.dst_city": "Cambridge, MA", + "ip.geoip.city": "Cambridge, MA", + "ip.geoip.dst_lat": "42.362598", + "ip.geoip.lat": "42.362598", + "ip.geoip.dst_lon": "-71.084297", + "ip.geoip.lon": "-71.084297" + } + }, + "tcp": { + "tcp.srcport": "54142", + "tcp.dstport": "443", + "tcp.port": "54142", + "tcp.port": "443", + "tcp.stream": "114", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000033c7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:19.255988000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494299.255988000", + "frame.time_delta": "0.003116000", + "frame.time_delta_displayed": "0.003116000", + "frame.time_relative": "707.795302000", + "frame.number": "2468", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "56", + "ip.proto": "6", + "ip.checksum": "0x00009f53", + "ip.checksum.status": "2", + "ip.src": "173.223.52.73", + "ip.addr": "173.223.52.73", + "ip.src_host": "173.223.52.73", + "ip.host": "173.223.52.73", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS20940 Akamai International B.V.", + "ip.geoip.asnum": "AS20940 Akamai International B.V.", + "ip.geoip.src_city": "Cambridge, MA", + "ip.geoip.city": "Cambridge, MA", + "ip.geoip.src_lat": "42.362598", + "ip.geoip.lat": "42.362598", + "ip.geoip.src_lon": "-71.084297", + "ip.geoip.lon": "-71.084297" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54142", + "tcp.port": "443", + "tcp.port": "54142", + "tcp.stream": "114", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000ad99", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:05", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 5 (multiply by 32)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "5", + "tcp.options.wscale.multiplier": "32" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2467", + "tcp.analysis.ack_rtt": "0.003116000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:19.256482000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494299.256482000", + "frame.time_delta": "0.000494000", + "frame.time_delta_displayed": "0.000494000", + "frame.time_relative": "707.795796000", + "frame.number": "2469", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a812", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ef4c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "173.223.52.73", + "ip.addr": "173.223.52.73", + "ip.dst_host": "173.223.52.73", + "ip.host": "173.223.52.73", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", + "ip.geoip.asnum": "AS20940 Akamai International B.V.", + "ip.geoip.dst_city": "Cambridge, MA", + "ip.geoip.city": "Cambridge, MA", + "ip.geoip.dst_lat": "42.362598", + "ip.geoip.lat": "42.362598", + "ip.geoip.dst_lon": "-71.084297", + "ip.geoip.lon": "-71.084297" + } + }, + "tcp": { + "tcp.srcport": "54142", + "tcp.dstport": "443", + "tcp.port": "54142", + "tcp.port": "443", + "tcp.stream": "114", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005238", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2468", + "tcp.analysis.ack_rtt": "0.000494000", + "tcp.analysis.initial_rtt": "0.003610000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:19.256494000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494299.256494000", + "frame.time_delta": "0.000012000", + "frame.time_delta_displayed": "0.000012000", + "frame.time_relative": "707.795808000", + "frame.number": "2470", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a813", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ef4b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "173.223.52.73", + "ip.addr": "173.223.52.73", + "ip.dst_host": "173.223.52.73", + "ip.host": "173.223.52.73", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", + "ip.geoip.asnum": "AS20940 Akamai International B.V.", + "ip.geoip.dst_city": "Cambridge, MA", + "ip.geoip.city": "Cambridge, MA", + "ip.geoip.dst_lat": "42.362598", + "ip.geoip.lat": "42.362598", + "ip.geoip.dst_lon": "-71.084297", + "ip.geoip.lon": "-71.084297" + } + }, + "tcp": { + "tcp.srcport": "54142", + "tcp.dstport": "443", + "tcp.port": "54142", + "tcp.port": "443", + "tcp.stream": "114", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005237", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:19.259566000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494299.259566000", + "frame.time_delta": "0.003072000", + "frame.time_delta_displayed": "0.003072000", + "frame.time_relative": "707.798880000", + "frame.number": "2471", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000084e4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "56", + "ip.proto": "6", + "ip.checksum": "0x00001a7b", + "ip.checksum.status": "2", + "ip.src": "173.223.52.73", + "ip.addr": "173.223.52.73", + "ip.src_host": "173.223.52.73", + "ip.host": "173.223.52.73", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS20940 Akamai International B.V.", + "ip.geoip.asnum": "AS20940 Akamai International B.V.", + "ip.geoip.src_city": "Cambridge, MA", + "ip.geoip.city": "Cambridge, MA", + "ip.geoip.src_lat": "42.362598", + "ip.geoip.lat": "42.362598", + "ip.geoip.src_lon": "-71.084297", + "ip.geoip.lon": "-71.084297" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54142", + "tcp.port": "443", + "tcp.port": "54142", + "tcp.stream": "114", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "2", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "913", + "tcp.window_size": "29216", + "tcp.window_size_scalefactor": "32", + "tcp.checksum": "0x00005ce7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2470", + "tcp.analysis.ack_rtt": "0.003072000", + "tcp.analysis.initial_rtt": "0.003610000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:19.260040000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494299.260040000", + "frame.time_delta": "0.000474000", + "frame.time_delta_displayed": "0.000474000", + "frame.time_relative": "707.799354000", + "frame.number": "2472", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a814", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ef4a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "173.223.52.73", + "ip.addr": "173.223.52.73", + "ip.dst_host": "173.223.52.73", + "ip.host": "173.223.52.73", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", + "ip.geoip.asnum": "AS20940 Akamai International B.V.", + "ip.geoip.dst_city": "Cambridge, MA", + "ip.geoip.city": "Cambridge, MA", + "ip.geoip.dst_lat": "42.362598", + "ip.geoip.lat": "42.362598", + "ip.geoip.dst_lon": "-71.084297", + "ip.geoip.lon": "-71.084297" + } + }, + "tcp": { + "tcp.srcport": "54142", + "tcp.dstport": "443", + "tcp.port": "54142", + "tcp.port": "443", + "tcp.stream": "114", + "tcp.len": "0", + "tcp.seq": "2", + "tcp.ack": "2", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005236", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2471", + "tcp.analysis.ack_rtt": "0.000474000", + "tcp.analysis.initial_rtt": "0.003610000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:20.585897000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494300.585897000", + "frame.time_delta": "1.325857000", + "frame.time_delta_displayed": "1.325857000", + "frame.time_relative": "709.125211000", + "frame.number": "2473", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d89", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba67", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001095", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000026d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=621", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:20.586480000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494300.586480000", + "frame.time_delta": "0.000583000", + "frame.time_delta_displayed": "0.000583000", + "frame.time_relative": "709.125794000", + "frame.number": "2474", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d8a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b62", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f190", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000026d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=621", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:20.587048000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494300.587048000", + "frame.time_delta": "0.000568000", + "frame.time_delta_displayed": "0.000568000", + "frame.time_relative": "709.126362000", + "frame.number": "2475", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007f56", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000026d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=621", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:21.882324000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494301.882324000", + "frame.time_delta": "1.295276000", + "frame.time_delta_displayed": "1.295276000", + "frame.time_relative": "710.421638000", + "frame.number": "2476", + "frame.len": "344", + "frame.cap_len": "344", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "330", + "ip.id": "0x00002c21", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003848", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "278", + "tcp.seq": "2031", + "tcp.nxtseq": "2309", + "tcp.ack": "13631", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005ee2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:b1:1a:00:25:bb:7d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812129562, TSecr 2472829": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812129562", + "tcp.options.timestamp.tsecr": "2472829" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "278", + "tcp.analysis.push_bytes_sent": "278" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "273", + "ssl.app_data": "34:cd:34:17:47:48:0e:4c:ea:da:97:0d:52:24:3b:57:a4:0b:55:0d:f9:04:db:01:1d:e9:ca:f7:4e:10:80:41:09:8f:7d:81:b7:5f:ff:16:63:64:aa:28:56:d5:96:42:06:f1:f8:1e:78:66:cf:28:f0:6f:04:fb:6e:f4:a3:9e:10:a4:96:fa:94:3e:2a:41:4b:1f:59:b9:99:78:e5:0a:77:91:31:d2:64:13:e9:7b:3a:a1:c9:f8:dd:ca:c0:8a:6f:97:0c:79:cf:06:d0:c0:26:dc:a9:2c:c3:4b:0f:75:0e:64:36:dd:a6:7f:b0:26:7c:64:5a:10:01:84:f2:23:0b:c5:ec:4e:94:e1:7f:27:ce:e8:e3:45:bd:4f:57:27:82:13:9d:89:62:6a:f2:d2:d5:34:c8:a9:09:f8:60:1b:55:e7:3f:27:df:8e:36:8e:fd:4c:fa:db:84:8b:a5:ce:5b:04:91:ec:28:ea:fa:26:36:e1:e5:e3:97:f5:23:ff:f6:50:e5:bf:c2:03:63:e4:19:8f:7f:6e:f2:4e:a1:4f:b5:bb:39:1c:9d:66:ee:a0:43:45:ab:fd:49:6a:68:65:31:cc:7d:41:e7:af:c2:2e:bd:1b:32:fe:1f:38:75:cb:ea:7f:d6:7b:bf:f3:b4:95:6a:ef:d3:98:d4:25:51:bf:dd:70:c8:bd:dd:0f:b5:c1:bb:c2:f1:88:48:1e:8e:8f:1e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:21.888948000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494301.888948000", + "frame.time_delta": "0.006624000", + "frame.time_delta_displayed": "0.006624000", + "frame.time_relative": "710.428262000", + "frame.number": "2477", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x00009537", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007813", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "13631", + "tcp.nxtseq": "13684", + "tcp.ack": "2309", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000019f9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:c6:70:a7:9d:b1:1a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2475632, TSecr 2812129562": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2475632", + "tcp.options.timestamp.tsecr": "2812129562" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2476", + "tcp.analysis.ack_rtt": "0.006624000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:c6:3c:53:21:84:41:27:9c:51:a1:ed:5c:ab:13:d0:f7:4d:bd:89:b9:48:8c:12:b0:d3:79:80:f3:d5:e2:4d:ef:b9:f8:30:92:ff:c2:1a:f5:a1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:21.949098000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494301.949098000", + "frame.time_delta": "0.060150000", + "frame.time_delta_displayed": "0.060150000", + "frame.time_relative": "710.488412000", + "frame.number": "2478", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c22", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000395d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "2309", + "tcp.ack": "13684", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f279", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:b1:2b:00:25:c6:70", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812129579, TSecr 2475632": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812129579", + "tcp.options.timestamp.tsecr": "2475632" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2477", + "tcp.analysis.ack_rtt": "0.060150000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:21.949693000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494301.949693000", + "frame.time_delta": "0.000595000", + "frame.time_delta_displayed": "0.000595000", + "frame.time_relative": "710.489007000", + "frame.number": "2479", + "frame.len": "725", + "frame.cap_len": "725", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "711", + "ip.id": "0x00009538", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075b4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "659", + "tcp.seq": "13684", + "tcp.nxtseq": "14343", + "tcp.ack": "2309", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000003d5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:c6:77:a7:9d:b1:2b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2475639, TSecr 2812129579": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2475639", + "tcp.options.timestamp.tsecr": "2812129579" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "659", + "tcp.analysis.push_bytes_sent": "659" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:c7:67:11:12:b8:a4:24:da:55:fd:44:5e:a9:8d:6e:e0:51:c7:e3:49:dd:5d:f6:5f:52:69:4f:9a:99:6a:5b:c1:ed:ca:67:1b:77:dc:8b:bd:4e:a7" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:c8:95:c3:39:b9:b4:ad:50:a2:36:c2:77:79:a6:49:33:4a:15:f5:c3:f2:92:88:67:16:97:87:ef:ea:2a:89:2d:a5:ad:5d:3c:e3:2a:19:3f:76:f6:d1:e7:97:16:4f:5e:97:2e:0e:09:27:75:07:c7:52:34:23:8c:ea:c1:34:8c:b4:58:39:87:5f:cd:04:db:56:f4:64:21:54:2a:f2:98:ad:84:e0:09:ce:ae:07:1c:51" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "499", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:c9:72:5e:f3:49:20:29:ca:d9:1a:31:ea:7f:07:45:ad:ee:41:43:e3:f9:12:cb:05:5e:17:19:b7:18:48:bb:14:cb:3b:9c:0b:5f:92:4e:c6:70:50:b1:ce:5c:01:68:ba:ad:aa:f2:32:b7:bf:80:0f:cf:d1:a7:e4:34:fc:91:74:1d:c9:e5:f3:fc:f2:15:3c:61:87:83:6c:51:a7:bc:b1:d8:cb:c7:dd:92:b6:a7:6e:d2:43:13:be:ea:25:4c:ac:b6:90:4f:f0:3c:45:24:33:f1:57:d0:29:d6:58:12:82:b4:31:e2:a3:e8:3b:0d:67:59:c4:d7:a0:44:f6:7c:54:5d:b4:8a:32:3d:a6:ef:67:c6:70:a5:75:3c:17:9f:ac:56:57:8f:07:5a:68:b1:67:a9:83:92:d5:88:ac:19:33:4d:7a:ef:83:29:48:de:1a:69:38:a8:c0:25:2f:7f:23:41:90:1d:bb:d2:a0:e6:e2:ba:e1:bf:81:be:9a:6b:8c:ac:f4:2b:07:0f:14:7c:28:33:93:64:87:fd:7b:9e:ba:48:d4:aa:f9:de:80:e9:46:b4:63:5f:d0:ab:a5:0e:b7:8d:2c:59:01:99:2f:ab:ec:6b:67:56:47:db:47:e3:a2:57:6f:12:ed:de:53:c6:d9:55:04:44:01:21:db:b0:21:f7:ce:01:5d:60:a4:51:26:59:b7:11:b9:05:38:c6:0c:9d:ab:bd:e3:25:75:20:14:06:eb:b6:c8:56:d0:9d:e2:7c:0c:70:cc:c0:d4:c6:92:2d:b0:09:f2:e0:61:69:52:25:dc:18:85:d1:de:3f:e2:22:d7:75:34:d3:8f:ab:05:98:d3:09:af:27:af:59:25:5d:be:1e:f1:69:34:aa:84:c2:ff:6d:d3:45:8f:9e:58:f6:f9:3a:97:76:c4:85:57:2a:6d:1c:ee:13:7e:59:a1:b4:85:15:e2:60:d4:73:ac:a4:35:f4:0d:43:95:b6:38:f7:27:8a:6a:4f:aa:a7:aa:f3:3c:30:91:fc:6e:f6:b5:b5:a3:4e:1a:9b:f5:91:36:b9:71:62:b2:26:de:6b:77:74:da:d4:8a:ca:c1:ee:16:b9:b7:3a:24:fb:10:06:b1:ca:b9:ad:a7:d2:14:8f:9d:66:e9:aa:96:4c:ce:21:c2:9e:0b:1b:ca:82:a0:e9:e8:2d:a2:84:7b:5d:9a:ed:a9:35:69:5e:a4:a0:cc:32:f9:6d:61:8f:a6:e9:ce:c4:b9:b5:02:f1:a6:2c:bd:da:81:7b:d4:e7:78:79:49:45:c1:83:08:fa:39" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:22.010754000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494302.010754000", + "frame.time_delta": "0.061061000", + "frame.time_delta_displayed": "0.061061000", + "frame.time_relative": "710.550068000", + "frame.number": "2480", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c23", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000395c", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "2309", + "tcp.ack": "14343", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000efd0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:b1:3a:00:25:c6:77", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812129594, TSecr 2475639": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812129594", + "tcp.options.timestamp.tsecr": "2475639" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2479", + "tcp.analysis.ack_rtt": "0.061061000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:22.283526000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494302.283526000", + "frame.time_delta": "0.272772000", + "frame.time_delta_displayed": "0.272772000", + "frame.time_relative": "710.822840000", + "frame.number": "2481", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009539", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007810", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "14343", + "tcp.nxtseq": "14397", + "tcp.ack": "2309", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006356", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:c6:98:a7:9d:b1:3a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2475672, TSecr 2812129594": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2475672", + "tcp.options.timestamp.tsecr": "2812129594" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:ca:3c:c9:e5:cc:fb:0e:6c:c4:9c:be:3f:a8:ec:23:00:47:15:e7:9b:4c:05:c0:2a:b7:ce:25:b6:13:28:f3:37:6e:0f:d6:5f:e8:bb:30:f4:48:d4" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:22.343675000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494302.343675000", + "frame.time_delta": "0.060149000", + "frame.time_delta_displayed": "0.060149000", + "frame.time_relative": "710.882989000", + "frame.number": "2482", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c24", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000395b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "2309", + "tcp.ack": "14397", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ef25", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:b1:8e:00:25:c6:98", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812129678, TSecr 2475672": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812129678", + "tcp.options.timestamp.tsecr": "2475672" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2481", + "tcp.analysis.ack_rtt": "0.060149000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:25.586177000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494305.586177000", + "frame.time_delta": "3.242502000", + "frame.time_delta_displayed": "3.242502000", + "frame.time_relative": "714.125491000", + "frame.number": "2483", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d8b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba65", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001095", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000026d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=621", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:25.586740000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494305.586740000", + "frame.time_delta": "0.000563000", + "frame.time_delta_displayed": "0.000563000", + "frame.time_relative": "714.126054000", + "frame.number": "2484", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d8c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f190", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000026d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=621", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:25.587317000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494305.587317000", + "frame.time_delta": "0.000577000", + "frame.time_delta_displayed": "0.000577000", + "frame.time_relative": "714.126631000", + "frame.number": "2485", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007f56", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000026d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=621", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.564431000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.564431000", + "frame.time_delta": "1.977114000", + "frame.time_delta_displayed": "1.977114000", + "frame.time_relative": "716.103745000", + "frame.number": "2486", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000e791", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d128", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50415", + "udp.dstport": "53", + "udp.port": "50415", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000f13e", + "udp.checksum.status": "2", + "udp.stream": "55" + }, + "dns": { + "dns.id": "0x00000f0f", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.565078000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.565078000", + "frame.time_delta": "0.000647000", + "frame.time_delta_displayed": "0.000647000", + "frame.time_relative": "716.104392000", + "frame.number": "2487", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00002726", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009194", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "50415", + "udp.port": "53", + "udp.port": "50415", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "55" + }, + "dns": { + "dns.response_to": "2486", + "dns.time": "0.000647000", + "dns.id": "0x00000f0f", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.565965000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.565965000", + "frame.time_delta": "0.000887000", + "frame.time_delta_displayed": "0.000887000", + "frame.time_relative": "716.105279000", + "frame.number": "2488", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000e792", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d127", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57721", + "udp.dstport": "53", + "udp.port": "57721", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000efb3", + "udp.checksum.status": "2", + "udp.stream": "56" + }, + "dns": { + "dns.id": "0x00000f10", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.567770000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.567770000", + "frame.time_delta": "0.001805000", + "frame.time_delta_displayed": "0.001805000", + "frame.time_relative": "716.107084000", + "frame.number": "2489", + "frame.len": "285", + "frame.cap_len": "285", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "271", + "ip.id": "0x00002727", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000090c5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "57721", + "udp.port": "53", + "udp.port": "57721", + "udp.length": "251", + "udp.checksum": "0x000082fe", + "udp.checksum.status": "2", + "udp.stream": "56" + }, + "dns": { + "dns.response_to": "2488", + "dns.time": "0.001805000", + "dns.id": "0x00000f10", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3070", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3024", + "dns.resp.len": "10", + "dns.ns": "ns2.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3024", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3024", + "dns.resp.len": "6", + "dns.ns": "ns3.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1456", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "18289", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "18289", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001:0:57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "827", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001:0:57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "166942", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1:0:57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "166942", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1:0:57:73:36:68" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.568550000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.568550000", + "frame.time_delta": "0.000780000", + "frame.time_delta_displayed": "0.000780000", + "frame.time_relative": "716.107864000", + "frame.number": "2490", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000a429", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000091a6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35290", + "tcp.dstport": "80", + "tcp.port": "35290", + "tcp.port": "80", + "tcp.stream": "115", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000040a7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.705199000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.705199000", + "frame.time_delta": "0.136649000", + "frame.time_delta_displayed": "0.136649000", + "frame.time_relative": "716.244513000", + "frame.number": "2491", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x0000eeaa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00009c28", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35290", + "tcp.port": "80", + "tcp.port": "35290", + "tcp.stream": "115", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x00008111", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2490", + "tcp.analysis.ack_rtt": "0.136649000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.705747000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.705747000", + "frame.time_delta": "0.000548000", + "frame.time_delta_displayed": "0.000548000", + "frame.time_relative": "716.245061000", + "frame.number": "2492", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a42a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000091b1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35290", + "tcp.dstport": "80", + "tcp.port": "35290", + "tcp.port": "80", + "tcp.stream": "115", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00004aa0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2491", + "tcp.analysis.ack_rtt": "0.000548000", + "tcp.analysis.initial_rtt": "0.137197000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.706052000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.706052000", + "frame.time_delta": "0.000305000", + "frame.time_delta_displayed": "0.000305000", + "frame.time_relative": "716.245366000", + "frame.number": "2493", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x0000a42b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008f58", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35290", + "tcp.dstport": "80", + "tcp.port": "35290", + "tcp.port": "80", + "tcp.stream": "115", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000b5b9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137197000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:37:39:22:2c:20:4e:6f:6e:63:65:3d:22:64:66:63:47:4a:4c:77:65:4a:66:65:35:49:4e:55:49:32:30:34:47:67:51:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:72:39:79:69:59:66:73:69:4c:35:74:35:59:73:4d:5a:70:78:53:39:37:51:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.843116000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.843116000", + "frame.time_delta": "0.137064000", + "frame.time_delta_displayed": "0.137064000", + "frame.time_relative": "716.382430000", + "frame.number": "2494", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002a53", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00006088", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35290", + "tcp.port": "80", + "tcp.port": "35290", + "tcp.stream": "115", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000a7d4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2493", + "tcp.analysis.ack_rtt": "0.137064000", + "tcp.analysis.initial_rtt": "0.137197000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.843760000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.843760000", + "frame.time_delta": "0.000644000", + "frame.time_delta_displayed": "0.000644000", + "frame.time_relative": "716.383074000", + "frame.number": "2495", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x0000a42c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008ccf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35290", + "tcp.dstport": "80", + "tcp.port": "35290", + "tcp.port": "80", + "tcp.stream": "115", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000cc02", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137197000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "25:45:3f:69:40:f2:26:7c:c1:e3:27:ba:40:2b:d9:27:5e:fc:db:54:6d:af:b3:f4:13:87:29:60:2d:8b:f6:ef:fe:50:4d:84:5e:cd:b6:19:af:a7:c6:08:14:0a:bf:14:dd:94:bc:bf:31:38:f0:a8:a4:a2:37:b8:66:67:f3:52:d4:ac:e5:02:dd:b8:4d:4f:e2:8f:97:ea:46:b3:f6:5a:ea:15:67:4e:e8:33:e3:14:94:40:8b:88:43:7b:79:2e:7f:dd:0c:ce:65:b6:b4:01:6d:62:6b:db:93:dd:ef:17:04:fb:75:8b:fb:24:96:f8:18:86:7a:6f:cc:25:10:8a:35:0d:bb:8e:8d:b2:c0:3e:05:52:63:0c:c0:9d:6d:6b:64:bb:b3:a3:ba:22:ce:5d:e7:1a:35:7a:3b:f5:14:d2:5b:1c:2f:6e:bc:1b:f5:6e:49:8f:2f:65:41:5f:8d:42:da:24:a2:e4:90:6b:83:f5:9f:77:d5:cd:a2:42:d7:33:aa:a5:cf:f5:9d:48:12:06:53:a4:1d:97:85:89:a8:82:ac:c9:a4:c2:6f:45:0a:3f:b2:93:af:11:0c:b8:6d:4d:cc:f2:ba:cd:ab:11:15:df:3a:2b:77:22:86:d7:46:53:b3:74:0e:a1:e1:28:74:9d:cf:81:2f:98:88:8c:d0:eb:a9:50:f4:a8:93:ca:32:c0:9a:c8:a6:ad:ba:09:5d:e7:45:2b:8e:36:2f:36:b0:42:f7:45:1a:15:76:76:41:7a:b3:50:2e:c8:73:36:37:f4:75:2d:00:78:c7:45:03:1d:e5:a6:04:ed:fd:21:c0:89:91:52:82:2c:6b:9d:e0:5a:a0:a1:a5:0d:bf:cb:79:5f:a9:06:85:0b:af:00:1f:25:c8:4b:ad:5f:07:44:57:2b:e6:d9:c5:e5:46:46:a8:e5:06:d5:1f:20:e4:60:d3:f5:eb:3b:ec:a3:60:c8:16:3d:7f:cf:f7:cb:9e:6a:cc:be:21:bf:f5:f3:af:84:38:22:a0:b5:ce:17:12:2f:e7:b3:25:e1:bf:be:c7:27:44:98:34:c6:f1:22:16:f2:05:44:65:8b:ad:6c:9b:ef:eb:c7:e8:a7:79:99:0b:fe:4b:e0:e3:11:6e:9d:56:8d:ff:aa:8c:8e:8f:35:d6:5e:97:ef:36:99:cb:7f:e4:fb:89:77:4a:d0:50:02:9f:06:54:c0:f5:de:71:5c:15:48:10:c4:c5:cd:9e:d8:4b:58:22:56:56:22:c1:89:29:3b:ec:8c:77:ea:ad:cb:a4:84:99:f5:65:b3:d0:1b:3b:df:68:de:70:07:51:ea:da:b7:64:ef:f3:7c:ba:cd:59:3e:6e:3c:9e:5f:6b:e4:2d:f7:12:af:b6:24:f8:08:f2:d5:a9:bb:63:6d:f0:ac:f7:b5:4b:cb:4e:c0:a8:0d:11:0d:b2:6a:89:eb:58:a8:13:ee:0b:e7:66:1f:25:3e:dd:9d:bb:de:13:d6:0f:b0:10:04:c8:08:75:d8:2a:41:dd:36:6f:8d:58:49:13:16:23:46:d9:0d:e1:a5:91:cc:8d:5d:28:5a:c3:f5:37:86:14:be:5d:69:8b:4e:8d:be:73:f2:96:04:3f:6b:01:db:51:ab:f6:ce:a5:c0:43:a2:2f:b8:4b:54:76:d4:40:d7:6a:5a:08:a9:81:ff:6b:f1:a5:f6:f4:12:8a:04:55:66:0f:3a:a4:58:b5:a5:66:6e:02:dd:b3:5b:68:84:12:db:8f:01:d6:38:bf:3f:15:38:c4:58:3f:7e:33:d3:f9:66:9c:d6:e2:a5:fe:21:d0:0d:92:cf:e4:84:e1:ec:07:f0:62:06:7d:5b:9c:1a:99:0e:df:84:d3:79:70:e7:9a:58:26:da:b5:78:7b:75:11:14:94:51:36:6a:cc:e6:d8:31:a8:8d:aa:12:93:86:1e:ee:64:ec:a1:0d:5b:ac:72:ec:49:83:8d:41:ad:b5:fb:65:99:eb:c6:ef:07:3d:05:d4:dc:4a:67:78:23:72:e1:25:e5:d1:a1:ae:fd:bd:59:b2:4e:77:89:3b:01:f2:7e:70:94:21:5a:20:9f:2b:78:e7:5f:41:86:f4:e5:87:b7:ce:65:66:4a:d4:9e:5a:b7:e4:c2:de:6f:e2:69:39:77:cc:ce:96:54:bf:18:76:fd:f4:13:f9:8a:72:ba:fa:18:17:77:01:39:fe:e7:68:ec:48:02:98:60:64:71:e5:6b:69:81:82:69:ba:b2:51:38:d3:5c:90:2c:fd:17:84:29:ba:0f:2d:14:9f:f7:83:5d:04:0c:6e:3f:c5:71:2a:4a:55:64:1b:1b:7d:7a:56:1d:94:da:0f:9d:91:e4:2f:ae:97:c4:0b:5f:4b:79:20:0d:6a:f6:a1:8b:35:36:db:59:3f:ff:48:b2:92:39:04:18:29:d8:05:49:b7:f6:5e:e2:ae:d8:4a:9c:af:ba:34:1d:12:87:9b:7d:53:8d:70:f1:fe:ae:cd:27:90:a4:53:75:8a:27:fc:7b:fc:a5:2a:6c:46:c5:a2:50:64:4b:40:e8:f0:22:13:5e:cb:9d:ff:53:fe:b2:5b:50:c5:79:81:f3:cb:e6:07:7a:84:93:47:9e:a3:d0:ca:a3:9d:57:05:8c:7e:9d:7a:ce:df:d5:10:63:2d:23:ba:29:d0:b8:31:e2:ae:73:b5:7f:08:56:46:6d:6a:bd:0b:7a:04:7b:3b:14:d4:bb:75:b1:28:48:a3:7e:83:34:03:90:8f:7c:56:c7:fe:e0:65:c9:8c:8a:15:c2:20:95:a7:9c:be:c7:39:e1:c8:24:c4:cd:5d:bc:16:50:02:f5:26:42:ad:e8:d3:65:ef:67:3f:b0:96:5b:e0:09:47:a2:e7:99:2d:c0:4e:17:bc:8d:8c:0e:cc:dc:fc:67:ad:53:05:8c:64:a7:62:60:72:cc:7f:b7:d4:e1:4f:aa:c6:db:19:ca:26:09:9d:fe:fd:97:4b:5d:32:49:35:69:b9:04:d3:8a:e5:05:dc:d1:5f:68:86:99:19:15:24:66:40:d1:79:89:b2:91:9b:ba:1c:8a:c1:d0:71:83:c8:65:f0:7f:a6:86:8c:7e:d8:2c:ff:08:3c:2d:05:da:a5:e5:20:10:69:af:c3:ba:a3:27:98:2d:4c:1b:b5:6f:fc:e9:d1:83:57:9e:bc:64:c9:80:ea:e5:92:00:b2:19:0e:45:42:e1:f3:8a:1a:52:a2:dd:97:75:cb:3c:95:06:9d:78:d5:d5:8a:7e:38:91:3c:07:e7:bf:55:ea:48:a5:5a:75:1e:66:62:ad:5b" + }, + "tcp.segments": { + "tcp.segment": "2493", + "tcp.segment": "2495", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:37:39:22:2c:20:4e:6f:6e:63:65:3d:22:64:66:63:47:4a:4c:77:65:4a:66:65:35:49:4e:55:49:32:30:34:47:67:51:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:72:39:79:69:59:66:73:69:4c:35:74:35:59:73:4d:5a:70:78:53:39:37:51:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:25:45:3f:69:40:f2:26:7c:c1:e3:27:ba:40:2b:d9:27:5e:fc:db:54:6d:af:b3:f4:13:87:29:60:2d:8b:f6:ef:fe:50:4d:84:5e:cd:b6:19:af:a7:c6:08:14:0a:bf:14:dd:94:bc:bf:31:38:f0:a8:a4:a2:37:b8:66:67:f3:52:d4:ac:e5:02:dd:b8:4d:4f:e2:8f:97:ea:46:b3:f6:5a:ea:15:67:4e:e8:33:e3:14:94:40:8b:88:43:7b:79:2e:7f:dd:0c:ce:65:b6:b4:01:6d:62:6b:db:93:dd:ef:17:04:fb:75:8b:fb:24:96:f8:18:86:7a:6f:cc:25:10:8a:35:0d:bb:8e:8d:b2:c0:3e:05:52:63:0c:c0:9d:6d:6b:64:bb:b3:a3:ba:22:ce:5d:e7:1a:35:7a:3b:f5:14:d2:5b:1c:2f:6e:bc:1b:f5:6e:49:8f:2f:65:41:5f:8d:42:da:24:a2:e4:90:6b:83:f5:9f:77:d5:cd:a2:42:d7:33:aa:a5:cf:f5:9d:48:12:06:53:a4:1d:97:85:89:a8:82:ac:c9:a4:c2:6f:45:0a:3f:b2:93:af:11:0c:b8:6d:4d:cc:f2:ba:cd:ab:11:15:df:3a:2b:77:22:86:d7:46:53:b3:74:0e:a1:e1:28:74:9d:cf:81:2f:98:88:8c:d0:eb:a9:50:f4:a8:93:ca:32:c0:9a:c8:a6:ad:ba:09:5d:e7:45:2b:8e:36:2f:36:b0:42:f7:45:1a:15:76:76:41:7a:b3:50:2e:c8:73:36:37:f4:75:2d:00:78:c7:45:03:1d:e5:a6:04:ed:fd:21:c0:89:91:52:82:2c:6b:9d:e0:5a:a0:a1:a5:0d:bf:cb:79:5f:a9:06:85:0b:af:00:1f:25:c8:4b:ad:5f:07:44:57:2b:e6:d9:c5:e5:46:46:a8:e5:06:d5:1f:20:e4:60:d3:f5:eb:3b:ec:a3:60:c8:16:3d:7f:cf:f7:cb:9e:6a:cc:be:21:bf:f5:f3:af:84:38:22:a0:b5:ce:17:12:2f:e7:b3:25:e1:bf:be:c7:27:44:98:34:c6:f1:22:16:f2:05:44:65:8b:ad:6c:9b:ef:eb:c7:e8:a7:79:99:0b:fe:4b:e0:e3:11:6e:9d:56:8d:ff:aa:8c:8e:8f:35:d6:5e:97:ef:36:99:cb:7f:e4:fb:89:77:4a:d0:50:02:9f:06:54:c0:f5:de:71:5c:15:48:10:c4:c5:cd:9e:d8:4b:58:22:56:56:22:c1:89:29:3b:ec:8c:77:ea:ad:cb:a4:84:99:f5:65:b3:d0:1b:3b:df:68:de:70:07:51:ea:da:b7:64:ef:f3:7c:ba:cd:59:3e:6e:3c:9e:5f:6b:e4:2d:f7:12:af:b6:24:f8:08:f2:d5:a9:bb:63:6d:f0:ac:f7:b5:4b:cb:4e:c0:a8:0d:11:0d:b2:6a:89:eb:58:a8:13:ee:0b:e7:66:1f:25:3e:dd:9d:bb:de:13:d6:0f:b0:10:04:c8:08:75:d8:2a:41:dd:36:6f:8d:58:49:13:16:23:46:d9:0d:e1:a5:91:cc:8d:5d:28:5a:c3:f5:37:86:14:be:5d:69:8b:4e:8d:be:73:f2:96:04:3f:6b:01:db:51:ab:f6:ce:a5:c0:43:a2:2f:b8:4b:54:76:d4:40:d7:6a:5a:08:a9:81:ff:6b:f1:a5:f6:f4:12:8a:04:55:66:0f:3a:a4:58:b5:a5:66:6e:02:dd:b3:5b:68:84:12:db:8f:01:d6:38:bf:3f:15:38:c4:58:3f:7e:33:d3:f9:66:9c:d6:e2:a5:fe:21:d0:0d:92:cf:e4:84:e1:ec:07:f0:62:06:7d:5b:9c:1a:99:0e:df:84:d3:79:70:e7:9a:58:26:da:b5:78:7b:75:11:14:94:51:36:6a:cc:e6:d8:31:a8:8d:aa:12:93:86:1e:ee:64:ec:a1:0d:5b:ac:72:ec:49:83:8d:41:ad:b5:fb:65:99:eb:c6:ef:07:3d:05:d4:dc:4a:67:78:23:72:e1:25:e5:d1:a1:ae:fd:bd:59:b2:4e:77:89:3b:01:f2:7e:70:94:21:5a:20:9f:2b:78:e7:5f:41:86:f4:e5:87:b7:ce:65:66:4a:d4:9e:5a:b7:e4:c2:de:6f:e2:69:39:77:cc:ce:96:54:bf:18:76:fd:f4:13:f9:8a:72:ba:fa:18:17:77:01:39:fe:e7:68:ec:48:02:98:60:64:71:e5:6b:69:81:82:69:ba:b2:51:38:d3:5c:90:2c:fd:17:84:29:ba:0f:2d:14:9f:f7:83:5d:04:0c:6e:3f:c5:71:2a:4a:55:64:1b:1b:7d:7a:56:1d:94:da:0f:9d:91:e4:2f:ae:97:c4:0b:5f:4b:79:20:0d:6a:f6:a1:8b:35:36:db:59:3f:ff:48:b2:92:39:04:18:29:d8:05:49:b7:f6:5e:e2:ae:d8:4a:9c:af:ba:34:1d:12:87:9b:7d:53:8d:70:f1:fe:ae:cd:27:90:a4:53:75:8a:27:fc:7b:fc:a5:2a:6c:46:c5:a2:50:64:4b:40:e8:f0:22:13:5e:cb:9d:ff:53:fe:b2:5b:50:c5:79:81:f3:cb:e6:07:7a:84:93:47:9e:a3:d0:ca:a3:9d:57:05:8c:7e:9d:7a:ce:df:d5:10:63:2d:23:ba:29:d0:b8:31:e2:ae:73:b5:7f:08:56:46:6d:6a:bd:0b:7a:04:7b:3b:14:d4:bb:75:b1:28:48:a3:7e:83:34:03:90:8f:7c:56:c7:fe:e0:65:c9:8c:8a:15:c2:20:95:a7:9c:be:c7:39:e1:c8:24:c4:cd:5d:bc:16:50:02:f5:26:42:ad:e8:d3:65:ef:67:3f:b0:96:5b:e0:09:47:a2:e7:99:2d:c0:4e:17:bc:8d:8c:0e:cc:dc:fc:67:ad:53:05:8c:64:a7:62:60:72:cc:7f:b7:d4:e1:4f:aa:c6:db:19:ca:26:09:9d:fe:fd:97:4b:5d:32:49:35:69:b9:04:d3:8a:e5:05:dc:d1:5f:68:86:99:19:15:24:66:40:d1:79:89:b2:91:9b:ba:1c:8a:c1:d0:71:83:c8:65:f0:7f:a6:86:8c:7e:d8:2c:ff:08:3c:2d:05:da:a5:e5:20:10:69:af:c3:ba:a3:27:98:2d:4c:1b:b5:6f:fc:e9:d1:83:57:9e:bc:64:c9:80:ea:e5:92:00:b2:19:0e:45:42:e1:f3:8a:1a:52:a2:dd:97:75:cb:3c:95:06:9d:78:d5:d5:8a:7e:38:91:3c:07:e7:bf:55:ea:48:a5:5a:75:1e:66:62:ad:5b" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"179\", Nonce=\"dfcGJLweJfe5INUI204GgQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"r9yiYfsiL5t5YsMZpxS97Q==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"179\", Nonce=\"dfcGJLweJfe5INUI204GgQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"r9yiYfsiL5t5YsMZpxS97Q==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "%E?i@\u00ef\u00bf\u00bd&|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd'\u00ef\u00bf\u00bd@+\u00ef\u00bf\u00bd'^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdTm\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0013\u00ef\u00bf\u00bd)`-\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdPM\u00ef\u00bf\u00bd^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\b\u0014\n\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd18\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd7\u00ef\u00bf\u00bdfg\u00ef\u00bf\u00bdR\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdMO\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdF\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdZ\u00ef\u00bf\u00bd\u0015gN\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bd@\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdC{y.\u007f\u00ef\u00bf\u00bd\f\u00ef\u00bf\u00bde\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0001mbk\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0017\u0004\u00ef\u00bf\u00bdu\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bdzo\u00ef\u00bf\u00bd%\u0010\u00ef\u00bf\u00bd5\r\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd>\u0005Rc\f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdmkd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bd]\u00ef\u00bf\u00bd\u001a5z;\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bd[\u001c\/n\u00ef\u00bf\u00bd\u001b\u00ef\u00bf\u00bdnI\u00ef\u00bf\u00bd\/eA_\u00ef\u00bf\u00bdB\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdk\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdw\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdB\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdH\u0012\u0006S\u00ef\u00bf\u00bd\u001d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdoE\n?\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0011\f\u00ef\u00bf\u00bdmM\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0011\u0015\u00ef\u00bf\u00bd:+w\"\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdFS\u00ef\u00bf\u00bdt\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd(t\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdP\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd2\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\t]\u00ef\u00bf\u00bdE+\u00ef\u00bf\u00bd6\/6\u00ef\u00bf\u00bdB\u00ef\u00bf\u00bdE\u001a\u0015vvAz\u00ef\u00bf\u00bdP.\u00ef\u00bf\u00bds67\u00ef\u00bf\u00bdu-" + }, + "media": { + "media.type": "25:45:3f:69:40:f2:26:7c:c1:e3:27:ba:40:2b:d9:27:5e:fc:db:54:6d:af:b3:f4:13:87:29:60:2d:8b:f6:ef:fe:50:4d:84:5e:cd:b6:19:af:a7:c6:08:14:0a:bf:14:dd:94:bc:bf:31:38:f0:a8:a4:a2:37:b8:66:67:f3:52:d4:ac:e5:02:dd:b8:4d:4f:e2:8f:97:ea:46:b3:f6:5a:ea:15:67:4e:e8:33:e3:14:94:40:8b:88:43:7b:79:2e:7f:dd:0c:ce:65:b6:b4:01:6d:62:6b:db:93:dd:ef:17:04:fb:75:8b:fb:24:96:f8:18:86:7a:6f:cc:25:10:8a:35:0d:bb:8e:8d:b2:c0:3e:05:52:63:0c:c0:9d:6d:6b:64:bb:b3:a3:ba:22:ce:5d:e7:1a:35:7a:3b:f5:14:d2:5b:1c:2f:6e:bc:1b:f5:6e:49:8f:2f:65:41:5f:8d:42:da:24:a2:e4:90:6b:83:f5:9f:77:d5:cd:a2:42:d7:33:aa:a5:cf:f5:9d:48:12:06:53:a4:1d:97:85:89:a8:82:ac:c9:a4:c2:6f:45:0a:3f:b2:93:af:11:0c:b8:6d:4d:cc:f2:ba:cd:ab:11:15:df:3a:2b:77:22:86:d7:46:53:b3:74:0e:a1:e1:28:74:9d:cf:81:2f:98:88:8c:d0:eb:a9:50:f4:a8:93:ca:32:c0:9a:c8:a6:ad:ba:09:5d:e7:45:2b:8e:36:2f:36:b0:42:f7:45:1a:15:76:76:41:7a:b3:50:2e:c8:73:36:37:f4:75:2d:00:78:c7:45:03:1d:e5:a6:04:ed:fd:21:c0:89:91:52:82:2c:6b:9d:e0:5a:a0:a1:a5:0d:bf:cb:79:5f:a9:06:85:0b:af:00:1f:25:c8:4b:ad:5f:07:44:57:2b:e6:d9:c5:e5:46:46:a8:e5:06:d5:1f:20:e4:60:d3:f5:eb:3b:ec:a3:60:c8:16:3d:7f:cf:f7:cb:9e:6a:cc:be:21:bf:f5:f3:af:84:38:22:a0:b5:ce:17:12:2f:e7:b3:25:e1:bf:be:c7:27:44:98:34:c6:f1:22:16:f2:05:44:65:8b:ad:6c:9b:ef:eb:c7:e8:a7:79:99:0b:fe:4b:e0:e3:11:6e:9d:56:8d:ff:aa:8c:8e:8f:35:d6:5e:97:ef:36:99:cb:7f:e4:fb:89:77:4a:d0:50:02:9f:06:54:c0:f5:de:71:5c:15:48:10:c4:c5:cd:9e:d8:4b:58:22:56:56:22:c1:89:29:3b:ec:8c:77:ea:ad:cb:a4:84:99:f5:65:b3:d0:1b:3b:df:68:de:70:07:51:ea:da:b7:64:ef:f3:7c:ba:cd:59:3e:6e:3c:9e:5f:6b:e4:2d:f7:12:af:b6:24:f8:08:f2:d5:a9:bb:63:6d:f0:ac:f7:b5:4b:cb:4e:c0:a8:0d:11:0d:b2:6a:89:eb:58:a8:13:ee:0b:e7:66:1f:25:3e:dd:9d:bb:de:13:d6:0f:b0:10:04:c8:08:75:d8:2a:41:dd:36:6f:8d:58:49:13:16:23:46:d9:0d:e1:a5:91:cc:8d:5d:28:5a:c3:f5:37:86:14:be:5d:69:8b:4e:8d:be:73:f2:96:04:3f:6b:01:db:51:ab:f6:ce:a5:c0:43:a2:2f:b8:4b:54:76:d4:40:d7:6a:5a:08:a9:81:ff:6b:f1:a5:f6:f4:12:8a:04:55:66:0f:3a:a4:58:b5:a5:66:6e:02:dd:b3:5b:68:84:12:db:8f:01:d6:38:bf:3f:15:38:c4:58:3f:7e:33:d3:f9:66:9c:d6:e2:a5:fe:21:d0:0d:92:cf:e4:84:e1:ec:07:f0:62:06:7d:5b:9c:1a:99:0e:df:84:d3:79:70:e7:9a:58:26:da:b5:78:7b:75:11:14:94:51:36:6a:cc:e6:d8:31:a8:8d:aa:12:93:86:1e:ee:64:ec:a1:0d:5b:ac:72:ec:49:83:8d:41:ad:b5:fb:65:99:eb:c6:ef:07:3d:05:d4:dc:4a:67:78:23:72:e1:25:e5:d1:a1:ae:fd:bd:59:b2:4e:77:89:3b:01:f2:7e:70:94:21:5a:20:9f:2b:78:e7:5f:41:86:f4:e5:87:b7:ce:65:66:4a:d4:9e:5a:b7:e4:c2:de:6f:e2:69:39:77:cc:ce:96:54:bf:18:76:fd:f4:13:f9:8a:72:ba:fa:18:17:77:01:39:fe:e7:68:ec:48:02:98:60:64:71:e5:6b:69:81:82:69:ba:b2:51:38:d3:5c:90:2c:fd:17:84:29:ba:0f:2d:14:9f:f7:83:5d:04:0c:6e:3f:c5:71:2a:4a:55:64:1b:1b:7d:7a:56:1d:94:da:0f:9d:91:e4:2f:ae:97:c4:0b:5f:4b:79:20:0d:6a:f6:a1:8b:35:36:db:59:3f:ff:48:b2:92:39:04:18:29:d8:05:49:b7:f6:5e:e2:ae:d8:4a:9c:af:ba:34:1d:12:87:9b:7d:53:8d:70:f1:fe:ae:cd:27:90:a4:53:75:8a:27:fc:7b:fc:a5:2a:6c:46:c5:a2:50:64:4b:40:e8:f0:22:13:5e:cb:9d:ff:53:fe:b2:5b:50:c5:79:81:f3:cb:e6:07:7a:84:93:47:9e:a3:d0:ca:a3:9d:57:05:8c:7e:9d:7a:ce:df:d5:10:63:2d:23:ba:29:d0:b8:31:e2:ae:73:b5:7f:08:56:46:6d:6a:bd:0b:7a:04:7b:3b:14:d4:bb:75:b1:28:48:a3:7e:83:34:03:90:8f:7c:56:c7:fe:e0:65:c9:8c:8a:15:c2:20:95:a7:9c:be:c7:39:e1:c8:24:c4:cd:5d:bc:16:50:02:f5:26:42:ad:e8:d3:65:ef:67:3f:b0:96:5b:e0:09:47:a2:e7:99:2d:c0:4e:17:bc:8d:8c:0e:cc:dc:fc:67:ad:53:05:8c:64:a7:62:60:72:cc:7f:b7:d4:e1:4f:aa:c6:db:19:ca:26:09:9d:fe:fd:97:4b:5d:32:49:35:69:b9:04:d3:8a:e5:05:dc:d1:5f:68:86:99:19:15:24:66:40:d1:79:89:b2:91:9b:ba:1c:8a:c1:d0:71:83:c8:65:f0:7f:a6:86:8c:7e:d8:2c:ff:08:3c:2d:05:da:a5:e5:20:10:69:af:c3:ba:a3:27:98:2d:4c:1b:b5:6f:fc:e9:d1:83:57:9e:bc:64:c9:80:ea:e5:92:00:b2:19:0e:45:42:e1:f3:8a:1a:52:a2:dd:97:75:cb:3c:95:06:9d:78:d5:d5:8a:7e:38:91:3c:07:e7:bf:55:ea:48:a5:5a:75:1e:66:62:ad:5b" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.980302000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.980302000", + "frame.time_delta": "0.136542000", + "frame.time_delta_displayed": "0.136542000", + "frame.time_relative": "716.519616000", + "frame.number": "2496", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000665d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000247e", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35290", + "tcp.port": "80", + "tcp.port": "35290", + "tcp.stream": "115", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00009e14", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2495", + "tcp.analysis.ack_rtt": "0.136542000", + "tcp.analysis.initial_rtt": "0.137197000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.983616000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.983616000", + "frame.time_delta": "0.003314000", + "frame.time_delta_displayed": "0.003314000", + "frame.time_relative": "716.522930000", + "frame.number": "2497", + "frame.len": "1434", + "frame.cap_len": "1434", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1420", + "ip.id": "0x00006733", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00001e44", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35290", + "tcp.port": "80", + "tcp.port": "35290", + "tcp.stream": "115", + "tcp.len": "1380", + "tcp.seq": "1", + "tcp.nxtseq": "1381", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00000a73", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137197000", + "tcp.analysis.bytes_in_flight": "1380", + "tcp.analysis.push_bytes_sent": "1380" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:34:30:31:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:70:72:69:76:61:74:65:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:74:65:78:74:2f:68:74:6d:6c:0d:0a:53:65:72:76:65:72:3a:20:4d:69:63:72:6f:73:6f:66:74:2d:49:49:53:2f:37:2e:35:0d:0a:57:57:57:2d:41:75:74:68:65:6e:74:69:63:61:74:65:3a:20:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:52:65:6e:65:77:4e:6f:6e:63:65:3d:22:54:72:75:65:22:2c:20:4e:6f:6e:63:65:3d:22:53:57:71:36:6f:34:66:2f:31:45:65:37:49:4e:55:49:5a:79:50:79:31:77:3d:3d:22:0d:0a:58:2d:41:73:70:4e:65:74:2d:56:65:72:73:69:6f:6e:3a:20:34:2e:30:2e:33:30:33:31:39:0d:0a:58:2d:50:6f:77:65:72:65:64:2d:42:79:3a:20:41:53:50:2e:4e:45:54:0d:0a:44:61:74:65:3a:20:54:75:65:2c:20:33:31:20:4f:63:74:20:32:30:31:37:20:32:33:3a:35:38:3a:32:37:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:39:33:0d:0a:0d:0a:3c:21:44:4f:43:54:59:50:45:20:68:74:6d:6c:20:50:55:42:4c:49:43:20:22:2d:2f:2f:57:33:43:2f:2f:44:54:44:20:58:48:54:4d:4c:20:31:2e:30:20:53:74:72:69:63:74:2f:2f:45:4e:22:20:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:54:52:2f:78:68:74:6d:6c:31:2f:44:54:44:2f:78:68:74:6d:6c:31:2d:73:74:72:69:63:74:2e:64:74:64:22:3e:0d:0a:3c:68:74:6d:6c:20:78:6d:6c:6e:73:3d:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:31:39:39:39:2f:78:68:74:6d:6c:22:3e:0d:0a:3c:68:65:61:64:3e:0d:0a:3c:6d:65:74:61:20:68:74:74:70:2d:65:71:75:69:76:3d:22:43:6f:6e:74:65:6e:74:2d:54:79:70:65:22:20:63:6f:6e:74:65:6e:74:3d:22:74:65:78:74:2f:68:74:6d:6c:3b:20:63:68:61:72:73:65:74:3d:69:73:6f:2d:38:38:35:39:2d:31:22:2f:3e:0d:0a:3c:74:69:74:6c:65:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:74:69:74:6c:65:3e:0d:0a:3c:73:74:79:6c:65:20:74:79:70:65:3d:22:74:65:78:74:2f:63:73:73:22:3e:0d:0a:3c:21:2d:2d:0d:0a:62:6f:64:79:7b:6d:61:72:67:69:6e:3a:30:3b:66:6f:6e:74:2d:73:69:7a:65:3a:2e:37:65:6d:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:56:65:72:64:61:6e:61:2c:20:41:72:69:61:6c:2c:20:48:65:6c:76:65:74:69:63:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:45:45:45:45:45:45:3b:7d:0d:0a:66:69:65:6c:64:73:65:74:7b:70:61:64:64:69:6e:67:3a:30:20:31:35:70:78:20:31:30:70:78:20:31:35:70:78:3b:7d:20:0d:0a:68:31:7b:66:6f:6e:74:2d:73:69:7a:65:3a:32:2e:34:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:7d:0d:0a:68:32:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:37:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:43:43:30:30:30:30:3b:7d:20:0d:0a:68:33:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:32:65:6d:3b:6d:61:72:67:69:6e:3a:31:30:70:78:20:30:20:30:20:30:3b:63:6f:6c:6f:72:3a:23:30:30:30:30:30:30:3b:7d:20:0d:0a:23:68:65:61:64:65:72:7b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:30:3b:70:61:64:64:69:6e:67:3a:36:70:78:20:32:25:20:36:70:78:20:32:25:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:22:74:72:65:62:75:63:68:65:74:20:4d:53:22:2c:20:56:65:72:64:61:6e:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:0d:0a:62:61:63:6b:67:72:6f:75:6e:64:2d:63:6f:6c:6f:72:3a:23:35:35:35:35:35:35:3b:7d:0d:0a:23:63:6f:6e:74:65:6e:74:7b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:32:25:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2e:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:7b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:46:46:46:3b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:2d:74:6f:70:3a:38:70:78:3b:70:61:64:64:69:6e:67:3a:31:30:70:78:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2d:2d:3e:0d:0a:3c:2f:73:74:79:6c:65:3e:0d:0a:3c:2f:68:65:61:64:3e:0d:0a:3c:62:6f:64:79:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:68:65:61:64:65:72:22:3e:3c:68:31:3e:53:65:72:76:65:72:20:45:72:72:6f:72:3c:2f:68:31:3e:3c:2f:64:69:76:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:63:6f:6e:74:65:6e:74:22:3e:0d:0a:20:3c:64:69:76:20:63:6c:61:73:73:3d:22:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:22:3e:3c:66:69:65:6c:64:73" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.983639000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.983639000", + "frame.time_delta": "0.000023000", + "frame.time_delta_displayed": "0.000023000", + "frame.time_relative": "716.522953000", + "frame.number": "2498", + "frame.len": "134", + "frame.cap_len": "134", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "120", + "ip.id": "0x00006734", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00002357", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35290", + "tcp.port": "80", + "tcp.port": "35290", + "tcp.stream": "115", + "tcp.len": "80", + "tcp.seq": "1381", + "tcp.nxtseq": "1461", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000055f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137197000", + "tcp.analysis.bytes_in_flight": "1460", + "tcp.analysis.push_bytes_sent": "1460" + }, + "tcp.segment_data": "65:74:3e:0d:0a:20:20:3c:68:32:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:68:32:3e" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.983721000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.983721000", + "frame.time_delta": "0.000082000", + "frame.time_delta_displayed": "0.000082000", + "frame.time_relative": "716.523035000", + "frame.number": "2499", + "frame.len": "213", + "frame.cap_len": "213", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "199", + "ip.id": "0x00006735", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00002307", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35290", + "tcp.port": "80", + "tcp.port": "35290", + "tcp.stream": "115", + "tcp.len": "159", + "tcp.seq": "1461", + "tcp.nxtseq": "1620", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003293", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137197000", + "tcp.analysis.bytes_in_flight": "1619", + "tcp.analysis.push_bytes_sent": "159" + }, + "tcp.segment_data": "0d:0a:20:20:3c:68:33:3e:59:6f:75:20:64:6f:20:6e:6f:74:20:68:61:76:65:20:70:65:72:6d:69:73:73:69:6f:6e:20:74:6f:20:76:69:65:77:20:74:68:69:73:20:64:69:72:65:63:74:6f:72:79:20:6f:72:20:70:61:67:65:20:75:73:69:6e:67:20:74:68:65:20:63:72:65:64:65:6e:74:69:61:6c:73:20:74:68:61:74:20:79:6f:75:20:73:75:70:70:6c:69:65:64:2e:3c:2f:68:33:3e:0d:0a:20:3c:2f:66:69:65:6c:64:73:65:74:3e:3c:2f:64:69:76:3e:0d:0a:3c:2f:64:69:76:3e:0d:0a:3c:2f:62:6f:64:79:3e:0d:0a:3c:2f:68:74:6d:6c:3e:0d:0a" + }, + "tcp.segments": { + "tcp.segment": "2497", + "tcp.segment": "2498", + "tcp.segment": "2499", + "tcp.segment.count": "3", + "tcp.reassembled.length": "1619", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:34:30:31:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:70:72:69:76:61:74:65:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:74:65:78:74:2f:68:74:6d:6c:0d:0a:53:65:72:76:65:72:3a:20:4d:69:63:72:6f:73:6f:66:74:2d:49:49:53:2f:37:2e:35:0d:0a:57:57:57:2d:41:75:74:68:65:6e:74:69:63:61:74:65:3a:20:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:52:65:6e:65:77:4e:6f:6e:63:65:3d:22:54:72:75:65:22:2c:20:4e:6f:6e:63:65:3d:22:53:57:71:36:6f:34:66:2f:31:45:65:37:49:4e:55:49:5a:79:50:79:31:77:3d:3d:22:0d:0a:58:2d:41:73:70:4e:65:74:2d:56:65:72:73:69:6f:6e:3a:20:34:2e:30:2e:33:30:33:31:39:0d:0a:58:2d:50:6f:77:65:72:65:64:2d:42:79:3a:20:41:53:50:2e:4e:45:54:0d:0a:44:61:74:65:3a:20:54:75:65:2c:20:33:31:20:4f:63:74:20:32:30:31:37:20:32:33:3a:35:38:3a:32:37:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:39:33:0d:0a:0d:0a:3c:21:44:4f:43:54:59:50:45:20:68:74:6d:6c:20:50:55:42:4c:49:43:20:22:2d:2f:2f:57:33:43:2f:2f:44:54:44:20:58:48:54:4d:4c:20:31:2e:30:20:53:74:72:69:63:74:2f:2f:45:4e:22:20:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:54:52:2f:78:68:74:6d:6c:31:2f:44:54:44:2f:78:68:74:6d:6c:31:2d:73:74:72:69:63:74:2e:64:74:64:22:3e:0d:0a:3c:68:74:6d:6c:20:78:6d:6c:6e:73:3d:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:31:39:39:39:2f:78:68:74:6d:6c:22:3e:0d:0a:3c:68:65:61:64:3e:0d:0a:3c:6d:65:74:61:20:68:74:74:70:2d:65:71:75:69:76:3d:22:43:6f:6e:74:65:6e:74:2d:54:79:70:65:22:20:63:6f:6e:74:65:6e:74:3d:22:74:65:78:74:2f:68:74:6d:6c:3b:20:63:68:61:72:73:65:74:3d:69:73:6f:2d:38:38:35:39:2d:31:22:2f:3e:0d:0a:3c:74:69:74:6c:65:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:74:69:74:6c:65:3e:0d:0a:3c:73:74:79:6c:65:20:74:79:70:65:3d:22:74:65:78:74:2f:63:73:73:22:3e:0d:0a:3c:21:2d:2d:0d:0a:62:6f:64:79:7b:6d:61:72:67:69:6e:3a:30:3b:66:6f:6e:74:2d:73:69:7a:65:3a:2e:37:65:6d:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:56:65:72:64:61:6e:61:2c:20:41:72:69:61:6c:2c:20:48:65:6c:76:65:74:69:63:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:45:45:45:45:45:45:3b:7d:0d:0a:66:69:65:6c:64:73:65:74:7b:70:61:64:64:69:6e:67:3a:30:20:31:35:70:78:20:31:30:70:78:20:31:35:70:78:3b:7d:20:0d:0a:68:31:7b:66:6f:6e:74:2d:73:69:7a:65:3a:32:2e:34:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:7d:0d:0a:68:32:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:37:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:43:43:30:30:30:30:3b:7d:20:0d:0a:68:33:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:32:65:6d:3b:6d:61:72:67:69:6e:3a:31:30:70:78:20:30:20:30:20:30:3b:63:6f:6c:6f:72:3a:23:30:30:30:30:30:30:3b:7d:20:0d:0a:23:68:65:61:64:65:72:7b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:30:3b:70:61:64:64:69:6e:67:3a:36:70:78:20:32:25:20:36:70:78:20:32:25:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:22:74:72:65:62:75:63:68:65:74:20:4d:53:22:2c:20:56:65:72:64:61:6e:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:0d:0a:62:61:63:6b:67:72:6f:75:6e:64:2d:63:6f:6c:6f:72:3a:23:35:35:35:35:35:35:3b:7d:0d:0a:23:63:6f:6e:74:65:6e:74:7b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:32:25:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2e:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:7b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:46:46:46:3b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:2d:74:6f:70:3a:38:70:78:3b:70:61:64:64:69:6e:67:3a:31:30:70:78:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2d:2d:3e:0d:0a:3c:2f:73:74:79:6c:65:3e:0d:0a:3c:2f:68:65:61:64:3e:0d:0a:3c:62:6f:64:79:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:68:65:61:64:65:72:22:3e:3c:68:31:3e:53:65:72:76:65:72:20:45:72:72:6f:72:3c:2f:68:31:3e:3c:2f:64:69:76:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:63:6f:6e:74:65:6e:74:22:3e:0d:0a:20:3c:64:69:76:20:63:6c:61:73:73:3d:22:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:22:3e:3c:66:69:65:6c:64:73:65:74:3e:0d:0a:20:20:3c:68:32:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:68:32:3e:0d:0a:20:20:3c:68:33:3e:59:6f:75:20:64:6f:20:6e:6f:74:20:68:61:76:65:20:70:65:72:6d:69:73:73:69:6f:6e:20:74:6f:20:76:69:65:77:20:74:68:69:73:20:64:69:72:65:63:74:6f:72:79:20:6f:72:20:70:61:67:65:20:75:73:69:6e:67:20:74:68:65:20:63:72:65:64:65:6e:74:69:61:6c:73:20:74:68:61:74:20:79:6f:75:20:73:75:70:70:6c:69:65:64:2e:3c:2f:68:33:3e:0d:0a:20:3c:2f:66:69:65:6c:64:73:65:74:3e:3c:2f:64:69:76:3e:0d:0a:3c:2f:64:69:76:3e:0d:0a:3c:2f:62:6f:64:79:3e:0d:0a:3c:2f:68:74:6d:6c:3e:0d:0a" + }, + "http": { + "HTTP\/1.1 401 Unauthorized\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 401 Unauthorized\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "401", + "http.response.phrase": "Unauthorized" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_type": "text\/html", + "http.response.line": "Content-Type: text\/html\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Type=\"SSO\", RenewNonce=\"True\", Nonce=\"SWq6o4f\/1Ee7INUIZyPy1w==\"", + "http.response.line": "WWW-Authenticate: CBAuth Type=\"SSO\", RenewNonce=\"True\", Nonce=\"SWq6o4f\/1Ee7INUIZyPy1w==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Tue, 31 Oct 2017 23:58:27 GMT", + "http.response.line": "Date: Tue, 31 Oct 2017 23:58:27 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "http.content_length_header": "1293", + "http.content_length_header_tree": { + "http.content_length": "1293" + }, + "http.response.line": "Content-Length: 1293\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.139961000", + "http.request_in": "2495", + "http.file_data": "<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD XHTML 1.0 Strict\/\/EN\" \"http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-strict.dtd\">\r\n<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text\/html; charset=iso-8859-1\"\/>\r\n<title>401 - Unauthorized: Access is denied due to invalid credentials.<\/title>\r\n<style type=\"text\/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n<\/style>\r\n<\/head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error<\/h1><\/div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n <h2>401 - Unauthorized: Access is denied due to invalid credentials.<\/h2>\r\n <h3>You do not have permission to view this directory or page using the credentials that you supplied.<\/h3>\r\n <\/fieldset><\/div>\r\n<\/div>\r\n<\/body>\r\n<\/html>\r\n" + }, + "data-text-lines": { + "<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD XHTML 1.0 Strict\/\/EN\" \"http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-strict.dtd\">\\r\\n": "", + "<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\\r\\n": "", + "<head>\\r\\n": "", + "<meta http-equiv=\"Content-Type\" content=\"text\/html; charset=iso-8859-1\"\/>\\r\\n": "", + "<title>401 - Unauthorized: Access is denied due to invalid credentials.<\/title>\\r\\n": "", + "<style type=\"text\/css\">\\r\\n": "", + "<!--\\r\\n": "", + "body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\\r\\n": "", + "fieldset{padding:0 15px 10px 15px;} \\r\\n": "", + "h1{font-size:2.4em;margin:0;color:#FFF;}\\r\\n": "", + "h2{font-size:1.7em;margin:0;color:#CC0000;} \\r\\n": "", + "h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \\r\\n": "", + "#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\\r\\n": "", + "background-color:#555555;}\\r\\n": "", + "#content{margin:0 0 0 2%;position:relative;}\\r\\n": "", + ".content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\\r\\n": "", + "-->\\r\\n": "", + "<\/style>\\r\\n": "", + "<\/head>\\r\\n": "", + "<body>\\r\\n": "", + "<div id=\"header\"><h1>Server Error<\/h1><\/div>\\r\\n": "", + "<div id=\"content\">\\r\\n": "", + " <div class=\"content-container\"><fieldset>\\r\\n": "", + " <h2>401 - Unauthorized: Access is denied due to invalid credentials.<\/h2>\\r\\n": "", + " <h3>You do not have permission to view this directory or page using the credentials that you supplied.<\/h3>\\r\\n": "", + " <\/fieldset><\/div>\\r\\n": "", + "<\/div>\\r\\n": "", + "<\/body>\\r\\n": "", + "<\/html>\\r\\n": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.983801000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.983801000", + "frame.time_delta": "0.000080000", + "frame.time_delta_displayed": "0.000080000", + "frame.time_relative": "716.523115000", + "frame.number": "2500", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006737", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x000023a4", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35290", + "tcp.port": "80", + "tcp.port": "35290", + "tcp.stream": "115", + "tcp.len": "0", + "tcp.seq": "1620", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000097c0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.984224000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.984224000", + "frame.time_delta": "0.000423000", + "frame.time_delta_displayed": "0.000423000", + "frame.time_relative": "716.523538000", + "frame.number": "2501", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a42d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000091ae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35290", + "tcp.dstport": "80", + "tcp.port": "35290", + "tcp.port": "80", + "tcp.stream": "115", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "1381", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "31740", + "tcp.window_size": "31740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003418", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2497", + "tcp.analysis.ack_rtt": "0.000608000", + "tcp.analysis.initial_rtt": "0.137197000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.984237000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.984237000", + "frame.time_delta": "0.000013000", + "frame.time_delta_displayed": "0.000013000", + "frame.time_relative": "716.523551000", + "frame.number": "2502", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a42e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000091ad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35290", + "tcp.dstport": "80", + "tcp.port": "35290", + "tcp.port": "80", + "tcp.stream": "115", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "1461", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "31740", + "tcp.window_size": "31740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000033c8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2498", + "tcp.analysis.ack_rtt": "0.000598000", + "tcp.analysis.initial_rtt": "0.137197000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.984246000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.984246000", + "frame.time_delta": "0.000009000", + "frame.time_delta_displayed": "0.000009000", + "frame.time_relative": "716.523560000", + "frame.number": "2503", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a42f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000091ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35290", + "tcp.dstport": "80", + "tcp.port": "35290", + "tcp.port": "80", + "tcp.stream": "115", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "1620", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "31740", + "tcp.window_size": "31740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003329", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2499", + "tcp.analysis.ack_rtt": "0.000525000", + "tcp.analysis.initial_rtt": "0.137197000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.984643000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.984643000", + "frame.time_delta": "0.000397000", + "frame.time_delta_displayed": "0.000397000", + "frame.time_relative": "716.523957000", + "frame.number": "2504", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a430", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000091ab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35290", + "tcp.dstport": "80", + "tcp.port": "35290", + "tcp.port": "80", + "tcp.stream": "115", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "1621", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "31740", + "tcp.window_size": "31740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003327", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2500", + "tcp.analysis.ack_rtt": "0.000842000", + "tcp.analysis.initial_rtt": "0.137197000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.985623000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.985623000", + "frame.time_delta": "0.000980000", + "frame.time_delta_displayed": "0.000980000", + "frame.time_relative": "716.524937000", + "frame.number": "2505", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000e7b1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d108", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57893", + "udp.dstport": "53", + "udp.port": "57893", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000d406", + "udp.checksum.status": "2", + "udp.stream": "57" + }, + "dns": { + "dns.id": "0x00000f11", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.986233000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.986233000", + "frame.time_delta": "0.000610000", + "frame.time_delta_displayed": "0.000610000", + "frame.time_relative": "716.525547000", + "frame.number": "2506", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00002730", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000918a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "57893", + "udp.port": "53", + "udp.port": "57893", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "57" + }, + "dns": { + "dns.response_to": "2505", + "dns.time": "0.000610000", + "dns.id": "0x00000f11", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.987038000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.987038000", + "frame.time_delta": "0.000805000", + "frame.time_delta_displayed": "0.000805000", + "frame.time_relative": "716.526352000", + "frame.number": "2507", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000e7b2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d107", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "59712", + "udp.dstport": "53", + "udp.port": "59712", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000e7ea", + "udp.checksum.status": "2", + "udp.stream": "58" + }, + "dns": { + "dns.id": "0x00000f12", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.987547000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.987547000", + "frame.time_delta": "0.000509000", + "frame.time_delta_displayed": "0.000509000", + "frame.time_relative": "716.526861000", + "frame.number": "2508", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00002731", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009179", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "59712", + "udp.port": "53", + "udp.port": "59712", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "58" + }, + "dns": { + "dns.response_to": "2507", + "dns.time": "0.000509000", + "dns.id": "0x00000f12", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3070", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:27.988296000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494307.988296000", + "frame.time_delta": "0.000749000", + "frame.time_delta_displayed": "0.000749000", + "frame.time_relative": "716.527610000", + "frame.number": "2509", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001052", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000257e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35291", + "tcp.dstport": "80", + "tcp.port": "35291", + "tcp.port": "80", + "tcp.stream": "116", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000a553", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:28.120947000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494308.120947000", + "frame.time_delta": "0.132651000", + "frame.time_delta_displayed": "0.132651000", + "frame.time_relative": "716.660261000", + "frame.number": "2510", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a3c2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000e718", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35290", + "tcp.port": "80", + "tcp.port": "35290", + "tcp.stream": "115", + "tcp.len": "0", + "tcp.seq": "1621", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000097bf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2504", + "tcp.analysis.ack_rtt": "0.136304000", + "tcp.analysis.initial_rtt": "0.137197000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:28.123882000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494308.123882000", + "frame.time_delta": "0.002935000", + "frame.time_delta_displayed": "0.002935000", + "frame.time_relative": "716.663196000", + "frame.number": "2511", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x000054b7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000361c", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35291", + "tcp.port": "80", + "tcp.port": "35291", + "tcp.stream": "116", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x00000de5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2509", + "tcp.analysis.ack_rtt": "0.135586000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:28.124372000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494308.124372000", + "frame.time_delta": "0.000490000", + "frame.time_delta_displayed": "0.000490000", + "frame.time_relative": "716.663686000", + "frame.number": "2512", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001053", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002589", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35291", + "tcp.dstport": "80", + "tcp.port": "35291", + "tcp.port": "80", + "tcp.stream": "116", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000d773", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2511", + "tcp.analysis.ack_rtt": "0.000490000", + "tcp.analysis.initial_rtt": "0.136076000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:28.124386000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494308.124386000", + "frame.time_delta": "0.000014000", + "frame.time_delta_displayed": "0.000014000", + "frame.time_relative": "716.663700000", + "frame.number": "2513", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x00001054", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002330", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35291", + "tcp.dstport": "80", + "tcp.port": "35291", + "tcp.port": "80", + "tcp.stream": "116", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00007656", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136076000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:30:22:2c:20:4e:6f:6e:63:65:3d:22:53:57:71:36:6f:34:66:2f:31:45:65:37:49:4e:55:49:5a:79:50:79:31:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:36:67:67:55:30:57:67:4f:6c:76:55:42:4c:52:79:48:63:52:66:59:59:77:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:28.260711000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494308.260711000", + "frame.time_delta": "0.136325000", + "frame.time_delta_displayed": "0.136325000", + "frame.time_relative": "716.800025000", + "frame.number": "2514", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009413", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000f6c7", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35291", + "tcp.port": "80", + "tcp.port": "35291", + "tcp.stream": "116", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000034a8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2513", + "tcp.analysis.ack_rtt": "0.136325000", + "tcp.analysis.initial_rtt": "0.136076000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:28.261326000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494308.261326000", + "frame.time_delta": "0.000615000", + "frame.time_delta_displayed": "0.000615000", + "frame.time_relative": "716.800640000", + "frame.number": "2515", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x00001055", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000020a7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35291", + "tcp.dstport": "80", + "tcp.port": "35291", + "tcp.port": "80", + "tcp.stream": "116", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000fe72", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136076000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "3a:ff:58:84:05:05:40:e8:ad:48:d7:87:63:0f:14:07:f6:c4:e5:3e:ad:26:d6:64:e6:1a:59:6f:e9:fc:cc:a5:7f:aa:b5:92:f3:d7:6e:84:5c:8d:da:7c:ea:d7:b4:2c:d8:3d:88:cc:6c:cb:20:a2:48:04:b0:75:3c:98:33:15:91:35:26:42:1d:a0:b3:d4:b4:22:ea:00:bd:ab:ea:c1:c0:1e:1a:a1:4f:8f:84:f8:e7:a3:a0:fd:c1:c5:c4:1f:c6:e6:bd:af:92:b5:a2:b7:04:8e:4e:e6:4a:94:24:de:04:0e:4e:3a:5f:05:d0:14:38:f5:26:38:f8:e1:c8:ce:97:44:aa:83:3b:2d:39:64:36:60:23:e8:4d:40:a1:01:b8:3b:4e:c4:65:a7:fc:cc:04:c5:09:c9:50:d7:92:a5:ab:4e:7a:18:11:3b:e3:17:27:1b:8f:4e:e1:47:68:47:28:7d:87:44:3d:13:67:a7:66:0d:24:78:69:b7:1b:ca:a0:a8:86:f5:69:f4:eb:74:a1:aa:ef:8d:6d:46:07:e8:bf:89:82:65:0d:dc:8b:35:c1:d6:b1:27:55:3a:c5:76:a6:a3:46:c0:59:0c:05:4b:93:8a:43:3e:df:66:c2:40:3b:89:e6:55:9b:29:af:d6:30:56:91:60:1c:0e:fd:12:03:98:f2:b4:d4:b4:b7:6a:0d:f8:bc:11:25:ca:04:d1:5a:cd:a7:0f:a6:c2:8d:f0:27:ea:d5:60:ca:9d:3d:ce:12:78:90:ad:36:71:a7:3d:4c:79:90:8e:10:87:60:87:9d:93:78:9e:d3:77:d5:00:d1:bd:85:fe:96:c2:76:dd:8c:d9:cb:77:3a:18:09:45:36:dc:e2:76:2b:9a:40:d2:82:ec:04:c8:02:53:bd:c9:55:df:a9:62:2e:a1:cd:b9:d0:aa:82:8c:9e:f7:70:15:95:35:f2:94:ec:94:a0:b5:19:fb:bd:70:59:43:fc:0f:61:d7:d7:e7:fe:ef:21:d1:67:10:ab:3e:81:88:38:64:e5:e8:e0:cf:8a:67:30:96:25:ff:6d:40:a9:7b:e5:e1:45:4a:f7:b6:3a:22:25:99:ee:ac:ec:69:0f:dc:7d:08:57:20:77:98:01:a8:4d:14:fd:da:03:14:2b:ad:b3:8c:b4:01:72:e5:ae:42:41:72:56:0f:ce:a9:28:67:51:ad:ff:da:25:19:e3:c0:79:36:aa:93:1e:0a:a0:e6:7c:b3:2c:7c:c7:a9:20:05:ef:a6:30:3c:13:52:f8:ed:a4:fe:94:9d:c9:73:32:2e:3d:80:87:d3:43:de:f2:5c:29:be:71:73:f4:51:f4:aa:a1:51:2e:9c:3c:83:1a:bf:8d:1f:84:c8:16:0c:b0:91:00:1a:8f:74:c3:ed:3f:29:61:0a:12:b5:ff:28:85:2e:18:4b:58:0e:eb:50:be:1b:15:69:e5:d9:2a:ea:a6:ad:ce:da:d7:90:63:13:be:c8:08:9f:ad:3d:86:1f:59:1b:6f:44:25:5e:87:b9:05:bb:3e:41:c4:7b:ae:64:a7:49:42:22:ba:01:0b:67:52:ea:a0:95:68:41:04:0b:d6:28:d4:1e:ef:e1:1b:1a:ab:09:d0:8a:a6:ff:06:65:39:f5:dc:0a:15:ef:0c:a4:88:f0:ce:74:ae:f1:87:75:1f:a1:3e:ce:8f:0c:b0:8b:37:8d:7b:0e:6a:ef:16:0d:2d:03:76:10:71:20:f8:ea:4f:1b:20:af:7a:f5:ca:6e:55:2a:72:2f:3c:fb:3d:22:1d:be:a7:3e:e9:86:05:e0:c7:82:c4:52:7f:64:b9:7c:c0:26:2d:27:ab:c0:4c:cd:ea:ec:8d:d6:be:c9:2e:0e:6c:d6:a3:21:89:1e:71:7c:07:14:94:4e:03:89:6c:05:6d:7c:e7:3c:41:30:f5:58:f9:3e:0b:bb:08:f6:e8:c5:57:b9:bb:6f:8a:98:cb:23:8f:fb:a0:48:48:23:4c:11:03:0e:4f:4f:72:7a:82:3a:11:6b:25:60:23:cf:04:e6:e5:66:81:82:f3:53:ff:65:c6:ce:4e:85:32:a6:2e:e2:e9:65:97:fc:37:f9:5c:80:8c:8e:de:b0:37:75:d8:4b:1a:ab:47:9e:b4:5d:e4:74:76:8e:b9:c3:a5:9e:ea:12:40:78:00:e8:68:2d:f0:e7:6b:b5:16:81:f5:41:76:3b:69:c1:8a:8c:40:d9:ee:19:10:1e:2d:98:43:d7:6a:da:21:c5:9c:b0:e2:07:db:6a:eb:58:89:de:07:3d:4b:49:db:e2:0a:04:68:ab:93:63:f8:35:1a:43:94:a4:df:00:81:a7:37:a1:49:ef:bb:b9:65:0b:f9:93:56:bf:0d:10:85:a9:a5:0c:2d:8e:35:ba:c3:2e:b7:8a:3e:03:05:cd:9e:82:05:32:62:df:85:10:93:11:50:06:9d:ed:4a:0e:39:db:2e:62:a8:b0:e3:cd:28:bd:33:ad:a4:ad:1d:83:21:fa:99:06:8b:af:40:81:9d:4a:2d:d1:ac:8e:58:23:dd:01:95:95:9f:a9:f6:9f:0d:cf:ec:6d:2d:1d:76:2c:9c:16:9f:ab:2a:59:3c:b1:f3:68:f9:5b:ad:28:ff:83:29:e9:0e:0c:d6:79:1c:85:66:6a:49:0c:65:7a:22:10:7b:b6:6f:7e:c4:9a:12:1d:f6:2c:2f:62:0d:69:09:2e:c9:64:cf:6c:90:e0:3e:9f:b9:33:b9:38:e9:14:38:6b:d9:d6:06:f7:c7:7c:48:2e:8d:79:95:ec:3f:30:2b:34:fc:27:ae:69:f7:08:61:4d:66:26:9b:0b:31:36:b8:b8:db:e9:be:a0:31:4c:3f:8e:93:6a:8d:75:af:fa:43:5c:cd:79:85:dc:c1:91:90:e6:4c:bf:81:66:05:1f:2b:81:1f:f4:0f:29:ac:f0:79:91:04:98:69:9c:6d:44:2f:cf:0e:74:ef:cf:b6:65:28:89:3f:0f:e5:e6:c2:f4:3a:a5:ec:01:f3:83:19:62:a6:83:e6:89:58:18:6c:40:6d:36:79:28:94:89:b9:00:39:8a:11:94:9e:6a:99:ed:4b:5f:b9:3b:2b:0a:d3:8f:1f:e6:77:0f:b6:97:b3:c9:38:2c:10:7e:5f:3b:a7:8f:ad:5d:20:92:07:cc:92:31:49:dc:4d:75:a8:65:5c:f8:57:53:f7:ed:17:3d:46:76:0c:2c:66:32:b6:05:7f:89:89:15:19:a9:bd:a0:2a:79:09:48:d3:45:5f:0f:37:d8:ad:be:2d:31:34:06" + }, + "tcp.segments": { + "tcp.segment": "2513", + "tcp.segment": "2515", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:30:22:2c:20:4e:6f:6e:63:65:3d:22:53:57:71:36:6f:34:66:2f:31:45:65:37:49:4e:55:49:5a:79:50:79:31:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:36:67:67:55:30:57:67:4f:6c:76:55:42:4c:52:79:48:63:52:66:59:59:77:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:3a:ff:58:84:05:05:40:e8:ad:48:d7:87:63:0f:14:07:f6:c4:e5:3e:ad:26:d6:64:e6:1a:59:6f:e9:fc:cc:a5:7f:aa:b5:92:f3:d7:6e:84:5c:8d:da:7c:ea:d7:b4:2c:d8:3d:88:cc:6c:cb:20:a2:48:04:b0:75:3c:98:33:15:91:35:26:42:1d:a0:b3:d4:b4:22:ea:00:bd:ab:ea:c1:c0:1e:1a:a1:4f:8f:84:f8:e7:a3:a0:fd:c1:c5:c4:1f:c6:e6:bd:af:92:b5:a2:b7:04:8e:4e:e6:4a:94:24:de:04:0e:4e:3a:5f:05:d0:14:38:f5:26:38:f8:e1:c8:ce:97:44:aa:83:3b:2d:39:64:36:60:23:e8:4d:40:a1:01:b8:3b:4e:c4:65:a7:fc:cc:04:c5:09:c9:50:d7:92:a5:ab:4e:7a:18:11:3b:e3:17:27:1b:8f:4e:e1:47:68:47:28:7d:87:44:3d:13:67:a7:66:0d:24:78:69:b7:1b:ca:a0:a8:86:f5:69:f4:eb:74:a1:aa:ef:8d:6d:46:07:e8:bf:89:82:65:0d:dc:8b:35:c1:d6:b1:27:55:3a:c5:76:a6:a3:46:c0:59:0c:05:4b:93:8a:43:3e:df:66:c2:40:3b:89:e6:55:9b:29:af:d6:30:56:91:60:1c:0e:fd:12:03:98:f2:b4:d4:b4:b7:6a:0d:f8:bc:11:25:ca:04:d1:5a:cd:a7:0f:a6:c2:8d:f0:27:ea:d5:60:ca:9d:3d:ce:12:78:90:ad:36:71:a7:3d:4c:79:90:8e:10:87:60:87:9d:93:78:9e:d3:77:d5:00:d1:bd:85:fe:96:c2:76:dd:8c:d9:cb:77:3a:18:09:45:36:dc:e2:76:2b:9a:40:d2:82:ec:04:c8:02:53:bd:c9:55:df:a9:62:2e:a1:cd:b9:d0:aa:82:8c:9e:f7:70:15:95:35:f2:94:ec:94:a0:b5:19:fb:bd:70:59:43:fc:0f:61:d7:d7:e7:fe:ef:21:d1:67:10:ab:3e:81:88:38:64:e5:e8:e0:cf:8a:67:30:96:25:ff:6d:40:a9:7b:e5:e1:45:4a:f7:b6:3a:22:25:99:ee:ac:ec:69:0f:dc:7d:08:57:20:77:98:01:a8:4d:14:fd:da:03:14:2b:ad:b3:8c:b4:01:72:e5:ae:42:41:72:56:0f:ce:a9:28:67:51:ad:ff:da:25:19:e3:c0:79:36:aa:93:1e:0a:a0:e6:7c:b3:2c:7c:c7:a9:20:05:ef:a6:30:3c:13:52:f8:ed:a4:fe:94:9d:c9:73:32:2e:3d:80:87:d3:43:de:f2:5c:29:be:71:73:f4:51:f4:aa:a1:51:2e:9c:3c:83:1a:bf:8d:1f:84:c8:16:0c:b0:91:00:1a:8f:74:c3:ed:3f:29:61:0a:12:b5:ff:28:85:2e:18:4b:58:0e:eb:50:be:1b:15:69:e5:d9:2a:ea:a6:ad:ce:da:d7:90:63:13:be:c8:08:9f:ad:3d:86:1f:59:1b:6f:44:25:5e:87:b9:05:bb:3e:41:c4:7b:ae:64:a7:49:42:22:ba:01:0b:67:52:ea:a0:95:68:41:04:0b:d6:28:d4:1e:ef:e1:1b:1a:ab:09:d0:8a:a6:ff:06:65:39:f5:dc:0a:15:ef:0c:a4:88:f0:ce:74:ae:f1:87:75:1f:a1:3e:ce:8f:0c:b0:8b:37:8d:7b:0e:6a:ef:16:0d:2d:03:76:10:71:20:f8:ea:4f:1b:20:af:7a:f5:ca:6e:55:2a:72:2f:3c:fb:3d:22:1d:be:a7:3e:e9:86:05:e0:c7:82:c4:52:7f:64:b9:7c:c0:26:2d:27:ab:c0:4c:cd:ea:ec:8d:d6:be:c9:2e:0e:6c:d6:a3:21:89:1e:71:7c:07:14:94:4e:03:89:6c:05:6d:7c:e7:3c:41:30:f5:58:f9:3e:0b:bb:08:f6:e8:c5:57:b9:bb:6f:8a:98:cb:23:8f:fb:a0:48:48:23:4c:11:03:0e:4f:4f:72:7a:82:3a:11:6b:25:60:23:cf:04:e6:e5:66:81:82:f3:53:ff:65:c6:ce:4e:85:32:a6:2e:e2:e9:65:97:fc:37:f9:5c:80:8c:8e:de:b0:37:75:d8:4b:1a:ab:47:9e:b4:5d:e4:74:76:8e:b9:c3:a5:9e:ea:12:40:78:00:e8:68:2d:f0:e7:6b:b5:16:81:f5:41:76:3b:69:c1:8a:8c:40:d9:ee:19:10:1e:2d:98:43:d7:6a:da:21:c5:9c:b0:e2:07:db:6a:eb:58:89:de:07:3d:4b:49:db:e2:0a:04:68:ab:93:63:f8:35:1a:43:94:a4:df:00:81:a7:37:a1:49:ef:bb:b9:65:0b:f9:93:56:bf:0d:10:85:a9:a5:0c:2d:8e:35:ba:c3:2e:b7:8a:3e:03:05:cd:9e:82:05:32:62:df:85:10:93:11:50:06:9d:ed:4a:0e:39:db:2e:62:a8:b0:e3:cd:28:bd:33:ad:a4:ad:1d:83:21:fa:99:06:8b:af:40:81:9d:4a:2d:d1:ac:8e:58:23:dd:01:95:95:9f:a9:f6:9f:0d:cf:ec:6d:2d:1d:76:2c:9c:16:9f:ab:2a:59:3c:b1:f3:68:f9:5b:ad:28:ff:83:29:e9:0e:0c:d6:79:1c:85:66:6a:49:0c:65:7a:22:10:7b:b6:6f:7e:c4:9a:12:1d:f6:2c:2f:62:0d:69:09:2e:c9:64:cf:6c:90:e0:3e:9f:b9:33:b9:38:e9:14:38:6b:d9:d6:06:f7:c7:7c:48:2e:8d:79:95:ec:3f:30:2b:34:fc:27:ae:69:f7:08:61:4d:66:26:9b:0b:31:36:b8:b8:db:e9:be:a0:31:4c:3f:8e:93:6a:8d:75:af:fa:43:5c:cd:79:85:dc:c1:91:90:e6:4c:bf:81:66:05:1f:2b:81:1f:f4:0f:29:ac:f0:79:91:04:98:69:9c:6d:44:2f:cf:0e:74:ef:cf:b6:65:28:89:3f:0f:e5:e6:c2:f4:3a:a5:ec:01:f3:83:19:62:a6:83:e6:89:58:18:6c:40:6d:36:79:28:94:89:b9:00:39:8a:11:94:9e:6a:99:ed:4b:5f:b9:3b:2b:0a:d3:8f:1f:e6:77:0f:b6:97:b3:c9:38:2c:10:7e:5f:3b:a7:8f:ad:5d:20:92:07:cc:92:31:49:dc:4d:75:a8:65:5c:f8:57:53:f7:ed:17:3d:46:76:0c:2c:66:32:b6:05:7f:89:89:15:19:a9:bd:a0:2a:79:09:48:d3:45:5f:0f:37:d8:ad:be:2d:31:34:06" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"180\", Nonce=\"SWq6o4f\/1Ee7INUIZyPy1w==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"6ggU0WgOlvUBLRyHcRfYYw==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"180\", Nonce=\"SWq6o4f\/1Ee7INUIZyPy1w==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"6ggU0WgOlvUBLRyHcRfYYw==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": ":\u00ef\u00bf\u00bdX\u00ef\u00bf\u00bd\u0005\u0005@\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdH\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u000f\u0014\u0007\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd>\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bdd\u00ef\u00bf\u00bd\u001aYo\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdn\u00ef\u00bf\u00bd\\\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd,\u00ef\u00bf\u00bd=\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdl\u00ef\u00bf\u00bd \u00ef\u00bf\u00bdH\u0004\u00ef\u00bf\u00bdu<\u00ef\u00bf\u00bd3\u0015\u00ef\u00bf\u00bd5&B\u001d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "3a:ff:58:84:05:05:40:e8:ad:48:d7:87:63:0f:14:07:f6:c4:e5:3e:ad:26:d6:64:e6:1a:59:6f:e9:fc:cc:a5:7f:aa:b5:92:f3:d7:6e:84:5c:8d:da:7c:ea:d7:b4:2c:d8:3d:88:cc:6c:cb:20:a2:48:04:b0:75:3c:98:33:15:91:35:26:42:1d:a0:b3:d4:b4:22:ea:00:bd:ab:ea:c1:c0:1e:1a:a1:4f:8f:84:f8:e7:a3:a0:fd:c1:c5:c4:1f:c6:e6:bd:af:92:b5:a2:b7:04:8e:4e:e6:4a:94:24:de:04:0e:4e:3a:5f:05:d0:14:38:f5:26:38:f8:e1:c8:ce:97:44:aa:83:3b:2d:39:64:36:60:23:e8:4d:40:a1:01:b8:3b:4e:c4:65:a7:fc:cc:04:c5:09:c9:50:d7:92:a5:ab:4e:7a:18:11:3b:e3:17:27:1b:8f:4e:e1:47:68:47:28:7d:87:44:3d:13:67:a7:66:0d:24:78:69:b7:1b:ca:a0:a8:86:f5:69:f4:eb:74:a1:aa:ef:8d:6d:46:07:e8:bf:89:82:65:0d:dc:8b:35:c1:d6:b1:27:55:3a:c5:76:a6:a3:46:c0:59:0c:05:4b:93:8a:43:3e:df:66:c2:40:3b:89:e6:55:9b:29:af:d6:30:56:91:60:1c:0e:fd:12:03:98:f2:b4:d4:b4:b7:6a:0d:f8:bc:11:25:ca:04:d1:5a:cd:a7:0f:a6:c2:8d:f0:27:ea:d5:60:ca:9d:3d:ce:12:78:90:ad:36:71:a7:3d:4c:79:90:8e:10:87:60:87:9d:93:78:9e:d3:77:d5:00:d1:bd:85:fe:96:c2:76:dd:8c:d9:cb:77:3a:18:09:45:36:dc:e2:76:2b:9a:40:d2:82:ec:04:c8:02:53:bd:c9:55:df:a9:62:2e:a1:cd:b9:d0:aa:82:8c:9e:f7:70:15:95:35:f2:94:ec:94:a0:b5:19:fb:bd:70:59:43:fc:0f:61:d7:d7:e7:fe:ef:21:d1:67:10:ab:3e:81:88:38:64:e5:e8:e0:cf:8a:67:30:96:25:ff:6d:40:a9:7b:e5:e1:45:4a:f7:b6:3a:22:25:99:ee:ac:ec:69:0f:dc:7d:08:57:20:77:98:01:a8:4d:14:fd:da:03:14:2b:ad:b3:8c:b4:01:72:e5:ae:42:41:72:56:0f:ce:a9:28:67:51:ad:ff:da:25:19:e3:c0:79:36:aa:93:1e:0a:a0:e6:7c:b3:2c:7c:c7:a9:20:05:ef:a6:30:3c:13:52:f8:ed:a4:fe:94:9d:c9:73:32:2e:3d:80:87:d3:43:de:f2:5c:29:be:71:73:f4:51:f4:aa:a1:51:2e:9c:3c:83:1a:bf:8d:1f:84:c8:16:0c:b0:91:00:1a:8f:74:c3:ed:3f:29:61:0a:12:b5:ff:28:85:2e:18:4b:58:0e:eb:50:be:1b:15:69:e5:d9:2a:ea:a6:ad:ce:da:d7:90:63:13:be:c8:08:9f:ad:3d:86:1f:59:1b:6f:44:25:5e:87:b9:05:bb:3e:41:c4:7b:ae:64:a7:49:42:22:ba:01:0b:67:52:ea:a0:95:68:41:04:0b:d6:28:d4:1e:ef:e1:1b:1a:ab:09:d0:8a:a6:ff:06:65:39:f5:dc:0a:15:ef:0c:a4:88:f0:ce:74:ae:f1:87:75:1f:a1:3e:ce:8f:0c:b0:8b:37:8d:7b:0e:6a:ef:16:0d:2d:03:76:10:71:20:f8:ea:4f:1b:20:af:7a:f5:ca:6e:55:2a:72:2f:3c:fb:3d:22:1d:be:a7:3e:e9:86:05:e0:c7:82:c4:52:7f:64:b9:7c:c0:26:2d:27:ab:c0:4c:cd:ea:ec:8d:d6:be:c9:2e:0e:6c:d6:a3:21:89:1e:71:7c:07:14:94:4e:03:89:6c:05:6d:7c:e7:3c:41:30:f5:58:f9:3e:0b:bb:08:f6:e8:c5:57:b9:bb:6f:8a:98:cb:23:8f:fb:a0:48:48:23:4c:11:03:0e:4f:4f:72:7a:82:3a:11:6b:25:60:23:cf:04:e6:e5:66:81:82:f3:53:ff:65:c6:ce:4e:85:32:a6:2e:e2:e9:65:97:fc:37:f9:5c:80:8c:8e:de:b0:37:75:d8:4b:1a:ab:47:9e:b4:5d:e4:74:76:8e:b9:c3:a5:9e:ea:12:40:78:00:e8:68:2d:f0:e7:6b:b5:16:81:f5:41:76:3b:69:c1:8a:8c:40:d9:ee:19:10:1e:2d:98:43:d7:6a:da:21:c5:9c:b0:e2:07:db:6a:eb:58:89:de:07:3d:4b:49:db:e2:0a:04:68:ab:93:63:f8:35:1a:43:94:a4:df:00:81:a7:37:a1:49:ef:bb:b9:65:0b:f9:93:56:bf:0d:10:85:a9:a5:0c:2d:8e:35:ba:c3:2e:b7:8a:3e:03:05:cd:9e:82:05:32:62:df:85:10:93:11:50:06:9d:ed:4a:0e:39:db:2e:62:a8:b0:e3:cd:28:bd:33:ad:a4:ad:1d:83:21:fa:99:06:8b:af:40:81:9d:4a:2d:d1:ac:8e:58:23:dd:01:95:95:9f:a9:f6:9f:0d:cf:ec:6d:2d:1d:76:2c:9c:16:9f:ab:2a:59:3c:b1:f3:68:f9:5b:ad:28:ff:83:29:e9:0e:0c:d6:79:1c:85:66:6a:49:0c:65:7a:22:10:7b:b6:6f:7e:c4:9a:12:1d:f6:2c:2f:62:0d:69:09:2e:c9:64:cf:6c:90:e0:3e:9f:b9:33:b9:38:e9:14:38:6b:d9:d6:06:f7:c7:7c:48:2e:8d:79:95:ec:3f:30:2b:34:fc:27:ae:69:f7:08:61:4d:66:26:9b:0b:31:36:b8:b8:db:e9:be:a0:31:4c:3f:8e:93:6a:8d:75:af:fa:43:5c:cd:79:85:dc:c1:91:90:e6:4c:bf:81:66:05:1f:2b:81:1f:f4:0f:29:ac:f0:79:91:04:98:69:9c:6d:44:2f:cf:0e:74:ef:cf:b6:65:28:89:3f:0f:e5:e6:c2:f4:3a:a5:ec:01:f3:83:19:62:a6:83:e6:89:58:18:6c:40:6d:36:79:28:94:89:b9:00:39:8a:11:94:9e:6a:99:ed:4b:5f:b9:3b:2b:0a:d3:8f:1f:e6:77:0f:b6:97:b3:c9:38:2c:10:7e:5f:3b:a7:8f:ad:5d:20:92:07:cc:92:31:49:dc:4d:75:a8:65:5c:f8:57:53:f7:ed:17:3d:46:76:0c:2c:66:32:b6:05:7f:89:89:15:19:a9:bd:a0:2a:79:09:48:d3:45:5f:0f:37:d8:ad:be:2d:31:34:06" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:28.397191000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494308.397191000", + "frame.time_delta": "0.135865000", + "frame.time_delta_displayed": "0.135865000", + "frame.time_relative": "716.936505000", + "frame.number": "2516", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cf48", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000bb92", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35291", + "tcp.port": "80", + "tcp.port": "35291", + "tcp.stream": "116", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00002ae8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2515", + "tcp.analysis.ack_rtt": "0.135865000", + "tcp.analysis.initial_rtt": "0.136076000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:28.430570000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494308.430570000", + "frame.time_delta": "0.033379000", + "frame.time_delta_displayed": "0.033379000", + "frame.time_relative": "716.969884000", + "frame.number": "2517", + "frame.len": "925", + "frame.cap_len": "925", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "911", + "ip.id": "0x0000dcfb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000aa78", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35291", + "tcp.port": "80", + "tcp.port": "35291", + "tcp.stream": "116", + "tcp.len": "871", + "tcp.seq": "1", + "tcp.nxtseq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000cd2e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136076000", + "tcp.analysis.bytes_in_flight": "871", + "tcp.analysis.push_bytes_sent": "871" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_length_header": "560", + "http.content_length_header_tree": { + "http.content_length": "560" + }, + "http.response.line": "Content-Length: 560\r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Nonce=\"Y0rdoiCuG0i7INUI4LtGzw==\"", + "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"Y0rdoiCuG0i7INUI4LtGzw==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Tue, 31 Oct 2017 23:58:28 GMT", + "http.response.line": "Date: Tue, 31 Oct 2017 23:58:28 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.169244000", + "http.request_in": "2515", + "http.file_data": ":\u00ef\u00bf\u00bdX\u00ef\u00bf\u00bd\u0005\u0005@\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdH\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u000f\u0014\u0007\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd>\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bdd\u00ef\u00bf\u00bd\u001aYo\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd77\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdu\u00ef\u00bf\u00bd\fx\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bdX\u00ef\u00bf\u00bd0%\u00ef\u00bf\u00bd5\u00ef\u00bf\u00bdF\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd'\u0015\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bd,\u00ef\u00bf\u00bdI\u0003\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0013\u00ef\u00bf\u00bd\u0010\u0017p\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdh\u00ef\u00bf\u00bd5T-\u00ef\u00bf\u00bdW\u001d\u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd#\u001dYRH<\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdl\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|7\u00ef\u00bf\u00bd\u0006h\u00ef\u00bf\u00bdt\u00ef\u00bf\u00bdmA|\"R\u00ef\u00bf\u00bd\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd^\u00ef\u00bf\u00bdJw\u00ef\u00bf\u00bd,\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdtpG \u00ef\u00bf\u00bdm\u00ef\u00bf\u00bdK<\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdV\u00ef\u00bf\u00bdmgB\u00ef\u00bf\u00bdY3sK\"^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdL2\u0007\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdN7\tl)LjE0\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "3a:ff:58:84:05:05:40:e8:ad:48:d7:87:63:0f:14:07:f6:c4:e5:3e:ad:26:d6:64:e6:1a:59:6f:e9:fc:cc:a5:a7:37:37:b7:b1:e4:75:88:0c:78:a5:31:dd:58:b9:30:25:a4:35:ef:46:de:86:98:a8:b9:27:15:b8:da:53:a9:2c:e0:49:03:ff:c2:13:b1:10:17:70:ec:b0:72:b2:dc:68:bd:35:54:2d:93:57:1d:7f:f7:d0:23:1d:59:52:48:3c:a5:df:6c:de:7e:9b:fd:7c:37:f4:06:68:ec:74:cf:6d:41:7c:22:52:87:1f:ce:ff:e4:5e:e4:4a:77:f0:2c:ad:b2:74:70:47:20:f8:6d:83:4b:3c:c4:d4:b9:b7:ab:a8:e9:ac:ba:56:da:6d:67:42:fa:59:33:73:4b:22:5e:8b:b3:4c:32:07:a0:b5:4e:37:09:6c:29:4c:6a:45:30:d3:00:c0:6b:4f:5a:1a:11:6e:f5:ee:ca:31:ee:58:55:00:25:b3:c2:91:10:57:02:81:e7:79:db:6f:a0:c8:8b:1a:8f:fb:49:0d:ea:04:b5:fa:33:f4:5e:38:49:f7:ab:07:ee:e1:31:ed:b2:51:43:d5:3f:34:2c:5f:db:fb:e8:1e:9a:91:dd:d6:06:36:1d:f4:c9:a2:40:74:10:ee:b6:1f:3e:91:26:c5:79:4c:1b:bc:e7:bf:9a:4a:82:29:96:af:a9:1f:cd:9d:eb:9e:11:bb:86:da:e4:b3:02:6c:5c:29:d5:af:2d:28:0e:fa:2b:44:c1:99:ff:13:c5:ed:ab:e8:d5:ce:9e:8a:d4:c4:a2:dd:1b:0f:5f:ae:01:a5:0b:94:fe:6f:5c:39:ce:5e:51:7b:c4:f6:bf:76:97:a0:30:cd:2d:32:30:4f:20:fc:55:99:5b:a9:1a:9c:ad:14:04:fa:97:8b:17:b0:ee:4b:d2:69:ae:ef:ac:ce:8d:fd:d9:39:39:b3:5d:a6:1a:74:1c:11:ff:3a:35:43:be:e3:29:47:60:53:e5:43:5e:46:6a:8a:66:93:68:83:9e:c5:ae:78:d7:2e:41:6a:bd:18:71:06:a9:09:98:3a:3e:b5:0d:8b:63:ff:aa:ec:08:ca:71:b1:de:14:a3:55:b7:91:15:6d:17:29:22:68:d0:f0:96:b8:28:d6:e9:90:af:a0:78:8b:eb:31:65:ba:88:54:af:0e:15:1a:47:44:fe:09:b3:70:48:12:88:da:1a:6b:46:97:e0:b2:1c:41:18:c4:9c:f3:cd:6c:55:9a:9e:f1:ed:d7:c3:f4:12:13:2b:3a:fe:67:19:29:e9:04:77:80:d5:5f:20:67:f3:55:85:0b:16:5a:b6:78:ad:d1:2a:2d:7d:53:7a:61:17:ab:dd:77:b7:c4:50:30:78:08:7d:b2:ce:03:c2:3c:ad:a4:03:38:95:1e:4e:85:8b:5b:63:64:62:d4:7d:6c:c7:16:36:2e:17" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:28.430662000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494308.430662000", + "frame.time_delta": "0.000092000", + "frame.time_delta_displayed": "0.000092000", + "frame.time_relative": "716.969976000", + "frame.number": "2518", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000dcfd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000addd", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35291", + "tcp.port": "80", + "tcp.port": "35291", + "tcp.stream": "116", + "tcp.len": "0", + "tcp.seq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00002780", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:28.431127000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494308.431127000", + "frame.time_delta": "0.000465000", + "frame.time_delta_displayed": "0.000465000", + "frame.time_relative": "716.970441000", + "frame.number": "2519", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001056", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002586", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35291", + "tcp.dstport": "80", + "tcp.port": "35291", + "tcp.port": "80", + "tcp.stream": "116", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "872", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000c7cf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2517", + "tcp.analysis.ack_rtt": "0.000557000", + "tcp.analysis.initial_rtt": "0.136076000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:28.431775000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494308.431775000", + "frame.time_delta": "0.000648000", + "frame.time_delta_displayed": "0.000648000", + "frame.time_relative": "716.971089000", + "frame.number": "2520", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001057", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002585", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35291", + "tcp.dstport": "80", + "tcp.port": "35291", + "tcp.port": "80", + "tcp.stream": "116", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "873", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000c7cd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2518", + "tcp.analysis.ack_rtt": "0.001113000", + "tcp.analysis.initial_rtt": "0.136076000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:28.567233000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494308.567233000", + "frame.time_delta": "0.135458000", + "frame.time_delta_displayed": "0.135458000", + "frame.time_relative": "717.106547000", + "frame.number": "2521", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001ab6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00007025", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35291", + "tcp.port": "80", + "tcp.port": "35291", + "tcp.stream": "116", + "tcp.len": "0", + "tcp.seq": "873", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000277f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2520", + "tcp.analysis.ack_rtt": "0.135458000", + "tcp.analysis.initial_rtt": "0.136076000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:28.852438000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494308.852438000", + "frame.time_delta": "0.285205000", + "frame.time_delta_displayed": "0.285205000", + "frame.time_relative": "717.391752000", + "frame.number": "2522", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:28.904667000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494308.904667000", + "frame.time_delta": "0.052229000", + "frame.time_delta_displayed": "0.052229000", + "frame.time_relative": "717.443981000", + "frame.number": "2523", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00003233", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000a726", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:29.563379000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494309.563379000", + "frame.time_delta": "0.658712000", + "frame.time_delta_displayed": "0.658712000", + "frame.time_relative": "718.102693000", + "frame.number": "2524", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000e841", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d078", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58032", + "udp.dstport": "53", + "udp.port": "58032", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000d379", + "udp.checksum.status": "2", + "udp.stream": "59" + }, + "dns": { + "dns.id": "0x00000f13", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:29.563863000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494309.563863000", + "frame.time_delta": "0.000484000", + "frame.time_delta_displayed": "0.000484000", + "frame.time_relative": "718.103177000", + "frame.number": "2525", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00002777", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009143", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "58032", + "udp.port": "53", + "udp.port": "58032", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "59" + }, + "dns": { + "dns.response_to": "2524", + "dns.time": "0.000484000", + "dns.id": "0x00000f13", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:29.564696000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494309.564696000", + "frame.time_delta": "0.000833000", + "frame.time_delta_displayed": "0.000833000", + "frame.time_relative": "718.104010000", + "frame.number": "2526", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000e842", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d077", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "35396", + "udp.dstport": "53", + "udp.port": "35396", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x000046e5", + "udp.checksum.status": "2", + "udp.stream": "60" + }, + "dns": { + "dns.id": "0x00000f14", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:29.565109000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494309.565109000", + "frame.time_delta": "0.000413000", + "frame.time_delta_displayed": "0.000413000", + "frame.time_relative": "718.104423000", + "frame.number": "2527", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00002778", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009132", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "35396", + "udp.port": "53", + "udp.port": "35396", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "60" + }, + "dns": { + "dns.response_to": "2526", + "dns.time": "0.000413000", + "dns.id": "0x00000f14", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3068", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:29.566399000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494309.566399000", + "frame.time_delta": "0.001290000", + "frame.time_delta_displayed": "0.001290000", + "frame.time_relative": "718.105713000", + "frame.number": "2528", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00008134", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b49b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35292", + "tcp.dstport": "80", + "tcp.port": "35292", + "tcp.port": "80", + "tcp.stream": "117", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00007d97", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:29.701989000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494309.701989000", + "frame.time_delta": "0.135590000", + "frame.time_delta_displayed": "0.135590000", + "frame.time_relative": "718.241303000", + "frame.number": "2529", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x0000ffc6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00008b0c", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35292", + "tcp.port": "80", + "tcp.port": "35292", + "tcp.stream": "117", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x00004373", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2528", + "tcp.analysis.ack_rtt": "0.135590000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:29.702550000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494309.702550000", + "frame.time_delta": "0.000561000", + "frame.time_delta_displayed": "0.000561000", + "frame.time_relative": "718.241864000", + "frame.number": "2530", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008135", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b4a6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35292", + "tcp.dstport": "80", + "tcp.port": "35292", + "tcp.port": "80", + "tcp.stream": "117", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00000d02", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2529", + "tcp.analysis.ack_rtt": "0.000561000", + "tcp.analysis.initial_rtt": "0.136151000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:29.702928000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494309.702928000", + "frame.time_delta": "0.000378000", + "frame.time_delta_displayed": "0.000378000", + "frame.time_relative": "718.242242000", + "frame.number": "2531", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x00008136", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b24d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35292", + "tcp.dstport": "80", + "tcp.port": "35292", + "tcp.port": "80", + "tcp.stream": "117", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000043c6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136151000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:31:22:2c:20:4e:6f:6e:63:65:3d:22:59:30:72:64:6f:69:43:75:47:30:69:37:49:4e:55:49:34:4c:74:47:7a:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:68:6f:6c:79:4b:74:6d:36:31:46:66:5a:79:6e:50:4c:78:63:4d:55:4e:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:29.839128000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494309.839128000", + "frame.time_delta": "0.136200000", + "frame.time_delta_displayed": "0.136200000", + "frame.time_relative": "718.378442000", + "frame.number": "2532", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000398b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00005150", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35292", + "tcp.port": "80", + "tcp.port": "35292", + "tcp.stream": "117", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00006a36", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2531", + "tcp.analysis.ack_rtt": "0.136200000", + "tcp.analysis.initial_rtt": "0.136151000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:29.839754000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494309.839754000", + "frame.time_delta": "0.000626000", + "frame.time_delta_displayed": "0.000626000", + "frame.time_relative": "718.379068000", + "frame.number": "2533", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x00008137", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000afc4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35292", + "tcp.dstport": "80", + "tcp.port": "35292", + "tcp.port": "80", + "tcp.stream": "117", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000074d2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136151000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "da:62:51:2e:58:bd:19:b9:75:0c:2d:8f:53:8a:d8:31:af:9e:e7:24:47:20:7f:c1:8f:73:10:01:1b:e1:7e:c1:7c:d7:19:ce:c7:11:1a:f8:8d:bc:87:b4:ac:a5:72:3e:5f:02:a9:b6:bf:75:8d:aa:50:63:d4:69:34:29:b4:fd:e5:02:b5:ff:6c:b3:62:da:dd:d5:f3:d4:49:e3:c0:9d:f5:50:2a:3c:0a:48:83:f8:d1:2f:ec:ce:5d:1e:2d:0a:63:2f:37:3e:bb:b0:35:3b:85:18:e4:22:25:81:12:93:16:4b:d3:d6:a4:f7:77:68:08:6f:ac:7c:08:69:19:07:2d:de:24:94:49:9c:9d:fc:94:ec:52:bf:de:45:d5:46:4c:81:81:15:a6:51:1c:d3:21:40:2c:10:d8:a2:2e:9d:72:b6:8d:2e:47:bf:bb:4c:03:7e:e4:c7:6b:43:8e:89:c9:78:7d:22:cd:9c:b2:59:4c:05:6d:5d:25:d7:a5:33:67:1d:c3:85:79:24:23:74:ea:0f:76:7b:65:33:23:e6:83:70:ec:cf:d9:a8:49:3f:16:11:41:ad:ba:2d:d8:33:ee:95:7e:c6:97:e0:8c:6a:6e:73:43:48:6c:7c:d5:bb:44:66:8e:c1:0a:e4:a7:72:ac:c0:6f:de:fc:90:d2:65:5a:16:fe:0a:39:25:96:38:e4:92:25:ff:6f:42:8b:5e:12:19:e5:eb:54:6d:89:c0:cb:80:65:83:92:04:e0:48:63:18:14:da:7f:c5:41:3c:1f:5a:a7:66:35:ca:fb:ba:6d:69:55:f7:54:fa:10:a6:fc:fc:b8:16:12:0a:02:fd:b7:81:b3:ad:40:00:c3:e1:be:6c:a6:b4:ea:ab:b2:2a:13:f1:9b:ef:79:c3:2b:ee:ff:b4:06:95:26:79:74:1d:38:97:33:2a:98:93:e4:9c:92:7e:3b:08:69:e1:75:58:7e:1d:e2:e9:64:2b:1c:0f:67:d2:96:ae:48:4d:10:f2:94:a5:a5:dd:6e:b8:bd:04:29:e3:48:92:9e:bf:d1:5a:a9:c3:4e:28:ac:96:cc:6c:52:c0:8d:a9:2c:80:f4:66:7d:4b:95:38:3d:bd:83:a7:aa:05:1d:3c:32:f7:a7:5a:2e:1c:10:29:52:93:3a:89:c9:c6:c3:13:1a:35:4b:7a:b2:ef:be:63:67:62:fe:00:77:82:97:cc:6a:c8:60:5a:58:e7:53:10:8c:1b:26:4e:3c:8b:69:4c:dc:17:d5:32:5f:70:82:2e:56:a5:0d:bf:32:54:d2:3f:78:73:d9:2f:aa:b8:7a:d1:25:a3:52:49:b1:33:cf:0a:72:b3:f4:5f:68:da:f9:8b:a5:77:2c:cf:33:10:28:a6:86:de:86:fa:a5:27:b5:f7:cf:a0:42:d4:47:07:f8:e6:73:af:21:c2:90:59:4f:c6:1f:a7:58:a7:3c:1c:f4:ea:3e:d2:e1:42:8a:be:20:5b:0b:5a:8d:bd:e4:dd:9d:a4:98:dd:34:9f:ed:d9:7a:68:f0:36:6d:f9:02:91:d5:9f:c9:75:51:fe:d3:d1:f0:78:6f:a3:4e:0c:ee:67:c9:52:6e:25:44:92:e9:47:96:94:1f:30:17:56:a8:0d:09:03:94:6e:e0:26:3f:06:04:ca:33:9b:4c:29:0e:bd:c9:87:37:e4:ea:fb:2c:8b:4c:b1:29:a4:5e:7e:12:6c:fb:1e:71:88:ad:98:07:77:7e:83:39:9d:5a:c8:fa:6b:7b:46:56:9a:d3:d5:75:d3:74:3f:8f:01:88:fd:e1:dd:f2:ae:c6:e5:5e:39:a0:8f:44:93:61:9d:4f:83:01:6b:ef:4c:22:61:64:c3:3f:ce:a5:c0:97:6d:66:d7:63:30:3f:24:f6:24:24:81:24:1e:4e:c3:bc:99:5a:ef:e1:6f:09:99:2e:55:8c:34:35:0b:36:05:a7:77:f6:2a:ff:cd:83:60:05:da:8a:59:bb:4d:e9:82:39:52:c2:cc:39:5e:03:83:ac:74:1a:2a:bc:06:b9:c8:42:a8:ce:7e:e0:54:48:05:c1:da:ab:8b:50:cd:bb:38:e7:6e:58:3e:de:2b:aa:9f:99:64:bf:12:1a:ab:bf:73:3c:99:49:0c:67:66:14:d1:03:58:65:46:62:5c:3f:6d:3d:97:ce:59:de:d3:d2:c5:50:d8:c5:8b:0b:7f:c1:98:6a:df:3b:6a:b9:de:9a:86:d3:eb:7c:2d:da:6f:5f:0d:10:68:6c:f0:70:8a:84:1e:ff:4d:84:dd:ae:37:6f:b6:2c:3a:7c:67:32:ea:62:08:e5:10:88:06:c3:8b:6c:b7:c6:d2:e6:91:5a:aa:cb:28:0a:b3:ae:51:a1:fd:53:2c:fa:d8:12:3c:b9:b0:e8:30:11:9d:59:16:b0:64:d7:d7:c5:ed:b7:04:15:b2:a6:e9:b7:5d:4d:33:04:f3:ca:93:6d:63:86:33:7f:ea:7e:5a:d1:25:25:68:f2:64:81:cc:98:10:8e:3c:bf:f6:f1:de:f8:5f:12:28:18:7d:0b:f4:d2:59:ed:95:da:e7:e5:9c:4e:d5:b1:7e:c7:76:47:23:60:00:0a:f0:ea:27:35:21:f1:34:7f:16:44:bb:8a:9f:2a:c7:23:cd:3d:ea:bc:c0:15:6b:a8:66:92:cd:8f:c2:a8:31:21:5f:95:22:be:53:9d:b9:ec:bb:8b:a8:6a:5d:a2:83:8d:b1:b9:14:55:94:22:4a:4a:d0:1a:df:35:b1:50:3a:cd:9c:42:5f:7b:1b:59:42:7b:79:ea:66:16:10:08:1c:3d:76:1b:b9:6f:c8:25:f1:f6:33:9c:e7:0f:5a:8a:47:ee:81:ba:24:e8:0c:7c:df:19:5d:3f:b2:39:98:77:fe:9e:6e:b6:c0:a3:3b:37:eb:23:5a:51:04:dd:08:53:df:ce:4b:1b:91:8c:70:72:51:ae:03:85:d6:91:d1:16:69:a6:40:46:7d:da:a4:43:de:88:ae:e3:7c:04:42:49:57:de:89:7f:91:40:7a:5a:10:27:26:2c:b4:0c:8a:d0:a2:33:11:02:c2:58:2b:bc:bc:1a:96:18:ce:50:45:70:e5:aa:85:26:ee:1b:37:2c:4d:4b:be:5f:85:c6:24:a1:ae:38:46:2c:4e:83:aa:4c:4c:da:0a:d6:4a:72:22:7d:c2:f9:46:00:d4:8c:c3:dc:a5:71:e4:de:99:3e:37:a7:98:5b:3a:74:2f:00:cd:b1:8e:e0:e1:7a:6e:e7:f3:87:64:cf:d3:ab:e3:66:ad:8f:d5:c7:67" + }, + "tcp.segments": { + "tcp.segment": "2531", + "tcp.segment": "2533", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:31:22:2c:20:4e:6f:6e:63:65:3d:22:59:30:72:64:6f:69:43:75:47:30:69:37:49:4e:55:49:34:4c:74:47:7a:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:68:6f:6c:79:4b:74:6d:36:31:46:66:5a:79:6e:50:4c:78:63:4d:55:4e:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:da:62:51:2e:58:bd:19:b9:75:0c:2d:8f:53:8a:d8:31:af:9e:e7:24:47:20:7f:c1:8f:73:10:01:1b:e1:7e:c1:7c:d7:19:ce:c7:11:1a:f8:8d:bc:87:b4:ac:a5:72:3e:5f:02:a9:b6:bf:75:8d:aa:50:63:d4:69:34:29:b4:fd:e5:02:b5:ff:6c:b3:62:da:dd:d5:f3:d4:49:e3:c0:9d:f5:50:2a:3c:0a:48:83:f8:d1:2f:ec:ce:5d:1e:2d:0a:63:2f:37:3e:bb:b0:35:3b:85:18:e4:22:25:81:12:93:16:4b:d3:d6:a4:f7:77:68:08:6f:ac:7c:08:69:19:07:2d:de:24:94:49:9c:9d:fc:94:ec:52:bf:de:45:d5:46:4c:81:81:15:a6:51:1c:d3:21:40:2c:10:d8:a2:2e:9d:72:b6:8d:2e:47:bf:bb:4c:03:7e:e4:c7:6b:43:8e:89:c9:78:7d:22:cd:9c:b2:59:4c:05:6d:5d:25:d7:a5:33:67:1d:c3:85:79:24:23:74:ea:0f:76:7b:65:33:23:e6:83:70:ec:cf:d9:a8:49:3f:16:11:41:ad:ba:2d:d8:33:ee:95:7e:c6:97:e0:8c:6a:6e:73:43:48:6c:7c:d5:bb:44:66:8e:c1:0a:e4:a7:72:ac:c0:6f:de:fc:90:d2:65:5a:16:fe:0a:39:25:96:38:e4:92:25:ff:6f:42:8b:5e:12:19:e5:eb:54:6d:89:c0:cb:80:65:83:92:04:e0:48:63:18:14:da:7f:c5:41:3c:1f:5a:a7:66:35:ca:fb:ba:6d:69:55:f7:54:fa:10:a6:fc:fc:b8:16:12:0a:02:fd:b7:81:b3:ad:40:00:c3:e1:be:6c:a6:b4:ea:ab:b2:2a:13:f1:9b:ef:79:c3:2b:ee:ff:b4:06:95:26:79:74:1d:38:97:33:2a:98:93:e4:9c:92:7e:3b:08:69:e1:75:58:7e:1d:e2:e9:64:2b:1c:0f:67:d2:96:ae:48:4d:10:f2:94:a5:a5:dd:6e:b8:bd:04:29:e3:48:92:9e:bf:d1:5a:a9:c3:4e:28:ac:96:cc:6c:52:c0:8d:a9:2c:80:f4:66:7d:4b:95:38:3d:bd:83:a7:aa:05:1d:3c:32:f7:a7:5a:2e:1c:10:29:52:93:3a:89:c9:c6:c3:13:1a:35:4b:7a:b2:ef:be:63:67:62:fe:00:77:82:97:cc:6a:c8:60:5a:58:e7:53:10:8c:1b:26:4e:3c:8b:69:4c:dc:17:d5:32:5f:70:82:2e:56:a5:0d:bf:32:54:d2:3f:78:73:d9:2f:aa:b8:7a:d1:25:a3:52:49:b1:33:cf:0a:72:b3:f4:5f:68:da:f9:8b:a5:77:2c:cf:33:10:28:a6:86:de:86:fa:a5:27:b5:f7:cf:a0:42:d4:47:07:f8:e6:73:af:21:c2:90:59:4f:c6:1f:a7:58:a7:3c:1c:f4:ea:3e:d2:e1:42:8a:be:20:5b:0b:5a:8d:bd:e4:dd:9d:a4:98:dd:34:9f:ed:d9:7a:68:f0:36:6d:f9:02:91:d5:9f:c9:75:51:fe:d3:d1:f0:78:6f:a3:4e:0c:ee:67:c9:52:6e:25:44:92:e9:47:96:94:1f:30:17:56:a8:0d:09:03:94:6e:e0:26:3f:06:04:ca:33:9b:4c:29:0e:bd:c9:87:37:e4:ea:fb:2c:8b:4c:b1:29:a4:5e:7e:12:6c:fb:1e:71:88:ad:98:07:77:7e:83:39:9d:5a:c8:fa:6b:7b:46:56:9a:d3:d5:75:d3:74:3f:8f:01:88:fd:e1:dd:f2:ae:c6:e5:5e:39:a0:8f:44:93:61:9d:4f:83:01:6b:ef:4c:22:61:64:c3:3f:ce:a5:c0:97:6d:66:d7:63:30:3f:24:f6:24:24:81:24:1e:4e:c3:bc:99:5a:ef:e1:6f:09:99:2e:55:8c:34:35:0b:36:05:a7:77:f6:2a:ff:cd:83:60:05:da:8a:59:bb:4d:e9:82:39:52:c2:cc:39:5e:03:83:ac:74:1a:2a:bc:06:b9:c8:42:a8:ce:7e:e0:54:48:05:c1:da:ab:8b:50:cd:bb:38:e7:6e:58:3e:de:2b:aa:9f:99:64:bf:12:1a:ab:bf:73:3c:99:49:0c:67:66:14:d1:03:58:65:46:62:5c:3f:6d:3d:97:ce:59:de:d3:d2:c5:50:d8:c5:8b:0b:7f:c1:98:6a:df:3b:6a:b9:de:9a:86:d3:eb:7c:2d:da:6f:5f:0d:10:68:6c:f0:70:8a:84:1e:ff:4d:84:dd:ae:37:6f:b6:2c:3a:7c:67:32:ea:62:08:e5:10:88:06:c3:8b:6c:b7:c6:d2:e6:91:5a:aa:cb:28:0a:b3:ae:51:a1:fd:53:2c:fa:d8:12:3c:b9:b0:e8:30:11:9d:59:16:b0:64:d7:d7:c5:ed:b7:04:15:b2:a6:e9:b7:5d:4d:33:04:f3:ca:93:6d:63:86:33:7f:ea:7e:5a:d1:25:25:68:f2:64:81:cc:98:10:8e:3c:bf:f6:f1:de:f8:5f:12:28:18:7d:0b:f4:d2:59:ed:95:da:e7:e5:9c:4e:d5:b1:7e:c7:76:47:23:60:00:0a:f0:ea:27:35:21:f1:34:7f:16:44:bb:8a:9f:2a:c7:23:cd:3d:ea:bc:c0:15:6b:a8:66:92:cd:8f:c2:a8:31:21:5f:95:22:be:53:9d:b9:ec:bb:8b:a8:6a:5d:a2:83:8d:b1:b9:14:55:94:22:4a:4a:d0:1a:df:35:b1:50:3a:cd:9c:42:5f:7b:1b:59:42:7b:79:ea:66:16:10:08:1c:3d:76:1b:b9:6f:c8:25:f1:f6:33:9c:e7:0f:5a:8a:47:ee:81:ba:24:e8:0c:7c:df:19:5d:3f:b2:39:98:77:fe:9e:6e:b6:c0:a3:3b:37:eb:23:5a:51:04:dd:08:53:df:ce:4b:1b:91:8c:70:72:51:ae:03:85:d6:91:d1:16:69:a6:40:46:7d:da:a4:43:de:88:ae:e3:7c:04:42:49:57:de:89:7f:91:40:7a:5a:10:27:26:2c:b4:0c:8a:d0:a2:33:11:02:c2:58:2b:bc:bc:1a:96:18:ce:50:45:70:e5:aa:85:26:ee:1b:37:2c:4d:4b:be:5f:85:c6:24:a1:ae:38:46:2c:4e:83:aa:4c:4c:da:0a:d6:4a:72:22:7d:c2:f9:46:00:d4:8c:c3:dc:a5:71:e4:de:99:3e:37:a7:98:5b:3a:74:2f:00:cd:b1:8e:e0:e1:7a:6e:e7:f3:87:64:cf:d3:ab:e3:66:ad:8f:d5:c7:67" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"181\", Nonce=\"Y0rdoiCuG0i7INUI4LtGzw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"holyKtm61FfZynPLxcMUNA==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"181\", Nonce=\"Y0rdoiCuG0i7INUI4LtGzw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"holyKtm61FfZynPLxcMUNA==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "\u00ef\u00bf\u00bdbQ.X\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bdu\f-\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd$G \u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bds\u0010\u0001\u001b\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd|\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0011\u001a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr>_\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdu\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdPc\u00ef\u00bf\u00bdi4)\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdl\u00ef\u00bf\u00bdb\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdI\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdP*<\nH\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd]\u001e-\nc\/7>\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd5;\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bd\"%\u00ef\u00bf\u00bd\u0012\u00ef\u00bf\u00bd\u0016K\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdwh\bo\u00ef\u00bf\u00bd|\bi\u0019\u0007-\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bdI\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdR\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdE\u00ef\u00bf\u00bdFL\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0015\u00ef\u00bf\u00bdQ\u001c\u00ef\u00bf\u00bd!@,\u0010\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd.\u00ef\u00bf\u00bdr\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd.G\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdL\u0003~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdkC\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdx}\"\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdYL\u0005m]%\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd3g\u001d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdy$#t\u00ef\u00bf\u00bd\u000fv{e3#\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdp\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdI?\u0016\u0011A\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd-\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdjnsCHl|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdDf\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\n\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdo\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdeZ\u0016\u00ef\u00bf\u00bd\n9%\u00ef\u00bf\u00bd8\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bdoB\u00ef\u00bf\u00bd^\u0012\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdTm\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bde\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0004\u00ef\u00bf\u00bdHc\u0018\u0014\u00ef\u00bf\u00bd\u007f\u00ef\u00bf\u00bdA<\u001fZ\u00ef\u00bf\u00bdf5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdmiU\u00ef\u00bf\u00bdT\u00ef\u00bf\u00bd\u0010\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0016\u0012\n\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd@" + }, + "media": { + "media.type": "da:62:51:2e:58:bd:19:b9:75:0c:2d:8f:53:8a:d8:31:af:9e:e7:24:47:20:7f:c1:8f:73:10:01:1b:e1:7e:c1:7c:d7:19:ce:c7:11:1a:f8:8d:bc:87:b4:ac:a5:72:3e:5f:02:a9:b6:bf:75:8d:aa:50:63:d4:69:34:29:b4:fd:e5:02:b5:ff:6c:b3:62:da:dd:d5:f3:d4:49:e3:c0:9d:f5:50:2a:3c:0a:48:83:f8:d1:2f:ec:ce:5d:1e:2d:0a:63:2f:37:3e:bb:b0:35:3b:85:18:e4:22:25:81:12:93:16:4b:d3:d6:a4:f7:77:68:08:6f:ac:7c:08:69:19:07:2d:de:24:94:49:9c:9d:fc:94:ec:52:bf:de:45:d5:46:4c:81:81:15:a6:51:1c:d3:21:40:2c:10:d8:a2:2e:9d:72:b6:8d:2e:47:bf:bb:4c:03:7e:e4:c7:6b:43:8e:89:c9:78:7d:22:cd:9c:b2:59:4c:05:6d:5d:25:d7:a5:33:67:1d:c3:85:79:24:23:74:ea:0f:76:7b:65:33:23:e6:83:70:ec:cf:d9:a8:49:3f:16:11:41:ad:ba:2d:d8:33:ee:95:7e:c6:97:e0:8c:6a:6e:73:43:48:6c:7c:d5:bb:44:66:8e:c1:0a:e4:a7:72:ac:c0:6f:de:fc:90:d2:65:5a:16:fe:0a:39:25:96:38:e4:92:25:ff:6f:42:8b:5e:12:19:e5:eb:54:6d:89:c0:cb:80:65:83:92:04:e0:48:63:18:14:da:7f:c5:41:3c:1f:5a:a7:66:35:ca:fb:ba:6d:69:55:f7:54:fa:10:a6:fc:fc:b8:16:12:0a:02:fd:b7:81:b3:ad:40:00:c3:e1:be:6c:a6:b4:ea:ab:b2:2a:13:f1:9b:ef:79:c3:2b:ee:ff:b4:06:95:26:79:74:1d:38:97:33:2a:98:93:e4:9c:92:7e:3b:08:69:e1:75:58:7e:1d:e2:e9:64:2b:1c:0f:67:d2:96:ae:48:4d:10:f2:94:a5:a5:dd:6e:b8:bd:04:29:e3:48:92:9e:bf:d1:5a:a9:c3:4e:28:ac:96:cc:6c:52:c0:8d:a9:2c:80:f4:66:7d:4b:95:38:3d:bd:83:a7:aa:05:1d:3c:32:f7:a7:5a:2e:1c:10:29:52:93:3a:89:c9:c6:c3:13:1a:35:4b:7a:b2:ef:be:63:67:62:fe:00:77:82:97:cc:6a:c8:60:5a:58:e7:53:10:8c:1b:26:4e:3c:8b:69:4c:dc:17:d5:32:5f:70:82:2e:56:a5:0d:bf:32:54:d2:3f:78:73:d9:2f:aa:b8:7a:d1:25:a3:52:49:b1:33:cf:0a:72:b3:f4:5f:68:da:f9:8b:a5:77:2c:cf:33:10:28:a6:86:de:86:fa:a5:27:b5:f7:cf:a0:42:d4:47:07:f8:e6:73:af:21:c2:90:59:4f:c6:1f:a7:58:a7:3c:1c:f4:ea:3e:d2:e1:42:8a:be:20:5b:0b:5a:8d:bd:e4:dd:9d:a4:98:dd:34:9f:ed:d9:7a:68:f0:36:6d:f9:02:91:d5:9f:c9:75:51:fe:d3:d1:f0:78:6f:a3:4e:0c:ee:67:c9:52:6e:25:44:92:e9:47:96:94:1f:30:17:56:a8:0d:09:03:94:6e:e0:26:3f:06:04:ca:33:9b:4c:29:0e:bd:c9:87:37:e4:ea:fb:2c:8b:4c:b1:29:a4:5e:7e:12:6c:fb:1e:71:88:ad:98:07:77:7e:83:39:9d:5a:c8:fa:6b:7b:46:56:9a:d3:d5:75:d3:74:3f:8f:01:88:fd:e1:dd:f2:ae:c6:e5:5e:39:a0:8f:44:93:61:9d:4f:83:01:6b:ef:4c:22:61:64:c3:3f:ce:a5:c0:97:6d:66:d7:63:30:3f:24:f6:24:24:81:24:1e:4e:c3:bc:99:5a:ef:e1:6f:09:99:2e:55:8c:34:35:0b:36:05:a7:77:f6:2a:ff:cd:83:60:05:da:8a:59:bb:4d:e9:82:39:52:c2:cc:39:5e:03:83:ac:74:1a:2a:bc:06:b9:c8:42:a8:ce:7e:e0:54:48:05:c1:da:ab:8b:50:cd:bb:38:e7:6e:58:3e:de:2b:aa:9f:99:64:bf:12:1a:ab:bf:73:3c:99:49:0c:67:66:14:d1:03:58:65:46:62:5c:3f:6d:3d:97:ce:59:de:d3:d2:c5:50:d8:c5:8b:0b:7f:c1:98:6a:df:3b:6a:b9:de:9a:86:d3:eb:7c:2d:da:6f:5f:0d:10:68:6c:f0:70:8a:84:1e:ff:4d:84:dd:ae:37:6f:b6:2c:3a:7c:67:32:ea:62:08:e5:10:88:06:c3:8b:6c:b7:c6:d2:e6:91:5a:aa:cb:28:0a:b3:ae:51:a1:fd:53:2c:fa:d8:12:3c:b9:b0:e8:30:11:9d:59:16:b0:64:d7:d7:c5:ed:b7:04:15:b2:a6:e9:b7:5d:4d:33:04:f3:ca:93:6d:63:86:33:7f:ea:7e:5a:d1:25:25:68:f2:64:81:cc:98:10:8e:3c:bf:f6:f1:de:f8:5f:12:28:18:7d:0b:f4:d2:59:ed:95:da:e7:e5:9c:4e:d5:b1:7e:c7:76:47:23:60:00:0a:f0:ea:27:35:21:f1:34:7f:16:44:bb:8a:9f:2a:c7:23:cd:3d:ea:bc:c0:15:6b:a8:66:92:cd:8f:c2:a8:31:21:5f:95:22:be:53:9d:b9:ec:bb:8b:a8:6a:5d:a2:83:8d:b1:b9:14:55:94:22:4a:4a:d0:1a:df:35:b1:50:3a:cd:9c:42:5f:7b:1b:59:42:7b:79:ea:66:16:10:08:1c:3d:76:1b:b9:6f:c8:25:f1:f6:33:9c:e7:0f:5a:8a:47:ee:81:ba:24:e8:0c:7c:df:19:5d:3f:b2:39:98:77:fe:9e:6e:b6:c0:a3:3b:37:eb:23:5a:51:04:dd:08:53:df:ce:4b:1b:91:8c:70:72:51:ae:03:85:d6:91:d1:16:69:a6:40:46:7d:da:a4:43:de:88:ae:e3:7c:04:42:49:57:de:89:7f:91:40:7a:5a:10:27:26:2c:b4:0c:8a:d0:a2:33:11:02:c2:58:2b:bc:bc:1a:96:18:ce:50:45:70:e5:aa:85:26:ee:1b:37:2c:4d:4b:be:5f:85:c6:24:a1:ae:38:46:2c:4e:83:aa:4c:4c:da:0a:d6:4a:72:22:7d:c2:f9:46:00:d4:8c:c3:dc:a5:71:e4:de:99:3e:37:a7:98:5b:3a:74:2f:00:cd:b1:8e:e0:e1:7a:6e:e7:f3:87:64:cf:d3:ab:e3:66:ad:8f:d5:c7:67" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:29.988897000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494309.988897000", + "frame.time_delta": "0.149143000", + "frame.time_delta_displayed": "0.149143000", + "frame.time_relative": "718.528211000", + "frame.number": "2534", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000073ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000172f", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35292", + "tcp.port": "80", + "tcp.port": "35292", + "tcp.stream": "117", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00006076", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2533", + "tcp.analysis.ack_rtt": "0.149143000", + "tcp.analysis.initial_rtt": "0.136151000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:30.020598000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494310.020598000", + "frame.time_delta": "0.031701000", + "frame.time_delta_displayed": "0.031701000", + "frame.time_relative": "718.559912000", + "frame.number": "2535", + "frame.len": "925", + "frame.cap_len": "925", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "911", + "ip.id": "0x0000879a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000ffd9", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35292", + "tcp.port": "80", + "tcp.port": "35292", + "tcp.stream": "117", + "tcp.len": "871", + "tcp.seq": "1", + "tcp.nxtseq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000abfc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136151000", + "tcp.analysis.bytes_in_flight": "871", + "tcp.analysis.push_bytes_sent": "871" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_length_header": "560", + "http.content_length_header_tree": { + "http.content_length": "560" + }, + "http.response.line": "Content-Length: 560\r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Nonce=\"0GOOY\/BSD0m7INUI1NLMvQ==\"", + "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"0GOOY\/BSD0m7INUI1NLMvQ==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Tue, 31 Oct 2017 23:58:29 GMT", + "http.response.line": "Date: Tue, 31 Oct 2017 23:58:29 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.180844000", + "http.request_in": "2533", + "http.file_data": "\u00ef\u00bf\u00bdbQ.X\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bdu\f-\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd$G \u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bds\u0010\u0001\u001b\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd>\u001d\u00ef\u00bf\u00bdT\\,n.\u00ef\u00bf\u00bd\u001eU9\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdF\u00ef\u00bf\u00bd\u000fCRxnY\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd'9}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\rx\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdn,\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdi\u00ef\u00bf\u00bdi\u00ef\u00bf\u00bd}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0017*|\u00ef\u00bf\u00bd(\u00ef\u00bf\u00bdJE_U\u00ef\u00bf\u00bdjd\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0016\u00ef\u00bf\u00bd*(rO \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd:Di\u00ef\u00bf\u00bdYQ\u00ef\u00bf\u00bd\u001cK.\u001e\u00ef\u00bf\u00bdPF\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0007\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdf\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0004\u007fUvt\u00ef\u00bf\u00bdB\u00ef\u00bf\u00bdgH\u00ef\u00bf\u00bdE\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdul\u00ef\u00bf\u00bd-\u00ef\u00bf\u00bd<\u00ef\u00bf\u00bd{R\u00ef\u00bf\u00bd(\u00ef\u00bf\u00bda\u00ef\u00bf\u00bd\u0004\u00ef\u00bf\u00bdt@\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd%~\b\u00ef\u00bf\u00bd+@ .\u00ef\u00bf\u00bd[\u0018\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdl\u00ef\u00bf\u00bdm\u00ef\u00bf\u00bd\b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001b\u0007\u001fp\u00ef\u00bf\u00bd%&\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|;\u00ef\u00bf\u00bd=\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd\u0014+\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd-\u001e\u00ef\u00bf\u00bdI\u00ef\u00bf\u00bdl8\u00ef\u00bf\u00bdW\u00ef\u00bf\u00bdz\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bdy\u00ef\u00bf\u00bdt\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd>\u00ef\u00bf\u00bdP;\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdX\u0004+8\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdHI\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdoyf}<\\\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdf\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdZQ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bd^\u00ef\u00bf\u00bd\u0006x\u00ef\u00bf\u00bdG\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd!\u00ef\u00bf\u00bdNaUu\r\u00ef\u00bf\u00bd|~\u00ef\u00bf\u00bd\u0004q\u00ef\u00bf\u00bdz\u00ef\u00bf\u00bd\u00ef\u00bf\u00bda" + }, + "media": { + "media.type": "da:62:51:2e:58:bd:19:b9:75:0c:2d:8f:53:8a:d8:31:af:9e:e7:24:47:20:7f:c1:8f:73:10:01:1b:e1:7e:c1:ee:90:dd:e8:3e:1d:b3:54:5c:2c:6e:2e:b1:1e:55:39:fb:e1:a9:05:c8:b4:de:46:e1:0f:43:52:78:6e:59:8f:97:c5:95:fb:dc:27:39:7d:e1:a8:cc:8b:0d:78:c8:d8:bb:86:f1:b0:bc:6e:2c:e9:82:69:b8:69:95:7d:ae:94:b6:17:2a:7c:a2:28:d5:4a:45:5f:55:ac:6a:64:05:ed:b8:16:fc:2a:28:72:4f:20:87:94:3a:44:69:a7:59:51:f0:1c:4b:2e:1e:d0:50:46:d3:ac:07:ac:b1:88:af:66:c1:ca:ad:04:7f:55:76:74:b8:42:ae:67:48:a2:45:b2:92:d8:bb:75:6c:94:2d:f8:3c:b2:7b:52:d8:28:c7:61:f5:04:e1:74:40:e8:25:e6:db:25:7e:08:bb:2b:40:20:2e:bd:5b:18:88:b4:6c:de:6d:dd:08:94:fa:9d:1b:07:1f:70:c4:25:26:fb:99:7c:3b:91:3d:c0:03:9e:14:2b:a7:a5:c9:a1:2d:1e:92:49:ad:6c:38:ed:57:b5:7a:db:cb:6a:e6:b7:fb:b5:2f:a4:79:9b:74:b9:c5:3e:e2:50:3b:d6:85:bc:58:04:2b:38:cb:b1:48:49:8c:fa:b8:b0:f9:6f:79:66:7d:3c:5c:98:d0:66:f4:c5:6a:c3:dd:f2:5a:51:ec:ad:f8:6a:ec:5e:f8:06:78:a0:47:fb:e3:14:f0:fd:21:c8:4e:61:55:75:0d:8c:7c:7e:ae:04:71:a1:7a:bc:c3:61:00:f9:69:66:1f:82:6c:f5:6b:84:d1:5c:6f:ef:ae:ae:3d:e7:77:f1:c1:c4:a3:a2:8c:4f:ca:60:f7:5d:1e:ea:a7:47:e6:48:33:9a:13:85:7d:54:63:19:27:2e:bf:66:f0:26:2f:b1:c9:af:58:a6:da:44:0c:87:3f:9a:67:80:3a:08:31:82:43:32:a1:b5:79:2d:de:3f:f0:0d:b4:f9:62:a7:f2:d7:27:8c:22:66:d3:5e:fb:ba:7c:e4:dd:7a:40:da:a4:8b:9f:9f:34:95:a2:26:26:a3:f0:5d:02:5c:6f:c8:7f:b3:d5:c1:5c:ba:65:eb:e4:f6:3d:50:cf:20:30:3f:a7:05:da:0d:64:1e:c2:30:22:a7:57:36:17:89:df:c9:e3:13:fd:fc:67:af:17:af:44:9a:4c:2a:67:ad:dc:11:ca:68:60:6e:1d:ef:99:4e:0d:64:7f:ba:25:1d:ad:7c:52:26:d9:11:76:17:57:84:c8:bb:f1:7e:6d:06:b8:68:d3:1c:78:89:72:50:b5:e7:5b:fa:05:6c:dc:35:ff:8f:22:18:47:87:89:b1:7f:e2:85:13:cc:d4:34:76:da:47:b4:f1:ed:71:5e:5c:9a:4c:7c:b7" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:30.020665000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494310.020665000", + "frame.time_delta": "0.000067000", + "frame.time_delta_displayed": "0.000067000", + "frame.time_relative": "718.559979000", + "frame.number": "2536", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000879c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000033f", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35292", + "tcp.port": "80", + "tcp.port": "35292", + "tcp.stream": "117", + "tcp.len": "0", + "tcp.seq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00005d0e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:30.021130000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494310.021130000", + "frame.time_delta": "0.000465000", + "frame.time_delta_displayed": "0.000465000", + "frame.time_relative": "718.560444000", + "frame.number": "2537", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008138", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b4a3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35292", + "tcp.dstport": "80", + "tcp.port": "35292", + "tcp.port": "80", + "tcp.stream": "117", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "872", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000fd5d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2535", + "tcp.analysis.ack_rtt": "0.000532000", + "tcp.analysis.initial_rtt": "0.136151000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:30.021868000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494310.021868000", + "frame.time_delta": "0.000738000", + "frame.time_delta_displayed": "0.000738000", + "frame.time_relative": "718.561182000", + "frame.number": "2538", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008139", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b4a2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35292", + "tcp.dstport": "80", + "tcp.port": "35292", + "tcp.port": "80", + "tcp.stream": "117", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "873", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000fd5b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2536", + "tcp.analysis.ack_rtt": "0.001203000", + "tcp.analysis.initial_rtt": "0.136151000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:30.157300000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494310.157300000", + "frame.time_delta": "0.135432000", + "frame.time_delta_displayed": "0.135432000", + "frame.time_relative": "718.696614000", + "frame.number": "2539", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c169", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000c971", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35292", + "tcp.port": "80", + "tcp.port": "35292", + "tcp.stream": "117", + "tcp.len": "0", + "tcp.seq": "873", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00005d0d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2538", + "tcp.analysis.ack_rtt": "0.135432000", + "tcp.analysis.initial_rtt": "0.136151000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:31.568708000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494311.568708000", + "frame.time_delta": "1.411408000", + "frame.time_delta_displayed": "1.411408000", + "frame.time_relative": "720.108022000", + "frame.number": "2540", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000e8b4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d005", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51339", + "udp.dstport": "53", + "udp.port": "51339", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000ed9c", + "udp.checksum.status": "2", + "udp.stream": "61" + }, + "dns": { + "dns.id": "0x00000f15", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:31.569291000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494311.569291000", + "frame.time_delta": "0.000583000", + "frame.time_delta_displayed": "0.000583000", + "frame.time_relative": "720.108605000", + "frame.number": "2541", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000027d5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000090e5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "51339", + "udp.port": "53", + "udp.port": "51339", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "61" + }, + "dns": { + "dns.response_to": "2540", + "dns.time": "0.000583000", + "dns.id": "0x00000f15", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:31.570161000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494311.570161000", + "frame.time_delta": "0.000870000", + "frame.time_delta_displayed": "0.000870000", + "frame.time_relative": "720.109475000", + "frame.number": "2542", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000e8b5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d004", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "35453", + "udp.dstport": "53", + "udp.port": "35453", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x000046aa", + "udp.checksum.status": "2", + "udp.stream": "62" + }, + "dns": { + "dns.id": "0x00000f16", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:31.570675000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494311.570675000", + "frame.time_delta": "0.000514000", + "frame.time_delta_displayed": "0.000514000", + "frame.time_relative": "720.109989000", + "frame.number": "2543", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x000027d6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000090d4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "35453", + "udp.port": "53", + "udp.port": "35453", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "62" + }, + "dns": { + "dns.response_to": "2542", + "dns.time": "0.000514000", + "dns.id": "0x00000f16", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3066", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:31.571780000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494311.571780000", + "frame.time_delta": "0.001105000", + "frame.time_delta_displayed": "0.001105000", + "frame.time_relative": "720.111094000", + "frame.number": "2544", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000085f7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000afd8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35293", + "tcp.dstport": "80", + "tcp.port": "35293", + "tcp.port": "80", + "tcp.stream": "118", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00004936", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:31.707307000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494311.707307000", + "frame.time_delta": "0.135527000", + "frame.time_delta_displayed": "0.135527000", + "frame.time_relative": "720.246621000", + "frame.number": "2545", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x000010c1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00007a12", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35293", + "tcp.port": "80", + "tcp.port": "35293", + "tcp.stream": "118", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x00006471", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2544", + "tcp.analysis.ack_rtt": "0.135527000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:31.707856000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494311.707856000", + "frame.time_delta": "0.000549000", + "frame.time_delta_displayed": "0.000549000", + "frame.time_relative": "720.247170000", + "frame.number": "2546", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000085f8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000afe3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35293", + "tcp.dstport": "80", + "tcp.port": "35293", + "tcp.port": "80", + "tcp.stream": "118", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00002e00", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2545", + "tcp.analysis.ack_rtt": "0.000549000", + "tcp.analysis.initial_rtt": "0.136076000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:31.708167000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494311.708167000", + "frame.time_delta": "0.000311000", + "frame.time_delta_displayed": "0.000311000", + "frame.time_relative": "720.247481000", + "frame.number": "2547", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x000085f9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ad8a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35293", + "tcp.dstport": "80", + "tcp.port": "35293", + "tcp.port": "80", + "tcp.stream": "118", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000dc81", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136076000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:32:22:2c:20:4e:6f:6e:63:65:3d:22:30:47:4f:4f:59:2f:42:53:44:30:6d:37:49:4e:55:49:31:4e:4c:4d:76:51:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:70:4e:34:48:57:31:58:44:7a:49:79:64:73:6e:73:69:6a:41:31:68:52:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:31.844705000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494311.844705000", + "frame.time_delta": "0.136538000", + "frame.time_delta_displayed": "0.136538000", + "frame.time_relative": "720.384019000", + "frame.number": "2548", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004582", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00004559", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35293", + "tcp.port": "80", + "tcp.port": "35293", + "tcp.stream": "118", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008b34", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2547", + "tcp.analysis.ack_rtt": "0.136538000", + "tcp.analysis.initial_rtt": "0.136076000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:31.845328000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494311.845328000", + "frame.time_delta": "0.000623000", + "frame.time_delta_displayed": "0.000623000", + "frame.time_relative": "720.384642000", + "frame.number": "2549", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x000085fa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ab01", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35293", + "tcp.dstport": "80", + "tcp.port": "35293", + "tcp.port": "80", + "tcp.stream": "118", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000ee79", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136076000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "de:0e:db:db:57:82:e5:41:8b:b9:47:6d:6b:d9:72:39:c3:63:11:e4:ee:e1:70:7d:b2:6b:20:d5:e1:10:1e:94:79:78:26:ff:1e:de:c0:13:ef:b2:e7:3b:b1:3b:7b:82:65:8b:4f:8b:e8:ca:a1:60:cc:42:80:32:c4:a7:55:ee:3d:e5:5c:da:df:eb:10:fd:d0:d0:8c:29:df:23:ca:52:89:22:97:b8:ad:f0:00:6d:9d:1b:7e:2a:16:fb:3d:49:fe:07:82:98:6c:70:a0:5f:cc:24:4f:9e:99:33:54:e9:b5:37:1b:34:fb:f1:a7:49:e1:32:7a:3d:76:1d:70:63:8e:7b:3c:ce:f5:e4:ec:08:bd:38:ae:2a:3d:3f:ba:68:76:51:fc:64:dd:e3:56:60:eb:25:04:d1:63:a4:fc:88:a4:3a:76:30:84:0a:e1:3a:54:b7:ff:a1:fe:44:a0:c2:fa:b0:6c:4c:32:9f:4d:87:04:0b:b8:13:23:37:62:81:36:af:f2:c3:26:ce:d5:2d:36:14:58:f9:c7:e6:30:5d:72:da:f5:cd:7f:3b:d2:cc:5f:3d:78:53:1e:1b:22:39:d9:bc:a4:ff:5b:48:d8:54:ad:74:71:c7:bd:08:e2:9f:a6:b0:4c:a8:fb:03:17:ec:01:29:48:a9:60:e7:14:0c:04:4d:bf:46:88:e1:f8:a7:48:a3:64:a4:dd:c4:b1:1c:4b:22:8c:1c:cb:d2:e4:b8:49:65:ec:e6:54:68:cd:91:5c:80:b6:65:21:70:44:2d:7d:23:07:23:70:32:fb:87:55:5a:54:8a:47:62:2a:bf:3c:3a:13:35:e9:ca:b5:91:0f:77:73:a2:81:82:38:6b:09:a3:3e:2e:0c:99:ed:f3:5e:b4:7c:17:d4:e3:04:63:2c:62:78:96:8e:74:62:9d:fe:d4:15:a7:b9:8c:de:2b:7f:3a:54:17:14:c7:60:02:90:fd:8c:a4:c9:61:d9:de:d0:d4:3c:e9:01:4d:60:56:84:5f:96:bd:26:ee:79:d3:e8:ff:7a:4c:e0:e6:dd:af:85:f7:45:2a:e3:24:ab:77:72:7e:9f:25:f5:5b:c6:6d:f3:77:17:a0:9d:96:84:e7:89:db:2e:b1:a9:52:36:78:48:6e:b9:a8:80:aa:3f:dd:1f:08:14:f5:1b:b7:fa:77:65:cf:5a:15:d6:06:90:1b:7e:0c:c8:91:de:78:08:86:96:d8:17:f5:29:10:29:de:9c:e1:dd:f5:cd:b0:6b:7f:96:06:34:6f:11:54:03:8f:7e:9f:6b:7b:7d:cc:86:1c:3f:dc:55:f2:f8:21:7a:96:23:b6:ac:85:4c:cc:a6:14:8c:9d:47:7c:65:59:05:7f:84:e4:a0:70:1f:4b:a9:ac:5a:21:9b:6f:b9:03:25:d5:cb:43:36:3e:23:7f:7b:4d:a6:e6:2f:02:c5:15:9a:61:79:c6:bc:47:32:f3:f2:5c:8f:50:de:07:1e:6c:dc:36:9d:ca:b6:7a:31:02:3b:87:51:ab:c1:fd:38:87:ac:ec:54:95:d2:38:03:5e:67:f6:87:cf:bd:1d:4b:84:fa:e5:06:4e:8e:52:4c:e1:43:5c:53:b3:67:10:99:49:27:1a:4f:80:9e:4d:44:08:e0:ca:09:a6:7d:2f:0d:bd:cd:8e:2c:0a:7d:6f:a5:c7:07:fc:c5:e5:71:16:75:b3:31:28:24:33:60:34:a5:d6:b1:14:9f:ea:ba:af:a1:2b:64:c1:e2:2b:23:27:48:4d:cf:4b:db:e1:65:9e:c7:04:28:9f:50:4b:e9:38:2d:9f:cd:65:b7:bf:ce:7e:1b:fc:2d:b6:d3:52:c7:d6:56:fc:3e:1b:93:e5:ea:e3:64:ab:fd:01:e5:b8:28:84:cf:f8:ef:74:9c:ad:09:ee:e4:b8:9b:3f:5c:3b:b2:6f:e6:8e:eb:85:a9:b1:92:46:36:49:b7:6b:1f:c1:fc:6d:7b:29:c1:ad:6e:bd:02:f1:c0:bd:82:9e:77:bd:f1:d0:bc:e5:37:1e:72:5b:1e:a5:5c:08:b3:95:3e:06:e2:7b:8b:90:18:d9:2a:de:55:f6:1d:ff:2d:1a:55:17:59:0d:d6:07:bb:0b:c6:03:fb:ac:52:e1:af:0f:1e:3d:31:96:75:af:a4:b0:a5:3b:a1:52:12:a4:9e:d7:3a:af:9a:80:c5:97:4b:02:08:37:96:ab:01:79:5c:d5:8a:52:f4:aa:b1:b3:33:5c:e7:e7:fd:09:a7:f1:c1:82:fa:d0:a9:c7:5b:f1:34:44:2b:3c:6f:2d:d1:99:a9:ef:7f:63:28:ca:18:d5:bd:f6:63:e6:7e:ee:90:c1:74:aa:77:00:5b:d3:33:04:ec:88:c7:d0:ad:1e:67:d6:54:6d:36:6c:a2:e6:0e:33:5d:25:e0:1f:5f:fa:78:2a:6b:b3:9b:5b:87:ec:32:32:b6:0f:0f:5f:0b:92:b7:50:9e:11:79:ee:bb:bd:29:03:27:f5:c6:9c:25:58:19:b7:4f:6c:5f:e7:b6:bc:de:34:43:16:1e:05:18:80:8d:47:eb:87:16:1c:29:23:78:01:d3:92:20:a8:52:a7:e4:b3:df:4b:fe:ad:92:d4:a0:2f:44:69:95:74:87:82:c1:b9:6c:97:86:ae:1d:5c:e2:89:46:08:99:8f:7c:ac:fe:0d:c2:e8:25:91:30:c8:4f:ff:95:8e:af:22:35:20:8d:60:17:93:44:91:51:e8:6c:ae:3d:41:a2:fe:bd:ae:1a:82:af:d6:c2:7d:c5:30:43:9f:38:2c:62:cd:74:b4:5f:70:2b:8a:74:5a:70:80:b9:49:fe:ae:bb:af:a3:43:68:4b:0a:29:17:c1:43:7f:2c:ce:1b:23:66:8c:cd:3e:49:0e:df:03:a9:d6:09:a8:69:b9:85:c4:73:af:33:23:97:d4:0f:73:57:26:82:7d:2b:4d:01:f2:88:92:9d:36:f0:f6:e9:2d:e0:53:48:b0:85:cd:0b:fd:e7:4b:cf:d3:44:6a:55:68:d9:56:5a:27:f5:1f:e3:00:d9:d4:a5:59:92:d3:6f:2c:58:eb:0b:90:04:98:f4:a2:51:91:00:d6:cf:cd:dd:c7:29:13:85:cb:cc:d2:4a:9d:63:53:6f:9c:38:fa:d1:c0:0a:6c:07:72:1c:12:e3:5f:a8:be:1e:e1:38:14:cd:2d:53:9c:02:58:29:89:68:fe:79:ea:00:1f:02:b2:c1:7e:c5:6b:7e:11:18:39:fd:2a:96:c6:6e:4f:a7:45:a3:58:f9:c1:e3:eb:97:e4:5c:f7" + }, + "tcp.segments": { + "tcp.segment": "2547", + "tcp.segment": "2549", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:32:22:2c:20:4e:6f:6e:63:65:3d:22:30:47:4f:4f:59:2f:42:53:44:30:6d:37:49:4e:55:49:31:4e:4c:4d:76:51:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:70:4e:34:48:57:31:58:44:7a:49:79:64:73:6e:73:69:6a:41:31:68:52:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:de:0e:db:db:57:82:e5:41:8b:b9:47:6d:6b:d9:72:39:c3:63:11:e4:ee:e1:70:7d:b2:6b:20:d5:e1:10:1e:94:79:78:26:ff:1e:de:c0:13:ef:b2:e7:3b:b1:3b:7b:82:65:8b:4f:8b:e8:ca:a1:60:cc:42:80:32:c4:a7:55:ee:3d:e5:5c:da:df:eb:10:fd:d0:d0:8c:29:df:23:ca:52:89:22:97:b8:ad:f0:00:6d:9d:1b:7e:2a:16:fb:3d:49:fe:07:82:98:6c:70:a0:5f:cc:24:4f:9e:99:33:54:e9:b5:37:1b:34:fb:f1:a7:49:e1:32:7a:3d:76:1d:70:63:8e:7b:3c:ce:f5:e4:ec:08:bd:38:ae:2a:3d:3f:ba:68:76:51:fc:64:dd:e3:56:60:eb:25:04:d1:63:a4:fc:88:a4:3a:76:30:84:0a:e1:3a:54:b7:ff:a1:fe:44:a0:c2:fa:b0:6c:4c:32:9f:4d:87:04:0b:b8:13:23:37:62:81:36:af:f2:c3:26:ce:d5:2d:36:14:58:f9:c7:e6:30:5d:72:da:f5:cd:7f:3b:d2:cc:5f:3d:78:53:1e:1b:22:39:d9:bc:a4:ff:5b:48:d8:54:ad:74:71:c7:bd:08:e2:9f:a6:b0:4c:a8:fb:03:17:ec:01:29:48:a9:60:e7:14:0c:04:4d:bf:46:88:e1:f8:a7:48:a3:64:a4:dd:c4:b1:1c:4b:22:8c:1c:cb:d2:e4:b8:49:65:ec:e6:54:68:cd:91:5c:80:b6:65:21:70:44:2d:7d:23:07:23:70:32:fb:87:55:5a:54:8a:47:62:2a:bf:3c:3a:13:35:e9:ca:b5:91:0f:77:73:a2:81:82:38:6b:09:a3:3e:2e:0c:99:ed:f3:5e:b4:7c:17:d4:e3:04:63:2c:62:78:96:8e:74:62:9d:fe:d4:15:a7:b9:8c:de:2b:7f:3a:54:17:14:c7:60:02:90:fd:8c:a4:c9:61:d9:de:d0:d4:3c:e9:01:4d:60:56:84:5f:96:bd:26:ee:79:d3:e8:ff:7a:4c:e0:e6:dd:af:85:f7:45:2a:e3:24:ab:77:72:7e:9f:25:f5:5b:c6:6d:f3:77:17:a0:9d:96:84:e7:89:db:2e:b1:a9:52:36:78:48:6e:b9:a8:80:aa:3f:dd:1f:08:14:f5:1b:b7:fa:77:65:cf:5a:15:d6:06:90:1b:7e:0c:c8:91:de:78:08:86:96:d8:17:f5:29:10:29:de:9c:e1:dd:f5:cd:b0:6b:7f:96:06:34:6f:11:54:03:8f:7e:9f:6b:7b:7d:cc:86:1c:3f:dc:55:f2:f8:21:7a:96:23:b6:ac:85:4c:cc:a6:14:8c:9d:47:7c:65:59:05:7f:84:e4:a0:70:1f:4b:a9:ac:5a:21:9b:6f:b9:03:25:d5:cb:43:36:3e:23:7f:7b:4d:a6:e6:2f:02:c5:15:9a:61:79:c6:bc:47:32:f3:f2:5c:8f:50:de:07:1e:6c:dc:36:9d:ca:b6:7a:31:02:3b:87:51:ab:c1:fd:38:87:ac:ec:54:95:d2:38:03:5e:67:f6:87:cf:bd:1d:4b:84:fa:e5:06:4e:8e:52:4c:e1:43:5c:53:b3:67:10:99:49:27:1a:4f:80:9e:4d:44:08:e0:ca:09:a6:7d:2f:0d:bd:cd:8e:2c:0a:7d:6f:a5:c7:07:fc:c5:e5:71:16:75:b3:31:28:24:33:60:34:a5:d6:b1:14:9f:ea:ba:af:a1:2b:64:c1:e2:2b:23:27:48:4d:cf:4b:db:e1:65:9e:c7:04:28:9f:50:4b:e9:38:2d:9f:cd:65:b7:bf:ce:7e:1b:fc:2d:b6:d3:52:c7:d6:56:fc:3e:1b:93:e5:ea:e3:64:ab:fd:01:e5:b8:28:84:cf:f8:ef:74:9c:ad:09:ee:e4:b8:9b:3f:5c:3b:b2:6f:e6:8e:eb:85:a9:b1:92:46:36:49:b7:6b:1f:c1:fc:6d:7b:29:c1:ad:6e:bd:02:f1:c0:bd:82:9e:77:bd:f1:d0:bc:e5:37:1e:72:5b:1e:a5:5c:08:b3:95:3e:06:e2:7b:8b:90:18:d9:2a:de:55:f6:1d:ff:2d:1a:55:17:59:0d:d6:07:bb:0b:c6:03:fb:ac:52:e1:af:0f:1e:3d:31:96:75:af:a4:b0:a5:3b:a1:52:12:a4:9e:d7:3a:af:9a:80:c5:97:4b:02:08:37:96:ab:01:79:5c:d5:8a:52:f4:aa:b1:b3:33:5c:e7:e7:fd:09:a7:f1:c1:82:fa:d0:a9:c7:5b:f1:34:44:2b:3c:6f:2d:d1:99:a9:ef:7f:63:28:ca:18:d5:bd:f6:63:e6:7e:ee:90:c1:74:aa:77:00:5b:d3:33:04:ec:88:c7:d0:ad:1e:67:d6:54:6d:36:6c:a2:e6:0e:33:5d:25:e0:1f:5f:fa:78:2a:6b:b3:9b:5b:87:ec:32:32:b6:0f:0f:5f:0b:92:b7:50:9e:11:79:ee:bb:bd:29:03:27:f5:c6:9c:25:58:19:b7:4f:6c:5f:e7:b6:bc:de:34:43:16:1e:05:18:80:8d:47:eb:87:16:1c:29:23:78:01:d3:92:20:a8:52:a7:e4:b3:df:4b:fe:ad:92:d4:a0:2f:44:69:95:74:87:82:c1:b9:6c:97:86:ae:1d:5c:e2:89:46:08:99:8f:7c:ac:fe:0d:c2:e8:25:91:30:c8:4f:ff:95:8e:af:22:35:20:8d:60:17:93:44:91:51:e8:6c:ae:3d:41:a2:fe:bd:ae:1a:82:af:d6:c2:7d:c5:30:43:9f:38:2c:62:cd:74:b4:5f:70:2b:8a:74:5a:70:80:b9:49:fe:ae:bb:af:a3:43:68:4b:0a:29:17:c1:43:7f:2c:ce:1b:23:66:8c:cd:3e:49:0e:df:03:a9:d6:09:a8:69:b9:85:c4:73:af:33:23:97:d4:0f:73:57:26:82:7d:2b:4d:01:f2:88:92:9d:36:f0:f6:e9:2d:e0:53:48:b0:85:cd:0b:fd:e7:4b:cf:d3:44:6a:55:68:d9:56:5a:27:f5:1f:e3:00:d9:d4:a5:59:92:d3:6f:2c:58:eb:0b:90:04:98:f4:a2:51:91:00:d6:cf:cd:dd:c7:29:13:85:cb:cc:d2:4a:9d:63:53:6f:9c:38:fa:d1:c0:0a:6c:07:72:1c:12:e3:5f:a8:be:1e:e1:38:14:cd:2d:53:9c:02:58:29:89:68:fe:79:ea:00:1f:02:b2:c1:7e:c5:6b:7e:11:18:39:fd:2a:96:c6:6e:4f:a7:45:a3:58:f9:c1:e3:eb:97:e4:5c:f7" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"182\", Nonce=\"0GOOY\/BSD0m7INUI1NLMvQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"pN4HW1XDzIydsnsijA1hRg==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"182\", Nonce=\"0GOOY\/BSD0m7INUI1NLMvQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"pN4HW1XDzIydsnsijA1hRg==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdW\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdA\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdGmk\u00ef\u00bf\u00bdr9\u00ef\u00bf\u00bdc\u0011\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdp}\u00ef\u00bf\u00bdk \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0010\u001e\u00ef\u00bf\u00bdyx&\u00ef\u00bf\u00bd\u001e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0013\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd;\u00ef\u00bf\u00bd;{\u00ef\u00bf\u00bde\u00ef\u00bf\u00bdO\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd`\u00ef\u00bf\u00bdB\u00ef\u00bf\u00bd2\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdU\u00ef\u00bf\u00bd=\u00ef\u00bf\u00bd\\\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0010\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd)\u00ef\u00bf\u00bd#\u00ef\u00bf\u00bdR\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "de:0e:db:db:57:82:e5:41:8b:b9:47:6d:6b:d9:72:39:c3:63:11:e4:ee:e1:70:7d:b2:6b:20:d5:e1:10:1e:94:79:78:26:ff:1e:de:c0:13:ef:b2:e7:3b:b1:3b:7b:82:65:8b:4f:8b:e8:ca:a1:60:cc:42:80:32:c4:a7:55:ee:3d:e5:5c:da:df:eb:10:fd:d0:d0:8c:29:df:23:ca:52:89:22:97:b8:ad:f0:00:6d:9d:1b:7e:2a:16:fb:3d:49:fe:07:82:98:6c:70:a0:5f:cc:24:4f:9e:99:33:54:e9:b5:37:1b:34:fb:f1:a7:49:e1:32:7a:3d:76:1d:70:63:8e:7b:3c:ce:f5:e4:ec:08:bd:38:ae:2a:3d:3f:ba:68:76:51:fc:64:dd:e3:56:60:eb:25:04:d1:63:a4:fc:88:a4:3a:76:30:84:0a:e1:3a:54:b7:ff:a1:fe:44:a0:c2:fa:b0:6c:4c:32:9f:4d:87:04:0b:b8:13:23:37:62:81:36:af:f2:c3:26:ce:d5:2d:36:14:58:f9:c7:e6:30:5d:72:da:f5:cd:7f:3b:d2:cc:5f:3d:78:53:1e:1b:22:39:d9:bc:a4:ff:5b:48:d8:54:ad:74:71:c7:bd:08:e2:9f:a6:b0:4c:a8:fb:03:17:ec:01:29:48:a9:60:e7:14:0c:04:4d:bf:46:88:e1:f8:a7:48:a3:64:a4:dd:c4:b1:1c:4b:22:8c:1c:cb:d2:e4:b8:49:65:ec:e6:54:68:cd:91:5c:80:b6:65:21:70:44:2d:7d:23:07:23:70:32:fb:87:55:5a:54:8a:47:62:2a:bf:3c:3a:13:35:e9:ca:b5:91:0f:77:73:a2:81:82:38:6b:09:a3:3e:2e:0c:99:ed:f3:5e:b4:7c:17:d4:e3:04:63:2c:62:78:96:8e:74:62:9d:fe:d4:15:a7:b9:8c:de:2b:7f:3a:54:17:14:c7:60:02:90:fd:8c:a4:c9:61:d9:de:d0:d4:3c:e9:01:4d:60:56:84:5f:96:bd:26:ee:79:d3:e8:ff:7a:4c:e0:e6:dd:af:85:f7:45:2a:e3:24:ab:77:72:7e:9f:25:f5:5b:c6:6d:f3:77:17:a0:9d:96:84:e7:89:db:2e:b1:a9:52:36:78:48:6e:b9:a8:80:aa:3f:dd:1f:08:14:f5:1b:b7:fa:77:65:cf:5a:15:d6:06:90:1b:7e:0c:c8:91:de:78:08:86:96:d8:17:f5:29:10:29:de:9c:e1:dd:f5:cd:b0:6b:7f:96:06:34:6f:11:54:03:8f:7e:9f:6b:7b:7d:cc:86:1c:3f:dc:55:f2:f8:21:7a:96:23:b6:ac:85:4c:cc:a6:14:8c:9d:47:7c:65:59:05:7f:84:e4:a0:70:1f:4b:a9:ac:5a:21:9b:6f:b9:03:25:d5:cb:43:36:3e:23:7f:7b:4d:a6:e6:2f:02:c5:15:9a:61:79:c6:bc:47:32:f3:f2:5c:8f:50:de:07:1e:6c:dc:36:9d:ca:b6:7a:31:02:3b:87:51:ab:c1:fd:38:87:ac:ec:54:95:d2:38:03:5e:67:f6:87:cf:bd:1d:4b:84:fa:e5:06:4e:8e:52:4c:e1:43:5c:53:b3:67:10:99:49:27:1a:4f:80:9e:4d:44:08:e0:ca:09:a6:7d:2f:0d:bd:cd:8e:2c:0a:7d:6f:a5:c7:07:fc:c5:e5:71:16:75:b3:31:28:24:33:60:34:a5:d6:b1:14:9f:ea:ba:af:a1:2b:64:c1:e2:2b:23:27:48:4d:cf:4b:db:e1:65:9e:c7:04:28:9f:50:4b:e9:38:2d:9f:cd:65:b7:bf:ce:7e:1b:fc:2d:b6:d3:52:c7:d6:56:fc:3e:1b:93:e5:ea:e3:64:ab:fd:01:e5:b8:28:84:cf:f8:ef:74:9c:ad:09:ee:e4:b8:9b:3f:5c:3b:b2:6f:e6:8e:eb:85:a9:b1:92:46:36:49:b7:6b:1f:c1:fc:6d:7b:29:c1:ad:6e:bd:02:f1:c0:bd:82:9e:77:bd:f1:d0:bc:e5:37:1e:72:5b:1e:a5:5c:08:b3:95:3e:06:e2:7b:8b:90:18:d9:2a:de:55:f6:1d:ff:2d:1a:55:17:59:0d:d6:07:bb:0b:c6:03:fb:ac:52:e1:af:0f:1e:3d:31:96:75:af:a4:b0:a5:3b:a1:52:12:a4:9e:d7:3a:af:9a:80:c5:97:4b:02:08:37:96:ab:01:79:5c:d5:8a:52:f4:aa:b1:b3:33:5c:e7:e7:fd:09:a7:f1:c1:82:fa:d0:a9:c7:5b:f1:34:44:2b:3c:6f:2d:d1:99:a9:ef:7f:63:28:ca:18:d5:bd:f6:63:e6:7e:ee:90:c1:74:aa:77:00:5b:d3:33:04:ec:88:c7:d0:ad:1e:67:d6:54:6d:36:6c:a2:e6:0e:33:5d:25:e0:1f:5f:fa:78:2a:6b:b3:9b:5b:87:ec:32:32:b6:0f:0f:5f:0b:92:b7:50:9e:11:79:ee:bb:bd:29:03:27:f5:c6:9c:25:58:19:b7:4f:6c:5f:e7:b6:bc:de:34:43:16:1e:05:18:80:8d:47:eb:87:16:1c:29:23:78:01:d3:92:20:a8:52:a7:e4:b3:df:4b:fe:ad:92:d4:a0:2f:44:69:95:74:87:82:c1:b9:6c:97:86:ae:1d:5c:e2:89:46:08:99:8f:7c:ac:fe:0d:c2:e8:25:91:30:c8:4f:ff:95:8e:af:22:35:20:8d:60:17:93:44:91:51:e8:6c:ae:3d:41:a2:fe:bd:ae:1a:82:af:d6:c2:7d:c5:30:43:9f:38:2c:62:cd:74:b4:5f:70:2b:8a:74:5a:70:80:b9:49:fe:ae:bb:af:a3:43:68:4b:0a:29:17:c1:43:7f:2c:ce:1b:23:66:8c:cd:3e:49:0e:df:03:a9:d6:09:a8:69:b9:85:c4:73:af:33:23:97:d4:0f:73:57:26:82:7d:2b:4d:01:f2:88:92:9d:36:f0:f6:e9:2d:e0:53:48:b0:85:cd:0b:fd:e7:4b:cf:d3:44:6a:55:68:d9:56:5a:27:f5:1f:e3:00:d9:d4:a5:59:92:d3:6f:2c:58:eb:0b:90:04:98:f4:a2:51:91:00:d6:cf:cd:dd:c7:29:13:85:cb:cc:d2:4a:9d:63:53:6f:9c:38:fa:d1:c0:0a:6c:07:72:1c:12:e3:5f:a8:be:1e:e1:38:14:cd:2d:53:9c:02:58:29:89:68:fe:79:ea:00:1f:02:b2:c1:7e:c5:6b:7e:11:18:39:fd:2a:96:c6:6e:4f:a7:45:a3:58:f9:c1:e3:eb:97:e4:5c:f7" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:31.980929000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494311.980929000", + "frame.time_delta": "0.135601000", + "frame.time_delta_displayed": "0.135601000", + "frame.time_relative": "720.520243000", + "frame.number": "2550", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000796e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000116d", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35293", + "tcp.port": "80", + "tcp.port": "35293", + "tcp.stream": "118", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008174", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2549", + "tcp.analysis.ack_rtt": "0.135601000", + "tcp.analysis.initial_rtt": "0.136076000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:32.012911000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494312.012911000", + "frame.time_delta": "0.031982000", + "frame.time_delta_displayed": "0.031982000", + "frame.time_relative": "720.552225000", + "frame.number": "2551", + "frame.len": "925", + "frame.cap_len": "925", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "911", + "ip.id": "0x000085f5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000017f", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35293", + "tcp.port": "80", + "tcp.port": "35293", + "tcp.stream": "118", + "tcp.len": "871", + "tcp.seq": "1", + "tcp.nxtseq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000c04d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136076000", + "tcp.analysis.bytes_in_flight": "871", + "tcp.analysis.push_bytes_sent": "871" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_length_header": "560", + "http.content_length_header_tree": { + "http.content_length": "560" + }, + "http.response.line": "Content-Length: 560\r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Nonce=\"PpNw5lBXOEq7INUImzY0+w==\"", + "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"PpNw5lBXOEq7INUImzY0+w==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Tue, 31 Oct 2017 23:58:31 GMT", + "http.response.line": "Date: Tue, 31 Oct 2017 23:58:31 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.167583000", + "http.request_in": "2549", + "http.file_data": "\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdW\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdA\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdGmk\u00ef\u00bf\u00bdr9\u00ef\u00bf\u00bdc\u0011\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdp}\u00ef\u00bf\u00bdk \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0010\u001e\u00ef\u00bf\u00bdIi\u00177-<w\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001a\n\u00ef\u00bf\u00bdlr{\u001a8p\b\u00ef\u00bf\u00bdj:\u0017'A'\u00ef\u00bf\u00bd\f9;\u001c\u00ef\u00bf\u00bd4\/\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd \u00ef\u00bf\u00bdy`kI\u00ef\u00bf\u00bd\u001b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\\\u0013\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001ee\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd$F\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0004\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bdo\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdM\u00ef\u00bf\u00bd%\\Y\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00052\u0011" + }, + "media": { + "media.type": "de:0e:db:db:57:82:e5:41:8b:b9:47:6d:6b:d9:72:39:c3:63:11:e4:ee:e1:70:7d:b2:6b:20:d5:e1:10:1e:94:49:69:17:37:2d:3c:77:d1:be:9a:1a:0a:ee:6c:72:7b:1a:38:70:08:b8:6a:3a:17:27:41:27:a0:0c:39:3b:1c:da:34:2f:84:da:ab:20:c2:79:60:6b:49:c7:1b:db:e9:5c:13:bf:82:a5:33:c2:a2:9d:9a:a3:1e:65:ef:e1:24:46:c3:03:88:cc:d7:04:eb:26:b6:6f:e7:db:4d:e3:25:5c:59:cb:f5:b3:05:32:11:00:fb:a3:54:aa:67:49:1c:e4:9d:ba:13:a3:ff:a4:2e:46:3d:a4:7f:74:d0:45:b0:c9:dc:ac:9c:03:e8:dd:9b:7b:0d:01:c7:8c:a8:25:19:de:f0:26:0e:c0:f2:3b:d9:4d:c4:07:81:bf:39:66:73:4f:73:28:52:8e:15:94:0f:6f:d1:06:f3:1f:9e:7a:e6:f4:85:70:ac:2c:bc:b6:87:70:2c:bd:5e:24:f8:7d:5b:90:b1:37:6c:59:51:70:90:c4:00:02:b4:9a:f8:8f:73:3b:ea:cd:5c:9b:9f:c8:44:a2:16:34:fc:79:83:3e:ee:58:0e:67:c4:3a:7c:57:ad:98:b6:bd:57:4c:79:bb:ac:cd:94:e5:dc:09:95:4e:a5:ab:88:db:ef:35:0c:2c:58:d4:3b:76:4a:81:13:84:be:4d:b4:db:e1:55:db:80:b2:e5:d9:8b:e4:fa:43:f4:53:71:73:9f:25:99:82:c9:fe:26:12:72:6b:8b:f1:08:80:a4:5b:42:02:ae:f4:d1:48:6c:b9:86:39:d7:e9:9b:f3:57:4d:d3:f0:ed:fa:0d:e3:f6:9c:c4:87:dc:02:91:02:7f:73:ec:d8:48:35:b5:ce:c4:c7:36:36:54:53:68:9b:e4:b4:5a:26:7f:98:13:8d:ce:93:b3:79:0c:17:c8:07:31:33:9b:73:98:ed:fd:10:fe:57:26:26:80:80:d4:c3:fa:64:8b:a1:3f:67:da:1c:2b:8d:35:2b:ec:bc:c7:e2:72:e0:79:1b:eb:d5:fe:7f:db:e0:f9:be:60:46:d2:bf:52:a1:77:21:f8:7b:ce:22:b3:fe:61:89:3a:eb:ee:c5:9e:d1:4b:37:ba:f5:cf:95:a3:94:1b:af:06:31:2b:36:f6:57:16:63:1d:0c:94:5a:da:67:70:8a:e8:42:ae:97:85:bb:52:e0:f7:0e:47:b7:15:c9:00:e6:5f:b3:ee:69:3e:c9:70:0b:0f:30:41:6a:2c:c5:ad:46:53:af:55:5f:32:1b:d3:46:54:7c:ad:21:e6:7a:de:6a:53:0b:15:13:11:4a:f2:df:96:8f:7c:70:2d:34:7d:8f:d9:9a:29:1e:01:ec:ad:99:b9:5c:69:ea:00:b1:e5:3f:ca:e4:f9:15:10:e1:14:3a:77:a9:f6:3f" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:32.012998000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494312.012998000", + "frame.time_delta": "0.000087000", + "frame.time_delta_displayed": "0.000087000", + "frame.time_relative": "720.552312000", + "frame.number": "2552", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000085f7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x000004e4", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35293", + "tcp.port": "80", + "tcp.port": "35293", + "tcp.stream": "118", + "tcp.len": "0", + "tcp.seq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00007e0c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:32.013481000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494312.013481000", + "frame.time_delta": "0.000483000", + "frame.time_delta_displayed": "0.000483000", + "frame.time_relative": "720.552795000", + "frame.number": "2553", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000085fb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000afe0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35293", + "tcp.dstport": "80", + "tcp.port": "35293", + "tcp.port": "80", + "tcp.stream": "118", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "872", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00001e5c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2551", + "tcp.analysis.ack_rtt": "0.000570000", + "tcp.analysis.initial_rtt": "0.136076000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:32.014419000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494312.014419000", + "frame.time_delta": "0.000938000", + "frame.time_delta_displayed": "0.000938000", + "frame.time_relative": "720.553733000", + "frame.number": "2554", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000085fc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000afdf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35293", + "tcp.dstport": "80", + "tcp.port": "35293", + "tcp.port": "80", + "tcp.stream": "118", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "873", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00001e5a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2552", + "tcp.analysis.ack_rtt": "0.001421000", + "tcp.analysis.initial_rtt": "0.136076000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:32.149834000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494312.149834000", + "frame.time_delta": "0.135415000", + "frame.time_delta_displayed": "0.135415000", + "frame.time_relative": "720.689148000", + "frame.number": "2555", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c2d9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000c801", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35293", + "tcp.port": "80", + "tcp.port": "35293", + "tcp.stream": "118", + "tcp.len": "0", + "tcp.seq": "873", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00007e0b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2554", + "tcp.analysis.ack_rtt": "0.135415000", + "tcp.analysis.initial_rtt": "0.136076000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:32.570419000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494312.570419000", + "frame.time_delta": "0.420585000", + "frame.time_delta_displayed": "0.420585000", + "frame.time_relative": "721.109733000", + "frame.number": "2556", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:32.570815000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494312.570815000", + "frame.time_delta": "0.000396000", + "frame.time_delta_displayed": "0.000396000", + "frame.time_relative": "721.110129000", + "frame.number": "2557", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:34.580330000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494314.580330000", + "frame.time_delta": "2.009515000", + "frame.time_delta_displayed": "2.009515000", + "frame.time_relative": "723.119644000", + "frame.number": "2558", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6a5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "241", + "tcp.ack": "217", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000004f7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:34.723652000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494314.723652000", + "frame.time_delta": "0.143322000", + "frame.time_delta_displayed": "0.143322000", + "frame.time_relative": "723.262966000", + "frame.number": "2559", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fdb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdb6", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "217", + "tcp.ack": "242", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000f6c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:36.362193000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494316.362193000", + "frame.time_delta": "1.638541000", + "frame.time_delta_displayed": "1.638541000", + "frame.time_relative": "724.901507000", + "frame.number": "2560", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005c1d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005bcc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:37.572097000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494317.572097000", + "frame.time_delta": "1.209904000", + "frame.time_delta_displayed": "1.209904000", + "frame.time_relative": "726.111411000", + "frame.number": "2561", + "frame.len": "344", + "frame.cap_len": "344", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "330", + "ip.id": "0x00002c25", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003844", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "278", + "tcp.seq": "2309", + "tcp.nxtseq": "2587", + "tcp.ack": "14397", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cae9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:c0:6d:00:25:c6:98", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812133485, TSecr 2475672": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812133485", + "tcp.options.timestamp.tsecr": "2475672" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "278", + "tcp.analysis.push_bytes_sent": "278" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "273", + "ssl.app_data": "34:cd:34:17:47:48:0e:4d:5c:46:19:65:0d:77:3e:38:e6:1c:39:78:cf:38:d6:bf:e6:53:be:30:25:3c:82:74:eb:78:05:79:9d:7a:b4:b0:33:a0:7d:83:d1:a0:ea:12:77:17:aa:02:8e:ed:dc:34:d0:98:7b:dc:bf:32:71:a5:ea:0b:8d:77:9e:8a:a9:df:e6:4e:29:87:ef:ad:af:05:b4:ea:0b:32:07:a7:54:96:e8:5b:0a:c0:ad:de:d3:20:86:49:c6:21:16:61:06:f1:dd:8a:2f:60:05:f2:39:b4:14:02:7b:cf:25:e2:c2:e0:91:e7:5e:a0:bb:19:60:53:93:e5:6f:83:5c:95:d5:18:74:5f:c2:12:f9:fb:6b:df:64:49:5c:56:e6:4e:b8:73:34:05:de:52:16:dc:66:4b:6d:ab:f7:00:4e:18:a5:0c:fb:15:e6:c5:47:02:23:31:c6:a7:c3:dc:83:0d:80:49:c1:03:19:7b:fd:7f:a7:5d:1c:92:8b:69:7d:31:18:6e:a6:4c:87:8d:cb:9a:46:1c:60:18:a5:3c:d2:60:7b:29:02:9d:41:1f:5a:13:21:45:0b:6e:24:64:fa:03:14:3c:13:81:47:b9:38:b2:39:08:de:27:ab:a3:ca:9f:4c:f2:ea:13:a8:79:16:05:f0:3f:69:d7:9d:5d:ee:67:0d:df:96:e5:cf:45:99:d9:0c:d5:60" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:37.578706000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494317.578706000", + "frame.time_delta": "0.006609000", + "frame.time_delta_displayed": "0.006609000", + "frame.time_relative": "726.118020000", + "frame.number": "2562", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x0000953a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007810", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "14397", + "tcp.nxtseq": "14450", + "tcp.ack": "2587", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006ce9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:cc:91:a7:9d:c0:6d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2477201, TSecr 2812133485": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2477201", + "tcp.options.timestamp.tsecr": "2812133485" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2561", + "tcp.analysis.ack_rtt": "0.006609000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:cb:08:71:bb:8b:9e:48:73:e0:bc:67:67:96:4c:6c:89:53:9d:38:59:d9:11:79:b1:ec:4a:c7:ec:7e:78:8b:d0:34:58:cb:96:56:fc:24:0c:f1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:37.638873000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494317.638873000", + "frame.time_delta": "0.060167000", + "frame.time_delta_displayed": "0.060167000", + "frame.time_relative": "726.178187000", + "frame.number": "2563", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c26", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003959", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "2587", + "tcp.ack": "14450", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d8f1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:c0:7e:00:25:cc:91", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812133502, TSecr 2477201": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812133502", + "tcp.options.timestamp.tsecr": "2477201" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2562", + "tcp.analysis.ack_rtt": "0.060167000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:37.639405000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494317.639405000", + "frame.time_delta": "0.000532000", + "frame.time_delta_displayed": "0.000532000", + "frame.time_relative": "726.178719000", + "frame.number": "2564", + "frame.len": "725", + "frame.cap_len": "725", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "711", + "ip.id": "0x0000953b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075b1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "659", + "tcp.seq": "14450", + "tcp.nxtseq": "15109", + "tcp.ack": "2587", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000074d8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:cc:98:a7:9d:c0:7e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2477208, TSecr 2812133502": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2477208", + "tcp.options.timestamp.tsecr": "2812133502" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "659", + "tcp.analysis.push_bytes_sent": "659" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:cc:38:5b:47:d4:9e:79:0d:14:34:1f:5d:ac:9d:16:2e:9f:42:6b:b2:f4:6f:c8:02:b1:d5:1d:b0:25:4d:d5:8f:49:a0:89:19:df:b0:09:f4:96:86" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:cd:ff:55:dc:50:a0:b8:04:dd:18:88:db:54:19:da:59:27:67:b6:08:41:b5:9b:3b:21:60:f2:94:a3:24:22:94:83:e2:2a:2f:1f:0d:b2:0e:29:98:3e:eb:52:d7:3a:94:2e:8b:48:9d:7b:03:11:52:96:c0:7a:46:a2:4d:56:6b:7e:09:5c:4c:14:33:5d:04:67:b4:be:f3:03:63:55:4b:71:8b:b4:74:22:0e:e4:2c:05" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "499", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:ce:da:1a:86:64:72:0e:2a:93:5d:71:13:0a:24:cc:02:2f:0c:21:f9:05:af:3e:4b:83:10:b8:89:36:8d:ee:05:9b:eb:16:21:ac:00:e6:86:da:bf:76:2a:9f:00:d1:4b:49:32:98:72:b9:a1:b4:c8:4f:89:48:33:6f:2a:83:11:f2:0e:a6:cf:1a:1c:4f:b0:1e:a7:00:be:24:d8:a1:a9:80:b1:53:74:37:63:4d:8a:e1:90:2a:c3:7f:5c:c4:a9:08:f1:fb:b9:c8:d3:c5:3a:96:89:97:cc:66:e6:27:73:7d:93:e5:20:e5:7b:36:dc:d4:c3:af:35:00:b5:6d:0c:7f:c8:c2:a8:5e:a1:60:77:84:98:07:5e:69:6a:9b:60:5d:8b:95:4c:42:20:84:b7:c2:4d:5d:e6:2f:f0:8c:00:3f:f7:53:ee:56:36:4b:fc:06:8f:c5:e7:a3:54:34:ea:84:d7:ae:66:93:c1:95:cf:cf:11:06:19:d2:3a:ce:94:42:fc:e4:cd:33:b2:6f:33:01:59:80:40:3b:32:61:65:0d:d8:0d:3b:f1:9d:e5:8c:68:98:4f:83:57:0b:5c:bf:48:3b:d6:53:b9:a4:4f:c7:e3:92:6a:e9:0a:d8:1d:02:94:bc:37:00:e4:4d:47:a7:18:4a:55:02:8d:4a:18:66:36:d2:f5:2d:9f:ba:dc:f9:96:bb:e9:f7:be:b8:98:da:ef:66:a5:4a:77:f1:e4:0f:1b:dc:ce:e2:13:95:f7:28:49:56:30:4d:85:b7:b0:f9:04:b2:df:ac:8a:41:dd:60:25:71:64:30:31:a7:2e:d9:bd:7c:4b:85:43:cc:44:ab:79:48:0e:8f:16:f7:6d:83:89:ed:32:a3:ce:16:d9:4a:4e:15:db:e7:8d:d3:af:7d:a4:0f:8b:24:c8:d9:14:e2:85:14:d8:61:a3:41:83:3c:c8:d9:21:20:2b:14:60:b1:89:4f:9c:b8:f2:9d:2c:aa:b0:e8:9f:56:43:58:39:83:69:bb:5f:b5:07:1f:4d:6b:ec:0a:14:8d:e7:68:91:e7:3c:67:3f:a2:93:63:2c:e0:85:f3:c7:fc:d3:7a:fb:b4:f5:ce:25:66:a3:51:49:8d:3f:eb:08:fb:34:47:b9:a1:64:0e:a1:ff:53:ea:dc:4f:a9:da:fc:f6:41:da:88:cd:b1:e7:b7:1c:b5:53:98:a7:c8:43:81:3a:5a:7e:c1:95:26:d5:21:ce:2a:e0:96:e5:1a:66:a9:37:04:e4:59:30:6a:2f:ec:af:dc:23:93:9e:01:c8:fa:8f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:37.699884000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494317.699884000", + "frame.time_delta": "0.060479000", + "frame.time_delta_displayed": "0.060479000", + "frame.time_relative": "726.239198000", + "frame.number": "2565", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c27", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003958", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "2587", + "tcp.ack": "15109", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d648", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:c0:8d:00:25:cc:98", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812133517, TSecr 2477208": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812133517", + "tcp.options.timestamp.tsecr": "2477208" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2564", + "tcp.analysis.ack_rtt": "0.060479000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:37.976935000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494317.976935000", + "frame.time_delta": "0.277051000", + "frame.time_delta_displayed": "0.277051000", + "frame.time_relative": "726.516249000", + "frame.number": "2566", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x0000953c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000780d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "15109", + "tcp.nxtseq": "15163", + "tcp.ack": "2587", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a5a1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:cc:b9:a7:9d:c0:8d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2477241, TSecr 2812133517": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2477241", + "tcp.options.timestamp.tsecr": "2812133517" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:cf:13:6d:34:1e:ee:42:89:5d:cd:c1:3e:03:dd:e9:c7:78:fa:35:07:6b:a7:6b:5a:fa:0f:85:85:e6:90:37:72:66:ae:43:38:58:bf:a4:70:b4:16" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:38.037001000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494318.037001000", + "frame.time_delta": "0.060066000", + "frame.time_delta_displayed": "0.060066000", + "frame.time_relative": "726.576315000", + "frame.number": "2567", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c28", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003957", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "2587", + "tcp.ack": "15163", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d59d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:c0:e1:00:25:cc:b9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812133601, TSecr 2477241": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812133601", + "tcp.options.timestamp.tsecr": "2477241" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2566", + "tcp.analysis.ack_rtt": "0.060066000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:40.210542000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494320.210542000", + "frame.time_delta": "2.173541000", + "frame.time_delta_displayed": "2.173541000", + "frame.time_relative": "728.749856000", + "frame.number": "2568", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00000ab8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edfe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "58", + "udp.checksum": "0x0000a0c1", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "32:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:c4:a8:64:fc:15:cd:f2:14:11:00:00:00:2a:43:4e:3c:aa:20:02:00:28:92:01:00:00:00", + "data.len": "50" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:42.580157000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494322.580157000", + "frame.time_delta": "2.369615000", + "frame.time_delta_displayed": "2.369615000", + "frame.time_relative": "731.119471000", + "frame.number": "2569", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:42.580590000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494322.580590000", + "frame.time_delta": "0.000433000", + "frame.time_delta_displayed": "0.000433000", + "frame.time_relative": "731.119904000", + "frame.number": "2570", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:43.586604000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494323.586604000", + "frame.time_delta": "1.006014000", + "frame.time_delta_displayed": "1.006014000", + "frame.time_relative": "732.125918000", + "frame.number": "2571", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000ebff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ccba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "42113", + "udp.dstport": "53", + "udp.port": "42113", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x000011a5", + "udp.checksum.status": "2", + "udp.stream": "63" + }, + "dns": { + "dns.id": "0x00000f17", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:43.587155000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494323.587155000", + "frame.time_delta": "0.000551000", + "frame.time_delta_displayed": "0.000551000", + "frame.time_relative": "732.126469000", + "frame.number": "2572", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000029de", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008edc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "42113", + "udp.port": "53", + "udp.port": "42113", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "63" + }, + "dns": { + "dns.response_to": "2571", + "dns.time": "0.000551000", + "dns.id": "0x00000f17", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:43.587955000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494323.587955000", + "frame.time_delta": "0.000800000", + "frame.time_delta_displayed": "0.000800000", + "frame.time_relative": "732.127269000", + "frame.number": "2573", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000ec00", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ccb9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "47635", + "udp.dstport": "53", + "udp.port": "47635", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00001712", + "udp.checksum.status": "2", + "udp.stream": "64" + }, + "dns": { + "dns.id": "0x00000f18", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:43.588506000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494323.588506000", + "frame.time_delta": "0.000551000", + "frame.time_delta_displayed": "0.000551000", + "frame.time_relative": "732.127820000", + "frame.number": "2574", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x000029df", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008ecb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "47635", + "udp.port": "53", + "udp.port": "47635", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "64" + }, + "dns": { + "dns.response_to": "2573", + "dns.time": "0.000551000", + "dns.id": "0x00000f18", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3054", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:43.589634000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494323.589634000", + "frame.time_delta": "0.001128000", + "frame.time_delta_displayed": "0.001128000", + "frame.time_relative": "732.128948000", + "frame.number": "2575", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000042bc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f313", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35294", + "tcp.dstport": "80", + "tcp.port": "35294", + "tcp.port": "80", + "tcp.stream": "119", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00005606", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:43.726169000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494323.726169000", + "frame.time_delta": "0.136535000", + "frame.time_delta_displayed": "0.136535000", + "frame.time_relative": "732.265483000", + "frame.number": "2576", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x0000a7fc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000e2d6", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35294", + "tcp.port": "80", + "tcp.port": "35294", + "tcp.stream": "119", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x000010eb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2575", + "tcp.analysis.ack_rtt": "0.136535000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:43.726805000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494323.726805000", + "frame.time_delta": "0.000636000", + "frame.time_delta_displayed": "0.000636000", + "frame.time_relative": "732.266119000", + "frame.number": "2577", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000042bd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f31e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35294", + "tcp.dstport": "80", + "tcp.port": "35294", + "tcp.port": "80", + "tcp.stream": "119", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000da79", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2576", + "tcp.analysis.ack_rtt": "0.000636000", + "tcp.analysis.initial_rtt": "0.137171000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:43.726819000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494323.726819000", + "frame.time_delta": "0.000014000", + "frame.time_delta_displayed": "0.000014000", + "frame.time_relative": "732.266133000", + "frame.number": "2578", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x000042be", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f0c5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35294", + "tcp.dstport": "80", + "tcp.port": "35294", + "tcp.port": "80", + "tcp.stream": "119", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000f913", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137171000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:33:22:2c:20:4e:6f:6e:63:65:3d:22:50:70:4e:77:35:6c:42:58:4f:45:71:37:49:4e:55:49:6d:7a:59:30:2b:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:54:42:67:6d:50:6c:71:56:70:49:2f:52:35:30:44:63:32:6a:6a:39:70:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:43.864298000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494323.864298000", + "frame.time_delta": "0.137479000", + "frame.time_delta_displayed": "0.137479000", + "frame.time_relative": "732.403612000", + "frame.number": "2579", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e4d1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000a609", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35294", + "tcp.port": "80", + "tcp.port": "35294", + "tcp.stream": "119", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000037ae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2578", + "tcp.analysis.ack_rtt": "0.137479000", + "tcp.analysis.initial_rtt": "0.137171000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:43.864921000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494323.864921000", + "frame.time_delta": "0.000623000", + "frame.time_delta_displayed": "0.000623000", + "frame.time_relative": "732.404235000", + "frame.number": "2580", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x000042bf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ee3c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35294", + "tcp.dstport": "80", + "tcp.port": "35294", + "tcp.port": "80", + "tcp.stream": "119", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00001bae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137171000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "a5:cb:c7:b8:31:d0:ec:c5:ce:7a:6c:91:61:9a:b0:01:d3:22:91:43:42:25:bf:f6:a2:63:c4:43:e6:32:e5:32:69:c3:e0:3d:c7:6a:f8:ca:91:94:52:0d:18:67:02:e3:92:9d:83:e8:02:2b:10:95:53:dc:93:dd:b9:e7:5f:ce:31:4d:af:9a:fc:50:64:0d:36:8f:cf:0d:23:7f:c9:f2:da:62:3a:0f:f3:40:bf:8c:37:53:1c:a0:fb:05:d0:b9:e2:6e:ff:aa:c2:94:7e:34:06:b6:28:19:f4:0d:d9:e9:5f:f2:6c:13:20:5e:80:b8:29:0a:56:f0:17:05:fc:10:58:38:29:e4:de:b5:06:d9:f0:c5:f9:63:be:e0:5e:9e:d9:5c:b6:76:78:ec:0b:93:43:44:92:81:bb:83:43:f2:43:96:e5:05:ea:02:e0:23:d3:6d:91:44:c0:6b:e9:27:db:3b:c9:2e:20:2e:f2:9d:29:4d:a3:ac:fc:97:51:7c:cc:9a:65:3c:92:70:cc:89:2b:7d:cf:c8:66:d5:8e:2f:d7:47:06:52:cf:0b:99:c3:90:ed:7c:64:eb:de:ae:56:fa:58:c9:63:37:df:57:54:34:ff:57:fb:d0:e1:f9:21:d2:87:ba:0c:45:a7:de:68:6c:21:92:5d:55:b4:96:5e:da:9d:5d:29:dd:75:77:25:bf:73:0b:47:3b:91:58:68:c7:39:69:d1:e4:81:4d:83:20:9d:f9:3d:9c:db:7e:5b:e2:f7:ec:4e:e4:d3:b7:6d:60:96:55:d9:b4:e4:63:cd:22:ba:a7:e4:d1:28:33:bf:7e:e5:7a:66:b4:81:18:f7:e4:48:50:4b:57:5c:5e:08:2e:28:b9:a3:86:f0:08:7d:42:a9:3b:57:02:aa:92:cf:cf:77:af:92:ea:f7:e4:b9:cc:d4:8a:81:4f:26:62:c6:5e:d1:e6:08:fe:9c:f3:8e:c6:8d:53:d3:c2:e4:d1:b2:63:d1:93:81:7e:c3:88:72:8a:a6:72:18:8b:2d:6d:d9:25:ae:0f:cf:bb:00:e9:9a:61:31:93:6f:cb:b2:4a:80:45:7e:9a:d0:f9:03:ce:9e:4b:e9:84:93:34:8a:cd:c6:bc:9f:59:c9:92:06:84:86:16:44:b5:90:67:0c:c5:07:41:c6:fd:95:97:ed:6c:74:bb:83:f9:e3:6b:30:37:05:dd:cd:7f:84:33:b2:4b:3c:c9:fe:e6:ae:c0:ca:64:22:0d:e1:06:09:fc:c1:12:55:1a:19:33:35:f0:f5:bf:8e:82:0e:17:d1:28:2f:22:9e:48:81:75:17:98:19:09:c0:ef:0a:59:bd:0a:c1:83:2b:e5:de:87:1c:db:b0:d9:f8:2e:f6:d4:79:18:f6:47:e4:4c:47:04:8e:b0:dc:d7:5c:09:ae:83:80:57:fb:de:87:98:ce:cf:15:3b:23:3d:c2:ab:60:d3:86:67:13:da:6f:39:49:a0:e6:ff:0a:60:38:3f:f8:8f:02:0b:6a:fb:94:98:b0:a4:c7:d2:2a:eb:24:86:69:20:47:29:c4:05:c4:87:83:5f:a1:b5:67:45:ee:15:62:cc:1f:ce:96:68:87:a5:06:33:90:5f:76:a8:20:89:43:59:56:c6:5d:5e:e3:37:e3:05:93:57:cf:9a:6c:bb:5f:29:51:ef:81:d2:e6:bc:f9:61:57:d4:fe:b3:5c:dd:7f:13:2e:c2:90:1b:15:bc:ae:bd:2f:8d:e2:c5:2a:f0:33:b3:ec:f7:43:b0:f6:2c:4a:c6:35:11:c7:b0:4d:78:69:2b:04:77:f3:56:2e:e8:72:23:77:4f:e7:a6:d7:8f:c5:b3:60:bb:99:64:00:fa:ef:8e:8b:4c:0d:31:99:8b:83:b6:b8:cc:fa:86:6c:0a:e0:c2:cc:1d:a5:23:16:15:63:39:42:ee:9b:3e:88:d1:55:b7:14:d4:46:76:1d:3d:85:ec:f9:ab:cb:c4:55:29:be:56:84:1e:25:9e:49:42:ba:14:f4:3f:fe:8c:3b:be:3b:4a:77:99:38:46:2a:f9:bb:be:1d:dd:c3:96:1e:8f:e6:dd:c1:6d:dd:6c:62:9f:81:69:50:d1:06:39:5f:92:07:f1:3f:0f:20:02:6a:b1:67:16:ab:54:22:6e:27:a0:d6:9d:43:3c:ca:ca:23:e8:56:d2:a0:ae:04:28:9b:22:98:d3:c7:bc:af:6c:6a:dc:0a:25:4e:b8:69:2f:59:39:4c:2a:2d:e3:bf:2b:5f:20:6e:c4:41:16:16:a2:0f:90:66:9f:a4:4b:4e:34:6b:5a:5a:48:ab:a4:18:7f:e4:30:87:72:25:16:23:68:6c:28:54:33:b1:87:fd:53:db:d3:37:c4:2f:51:0c:4b:5a:6d:d5:16:ea:c3:4b:fc:a6:3c:55:ba:46:37:d7:e0:37:cf:53:86:15:3d:28:2e:9a:df:76:c3:a8:a9:e5:94:7e:eb:a0:a0:60:ec:14:36:1b:a7:6f:03:6a:13:e9:df:e2:97:55:d1:fc:21:d8:a9:47:87:4e:43:46:4c:c4:8c:14:b9:4e:39:21:37:f1:28:15:6b:ee:2d:17:7a:8a:16:cb:14:61:a5:0c:86:cd:72:85:71:e9:cb:42:bb:e6:d1:1e:d6:2e:8b:64:ca:08:c3:79:1f:b8:5d:46:cc:3f:bb:89:73:be:e0:54:7e:4a:e1:14:ab:28:b4:96:f7:a2:c1:69:b0:58:3c:ab:e8:58:d0:6a:68:91:68:6a:c0:3d:0c:51:ab:99:40:de:db:aa:73:40:3b:b3:62:e6:39:60:96:9f:89:07:b6:48:3d:e7:f9:f2:74:71:30:c6:d5:1b:61:bd:1b:c0:47:e8:3a:f2:d4:38:f1:4c:3a:b5:67:62:41:8e:f9:f4:4c:cd:25:85:c3:7c:bb:3e:99:12:37:db:df:a8:94:3f:2b:06:45:26:34:88:58:70:ea:62:88:23:10:8b:2c:51:c0:ae:4e:ef:df:ed:2a:e6:01:24:92:ef:aa:13:c4:bd:ca:51:db:fe:1e:c8:0a:d2:be:6f:b8:2b:37:a1:ca:79:31:2f:9f:ea:65:47:04:62:2b:ea:10:a0:d1:75:68:99:fa:c1:15:8d:c5:8d:88:6a:2a:4c:cf:67:8f:cc:00:37:6b:c8:1c:12:0a:55:60:05:a2:bf:8c:d0:f8:44:ce:3f:70:f6:aa:11:65:96:a2:e4:be:cc:f9:74:46:b2:db:33:34:5f:96:70:43:19:67:c0:51:11:f0:1c:c6:f9:57:8d:c3:09:18:c6:2f:ef" + }, + "tcp.segments": { + "tcp.segment": "2578", + "tcp.segment": "2580", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:33:22:2c:20:4e:6f:6e:63:65:3d:22:50:70:4e:77:35:6c:42:58:4f:45:71:37:49:4e:55:49:6d:7a:59:30:2b:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:54:42:67:6d:50:6c:71:56:70:49:2f:52:35:30:44:63:32:6a:6a:39:70:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:a5:cb:c7:b8:31:d0:ec:c5:ce:7a:6c:91:61:9a:b0:01:d3:22:91:43:42:25:bf:f6:a2:63:c4:43:e6:32:e5:32:69:c3:e0:3d:c7:6a:f8:ca:91:94:52:0d:18:67:02:e3:92:9d:83:e8:02:2b:10:95:53:dc:93:dd:b9:e7:5f:ce:31:4d:af:9a:fc:50:64:0d:36:8f:cf:0d:23:7f:c9:f2:da:62:3a:0f:f3:40:bf:8c:37:53:1c:a0:fb:05:d0:b9:e2:6e:ff:aa:c2:94:7e:34:06:b6:28:19:f4:0d:d9:e9:5f:f2:6c:13:20:5e:80:b8:29:0a:56:f0:17:05:fc:10:58:38:29:e4:de:b5:06:d9:f0:c5:f9:63:be:e0:5e:9e:d9:5c:b6:76:78:ec:0b:93:43:44:92:81:bb:83:43:f2:43:96:e5:05:ea:02:e0:23:d3:6d:91:44:c0:6b:e9:27:db:3b:c9:2e:20:2e:f2:9d:29:4d:a3:ac:fc:97:51:7c:cc:9a:65:3c:92:70:cc:89:2b:7d:cf:c8:66:d5:8e:2f:d7:47:06:52:cf:0b:99:c3:90:ed:7c:64:eb:de:ae:56:fa:58:c9:63:37:df:57:54:34:ff:57:fb:d0:e1:f9:21:d2:87:ba:0c:45:a7:de:68:6c:21:92:5d:55:b4:96:5e:da:9d:5d:29:dd:75:77:25:bf:73:0b:47:3b:91:58:68:c7:39:69:d1:e4:81:4d:83:20:9d:f9:3d:9c:db:7e:5b:e2:f7:ec:4e:e4:d3:b7:6d:60:96:55:d9:b4:e4:63:cd:22:ba:a7:e4:d1:28:33:bf:7e:e5:7a:66:b4:81:18:f7:e4:48:50:4b:57:5c:5e:08:2e:28:b9:a3:86:f0:08:7d:42:a9:3b:57:02:aa:92:cf:cf:77:af:92:ea:f7:e4:b9:cc:d4:8a:81:4f:26:62:c6:5e:d1:e6:08:fe:9c:f3:8e:c6:8d:53:d3:c2:e4:d1:b2:63:d1:93:81:7e:c3:88:72:8a:a6:72:18:8b:2d:6d:d9:25:ae:0f:cf:bb:00:e9:9a:61:31:93:6f:cb:b2:4a:80:45:7e:9a:d0:f9:03:ce:9e:4b:e9:84:93:34:8a:cd:c6:bc:9f:59:c9:92:06:84:86:16:44:b5:90:67:0c:c5:07:41:c6:fd:95:97:ed:6c:74:bb:83:f9:e3:6b:30:37:05:dd:cd:7f:84:33:b2:4b:3c:c9:fe:e6:ae:c0:ca:64:22:0d:e1:06:09:fc:c1:12:55:1a:19:33:35:f0:f5:bf:8e:82:0e:17:d1:28:2f:22:9e:48:81:75:17:98:19:09:c0:ef:0a:59:bd:0a:c1:83:2b:e5:de:87:1c:db:b0:d9:f8:2e:f6:d4:79:18:f6:47:e4:4c:47:04:8e:b0:dc:d7:5c:09:ae:83:80:57:fb:de:87:98:ce:cf:15:3b:23:3d:c2:ab:60:d3:86:67:13:da:6f:39:49:a0:e6:ff:0a:60:38:3f:f8:8f:02:0b:6a:fb:94:98:b0:a4:c7:d2:2a:eb:24:86:69:20:47:29:c4:05:c4:87:83:5f:a1:b5:67:45:ee:15:62:cc:1f:ce:96:68:87:a5:06:33:90:5f:76:a8:20:89:43:59:56:c6:5d:5e:e3:37:e3:05:93:57:cf:9a:6c:bb:5f:29:51:ef:81:d2:e6:bc:f9:61:57:d4:fe:b3:5c:dd:7f:13:2e:c2:90:1b:15:bc:ae:bd:2f:8d:e2:c5:2a:f0:33:b3:ec:f7:43:b0:f6:2c:4a:c6:35:11:c7:b0:4d:78:69:2b:04:77:f3:56:2e:e8:72:23:77:4f:e7:a6:d7:8f:c5:b3:60:bb:99:64:00:fa:ef:8e:8b:4c:0d:31:99:8b:83:b6:b8:cc:fa:86:6c:0a:e0:c2:cc:1d:a5:23:16:15:63:39:42:ee:9b:3e:88:d1:55:b7:14:d4:46:76:1d:3d:85:ec:f9:ab:cb:c4:55:29:be:56:84:1e:25:9e:49:42:ba:14:f4:3f:fe:8c:3b:be:3b:4a:77:99:38:46:2a:f9:bb:be:1d:dd:c3:96:1e:8f:e6:dd:c1:6d:dd:6c:62:9f:81:69:50:d1:06:39:5f:92:07:f1:3f:0f:20:02:6a:b1:67:16:ab:54:22:6e:27:a0:d6:9d:43:3c:ca:ca:23:e8:56:d2:a0:ae:04:28:9b:22:98:d3:c7:bc:af:6c:6a:dc:0a:25:4e:b8:69:2f:59:39:4c:2a:2d:e3:bf:2b:5f:20:6e:c4:41:16:16:a2:0f:90:66:9f:a4:4b:4e:34:6b:5a:5a:48:ab:a4:18:7f:e4:30:87:72:25:16:23:68:6c:28:54:33:b1:87:fd:53:db:d3:37:c4:2f:51:0c:4b:5a:6d:d5:16:ea:c3:4b:fc:a6:3c:55:ba:46:37:d7:e0:37:cf:53:86:15:3d:28:2e:9a:df:76:c3:a8:a9:e5:94:7e:eb:a0:a0:60:ec:14:36:1b:a7:6f:03:6a:13:e9:df:e2:97:55:d1:fc:21:d8:a9:47:87:4e:43:46:4c:c4:8c:14:b9:4e:39:21:37:f1:28:15:6b:ee:2d:17:7a:8a:16:cb:14:61:a5:0c:86:cd:72:85:71:e9:cb:42:bb:e6:d1:1e:d6:2e:8b:64:ca:08:c3:79:1f:b8:5d:46:cc:3f:bb:89:73:be:e0:54:7e:4a:e1:14:ab:28:b4:96:f7:a2:c1:69:b0:58:3c:ab:e8:58:d0:6a:68:91:68:6a:c0:3d:0c:51:ab:99:40:de:db:aa:73:40:3b:b3:62:e6:39:60:96:9f:89:07:b6:48:3d:e7:f9:f2:74:71:30:c6:d5:1b:61:bd:1b:c0:47:e8:3a:f2:d4:38:f1:4c:3a:b5:67:62:41:8e:f9:f4:4c:cd:25:85:c3:7c:bb:3e:99:12:37:db:df:a8:94:3f:2b:06:45:26:34:88:58:70:ea:62:88:23:10:8b:2c:51:c0:ae:4e:ef:df:ed:2a:e6:01:24:92:ef:aa:13:c4:bd:ca:51:db:fe:1e:c8:0a:d2:be:6f:b8:2b:37:a1:ca:79:31:2f:9f:ea:65:47:04:62:2b:ea:10:a0:d1:75:68:99:fa:c1:15:8d:c5:8d:88:6a:2a:4c:cf:67:8f:cc:00:37:6b:c8:1c:12:0a:55:60:05:a2:bf:8c:d0:f8:44:ce:3f:70:f6:aa:11:65:96:a2:e4:be:cc:f9:74:46:b2:db:33:34:5f:96:70:43:19:67:c0:51:11:f0:1c:c6:f9:57:8d:c3:09:18:c6:2f:ef" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"183\", Nonce=\"PpNw5lBXOEq7INUImzY0+w==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"TBgmPlqVpI\/R50Dc2jj9pg==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"183\", Nonce=\"PpNw5lBXOEq7INUImzY0+w==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"TBgmPlqVpI\/R50Dc2jj9pg==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdzl\u00ef\u00bf\u00bda\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0001\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bdCB%\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bdC\u00ef\u00bf\u00bd2\u00ef\u00bf\u00bd2i\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd=\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdR\r\u0018g\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0002+\u0010\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd_\u00ef\u00bf\u00bd1M\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdPd\r6\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\r#\u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdb:\u000f\u00ef\u00bf\u00bd@\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd7S\u001c\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdn\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~4\u0006\u00ef\u00bf\u00bd(\u0019\u00ef\u00bf\u00bd\r\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd_\u00ef\u00bf\u00bdl\u0013 ^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd)\nV\u00ef\u00bf\u00bd\u0017\u0005\u00ef\u00bf\u00bd\u0010X8)\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0006\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\\\u00ef\u00bf\u00bdvx\u00ef\u00bf\u00bd\u000b\u00ef\u00bf\u00bdCD\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdC\u00ef\u00bf\u00bdC\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0005\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bd#\u00ef\u00bf\u00bdm\u00ef\u00bf\u00bdD\u00ef\u00bf\u00bdk\u00ef\u00bf\u00bd'\u00ef\u00bf\u00bd;\u00ef\u00bf\u00bd. .\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd)M\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdQ|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bde<\u00ef\u00bf\u00bdp\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd+}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdf\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bdG\u0006R\u00ef\u00bf\u00bd\u000b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdV\u00ef\u00bf\u00bdX\u00ef\u00bf\u00bdc7\u00ef\u00bf\u00bdWT4\u00ef\u00bf\u00bdW\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd!\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\fE\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdhl!\u00ef\u00bf\u00bd]U\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd])\u00ef\u00bf\u00bduw%\u00ef\u00bf\u00bds\u000bG;\u00ef\u00bf\u00bdXh\u00ef\u00bf\u00bd9i\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdM\u00ef\u00bf\u00bd \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd=\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~[\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdm`\u00ef\u00bf\u00bdU\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd(3\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bdzf\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdHPKW\\^\b.(\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\b}B\u00ef\u00bf\u00bd;W\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdw\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdO&b\u00ef\u00bf\u00bd^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr\u0018\u00ef\u00bf\u00bd-m\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bd\u000f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "a5:cb:c7:b8:31:d0:ec:c5:ce:7a:6c:91:61:9a:b0:01:d3:22:91:43:42:25:bf:f6:a2:63:c4:43:e6:32:e5:32:69:c3:e0:3d:c7:6a:f8:ca:91:94:52:0d:18:67:02:e3:92:9d:83:e8:02:2b:10:95:53:dc:93:dd:b9:e7:5f:ce:31:4d:af:9a:fc:50:64:0d:36:8f:cf:0d:23:7f:c9:f2:da:62:3a:0f:f3:40:bf:8c:37:53:1c:a0:fb:05:d0:b9:e2:6e:ff:aa:c2:94:7e:34:06:b6:28:19:f4:0d:d9:e9:5f:f2:6c:13:20:5e:80:b8:29:0a:56:f0:17:05:fc:10:58:38:29:e4:de:b5:06:d9:f0:c5:f9:63:be:e0:5e:9e:d9:5c:b6:76:78:ec:0b:93:43:44:92:81:bb:83:43:f2:43:96:e5:05:ea:02:e0:23:d3:6d:91:44:c0:6b:e9:27:db:3b:c9:2e:20:2e:f2:9d:29:4d:a3:ac:fc:97:51:7c:cc:9a:65:3c:92:70:cc:89:2b:7d:cf:c8:66:d5:8e:2f:d7:47:06:52:cf:0b:99:c3:90:ed:7c:64:eb:de:ae:56:fa:58:c9:63:37:df:57:54:34:ff:57:fb:d0:e1:f9:21:d2:87:ba:0c:45:a7:de:68:6c:21:92:5d:55:b4:96:5e:da:9d:5d:29:dd:75:77:25:bf:73:0b:47:3b:91:58:68:c7:39:69:d1:e4:81:4d:83:20:9d:f9:3d:9c:db:7e:5b:e2:f7:ec:4e:e4:d3:b7:6d:60:96:55:d9:b4:e4:63:cd:22:ba:a7:e4:d1:28:33:bf:7e:e5:7a:66:b4:81:18:f7:e4:48:50:4b:57:5c:5e:08:2e:28:b9:a3:86:f0:08:7d:42:a9:3b:57:02:aa:92:cf:cf:77:af:92:ea:f7:e4:b9:cc:d4:8a:81:4f:26:62:c6:5e:d1:e6:08:fe:9c:f3:8e:c6:8d:53:d3:c2:e4:d1:b2:63:d1:93:81:7e:c3:88:72:8a:a6:72:18:8b:2d:6d:d9:25:ae:0f:cf:bb:00:e9:9a:61:31:93:6f:cb:b2:4a:80:45:7e:9a:d0:f9:03:ce:9e:4b:e9:84:93:34:8a:cd:c6:bc:9f:59:c9:92:06:84:86:16:44:b5:90:67:0c:c5:07:41:c6:fd:95:97:ed:6c:74:bb:83:f9:e3:6b:30:37:05:dd:cd:7f:84:33:b2:4b:3c:c9:fe:e6:ae:c0:ca:64:22:0d:e1:06:09:fc:c1:12:55:1a:19:33:35:f0:f5:bf:8e:82:0e:17:d1:28:2f:22:9e:48:81:75:17:98:19:09:c0:ef:0a:59:bd:0a:c1:83:2b:e5:de:87:1c:db:b0:d9:f8:2e:f6:d4:79:18:f6:47:e4:4c:47:04:8e:b0:dc:d7:5c:09:ae:83:80:57:fb:de:87:98:ce:cf:15:3b:23:3d:c2:ab:60:d3:86:67:13:da:6f:39:49:a0:e6:ff:0a:60:38:3f:f8:8f:02:0b:6a:fb:94:98:b0:a4:c7:d2:2a:eb:24:86:69:20:47:29:c4:05:c4:87:83:5f:a1:b5:67:45:ee:15:62:cc:1f:ce:96:68:87:a5:06:33:90:5f:76:a8:20:89:43:59:56:c6:5d:5e:e3:37:e3:05:93:57:cf:9a:6c:bb:5f:29:51:ef:81:d2:e6:bc:f9:61:57:d4:fe:b3:5c:dd:7f:13:2e:c2:90:1b:15:bc:ae:bd:2f:8d:e2:c5:2a:f0:33:b3:ec:f7:43:b0:f6:2c:4a:c6:35:11:c7:b0:4d:78:69:2b:04:77:f3:56:2e:e8:72:23:77:4f:e7:a6:d7:8f:c5:b3:60:bb:99:64:00:fa:ef:8e:8b:4c:0d:31:99:8b:83:b6:b8:cc:fa:86:6c:0a:e0:c2:cc:1d:a5:23:16:15:63:39:42:ee:9b:3e:88:d1:55:b7:14:d4:46:76:1d:3d:85:ec:f9:ab:cb:c4:55:29:be:56:84:1e:25:9e:49:42:ba:14:f4:3f:fe:8c:3b:be:3b:4a:77:99:38:46:2a:f9:bb:be:1d:dd:c3:96:1e:8f:e6:dd:c1:6d:dd:6c:62:9f:81:69:50:d1:06:39:5f:92:07:f1:3f:0f:20:02:6a:b1:67:16:ab:54:22:6e:27:a0:d6:9d:43:3c:ca:ca:23:e8:56:d2:a0:ae:04:28:9b:22:98:d3:c7:bc:af:6c:6a:dc:0a:25:4e:b8:69:2f:59:39:4c:2a:2d:e3:bf:2b:5f:20:6e:c4:41:16:16:a2:0f:90:66:9f:a4:4b:4e:34:6b:5a:5a:48:ab:a4:18:7f:e4:30:87:72:25:16:23:68:6c:28:54:33:b1:87:fd:53:db:d3:37:c4:2f:51:0c:4b:5a:6d:d5:16:ea:c3:4b:fc:a6:3c:55:ba:46:37:d7:e0:37:cf:53:86:15:3d:28:2e:9a:df:76:c3:a8:a9:e5:94:7e:eb:a0:a0:60:ec:14:36:1b:a7:6f:03:6a:13:e9:df:e2:97:55:d1:fc:21:d8:a9:47:87:4e:43:46:4c:c4:8c:14:b9:4e:39:21:37:f1:28:15:6b:ee:2d:17:7a:8a:16:cb:14:61:a5:0c:86:cd:72:85:71:e9:cb:42:bb:e6:d1:1e:d6:2e:8b:64:ca:08:c3:79:1f:b8:5d:46:cc:3f:bb:89:73:be:e0:54:7e:4a:e1:14:ab:28:b4:96:f7:a2:c1:69:b0:58:3c:ab:e8:58:d0:6a:68:91:68:6a:c0:3d:0c:51:ab:99:40:de:db:aa:73:40:3b:b3:62:e6:39:60:96:9f:89:07:b6:48:3d:e7:f9:f2:74:71:30:c6:d5:1b:61:bd:1b:c0:47:e8:3a:f2:d4:38:f1:4c:3a:b5:67:62:41:8e:f9:f4:4c:cd:25:85:c3:7c:bb:3e:99:12:37:db:df:a8:94:3f:2b:06:45:26:34:88:58:70:ea:62:88:23:10:8b:2c:51:c0:ae:4e:ef:df:ed:2a:e6:01:24:92:ef:aa:13:c4:bd:ca:51:db:fe:1e:c8:0a:d2:be:6f:b8:2b:37:a1:ca:79:31:2f:9f:ea:65:47:04:62:2b:ea:10:a0:d1:75:68:99:fa:c1:15:8d:c5:8d:88:6a:2a:4c:cf:67:8f:cc:00:37:6b:c8:1c:12:0a:55:60:05:a2:bf:8c:d0:f8:44:ce:3f:70:f6:aa:11:65:96:a2:e4:be:cc:f9:74:46:b2:db:33:34:5f:96:70:43:19:67:c0:51:11:f0:1c:c6:f9:57:8d:c3:09:18:c6:2f:ef" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:44.001531000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494324.001531000", + "frame.time_delta": "0.136610000", + "frame.time_delta_displayed": "0.136610000", + "frame.time_relative": "732.540845000", + "frame.number": "2581", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000206b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00006a70", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35294", + "tcp.port": "80", + "tcp.port": "35294", + "tcp.stream": "119", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00002dee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2580", + "tcp.analysis.ack_rtt": "0.136610000", + "tcp.analysis.initial_rtt": "0.137171000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:44.047623000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494324.047623000", + "frame.time_delta": "0.046092000", + "frame.time_delta_displayed": "0.046092000", + "frame.time_relative": "732.586937000", + "frame.number": "2582", + "frame.len": "925", + "frame.cap_len": "925", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "911", + "ip.id": "0x0000351e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00005256", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35294", + "tcp.port": "80", + "tcp.port": "35294", + "tcp.stream": "119", + "tcp.len": "871", + "tcp.seq": "1", + "tcp.nxtseq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000007f7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137171000", + "tcp.analysis.bytes_in_flight": "871", + "tcp.analysis.push_bytes_sent": "871" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_length_header": "560", + "http.content_length_header_tree": { + "http.content_length": "560" + }, + "http.response.line": "Content-Length: 560\r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Nonce=\"mEvtc9bmYVG7INUIscZffg==\"", + "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"mEvtc9bmYVG7INUIscZffg==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Tue, 31 Oct 2017 23:58:43 GMT", + "http.response.line": "Date: Tue, 31 Oct 2017 23:58:43 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.182702000", + "http.request_in": "2580", + "http.file_data": "\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdzl\u00ef\u00bf\u00bda\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0001\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bdCB%\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bdC\u00ef\u00bf\u00bd2\u00ef\u00bf\u00bd2kU87\r\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd#\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0005Z0`\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bdxG\b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd,\u00ef\u00bf\u00bdA\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001f\u00ef\u00bf\u00bd.,\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd#\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0001\u0010M8b\u0006K%\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdM\u00ef\u00bf\u00bd+e%\u0012k\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bdk}n\u001fs\u00ef\u00bf\u00bdq\u0015\u00ef\u00bf\u00bdS\u00151[\u00ef\u00bf\u00bd7" + }, + "media": { + "media.type": "a5:cb:c7:b8:31:d0:ec:c5:ce:7a:6c:91:61:9a:b0:01:d3:22:91:43:42:25:bf:f6:a2:63:c4:43:e6:32:e5:32:6b:55:38:37:0d:bd:dd:b7:c0:23:de:d3:de:31:d6:d0:05:5a:30:60:9e:63:93:19:cf:78:47:08:ad:d1:63:cf:2c:fe:41:f2:8b:1f:f6:2e:2c:b9:be:97:8a:23:d6:d3:ac:e9:bf:01:10:4d:38:62:06:4b:25:d6:c4:e2:c7:4e:d4:ea:e0:e0:4d:e9:2b:65:25:12:6b:d9:af:63:ec:6b:7d:6e:1f:73:c1:71:15:cf:53:15:31:5b:ed:37:00:10:22:8d:5b:01:17:e7:a5:fa:78:43:fd:81:03:4d:ab:e3:9d:9c:3a:ab:65:f8:7c:e2:8d:e8:57:18:6a:a9:8d:80:bc:30:30:15:45:ae:d0:10:da:c7:fe:55:f2:6c:be:8f:25:99:71:4d:54:71:2a:9c:a8:78:27:7c:0c:10:02:ae:5d:98:3b:d7:85:68:1f:24:61:ca:51:3a:67:fa:da:2c:d1:8b:b0:1c:2c:17:ed:ba:ba:8c:77:1d:54:ac:f9:b9:49:88:96:35:9a:70:da:00:0e:eb:e2:d8:23:c2:60:1b:3f:ce:70:cc:ee:43:ed:f0:80:34:94:c1:e2:8f:03:92:80:91:93:2b:17:54:f5:65:6a:86:f5:be:45:82:55:bd:eb:dd:94:b9:da:58:eb:fb:33:c2:7f:5d:d1:fb:ab:57:ac:01:b9:5f:a8:8a:40:66:12:ef:d7:fb:1f:9c:20:41:47:b4:95:f4:ab:3e:68:05:74:54:39:d3:be:0e:0b:c3:15:b5:86:db:3a:3d:ed:d8:22:db:a9:5e:fc:00:b2:84:31:c8:7e:73:4c:f6:0a:7f:f3:e9:f1:06:7d:50:1a:2c:5b:5a:ee:2c:e6:30:48:48:62:17:52:52:38:f3:36:0c:c2:08:13:af:9c:e1:27:67:c1:37:73:07:26:7c:7a:88:cc:11:a0:37:95:e6:64:be:0d:41:91:2b:7f:29:25:2b:54:5c:d4:30:45:2d:a2:48:64:cc:b6:99:d2:e2:32:e7:14:94:f0:bb:bf:93:e5:28:cd:16:f6:da:c9:e8:7a:75:05:5f:17:85:d2:25:2e:f5:c0:eb:0b:6c:f2:27:6d:44:cc:15:eb:91:ed:9e:b9:70:4d:8a:bf:14:b1:b2:06:64:0d:a4:9d:f7:7e:83:bb:91:a1:6a:7f:38:a1:f4:72:5f:d8:14:b3:31:63:2e:06:49:91:07:0a:8b:e6:66:82:7f:07:42:18:c8:51:ce:d4:11:cd:c6:38:b8:54:94:73:03:4f:a5:16:5f:da:45:cc:35:7a:23:31:20:ca:2b:d9:a8:2c:03:e5:b8:2b:d3:86:fc:f5:90:c5:f3:cc:b3:a2:50:bc:46:16:46:d5:4a:6f:13:eb:13:c5:cb:c1:6c:03:f1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:44.047711000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494324.047711000", + "frame.time_delta": "0.000088000", + "frame.time_delta_displayed": "0.000088000", + "frame.time_relative": "732.587025000", + "frame.number": "2583", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003520", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x000055bb", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35294", + "tcp.port": "80", + "tcp.port": "35294", + "tcp.stream": "119", + "tcp.len": "0", + "tcp.seq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00002a86", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:44.048177000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494324.048177000", + "frame.time_delta": "0.000466000", + "frame.time_delta_displayed": "0.000466000", + "frame.time_relative": "732.587491000", + "frame.number": "2584", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000042c0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f31b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35294", + "tcp.dstport": "80", + "tcp.port": "35294", + "tcp.port": "80", + "tcp.stream": "119", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "872", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000cad5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2582", + "tcp.analysis.ack_rtt": "0.000554000", + "tcp.analysis.initial_rtt": "0.137171000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:44.048829000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494324.048829000", + "frame.time_delta": "0.000652000", + "frame.time_delta_displayed": "0.000652000", + "frame.time_relative": "732.588143000", + "frame.number": "2585", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000042c1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f31a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35294", + "tcp.dstport": "80", + "tcp.port": "35294", + "tcp.port": "80", + "tcp.stream": "119", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "873", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000cad3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2583", + "tcp.analysis.ack_rtt": "0.001118000", + "tcp.analysis.initial_rtt": "0.137171000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:44.185128000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494324.185128000", + "frame.time_delta": "0.136299000", + "frame.time_delta_displayed": "0.136299000", + "frame.time_relative": "732.724442000", + "frame.number": "2586", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006dfd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00001cde", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35294", + "tcp.port": "80", + "tcp.port": "35294", + "tcp.stream": "119", + "tcp.len": "0", + "tcp.seq": "873", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00002a85", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2585", + "tcp.analysis.ack_rtt": "0.136299000", + "tcp.analysis.initial_rtt": "0.137171000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:45.585041000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494325.585041000", + "frame.time_delta": "1.399913000", + "frame.time_delta_displayed": "1.399913000", + "frame.time_relative": "734.124355000", + "frame.number": "2587", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000ec8e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000cc2b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "43154", + "udp.dstport": "53", + "udp.port": "43154", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00000d92", + "udp.checksum.status": "2", + "udp.stream": "65" + }, + "dns": { + "dns.id": "0x00000f19", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:45.585599000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494325.585599000", + "frame.time_delta": "0.000558000", + "frame.time_delta_displayed": "0.000558000", + "frame.time_relative": "734.124913000", + "frame.number": "2588", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00002a03", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008eb7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "43154", + "udp.port": "53", + "udp.port": "43154", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "65" + }, + "dns": { + "dns.response_to": "2587", + "dns.time": "0.000558000", + "dns.id": "0x00000f19", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:45.586428000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494325.586428000", + "frame.time_delta": "0.000829000", + "frame.time_delta_displayed": "0.000829000", + "frame.time_relative": "734.125742000", + "frame.number": "2589", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000ec8f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000cc2a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "59081", + "udp.dstport": "53", + "udp.port": "59081", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000ea59", + "udp.checksum.status": "2", + "udp.stream": "66" + }, + "dns": { + "dns.id": "0x00000f1a", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:45.586984000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494325.586984000", + "frame.time_delta": "0.000556000", + "frame.time_delta_displayed": "0.000556000", + "frame.time_relative": "734.126298000", + "frame.number": "2590", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00002a04", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008ea6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "59081", + "udp.port": "53", + "udp.port": "59081", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "66" + }, + "dns": { + "dns.response_to": "2589", + "dns.time": "0.000556000", + "dns.id": "0x00000f1a", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3052", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:45.588131000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494325.588131000", + "frame.time_delta": "0.001147000", + "frame.time_delta_displayed": "0.001147000", + "frame.time_relative": "734.127445000", + "frame.number": "2591", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002f72", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000065e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35295", + "tcp.dstport": "80", + "tcp.port": "35295", + "tcp.port": "80", + "tcp.stream": "120", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00004ce3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:45.722273000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494325.722273000", + "frame.time_delta": "0.134142000", + "frame.time_delta_displayed": "0.134142000", + "frame.time_relative": "734.261587000", + "frame.number": "2592", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x0000e6fb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000a3d7", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35295", + "tcp.port": "80", + "tcp.port": "35295", + "tcp.stream": "120", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x00000e56", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2591", + "tcp.analysis.ack_rtt": "0.134142000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:45.722818000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494325.722818000", + "frame.time_delta": "0.000545000", + "frame.time_delta_displayed": "0.000545000", + "frame.time_relative": "734.262132000", + "frame.number": "2593", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002f73", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000669", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35295", + "tcp.dstport": "80", + "tcp.port": "35295", + "tcp.port": "80", + "tcp.stream": "120", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000d7e4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2592", + "tcp.analysis.ack_rtt": "0.000545000", + "tcp.analysis.initial_rtt": "0.134687000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:45.722831000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494325.722831000", + "frame.time_delta": "0.000013000", + "frame.time_delta_displayed": "0.000013000", + "frame.time_relative": "734.262145000", + "frame.number": "2594", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x00002f74", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000410", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35295", + "tcp.dstport": "80", + "tcp.port": "35295", + "tcp.port": "80", + "tcp.stream": "120", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000761f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.134687000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:34:22:2c:20:4e:6f:6e:63:65:3d:22:6d:45:76:74:63:39:62:6d:59:56:47:37:49:4e:55:49:73:63:5a:66:66:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:43:4c:38:52:68:46:36:78:71:6e:35:75:5a:5a:79:6c:31:77:63:76:45:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:45.857806000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494325.857806000", + "frame.time_delta": "0.134975000", + "frame.time_delta_displayed": "0.134975000", + "frame.time_relative": "734.397120000", + "frame.number": "2595", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c99", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00006e42", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35295", + "tcp.port": "80", + "tcp.port": "35295", + "tcp.stream": "120", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003519", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2594", + "tcp.analysis.ack_rtt": "0.134975000", + "tcp.analysis.initial_rtt": "0.134687000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:45.857890000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494325.857890000", + "frame.time_delta": "0.000084000", + "frame.time_delta_displayed": "0.000084000", + "frame.time_relative": "734.397204000", + "frame.number": "2596", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c9a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00006e41", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35295", + "tcp.port": "80", + "tcp.port": "35295", + "tcp.stream": "120", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003519", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.134687000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "2595", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:45.858445000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494325.858445000", + "frame.time_delta": "0.000555000", + "frame.time_delta_displayed": "0.000555000", + "frame.time_relative": "734.397759000", + "frame.number": "2597", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x00002f75", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000187", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35295", + "tcp.dstport": "80", + "tcp.port": "35295", + "tcp.port": "80", + "tcp.stream": "120", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003d66", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.134687000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "d3:16:79:01:a5:bb:86:e5:06:7e:33:04:b8:f8:35:19:e6:ab:ef:d9:bd:2e:46:d2:d9:23:cd:50:68:6c:59:bb:68:ac:3f:f4:5e:4a:20:e2:4e:1e:a3:a9:55:6c:91:06:58:6e:53:e5:e9:0e:d2:cb:1b:07:17:10:9b:25:93:89:b8:ab:08:47:af:2f:17:7a:33:aa:45:f4:05:d4:d3:b5:a0:dc:5b:c5:0a:9e:2e:c6:c9:8d:f7:05:4f:c4:1d:05:74:37:ec:4b:ce:c2:07:47:33:0e:fe:d6:33:aa:f9:64:09:00:60:90:ba:36:03:d7:a0:d1:14:76:cc:f3:85:31:e1:16:82:3e:99:ce:4b:f3:6e:d8:ce:7c:ee:ec:d3:8f:84:9d:59:9a:7d:55:58:4e:9f:ea:6c:b9:95:5e:79:0c:43:aa:9b:77:69:b8:98:39:63:27:2d:17:ec:99:b4:43:de:ab:76:0d:9b:eb:c7:18:3b:fd:07:01:16:50:71:9b:f2:29:df:9c:d0:d6:f7:b3:bf:cd:ca:cd:ea:d3:ae:a1:50:df:b5:e7:a1:7c:d4:50:d0:14:31:73:39:f3:72:a3:ab:c5:06:a9:44:90:e8:5a:85:1f:f9:2a:47:b7:cd:66:4f:34:37:cd:46:9e:41:fe:ce:34:bc:4c:be:dc:82:6f:84:8e:1d:f3:9c:f1:e0:32:33:ff:ff:ae:45:e3:b2:a6:41:13:3a:e2:ef:a9:8a:ec:72:22:22:d5:9b:c0:17:ef:a7:a1:73:5d:5f:e9:12:31:84:85:d1:2f:75:e1:90:8b:d2:72:c8:d6:1b:f8:be:de:8f:60:d2:8f:2b:c1:c1:dd:e8:28:59:91:f3:ec:a4:c0:e4:62:16:d5:9b:6e:02:45:2f:7f:6f:28:e7:64:8d:47:0d:c0:93:bb:e1:e7:3c:d8:33:2b:10:55:e6:44:f5:a5:30:29:2f:c8:9a:5b:20:7c:1c:fe:94:46:90:34:ef:3b:7e:35:16:88:45:b7:87:80:91:e7:f5:04:a6:96:6a:c7:f9:c8:02:67:87:63:af:f3:6a:d3:df:fb:14:a6:d4:78:eb:27:de:be:c0:a5:df:f2:a2:ae:9d:fa:8f:56:5b:57:79:9f:46:63:79:fd:64:0b:20:b6:cf:6c:d9:26:05:11:a8:00:8e:9a:4f:3b:d4:c8:c5:2f:5c:8f:e8:26:33:f4:fa:d3:88:d5:8e:1e:64:53:cb:4c:9d:39:61:73:a6:95:a9:3d:49:12:c5:da:76:33:39:bf:78:29:1f:dd:b0:6a:a6:78:29:67:7a:27:47:e1:56:71:7d:b6:6c:c4:f1:73:f7:84:c7:80:2b:b6:a5:54:c9:38:2a:f4:ed:1a:f1:69:54:ba:d8:f7:c8:2e:c3:ff:bb:7c:b9:6b:e5:e3:64:ab:fc:f9:9b:07:cb:cd:5a:4e:d1:ef:87:79:3b:49:1f:ab:f8:ae:fd:55:d8:9a:a5:ee:84:c0:db:ce:e6:e3:53:58:d3:a5:5a:9d:0a:0e:c7:8f:14:dd:97:78:94:33:68:1b:ce:c7:70:15:54:3c:e1:44:9e:52:a9:ee:10:eb:b1:7e:c6:c1:65:3f:58:71:40:4a:cb:ee:37:73:54:36:7d:7e:74:9b:f9:b2:7f:e8:0e:28:ec:e9:fe:4b:b5:45:4b:81:43:59:55:e9:b2:3f:9b:e3:b7:4e:da:f0:e9:1f:4e:9c:83:e0:99:59:d9:bd:40:f0:58:a6:62:57:77:11:56:8d:09:59:7b:ff:19:bf:3f:1a:86:d9:75:9a:c9:d3:8c:4a:f1:34:0a:8c:32:15:d3:ff:7e:6c:11:d0:bd:64:61:4e:e2:9f:20:16:2d:ee:2c:36:8e:db:9d:6d:cf:ac:fe:b7:14:9d:26:b7:e3:4e:66:99:52:d4:29:e9:e2:35:12:88:10:05:07:fa:c0:f1:3c:51:d2:91:b0:49:f9:9d:69:e6:44:fe:cb:d3:88:46:71:ec:5e:0a:4b:8a:ba:b1:6f:53:5a:41:ad:be:31:6f:8c:af:87:a6:78:1d:43:27:01:24:2e:bf:ff:5b:ed:ba:71:b5:a9:d9:d8:20:11:de:41:37:3b:15:9c:fd:f0:68:2d:8a:9b:22:07:5e:b3:af:51:57:e1:6b:ae:90:10:9e:bf:46:68:b8:fa:ae:a1:95:b8:af:8c:c5:c5:05:bc:25:19:86:57:11:e7:0e:dc:c1:84:8a:13:1b:40:77:b6:3b:e4:c5:54:7b:ea:00:85:87:53:04:ea:0b:92:97:95:e6:58:66:f5:de:5a:75:08:2c:63:01:cc:d5:10:97:5a:6c:23:8f:1c:12:70:81:d3:91:fc:67:cb:9e:83:83:0e:12:cd:dc:27:e1:4c:c6:d3:6a:9b:6c:9b:f5:19:90:c1:ed:24:be:06:2d:1c:3f:5b:21:3d:0e:3c:91:88:11:e6:c7:28:27:f9:0d:aa:a7:30:51:ec:95:85:35:4f:e4:28:7b:65:1c:85:e2:22:4e:f1:e4:77:bb:e2:b8:19:bd:f9:5d:be:d0:c7:46:77:b2:19:29:51:34:38:a3:cf:00:0f:aa:27:1b:b0:58:ea:4f:80:2f:69:47:85:7d:7e:8b:ab:e9:28:d8:cc:8c:d1:de:14:1d:84:2b:2b:b4:aa:ac:12:08:05:f1:12:fc:55:40:20:70:57:c9:f1:3d:54:b3:d9:de:3a:70:66:05:ee:db:a9:0c:fa:8e:5b:a0:26:9e:08:fe:a5:df:9b:2e:93:df:ef:14:2b:e1:e8:14:9b:0b:50:cc:d9:46:e1:23:1b:9c:d7:c0:f4:b9:5f:bf:91:de:a8:0a:60:9f:34:87:ac:d9:e1:36:e4:48:28:16:d5:d0:ba:eb:4f:15:1e:3b:6d:bf:b5:8c:bf:bd:0c:eb:65:9c:9e:dc:39:5c:9c:5a:52:a3:77:bd:95:9e:a4:d4:0a:0e:1c:a6:69:0b:c3:d3:bf:ff:c1:64:62:78:95:1e:f5:e2:df:88:b2:5a:98:58:66:1a:6f:67:7d:a2:72:9d:f6:84:8e:45:ec:78:63:a7:78:a5:c4:cf:11:84:bf:dc:bd:b8:dc:8f:1f:df:ba:cb:6e:3c:b7:50:5b:fb:6a:83:16:27:86:93:c6:c1:9f:33:f8:b5:97:e2:49:84:9f:53:43:6d:13:17:58:9e:19:dd:82:f9:d8:f9:36:a3:39:23:37:df:37:15:2a:ed:38:62:49:d1:a1:92:3c:3a:59:4e:f0:fb:ff:99:aa:93:3e:8c:2d:d5:79:0d:bd:b2:38:ac:38:f1:f6:27:1d:49" + }, + "tcp.segments": { + "tcp.segment": "2594", + "tcp.segment": "2597", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:34:22:2c:20:4e:6f:6e:63:65:3d:22:6d:45:76:74:63:39:62:6d:59:56:47:37:49:4e:55:49:73:63:5a:66:66:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:43:4c:38:52:68:46:36:78:71:6e:35:75:5a:5a:79:6c:31:77:63:76:45:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:d3:16:79:01:a5:bb:86:e5:06:7e:33:04:b8:f8:35:19:e6:ab:ef:d9:bd:2e:46:d2:d9:23:cd:50:68:6c:59:bb:68:ac:3f:f4:5e:4a:20:e2:4e:1e:a3:a9:55:6c:91:06:58:6e:53:e5:e9:0e:d2:cb:1b:07:17:10:9b:25:93:89:b8:ab:08:47:af:2f:17:7a:33:aa:45:f4:05:d4:d3:b5:a0:dc:5b:c5:0a:9e:2e:c6:c9:8d:f7:05:4f:c4:1d:05:74:37:ec:4b:ce:c2:07:47:33:0e:fe:d6:33:aa:f9:64:09:00:60:90:ba:36:03:d7:a0:d1:14:76:cc:f3:85:31:e1:16:82:3e:99:ce:4b:f3:6e:d8:ce:7c:ee:ec:d3:8f:84:9d:59:9a:7d:55:58:4e:9f:ea:6c:b9:95:5e:79:0c:43:aa:9b:77:69:b8:98:39:63:27:2d:17:ec:99:b4:43:de:ab:76:0d:9b:eb:c7:18:3b:fd:07:01:16:50:71:9b:f2:29:df:9c:d0:d6:f7:b3:bf:cd:ca:cd:ea:d3:ae:a1:50:df:b5:e7:a1:7c:d4:50:d0:14:31:73:39:f3:72:a3:ab:c5:06:a9:44:90:e8:5a:85:1f:f9:2a:47:b7:cd:66:4f:34:37:cd:46:9e:41:fe:ce:34:bc:4c:be:dc:82:6f:84:8e:1d:f3:9c:f1:e0:32:33:ff:ff:ae:45:e3:b2:a6:41:13:3a:e2:ef:a9:8a:ec:72:22:22:d5:9b:c0:17:ef:a7:a1:73:5d:5f:e9:12:31:84:85:d1:2f:75:e1:90:8b:d2:72:c8:d6:1b:f8:be:de:8f:60:d2:8f:2b:c1:c1:dd:e8:28:59:91:f3:ec:a4:c0:e4:62:16:d5:9b:6e:02:45:2f:7f:6f:28:e7:64:8d:47:0d:c0:93:bb:e1:e7:3c:d8:33:2b:10:55:e6:44:f5:a5:30:29:2f:c8:9a:5b:20:7c:1c:fe:94:46:90:34:ef:3b:7e:35:16:88:45:b7:87:80:91:e7:f5:04:a6:96:6a:c7:f9:c8:02:67:87:63:af:f3:6a:d3:df:fb:14:a6:d4:78:eb:27:de:be:c0:a5:df:f2:a2:ae:9d:fa:8f:56:5b:57:79:9f:46:63:79:fd:64:0b:20:b6:cf:6c:d9:26:05:11:a8:00:8e:9a:4f:3b:d4:c8:c5:2f:5c:8f:e8:26:33:f4:fa:d3:88:d5:8e:1e:64:53:cb:4c:9d:39:61:73:a6:95:a9:3d:49:12:c5:da:76:33:39:bf:78:29:1f:dd:b0:6a:a6:78:29:67:7a:27:47:e1:56:71:7d:b6:6c:c4:f1:73:f7:84:c7:80:2b:b6:a5:54:c9:38:2a:f4:ed:1a:f1:69:54:ba:d8:f7:c8:2e:c3:ff:bb:7c:b9:6b:e5:e3:64:ab:fc:f9:9b:07:cb:cd:5a:4e:d1:ef:87:79:3b:49:1f:ab:f8:ae:fd:55:d8:9a:a5:ee:84:c0:db:ce:e6:e3:53:58:d3:a5:5a:9d:0a:0e:c7:8f:14:dd:97:78:94:33:68:1b:ce:c7:70:15:54:3c:e1:44:9e:52:a9:ee:10:eb:b1:7e:c6:c1:65:3f:58:71:40:4a:cb:ee:37:73:54:36:7d:7e:74:9b:f9:b2:7f:e8:0e:28:ec:e9:fe:4b:b5:45:4b:81:43:59:55:e9:b2:3f:9b:e3:b7:4e:da:f0:e9:1f:4e:9c:83:e0:99:59:d9:bd:40:f0:58:a6:62:57:77:11:56:8d:09:59:7b:ff:19:bf:3f:1a:86:d9:75:9a:c9:d3:8c:4a:f1:34:0a:8c:32:15:d3:ff:7e:6c:11:d0:bd:64:61:4e:e2:9f:20:16:2d:ee:2c:36:8e:db:9d:6d:cf:ac:fe:b7:14:9d:26:b7:e3:4e:66:99:52:d4:29:e9:e2:35:12:88:10:05:07:fa:c0:f1:3c:51:d2:91:b0:49:f9:9d:69:e6:44:fe:cb:d3:88:46:71:ec:5e:0a:4b:8a:ba:b1:6f:53:5a:41:ad:be:31:6f:8c:af:87:a6:78:1d:43:27:01:24:2e:bf:ff:5b:ed:ba:71:b5:a9:d9:d8:20:11:de:41:37:3b:15:9c:fd:f0:68:2d:8a:9b:22:07:5e:b3:af:51:57:e1:6b:ae:90:10:9e:bf:46:68:b8:fa:ae:a1:95:b8:af:8c:c5:c5:05:bc:25:19:86:57:11:e7:0e:dc:c1:84:8a:13:1b:40:77:b6:3b:e4:c5:54:7b:ea:00:85:87:53:04:ea:0b:92:97:95:e6:58:66:f5:de:5a:75:08:2c:63:01:cc:d5:10:97:5a:6c:23:8f:1c:12:70:81:d3:91:fc:67:cb:9e:83:83:0e:12:cd:dc:27:e1:4c:c6:d3:6a:9b:6c:9b:f5:19:90:c1:ed:24:be:06:2d:1c:3f:5b:21:3d:0e:3c:91:88:11:e6:c7:28:27:f9:0d:aa:a7:30:51:ec:95:85:35:4f:e4:28:7b:65:1c:85:e2:22:4e:f1:e4:77:bb:e2:b8:19:bd:f9:5d:be:d0:c7:46:77:b2:19:29:51:34:38:a3:cf:00:0f:aa:27:1b:b0:58:ea:4f:80:2f:69:47:85:7d:7e:8b:ab:e9:28:d8:cc:8c:d1:de:14:1d:84:2b:2b:b4:aa:ac:12:08:05:f1:12:fc:55:40:20:70:57:c9:f1:3d:54:b3:d9:de:3a:70:66:05:ee:db:a9:0c:fa:8e:5b:a0:26:9e:08:fe:a5:df:9b:2e:93:df:ef:14:2b:e1:e8:14:9b:0b:50:cc:d9:46:e1:23:1b:9c:d7:c0:f4:b9:5f:bf:91:de:a8:0a:60:9f:34:87:ac:d9:e1:36:e4:48:28:16:d5:d0:ba:eb:4f:15:1e:3b:6d:bf:b5:8c:bf:bd:0c:eb:65:9c:9e:dc:39:5c:9c:5a:52:a3:77:bd:95:9e:a4:d4:0a:0e:1c:a6:69:0b:c3:d3:bf:ff:c1:64:62:78:95:1e:f5:e2:df:88:b2:5a:98:58:66:1a:6f:67:7d:a2:72:9d:f6:84:8e:45:ec:78:63:a7:78:a5:c4:cf:11:84:bf:dc:bd:b8:dc:8f:1f:df:ba:cb:6e:3c:b7:50:5b:fb:6a:83:16:27:86:93:c6:c1:9f:33:f8:b5:97:e2:49:84:9f:53:43:6d:13:17:58:9e:19:dd:82:f9:d8:f9:36:a3:39:23:37:df:37:15:2a:ed:38:62:49:d1:a1:92:3c:3a:59:4e:f0:fb:ff:99:aa:93:3e:8c:2d:d5:79:0d:bd:b2:38:ac:38:f1:f6:27:1d:49" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"184\", Nonce=\"mEvtc9bmYVG7INUIscZffg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"CL8RhF6xqn5uZZyl1wcvEA==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"184\", Nonce=\"mEvtc9bmYVG7INUIscZffg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"CL8RhF6xqn5uZZyl1wcvEA==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "\u00ef\u00bf\u00bd\u0016y\u0001\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0006~3\u0004\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd5\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd.F\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd#\u00ef\u00bf\u00bdPhlY\u00ef\u00bf\u00bdh\u00ef\u00bf\u00bd?\u00ef\u00bf\u00bd^J \u00ef\u00bf\u00bdN\u001e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdUl\u00ef\u00bf\u00bd\u0006XnS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001b\u0007\u0017\u0010\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\bG\u00ef\u00bf\u00bd\/\u0017z3\u00ef\u00bf\u00bdE\u00ef\u00bf\u00bd\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd[\u00ef\u00bf\u00bd\n\u00ef\u00bf\u00bd.\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0005O\u00ef\u00bf\u00bd\u001d\u0005t7\u00ef\u00bf\u00bdK\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0007G3\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdd\t" + }, + "media": { + "media.type": "d3:16:79:01:a5:bb:86:e5:06:7e:33:04:b8:f8:35:19:e6:ab:ef:d9:bd:2e:46:d2:d9:23:cd:50:68:6c:59:bb:68:ac:3f:f4:5e:4a:20:e2:4e:1e:a3:a9:55:6c:91:06:58:6e:53:e5:e9:0e:d2:cb:1b:07:17:10:9b:25:93:89:b8:ab:08:47:af:2f:17:7a:33:aa:45:f4:05:d4:d3:b5:a0:dc:5b:c5:0a:9e:2e:c6:c9:8d:f7:05:4f:c4:1d:05:74:37:ec:4b:ce:c2:07:47:33:0e:fe:d6:33:aa:f9:64:09:00:60:90:ba:36:03:d7:a0:d1:14:76:cc:f3:85:31:e1:16:82:3e:99:ce:4b:f3:6e:d8:ce:7c:ee:ec:d3:8f:84:9d:59:9a:7d:55:58:4e:9f:ea:6c:b9:95:5e:79:0c:43:aa:9b:77:69:b8:98:39:63:27:2d:17:ec:99:b4:43:de:ab:76:0d:9b:eb:c7:18:3b:fd:07:01:16:50:71:9b:f2:29:df:9c:d0:d6:f7:b3:bf:cd:ca:cd:ea:d3:ae:a1:50:df:b5:e7:a1:7c:d4:50:d0:14:31:73:39:f3:72:a3:ab:c5:06:a9:44:90:e8:5a:85:1f:f9:2a:47:b7:cd:66:4f:34:37:cd:46:9e:41:fe:ce:34:bc:4c:be:dc:82:6f:84:8e:1d:f3:9c:f1:e0:32:33:ff:ff:ae:45:e3:b2:a6:41:13:3a:e2:ef:a9:8a:ec:72:22:22:d5:9b:c0:17:ef:a7:a1:73:5d:5f:e9:12:31:84:85:d1:2f:75:e1:90:8b:d2:72:c8:d6:1b:f8:be:de:8f:60:d2:8f:2b:c1:c1:dd:e8:28:59:91:f3:ec:a4:c0:e4:62:16:d5:9b:6e:02:45:2f:7f:6f:28:e7:64:8d:47:0d:c0:93:bb:e1:e7:3c:d8:33:2b:10:55:e6:44:f5:a5:30:29:2f:c8:9a:5b:20:7c:1c:fe:94:46:90:34:ef:3b:7e:35:16:88:45:b7:87:80:91:e7:f5:04:a6:96:6a:c7:f9:c8:02:67:87:63:af:f3:6a:d3:df:fb:14:a6:d4:78:eb:27:de:be:c0:a5:df:f2:a2:ae:9d:fa:8f:56:5b:57:79:9f:46:63:79:fd:64:0b:20:b6:cf:6c:d9:26:05:11:a8:00:8e:9a:4f:3b:d4:c8:c5:2f:5c:8f:e8:26:33:f4:fa:d3:88:d5:8e:1e:64:53:cb:4c:9d:39:61:73:a6:95:a9:3d:49:12:c5:da:76:33:39:bf:78:29:1f:dd:b0:6a:a6:78:29:67:7a:27:47:e1:56:71:7d:b6:6c:c4:f1:73:f7:84:c7:80:2b:b6:a5:54:c9:38:2a:f4:ed:1a:f1:69:54:ba:d8:f7:c8:2e:c3:ff:bb:7c:b9:6b:e5:e3:64:ab:fc:f9:9b:07:cb:cd:5a:4e:d1:ef:87:79:3b:49:1f:ab:f8:ae:fd:55:d8:9a:a5:ee:84:c0:db:ce:e6:e3:53:58:d3:a5:5a:9d:0a:0e:c7:8f:14:dd:97:78:94:33:68:1b:ce:c7:70:15:54:3c:e1:44:9e:52:a9:ee:10:eb:b1:7e:c6:c1:65:3f:58:71:40:4a:cb:ee:37:73:54:36:7d:7e:74:9b:f9:b2:7f:e8:0e:28:ec:e9:fe:4b:b5:45:4b:81:43:59:55:e9:b2:3f:9b:e3:b7:4e:da:f0:e9:1f:4e:9c:83:e0:99:59:d9:bd:40:f0:58:a6:62:57:77:11:56:8d:09:59:7b:ff:19:bf:3f:1a:86:d9:75:9a:c9:d3:8c:4a:f1:34:0a:8c:32:15:d3:ff:7e:6c:11:d0:bd:64:61:4e:e2:9f:20:16:2d:ee:2c:36:8e:db:9d:6d:cf:ac:fe:b7:14:9d:26:b7:e3:4e:66:99:52:d4:29:e9:e2:35:12:88:10:05:07:fa:c0:f1:3c:51:d2:91:b0:49:f9:9d:69:e6:44:fe:cb:d3:88:46:71:ec:5e:0a:4b:8a:ba:b1:6f:53:5a:41:ad:be:31:6f:8c:af:87:a6:78:1d:43:27:01:24:2e:bf:ff:5b:ed:ba:71:b5:a9:d9:d8:20:11:de:41:37:3b:15:9c:fd:f0:68:2d:8a:9b:22:07:5e:b3:af:51:57:e1:6b:ae:90:10:9e:bf:46:68:b8:fa:ae:a1:95:b8:af:8c:c5:c5:05:bc:25:19:86:57:11:e7:0e:dc:c1:84:8a:13:1b:40:77:b6:3b:e4:c5:54:7b:ea:00:85:87:53:04:ea:0b:92:97:95:e6:58:66:f5:de:5a:75:08:2c:63:01:cc:d5:10:97:5a:6c:23:8f:1c:12:70:81:d3:91:fc:67:cb:9e:83:83:0e:12:cd:dc:27:e1:4c:c6:d3:6a:9b:6c:9b:f5:19:90:c1:ed:24:be:06:2d:1c:3f:5b:21:3d:0e:3c:91:88:11:e6:c7:28:27:f9:0d:aa:a7:30:51:ec:95:85:35:4f:e4:28:7b:65:1c:85:e2:22:4e:f1:e4:77:bb:e2:b8:19:bd:f9:5d:be:d0:c7:46:77:b2:19:29:51:34:38:a3:cf:00:0f:aa:27:1b:b0:58:ea:4f:80:2f:69:47:85:7d:7e:8b:ab:e9:28:d8:cc:8c:d1:de:14:1d:84:2b:2b:b4:aa:ac:12:08:05:f1:12:fc:55:40:20:70:57:c9:f1:3d:54:b3:d9:de:3a:70:66:05:ee:db:a9:0c:fa:8e:5b:a0:26:9e:08:fe:a5:df:9b:2e:93:df:ef:14:2b:e1:e8:14:9b:0b:50:cc:d9:46:e1:23:1b:9c:d7:c0:f4:b9:5f:bf:91:de:a8:0a:60:9f:34:87:ac:d9:e1:36:e4:48:28:16:d5:d0:ba:eb:4f:15:1e:3b:6d:bf:b5:8c:bf:bd:0c:eb:65:9c:9e:dc:39:5c:9c:5a:52:a3:77:bd:95:9e:a4:d4:0a:0e:1c:a6:69:0b:c3:d3:bf:ff:c1:64:62:78:95:1e:f5:e2:df:88:b2:5a:98:58:66:1a:6f:67:7d:a2:72:9d:f6:84:8e:45:ec:78:63:a7:78:a5:c4:cf:11:84:bf:dc:bd:b8:dc:8f:1f:df:ba:cb:6e:3c:b7:50:5b:fb:6a:83:16:27:86:93:c6:c1:9f:33:f8:b5:97:e2:49:84:9f:53:43:6d:13:17:58:9e:19:dd:82:f9:d8:f9:36:a3:39:23:37:df:37:15:2a:ed:38:62:49:d1:a1:92:3c:3a:59:4e:f0:fb:ff:99:aa:93:3e:8c:2d:d5:79:0d:bd:b2:38:ac:38:f1:f6:27:1d:49" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:45.992915000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494325.992915000", + "frame.time_delta": "0.134470000", + "frame.time_delta_displayed": "0.134470000", + "frame.time_relative": "734.532229000", + "frame.number": "2598", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000056d3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00003408", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35295", + "tcp.port": "80", + "tcp.port": "35295", + "tcp.stream": "120", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00002b59", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2597", + "tcp.analysis.ack_rtt": "0.134470000", + "tcp.analysis.initial_rtt": "0.134687000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:46.344947000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494326.344947000", + "frame.time_delta": "0.352032000", + "frame.time_delta_displayed": "0.352032000", + "frame.time_relative": "734.884261000", + "frame.number": "2599", + "frame.len": "925", + "frame.cap_len": "925", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "911", + "ip.id": "0x0000ed9a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x000099d9", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35295", + "tcp.port": "80", + "tcp.port": "35295", + "tcp.stream": "120", + "tcp.len": "871", + "tcp.seq": "1", + "tcp.nxtseq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00005180", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.134687000", + "tcp.analysis.bytes_in_flight": "871", + "tcp.analysis.push_bytes_sent": "871" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_length_header": "560", + "http.content_length_header_tree": { + "http.content_length": "560" + }, + "http.response.line": "Content-Length: 560\r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Nonce=\"8PndQgBJvlK7INUIByF8rg==\"", + "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"8PndQgBJvlK7INUIByF8rg==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Tue, 31 Oct 2017 23:58:46 GMT", + "http.response.line": "Date: Tue, 31 Oct 2017 23:58:46 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.486502000", + "http.request_in": "2597", + "http.file_data": "\u00ef\u00bf\u00bd\u0016y\u0001\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0006~3\u0004\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd5\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd.F\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd#\u00ef\u00bf\u00bdPhlY\u00ef\u00bf\u00bd8\u00ef\u00bf\u00bdD;E\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bda\u0010M8\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bd\u0016\u001b@\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd*?\u0013\u00ef\u00bf\u00bd2\u0011\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0016\u00ef\u00bf\u00bdSj\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdP,s\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdv\u0018G\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd@5\u00ef\u00bf\u00bd\u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdM\u0012u\u00ef\u00bf\u00bdL\u00ef\u00bf\u00bdd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000b2~\u001a\u0017\u00ef\u00bf\u00bd*\u00ef\u00bf\u00bd\tt\u00ef\u00bf\u00bdR\u00ef\u00bf\u00bd\u0017\u00ef\u00bf\u00bd\u001cO\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdaf\/\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdL\u00ef\u00bf\u00bdlZ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdU\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd<WA\u00ef\u00bf\u00bdT\u0019\u0017\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0002 7\u00ef\u00bf\u00bd\u0007\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdNNh\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c\u00ef\u00bf\u00bd\u0016@\u00ef\u00bf\u00bd\f\/\u00ef\u00bf\u00bdJ\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bd>\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bd+\bn\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bdzVc\u000e\u00ef\u00bf\u00bd>\u0013\u00ef\u00bf\u00bd\u0017g\u00ef\u00bf\u00bd#2\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr2\u001c\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdb\u00ef\u00bf\u00bdj\bb<\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u007f\u00ef\u00bf\u00bd\\\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdSQ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdPn\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdz\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bd8\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdp.\u00ef\u00bf\u00bd8\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bd!\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c\u00ef\u00bf\u00bdK\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bdz\u00ef\u00bf\u00bd\f\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bd@\b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdg\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr37\u00ef\u00bf\u00bdI\u0019\u00ef\u00bf\u00bd\u000f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0012b$\u0012N\u00ef\u00bf\u00bdi\u000e_\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001dj\u00ef\u00bf\u00bd\u00151Pa=\u0006\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdtAg7\f$7\u00ef\u00bf\u00bdCB\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdZ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0014d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd r" + }, + "media": { + "media.type": "d3:16:79:01:a5:bb:86:e5:06:7e:33:04:b8:f8:35:19:e6:ab:ef:d9:bd:2e:46:d2:d9:23:cd:50:68:6c:59:bb:38:d9:44:3b:45:d3:c3:ca:61:10:4d:38:ba:86:6a:cc:16:1b:40:bb:a6:dd:72:ed:a4:f5:2a:3f:13:9e:32:11:8d:a4:16:ab:53:6a:81:81:50:2c:73:c5:83:76:18:47:9c:ed:40:35:a3:7f:d3:b1:b8:4d:12:75:f7:4c:ef:64:f8:cc:80:fc:0e:d2:b6:ba:0b:32:7e:1a:17:f7:2a:ac:09:74:de:52:ce:17:aa:1c:4f:d1:ee:61:66:2f:9f:91:4c:a7:6c:5a:ea:ed:ee:55:c5:b4:3c:57:41:ee:54:19:17:ff:d1:ca:c5:fb:fc:02:20:37:d9:07:b1:cd:4e:4e:68:05:c1:92:1c:a9:16:40:c2:0c:2f:ad:4a:f7:18:d4:3e:86:d6:25:95:22:a0:2b:08:6e:d9:b0:63:e5:d1:db:6a:92:7a:56:63:0e:dd:3e:13:8a:17:67:c6:23:32:89:95:c8:fe:aa:f9:72:32:1c:83:8c:e0:35:8e:85:bf:62:df:6a:08:62:3c:ed:ee:7f:81:5c:cb:93:ad:fe:f3:e8:53:51:c1:f4:50:6e:05:8a:93:7a:e8:25:bd:38:f0:8e:70:2e:df:38:aa:2f:d3:21:c6:ee:8b:c9:1c:e8:4b:81:f8:19:a3:7a:83:0c:86:36:b0:40:08:f4:90:67:b3:c8:72:33:37:dd:49:19:b8:0f:b1:b0:12:62:24:12:4e:9e:69:0e:5f:fd:02:e4:ef:1d:6a:d6:15:31:50:61:3d:06:f8:9a:97:74:41:67:37:0c:24:37:bc:43:42:b9:93:5a:f1:d6:91:df:a5:14:64:f6:ba:f5:20:72:00:e0:43:1e:59:af:05:0d:8a:e4:b9:b2:95:ad:f7:e1:3a:40:15:1d:de:3b:4c:1d:e9:47:ad:3c:f6:90:d8:88:f5:9a:46:76:78:27:b1:42:43:86:b7:cd:b0:66:1d:99:e9:ba:75:91:21:91:dd:62:04:d5:0f:de:85:0a:d2:10:b6:81:91:fa:9c:be:1f:57:76:dc:0e:c7:0a:f7:88:ed:20:4d:3b:a6:94:5c:19:4a:88:08:e0:29:06:9d:6e:4b:79:d3:95:a7:26:e8:3b:19:d0:18:7f:e0:1f:f6:85:b9:54:75:d9:de:12:24:ac:c9:af:0c:ad:bb:1b:c0:7f:db:1e:74:e3:cf:c6:c9:da:cb:4a:25:74:c5:9b:d9:02:f9:24:39:a0:9c:70:9a:95:ad:c4:bd:b0:8b:b9:1d:e5:40:b0:21:71:35:ff:4e:b5:ae:04:c3:ec:a4:be:97:d2:8c:bf:09:34:4b:04:09:d0:31:e3:28:13:01:af:f5:54:ce:e0:da:63:5a:d0:14:21:a9:52:c9:6f:85:f7:b7:68:ff:84:c8:06:e4" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:46.345043000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494326.345043000", + "frame.time_delta": "0.000096000", + "frame.time_delta_displayed": "0.000096000", + "frame.time_relative": "734.884357000", + "frame.number": "2600", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ed9c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00009d3e", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35295", + "tcp.port": "80", + "tcp.port": "35295", + "tcp.stream": "120", + "tcp.len": "0", + "tcp.seq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000027f1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:46.345542000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494326.345542000", + "frame.time_delta": "0.000499000", + "frame.time_delta_displayed": "0.000499000", + "frame.time_relative": "734.884856000", + "frame.number": "2601", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002f76", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000666", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35295", + "tcp.dstport": "80", + "tcp.port": "35295", + "tcp.port": "80", + "tcp.stream": "120", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "872", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000c840", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2599", + "tcp.analysis.ack_rtt": "0.000595000", + "tcp.analysis.initial_rtt": "0.134687000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:46.346521000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494326.346521000", + "frame.time_delta": "0.000979000", + "frame.time_delta_displayed": "0.000979000", + "frame.time_relative": "734.885835000", + "frame.number": "2602", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002f77", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000665", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35295", + "tcp.dstport": "80", + "tcp.port": "35295", + "tcp.port": "80", + "tcp.stream": "120", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "873", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000c83e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2600", + "tcp.analysis.ack_rtt": "0.001478000", + "tcp.analysis.initial_rtt": "0.134687000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:46.480746000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494326.480746000", + "frame.time_delta": "0.134225000", + "frame.time_delta_displayed": "0.134225000", + "frame.time_relative": "735.020060000", + "frame.number": "2603", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000029f6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x000060e5", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35295", + "tcp.port": "80", + "tcp.port": "35295", + "tcp.stream": "120", + "tcp.len": "0", + "tcp.seq": "873", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000027f0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2602", + "tcp.analysis.ack_rtt": "0.134225000", + "tcp.analysis.initial_rtt": "0.134687000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:47.590523000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494327.590523000", + "frame.time_delta": "1.109777000", + "frame.time_delta_displayed": "1.109777000", + "frame.time_relative": "736.129837000", + "frame.number": "2604", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000ed3b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000cb7e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "55876", + "udp.dstport": "53", + "udp.port": "55876", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000dbdd", + "udp.checksum.status": "2", + "udp.stream": "67" + }, + "dns": { + "dns.id": "0x00000f1b", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:47.591011000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494327.591011000", + "frame.time_delta": "0.000488000", + "frame.time_delta_displayed": "0.000488000", + "frame.time_relative": "736.130325000", + "frame.number": "2605", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00002a69", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008e51", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "55876", + "udp.port": "53", + "udp.port": "55876", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "67" + }, + "dns": { + "dns.response_to": "2604", + "dns.time": "0.000488000", + "dns.id": "0x00000f1b", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:47.591831000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494327.591831000", + "frame.time_delta": "0.000820000", + "frame.time_delta_displayed": "0.000820000", + "frame.time_relative": "736.131145000", + "frame.number": "2606", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000ed3c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000cb7d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "37649", + "udp.dstport": "53", + "udp.port": "37649", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00003e10", + "udp.checksum.status": "2", + "udp.stream": "68" + }, + "dns": { + "dns.id": "0x00000f1c", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:47.592256000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494327.592256000", + "frame.time_delta": "0.000425000", + "frame.time_delta_displayed": "0.000425000", + "frame.time_relative": "736.131570000", + "frame.number": "2607", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00002a6a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008e40", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "37649", + "udp.port": "53", + "udp.port": "37649", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "68" + }, + "dns": { + "dns.response_to": "2606", + "dns.time": "0.000425000", + "dns.id": "0x00000f1c", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3050", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:47.593034000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494327.593034000", + "frame.time_delta": "0.000778000", + "frame.time_delta_displayed": "0.000778000", + "frame.time_relative": "736.132348000", + "frame.number": "2608", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000b49f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008130", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35296", + "tcp.dstport": "80", + "tcp.port": "35296", + "tcp.port": "80", + "tcp.stream": "121", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000095df", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:47.729929000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494327.729929000", + "frame.time_delta": "0.136895000", + "frame.time_delta_displayed": "0.136895000", + "frame.time_relative": "736.269243000", + "frame.number": "2609", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x0000177e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00007355", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35296", + "tcp.port": "80", + "tcp.port": "35296", + "tcp.stream": "121", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x0000b96a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2608", + "tcp.analysis.ack_rtt": "0.136895000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:47.730476000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494327.730476000", + "frame.time_delta": "0.000547000", + "frame.time_delta_displayed": "0.000547000", + "frame.time_relative": "736.269790000", + "frame.number": "2610", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b4a0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000813b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35296", + "tcp.dstport": "80", + "tcp.port": "35296", + "tcp.port": "80", + "tcp.stream": "121", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000082f9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2609", + "tcp.analysis.ack_rtt": "0.000547000", + "tcp.analysis.initial_rtt": "0.137442000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:47.730490000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494327.730490000", + "frame.time_delta": "0.000014000", + "frame.time_delta_displayed": "0.000014000", + "frame.time_relative": "736.269804000", + "frame.number": "2611", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x0000b4a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007ee2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35296", + "tcp.dstport": "80", + "tcp.port": "35296", + "tcp.port": "80", + "tcp.stream": "121", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000a70c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137442000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:35:22:2c:20:4e:6f:6e:63:65:3d:22:38:50:6e:64:51:67:42:4a:76:6c:4b:37:49:4e:55:49:42:79:46:38:72:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:30:32:44:65:43:72:69:4b:38:41:54:43:41:7a:45:41:54:33:6d:4f:7a:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:47.868150000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494327.868150000", + "frame.time_delta": "0.137660000", + "frame.time_delta_displayed": "0.137660000", + "frame.time_relative": "736.407464000", + "frame.number": "2612", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005063", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00003a78", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35296", + "tcp.port": "80", + "tcp.port": "35296", + "tcp.stream": "121", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000e02d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2611", + "tcp.analysis.ack_rtt": "0.137660000", + "tcp.analysis.initial_rtt": "0.137442000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:47.868766000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494327.868766000", + "frame.time_delta": "0.000616000", + "frame.time_delta_displayed": "0.000616000", + "frame.time_relative": "736.408080000", + "frame.number": "2613", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x0000b4a2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007c59", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35296", + "tcp.dstport": "80", + "tcp.port": "35296", + "tcp.port": "80", + "tcp.stream": "121", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000eaae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137442000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "ca:1e:7b:83:1c:13:38:ed:13:d8:f7:df:f3:9b:03:97:41:73:ef:83:af:94:e8:8a:0f:0c:8e:58:4c:be:24:57:a3:14:dc:3e:5d:c7:4b:fe:10:77:33:65:77:02:78:fb:d2:51:0c:3d:95:5c:cb:e9:76:a0:00:5a:9c:42:aa:0d:8b:97:0c:5d:27:65:e6:8c:9a:77:1c:eb:da:e7:4b:34:31:71:9c:3e:78:9d:87:1a:96:1a:cb:1b:6d:44:c8:6e:d0:cc:3e:01:51:6c:48:0d:fd:5a:c8:10:6a:5e:6f:e7:e0:bf:bf:6a:79:bb:84:02:60:9e:65:d0:47:4f:0f:29:be:63:f8:6d:8d:f2:93:00:ef:a8:68:77:9a:59:96:0e:c8:6f:95:1e:87:59:06:53:a3:dd:a2:95:bc:20:88:4f:28:07:8d:f7:9a:9b:df:e9:f8:b5:f6:5d:6b:a0:99:f7:21:f5:9d:15:7e:1b:cf:42:b0:f3:9d:f6:6c:ac:61:16:62:97:e3:26:4e:02:bd:b4:f5:38:30:16:13:8e:b0:af:25:98:b0:fd:86:73:ad:f7:3a:d6:6e:a6:e3:30:35:37:39:9e:6b:12:3d:2d:37:2f:79:59:89:bd:72:92:8c:71:00:f9:87:08:2c:4a:12:28:93:85:c3:ce:6c:7f:e8:83:43:5d:c5:98:c6:9d:cf:20:b8:c5:6d:6b:80:72:aa:00:bc:22:56:77:27:ed:75:8f:f4:0b:6c:cd:cd:eb:eb:37:14:d5:5d:6a:a9:f1:cf:39:e1:7f:44:26:aa:72:74:16:ba:82:7c:48:d4:7f:9c:e9:80:21:55:de:80:92:19:a4:1b:e5:9d:2b:26:68:70:9d:20:1b:c4:7b:06:21:f2:0b:f3:ad:48:1f:52:fc:70:ec:0c:e2:5c:fe:89:81:f5:4c:01:2c:9e:f3:b2:cb:34:22:e6:be:eb:8d:fe:ae:30:c2:18:8f:05:18:85:c3:32:2f:b2:74:35:9d:d7:4e:d0:ae:0f:f6:aa:8e:b2:23:ba:88:b3:1b:7a:ad:00:32:3a:b7:48:1b:eb:a3:43:7b:ba:97:45:3e:fb:d5:38:15:e0:00:52:5d:20:ab:02:46:33:68:e1:40:f7:a7:cc:a8:ca:13:f2:81:93:b5:a0:69:70:9d:e9:0b:7d:84:43:69:aa:b0:9e:6d:4b:38:eb:9b:2b:6b:53:b2:f4:d0:29:fd:39:e7:22:7c:df:83:f7:7a:7e:9d:02:4c:4b:71:6f:ba:e6:c2:43:aa:5b:e4:d9:43:eb:64:e3:87:ef:f1:57:df:5c:64:e5:c5:49:c0:1d:b8:3a:0d:89:60:d3:fa:d4:01:49:36:cd:98:ef:e9:59:34:dd:24:6e:5a:d8:98:53:c3:99:be:55:72:aa:d5:74:ef:0e:00:3a:77:ba:a4:f7:ff:96:21:a3:c4:31:ed:43:e8:81:9b:6a:07:16:b1:18:72:a6:53:f4:c6:f5:d0:86:c0:3b:a2:f4:f0:14:83:cd:80:ae:9c:ea:ed:59:c3:0e:66:58:52:44:7e:3c:57:5a:6a:71:a8:9b:27:f5:3b:f8:46:fc:8d:43:d4:9b:8e:bc:c8:0d:4c:c4:63:e6:de:2d:60:a0:63:34:bd:1d:1c:7f:34:17:e6:db:65:b7:db:24:d2:28:1b:a6:81:fc:ae:de:5d:d5:c6:5f:de:14:28:f0:7d:34:72:bd:cd:92:e5:f2:77:d8:1e:ae:26:fa:b5:25:92:46:e5:bf:4f:7d:4f:02:e8:bd:37:ce:6b:12:63:b9:0d:ad:7b:76:36:09:c8:52:39:59:52:f0:5c:fb:43:5b:4e:54:57:97:73:e2:1e:3a:26:13:3f:66:14:e9:d1:e5:bd:f9:c4:73:e6:fa:4d:15:17:7f:20:8a:d7:01:13:94:1e:33:19:cc:60:8c:76:e6:39:43:fd:b5:8c:6d:eb:b3:c6:69:65:56:f3:ce:51:de:83:3e:f3:2d:21:ef:f8:7b:78:ae:f7:d8:8e:8e:f0:57:6d:36:b5:3a:ba:8a:c2:1b:8f:b9:c2:6a:ad:68:1c:6a:02:61:76:8b:bd:8c:d8:79:b7:9c:ab:e1:7e:2b:eb:c9:90:35:5a:a8:f5:a1:a4:9f:0a:fb:7d:e5:b9:40:c7:12:05:b2:8d:65:66:20:bf:4e:dd:80:80:89:c7:77:f2:49:0c:3d:d7:25:2d:e8:39:18:c4:1f:54:03:0b:d8:2d:21:31:ca:89:db:e1:b4:c3:04:bc:95:60:82:ea:1e:28:2b:94:84:17:27:f2:eb:b3:6f:9a:15:a7:31:b5:93:41:a9:18:8d:0b:9a:ac:9e:b6:2d:cb:7b:cc:bc:b8:b8:8b:29:71:26:1f:dc:4c:d0:40:d7:2b:6e:9d:c6:40:60:44:91:84:ba:40:86:2c:5b:9f:ab:78:78:56:c3:a2:a1:53:80:b4:f6:f7:1e:a1:12:ed:97:5a:f7:76:c7:3e:b7:07:8e:e2:48:f7:f9:6f:9b:cb:c4:21:81:ca:c5:cb:56:7d:1a:47:3f:0d:bb:7e:a6:a6:f3:91:8a:68:2e:d2:71:ae:9a:8d:26:41:38:b9:b0:21:12:4d:8b:6e:fa:fe:4d:da:4d:f7:6c:4b:b1:4a:82:b3:9c:b4:fc:2b:32:6c:02:d5:63:84:73:59:66:58:80:7d:1c:70:8d:ad:42:4d:7c:7c:86:96:1e:24:49:85:61:fa:76:b6:35:7a:11:6c:7a:93:81:ed:4b:c8:f7:e1:64:85:ba:44:5f:f6:c3:fd:38:eb:3b:a1:56:49:73:17:a4:16:5d:d5:6a:ea:a2:07:ca:93:03:fd:be:4b:36:1f:9c:90:16:be:f5:4f:57:ff:0e:19:40:32:66:9e:ac:9c:1f:6a:c7:95:84:b7:05:5b:4b:14:96:6d:e8:fa:d8:69:25:99:6f:94:10:1e:6c:11:cb:b2:b7:14:d6:3d:53:8c:8c:a7:1c:ee:00:4a:33:c1:ee:a6:af:12:8b:5f:d2:eb:6a:68:7f:79:dc:f0:01:4d:24:44:57:b2:60:f8:25:7e:95:80:d9:6d:e8:9f:67:a7:a8:a2:2e:98:9d:17:8e:c3:8a:6a:9d:73:4e:e2:d0:b9:e9:c3:79:51:b1:d9:88:be:39:2f:54:72:2b:51:43:52:26:6d:42:65:36:7d:2c:c3:65:99:5c:df:ae:30:dc:82:a0:a5:43:d7:7c:7b:1a:c9:f4:86:48:5e:8f:49:b3:70:be:2f:eb:92:a9:96:93:2d:ab:91:96:99:b5:20:c1:3c:51:a5:8b:a2:aa:c0" + }, + "tcp.segments": { + "tcp.segment": "2611", + "tcp.segment": "2613", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:35:22:2c:20:4e:6f:6e:63:65:3d:22:38:50:6e:64:51:67:42:4a:76:6c:4b:37:49:4e:55:49:42:79:46:38:72:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:30:32:44:65:43:72:69:4b:38:41:54:43:41:7a:45:41:54:33:6d:4f:7a:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:ca:1e:7b:83:1c:13:38:ed:13:d8:f7:df:f3:9b:03:97:41:73:ef:83:af:94:e8:8a:0f:0c:8e:58:4c:be:24:57:a3:14:dc:3e:5d:c7:4b:fe:10:77:33:65:77:02:78:fb:d2:51:0c:3d:95:5c:cb:e9:76:a0:00:5a:9c:42:aa:0d:8b:97:0c:5d:27:65:e6:8c:9a:77:1c:eb:da:e7:4b:34:31:71:9c:3e:78:9d:87:1a:96:1a:cb:1b:6d:44:c8:6e:d0:cc:3e:01:51:6c:48:0d:fd:5a:c8:10:6a:5e:6f:e7:e0:bf:bf:6a:79:bb:84:02:60:9e:65:d0:47:4f:0f:29:be:63:f8:6d:8d:f2:93:00:ef:a8:68:77:9a:59:96:0e:c8:6f:95:1e:87:59:06:53:a3:dd:a2:95:bc:20:88:4f:28:07:8d:f7:9a:9b:df:e9:f8:b5:f6:5d:6b:a0:99:f7:21:f5:9d:15:7e:1b:cf:42:b0:f3:9d:f6:6c:ac:61:16:62:97:e3:26:4e:02:bd:b4:f5:38:30:16:13:8e:b0:af:25:98:b0:fd:86:73:ad:f7:3a:d6:6e:a6:e3:30:35:37:39:9e:6b:12:3d:2d:37:2f:79:59:89:bd:72:92:8c:71:00:f9:87:08:2c:4a:12:28:93:85:c3:ce:6c:7f:e8:83:43:5d:c5:98:c6:9d:cf:20:b8:c5:6d:6b:80:72:aa:00:bc:22:56:77:27:ed:75:8f:f4:0b:6c:cd:cd:eb:eb:37:14:d5:5d:6a:a9:f1:cf:39:e1:7f:44:26:aa:72:74:16:ba:82:7c:48:d4:7f:9c:e9:80:21:55:de:80:92:19:a4:1b:e5:9d:2b:26:68:70:9d:20:1b:c4:7b:06:21:f2:0b:f3:ad:48:1f:52:fc:70:ec:0c:e2:5c:fe:89:81:f5:4c:01:2c:9e:f3:b2:cb:34:22:e6:be:eb:8d:fe:ae:30:c2:18:8f:05:18:85:c3:32:2f:b2:74:35:9d:d7:4e:d0:ae:0f:f6:aa:8e:b2:23:ba:88:b3:1b:7a:ad:00:32:3a:b7:48:1b:eb:a3:43:7b:ba:97:45:3e:fb:d5:38:15:e0:00:52:5d:20:ab:02:46:33:68:e1:40:f7:a7:cc:a8:ca:13:f2:81:93:b5:a0:69:70:9d:e9:0b:7d:84:43:69:aa:b0:9e:6d:4b:38:eb:9b:2b:6b:53:b2:f4:d0:29:fd:39:e7:22:7c:df:83:f7:7a:7e:9d:02:4c:4b:71:6f:ba:e6:c2:43:aa:5b:e4:d9:43:eb:64:e3:87:ef:f1:57:df:5c:64:e5:c5:49:c0:1d:b8:3a:0d:89:60:d3:fa:d4:01:49:36:cd:98:ef:e9:59:34:dd:24:6e:5a:d8:98:53:c3:99:be:55:72:aa:d5:74:ef:0e:00:3a:77:ba:a4:f7:ff:96:21:a3:c4:31:ed:43:e8:81:9b:6a:07:16:b1:18:72:a6:53:f4:c6:f5:d0:86:c0:3b:a2:f4:f0:14:83:cd:80:ae:9c:ea:ed:59:c3:0e:66:58:52:44:7e:3c:57:5a:6a:71:a8:9b:27:f5:3b:f8:46:fc:8d:43:d4:9b:8e:bc:c8:0d:4c:c4:63:e6:de:2d:60:a0:63:34:bd:1d:1c:7f:34:17:e6:db:65:b7:db:24:d2:28:1b:a6:81:fc:ae:de:5d:d5:c6:5f:de:14:28:f0:7d:34:72:bd:cd:92:e5:f2:77:d8:1e:ae:26:fa:b5:25:92:46:e5:bf:4f:7d:4f:02:e8:bd:37:ce:6b:12:63:b9:0d:ad:7b:76:36:09:c8:52:39:59:52:f0:5c:fb:43:5b:4e:54:57:97:73:e2:1e:3a:26:13:3f:66:14:e9:d1:e5:bd:f9:c4:73:e6:fa:4d:15:17:7f:20:8a:d7:01:13:94:1e:33:19:cc:60:8c:76:e6:39:43:fd:b5:8c:6d:eb:b3:c6:69:65:56:f3:ce:51:de:83:3e:f3:2d:21:ef:f8:7b:78:ae:f7:d8:8e:8e:f0:57:6d:36:b5:3a:ba:8a:c2:1b:8f:b9:c2:6a:ad:68:1c:6a:02:61:76:8b:bd:8c:d8:79:b7:9c:ab:e1:7e:2b:eb:c9:90:35:5a:a8:f5:a1:a4:9f:0a:fb:7d:e5:b9:40:c7:12:05:b2:8d:65:66:20:bf:4e:dd:80:80:89:c7:77:f2:49:0c:3d:d7:25:2d:e8:39:18:c4:1f:54:03:0b:d8:2d:21:31:ca:89:db:e1:b4:c3:04:bc:95:60:82:ea:1e:28:2b:94:84:17:27:f2:eb:b3:6f:9a:15:a7:31:b5:93:41:a9:18:8d:0b:9a:ac:9e:b6:2d:cb:7b:cc:bc:b8:b8:8b:29:71:26:1f:dc:4c:d0:40:d7:2b:6e:9d:c6:40:60:44:91:84:ba:40:86:2c:5b:9f:ab:78:78:56:c3:a2:a1:53:80:b4:f6:f7:1e:a1:12:ed:97:5a:f7:76:c7:3e:b7:07:8e:e2:48:f7:f9:6f:9b:cb:c4:21:81:ca:c5:cb:56:7d:1a:47:3f:0d:bb:7e:a6:a6:f3:91:8a:68:2e:d2:71:ae:9a:8d:26:41:38:b9:b0:21:12:4d:8b:6e:fa:fe:4d:da:4d:f7:6c:4b:b1:4a:82:b3:9c:b4:fc:2b:32:6c:02:d5:63:84:73:59:66:58:80:7d:1c:70:8d:ad:42:4d:7c:7c:86:96:1e:24:49:85:61:fa:76:b6:35:7a:11:6c:7a:93:81:ed:4b:c8:f7:e1:64:85:ba:44:5f:f6:c3:fd:38:eb:3b:a1:56:49:73:17:a4:16:5d:d5:6a:ea:a2:07:ca:93:03:fd:be:4b:36:1f:9c:90:16:be:f5:4f:57:ff:0e:19:40:32:66:9e:ac:9c:1f:6a:c7:95:84:b7:05:5b:4b:14:96:6d:e8:fa:d8:69:25:99:6f:94:10:1e:6c:11:cb:b2:b7:14:d6:3d:53:8c:8c:a7:1c:ee:00:4a:33:c1:ee:a6:af:12:8b:5f:d2:eb:6a:68:7f:79:dc:f0:01:4d:24:44:57:b2:60:f8:25:7e:95:80:d9:6d:e8:9f:67:a7:a8:a2:2e:98:9d:17:8e:c3:8a:6a:9d:73:4e:e2:d0:b9:e9:c3:79:51:b1:d9:88:be:39:2f:54:72:2b:51:43:52:26:6d:42:65:36:7d:2c:c3:65:99:5c:df:ae:30:dc:82:a0:a5:43:d7:7c:7b:1a:c9:f4:86:48:5e:8f:49:b3:70:be:2f:eb:92:a9:96:93:2d:ab:91:96:99:b5:20:c1:3c:51:a5:8b:a2:aa:c0" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"185\", Nonce=\"8PndQgBJvlK7INUIByF8rg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"02DeCriK8ATCAzEAT3mOzA==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"185\", Nonce=\"8PndQgBJvlK7INUIByF8rg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"02DeCriK8ATCAzEAT3mOzA==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "\u00ef\u00bf\u00bd\u001e{\u00ef\u00bf\u00bd\u001c\u00138\u00ef\u00bf\u00bd\u0013\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bdAs\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000f\f\u00ef\u00bf\u00bdXL\u00ef\u00bf\u00bd$W\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bd>]\u00ef\u00bf\u00bdK\u00ef\u00bf\u00bd\u0010w3ew\u0002x\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdQ\f=\u00ef\u00bf\u00bd\\\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdv\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "ca:1e:7b:83:1c:13:38:ed:13:d8:f7:df:f3:9b:03:97:41:73:ef:83:af:94:e8:8a:0f:0c:8e:58:4c:be:24:57:a3:14:dc:3e:5d:c7:4b:fe:10:77:33:65:77:02:78:fb:d2:51:0c:3d:95:5c:cb:e9:76:a0:00:5a:9c:42:aa:0d:8b:97:0c:5d:27:65:e6:8c:9a:77:1c:eb:da:e7:4b:34:31:71:9c:3e:78:9d:87:1a:96:1a:cb:1b:6d:44:c8:6e:d0:cc:3e:01:51:6c:48:0d:fd:5a:c8:10:6a:5e:6f:e7:e0:bf:bf:6a:79:bb:84:02:60:9e:65:d0:47:4f:0f:29:be:63:f8:6d:8d:f2:93:00:ef:a8:68:77:9a:59:96:0e:c8:6f:95:1e:87:59:06:53:a3:dd:a2:95:bc:20:88:4f:28:07:8d:f7:9a:9b:df:e9:f8:b5:f6:5d:6b:a0:99:f7:21:f5:9d:15:7e:1b:cf:42:b0:f3:9d:f6:6c:ac:61:16:62:97:e3:26:4e:02:bd:b4:f5:38:30:16:13:8e:b0:af:25:98:b0:fd:86:73:ad:f7:3a:d6:6e:a6:e3:30:35:37:39:9e:6b:12:3d:2d:37:2f:79:59:89:bd:72:92:8c:71:00:f9:87:08:2c:4a:12:28:93:85:c3:ce:6c:7f:e8:83:43:5d:c5:98:c6:9d:cf:20:b8:c5:6d:6b:80:72:aa:00:bc:22:56:77:27:ed:75:8f:f4:0b:6c:cd:cd:eb:eb:37:14:d5:5d:6a:a9:f1:cf:39:e1:7f:44:26:aa:72:74:16:ba:82:7c:48:d4:7f:9c:e9:80:21:55:de:80:92:19:a4:1b:e5:9d:2b:26:68:70:9d:20:1b:c4:7b:06:21:f2:0b:f3:ad:48:1f:52:fc:70:ec:0c:e2:5c:fe:89:81:f5:4c:01:2c:9e:f3:b2:cb:34:22:e6:be:eb:8d:fe:ae:30:c2:18:8f:05:18:85:c3:32:2f:b2:74:35:9d:d7:4e:d0:ae:0f:f6:aa:8e:b2:23:ba:88:b3:1b:7a:ad:00:32:3a:b7:48:1b:eb:a3:43:7b:ba:97:45:3e:fb:d5:38:15:e0:00:52:5d:20:ab:02:46:33:68:e1:40:f7:a7:cc:a8:ca:13:f2:81:93:b5:a0:69:70:9d:e9:0b:7d:84:43:69:aa:b0:9e:6d:4b:38:eb:9b:2b:6b:53:b2:f4:d0:29:fd:39:e7:22:7c:df:83:f7:7a:7e:9d:02:4c:4b:71:6f:ba:e6:c2:43:aa:5b:e4:d9:43:eb:64:e3:87:ef:f1:57:df:5c:64:e5:c5:49:c0:1d:b8:3a:0d:89:60:d3:fa:d4:01:49:36:cd:98:ef:e9:59:34:dd:24:6e:5a:d8:98:53:c3:99:be:55:72:aa:d5:74:ef:0e:00:3a:77:ba:a4:f7:ff:96:21:a3:c4:31:ed:43:e8:81:9b:6a:07:16:b1:18:72:a6:53:f4:c6:f5:d0:86:c0:3b:a2:f4:f0:14:83:cd:80:ae:9c:ea:ed:59:c3:0e:66:58:52:44:7e:3c:57:5a:6a:71:a8:9b:27:f5:3b:f8:46:fc:8d:43:d4:9b:8e:bc:c8:0d:4c:c4:63:e6:de:2d:60:a0:63:34:bd:1d:1c:7f:34:17:e6:db:65:b7:db:24:d2:28:1b:a6:81:fc:ae:de:5d:d5:c6:5f:de:14:28:f0:7d:34:72:bd:cd:92:e5:f2:77:d8:1e:ae:26:fa:b5:25:92:46:e5:bf:4f:7d:4f:02:e8:bd:37:ce:6b:12:63:b9:0d:ad:7b:76:36:09:c8:52:39:59:52:f0:5c:fb:43:5b:4e:54:57:97:73:e2:1e:3a:26:13:3f:66:14:e9:d1:e5:bd:f9:c4:73:e6:fa:4d:15:17:7f:20:8a:d7:01:13:94:1e:33:19:cc:60:8c:76:e6:39:43:fd:b5:8c:6d:eb:b3:c6:69:65:56:f3:ce:51:de:83:3e:f3:2d:21:ef:f8:7b:78:ae:f7:d8:8e:8e:f0:57:6d:36:b5:3a:ba:8a:c2:1b:8f:b9:c2:6a:ad:68:1c:6a:02:61:76:8b:bd:8c:d8:79:b7:9c:ab:e1:7e:2b:eb:c9:90:35:5a:a8:f5:a1:a4:9f:0a:fb:7d:e5:b9:40:c7:12:05:b2:8d:65:66:20:bf:4e:dd:80:80:89:c7:77:f2:49:0c:3d:d7:25:2d:e8:39:18:c4:1f:54:03:0b:d8:2d:21:31:ca:89:db:e1:b4:c3:04:bc:95:60:82:ea:1e:28:2b:94:84:17:27:f2:eb:b3:6f:9a:15:a7:31:b5:93:41:a9:18:8d:0b:9a:ac:9e:b6:2d:cb:7b:cc:bc:b8:b8:8b:29:71:26:1f:dc:4c:d0:40:d7:2b:6e:9d:c6:40:60:44:91:84:ba:40:86:2c:5b:9f:ab:78:78:56:c3:a2:a1:53:80:b4:f6:f7:1e:a1:12:ed:97:5a:f7:76:c7:3e:b7:07:8e:e2:48:f7:f9:6f:9b:cb:c4:21:81:ca:c5:cb:56:7d:1a:47:3f:0d:bb:7e:a6:a6:f3:91:8a:68:2e:d2:71:ae:9a:8d:26:41:38:b9:b0:21:12:4d:8b:6e:fa:fe:4d:da:4d:f7:6c:4b:b1:4a:82:b3:9c:b4:fc:2b:32:6c:02:d5:63:84:73:59:66:58:80:7d:1c:70:8d:ad:42:4d:7c:7c:86:96:1e:24:49:85:61:fa:76:b6:35:7a:11:6c:7a:93:81:ed:4b:c8:f7:e1:64:85:ba:44:5f:f6:c3:fd:38:eb:3b:a1:56:49:73:17:a4:16:5d:d5:6a:ea:a2:07:ca:93:03:fd:be:4b:36:1f:9c:90:16:be:f5:4f:57:ff:0e:19:40:32:66:9e:ac:9c:1f:6a:c7:95:84:b7:05:5b:4b:14:96:6d:e8:fa:d8:69:25:99:6f:94:10:1e:6c:11:cb:b2:b7:14:d6:3d:53:8c:8c:a7:1c:ee:00:4a:33:c1:ee:a6:af:12:8b:5f:d2:eb:6a:68:7f:79:dc:f0:01:4d:24:44:57:b2:60:f8:25:7e:95:80:d9:6d:e8:9f:67:a7:a8:a2:2e:98:9d:17:8e:c3:8a:6a:9d:73:4e:e2:d0:b9:e9:c3:79:51:b1:d9:88:be:39:2f:54:72:2b:51:43:52:26:6d:42:65:36:7d:2c:c3:65:99:5c:df:ae:30:dc:82:a0:a5:43:d7:7c:7b:1a:c9:f4:86:48:5e:8f:49:b3:70:be:2f:eb:92:a9:96:93:2d:ab:91:96:99:b5:20:c1:3c:51:a5:8b:a2:aa:c0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:48.005780000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494328.005780000", + "frame.time_delta": "0.137014000", + "frame.time_delta_displayed": "0.137014000", + "frame.time_relative": "736.545094000", + "frame.number": "2614", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008b52", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000ff88", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35296", + "tcp.port": "80", + "tcp.port": "35296", + "tcp.stream": "121", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000d66d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2613", + "tcp.analysis.ack_rtt": "0.137014000", + "tcp.analysis.initial_rtt": "0.137442000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:48.049994000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494328.049994000", + "frame.time_delta": "0.044214000", + "frame.time_delta_displayed": "0.044214000", + "frame.time_relative": "736.589308000", + "frame.number": "2615", + "frame.len": "925", + "frame.cap_len": "925", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "911", + "ip.id": "0x00009cc7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000eaac", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35296", + "tcp.port": "80", + "tcp.port": "35296", + "tcp.stream": "121", + "tcp.len": "871", + "tcp.seq": "1", + "tcp.nxtseq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000441b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137442000", + "tcp.analysis.bytes_in_flight": "871", + "tcp.analysis.push_bytes_sent": "871" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_length_header": "560", + "http.content_length_header_tree": { + "http.content_length": "560" + }, + "http.response.line": "Content-Length: 560\r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Nonce=\"kxGnpKZHyFO7INUIZYdSxg==\"", + "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"kxGnpKZHyFO7INUIZYdSxg==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Tue, 31 Oct 2017 23:58:47 GMT", + "http.response.line": "Date: Tue, 31 Oct 2017 23:58:47 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.181228000", + "http.request_in": "2613", + "http.file_data": "\u00ef\u00bf\u00bd\u001e{\u00ef\u00bf\u00bd\u001c\u00138\u00ef\u00bf\u00bd\u0013\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bdAs\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000f\f\u00ef\u00bf\u00bdXL\u00ef\u00bf\u00bd$Wa5+\u00ef\u00bf\u00bd;5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0012J\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000b\u001cEd\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\n7%\u00ef\u00bf\u00bd}\b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001d\u0017\u00ef\u00bf\u00bdA\u00ef\u00bf\u00bd),\u00ef\u00bf\u00bd'\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bd- \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bde\u00ef\u00bf\u00bdl\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\b\u00ef\u00bf\u00bd+\u00ef\u00bf\u00bdO\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd{x\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdj}\u00ef\u00bf\u00bd.\u00ef\u00bf\u00bdE\u00ef\u00bf\u00bdX\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdO\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd#f9\u00ef\u00bf\u00bd\/\u001e#\u00ef\u00bf\u00bd\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdI8z\u00ef\u00bf\u00bd\u001ct\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdzi#\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\/g\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdQ" + }, + "media": { + "media.type": "ca:1e:7b:83:1c:13:38:ed:13:d8:f7:df:f3:9b:03:97:41:73:ef:83:af:94:e8:8a:0f:0c:8e:58:4c:be:24:57:61:35:2b:a2:3b:35:ef:cb:12:4a:f2:af:a3:0b:1c:45:64:bc:22:da:b9:24:b4:ca:0a:37:25:da:7d:08:96:9f:1d:17:87:41:a8:29:2c:b1:27:d9:87:2f:e4:2d:20:9a:ec:c1:65:aa:6c:f0:93:c4:08:de:2b:a8:4f:ed:88:7b:78:e3:97:7c:e1:a8:f4:6a:7d:d5:2e:83:45:be:58:8a:d6:4f:ac:9a:de:cb:aa:cb:23:66:39:d4:2f:1e:23:cb:1f:ae:92:fe:49:38:7a:93:1c:74:b5:aa:7a:69:23:bb:9b:e4:b5:19:95:a7:2f:67:ea:fb:51:00:05:a9:22:f0:09:2a:bf:9c:37:3e:ae:0e:31:68:65:51:b8:bc:45:e4:bd:3f:9f:96:bf:60:63:70:5d:2a:4f:e2:8b:c4:6e:d2:d6:60:2a:bd:58:11:e6:98:1b:f2:20:14:4d:29:21:cb:f4:de:a5:a9:04:16:2c:7a:89:9f:1e:9c:ce:cf:a3:db:2d:e2:c3:da:da:2f:31:92:f7:27:9b:d9:fe:fc:ab:69:fe:d3:0b:61:ef:80:c0:b8:d2:15:6b:e1:dc:c7:40:bb:bf:33:dc:ca:53:cf:51:72:e4:8e:00:b5:5a:92:7e:6a:c2:aa:b5:cf:d4:8e:6f:2b:d7:47:d2:a8:80:51:5b:58:45:f3:41:fe:b6:d9:e6:f2:f4:76:7a:73:e1:4a:14:0c:26:42:74:df:40:cc:9a:de:bd:75:f0:c9:19:4d:f4:cc:9d:85:2b:a6:b3:0a:0f:03:3a:c6:57:1e:32:09:d2:81:3a:1d:23:f1:8f:01:dc:08:be:04:c5:bc:46:3e:9c:45:46:42:bc:21:8e:32:f4:ca:92:7f:e6:aa:81:2b:ef:58:2d:ac:56:f2:9d:c1:a9:32:b0:26:3f:a1:d0:72:90:c4:5d:4e:86:2c:ff:68:b7:0a:75:7b:b7:a4:da:1f:47:96:f3:9e:af:23:65:45:0e:3f:a2:6a:fc:62:49:7b:b5:9f:dc:55:9d:91:bd:ea:94:d1:ab:cc:15:15:92:a6:43:13:75:e5:92:29:a7:f4:b7:a2:95:d4:05:90:5f:0a:78:ec:d2:3f:0b:ec:cc:ef:da:a0:ec:97:c5:61:32:3f:97:e9:67:34:2b:e2:ea:c3:0c:d8:79:9c:3c:74:1a:04:96:46:73:ec:68:be:d8:7b:40:30:70:ba:88:73:00:34:08:17:0b:12:63:d9:22:e2:7a:a0:b1:f1:9f:a6:f4:e3:68:8c:c1:79:f2:4c:d2:eb:55:33:84:dc:9e:06:51:7d:5f:0b:3c:ac:d7:31:20:dc:1e:ec:c5:c3:26:c4:8c:20:a6:81:c1:4c:ec:21:4c:e7:85:39:ee:80:28:29:dc:7d:0d:77" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:48.050182000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494328.050182000", + "frame.time_delta": "0.000188000", + "frame.time_delta_displayed": "0.000188000", + "frame.time_relative": "736.589496000", + "frame.number": "2616", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009cc9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000ee11", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35296", + "tcp.port": "80", + "tcp.port": "35296", + "tcp.stream": "121", + "tcp.len": "0", + "tcp.seq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000d305", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:48.050574000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494328.050574000", + "frame.time_delta": "0.000392000", + "frame.time_delta_displayed": "0.000392000", + "frame.time_relative": "736.589888000", + "frame.number": "2617", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b4a3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008138", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35296", + "tcp.dstport": "80", + "tcp.port": "35296", + "tcp.port": "80", + "tcp.stream": "121", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "872", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00007355", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2615", + "tcp.analysis.ack_rtt": "0.000580000", + "tcp.analysis.initial_rtt": "0.137442000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:48.051570000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494328.051570000", + "frame.time_delta": "0.000996000", + "frame.time_delta_displayed": "0.000996000", + "frame.time_relative": "736.590884000", + "frame.number": "2618", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b4a4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008137", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35296", + "tcp.dstport": "80", + "tcp.port": "35296", + "tcp.port": "80", + "tcp.stream": "121", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "873", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00007353", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2616", + "tcp.analysis.ack_rtt": "0.001388000", + "tcp.analysis.initial_rtt": "0.137442000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:48.188104000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494328.188104000", + "frame.time_delta": "0.136534000", + "frame.time_delta_displayed": "0.136534000", + "frame.time_relative": "736.727418000", + "frame.number": "2619", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d6d5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000b405", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35296", + "tcp.port": "80", + "tcp.port": "35296", + "tcp.stream": "121", + "tcp.len": "0", + "tcp.seq": "873", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000d304", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2618", + "tcp.analysis.ack_rtt": "0.136534000", + "tcp.analysis.initial_rtt": "0.137442000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:49.016231000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494329.016231000", + "frame.time_delta": "0.828127000", + "frame.time_delta_displayed": "0.828127000", + "frame.time_relative": "737.555545000", + "frame.number": "2620", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x000043e7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00009572", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:49.589121000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494329.589121000", + "frame.time_delta": "0.572890000", + "frame.time_delta_displayed": "0.572890000", + "frame.time_relative": "738.128435000", + "frame.number": "2621", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000eda6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000cb13", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "54091", + "udp.dstport": "53", + "udp.port": "54091", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000e2d4", + "udp.checksum.status": "2", + "udp.stream": "69" + }, + "dns": { + "dns.id": "0x00000f1d", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:49.589606000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494329.589606000", + "frame.time_delta": "0.000485000", + "frame.time_delta_displayed": "0.000485000", + "frame.time_relative": "738.128920000", + "frame.number": "2622", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00002ada", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008de0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "54091", + "udp.port": "53", + "udp.port": "54091", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "69" + }, + "dns": { + "dns.response_to": "2621", + "dns.time": "0.000485000", + "dns.id": "0x00000f1d", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:49.590462000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494329.590462000", + "frame.time_delta": "0.000856000", + "frame.time_delta_displayed": "0.000856000", + "frame.time_relative": "738.129776000", + "frame.number": "2623", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000eda7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000cb12", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "48957", + "udp.dstport": "53", + "udp.port": "48957", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x000011e2", + "udp.checksum.status": "2", + "udp.stream": "70" + }, + "dns": { + "dns.id": "0x00000f1e", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:49.590884000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494329.590884000", + "frame.time_delta": "0.000422000", + "frame.time_delta_displayed": "0.000422000", + "frame.time_relative": "738.130198000", + "frame.number": "2624", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00002adb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008dcf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "48957", + "udp.port": "53", + "udp.port": "48957", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "70" + }, + "dns": { + "dns.response_to": "2623", + "dns.time": "0.000422000", + "dns.id": "0x00000f1e", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3048", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:49.592928000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494329.592928000", + "frame.time_delta": "0.002044000", + "frame.time_delta_displayed": "0.002044000", + "frame.time_relative": "738.132242000", + "frame.number": "2625", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000c719", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006eb6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35297", + "tcp.dstport": "80", + "tcp.port": "35297", + "tcp.port": "80", + "tcp.stream": "122", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000087b2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:49.729379000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494329.729379000", + "frame.time_delta": "0.136451000", + "frame.time_delta_displayed": "0.136451000", + "frame.time_relative": "738.268693000", + "frame.number": "2626", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x0000aa93", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000e03f", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35297", + "tcp.port": "80", + "tcp.port": "35297", + "tcp.stream": "122", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x000072b8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2625", + "tcp.analysis.ack_rtt": "0.136451000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:49.729944000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494329.729944000", + "frame.time_delta": "0.000565000", + "frame.time_delta_displayed": "0.000565000", + "frame.time_relative": "738.269258000", + "frame.number": "2627", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c71a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006ec1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35297", + "tcp.dstport": "80", + "tcp.port": "35297", + "tcp.port": "80", + "tcp.stream": "122", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003c47", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2626", + "tcp.analysis.ack_rtt": "0.000565000", + "tcp.analysis.initial_rtt": "0.137016000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:49.730475000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494329.730475000", + "frame.time_delta": "0.000531000", + "frame.time_delta_displayed": "0.000531000", + "frame.time_relative": "738.269789000", + "frame.number": "2628", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x0000c71b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006c68", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35297", + "tcp.dstport": "80", + "tcp.port": "35297", + "tcp.port": "80", + "tcp.stream": "122", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00004ba0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137016000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:36:22:2c:20:4e:6f:6e:63:65:3d:22:6b:78:47:6e:70:4b:5a:48:79:46:4f:37:49:4e:55:49:5a:59:64:53:78:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:6a:58:6f:4b:58:50:6c:5a:46:79:75:4b:4d:5a:31:67:6e:73:6c:79:4b:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:49.788503000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494329.788503000", + "frame.time_delta": "0.058028000", + "frame.time_delta_displayed": "0.058028000", + "frame.time_relative": "738.327817000", + "frame.number": "2629", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:49.867731000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494329.867731000", + "frame.time_delta": "0.079228000", + "frame.time_delta_displayed": "0.079228000", + "frame.time_relative": "738.407045000", + "frame.number": "2630", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e560", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000a57a", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35297", + "tcp.port": "80", + "tcp.port": "35297", + "tcp.stream": "122", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000997b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2628", + "tcp.analysis.ack_rtt": "0.137256000", + "tcp.analysis.initial_rtt": "0.137016000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:49.868344000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494329.868344000", + "frame.time_delta": "0.000613000", + "frame.time_delta_displayed": "0.000613000", + "frame.time_relative": "738.407658000", + "frame.number": "2631", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x0000c71c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000069df", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35297", + "tcp.dstport": "80", + "tcp.port": "35297", + "tcp.port": "80", + "tcp.stream": "122", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000a372", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137016000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "50:a6:5c:de:da:9d:d1:8a:04:28:db:d1:f0:57:82:bf:b6:1c:1e:e9:52:3b:4f:44:4d:18:7c:ce:94:67:e8:2f:16:90:db:42:4a:50:3e:40:ab:06:36:ac:95:df:fb:a3:60:be:bf:72:eb:71:91:66:a9:5b:81:7c:6b:7f:97:dc:28:ac:2f:68:47:f3:29:e2:e2:65:bc:0e:a0:07:fc:1a:5d:7b:b5:59:28:2b:30:2b:20:53:6b:a8:f2:7e:86:45:f8:dc:f1:d8:2e:26:0b:7b:a2:20:e4:8a:2c:b9:3b:7a:fc:0f:43:34:7f:1b:58:72:c8:3d:84:61:f5:10:01:bc:e7:28:19:2a:05:ce:ae:1f:6b:84:30:07:0f:bb:87:3b:03:73:ec:0e:6d:f4:bf:4d:c4:81:61:00:4d:7b:9a:e9:7b:86:fe:36:8d:9f:96:c6:87:b3:62:19:92:9b:2b:6e:6d:49:eb:f6:14:e9:0d:30:eb:ba:c5:1b:7e:1a:b5:cb:c4:88:16:98:30:57:35:f5:61:1c:8e:bb:a4:b7:db:e6:e3:34:f1:64:cb:1f:fb:1d:4d:ad:88:cd:58:1f:d5:b5:71:78:c8:49:f7:cb:d2:cc:ea:75:86:d5:e2:49:cd:6c:1c:e8:f0:a0:f7:32:38:0a:71:5b:ed:60:9c:b9:dc:01:62:ec:c5:a4:ae:1a:3c:4b:d6:18:99:72:ba:17:b7:65:2d:23:9f:83:92:09:1a:84:1e:e9:13:62:11:8d:65:70:1b:02:e7:d1:f5:1a:0a:96:11:00:a8:4d:0e:bb:02:ef:e8:4e:d5:a5:ed:8c:f2:db:3f:81:32:6b:ac:08:59:34:84:5d:8d:af:f0:7a:1a:fe:c1:d6:82:1e:5f:aa:f6:e0:6e:03:94:49:8a:13:b7:7a:78:9a:cb:ca:e8:34:d6:d9:2e:7a:77:c5:d1:8a:10:d1:ec:5e:e9:ce:a4:0c:2c:8a:bf:d1:43:43:3f:31:8f:bd:75:17:62:30:be:5a:d3:f7:7e:84:8d:7a:83:93:30:d6:76:8d:24:e2:95:df:a2:6a:36:4f:cc:36:ac:80:c4:90:08:6e:41:61:1f:4a:ee:c1:a5:20:59:4e:23:ae:2a:da:eb:d5:1b:10:42:25:b8:27:d5:db:2f:38:2b:2f:c9:f1:f0:2f:23:71:bf:5d:eb:6a:0e:f4:e3:df:a8:ec:b9:3c:2f:50:49:d9:b0:03:25:19:82:b5:fc:2b:c1:dc:95:c1:51:ce:64:4c:9e:d0:f6:f9:50:5b:ab:f7:e0:15:26:ee:bd:72:1b:7f:3d:6c:c0:c2:e3:7b:ad:46:dd:bd:f8:7b:47:3e:23:e6:ef:bd:a8:b8:58:6e:c3:92:86:a2:59:95:66:0e:97:c6:e7:59:8b:f5:3b:00:b8:d9:a6:00:3d:73:b1:a4:13:e5:1a:cc:27:3e:08:af:79:6f:ad:3f:db:07:95:00:ed:10:e1:95:86:3c:0d:b2:aa:c5:cf:68:00:95:4f:ce:e2:14:d2:f5:e6:ba:ab:fd:c6:3d:69:07:dc:25:d1:50:02:71:a4:2d:50:d7:3b:f5:0e:3b:7d:20:8d:4d:c8:1a:82:97:bd:86:3f:b1:92:59:f9:7d:c5:dd:57:bc:08:71:ff:87:98:e6:3e:4e:e1:44:cd:03:3e:36:86:c8:93:f3:ef:a0:10:0b:36:21:83:c3:c4:ec:99:97:3d:49:21:95:5d:57:43:c9:13:62:a2:db:57:05:29:db:d6:5a:72:cb:77:0a:20:fd:d3:e4:e5:b8:71:f2:ba:b1:d8:76:94:7f:09:9e:1d:a8:57:4f:c1:53:9c:09:ab:53:67:90:fc:03:b7:8e:8d:0d:33:5a:24:f0:72:95:82:8d:31:67:ab:0a:94:5f:2a:1b:51:73:cb:48:7b:79:b2:56:8d:9e:19:bc:f1:da:6c:cc:b8:58:3e:4f:ce:3e:d9:44:33:92:2c:01:4c:39:cf:46:00:79:71:62:96:63:4b:c2:18:0a:58:dc:cf:d6:39:7b:7f:00:3d:5e:98:f4:46:cb:43:52:7f:10:89:78:b2:f7:3b:fc:34:ca:0b:95:b2:b8:d7:c6:06:e2:51:19:b2:6b:60:f7:8e:71:b9:96:37:91:90:3b:f2:86:c1:cd:9f:82:eb:86:0a:03:0f:5b:41:ee:ee:d4:26:79:68:e7:dc:1c:c9:6f:72:3c:57:4c:c5:56:f2:dc:f2:c4:9b:58:b1:ba:61:41:ba:91:a0:d7:da:0b:cd:4c:dd:e2:65:f8:ba:d2:58:c0:d9:20:86:92:0c:48:43:46:33:6a:b1:34:63:07:19:e7:6a:20:55:d9:b9:4b:1b:3d:fe:1a:a9:72:6f:ab:d9:de:10:1a:80:71:3d:19:dd:3e:22:86:78:2e:2f:19:99:c6:b8:21:6c:24:a5:8e:ef:90:a4:ad:13:50:11:db:91:8b:05:6e:18:e1:07:f8:01:61:ac:8e:f4:c0:7d:04:43:4d:53:74:46:0d:47:42:32:7f:b9:24:1a:31:44:69:db:ef:3e:ce:c2:3b:dd:ca:b5:22:ff:cb:71:49:59:ce:03:8d:c1:44:78:5d:1f:7b:f7:5c:2a:c1:22:98:45:84:5f:89:df:ad:a0:2a:ec:37:8f:42:d7:9c:45:e5:1b:09:b9:f2:7e:c8:62:d9:f2:4a:82:55:bf:22:1a:4f:77:fa:71:96:97:5c:56:60:48:da:3a:fd:43:81:9a:8a:1e:f1:38:8f:94:83:91:8c:28:b4:d1:d0:9f:3b:d2:0d:ed:c3:5d:6b:7b:81:08:a8:9b:a4:17:2d:1a:51:75:fc:34:0a:d9:ef:90:bd:fa:57:e7:ac:67:f7:67:e9:89:ed:d4:5f:28:de:cd:84:4e:bc:4e:42:a8:54:08:8a:3b:b4:b1:ea:db:0f:b6:6d:d0:fb:aa:1c:c0:3e:2a:8c:13:b7:24:27:9c:40:be:e0:a3:bb:f7:c8:af:0d:30:a5:66:aa:7b:07:52:c4:0e:7a:ab:33:79:b7:d8:6e:b3:04:9e:1a:6c:6d:91:db:98:7a:7b:46:5f:f8:8e:29:cb:ab:98:6a:12:77:01:b9:7d:63:53:83:d7:58:4e:ac:38:dc:6c:67:3c:74:7f:71:cb:5c:f0:c0:a1:f6:52:5c:03:50:4d:b1:61:b4:3e:84:a2:c9:0f:62:a9:64:c7:67:e4:2b:51:4e:b1:b9:62:8f:de:85:42:3e:3b:02:62:8d:1e:73:77:67:b8:80:5a:43:eb:29:11:ba:5a:55:2e:ae:1b:37:59:b0:62:9c:8c:29" + }, + "tcp.segments": { + "tcp.segment": "2628", + "tcp.segment": "2631", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:36:22:2c:20:4e:6f:6e:63:65:3d:22:6b:78:47:6e:70:4b:5a:48:79:46:4f:37:49:4e:55:49:5a:59:64:53:78:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:6a:58:6f:4b:58:50:6c:5a:46:79:75:4b:4d:5a:31:67:6e:73:6c:79:4b:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:50:a6:5c:de:da:9d:d1:8a:04:28:db:d1:f0:57:82:bf:b6:1c:1e:e9:52:3b:4f:44:4d:18:7c:ce:94:67:e8:2f:16:90:db:42:4a:50:3e:40:ab:06:36:ac:95:df:fb:a3:60:be:bf:72:eb:71:91:66:a9:5b:81:7c:6b:7f:97:dc:28:ac:2f:68:47:f3:29:e2:e2:65:bc:0e:a0:07:fc:1a:5d:7b:b5:59:28:2b:30:2b:20:53:6b:a8:f2:7e:86:45:f8:dc:f1:d8:2e:26:0b:7b:a2:20:e4:8a:2c:b9:3b:7a:fc:0f:43:34:7f:1b:58:72:c8:3d:84:61:f5:10:01:bc:e7:28:19:2a:05:ce:ae:1f:6b:84:30:07:0f:bb:87:3b:03:73:ec:0e:6d:f4:bf:4d:c4:81:61:00:4d:7b:9a:e9:7b:86:fe:36:8d:9f:96:c6:87:b3:62:19:92:9b:2b:6e:6d:49:eb:f6:14:e9:0d:30:eb:ba:c5:1b:7e:1a:b5:cb:c4:88:16:98:30:57:35:f5:61:1c:8e:bb:a4:b7:db:e6:e3:34:f1:64:cb:1f:fb:1d:4d:ad:88:cd:58:1f:d5:b5:71:78:c8:49:f7:cb:d2:cc:ea:75:86:d5:e2:49:cd:6c:1c:e8:f0:a0:f7:32:38:0a:71:5b:ed:60:9c:b9:dc:01:62:ec:c5:a4:ae:1a:3c:4b:d6:18:99:72:ba:17:b7:65:2d:23:9f:83:92:09:1a:84:1e:e9:13:62:11:8d:65:70:1b:02:e7:d1:f5:1a:0a:96:11:00:a8:4d:0e:bb:02:ef:e8:4e:d5:a5:ed:8c:f2:db:3f:81:32:6b:ac:08:59:34:84:5d:8d:af:f0:7a:1a:fe:c1:d6:82:1e:5f:aa:f6:e0:6e:03:94:49:8a:13:b7:7a:78:9a:cb:ca:e8:34:d6:d9:2e:7a:77:c5:d1:8a:10:d1:ec:5e:e9:ce:a4:0c:2c:8a:bf:d1:43:43:3f:31:8f:bd:75:17:62:30:be:5a:d3:f7:7e:84:8d:7a:83:93:30:d6:76:8d:24:e2:95:df:a2:6a:36:4f:cc:36:ac:80:c4:90:08:6e:41:61:1f:4a:ee:c1:a5:20:59:4e:23:ae:2a:da:eb:d5:1b:10:42:25:b8:27:d5:db:2f:38:2b:2f:c9:f1:f0:2f:23:71:bf:5d:eb:6a:0e:f4:e3:df:a8:ec:b9:3c:2f:50:49:d9:b0:03:25:19:82:b5:fc:2b:c1:dc:95:c1:51:ce:64:4c:9e:d0:f6:f9:50:5b:ab:f7:e0:15:26:ee:bd:72:1b:7f:3d:6c:c0:c2:e3:7b:ad:46:dd:bd:f8:7b:47:3e:23:e6:ef:bd:a8:b8:58:6e:c3:92:86:a2:59:95:66:0e:97:c6:e7:59:8b:f5:3b:00:b8:d9:a6:00:3d:73:b1:a4:13:e5:1a:cc:27:3e:08:af:79:6f:ad:3f:db:07:95:00:ed:10:e1:95:86:3c:0d:b2:aa:c5:cf:68:00:95:4f:ce:e2:14:d2:f5:e6:ba:ab:fd:c6:3d:69:07:dc:25:d1:50:02:71:a4:2d:50:d7:3b:f5:0e:3b:7d:20:8d:4d:c8:1a:82:97:bd:86:3f:b1:92:59:f9:7d:c5:dd:57:bc:08:71:ff:87:98:e6:3e:4e:e1:44:cd:03:3e:36:86:c8:93:f3:ef:a0:10:0b:36:21:83:c3:c4:ec:99:97:3d:49:21:95:5d:57:43:c9:13:62:a2:db:57:05:29:db:d6:5a:72:cb:77:0a:20:fd:d3:e4:e5:b8:71:f2:ba:b1:d8:76:94:7f:09:9e:1d:a8:57:4f:c1:53:9c:09:ab:53:67:90:fc:03:b7:8e:8d:0d:33:5a:24:f0:72:95:82:8d:31:67:ab:0a:94:5f:2a:1b:51:73:cb:48:7b:79:b2:56:8d:9e:19:bc:f1:da:6c:cc:b8:58:3e:4f:ce:3e:d9:44:33:92:2c:01:4c:39:cf:46:00:79:71:62:96:63:4b:c2:18:0a:58:dc:cf:d6:39:7b:7f:00:3d:5e:98:f4:46:cb:43:52:7f:10:89:78:b2:f7:3b:fc:34:ca:0b:95:b2:b8:d7:c6:06:e2:51:19:b2:6b:60:f7:8e:71:b9:96:37:91:90:3b:f2:86:c1:cd:9f:82:eb:86:0a:03:0f:5b:41:ee:ee:d4:26:79:68:e7:dc:1c:c9:6f:72:3c:57:4c:c5:56:f2:dc:f2:c4:9b:58:b1:ba:61:41:ba:91:a0:d7:da:0b:cd:4c:dd:e2:65:f8:ba:d2:58:c0:d9:20:86:92:0c:48:43:46:33:6a:b1:34:63:07:19:e7:6a:20:55:d9:b9:4b:1b:3d:fe:1a:a9:72:6f:ab:d9:de:10:1a:80:71:3d:19:dd:3e:22:86:78:2e:2f:19:99:c6:b8:21:6c:24:a5:8e:ef:90:a4:ad:13:50:11:db:91:8b:05:6e:18:e1:07:f8:01:61:ac:8e:f4:c0:7d:04:43:4d:53:74:46:0d:47:42:32:7f:b9:24:1a:31:44:69:db:ef:3e:ce:c2:3b:dd:ca:b5:22:ff:cb:71:49:59:ce:03:8d:c1:44:78:5d:1f:7b:f7:5c:2a:c1:22:98:45:84:5f:89:df:ad:a0:2a:ec:37:8f:42:d7:9c:45:e5:1b:09:b9:f2:7e:c8:62:d9:f2:4a:82:55:bf:22:1a:4f:77:fa:71:96:97:5c:56:60:48:da:3a:fd:43:81:9a:8a:1e:f1:38:8f:94:83:91:8c:28:b4:d1:d0:9f:3b:d2:0d:ed:c3:5d:6b:7b:81:08:a8:9b:a4:17:2d:1a:51:75:fc:34:0a:d9:ef:90:bd:fa:57:e7:ac:67:f7:67:e9:89:ed:d4:5f:28:de:cd:84:4e:bc:4e:42:a8:54:08:8a:3b:b4:b1:ea:db:0f:b6:6d:d0:fb:aa:1c:c0:3e:2a:8c:13:b7:24:27:9c:40:be:e0:a3:bb:f7:c8:af:0d:30:a5:66:aa:7b:07:52:c4:0e:7a:ab:33:79:b7:d8:6e:b3:04:9e:1a:6c:6d:91:db:98:7a:7b:46:5f:f8:8e:29:cb:ab:98:6a:12:77:01:b9:7d:63:53:83:d7:58:4e:ac:38:dc:6c:67:3c:74:7f:71:cb:5c:f0:c0:a1:f6:52:5c:03:50:4d:b1:61:b4:3e:84:a2:c9:0f:62:a9:64:c7:67:e4:2b:51:4e:b1:b9:62:8f:de:85:42:3e:3b:02:62:8d:1e:73:77:67:b8:80:5a:43:eb:29:11:ba:5a:55:2e:ae:1b:37:59:b0:62:9c:8c:29" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"186\", Nonce=\"kxGnpKZHyFO7INUIZYdSxg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"jXoKXPlZFyuKMZ1gnslyKg==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"186\", Nonce=\"kxGnpKZHyFO7INUIZYdSxg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"jXoKXPlZFyuKMZ1gnslyKg==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "P\u00ef\u00bf\u00bd\\\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0004(\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdW\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c\u001e\u00ef\u00bf\u00bdR;ODM\u0018|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdg\u00ef\u00bf\u00bd\/\u0016\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdBJP>@\u00ef\u00bf\u00bd\u00066\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd`\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr\u00ef\u00bf\u00bdq\u00ef\u00bf\u00bdf\u00ef\u00bf\u00bd[\u00ef\u00bf\u00bd|k\u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd(\u00ef\u00bf\u00bd\/hG\u00ef\u00bf\u00bd)\u00ef\u00bf\u00bd\u00ef\u00bf\u00bde\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bd\u0007\u00ef\u00bf\u00bd\u001a]{\u00ef\u00bf\u00bdY(+0+ Sk\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bdE\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd.&\u000b{\u00ef\u00bf\u00bd \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd,\u00ef\u00bf\u00bd;z\u00ef\u00bf\u00bd\u000fC4\u007f\u001bXr\u00ef\u00bf\u00bd=\u00ef\u00bf\u00bda\u00ef\u00bf\u00bd\u0010\u0001\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd(\u0019*\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001fk\u00ef\u00bf\u00bd0\u0007\u000f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd;\u0003s\u00ef\u00bf\u00bd\u000em\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdM\u00ef\u00bf\u00bd\u00ef\u00bf\u00bda" + }, + "media": { + "media.type": "50:a6:5c:de:da:9d:d1:8a:04:28:db:d1:f0:57:82:bf:b6:1c:1e:e9:52:3b:4f:44:4d:18:7c:ce:94:67:e8:2f:16:90:db:42:4a:50:3e:40:ab:06:36:ac:95:df:fb:a3:60:be:bf:72:eb:71:91:66:a9:5b:81:7c:6b:7f:97:dc:28:ac:2f:68:47:f3:29:e2:e2:65:bc:0e:a0:07:fc:1a:5d:7b:b5:59:28:2b:30:2b:20:53:6b:a8:f2:7e:86:45:f8:dc:f1:d8:2e:26:0b:7b:a2:20:e4:8a:2c:b9:3b:7a:fc:0f:43:34:7f:1b:58:72:c8:3d:84:61:f5:10:01:bc:e7:28:19:2a:05:ce:ae:1f:6b:84:30:07:0f:bb:87:3b:03:73:ec:0e:6d:f4:bf:4d:c4:81:61:00:4d:7b:9a:e9:7b:86:fe:36:8d:9f:96:c6:87:b3:62:19:92:9b:2b:6e:6d:49:eb:f6:14:e9:0d:30:eb:ba:c5:1b:7e:1a:b5:cb:c4:88:16:98:30:57:35:f5:61:1c:8e:bb:a4:b7:db:e6:e3:34:f1:64:cb:1f:fb:1d:4d:ad:88:cd:58:1f:d5:b5:71:78:c8:49:f7:cb:d2:cc:ea:75:86:d5:e2:49:cd:6c:1c:e8:f0:a0:f7:32:38:0a:71:5b:ed:60:9c:b9:dc:01:62:ec:c5:a4:ae:1a:3c:4b:d6:18:99:72:ba:17:b7:65:2d:23:9f:83:92:09:1a:84:1e:e9:13:62:11:8d:65:70:1b:02:e7:d1:f5:1a:0a:96:11:00:a8:4d:0e:bb:02:ef:e8:4e:d5:a5:ed:8c:f2:db:3f:81:32:6b:ac:08:59:34:84:5d:8d:af:f0:7a:1a:fe:c1:d6:82:1e:5f:aa:f6:e0:6e:03:94:49:8a:13:b7:7a:78:9a:cb:ca:e8:34:d6:d9:2e:7a:77:c5:d1:8a:10:d1:ec:5e:e9:ce:a4:0c:2c:8a:bf:d1:43:43:3f:31:8f:bd:75:17:62:30:be:5a:d3:f7:7e:84:8d:7a:83:93:30:d6:76:8d:24:e2:95:df:a2:6a:36:4f:cc:36:ac:80:c4:90:08:6e:41:61:1f:4a:ee:c1:a5:20:59:4e:23:ae:2a:da:eb:d5:1b:10:42:25:b8:27:d5:db:2f:38:2b:2f:c9:f1:f0:2f:23:71:bf:5d:eb:6a:0e:f4:e3:df:a8:ec:b9:3c:2f:50:49:d9:b0:03:25:19:82:b5:fc:2b:c1:dc:95:c1:51:ce:64:4c:9e:d0:f6:f9:50:5b:ab:f7:e0:15:26:ee:bd:72:1b:7f:3d:6c:c0:c2:e3:7b:ad:46:dd:bd:f8:7b:47:3e:23:e6:ef:bd:a8:b8:58:6e:c3:92:86:a2:59:95:66:0e:97:c6:e7:59:8b:f5:3b:00:b8:d9:a6:00:3d:73:b1:a4:13:e5:1a:cc:27:3e:08:af:79:6f:ad:3f:db:07:95:00:ed:10:e1:95:86:3c:0d:b2:aa:c5:cf:68:00:95:4f:ce:e2:14:d2:f5:e6:ba:ab:fd:c6:3d:69:07:dc:25:d1:50:02:71:a4:2d:50:d7:3b:f5:0e:3b:7d:20:8d:4d:c8:1a:82:97:bd:86:3f:b1:92:59:f9:7d:c5:dd:57:bc:08:71:ff:87:98:e6:3e:4e:e1:44:cd:03:3e:36:86:c8:93:f3:ef:a0:10:0b:36:21:83:c3:c4:ec:99:97:3d:49:21:95:5d:57:43:c9:13:62:a2:db:57:05:29:db:d6:5a:72:cb:77:0a:20:fd:d3:e4:e5:b8:71:f2:ba:b1:d8:76:94:7f:09:9e:1d:a8:57:4f:c1:53:9c:09:ab:53:67:90:fc:03:b7:8e:8d:0d:33:5a:24:f0:72:95:82:8d:31:67:ab:0a:94:5f:2a:1b:51:73:cb:48:7b:79:b2:56:8d:9e:19:bc:f1:da:6c:cc:b8:58:3e:4f:ce:3e:d9:44:33:92:2c:01:4c:39:cf:46:00:79:71:62:96:63:4b:c2:18:0a:58:dc:cf:d6:39:7b:7f:00:3d:5e:98:f4:46:cb:43:52:7f:10:89:78:b2:f7:3b:fc:34:ca:0b:95:b2:b8:d7:c6:06:e2:51:19:b2:6b:60:f7:8e:71:b9:96:37:91:90:3b:f2:86:c1:cd:9f:82:eb:86:0a:03:0f:5b:41:ee:ee:d4:26:79:68:e7:dc:1c:c9:6f:72:3c:57:4c:c5:56:f2:dc:f2:c4:9b:58:b1:ba:61:41:ba:91:a0:d7:da:0b:cd:4c:dd:e2:65:f8:ba:d2:58:c0:d9:20:86:92:0c:48:43:46:33:6a:b1:34:63:07:19:e7:6a:20:55:d9:b9:4b:1b:3d:fe:1a:a9:72:6f:ab:d9:de:10:1a:80:71:3d:19:dd:3e:22:86:78:2e:2f:19:99:c6:b8:21:6c:24:a5:8e:ef:90:a4:ad:13:50:11:db:91:8b:05:6e:18:e1:07:f8:01:61:ac:8e:f4:c0:7d:04:43:4d:53:74:46:0d:47:42:32:7f:b9:24:1a:31:44:69:db:ef:3e:ce:c2:3b:dd:ca:b5:22:ff:cb:71:49:59:ce:03:8d:c1:44:78:5d:1f:7b:f7:5c:2a:c1:22:98:45:84:5f:89:df:ad:a0:2a:ec:37:8f:42:d7:9c:45:e5:1b:09:b9:f2:7e:c8:62:d9:f2:4a:82:55:bf:22:1a:4f:77:fa:71:96:97:5c:56:60:48:da:3a:fd:43:81:9a:8a:1e:f1:38:8f:94:83:91:8c:28:b4:d1:d0:9f:3b:d2:0d:ed:c3:5d:6b:7b:81:08:a8:9b:a4:17:2d:1a:51:75:fc:34:0a:d9:ef:90:bd:fa:57:e7:ac:67:f7:67:e9:89:ed:d4:5f:28:de:cd:84:4e:bc:4e:42:a8:54:08:8a:3b:b4:b1:ea:db:0f:b6:6d:d0:fb:aa:1c:c0:3e:2a:8c:13:b7:24:27:9c:40:be:e0:a3:bb:f7:c8:af:0d:30:a5:66:aa:7b:07:52:c4:0e:7a:ab:33:79:b7:d8:6e:b3:04:9e:1a:6c:6d:91:db:98:7a:7b:46:5f:f8:8e:29:cb:ab:98:6a:12:77:01:b9:7d:63:53:83:d7:58:4e:ac:38:dc:6c:67:3c:74:7f:71:cb:5c:f0:c0:a1:f6:52:5c:03:50:4d:b1:61:b4:3e:84:a2:c9:0f:62:a9:64:c7:67:e4:2b:51:4e:b1:b9:62:8f:de:85:42:3e:3b:02:62:8d:1e:73:77:67:b8:80:5a:43:eb:29:11:ba:5a:55:2e:ae:1b:37:59:b0:62:9c:8c:29" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:50.005189000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494330.005189000", + "frame.time_delta": "0.136845000", + "frame.time_delta_displayed": "0.136845000", + "frame.time_relative": "738.544503000", + "frame.number": "2632", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001ea7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00006c34", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35297", + "tcp.port": "80", + "tcp.port": "35297", + "tcp.stream": "122", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008fbb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2631", + "tcp.analysis.ack_rtt": "0.136845000", + "tcp.analysis.initial_rtt": "0.137016000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:50.029787000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494330.029787000", + "frame.time_delta": "0.024598000", + "frame.time_delta_displayed": "0.024598000", + "frame.time_relative": "738.569101000", + "frame.number": "2633", + "frame.len": "925", + "frame.cap_len": "925", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "911", + "ip.id": "0x00002870", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00005f04", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35297", + "tcp.port": "80", + "tcp.port": "35297", + "tcp.stream": "122", + "tcp.len": "871", + "tcp.seq": "1", + "tcp.nxtseq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00000aeb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137016000", + "tcp.analysis.bytes_in_flight": "871", + "tcp.analysis.push_bytes_sent": "871" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_length_header": "560", + "http.content_length_header_tree": { + "http.content_length": "560" + }, + "http.response.line": "Content-Length: 560\r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Nonce=\"UG5tp6C9+lS7INUIHif8gw==\"", + "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"UG5tp6C9+lS7INUIHif8gw==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Tue, 31 Oct 2017 23:58:49 GMT", + "http.response.line": "Date: Tue, 31 Oct 2017 23:58:49 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.161443000", + "http.request_in": "2631", + "http.file_data": "P\u00ef\u00bf\u00bd\\\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0004(\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdW\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c\u001e\u00ef\u00bf\u00bdR;ODM\u0018|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdg\u00ef\u00bf\u00bd\/ !\u00133O2\u001f\u0005<\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd2\u00ef\u00bf\u00bdk\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd:\u00ef\u00bf\u00bdO49cHj\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd;>\u00ef\u00bf\u00bdSE\u00ef\u00bf\u00bd|xk\u00ef\u00bf\u00bde\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd.q\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd#l\u00ef\u00bf\u00bd\f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\b\u00ef\u00bf\u00bd\u0013H\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdrc5\u00ef\u00bf\u00bd\be'\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001ay^\u00ef\u00bf\u00bd\u0013\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bde\u0018b\u00ef\u00bf\u00bduj\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdPre\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdk\u00ef\u00bf\u00bdICh\\\u00ef\u00bf\u00bd!+\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd:\u00ef\u00bf\u00bdLD2\u00ef\u00bf\u00bd\r\u00ef\u00bf\u00bd!\u00ef\u00bf\u00bdg\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0002gI\u00ef\u00bf\u00bd\u0011`\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdz\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdC\u00ef\u00bf\u00bdC#\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd(\u00ef\u00bf\u00bdb$r\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdAi\u000b\u00ef\u00bf\u00bd\u0010\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdf\u001a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0012\u007ff\u00ef\u00bf\u00bd}\u001f\u00ef\u00bf\u00bd0]ucw,\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001a\u00ef\u00bf\u00bd\u001a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdF\u0014d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd;\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd5\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00057\u00ef\u00bf\u00bdQ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bd4\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdT\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd,\u00ef\u00bf\u00bdqb\u0002Q,\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdt\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bd-\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdW<\\i\u0010\u00ef\u00bf\u00bdo\"\u00ef\u00bf\u00bd \\qk" + }, + "media": { + "media.type": "50:a6:5c:de:da:9d:d1:8a:04:28:db:d1:f0:57:82:bf:b6:1c:1e:e9:52:3b:4f:44:4d:18:7c:ce:94:67:e8:2f:20:21:13:33:4f:32:1f:05:3c:8e:89:9f:f1:32:c0:6b:d6:ba:3a:c8:4f:34:39:63:48:6a:9d:d0:ae:e2:03:ec:d3:af:a6:82:a6:3b:3e:ad:53:45:c5:7c:78:6b:a5:65:a6:d9:2e:71:aa:80:ca:b9:23:6c:de:0c:8c:84:a1:08:bb:13:48:a9:f1:72:63:35:9e:08:65:27:dc:9e:1a:79:5e:fc:13:a1:d3:c7:65:18:62:94:75:6a:fb:18:a4:9f:50:72:65:f0:a0:6b:b9:49:43:68:5c:85:21:2b:ea:96:3a:ab:4c:44:32:88:0d:c7:21:8d:67:f0:94:02:67:49:fa:11:60:b1:d0:35:cb:85:a7:53:94:c4:9c:da:cf:c6:9c:e3:7a:87:ca:43:bb:43:23:d3:b4:fe:de:e1:28:ce:62:24:72:a6:af:d4:41:69:0b:ef:10:c1:99:66:1a:e8:d9:85:12:7f:66:8d:7d:1f:d2:30:5d:75:63:77:2c:ac:dc:b7:bd:e6:1a:b5:1a:cd:d2:46:14:64:f0:c5:a5:03:85:3b:cd:7e:cb:35:14:e4:f8:05:37:df:51:e6:98:02:90:34:a7:b7:88:54:f9:cb:83:c8:93:aa:c4:2c:95:71:62:02:51:2c:f6:df:f0:ea:74:8e:a6:ad:9b:26:8b:f8:18:c6:2d:ae:7e:94:f0:57:3c:5c:69:10:e6:6f:22:ac:20:5c:71:6b:00:b2:f6:29:01:45:c3:a6:83:a0:41:77:a4:00:f6:58:59:3b:b1:77:fd:cc:6b:8d:8f:e4:c8:6a:fa:20:6d:3b:01:8a:b8:a6:23:b5:84:4e:31:a7:cd:b0:16:c5:e9:37:8d:27:13:e9:86:50:7f:67:b3:1a:87:21:df:84:44:a2:64:1f:26:b7:79:c5:dd:bc:72:cd:7b:bd:b8:32:da:c5:c1:7f:98:bf:b0:55:ab:9e:a4:38:e4:ec:d7:5e:2f:0f:87:9b:08:4f:5a:be:d0:a6:5c:65:26:96:47:81:13:2e:0f:4f:fc:23:4d:dc:ec:99:b1:ab:84:9b:25:8b:5d:44:2a:ef:78:56:2b:03:00:87:2b:a9:45:95:a3:69:c6:7a:f9:c6:d7:83:fc:01:f2:1c:80:2b:df:2a:34:17:f1:c4:2e:3a:27:61:ea:89:d9:67:24:e7:44:7b:79:f0:13:52:47:26:82:9d:5b:4b:a8:9d:2b:4b:28:3f:cf:7a:bf:b9:df:a1:0e:12:4e:31:4d:22:dd:98:7e:88:fc:e3:71:41:5e:0f:41:62:98:ca:41:92:03:d1:6d:79:45:29:f6:ea:3d:2c:5a:f2:4c:a6:45:54:f7:a0:4c:5d:9a:df:2e:1c:9f:d6:0e:31:15:b8:ae:a4:c1:04:88:50" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:50.029858000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494330.029858000", + "frame.time_delta": "0.000071000", + "frame.time_delta_displayed": "0.000071000", + "frame.time_relative": "738.569172000", + "frame.number": "2634", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002872", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00006269", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35297", + "tcp.port": "80", + "tcp.port": "35297", + "tcp.stream": "122", + "tcp.len": "0", + "tcp.seq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008c53", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:50.030388000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494330.030388000", + "frame.time_delta": "0.000530000", + "frame.time_delta_displayed": "0.000530000", + "frame.time_relative": "738.569702000", + "frame.number": "2635", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c71d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006ebe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35297", + "tcp.dstport": "80", + "tcp.port": "35297", + "tcp.port": "80", + "tcp.stream": "122", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "872", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00002ca3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2633", + "tcp.analysis.ack_rtt": "0.000601000", + "tcp.analysis.initial_rtt": "0.137016000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:50.031029000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494330.031029000", + "frame.time_delta": "0.000641000", + "frame.time_delta_displayed": "0.000641000", + "frame.time_relative": "738.570343000", + "frame.number": "2636", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c71e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006ebd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35297", + "tcp.dstport": "80", + "tcp.port": "35297", + "tcp.port": "80", + "tcp.stream": "122", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "873", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00002ca1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2634", + "tcp.analysis.ack_rtt": "0.001171000", + "tcp.analysis.initial_rtt": "0.137016000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:50.063441000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494330.063441000", + "frame.time_delta": "0.032412000", + "frame.time_delta_displayed": "0.032412000", + "frame.time_relative": "738.602755000", + "frame.number": "2637", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:50.164639000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494330.164639000", + "frame.time_delta": "0.101198000", + "frame.time_delta_displayed": "0.101198000", + "frame.time_relative": "738.703953000", + "frame.number": "2638", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:50.167321000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494330.167321000", + "frame.time_delta": "0.002682000", + "frame.time_delta_displayed": "0.002682000", + "frame.time_relative": "738.706635000", + "frame.number": "2639", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000062d3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00002808", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35297", + "tcp.port": "80", + "tcp.port": "35297", + "tcp.stream": "122", + "tcp.len": "0", + "tcp.seq": "873", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008c52", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2636", + "tcp.analysis.ack_rtt": "0.136292000", + "tcp.analysis.initial_rtt": "0.137016000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:50.194835000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494330.194835000", + "frame.time_delta": "0.027514000", + "frame.time_delta_displayed": "0.027514000", + "frame.time_relative": "738.734149000", + "frame.number": "2640", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:50.470952000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494330.470952000", + "frame.time_delta": "0.276117000", + "frame.time_delta_displayed": "0.276117000", + "frame.time_relative": "739.010266000", + "frame.number": "2641", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:51.410321000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494331.410321000", + "frame.time_delta": "0.939369000", + "frame.time_delta_displayed": "0.939369000", + "frame.time_relative": "739.949635000", + "frame.number": "2642", + "frame.len": "1323", + "frame.cap_len": "1323", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1309", + "ip.id": "0x0000953d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007359", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1257", + "tcp.seq": "15163", + "tcp.nxtseq": "16420", + "tcp.ack": "2587", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cd53", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:d1:f9:a7:9d:c0:e1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2478585, TSecr 2812133601": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2478585", + "tcp.options.timestamp.tsecr": "2812133601" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1257", + "tcp.analysis.push_bytes_sent": "1257" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1252", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:d0:24:af:73:cc:1f:4c:81:6a:c4:1b:22:7f:5d:1c:38:8a:87:87:bb:73:16:b5:c0:19:68:bc:4a:00:7f:19:5b:45:6b:a1:a3:c1:e3:46:c7:48:83:a4:cc:e3:ef:75:83:92:3c:3e:a5:31:c9:0f:c9:5e:5e:50:a4:fd:0d:f8:70:1c:59:08:74:ab:23:11:dd:d6:32:dd:cd:df:6a:8a:41:f0:3c:27:5e:b2:63:4f:cc:6d:76:30:5b:61:be:e0:2f:ca:e8:d5:d8:37:8c:f5:36:69:87:fc:bd:b6:94:64:1d:4a:60:b3:0f:49:86:94:41:05:78:37:85:f9:b0:89:ba:8f:f2:b6:95:06:11:33:f4:b7:e4:13:36:3a:5a:70:c7:a4:d8:0f:13:a9:ad:93:0e:1f:2c:8d:ca:d2:a3:a8:11:16:6d:2a:6e:7c:d9:15:53:a6:43:4b:0d:4e:04:fd:52:ec:a8:81:6a:53:f3:a5:8e:64:f7:dc:72:be:9d:16:1c:9d:28:b9:60:b8:e5:2e:3e:d4:95:82:27:4c:90:4f:10:18:c7:5a:2d:3a:c6:32:58:aa:76:1f:f1:b4:ae:dc:81:9c:4f:c9:b8:c7:21:b6:26:eb:09:2e:61:ce:9c:16:48:f8:0d:55:ca:57:2f:69:68:c4:e5:92:7b:14:3d:db:ed:1a:e1:03:3f:3b:55:12:7e:79:95:00:11:2e:52:ba:37:63:0a:c3:a9:06:1a:a9:d9:8c:28:39:c1:45:d9:b3:92:a1:57:b6:d7:ad:09:9f:86:b6:f3:36:fc:d2:52:fd:68:35:82:e0:cd:b7:bb:1a:d6:d8:48:dc:21:93:72:85:a8:e4:ff:50:f2:5b:38:a5:29:1e:04:b2:ce:a6:40:20:2a:f7:50:8d:56:ff:6f:70:1f:06:7b:a9:cd:90:a0:a2:48:1a:73:dc:5c:b4:bc:18:6c:bb:17:0e:cc:7a:5e:38:d2:ac:9b:33:c9:35:90:28:8d:78:f2:30:c3:8a:0e:ce:74:29:89:55:f3:48:08:6a:6a:5d:b7:e0:17:33:cb:b6:9f:78:4d:6d:bb:fd:7c:99:32:ca:9c:42:85:4f:4a:24:67:d1:fd:8f:09:bd:a4:f0:ed:41:8d:6c:3c:56:98:ef:c7:4f:e9:a6:36:fd:1b:ad:dd:42:27:89:f2:42:09:bf:8a:17:24:43:87:9e:4b:bd:35:09:8e:34:fa:af:2a:b0:12:c6:f1:60:01:58:19:bc:73:e7:b5:ca:7c:fc:e0:b2:b6:21:92:a4:68:30:18:14:4d:b3:0f:18:42:2f:91:9b:c8:4f:0d:97:e1:a2:40:21:b6:83:15:ab:03:cc:5c:62:8d:e3:67:cf:73:23:bb:0d:f1:9f:d3:38:b4:99:c3:ee:35:2c:3f:5b:d9:a7:6e:b9:3f:55:33:ab:8b:79:2b:4f:78:3c:26:e5:e8:71:86:b2:00:94:3d:2d:73:74:8c:09:d4:27:8a:ce:c8:a9:c2:22:24:13:0f:7d:f6:6d:0d:c0:e4:c8:9c:91:4a:31:33:87:1a:c5:72:24:12:72:ff:9f:08:51:56:17:78:1d:13:4e:25:7f:2b:97:0e:46:72:f9:54:94:0e:68:23:ea:02:ad:c3:ae:91:69:d9:15:62:a8:60:80:cb:d8:cd:73:f9:46:7e:09:ae:a8:87:07:46:47:96:7e:26:b8:cd:9c:d5:fb:f3:6c:52:c4:e4:e1:3d:56:a1:58:cd:a2:33:ce:d4:69:24:fa:dc:e0:ff:30:9f:3e:06:7b:77:18:8e:46:89:54:d1:33:90:e4:57:e2:27:1f:30:86:0a:35:97:d5:3d:7a:1a:16:d3:d6:9e:26:d2:0d:28:f6:a0:3b:9e:a0:c2:8f:40:27:35:33:d7:52:27:f1:ea:a5:bc:a5:64:3c:be:0f:a5:90:d4:7f:46:2b:e4:96:fb:16:ec:63:0f:64:94:7b:6e:c9:fa:53:58:bb:b8:7d:66:9e:e7:ee:4e:47:81:d7:fb:cf:7e:fc:b3:83:54:4a:f6:d8:95:03:25:a1:ba:74:bf:40:56:72:54:92:95:39:10:99:7b:4a:6a:05:81:50:84:6a:e4:8e:c8:e0:70:0f:0d:f6:62:6c:53:c4:a1:96:54:43:20:46:54:14:ec:2c:b2:12:64:5d:bb:06:3d:3b:69:a7:66:b9:51:fa:36:81:72:d0:69:50:29:12:9f:ac:26:f4:f4:29:38:b7:ca:ce:73:37:9a:13:19:d4:c8:7e:7a:30:34:03:3c:b6:b8:16:67:81:6c:7e:5f:1a:47:be:f9:76:f5:03:c5:45:ca:b2:c1:b0:90:53:64:38:ed:4a:db:8d:2f:ff:9c:f2:41:59:a0:70:97:7f:ca:be:c7:ca:b1:b9:3b:30:06:bb:de:2e:87:56:38:9f:a4:ac:26:bf:8e:20:32:5f:74:87:8c:f1:c9:49:e5:ea:f0:de:3e:d8:2f:b9:a5:cf:dc:9c:ef:46:fe:5c:f3:e7:a5:56:36:f4:82:ad:f6:68:ea:39:ac:ef:2c:7b:77:fc:89:0b:36:47:75:81:e5:70:c8:d9:e8:ef:43:85:24:39:a8:6f:94:2b:69:6e:67:7f:6d:a9:b9:72:f6:64:a1:c9:31:77:10:5f:f6:43:32:3a:05:fd:46:98:a0:9d:ef:d0:28:f2:fd:68:c8:3e:17:14:9c:5a:92:45:d0:6b:44:2a:79:ac:7a:66:e7:64:e7:5a:cd:09:cb:b0:44:4f:cc:c9:26:98:ff:8c:08:c0:9b:94:41:34:b2:9f:94:8d:00:e1:7f:19:dd:08:07:30:de:7f:ae:d4:6e:1c:82:64:77:38:56:b5:62:30:3e:1c:e4:16:9b:18:5b:6b:c3:f2:aa:ae:b1:5f:21:47:cd:06:0d:9c:12:e4:93:ef:f6:d2:bf:96:7d:4d:e0:de:d9:06:5a:2e:2f:74:31:33:ee:e9:38:14:cd:59:9f:bc:58:4d:3b:60:4d:39:07:7c:4a:9c:1b:44:a5:80:41:b6:f1:66:5c:55:58:5f:18:71:e3:4a:f4:41:be:da:d5:be:79:e1:8c:69:8b:21:d5:17:19:6c:71:3c:a9:9c:3f:97:3e:e4:55:84:df:61:80:f9:b7:b0:c9:09:52:0e:4c:38:f2:2d:47:ae:84:ed:07:29:0a:d0:b3:87:6e:81:29:7d:a6:76:8b:ff:3e:ff:d4:15:3f:31:62:39:dd:a4:ff:9f:09:a7:0e:16:e7:3e:90:2f:1e:eb:1d:93:b9:45:25:47:e6:e8:08:fb:f6:cb" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:51.470754000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494331.470754000", + "frame.time_delta": "0.060433000", + "frame.time_delta_displayed": "0.060433000", + "frame.time_relative": "740.010068000", + "frame.number": "2643", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c29", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003956", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "2587", + "tcp.ack": "16420", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000be55", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:ce:00:00:25:d1:f9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812136960, TSecr 2478585": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812136960", + "tcp.options.timestamp.tsecr": "2478585" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2642", + "tcp.analysis.ack_rtt": "0.060433000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:55.194113000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494335.194113000", + "frame.time_delta": "3.723359000", + "frame.time_delta_displayed": "3.723359000", + "frame.time_relative": "743.733427000", + "frame.number": "2644", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:57.112885000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494337.112885000", + "frame.time_delta": "1.918772000", + "frame.time_delta_displayed": "1.918772000", + "frame.time_relative": "745.652199000", + "frame.number": "2645", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x000047d2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000091bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:57.118656000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494337.118656000", + "frame.time_delta": "0.005771000", + "frame.time_delta_displayed": "0.005771000", + "frame.time_relative": "745.657970000", + "frame.number": "2646", + "frame.len": "211", + "frame.cap_len": "211", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "197", + "ip.id": "0x000019c6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000becb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "177", + "udp.checksum": "0x00009320", + "udp.checksum.status": "2", + "udp.stream": "45" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "4", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { + "dns.resp.name": "_smartthings._tcp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "19", + "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { + "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "4500", + "dns.resp.len": "38", + "dns.txt.length": "6", + "dns.txt": "path=\/", + "dns.txt.length": "19", + "dns.txt": "id=D052A8A1D7EE0001", + "dns.txt.length": "10", + "dns.txt": "type=hubv2" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { + "dns.srv.service": "D052A8A1D7EE0001", + "dns.srv.proto": "_smartthings", + "dns.srv.name": "_tcp.local", + "dns.resp.type": "33", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "25", + "dns.srv.priority": "0", + "dns.srv.weight": "0", + "dns.srv.port": "8081", + "dns.srv.target": "D052A8A1D7EE0001.local" + }, + "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { + "dns.resp.name": "D052A8A1D7EE0001.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "4", + "dns.a": "192.168.0.242" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:57.336531000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494337.336531000", + "frame.time_delta": "0.217875000", + "frame.time_delta_displayed": "0.217875000", + "frame.time_relative": "745.875845000", + "frame.number": "2647", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x00004808", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00009186", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:57.564651000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494337.564651000", + "frame.time_delta": "0.228120000", + "frame.time_delta_displayed": "0.228120000", + "frame.time_relative": "746.103965000", + "frame.number": "2648", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x00004833", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000915b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:58.495653000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494338.495653000", + "frame.time_delta": "0.931002000", + "frame.time_delta_displayed": "0.931002000", + "frame.time_relative": "747.034967000", + "frame.number": "2649", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00009d5f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00002bf8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:58.548459000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494338.548459000", + "frame.time_delta": "0.052806000", + "frame.time_delta_displayed": "0.052806000", + "frame.time_relative": "747.087773000", + "frame.number": "2650", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00009d61", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00002bf6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:58.601383000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494338.601383000", + "frame.time_delta": "0.052924000", + "frame.time_delta_displayed": "0.052924000", + "frame.time_relative": "747.140697000", + "frame.number": "2651", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00009d67", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00002be7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:58.654313000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494338.654313000", + "frame.time_delta": "0.052930000", + "frame.time_delta_displayed": "0.052930000", + "frame.time_relative": "747.193627000", + "frame.number": "2652", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00009d68", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00002be6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:58.707268000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494338.707268000", + "frame.time_delta": "0.052955000", + "frame.time_delta_displayed": "0.052955000", + "frame.time_relative": "747.246582000", + "frame.number": "2653", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00009d6d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00002be7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:58:58.760110000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494338.760110000", + "frame.time_delta": "0.052842000", + "frame.time_delta_displayed": "0.052842000", + "frame.time_relative": "747.299424000", + "frame.number": "2654", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00009d6f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00002be5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:04.720346000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494344.720346000", + "frame.time_delta": "5.960236000", + "frame.time_delta_displayed": "5.960236000", + "frame.time_relative": "753.259660000", + "frame.number": "2655", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057ed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6a4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "241", + "tcp.ack": "217", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000004f7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:04.865384000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494344.865384000", + "frame.time_delta": "0.145038000", + "frame.time_delta_displayed": "0.145038000", + "frame.time_relative": "753.404698000", + "frame.number": "2656", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fdc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdb5", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "217", + "tcp.ack": "242", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000f6c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:05.833905000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494345.833905000", + "frame.time_delta": "0.968521000", + "frame.time_delta_displayed": "0.968521000", + "frame.time_relative": "754.373219000", + "frame.number": "2657", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:05.836319000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494345.836319000", + "frame.time_delta": "0.002414000", + "frame.time_delta_displayed": "0.002414000", + "frame.time_relative": "754.375633000", + "frame.number": "2658", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:05.851471000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494345.851471000", + "frame.time_delta": "0.015152000", + "frame.time_delta_displayed": "0.015152000", + "frame.time_relative": "754.390785000", + "frame.number": "2659", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:06.081791000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494346.081791000", + "frame.time_delta": "0.230320000", + "frame.time_delta_displayed": "0.230320000", + "frame.time_relative": "754.621105000", + "frame.number": "2660", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:06.408951000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494346.408951000", + "frame.time_delta": "0.327160000", + "frame.time_delta_displayed": "0.327160000", + "frame.time_relative": "754.948265000", + "frame.number": "2661", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005c24", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005bc5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:06.796743000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494346.796743000", + "frame.time_delta": "0.387792000", + "frame.time_delta_displayed": "0.387792000", + "frame.time_relative": "755.336057000", + "frame.number": "2662", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x0000736f", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x0083a8ea", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:06.802098000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494346.802098000", + "frame.time_delta": "0.005355000", + "frame.time_delta_displayed": "0.005355000", + "frame.time_relative": "755.341412000", + "frame.number": "2663", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x00003a92", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x00f7d68b", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:06.808647000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494346.808647000", + "frame.time_delta": "0.006549000", + "frame.time_delta_displayed": "0.006549000", + "frame.time_relative": "755.347961000", + "frame.number": "2664", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:06.822205000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494346.822205000", + "frame.time_delta": "0.013558000", + "frame.time_delta_displayed": "0.013558000", + "frame.time_relative": "755.361519000", + "frame.number": "2665", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:07.105277000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494347.105277000", + "frame.time_delta": "0.283072000", + "frame.time_delta_displayed": "0.283072000", + "frame.time_relative": "755.644591000", + "frame.number": "2666", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x00004e65", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008b29", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:07.118739000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494347.118739000", + "frame.time_delta": "0.013462000", + "frame.time_delta_displayed": "0.013462000", + "frame.time_relative": "755.658053000", + "frame.number": "2667", + "frame.len": "211", + "frame.cap_len": "211", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "197", + "ip.id": "0x00001a71", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000be20", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "177", + "udp.checksum": "0x00009320", + "udp.checksum.status": "2", + "udp.stream": "45" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "4", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { + "dns.resp.name": "_smartthings._tcp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "19", + "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { + "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "4500", + "dns.resp.len": "38", + "dns.txt.length": "6", + "dns.txt": "path=\/", + "dns.txt.length": "19", + "dns.txt": "id=D052A8A1D7EE0001", + "dns.txt.length": "10", + "dns.txt": "type=hubv2" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { + "dns.srv.service": "D052A8A1D7EE0001", + "dns.srv.proto": "_smartthings", + "dns.srv.name": "_tcp.local", + "dns.resp.type": "33", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "25", + "dns.srv.priority": "0", + "dns.srv.weight": "0", + "dns.srv.port": "8081", + "dns.srv.target": "D052A8A1D7EE0001.local" + }, + "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { + "dns.resp.name": "D052A8A1D7EE0001.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "4", + "dns.a": "192.168.0.242" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:07.328034000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494347.328034000", + "frame.time_delta": "0.209295000", + "frame.time_delta_displayed": "0.209295000", + "frame.time_relative": "755.867348000", + "frame.number": "2668", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x00004e9e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008af0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:07.556274000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494347.556274000", + "frame.time_delta": "0.228240000", + "frame.time_delta_displayed": "0.228240000", + "frame.time_relative": "756.095588000", + "frame.number": "2669", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x00004ea8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008ae6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:07.831028000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494347.831028000", + "frame.time_delta": "0.274754000", + "frame.time_delta_displayed": "0.274754000", + "frame.time_relative": "756.370342000", + "frame.number": "2670", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:07.833359000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494347.833359000", + "frame.time_delta": "0.002331000", + "frame.time_delta_displayed": "0.002331000", + "frame.time_relative": "756.372673000", + "frame.number": "2671", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:07.834571000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494347.834571000", + "frame.time_delta": "0.001212000", + "frame.time_delta_displayed": "0.001212000", + "frame.time_relative": "756.373885000", + "frame.number": "2672", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:07.883361000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494347.883361000", + "frame.time_delta": "0.048790000", + "frame.time_delta_displayed": "0.048790000", + "frame.time_relative": "756.422675000", + "frame.number": "2673", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:08.466470000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494348.466470000", + "frame.time_delta": "0.583109000", + "frame.time_delta_displayed": "0.583109000", + "frame.time_relative": "757.005784000", + "frame.number": "2674", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x000006f4", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x00b41535", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:08.600704000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494348.600704000", + "frame.time_delta": "0.134234000", + "frame.time_delta_displayed": "0.134234000", + "frame.time_relative": "757.140018000", + "frame.number": "2675", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x0000953e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007810", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "16420", + "tcp.nxtseq": "16469", + "tcp.ack": "2587", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007b9a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:d8:b0:a7:9d:ce:00", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2480304, TSecr 2812136960": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2480304", + "tcp.options.timestamp.tsecr": "2812136960" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:d1:2e:5c:0a:63:8d:61:a6:25:13:58:53:c2:0b:0e:74:2d:27:6a:39:44:60:9b:d8:41:0d:d3:f0:98:c4:aa:46:54:b3:31:13:a3" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:08.604660000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494348.604660000", + "frame.time_delta": "0.003956000", + "frame.time_delta_displayed": "0.003956000", + "frame.time_relative": "757.143974000", + "frame.number": "2676", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x00005502", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x0084bc8e", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:08.660879000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494348.660879000", + "frame.time_delta": "0.056219000", + "frame.time_delta_displayed": "0.056219000", + "frame.time_relative": "757.200193000", + "frame.number": "2677", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c2a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003955", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "2587", + "tcp.ack": "16469", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a6a4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:de:c9:00:25:d8:b0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812141257, TSecr 2480304": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812141257", + "tcp.options.timestamp.tsecr": "2480304" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2675", + "tcp.analysis.ack_rtt": "0.060175000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:08.661642000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494348.661642000", + "frame.time_delta": "0.000763000", + "frame.time_delta_displayed": "0.000763000", + "frame.time_relative": "757.200956000", + "frame.number": "2678", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:08.661733000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494348.661733000", + "frame.time_delta": "0.000091000", + "frame.time_delta_displayed": "0.000091000", + "frame.time_relative": "757.201047000", + "frame.number": "2679", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002c2b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000391d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "2587", + "tcp.nxtseq": "2642", + "tcp.ack": "16469", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000888c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:de:c9:00:25:d8:b0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812141257, TSecr 2480304": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812141257", + "tcp.options.timestamp.tsecr": "2480304" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:4e:9e:76:0a:f0:8f:0d:9a:09:7e:e2:1d:e6:ec:ec:12:e8:47:91:3e:b3:8a:e6:25:7e:6b:fc:a5:da:d8:8c:28:ae:38:0a:72:4c:66:ad:22:b6:2a:c6" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:08.671702000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494348.671702000", + "frame.time_delta": "0.009969000", + "frame.time_delta_displayed": "0.009969000", + "frame.time_relative": "757.211016000", + "frame.number": "2680", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:08.697567000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494348.697567000", + "frame.time_delta": "0.025865000", + "frame.time_delta_displayed": "0.025865000", + "frame.time_relative": "757.236881000", + "frame.number": "2681", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000953f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007840", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "16469", + "tcp.ack": "2642", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a574", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:d8:ba:a7:9d:de:c9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2480314, TSecr 2812141257": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2480314", + "tcp.options.timestamp.tsecr": "2812141257" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2679", + "tcp.analysis.ack_rtt": "0.035834000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:09.004128000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494349.004128000", + "frame.time_delta": "0.306561000", + "frame.time_delta_displayed": "0.306561000", + "frame.time_relative": "757.543442000", + "frame.number": "2682", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00004ef3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008a66", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:09.674052000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494349.674052000", + "frame.time_delta": "0.669924000", + "frame.time_delta_displayed": "0.669924000", + "frame.time_relative": "758.213366000", + "frame.number": "2683", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:09.676408000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494349.676408000", + "frame.time_delta": "0.002356000", + "frame.time_delta_displayed": "0.002356000", + "frame.time_relative": "758.215722000", + "frame.number": "2684", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:09.681618000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494349.681618000", + "frame.time_delta": "0.005210000", + "frame.time_delta_displayed": "0.005210000", + "frame.time_relative": "758.220932000", + "frame.number": "2685", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:09.720778000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494349.720778000", + "frame.time_delta": "0.039160000", + "frame.time_delta_displayed": "0.039160000", + "frame.time_relative": "758.260092000", + "frame.number": "2686", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:10.515326000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494350.515326000", + "frame.time_delta": "0.794548000", + "frame.time_delta_displayed": "0.794548000", + "frame.time_relative": "759.054640000", + "frame.number": "2687", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x00009ba9", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x006e80c5", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:10.524963000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494350.524963000", + "frame.time_delta": "0.009637000", + "frame.time_delta_displayed": "0.009637000", + "frame.time_relative": "759.064277000", + "frame.number": "2688", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x00008ea2", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x0035833d", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:10.535878000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494350.535878000", + "frame.time_delta": "0.010915000", + "frame.time_delta_displayed": "0.010915000", + "frame.time_relative": "759.075192000", + "frame.number": "2689", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:10.540852000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494350.540852000", + "frame.time_delta": "0.004974000", + "frame.time_delta_displayed": "0.004974000", + "frame.time_relative": "759.080166000", + "frame.number": "2690", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:10.588668000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494350.588668000", + "frame.time_delta": "0.047816000", + "frame.time_delta_displayed": "0.047816000", + "frame.time_relative": "759.127982000", + "frame.number": "2691", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d90", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000f94", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000026e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=622", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:10.589209000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494350.589209000", + "frame.time_delta": "0.000541000", + "frame.time_delta_displayed": "0.000541000", + "frame.time_relative": "759.128523000", + "frame.number": "2692", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d91", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b5b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f08f", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000026e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=622", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:10.589827000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494350.589827000", + "frame.time_delta": "0.000618000", + "frame.time_delta_displayed": "0.000618000", + "frame.time_relative": "759.129141000", + "frame.number": "2693", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007e55", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000026e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=622", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:11.474202000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494351.474202000", + "frame.time_delta": "0.884375000", + "frame.time_delta_displayed": "0.884375000", + "frame.time_relative": "760.013516000", + "frame.number": "2694", + "frame.len": "353", + "frame.cap_len": "353", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "339", + "ip.id": "0x00002c2c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003834", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "287", + "tcp.seq": "2642", + "tcp.nxtseq": "2929", + "tcp.ack": "16469", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a6a8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:e1:88:00:25:d8:ba", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812141960, TSecr 2480314": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812141960", + "tcp.options.timestamp.tsecr": "2480314" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "287", + "tcp.analysis.push_bytes_sent": "287" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "282", + "ssl.app_data": "34:cd:34:17:47:48:0e:4f:f8:95:53:fd:f4:80:95:08:e4:9c:98:2d:4e:da:f8:32:45:ca:69:f6:eb:7c:63:76:fc:5f:c3:57:51:f2:1e:0d:6e:db:95:48:1d:f9:41:c8:d1:4b:01:56:49:51:c2:a8:a2:7b:25:89:cf:00:3d:58:94:b4:5e:31:24:f5:fe:f2:08:3a:f8:cb:ee:05:25:1a:37:0e:f1:eb:40:8a:90:b8:01:8b:e2:cd:d5:5b:2a:07:05:83:76:aa:c1:7a:f8:b8:41:b4:56:78:c4:54:04:0f:5b:12:69:56:70:1a:fb:d9:3b:ce:8e:a4:00:59:b5:fc:c5:f3:b0:37:e9:ae:81:c6:5d:29:1a:fe:fd:24:43:06:e5:dd:19:7f:e4:1b:52:ff:85:c8:32:db:b4:fc:c3:47:0f:23:85:6c:62:f8:8a:e4:3b:49:ae:f3:55:62:05:7d:b9:d3:af:9a:e8:79:12:d7:64:4e:47:ed:cb:ad:45:6f:74:aa:28:9c:84:d4:df:ac:48:3f:fc:85:b9:39:ee:67:93:bc:58:85:45:06:e8:d1:39:27:7e:46:88:20:fb:31:a4:1a:e0:f4:77:22:72:de:de:68:5d:3b:14:0c:e0:66:a0:36:7a:56:aa:c1:89:36:3d:69:35:99:82:27:8b:75:36:13:05:8c:de:2a:52:11:4e:b7:13:54:22:e6:07:db:73:4a:b7:74:1b:49:5f:81:a7:8c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:11.474707000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494351.474707000", + "frame.time_delta": "0.000505000", + "frame.time_delta_displayed": "0.000505000", + "frame.time_relative": "760.014021000", + "frame.number": "2695", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009540", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000783f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "16469", + "tcp.ack": "2929", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a081", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:d9:cf:a7:9d:e1:88", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2480591, TSecr 2812141960": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2480591", + "tcp.options.timestamp.tsecr": "2812141960" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2694", + "tcp.analysis.ack_rtt": "0.000505000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:11.490117000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494351.490117000", + "frame.time_delta": "0.015410000", + "frame.time_delta_displayed": "0.015410000", + "frame.time_relative": "760.029431000", + "frame.number": "2696", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x00009541", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007809", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "16469", + "tcp.nxtseq": "16522", + "tcp.ack": "2929", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000675f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:d9:d1:a7:9d:e1:88", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2480593, TSecr 2812141960": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2480593", + "tcp.options.timestamp.tsecr": "2812141960" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:d2:4f:2b:9e:a9:6a:b9:3e:ac:96:e8:b7:a0:a4:0a:37:c0:d7:e9:4f:41:56:61:1e:21:ee:30:b5:4c:f9:e0:d8:c8:4f:bb:47:85:84:45:d4:76" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:11.555096000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494351.555096000", + "frame.time_delta": "0.064979000", + "frame.time_delta_displayed": "0.064979000", + "frame.time_relative": "760.094410000", + "frame.number": "2697", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:11.557369000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494351.557369000", + "frame.time_delta": "0.002273000", + "frame.time_delta_displayed": "0.002273000", + "frame.time_relative": "760.096683000", + "frame.number": "2698", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:11.600920000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494351.600920000", + "frame.time_delta": "0.043551000", + "frame.time_delta_displayed": "0.043551000", + "frame.time_relative": "760.140234000", + "frame.number": "2699", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:11.601095000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494351.601095000", + "frame.time_delta": "0.000175000", + "frame.time_delta_displayed": "0.000175000", + "frame.time_relative": "760.140409000", + "frame.number": "2700", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c2d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003952", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "2929", + "tcp.ack": "16522", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a11c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:e1:a5:00:25:d9:d1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812141989, TSecr 2480593": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812141989", + "tcp.options.timestamp.tsecr": "2480593" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2696", + "tcp.analysis.ack_rtt": "0.110978000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:11.601634000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494351.601634000", + "frame.time_delta": "0.000539000", + "frame.time_delta_displayed": "0.000539000", + "frame.time_relative": "760.140948000", + "frame.number": "2701", + "frame.len": "764", + "frame.cap_len": "764", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "750", + "ip.id": "0x00009542", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007583", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "698", + "tcp.seq": "16522", + "tcp.nxtseq": "17220", + "tcp.ack": "2929", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008c8f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:d9:dc:a7:9d:e1:a5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2480604, TSecr 2812141989": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2480604", + "tcp.options.timestamp.tsecr": "2812141989" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "698", + "tcp.analysis.push_bytes_sent": "698" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:d3:2b:ea:b9:48:cd:9e:06:82:19:3f:1c:3b:00:fe:12:36:c2:f4:2b:85:25:bc:f3:2e:10:37:3d:22:b5:5e:f2:e1:f2:6e:04:03:17:3e:8a:55:26" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:d4:9e:8b:be:20:df:67:26:71:0c:fe:20:ee:e3:98:38:db:46:82:fb:e7:83:bc:9e:3a:c4:66:f5:d3:4c:3e:7e:2a:30:db:ee:d3:2f:84:e4:66:f6:5e:bf:99:04:bc:50:fb:d8:36:ee:a6:b7:45:5f:6e:5c:2c:0f:06:20:ef:bb:46:ca:86:aa:ff:5f:5d:2d:aa:17:1c:99:4d:55:32:f2:3c:f5:8f:dc:a5:96:b5:be:63" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "538", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:d5:74:18:ad:a0:3a:95:d0:75:9a:ed:84:51:47:32:a8:da:94:61:01:35:d5:cd:91:74:55:aa:0c:3f:c5:72:2f:49:bf:8d:1d:51:d4:2c:1f:c1:3d:2c:34:b4:04:94:11:99:91:3a:c6:34:ca:83:16:52:ca:8f:00:5e:ca:69:7c:73:85:61:80:6b:62:6e:87:ed:b4:7d:80:f2:63:01:3c:e6:d7:75:e8:8c:62:01:dc:66:18:52:56:2a:67:64:c7:88:3b:34:46:2d:06:fe:45:47:e6:46:44:2f:8e:b9:c3:a4:40:39:47:6b:b8:12:7c:f6:b8:42:03:f7:b2:8f:5a:22:25:8d:d2:cc:b5:92:a8:84:ac:18:d4:b1:c3:11:f1:59:0a:2b:e4:b0:1a:79:01:83:92:8d:33:9e:a3:12:db:89:86:6e:40:35:fe:bf:0c:4a:ce:b1:db:66:1f:f9:78:8a:ea:9f:24:c4:69:61:3e:e3:90:96:8e:66:eb:e1:d8:6b:17:93:3e:7c:4f:0d:2b:b2:c9:e2:15:87:8d:4b:e0:de:87:f7:e0:60:ce:3f:fe:dc:48:95:34:94:5e:3b:70:92:d6:87:53:d2:cf:63:90:10:1e:19:7f:71:f0:a8:d3:9f:2d:23:11:c5:7f:67:24:b9:ce:99:f2:15:86:0e:0d:ac:ae:15:56:0f:93:c6:dd:96:d6:cd:87:f6:19:40:ee:06:18:69:c8:5e:7a:8b:80:2a:8a:aa:73:56:e4:33:ef:b7:58:28:45:f2:96:02:96:cb:84:3a:62:da:fe:10:20:39:53:1f:c5:36:98:ac:4c:3d:dd:a1:37:e2:08:c5:6d:2c:a4:26:fb:aa:c2:8b:26:30:f5:52:d7:6d:f1:67:b6:9e:65:31:6a:dc:77:0a:4b:7b:6e:65:68:02:f4:f3:6c:71:3a:71:04:e4:2e:32:5a:ab:a4:93:12:74:d5:b2:f4:4b:da:a3:5d:b9:60:6a:54:95:50:a4:af:06:28:f5:b4:e9:1c:ff:c6:c7:5f:40:48:3e:31:35:b2:81:d7:61:bf:77:c4:02:31:6e:12:46:dd:9f:6b:a0:54:d1:4b:29:11:da:f5:f5:8f:3b:92:99:52:84:87:26:cc:3c:38:8b:fa:56:10:5b:0d:f4:2f:b0:4f:3e:6e:e4:4b:48:fc:c3:97:c8:05:67:48:a9:93:a9:e5:92:52:36:63:0b:3c:77:64:36:db:10:96:20:1e:82:06:2d:08:ff:ea:40:96:37:51:ab:14:e9:95:4b:d0:a5:0e:40:9a:9f:41:6f:4b:44:26:c6:46:c8:dc:92:be:c9:e3:71:71:11:d7:4c:10:e5:c7:08:84:3c:be:38:37:c2:b6:4a:6c:25:64:58:9e:b2:ef:1b:f0:86" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:11.661871000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494351.661871000", + "frame.time_delta": "0.060237000", + "frame.time_delta_displayed": "0.060237000", + "frame.time_relative": "760.201185000", + "frame.number": "2702", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c2e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003951", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "2929", + "tcp.ack": "17220", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009e45", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:e1:b7:00:25:d9:dc", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812142007, TSecr 2480604": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812142007", + "tcp.options.timestamp.tsecr": "2480604" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2701", + "tcp.analysis.ack_rtt": "0.060237000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:11.781765000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494351.781765000", + "frame.time_delta": "0.119894000", + "frame.time_delta_displayed": "0.119894000", + "frame.time_relative": "760.321079000", + "frame.number": "2703", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:11.889457000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494351.889457000", + "frame.time_delta": "0.107692000", + "frame.time_delta_displayed": "0.107692000", + "frame.time_relative": "760.428771000", + "frame.number": "2704", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009543", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007806", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "17220", + "tcp.nxtseq": "17274", + "tcp.ack": "2929", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000066a1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:d9:f9:a7:9d:e1:b7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2480633, TSecr 2812142007": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2480633", + "tcp.options.timestamp.tsecr": "2812142007" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:d6:89:8b:b1:a0:2f:51:54:e2:34:b9:93:0f:43:94:d9:6e:4f:87:7f:a1:71:f3:b5:09:e0:00:93:a3:e0:af:43:23:65:c6:43:af:b7:7b:fe:9d:a9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:11.949679000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494351.949679000", + "frame.time_delta": "0.060222000", + "frame.time_delta_displayed": "0.060222000", + "frame.time_relative": "760.488993000", + "frame.number": "2705", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c2f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003950", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "2929", + "tcp.ack": "17274", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009daa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:e1:ff:00:25:d9:f9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812142079, TSecr 2480633": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812142079", + "tcp.options.timestamp.tsecr": "2480633" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2704", + "tcp.analysis.ack_rtt": "0.060222000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:12.631122000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494352.631122000", + "frame.time_delta": "0.681443000", + "frame.time_delta_displayed": "0.681443000", + "frame.time_relative": "761.170436000", + "frame.number": "2706", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x0000500e", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x006fcc5f", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:12.642280000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494352.642280000", + "frame.time_delta": "0.011158000", + "frame.time_delta_displayed": "0.011158000", + "frame.time_relative": "761.181594000", + "frame.number": "2707", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x00007edd", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x000f9328", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:12.650714000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494352.650714000", + "frame.time_delta": "0.008434000", + "frame.time_delta_displayed": "0.008434000", + "frame.time_relative": "761.190028000", + "frame.number": "2708", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:12.660804000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494352.660804000", + "frame.time_delta": "0.010090000", + "frame.time_delta_displayed": "0.010090000", + "frame.time_relative": "761.200118000", + "frame.number": "2709", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:13.631349000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494353.631349000", + "frame.time_delta": "0.970545000", + "frame.time_delta_displayed": "0.970545000", + "frame.time_relative": "762.170663000", + "frame.number": "2710", + "frame.len": "354", + "frame.cap_len": "354", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "340", + "ip.id": "0x00002c30", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000382f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "288", + "tcp.seq": "2929", + "tcp.nxtseq": "3217", + "tcp.ack": "17274", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000084cc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:e3:a4:00:25:d9:f9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812142500, TSecr 2480633": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812142500", + "tcp.options.timestamp.tsecr": "2480633" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "288", + "tcp.analysis.push_bytes_sent": "288" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "283", + "ssl.app_data": "34:cd:34:17:47:48:0e:50:98:c5:43:26:45:a9:fe:74:00:5c:a6:27:b9:21:02:df:07:a6:1f:29:c7:7f:fb:2a:5c:d1:62:55:78:28:27:47:aa:02:1a:fd:bb:f9:ee:c7:b8:09:f3:fb:87:2a:07:1b:06:52:42:4a:91:c6:5d:8e:e9:be:bd:11:1c:02:15:62:6c:84:13:79:d7:38:81:30:f0:9f:bd:a6:3c:73:16:dc:f3:b9:63:0f:78:d8:19:c8:73:ba:a8:0c:1e:ac:a7:25:19:a3:6c:f2:21:77:b0:ad:0f:04:0e:9b:1b:cc:97:6b:de:29:f3:43:72:0c:dd:72:d7:a7:94:39:5b:04:17:46:e7:00:3d:bf:78:44:2f:12:1f:ae:fc:8d:08:66:d9:ba:f2:27:94:a8:f2:d6:1c:14:50:ba:fd:d1:a8:9d:5a:f7:a0:bf:70:7f:6e:59:3e:03:3b:3f:88:0b:13:09:08:17:0f:96:fb:a5:1e:d3:a0:70:01:dd:95:48:3d:5c:10:a0:b4:66:68:48:82:e7:1d:a2:e7:16:37:d4:61:40:4c:3f:dc:73:98:c4:57:1f:42:d7:da:7a:ef:6e:b1:34:a6:88:2e:b0:4d:15:af:53:7d:63:39:aa:43:2d:69:02:26:56:b1:40:4e:a0:47:b0:23:85:30:dc:02:75:76:77:42:ee:b0:2c:09:0d:0c:52:c6:d1:2c:cc:85:75:c9:ba:5f:38:9d:69:32" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:13.649233000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494353.649233000", + "frame.time_delta": "0.017884000", + "frame.time_delta_displayed": "0.017884000", + "frame.time_relative": "762.188547000", + "frame.number": "2711", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x00009544", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007806", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "17274", + "tcp.nxtseq": "17327", + "tcp.ack": "3217", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a8d7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:da:a9:a7:9d:e3:a4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2480809, TSecr 2812142500": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2480809", + "tcp.options.timestamp.tsecr": "2812142500" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2710", + "tcp.analysis.ack_rtt": "0.017884000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:d7:7b:60:e8:8d:60:15:2a:76:e4:ff:3e:b2:98:f0:a8:5b:43:97:b5:45:e5:51:74:32:96:17:e7:bb:8b:ec:fa:34:88:f8:0f:b0:00:2d:cf:6e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:13.680557000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494353.680557000", + "frame.time_delta": "0.031324000", + "frame.time_delta_displayed": "0.031324000", + "frame.time_relative": "762.219871000", + "frame.number": "2712", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:13.680718000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494353.680718000", + "frame.time_delta": "0.000161000", + "frame.time_delta_displayed": "0.000161000", + "frame.time_relative": "762.220032000", + "frame.number": "2713", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:13.683077000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494353.683077000", + "frame.time_delta": "0.002359000", + "frame.time_delta_displayed": "0.002359000", + "frame.time_relative": "762.222391000", + "frame.number": "2714", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:13.709393000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494353.709393000", + "frame.time_delta": "0.026316000", + "frame.time_delta_displayed": "0.026316000", + "frame.time_relative": "762.248707000", + "frame.number": "2715", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c31", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000394e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "3217", + "tcp.ack": "17327", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000099ed", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:e3:b7:00:25:da:a9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812142519, TSecr 2480809": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812142519", + "tcp.options.timestamp.tsecr": "2480809" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2711", + "tcp.analysis.ack_rtt": "0.060160000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:13.709899000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494353.709899000", + "frame.time_delta": "0.000506000", + "frame.time_delta_displayed": "0.000506000", + "frame.time_relative": "762.249213000", + "frame.number": "2716", + "frame.len": "765", + "frame.cap_len": "765", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "751", + "ip.id": "0x00009545", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000757f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "699", + "tcp.seq": "17327", + "tcp.nxtseq": "18026", + "tcp.ack": "3217", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e946", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:da:af:a7:9d:e3:b7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2480815, TSecr 2812142519": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2480815", + "tcp.options.timestamp.tsecr": "2812142519" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "699", + "tcp.analysis.push_bytes_sent": "699" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:d8:b8:72:e2:02:63:37:f7:25:ab:0d:28:3f:06:d6:45:4c:da:31:59:ed:00:04:6b:c2:5e:1e:e7:27:aa:17:30:d2:71:a0:cb:aa:b9:9b:4a:81:29" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:d9:20:8a:7b:50:34:7b:3d:15:e3:82:3d:e7:c8:66:c2:b6:1c:cb:ce:ef:16:9e:7f:97:c6:f8:3a:c4:85:de:4a:61:51:7d:d9:81:fc:7f:60:5e:1d:ba:c5:28:32:9e:9c:e8:f0:5f:c2:c2:f6:cd:6a:a0:a3:82:02:17:18:85:26:b2:b2:4d:e4:dd:63:db:ad:93:da:b8:36:ec:29:76:42:a0:a1:b1:73:74:87:11:a4:85" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "539", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:da:19:39:3a:3d:68:6d:22:67:d4:9f:02:b6:89:50:01:e9:28:52:17:fc:17:cf:5a:fa:69:6c:07:a1:a0:8e:16:b9:be:5d:27:c7:7e:d0:99:ba:a3:f6:2b:66:03:cc:16:5b:3a:42:06:eb:00:17:86:0c:0a:75:12:c9:c4:37:8f:15:96:3a:aa:25:fe:ea:4d:8e:fe:75:50:fb:a0:c1:ce:a5:bc:db:bf:17:47:76:c3:5f:de:26:93:19:5a:48:cd:f9:5e:9f:21:32:d2:f7:05:a7:b0:f7:87:03:40:50:31:3c:ce:3d:66:3c:77:2b:fe:a5:0e:ac:8f:d2:a1:c8:b7:58:1c:ad:1d:1a:4d:d4:bf:1f:c5:f8:a3:29:2a:dd:0e:63:7e:d9:a2:81:26:43:f8:04:25:72:5c:70:bf:62:36:7d:92:9d:d2:15:6e:5a:83:1e:84:96:48:fa:e6:7e:a8:87:b5:15:c8:ca:dc:d6:f1:ec:ee:56:33:22:ad:8b:a2:75:3a:ae:47:ed:dc:9f:3c:a0:71:ff:81:fc:77:f7:e9:aa:1a:31:1c:45:d9:6d:a8:7a:d9:22:50:d6:4c:47:ba:24:bc:e7:bd:ef:30:15:11:16:f0:a8:ad:f3:6d:47:f5:d1:0a:d5:2c:44:1a:14:5b:fa:54:10:89:65:d2:8e:50:6b:a0:42:e1:4c:11:8e:de:13:ab:9b:7b:63:b6:51:66:84:0c:b6:a1:6e:e1:74:3b:a7:ea:db:2c:66:3e:fe:2d:de:d9:ef:47:e2:27:01:51:f6:a9:4c:32:0c:f5:d6:a0:10:09:81:a4:ca:93:d0:31:3b:0d:6a:34:44:5a:37:04:4c:f6:fa:7b:f7:32:95:61:ad:68:7e:03:c6:ac:b6:f4:ec:25:98:8e:f2:e1:49:bd:0d:1a:f7:ee:ac:3d:49:42:ca:0c:4e:5d:c1:a7:e4:d1:0a:cd:a2:5e:6c:2f:d6:b5:2d:7f:eb:df:6b:d8:e8:2e:e6:34:1c:0b:a6:f5:25:12:8c:07:29:f9:48:c9:e7:5a:02:a9:d7:8e:c4:17:8f:7f:ff:d1:2b:59:84:47:27:d6:94:39:ec:5f:1f:01:89:23:93:4e:98:21:53:71:50:54:e7:48:cc:4f:1b:79:6f:d8:86:c8:2c:67:57:28:60:3d:05:28:51:a2:a3:5d:21:62:e7:91:79:39:51:60:f0:47:72:ed:eb:bf:da:75:af:ad:92:17:3d:42:ed:e3:6a:bb:41:e6:2d:e2:ae:81:ce:64:b4:e7:25:fc:7c:7e:ce:2a:c3:03:e0:58:c0:91:32:74:bc:bc:d4:13:d6:43:d4:9c:c7:ea:37:63:e7:e6:3e:b2:ac:9a:b3:60:9e:6a:99:a1:10:27:24:76:14:32:e8:66:2a:35:a4:c2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:13.769997000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494353.769997000", + "frame.time_delta": "0.060098000", + "frame.time_delta_displayed": "0.060098000", + "frame.time_relative": "762.309311000", + "frame.number": "2717", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c32", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000394d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "3217", + "tcp.ack": "18026", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000971d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:e3:c6:00:25:da:af", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812142534, TSecr 2480815": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812142534", + "tcp.options.timestamp.tsecr": "2480815" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2716", + "tcp.analysis.ack_rtt": "0.060098000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:13.831998000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494353.831998000", + "frame.time_delta": "0.062001000", + "frame.time_delta_displayed": "0.062001000", + "frame.time_relative": "762.371312000", + "frame.number": "2718", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:14.048373000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494354.048373000", + "frame.time_delta": "0.216375000", + "frame.time_delta_displayed": "0.216375000", + "frame.time_relative": "762.587687000", + "frame.number": "2719", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009546", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007803", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "18026", + "tcp.nxtseq": "18080", + "tcp.ack": "3217", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a525", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:da:d1:a7:9d:e3:c6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2480849, TSecr 2812142534": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2480849", + "tcp.options.timestamp.tsecr": "2812142534" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:db:a0:d8:54:2f:f0:40:32:c3:08:0e:a7:45:3b:84:0f:22:dc:4a:b0:a9:e3:60:62:86:df:2d:5a:58:f6:e4:ce:3b:27:82:1d:8d:81:f8:f5:7c:e9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:14.108479000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494354.108479000", + "frame.time_delta": "0.060106000", + "frame.time_delta_displayed": "0.060106000", + "frame.time_relative": "762.647793000", + "frame.number": "2720", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c33", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000394c", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "3217", + "tcp.ack": "18080", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009670", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:e4:1b:00:25:da:d1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812142619, TSecr 2480849": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812142619", + "tcp.options.timestamp.tsecr": "2480849" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2719", + "tcp.analysis.ack_rtt": "0.060106000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:14.157598000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494354.157598000", + "frame.time_delta": "0.049119000", + "frame.time_delta_displayed": "0.049119000", + "frame.time_relative": "762.696912000", + "frame.number": "2721", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x00006f88", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x00a4acb0", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:14.171313000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494354.171313000", + "frame.time_delta": "0.013715000", + "frame.time_delta_displayed": "0.013715000", + "frame.time_relative": "762.710627000", + "frame.number": "2722", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x00005e5f", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x00d8b2dd", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:14.178521000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494354.178521000", + "frame.time_delta": "0.007208000", + "frame.time_delta_displayed": "0.007208000", + "frame.time_relative": "762.717835000", + "frame.number": "2723", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:14.192177000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494354.192177000", + "frame.time_delta": "0.013656000", + "frame.time_delta_displayed": "0.013656000", + "frame.time_relative": "762.731491000", + "frame.number": "2724", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:15.196587000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494355.196587000", + "frame.time_delta": "1.004410000", + "frame.time_delta_displayed": "1.004410000", + "frame.time_relative": "763.735901000", + "frame.number": "2725", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:15.199226000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494355.199226000", + "frame.time_delta": "0.002639000", + "frame.time_delta_displayed": "0.002639000", + "frame.time_relative": "763.738540000", + "frame.number": "2726", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:15.210888000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494355.210888000", + "frame.time_delta": "0.011662000", + "frame.time_delta_displayed": "0.011662000", + "frame.time_relative": "763.750202000", + "frame.number": "2727", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:15.252727000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494355.252727000", + "frame.time_delta": "0.041839000", + "frame.time_delta_displayed": "0.041839000", + "frame.time_relative": "763.792041000", + "frame.number": "2728", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:15.488839000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494355.488839000", + "frame.time_delta": "0.236112000", + "frame.time_delta_displayed": "0.236112000", + "frame.time_relative": "764.028153000", + "frame.number": "2729", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x0000747a", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x009da7c5", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:15.532370000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494355.532370000", + "frame.time_delta": "0.043531000", + "frame.time_delta_displayed": "0.043531000", + "frame.time_relative": "764.071684000", + "frame.number": "2730", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x0000e07f", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x0057313e", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:15.559884000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494355.559884000", + "frame.time_delta": "0.027514000", + "frame.time_delta_displayed": "0.027514000", + "frame.time_relative": "764.099198000", + "frame.number": "2731", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:15.571111000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494355.571111000", + "frame.time_delta": "0.011227000", + "frame.time_delta_displayed": "0.011227000", + "frame.time_relative": "764.110425000", + "frame.number": "2732", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:15.588966000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494355.588966000", + "frame.time_delta": "0.017855000", + "frame.time_delta_displayed": "0.017855000", + "frame.time_relative": "764.128280000", + "frame.number": "2733", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d92", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba5e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000f94", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000026e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=622", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:15.589537000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494355.589537000", + "frame.time_delta": "0.000571000", + "frame.time_delta_displayed": "0.000571000", + "frame.time_relative": "764.128851000", + "frame.number": "2734", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d93", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b59", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f08f", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000026e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=622", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:15.590184000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494355.590184000", + "frame.time_delta": "0.000647000", + "frame.time_delta_displayed": "0.000647000", + "frame.time_relative": "764.129498000", + "frame.number": "2735", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007e55", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000026e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=622", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:16.581956000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494356.581956000", + "frame.time_delta": "0.991772000", + "frame.time_delta_displayed": "0.991772000", + "frame.time_relative": "765.121270000", + "frame.number": "2736", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:16.584370000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494356.584370000", + "frame.time_delta": "0.002414000", + "frame.time_delta_displayed": "0.002414000", + "frame.time_relative": "765.123684000", + "frame.number": "2737", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:16.592876000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494356.592876000", + "frame.time_delta": "0.008506000", + "frame.time_delta_displayed": "0.008506000", + "frame.time_relative": "765.132190000", + "frame.number": "2738", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:16.647136000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494356.647136000", + "frame.time_delta": "0.054260000", + "frame.time_delta_displayed": "0.054260000", + "frame.time_relative": "765.186450000", + "frame.number": "2739", + "frame.len": "354", + "frame.cap_len": "354", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "340", + "ip.id": "0x00002c34", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000382b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "288", + "tcp.seq": "3217", + "tcp.nxtseq": "3505", + "tcp.ack": "18080", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000221", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:e6:96:00:25:da:d1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812143254, TSecr 2480849": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812143254", + "tcp.options.timestamp.tsecr": "2480849" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "288", + "tcp.analysis.push_bytes_sent": "288" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "283", + "ssl.app_data": "34:cd:34:17:47:48:0e:51:bc:16:8e:c6:40:46:19:0a:28:34:b0:d3:d5:a0:9a:20:41:bd:d2:cb:07:a2:0e:ef:99:f3:a2:06:26:df:fe:af:60:90:20:04:cd:23:25:ef:bf:bd:ba:2b:d7:9c:ab:1f:d9:68:00:ba:85:a1:bc:17:14:47:1f:71:b1:cd:9c:0c:59:4c:5d:27:85:c3:4c:82:99:72:d8:fd:15:f1:e3:53:42:95:e7:9f:d1:3f:79:c1:aa:9f:3d:9e:8d:1e:4f:63:9e:31:7c:4d:bd:99:13:53:9c:bc:1a:f9:b4:0c:30:26:fb:ed:f9:91:b0:41:0f:a7:f9:b4:53:f7:8d:89:40:c1:30:5b:21:d7:7d:21:f2:91:2c:5b:b8:74:58:1a:56:b8:26:ba:e2:16:98:42:e0:53:a3:01:8b:b4:b3:e5:20:fc:82:75:58:11:82:7a:6c:b6:ef:51:fe:55:e3:4c:85:b2:e6:c6:9e:4c:19:53:09:27:98:62:db:31:db:c2:99:61:a6:a1:96:e7:49:68:08:10:d0:dc:63:61:0a:ad:56:85:d3:2d:d7:5a:f7:d1:db:07:04:cb:f9:48:fc:8f:0e:31:be:07:68:70:b9:cf:bc:3a:df:ac:de:49:1a:84:c8:86:14:b5:30:0a:21:b0:b6:1e:eb:62:1a:01:67:fe:37:6b:b0:79:0b:19:63:0b:bb:fc:64:d5:ab:ce:53:4f:6c:b6:20:71:db" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:16.658149000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494356.658149000", + "frame.time_delta": "0.011013000", + "frame.time_delta_displayed": "0.011013000", + "frame.time_relative": "765.197463000", + "frame.number": "2740", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x00009547", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007803", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "18080", + "tcp.nxtseq": "18133", + "tcp.ack": "3505", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000279", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:db:d6:a7:9d:e6:96", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2481110, TSecr 2812143254": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2481110", + "tcp.options.timestamp.tsecr": "2812143254" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2739", + "tcp.analysis.ack_rtt": "0.011013000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:dc:20:61:e1:27:f9:b9:fb:f2:5b:0f:b5:db:5e:1b:d1:c2:67:30:1f:84:f4:1f:e0:3d:bd:5d:e7:06:f6:51:bc:e0:c0:a5:4b:f9:c2:70:51:f3" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:16.692435000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494356.692435000", + "frame.time_delta": "0.034286000", + "frame.time_delta_displayed": "0.034286000", + "frame.time_relative": "765.231749000", + "frame.number": "2741", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:16.718233000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494356.718233000", + "frame.time_delta": "0.025798000", + "frame.time_delta_displayed": "0.025798000", + "frame.time_relative": "765.257547000", + "frame.number": "2742", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c35", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000394a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "3505", + "tcp.ack": "18133", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000918a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:e6:a7:00:25:db:d6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812143271, TSecr 2481110": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812143271", + "tcp.options.timestamp.tsecr": "2481110" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2740", + "tcp.analysis.ack_rtt": "0.060084000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:16.718772000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494356.718772000", + "frame.time_delta": "0.000539000", + "frame.time_delta_displayed": "0.000539000", + "frame.time_relative": "765.258086000", + "frame.number": "2743", + "frame.len": "765", + "frame.cap_len": "765", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "751", + "ip.id": "0x00009548", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000757c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "699", + "tcp.seq": "18133", + "tcp.nxtseq": "18832", + "tcp.ack": "3505", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d9ec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:db:dc:a7:9d:e6:a7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2481116, TSecr 2812143271": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2481116", + "tcp.options.timestamp.tsecr": "2812143271" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "699", + "tcp.analysis.push_bytes_sent": "699" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:dd:90:16:e6:fc:60:4b:71:9c:79:b9:af:dd:d5:89:2e:67:b2:bb:49:ab:8e:3a:d8:b3:fe:dc:20:3c:94:36:fd:77:48:59:96:62:6d:19:6d:ef:96" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:de:38:40:a5:97:c7:09:28:fc:40:5d:92:31:15:9b:50:56:74:de:57:ac:26:8a:f3:74:72:ba:fe:db:ba:54:2e:1c:0f:f6:28:14:32:c7:a6:51:ef:44:58:81:15:16:f9:14:f5:b4:3a:78:36:ee:d2:3a:71:1b:68:28:0a:a3:8f:ac:86:83:d1:4f:e6:53:24:a0:f5:ca:b5:cb:b7:88:ee:47:b2:16:4b:66:aa:47:3c:d7" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "539", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:df:1d:8a:bc:5f:de:f1:80:b5:1f:ad:3f:45:ed:e7:49:f5:80:2c:0b:10:86:08:d0:a4:61:af:81:a1:8a:a2:8a:e2:b9:08:b0:2d:5d:e6:68:fc:7c:6e:0f:d7:b9:dc:ad:61:02:f2:fc:30:1a:6b:0a:eb:57:60:44:a6:3b:74:d1:ec:64:43:d4:af:be:42:b6:7c:48:e1:5f:91:84:2e:f4:b7:ad:32:ab:04:f8:63:96:a1:77:fd:76:07:f6:bd:f0:96:9f:68:24:66:fe:7b:ad:b1:f2:f4:f6:54:a2:59:77:8e:ea:52:e2:c6:ef:e1:11:82:67:9f:4f:e5:27:19:d0:50:39:64:57:f8:39:0a:0c:6f:08:f5:91:31:b5:51:fc:49:18:ba:11:e9:9e:c0:de:17:1f:c4:2f:1b:4e:e2:6b:53:27:fa:a3:63:aa:a8:12:f4:48:52:c6:e6:96:73:86:1f:c8:52:a1:29:4c:84:b0:6b:ff:26:ea:23:b2:ae:f2:d4:8b:56:89:04:2c:7b:ae:cc:16:81:2d:c1:76:78:16:5f:a2:60:f3:46:b9:e6:7a:be:98:bf:f6:30:e2:70:70:c9:a4:28:d9:f6:ee:7b:83:ea:8f:3d:51:37:92:89:2c:99:73:91:17:29:3d:fa:b7:38:79:ed:09:06:53:df:25:5f:42:ca:20:ea:a6:9c:fb:fa:c0:4c:27:f6:67:28:8d:74:75:dc:99:2b:42:18:db:9d:65:08:ac:e4:05:a9:cb:e5:27:df:f1:ce:36:d6:f9:05:4f:4f:c7:2d:44:e9:27:52:f8:c9:52:d5:7d:e7:8a:05:03:8f:77:bd:80:55:65:e5:02:50:48:30:58:b7:84:69:00:aa:75:0d:30:5a:a4:af:6d:eb:3d:e4:f4:37:3b:c8:e7:92:88:6d:3d:88:32:70:d0:55:e7:15:31:18:bb:ed:05:b3:cc:be:04:6e:a1:48:38:4c:e6:52:04:94:a9:ef:5b:a9:d9:86:87:11:3e:c4:94:55:7c:d3:b3:48:72:3f:c9:ac:c3:1d:f3:1e:54:01:c1:62:9d:5e:86:fd:82:bb:be:4c:9c:f1:47:27:70:26:80:84:a0:4c:6f:25:b5:d0:23:a7:d2:4f:40:3b:01:f6:cc:c5:36:0b:17:ba:19:88:4c:d5:87:d5:cb:c3:17:9e:9c:3b:57:ab:50:c0:c8:0e:a7:f3:de:b3:2f:6a:11:84:97:d5:c1:75:a1:c2:2d:80:93:11:d0:21:eb:30:a2:f5:2b:6f:4a:99:31:09:9a:d8:36:55:3e:82:64:33:dc:59:8c:71:9c:8d:77:43:36:c8:40:44:28:83:85:49:70:cc:42:c8:5b:d3:d6:d1:60:2d:d9:f0:88:90:89:cd:02:76:8a:67:8b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:16.779005000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494356.779005000", + "frame.time_delta": "0.060233000", + "frame.time_delta_displayed": "0.060233000", + "frame.time_relative": "765.318319000", + "frame.number": "2744", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c36", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003949", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "3505", + "tcp.ack": "18832", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008eb9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:e6:b7:00:25:db:dc", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812143287, TSecr 2481116": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812143287", + "tcp.options.timestamp.tsecr": "2481116" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2743", + "tcp.analysis.ack_rtt": "0.060233000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:17.058836000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494357.058836000", + "frame.time_delta": "0.279831000", + "frame.time_delta_displayed": "0.279831000", + "frame.time_relative": "765.598150000", + "frame.number": "2745", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009549", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007800", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "18832", + "tcp.nxtseq": "18886", + "tcp.ack": "3505", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f308", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:db:fe:a7:9d:e6:b7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2481150, TSecr 2812143287": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2481150", + "tcp.options.timestamp.tsecr": "2812143287" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:e0:23:ac:25:eb:f7:d4:e3:3a:72:a4:34:0e:7a:02:c3:a7:bf:4b:4e:35:ec:06:71:9c:32:cb:13:d4:41:db:59:6e:fe:38:c5:d0:84:dc:74:bb:2e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:17.118911000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494357.118911000", + "frame.time_delta": "0.060075000", + "frame.time_delta_displayed": "0.060075000", + "frame.time_relative": "765.658225000", + "frame.number": "2746", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c37", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003948", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "3505", + "tcp.ack": "18886", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008e0c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:e7:0c:00:25:db:fe", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812143372, TSecr 2481150": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812143372", + "tcp.options.timestamp.tsecr": "2481150" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2745", + "tcp.analysis.ack_rtt": "0.060075000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:17.553788000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494357.553788000", + "frame.time_delta": "0.434877000", + "frame.time_delta_displayed": "0.434877000", + "frame.time_relative": "766.093102000", + "frame.number": "2747", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x00009d64", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x00727f06", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:17.586230000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494357.586230000", + "frame.time_delta": "0.032442000", + "frame.time_delta_displayed": "0.032442000", + "frame.time_relative": "766.125544000", + "frame.number": "2748", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x0000a02d", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x00857162", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:17.621995000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494357.621995000", + "frame.time_delta": "0.035765000", + "frame.time_delta_displayed": "0.035765000", + "frame.time_relative": "766.161309000", + "frame.number": "2749", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:17.630899000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494357.630899000", + "frame.time_delta": "0.008904000", + "frame.time_delta_displayed": "0.008904000", + "frame.time_relative": "766.170213000", + "frame.number": "2750", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:18.654269000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494358.654269000", + "frame.time_delta": "1.023370000", + "frame.time_delta_displayed": "1.023370000", + "frame.time_relative": "767.193583000", + "frame.number": "2751", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:18.656615000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494358.656615000", + "frame.time_delta": "0.002346000", + "frame.time_delta_displayed": "0.002346000", + "frame.time_relative": "767.195929000", + "frame.number": "2752", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:18.671057000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494358.671057000", + "frame.time_delta": "0.014442000", + "frame.time_delta_displayed": "0.014442000", + "frame.time_relative": "767.210371000", + "frame.number": "2753", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:18.742040000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494358.742040000", + "frame.time_delta": "0.070983000", + "frame.time_delta_displayed": "0.070983000", + "frame.time_relative": "767.281354000", + "frame.number": "2754", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:18.964777000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494358.964777000", + "frame.time_delta": "0.222737000", + "frame.time_delta_displayed": "0.222737000", + "frame.time_relative": "767.504091000", + "frame.number": "2755", + "frame.len": "353", + "frame.cap_len": "353", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "339", + "ip.id": "0x00002c38", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003828", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "287", + "tcp.seq": "3505", + "tcp.nxtseq": "3792", + "tcp.ack": "18886", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000986f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:e8:d9:00:25:db:fe", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812143833, TSecr 2481150": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812143833", + "tcp.options.timestamp.tsecr": "2481150" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "287", + "tcp.analysis.push_bytes_sent": "287" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "282", + "ssl.app_data": "34:cd:34:17:47:48:0e:52:58:4e:82:b0:d3:2a:88:02:f6:e3:9f:fd:94:17:4c:6e:da:a8:e5:e8:5d:03:59:f5:52:4d:9c:db:03:1e:0c:a1:86:d3:f2:67:17:d7:f8:c0:02:26:e1:5c:7d:e4:51:83:41:65:54:9b:32:2f:a8:37:af:c7:04:a8:df:57:01:82:9a:5c:c6:64:ed:ea:ff:5c:e6:0d:2d:69:0c:0f:9f:16:9a:0f:e0:ee:97:17:fc:f1:66:64:1d:55:3c:63:e9:b4:b3:f8:06:9c:4b:4d:2a:a5:99:43:84:09:96:8c:6f:02:90:9f:26:5a:54:af:ab:9c:77:b8:2b:8f:a3:26:c5:a0:8e:b0:57:dd:1c:bd:00:32:bc:8c:45:3a:23:59:20:23:37:e0:c1:0a:73:fc:d2:72:91:e2:ff:28:ff:d1:c5:cc:e8:4c:88:46:13:89:1f:77:6e:67:15:e9:cc:22:71:4b:be:17:a3:23:8e:d9:f2:1a:e1:eb:09:b7:3c:5e:c4:1a:a0:1e:2c:d1:c5:30:25:8f:25:15:09:85:9b:24:7a:89:2f:30:dd:b3:2c:c6:bd:e2:a2:3d:10:09:c5:c7:67:ca:56:e9:fe:48:1d:c7:d2:29:d1:71:9b:1b:e6:5d:dc:1c:cd:d9:d7:ed:56:45:d6:6c:32:07:81:80:74:15:b9:84:eb:33:81:18:3c:f0:32:e3:6f:64:4e:cc:65:6f:5c:27:3a:23" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:18.978375000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494358.978375000", + "frame.time_delta": "0.013598000", + "frame.time_delta_displayed": "0.013598000", + "frame.time_relative": "767.517689000", + "frame.number": "2756", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x0000954a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007800", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "18886", + "tcp.nxtseq": "18939", + "tcp.ack": "3792", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000af66", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:dc:be:a7:9d:e8:d9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2481342, TSecr 2812143833": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2481342", + "tcp.options.timestamp.tsecr": "2812143833" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2755", + "tcp.analysis.ack_rtt": "0.013598000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:e1:fc:b3:84:67:5d:20:41:92:d1:86:dc:4a:44:c4:6d:3d:59:a5:ee:e5:ed:3c:82:0f:d7:0a:b3:75:9a:4c:71:81:3f:18:11:2c:d6:fb:b8:ea" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:19.038765000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494359.038765000", + "frame.time_delta": "0.060390000", + "frame.time_delta_displayed": "0.060390000", + "frame.time_relative": "767.578079000", + "frame.number": "2757", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c39", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003946", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "3792", + "tcp.ack": "18939", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008a18", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:e8:ec:00:25:dc:be", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812143852, TSecr 2481342": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812143852", + "tcp.options.timestamp.tsecr": "2481342" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2756", + "tcp.analysis.ack_rtt": "0.060390000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:19.039304000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494359.039304000", + "frame.time_delta": "0.000539000", + "frame.time_delta_displayed": "0.000539000", + "frame.time_relative": "767.578618000", + "frame.number": "2758", + "frame.len": "764", + "frame.cap_len": "764", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "750", + "ip.id": "0x0000954b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000757a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "698", + "tcp.seq": "18939", + "tcp.nxtseq": "19637", + "tcp.ack": "3792", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a2bb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:dc:c4:a7:9d:e8:ec", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2481348, TSecr 2812143852": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2481348", + "tcp.options.timestamp.tsecr": "2812143852" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "698", + "tcp.analysis.push_bytes_sent": "698" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:e2:e9:c0:f0:b3:2b:b7:b7:0b:a4:4b:b2:e9:a1:32:c3:63:b5:b1:ed:b1:8b:bf:9c:16:7b:22:51:07:07:9d:32:dc:81:ad:4d:9b:f0:6c:ad:bc:7c" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:e3:fd:12:20:b6:a5:ee:fd:dc:64:4c:7e:77:fd:78:1b:16:7c:2f:7d:80:d1:d5:93:8a:46:44:54:49:21:29:a9:10:da:d3:6c:a1:df:7b:d8:95:a5:70:b7:4d:01:b8:aa:d0:f1:b3:46:58:19:42:8a:fc:f8:2c:f3:b1:41:e1:00:ea:5d:65:b9:fa:68:6d:fb:92:8d:2a:40:9f:99:bf:ed:ce:ab:fa:31:cd:c7:a1:e1:64" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "538", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:e4:da:5e:1c:d2:6f:86:c7:62:8e:95:21:36:96:50:40:93:bb:85:76:85:73:ce:a7:4f:e8:35:59:ad:a8:4c:f6:b8:02:54:4d:8e:4e:b2:0f:79:ff:7b:e2:4d:80:25:de:1b:87:56:e6:20:c2:66:67:2f:58:14:de:aa:c6:ba:cf:0b:ea:8e:24:9c:31:d0:2f:c9:65:5d:6d:ba:3f:b8:c1:b5:80:51:c8:ec:a7:d1:e9:18:7f:a7:f6:40:dc:c6:bf:97:5a:2d:21:bd:34:ca:f7:6d:79:39:6e:3d:44:9e:28:ef:fe:93:f6:50:1e:a3:fd:34:c7:42:f2:bf:d8:2c:fa:3f:3d:10:b2:6c:2d:16:bb:31:6e:58:86:d6:3b:3d:90:90:96:7e:ff:50:6d:31:a0:b0:f8:60:d1:be:51:3e:6e:dd:22:ac:a3:94:a6:d5:10:3b:1c:6c:22:20:e8:6f:9c:3e:79:aa:7c:66:52:0a:1a:97:91:fd:61:8d:38:55:d0:0f:48:26:98:69:bd:a5:de:35:26:87:7c:e8:75:68:3a:0d:9e:a4:b1:de:c5:5d:d5:9b:98:be:2f:52:5a:5c:0e:fb:08:fa:90:06:6a:62:9f:fc:35:dc:01:ec:c8:69:18:54:ff:48:5c:38:e0:df:ee:96:b2:99:e4:62:f7:21:25:76:33:de:05:d1:6d:9a:29:f4:0a:f1:3d:0b:00:04:62:63:42:f2:96:7c:9c:b9:7a:2e:35:57:ae:71:bf:71:44:f6:d9:19:35:d3:98:67:2d:9f:5d:89:8d:50:ae:87:05:1c:97:1b:18:5f:7f:39:b9:17:80:50:1b:98:25:c1:6f:97:df:d6:67:cc:6d:47:28:e9:70:cb:b8:de:28:1f:92:63:6f:df:03:ce:d7:81:72:6d:ad:f9:31:a7:8f:97:a1:a8:7c:d7:a7:2d:f9:15:0e:6b:43:e6:9d:2f:f5:c5:2d:11:17:9d:0b:d8:d6:fa:5e:12:b1:eb:40:71:a9:53:fe:ea:8c:fb:11:20:33:b1:4a:cd:77:ff:82:39:b5:c3:b5:82:c5:d2:52:7b:c0:09:b8:1c:55:c1:b6:08:11:b9:fb:49:dc:6b:67:fd:f6:65:d5:d6:ca:2a:73:a0:43:bf:92:2a:b4:5c:f7:72:91:84:0e:65:44:82:c5:6f:87:0a:cc:f2:3e:fe:c8:73:77:46:0f:19:57:a2:8a:9a:5f:3f:a7:68:b3:e6:4f:e3:87:6a:21:2f:01:bb:69:47:42:69:dc:fd:99:56:54:bf:13:cb:fa:de:d1:57:51:b4:51:cb:56:42:ca:95:25:58:b2:dd:18:9a:11:64:89:0e:3d:50:7d:77:c3:84:9b:52:2f:6f:cf:2f:c8:7d:e6:93:c5:6f:2e:45:62:04" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:19.099591000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494359.099591000", + "frame.time_delta": "0.060287000", + "frame.time_delta_displayed": "0.060287000", + "frame.time_relative": "767.638905000", + "frame.number": "2759", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c3a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003945", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "3792", + "tcp.ack": "19637", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008749", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:e8:fb:00:25:dc:c4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812143867, TSecr 2481348": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812143867", + "tcp.options.timestamp.tsecr": "2481348" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2758", + "tcp.analysis.ack_rtt": "0.060287000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:19.378398000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494359.378398000", + "frame.time_delta": "0.278807000", + "frame.time_delta_displayed": "0.278807000", + "frame.time_relative": "767.917712000", + "frame.number": "2760", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x0000954c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "19637", + "tcp.nxtseq": "19691", + "tcp.ack": "3792", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000da75", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:dc:e6:a7:9d:e8:fb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2481382, TSecr 2812143867": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2481382", + "tcp.options.timestamp.tsecr": "2812143867" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:e5:c9:2f:6e:d4:3e:47:9b:25:49:9c:1a:0c:99:f0:6a:40:d8:ae:ae:b9:f2:e9:34:31:0a:d5:86:5c:6c:a6:44:0f:2f:39:84:43:ca:cb:6a:c1:12" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:19.438628000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494359.438628000", + "frame.time_delta": "0.060230000", + "frame.time_delta_displayed": "0.060230000", + "frame.time_relative": "767.977942000", + "frame.number": "2761", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c3b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003944", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "3792", + "tcp.ack": "19691", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000869c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:e9:50:00:25:dc:e6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812143952, TSecr 2481382": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812143952", + "tcp.options.timestamp.tsecr": "2481382" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2760", + "tcp.analysis.ack_rtt": "0.060230000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:20.589270000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494360.589270000", + "frame.time_delta": "1.150642000", + "frame.time_delta_displayed": "1.150642000", + "frame.time_relative": "769.128584000", + "frame.number": "2762", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d96", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba5a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000f94", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000026e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=622", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:20.589821000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494360.589821000", + "frame.time_delta": "0.000551000", + "frame.time_delta_displayed": "0.000551000", + "frame.time_relative": "769.129135000", + "frame.number": "2763", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d97", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b55", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f08f", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000026e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=622", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:20.590401000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494360.590401000", + "frame.time_delta": "0.000580000", + "frame.time_delta_displayed": "0.000580000", + "frame.time_relative": "769.129715000", + "frame.number": "2764", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007e55", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000026e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=622", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:21.031244000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494361.031244000", + "frame.time_delta": "0.440843000", + "frame.time_delta_displayed": "0.440843000", + "frame.time_relative": "769.570558000", + "frame.number": "2765", + "frame.len": "354", + "frame.cap_len": "354", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "340", + "ip.id": "0x00002c3c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003823", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "288", + "tcp.seq": "3792", + "tcp.nxtseq": "4080", + "tcp.ack": "19691", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009c0a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:ea:de:00:25:dc:e6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812144350, TSecr 2481382": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812144350", + "tcp.options.timestamp.tsecr": "2481382" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "288", + "tcp.analysis.push_bytes_sent": "288" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "283", + "ssl.app_data": "34:cd:34:17:47:48:0e:53:0a:17:14:e1:d3:42:ce:59:42:fa:29:86:53:8a:6f:f5:ec:4b:ff:e9:ab:84:e1:60:0e:27:1c:3a:7c:85:d6:34:35:b3:81:ee:21:dc:a0:2f:a9:27:fb:81:e0:99:dc:a6:cd:12:e3:03:21:04:be:41:1e:cb:08:f2:19:2b:78:23:49:f9:d7:e9:49:38:f5:75:ef:97:a9:1b:66:4d:1e:e5:c8:34:64:2d:03:03:f9:08:60:12:e4:7b:83:3f:15:60:11:fe:6a:08:df:f9:48:46:4c:85:b1:d7:80:7e:34:26:2b:9a:c1:98:f5:ff:03:4d:9b:2d:99:ba:d4:87:12:52:0d:a9:00:ff:69:e9:28:1e:65:53:16:73:92:aa:c3:dc:d8:cf:a7:2e:d1:af:6a:50:1b:9c:3c:95:cf:86:7b:83:60:b9:0e:ad:96:0a:f2:37:5f:95:86:08:74:74:1d:9b:9f:64:78:33:2a:9e:9c:58:a8:28:33:05:a9:ec:fb:03:dc:ca:0e:9f:36:b9:92:75:0c:8a:cd:13:66:b6:90:66:c4:71:d3:de:c5:57:0e:06:8b:b2:27:27:8f:0b:0d:92:e3:dc:ec:10:be:9c:77:3f:48:0a:9e:9f:30:f6:4a:07:8f:30:98:86:ff:18:75:ab:b7:f2:71:7d:12:6f:1a:00:cf:c3:4f:07:21:a7:b5:ef:b8:9a:27:b8:b0:e6:b1:12:09:99:b4" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:21.047961000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494361.047961000", + "frame.time_delta": "0.016717000", + "frame.time_delta_displayed": "0.016717000", + "frame.time_relative": "769.587275000", + "frame.number": "2766", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x0000954d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "19691", + "tcp.nxtseq": "19744", + "tcp.ack": "4080", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000073e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:dd:8d:a7:9d:ea:de", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2481549, TSecr 2812144350": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2481549", + "tcp.options.timestamp.tsecr": "2812144350" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2765", + "tcp.analysis.ack_rtt": "0.016717000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:e6:ed:41:13:30:b0:d9:f9:11:57:94:9e:c6:9a:c5:45:08:08:08:77:17:b2:2e:f1:22:a6:5e:a4:eb:e4:a0:24:be:3c:15:fe:f8:b8:c5:d2:19" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:21.108022000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494361.108022000", + "frame.time_delta": "0.060061000", + "frame.time_delta_displayed": "0.060061000", + "frame.time_relative": "769.647336000", + "frame.number": "2767", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c3d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003942", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "4080", + "tcp.ack": "19744", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000082ff", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:ea:f1:00:25:dd:8d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812144369, TSecr 2481549": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812144369", + "tcp.options.timestamp.tsecr": "2481549" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2766", + "tcp.analysis.ack_rtt": "0.060061000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:21.108522000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494361.108522000", + "frame.time_delta": "0.000500000", + "frame.time_delta_displayed": "0.000500000", + "frame.time_relative": "769.647836000", + "frame.number": "2768", + "frame.len": "765", + "frame.cap_len": "765", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "751", + "ip.id": "0x0000954e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007576", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "699", + "tcp.seq": "19744", + "tcp.nxtseq": "20443", + "tcp.ack": "4080", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f736", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:dd:93:a7:9d:ea:f1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2481555, TSecr 2812144369": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2481555", + "tcp.options.timestamp.tsecr": "2812144369" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "699", + "tcp.analysis.push_bytes_sent": "699" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:e7:6c:0c:fc:c5:fe:fa:d3:2d:1c:1b:1f:8c:4f:1b:3d:2c:05:74:b6:91:2d:be:da:da:76:ac:61:d2:77:aa:2e:57:d9:1a:db:6b:ae:8b:1a:c8:35" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:e8:a2:e8:3f:c3:43:7a:ff:d2:50:f7:37:4a:36:b1:3f:36:9d:0b:ee:d6:db:2a:76:45:f9:a5:04:6f:a3:b0:73:4b:ea:27:5f:4f:a3:58:6e:0b:72:cd:7f:fd:10:46:ac:ac:c4:39:f4:6d:79:08:43:d6:0d:ef:95:27:39:e9:25:29:f2:9b:37:68:24:d7:b9:45:7d:fc:22:40:b3:54:3c:67:a9:f8:1f:e9:3c:9e:51:e1" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "539", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:e9:d3:6c:7e:1c:c2:e2:3a:ab:c0:42:49:f9:a3:34:57:85:51:78:d1:5d:6c:68:dc:35:2c:04:64:1c:e8:99:33:81:25:b7:e7:a7:1e:97:a4:22:b0:e5:d9:8b:7f:a8:59:0e:0e:cb:cb:e7:b2:4b:f6:44:bb:6c:6d:ea:eb:df:24:3d:89:8f:71:a8:8b:ef:f8:f2:e7:55:6f:91:fc:34:59:83:16:16:1f:00:a0:16:aa:4b:c0:dc:3f:cb:55:7e:77:66:0a:89:b2:fd:19:ce:98:3e:32:d1:cd:5c:d9:d5:93:5f:e1:52:66:bc:25:64:92:d8:f9:7c:8f:d1:59:22:18:30:e4:2d:0f:41:b1:c2:bc:49:c5:6c:4b:f2:c2:a2:0e:8c:7d:81:b7:e5:3a:f3:e3:1f:00:b9:50:18:cc:e1:8f:12:6a:15:13:e9:8d:37:0e:a0:98:1e:90:80:97:05:30:e0:f8:ef:2a:c6:01:fb:04:ab:aa:18:10:98:5c:8f:7a:eb:c6:58:a3:3e:19:a6:35:73:1d:e5:32:01:70:61:65:a4:ac:34:21:c1:6f:53:9e:cd:6e:2e:a0:26:a7:11:3f:83:15:49:ad:0b:cb:50:9c:e1:4e:e8:6c:ed:d5:e3:d1:25:85:ba:85:7a:6e:be:b8:8f:db:a5:1d:b1:26:3e:52:81:b6:3b:ea:83:39:36:2a:f9:9c:fa:ec:1c:ab:3d:d0:70:a0:f2:f6:52:f4:c8:08:2a:b5:33:31:49:ca:ed:2d:aa:04:8b:4e:65:fc:5a:cf:73:0b:42:7b:75:44:20:24:85:40:9e:18:67:db:4a:ff:af:40:fb:47:a6:d5:5d:cc:9c:1b:82:09:54:1b:e2:f9:ec:44:ad:b2:39:8a:84:58:01:c6:f2:32:79:28:7a:1f:8d:95:63:73:6d:a0:9c:c6:49:d9:19:12:2a:68:78:63:02:c8:f5:61:a1:48:af:81:6d:70:12:73:0f:7a:4a:2c:aa:7a:15:06:2e:89:d3:ae:2f:12:e7:37:b8:57:5c:eb:ca:32:fe:20:05:ef:4c:73:32:08:20:b3:8b:8e:f7:1e:b0:4b:cc:86:34:77:8c:d7:e1:ca:27:24:21:57:76:50:d2:74:a9:6b:a2:28:34:ce:44:09:45:b2:c9:9c:cc:58:74:93:ca:3c:de:a1:90:34:d1:ad:e9:7e:36:2d:a1:7f:13:76:f0:d0:a9:30:66:2b:ea:0d:7c:40:ad:7f:5e:55:85:af:5b:d5:e9:3d:35:cd:5a:30:67:b3:01:03:65:63:1c:67:d2:1e:6e:7e:49:43:a6:93:f7:10:2f:59:07:c0:5a:2f:db:06:92:45:6d:37:5f:67:0f:f5:28:51:5d:0e:3b:13:c4:79:db:55:15:1b:2f:3c:98:39" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:21.168828000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494361.168828000", + "frame.time_delta": "0.060306000", + "frame.time_delta_displayed": "0.060306000", + "frame.time_relative": "769.708142000", + "frame.number": "2769", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c3e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003941", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "4080", + "tcp.ack": "20443", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000802f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:eb:00:00:25:dd:93", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812144384, TSecr 2481555": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812144384", + "tcp.options.timestamp.tsecr": "2481555" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2768", + "tcp.analysis.ack_rtt": "0.060306000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:21.448872000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494361.448872000", + "frame.time_delta": "0.280044000", + "frame.time_delta_displayed": "0.280044000", + "frame.time_relative": "769.988186000", + "frame.number": "2770", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x0000954f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077fa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "20443", + "tcp.nxtseq": "20497", + "tcp.ack": "4080", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fc09", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:dd:b5:a7:9d:eb:00", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2481589, TSecr 2812144384": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2481589", + "tcp.options.timestamp.tsecr": "2812144384" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:ea:e8:7f:2f:64:a7:fd:7a:e9:89:39:f4:ca:c9:a3:da:9a:1e:a2:25:8f:79:94:a8:42:5b:56:b0:7d:0a:ba:b4:c5:fe:46:2d:eb:5c:9f:6e:55:31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:21.508943000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494361.508943000", + "frame.time_delta": "0.060071000", + "frame.time_delta_displayed": "0.060071000", + "frame.time_relative": "770.048257000", + "frame.number": "2771", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c3f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003940", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "4080", + "tcp.ack": "20497", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007f82", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:eb:55:00:25:dd:b5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812144469, TSecr 2481589": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812144469", + "tcp.options.timestamp.tsecr": "2481589" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2770", + "tcp.analysis.ack_rtt": "0.060071000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:23.490557000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494363.490557000", + "frame.time_delta": "1.981614000", + "frame.time_delta_displayed": "1.981614000", + "frame.time_relative": "772.029871000", + "frame.number": "2772", + "frame.len": "354", + "frame.cap_len": "354", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "340", + "ip.id": "0x00002c40", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000381f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "288", + "tcp.seq": "4080", + "tcp.nxtseq": "4368", + "tcp.ack": "20497", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002f2c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:ed:45:00:25:dd:b5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812144965, TSecr 2481589": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812144965", + "tcp.options.timestamp.tsecr": "2481589" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "288", + "tcp.analysis.push_bytes_sent": "288" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "283", + "ssl.app_data": "34:cd:34:17:47:48:0e:54:4d:7d:29:12:82:ea:db:79:21:48:7f:fc:6b:9d:97:7c:e2:af:cc:25:9a:41:00:93:18:c9:25:77:3f:d6:89:ad:d5:4a:d9:f6:9d:e2:f2:f3:67:1a:42:9d:f4:00:bb:2e:0a:f6:02:87:d4:5f:85:97:3c:6b:ca:b8:8a:ff:6c:48:62:ac:86:9f:25:80:8a:6f:cf:bc:fa:d1:e4:db:43:c6:06:18:ec:44:6a:f8:6d:02:40:6a:e2:22:7c:64:c2:53:b9:4b:98:bc:ad:02:1a:85:08:03:69:cf:0b:92:57:fc:a3:fa:77:05:f3:e4:34:a8:1d:ba:87:0a:e0:2f:39:98:a1:cc:14:20:b0:32:48:44:f0:98:f2:68:bb:1a:16:90:16:6b:77:23:8f:a5:21:d2:6e:2c:63:a4:2c:94:a2:88:7c:f9:fb:a1:5a:f9:6e:7b:13:f6:fd:cc:2b:bc:23:99:8f:79:4e:a7:7d:77:9a:e6:0f:a4:ed:90:13:94:58:65:a4:a9:7c:f7:86:d5:f2:a4:bf:b5:5b:c5:8b:5f:f9:63:f6:f8:06:12:00:f8:7c:5f:79:bf:40:aa:6b:a2:87:57:86:9c:78:a2:ac:5b:c0:03:d8:4f:c8:30:d8:f9:5f:38:5a:17:7b:56:aa:86:d9:36:3a:c3:a0:b9:61:0c:93:d8:a0:09:d8:90:98:ea:44:f9:8d:ea:98:ce:48:f4:76:10:ba:cb:fb" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:23.508651000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494363.508651000", + "frame.time_delta": "0.018094000", + "frame.time_delta_displayed": "0.018094000", + "frame.time_relative": "772.047965000", + "frame.number": "2773", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x00009550", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077fa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "20497", + "tcp.nxtseq": "20550", + "tcp.ack": "4368", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f67b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:de:83:a7:9d:ed:45", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2481795, TSecr 2812144965": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2481795", + "tcp.options.timestamp.tsecr": "2812144965" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2772", + "tcp.analysis.ack_rtt": "0.018094000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:eb:47:a0:a9:f4:7f:73:30:1e:d1:27:48:97:0f:b9:c8:0f:8f:1e:c2:95:68:b1:f3:d4:fc:94:12:9b:84:32:96:b2:0c:23:05:71:a1:c1:be:3e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:23.568733000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494363.568733000", + "frame.time_delta": "0.060082000", + "frame.time_delta_displayed": "0.060082000", + "frame.time_relative": "772.108047000", + "frame.number": "2774", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c41", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000393e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "4368", + "tcp.ack": "20550", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007b5c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:ed:58:00:25:de:83", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812144984, TSecr 2481795": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812144984", + "tcp.options.timestamp.tsecr": "2481795" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2773", + "tcp.analysis.ack_rtt": "0.060082000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:23.569270000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494363.569270000", + "frame.time_delta": "0.000537000", + "frame.time_delta_displayed": "0.000537000", + "frame.time_relative": "772.108584000", + "frame.number": "2775", + "frame.len": "765", + "frame.cap_len": "765", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "751", + "ip.id": "0x00009551", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007573", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "699", + "tcp.seq": "20550", + "tcp.nxtseq": "21249", + "tcp.ack": "4368", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002c5b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:de:89:a7:9d:ed:58", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2481801, TSecr 2812144984": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2481801", + "tcp.options.timestamp.tsecr": "2812144984" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "699", + "tcp.analysis.push_bytes_sent": "699" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:ec:3a:8b:16:2c:ab:2b:04:bd:a1:84:c8:58:63:08:dc:f2:c9:5d:38:b4:c3:ab:be:64:66:f2:2b:10:de:46:5b:7a:7f:79:b2:ee:ef:86:d7:5e:68" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:ed:09:bd:bb:24:9e:9c:b1:f5:7f:93:2d:83:91:1e:2d:a9:c0:43:7d:0f:3d:4a:25:24:41:24:5a:cb:a7:61:09:b1:81:61:43:7b:87:b5:ea:b5:aa:29:0f:30:08:2b:65:7f:75:43:01:49:6d:f3:ea:ce:4f:9c:38:fc:64:d9:f3:c5:9d:c4:4b:08:75:bb:06:34:f8:2e:89:49:4f:d1:d4:38:d7:98:99:95:1d:83:93:07" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "539", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:ee:0e:7f:71:6b:9e:62:0a:1b:e8:eb:41:29:2e:7d:7c:f2:ee:8b:36:03:b1:1b:7f:f6:f2:f4:ca:4c:7e:6a:4a:8b:c1:28:be:80:5e:ab:ef:17:82:09:17:d9:eb:dc:89:cf:0c:8a:4f:3f:e6:57:d8:b1:c5:34:9c:6a:33:a5:87:be:86:cc:04:06:c8:d8:9f:99:51:cc:43:8c:40:1d:13:a9:55:a4:6e:00:6f:8e:05:df:d1:04:b9:b6:a8:58:29:a8:ee:1d:f7:3f:63:6e:03:4f:46:e7:e0:f6:92:ac:b5:e4:51:04:6d:4c:f3:2e:b9:51:bf:c1:4c:a6:05:8a:f7:e4:45:9f:cf:75:ef:b3:aa:38:1f:ac:27:ab:0e:ea:55:25:1c:6a:9d:9d:78:ee:03:82:ab:f8:89:50:24:ef:cb:7f:c4:10:c8:11:30:6a:60:59:c5:27:67:3a:f7:dd:55:cf:91:28:9e:6f:fc:51:f2:b3:ad:ef:33:12:44:56:d3:be:21:68:bf:fd:ca:15:26:c0:60:79:f8:b2:4b:3b:f1:28:c4:d0:e3:63:f7:f9:12:84:40:05:3d:33:6f:09:45:df:80:3e:5e:2c:fc:b5:82:37:0f:4c:a1:81:25:a5:99:cb:ea:a9:8a:8f:f1:54:f5:16:8a:2b:5f:50:6c:8e:87:b6:20:18:b2:f6:15:df:03:ca:c4:36:1a:8e:ad:4b:ec:37:2d:55:6c:c0:2c:49:0d:d5:e2:a6:15:64:53:83:bd:98:3c:e5:d8:b9:77:dc:ff:66:85:fa:fe:00:9a:30:09:e2:59:ff:ce:a8:1e:be:58:39:94:07:26:bb:c0:10:05:fe:74:93:b8:7c:48:4f:10:20:ee:37:65:15:c0:a0:4e:53:21:3e:3d:94:fc:0f:f3:69:c0:8a:f6:5d:9f:9f:2a:96:7f:6c:27:54:c7:e2:d7:fd:e8:d0:8f:ce:d3:de:0c:39:03:fd:81:e7:b3:b2:1c:00:82:91:59:d0:eb:78:6d:36:54:f9:7c:66:59:1a:62:f1:fa:0e:68:d4:a7:a0:f9:e7:82:d0:ef:5a:65:36:9d:88:65:6e:af:80:78:12:b7:2f:5c:b7:03:19:47:f4:a7:88:2c:e5:17:8e:a3:4b:d1:47:01:ff:38:f2:ec:4a:52:ec:14:f1:f8:4f:d8:8d:c4:17:84:af:0e:bf:0a:ae:59:96:04:3c:a0:d3:28:69:57:91:7e:2f:88:38:84:82:12:2b:87:15:2a:4c:77:2a:36:d0:fc:2f:ac:7d:15:e2:b2:c1:b9:5a:94:11:d4:52:ba:3d:5a:9c:3e:56:da:ef:41:84:d3:09:4c:89:76:ba:57:d6:0b:dc:da:77:70:43:61:9d:80:c1:77:da:d4:4e:32:73:e8:6b:1f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:23.629423000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494363.629423000", + "frame.time_delta": "0.060153000", + "frame.time_delta_displayed": "0.060153000", + "frame.time_relative": "772.168737000", + "frame.number": "2776", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c42", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000393d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "4368", + "tcp.ack": "21249", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000788c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:ed:67:00:25:de:89", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812144999, TSecr 2481801": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812144999", + "tcp.options.timestamp.tsecr": "2481801" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2775", + "tcp.analysis.ack_rtt": "0.060153000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:23.908389000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494363.908389000", + "frame.time_delta": "0.278966000", + "frame.time_delta_displayed": "0.278966000", + "frame.time_relative": "772.447703000", + "frame.number": "2777", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009552", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077f7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "21249", + "tcp.nxtseq": "21303", + "tcp.ack": "4368", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006e9b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:de:ab:a7:9d:ed:67", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2481835, TSecr 2812144999": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2481835", + "tcp.options.timestamp.tsecr": "2812144999" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:ef:f1:83:f3:f7:56:01:91:01:47:cb:75:22:dd:1a:23:cb:cd:a8:b1:68:03:2f:77:bd:30:cc:1a:71:3e:c1:69:de:e3:06:a6:19:fa:07:55:bc:31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:23.968842000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494363.968842000", + "frame.time_delta": "0.060453000", + "frame.time_delta_displayed": "0.060453000", + "frame.time_relative": "772.508156000", + "frame.number": "2778", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c43", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000393c", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "4368", + "tcp.ack": "21303", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000077df", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:ed:bc:00:25:de:ab", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812145084, TSecr 2481835": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812145084", + "tcp.options.timestamp.tsecr": "2481835" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2777", + "tcp.analysis.ack_rtt": "0.060453000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:24.639810000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494364.639810000", + "frame.time_delta": "0.670968000", + "frame.time_delta_displayed": "0.670968000", + "frame.time_relative": "773.179124000", + "frame.number": "2779", + "frame.len": "354", + "frame.cap_len": "354", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "340", + "ip.id": "0x00002c44", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000381b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "288", + "tcp.seq": "4368", + "tcp.nxtseq": "4656", + "tcp.ack": "21303", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f46b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:ee:64:00:25:de:ab", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812145252, TSecr 2481835": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812145252", + "tcp.options.timestamp.tsecr": "2481835" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "288", + "tcp.analysis.push_bytes_sent": "288" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "283", + "ssl.app_data": "34:cd:34:17:47:48:0e:55:8a:24:cc:d1:e6:4a:f1:ae:60:82:1b:51:fb:a8:f1:3f:4f:1d:df:14:19:e6:68:fe:0a:40:10:a6:90:79:26:4f:b7:ce:88:ee:6e:2e:74:b8:33:c3:75:32:4a:7c:91:1a:4c:06:1d:c9:d8:4e:3c:9c:a2:47:bf:98:6d:73:1d:3e:fd:cb:7d:b3:0b:fd:01:9e:95:6a:ab:f8:c4:47:25:a3:43:2f:32:83:58:73:9b:b3:3c:4b:8b:57:c7:71:2d:48:b7:0b:80:99:79:76:18:bc:bb:39:10:b5:b7:d7:22:9a:88:68:e4:3d:ea:0a:4e:c6:67:fe:dc:81:68:5a:cd:30:d7:7e:3a:95:f2:7b:a3:e6:61:0a:1d:7a:9e:e0:8a:95:92:bd:8d:2c:37:6c:da:bd:7f:ff:6d:02:03:dc:8f:56:cb:55:99:ac:f7:f4:38:ce:f0:1c:ed:b4:3e:65:6f:65:6d:1f:70:1a:a4:58:1e:ba:ed:ab:4e:86:3a:9d:48:b7:de:87:a4:f8:30:9c:21:33:11:5b:8f:6f:25:7c:1b:91:e5:73:ad:7d:d8:2c:6f:be:4e:b6:1a:56:68:f4:97:0e:d9:71:76:2f:07:53:b5:a0:ce:41:fa:c6:e1:d4:ed:60:7c:d6:cd:03:30:fb:a0:8e:b7:27:78:27:49:ff:f2:93:32:b5:4d:13:c2:8c:7a:bd:90:bd:30:f7:75:28:c8:48:0e:2a:d3" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:24.658102000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494364.658102000", + "frame.time_delta": "0.018292000", + "frame.time_delta_displayed": "0.018292000", + "frame.time_relative": "773.197416000", + "frame.number": "2780", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x00009553", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077f7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "21303", + "tcp.nxtseq": "21356", + "tcp.ack": "4656", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004687", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:de:f6:a7:9d:ee:64", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2481910, TSecr 2812145252": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2481910", + "tcp.options.timestamp.tsecr": "2812145252" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2779", + "tcp.analysis.ack_rtt": "0.018292000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:f0:2a:dc:da:6a:7b:83:b9:0f:7c:b6:49:06:26:94:3f:f1:68:6e:2d:33:7c:81:8d:a4:31:55:8e:d3:58:ef:4e:ce:ab:8f:f2:41:13:60:da:3b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:24.718264000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494364.718264000", + "frame.time_delta": "0.060162000", + "frame.time_delta_displayed": "0.060162000", + "frame.time_relative": "773.257578000", + "frame.number": "2781", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c45", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000393a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "4656", + "tcp.ack": "21356", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007584", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:ee:77:00:25:de:f6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812145271, TSecr 2481910": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812145271", + "tcp.options.timestamp.tsecr": "2481910" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2780", + "tcp.analysis.ack_rtt": "0.060162000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:24.718800000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494364.718800000", + "frame.time_delta": "0.000536000", + "frame.time_delta_displayed": "0.000536000", + "frame.time_relative": "773.258114000", + "frame.number": "2782", + "frame.len": "765", + "frame.cap_len": "765", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "751", + "ip.id": "0x00009554", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007570", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "699", + "tcp.seq": "21356", + "tcp.nxtseq": "22055", + "tcp.ack": "4656", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b701", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:de:fc:a7:9d:ee:77", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2481916, TSecr 2812145271": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2481916", + "tcp.options.timestamp.tsecr": "2812145271" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "699", + "tcp.analysis.push_bytes_sent": "699" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:f1:fc:8f:31:0c:04:11:28:f7:a6:2d:67:1e:d6:2b:d7:23:88:eb:fd:34:91:76:de:6c:77:39:76:94:a5:8a:4d:be:5c:4d:35:3d:5e:fd:37:82:15" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:f2:dc:08:ce:8a:c7:e2:09:a5:7e:1b:68:e9:1b:0b:a6:e7:80:67:cc:c5:c4:ed:2d:2f:06:94:2e:b7:af:93:89:10:ae:16:ad:d7:98:35:5e:8d:56:2e:49:53:65:d0:63:c9:f5:fb:c8:22:c3:81:26:8f:ef:d7:08:6b:5f:e8:65:0e:59:45:89:8c:06:f6:5b:97:ed:83:f2:d1:ee:f2:7e:1b:8d:04:c2:7c:e2:eb:85:5a" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "539", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:f3:55:49:29:72:10:2d:04:06:ac:02:67:b7:7a:59:4f:34:ca:98:b7:5e:d9:63:cf:b1:21:99:46:cb:64:6f:db:23:8a:5c:c8:12:0d:75:a2:ea:29:77:5a:2d:35:a0:05:b5:40:27:26:38:46:65:6b:22:ea:78:67:52:98:08:dd:28:cc:72:8c:6d:51:5d:32:41:cc:e0:9f:dd:15:46:a6:a0:a3:04:7f:00:91:0e:b9:6d:08:17:60:37:3d:b8:5a:89:62:28:97:85:34:17:3d:8c:97:ce:01:31:13:bf:62:e1:98:9c:f0:6e:43:25:d3:0f:9f:90:b3:70:c0:13:25:35:e9:49:38:70:f6:91:2c:b1:72:ff:da:f9:35:3c:4d:4b:73:16:00:e4:d6:02:63:0a:ec:75:00:ad:81:f3:cf:2f:11:e7:68:4a:a7:83:01:ce:dc:55:bb:00:9f:6b:15:39:c4:e0:0a:f1:4d:23:f7:e4:4c:6e:3c:41:50:d5:da:2b:7d:66:62:ce:db:f3:da:fb:7b:7f:db:4a:92:8e:60:6b:44:93:b2:6c:70:ab:0a:14:28:6d:b7:21:64:f3:72:98:63:4e:51:71:7c:11:55:aa:0f:c5:d7:ff:ff:62:c6:33:95:28:77:2a:0b:30:d5:7d:10:9b:98:6b:e8:88:37:19:39:49:6c:07:0d:65:15:85:d3:1a:ec:4d:92:97:e7:b8:68:76:1d:9a:f4:84:bd:13:d1:87:a0:7e:2e:a5:e1:1a:88:0c:66:32:07:9b:17:fe:c7:b4:d6:80:d6:ef:1e:89:76:93:ef:8d:6a:e8:82:7f:cf:8c:cf:2d:ea:ff:37:3a:ef:e4:e4:e3:bb:77:ca:0c:21:30:92:01:e4:7c:e7:2c:f1:c6:58:d6:eb:b0:9e:8c:49:fa:9e:49:3b:2f:e9:fb:20:25:89:a0:8b:2e:7a:ac:c6:e8:e8:1c:49:69:e4:4c:20:4f:4a:c4:e6:9e:b6:89:8e:14:36:96:ba:1e:21:54:ce:c0:bc:c4:1d:c1:1f:e4:d2:26:57:ea:36:e6:f9:bf:ba:5d:6e:0f:db:ef:81:32:66:52:ea:1c:20:07:c7:ff:46:0c:19:a6:4c:78:13:48:ee:c7:23:98:70:0a:85:26:c7:a7:13:49:6e:24:c9:63:02:73:fb:f5:07:1a:17:10:14:a0:73:72:af:6c:0e:f1:ab:d1:0e:0b:3b:e9:ec:ef:b2:4d:60:59:53:fc:9a:f9:d6:15:e6:bb:2a:b3:18:ad:c2:d2:d7:c9:02:0b:c4:fa:9f:c8:34:38:97:d1:55:b3:a2:c0:03:5f:d1:fa:bc:a7:86:8c:8c:6f:46:4d:87:a7:22:dc:5a:e0:9b:97:58:fa:77:9b:1e:fb:a6:c2:85:f3:76:96:e7" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:24.779100000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494364.779100000", + "frame.time_delta": "0.060300000", + "frame.time_delta_displayed": "0.060300000", + "frame.time_relative": "773.318414000", + "frame.number": "2783", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c46", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003939", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "4656", + "tcp.ack": "22055", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000072b3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:ee:87:00:25:de:fc", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812145287, TSecr 2481916": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812145287", + "tcp.options.timestamp.tsecr": "2481916" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2782", + "tcp.analysis.ack_rtt": "0.060300000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:25.057994000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494365.057994000", + "frame.time_delta": "0.278894000", + "frame.time_delta_displayed": "0.278894000", + "frame.time_relative": "773.597308000", + "frame.number": "2784", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009555", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077f4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "22055", + "tcp.nxtseq": "22109", + "tcp.ack": "4656", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007b34", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:df:1e:a7:9d:ee:87", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2481950, TSecr 2812145287": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2481950", + "tcp.options.timestamp.tsecr": "2812145287" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:f4:53:84:c8:8e:e7:52:8e:aa:5e:36:23:2a:2a:69:b5:a9:9f:1c:64:77:79:4b:0d:8c:dc:19:8f:ec:51:af:fd:53:91:53:13:61:63:10:c2:3c:0d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:25.118244000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494365.118244000", + "frame.time_delta": "0.060250000", + "frame.time_delta_displayed": "0.060250000", + "frame.time_relative": "773.657558000", + "frame.number": "2785", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c47", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003938", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "4656", + "tcp.ack": "22109", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007207", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:ee:db:00:25:df:1e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812145371, TSecr 2481950": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812145371", + "tcp.options.timestamp.tsecr": "2481950" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2784", + "tcp.analysis.ack_rtt": "0.060250000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:25.360531000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494365.360531000", + "frame.time_delta": "0.242287000", + "frame.time_delta_displayed": "0.242287000", + "frame.time_relative": "773.899845000", + "frame.number": "2786", + "frame.len": "82", + "frame.cap_len": "82", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "68", + "ip.id": "0x00000aba", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ee06", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "48", + "udp.checksum": "0x00006f24", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "28:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:44:fc:8a:7f:20:cd:f2:14:96:01:00:00:54:0b:00:00", + "data.len": "40" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:26.167932000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494366.167932000", + "frame.time_delta": "0.807401000", + "frame.time_delta_displayed": "0.807401000", + "frame.time_relative": "774.707246000", + "frame.number": "2787", + "frame.len": "354", + "frame.cap_len": "354", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "340", + "ip.id": "0x00002c48", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003817", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "288", + "tcp.seq": "4656", + "tcp.nxtseq": "4944", + "tcp.ack": "22109", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b0b7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:ef:cf:00:25:df:1e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812145615, TSecr 2481950": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812145615", + "tcp.options.timestamp.tsecr": "2481950" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "288", + "tcp.analysis.push_bytes_sent": "288" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "283", + "ssl.app_data": "34:cd:34:17:47:48:0e:56:09:18:62:89:0a:ab:80:ff:c5:4c:de:04:2b:11:70:99:db:96:5c:69:08:21:de:28:dd:bf:6a:15:43:91:60:19:58:74:57:83:7b:f0:ab:b5:e5:e7:85:4e:45:50:f5:c4:e6:35:d0:21:27:fd:19:02:71:0c:ff:12:cd:21:eb:0e:16:e4:bb:b5:12:31:ea:d2:dc:18:9f:e2:6b:89:00:69:51:fe:9d:cc:16:ff:cc:68:3d:54:72:67:17:15:45:7e:b1:ba:0c:27:30:f4:ff:db:98:ed:4c:13:64:ac:00:38:90:46:f3:ae:c6:3e:bc:02:f2:96:4e:82:21:96:e9:4c:f5:ce:92:cb:47:ca:10:26:7b:53:62:c0:d9:04:00:8f:d3:36:72:36:2c:b4:c0:08:48:4f:7d:2e:7a:39:ba:d3:e5:92:85:1b:d4:e9:e2:59:e7:7c:1a:f1:c0:e1:62:25:16:e1:c0:4f:74:a0:29:01:fa:7a:08:9f:96:2e:80:c8:85:57:2c:f8:9e:bb:8d:86:f6:23:49:e7:4b:e4:e0:e6:d7:09:6e:5e:19:84:82:c0:9b:5d:94:8a:6a:b5:2b:39:c9:2c:17:a8:c9:38:b4:ff:88:c8:2b:24:10:a1:00:61:2c:cb:89:01:06:7e:0f:f0:6a:fd:4b:08:a8:35:d3:e5:99:85:8e:0b:e8:b5:21:95:78:29:bf:ea:5c:6b:45:b1:77:08:3e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:26.188461000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494366.188461000", + "frame.time_delta": "0.020529000", + "frame.time_delta_displayed": "0.020529000", + "frame.time_relative": "774.727775000", + "frame.number": "2788", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x00009556", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077f4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "22109", + "tcp.nxtseq": "22162", + "tcp.ack": "4944", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b518", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:df:8f:a7:9d:ef:cf", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2482063, TSecr 2812145615": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2482063", + "tcp.options.timestamp.tsecr": "2812145615" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2787", + "tcp.analysis.ack_rtt": "0.020529000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:f5:64:ce:cf:89:e7:87:37:d5:cf:d9:d3:f2:46:ab:8e:39:5d:9f:49:fe:ed:9f:9c:54:5d:4b:43:7b:f5:df:58:f2:99:bc:f4:25:f3:49:ae:ff" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:26.250812000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494366.250812000", + "frame.time_delta": "0.062351000", + "frame.time_delta_displayed": "0.062351000", + "frame.time_relative": "774.790126000", + "frame.number": "2789", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c49", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003936", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "4944", + "tcp.ack": "22162", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006f26", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:ef:f6:00:25:df:8f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812145654, TSecr 2482063": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812145654", + "tcp.options.timestamp.tsecr": "2482063" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2788", + "tcp.analysis.ack_rtt": "0.062351000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:26.251317000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494366.251317000", + "frame.time_delta": "0.000505000", + "frame.time_delta_displayed": "0.000505000", + "frame.time_relative": "774.790631000", + "frame.number": "2790", + "frame.len": "765", + "frame.cap_len": "765", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "751", + "ip.id": "0x00009557", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000756d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "699", + "tcp.seq": "22162", + "tcp.nxtseq": "22861", + "tcp.ack": "4944", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bff0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:df:95:a7:9d:ef:f6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2482069, TSecr 2812145654": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2482069", + "tcp.options.timestamp.tsecr": "2812145654" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "699", + "tcp.analysis.push_bytes_sent": "699" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:f6:2f:b5:10:60:e7:08:a8:2d:10:b3:e9:63:72:a7:7a:39:4d:02:c9:69:b2:11:bd:b3:3b:ab:1e:7d:1d:64:f5:50:7e:cd:53:36:35:36:5c:c3:3f" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:f7:9e:c6:f8:ed:b9:b5:0b:9e:02:fa:47:79:b7:85:bd:96:e5:19:52:55:bc:04:49:83:3f:23:d0:52:b1:70:58:3c:7d:56:27:7f:d7:53:49:b2:72:5d:6c:45:03:70:d0:50:01:63:f3:af:5c:1c:11:29:2b:d3:e3:5c:e0:34:fe:db:d2:b2:91:56:f4:fa:d5:62:27:52:2b:9a:2d:60:47:07:d2:e6:50:92:ca:c8:3d:98" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "539", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:f8:0c:5e:1b:87:df:d2:f1:07:df:a5:79:d3:e5:c0:93:79:e7:84:b0:e1:95:d3:ed:a1:85:b2:05:74:14:e3:5d:cf:28:d0:28:49:71:a5:6c:ce:52:ad:7e:4f:a8:5a:30:c3:a1:f8:8f:d2:07:63:42:ca:3c:67:b1:79:67:78:18:7a:ac:b3:e1:2b:26:27:25:f7:8e:bf:7e:6b:46:96:cc:43:0d:24:5d:06:30:ad:9f:35:4a:e0:3d:97:17:0d:11:cb:92:77:1f:5b:c9:a8:08:0e:81:06:18:73:ae:c6:5f:07:3f:23:b5:b2:d5:26:4a:38:ab:58:36:a6:be:37:63:e9:fd:10:1b:75:eb:02:4a:65:b1:70:36:ad:06:c3:31:2a:c2:c0:af:28:ff:3f:0f:dd:c8:49:72:50:8b:cb:14:4c:14:61:81:3c:8b:0f:58:6f:07:12:27:79:98:4f:6a:c9:d9:5b:78:8f:f6:25:d9:2e:5d:da:a1:e1:ff:df:a9:0e:51:ed:23:c4:01:70:ea:17:ae:80:d5:a1:bc:30:52:63:c4:93:f0:17:4e:31:95:b2:d1:a2:0b:5d:d8:7c:25:81:4d:50:13:25:9b:1a:68:3a:b9:49:1b:08:52:d8:39:24:f9:23:36:83:7d:41:c9:cc:a4:eb:35:22:b9:ac:5c:70:5e:3d:25:43:1f:59:ab:2c:8b:09:c1:55:ab:4a:06:a2:5b:59:1d:25:27:9d:67:79:3f:58:3c:0d:83:b9:f0:8e:f5:74:44:71:72:a1:a8:91:bc:06:5d:57:e3:28:fe:fc:8c:fd:41:99:33:9f:8d:79:fb:8c:41:9c:eb:8b:a5:c2:17:f8:98:7f:44:9e:0d:f8:73:4c:d3:91:56:45:3d:b6:db:e5:87:5c:25:85:e1:5f:cf:ab:98:11:d1:0b:1d:30:98:be:e1:fb:7b:cd:3b:9b:0f:5f:2e:4e:24:f2:a8:43:3d:56:eb:82:18:6c:96:01:7a:b9:09:83:c1:cb:e0:c9:4a:d7:4c:eb:f7:18:c5:24:b5:30:5c:4e:41:07:23:43:a5:fc:28:b2:5f:e7:4f:d9:5f:cd:b1:dc:e2:0a:e7:ea:f8:69:0a:1f:86:7d:90:60:8d:44:1b:77:c7:88:7d:95:3e:47:05:d1:3c:b6:5e:13:ce:b5:cd:6f:8f:4a:e3:49:73:0d:d3:13:34:95:83:b9:1b:9f:9e:be:8b:72:f2:d4:76:e5:66:7d:f9:6f:24:e8:37:c6:7e:e9:6a:20:02:35:f6:b4:fa:75:fb:3e:5d:83:e2:73:99:18:69:53:90:d1:cb:0d:2f:46:a9:79:d7:bb:61:c2:ec:ec:e4:14:43:08:1f:07:1f:f2:a4:b2:50:5b:9a:7a:fe:ec:69:09:24:b3:18:86:ee" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:26.311618000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494366.311618000", + "frame.time_delta": "0.060301000", + "frame.time_delta_displayed": "0.060301000", + "frame.time_relative": "774.850932000", + "frame.number": "2791", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c4a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003935", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "4944", + "tcp.ack": "22861", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006c55", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:f0:06:00:25:df:95", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812145670, TSecr 2482069": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812145670", + "tcp.options.timestamp.tsecr": "2482069" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2790", + "tcp.analysis.ack_rtt": "0.060301000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:26.587635000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494366.587635000", + "frame.time_delta": "0.276017000", + "frame.time_delta_displayed": "0.276017000", + "frame.time_relative": "775.126949000", + "frame.number": "2792", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009558", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077f1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "22861", + "tcp.nxtseq": "22915", + "tcp.ack": "4944", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b2b3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:df:b7:a7:9d:f0:06", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2482103, TSecr 2812145670": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2482103", + "tcp.options.timestamp.tsecr": "2812145670" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:f9:ff:18:0e:9e:f3:16:42:5e:ea:f6:aa:fb:9a:7f:bb:02:da:3a:d1:8b:1a:9d:c6:92:0d:51:be:1e:89:2f:f6:81:9c:ac:74:2e:72:31:9e:f2:0a" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:26.648123000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494366.648123000", + "frame.time_delta": "0.060488000", + "frame.time_delta_displayed": "0.060488000", + "frame.time_relative": "775.187437000", + "frame.number": "2793", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c4b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003934", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "4944", + "tcp.ack": "22915", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006ba9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:f0:5a:00:25:df:b7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812145754, TSecr 2482103": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812145754", + "tcp.options.timestamp.tsecr": "2482103" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2792", + "tcp.analysis.ack_rtt": "0.060488000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:27.678085000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494367.678085000", + "frame.time_delta": "1.029962000", + "frame.time_delta_displayed": "1.029962000", + "frame.time_relative": "776.217399000", + "frame.number": "2794", + "frame.len": "353", + "frame.cap_len": "353", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "339", + "ip.id": "0x00002c4c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003814", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "287", + "tcp.seq": "4944", + "tcp.nxtseq": "5231", + "tcp.ack": "22915", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001439", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:f1:5b:00:25:df:b7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812146011, TSecr 2482103": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812146011", + "tcp.options.timestamp.tsecr": "2482103" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "287", + "tcp.analysis.push_bytes_sent": "287" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "282", + "ssl.app_data": "34:cd:34:17:47:48:0e:57:d1:7a:de:4d:d1:77:1f:ca:23:f8:a6:8d:15:8b:9c:69:d8:e9:12:78:29:23:53:b5:a0:28:f8:9f:1f:09:79:5c:a7:f0:7c:db:73:93:cc:71:4e:d4:77:9a:58:de:6e:a2:a4:69:e6:2f:98:1b:84:22:fa:31:66:a2:9d:7c:74:e9:3e:30:76:ae:e2:c8:6c:0b:21:7d:52:ae:d9:b1:0b:61:75:3f:98:fd:9d:90:3e:d0:4b:dc:00:c0:a1:a1:43:be:ca:e6:6a:30:a1:7a:06:b6:14:32:3e:eb:82:90:ce:39:3d:b2:43:31:e3:f2:07:14:56:2b:f5:9e:02:12:df:b2:64:cc:7e:bc:3b:8e:52:d3:c4:b3:3b:87:01:39:dd:21:6b:d9:fa:da:6e:4a:b1:3a:39:32:7f:22:6b:f3:df:0b:85:0f:95:b6:9b:f5:8d:22:95:b6:2a:84:f3:19:10:1d:97:cf:af:1a:92:91:ca:92:34:06:60:eb:8b:2b:68:bc:b7:bd:87:79:cc:83:22:b3:cc:6a:3c:2c:4b:09:e7:dc:31:a3:50:4b:dd:e2:2f:9f:80:16:66:b9:81:ab:59:c2:6c:d6:3d:bb:bd:23:36:74:4b:e6:5a:b4:92:e8:93:cb:bf:21:89:b4:a3:ae:4f:a9:59:99:b6:c2:e1:fb:7f:1d:55:59:92:77:a4:3f:c0:28:55:2b:b8:ca:26:f2:0a:74:bf:16" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:27.699465000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494367.699465000", + "frame.time_delta": "0.021380000", + "frame.time_delta_displayed": "0.021380000", + "frame.time_relative": "776.238779000", + "frame.number": "2795", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x00009559", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077f1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "22915", + "tcp.nxtseq": "22968", + "tcp.ack": "5231", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f9f0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e0:26:a7:9d:f1:5b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2482214, TSecr 2812146011": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2482214", + "tcp.options.timestamp.tsecr": "2812146011" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2794", + "tcp.analysis.ack_rtt": "0.021380000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:fa:d1:fa:81:8e:e2:1e:02:fe:4f:c0:a5:17:7c:a3:1b:73:16:b6:08:ec:05:fe:8e:df:ca:0b:ad:f6:b8:53:dd:6d:7e:cd:36:c8:8f:a9:10:56" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:27.761328000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494367.761328000", + "frame.time_delta": "0.061863000", + "frame.time_delta_displayed": "0.061863000", + "frame.time_relative": "776.300642000", + "frame.number": "2796", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c4d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003932", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "5231", + "tcp.ack": "22968", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000068d0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:f1:70:00:25:e0:26", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812146032, TSecr 2482214": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812146032", + "tcp.options.timestamp.tsecr": "2482214" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2795", + "tcp.analysis.ack_rtt": "0.061863000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:27.761878000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494367.761878000", + "frame.time_delta": "0.000550000", + "frame.time_delta_displayed": "0.000550000", + "frame.time_relative": "776.301192000", + "frame.number": "2797", + "frame.len": "764", + "frame.cap_len": "764", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "750", + "ip.id": "0x0000955a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000756b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "698", + "tcp.seq": "22968", + "tcp.nxtseq": "23666", + "tcp.ack": "5231", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000739f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e0:2c:a7:9d:f1:70", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2482220, TSecr 2812146032": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2482220", + "tcp.options.timestamp.tsecr": "2812146032" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "698", + "tcp.analysis.push_bytes_sent": "698" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:fb:11:da:f3:ae:d4:30:e3:7a:68:9d:c5:e8:c0:69:1c:78:7e:2a:43:b6:c4:0f:ce:0d:bf:de:3e:eb:a5:18:12:8b:bf:9f:fa:e5:33:a6:01:9a:94" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:fc:42:b6:e3:c0:3e:02:29:eb:2d:6a:ff:99:99:b5:fc:0b:7c:0a:85:1e:d4:aa:50:94:d2:6e:31:1e:65:a2:84:30:e9:e7:ef:a7:1a:91:cf:f3:1b:ee:0e:35:c9:85:c6:fd:e5:1f:4e:91:2a:d2:de:c8:83:c2:e3:35:20:ed:15:91:f9:f0:db:76:0b:c7:30:00:6a:36:39:84:e5:a2:e1:94:f9:96:21:e1:93:d5:7c:00" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "538", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:fd:48:e2:a0:e7:d6:91:91:2d:12:13:da:a7:20:e9:d1:06:b6:f6:58:cd:a6:02:41:31:ea:94:d2:13:4f:5e:c8:fd:45:83:d1:09:83:a9:f6:96:c7:fb:34:42:21:4b:d7:92:fe:51:6d:c8:62:08:08:2d:f0:ab:c2:85:09:b0:3a:1c:32:44:ed:8e:7f:5b:f0:de:11:92:22:60:37:01:df:e6:d8:b9:e7:43:e0:0b:27:1e:5b:9d:2e:1f:f4:40:04:0b:fc:7c:55:21:bb:94:4d:93:90:f9:b4:88:1d:b7:25:91:c2:18:47:5e:59:11:6f:4e:8f:c2:5c:e4:43:8b:51:58:e7:72:3b:68:73:64:6d:4b:8b:cd:0f:83:d5:35:86:21:64:0c:4c:f7:d0:83:2d:6b:f2:75:e1:c2:a7:37:f3:f7:1d:4b:20:bc:c5:2b:9a:47:5d:3b:ae:8c:9e:7c:7a:1f:ed:4a:9d:dd:af:c7:09:da:13:2e:df:84:a5:a4:6f:90:98:1f:c2:28:3e:b2:76:54:f5:f7:3f:e8:93:59:21:a5:5a:a5:3a:da:c2:89:1d:f6:2f:ab:d9:34:33:eb:eb:8a:20:21:9a:fb:90:d8:b6:70:c0:0c:c1:6e:44:a0:1e:fe:46:d2:66:23:72:4a:67:50:1e:a5:c0:22:33:b6:44:cd:7a:d5:9f:26:67:dc:20:42:f8:cf:19:00:7a:cd:3b:55:55:a6:8e:5a:43:65:29:0f:3e:b4:30:f6:c1:5e:e0:5f:60:76:ed:86:7b:4f:28:9c:ec:c4:9b:b7:66:c3:0b:54:80:e3:82:15:88:a1:33:40:43:75:3a:38:23:fa:94:e1:bb:f7:21:15:c1:c1:c6:31:17:ac:73:35:34:20:7d:5d:eb:d5:67:c6:21:88:c4:7c:dd:50:7b:04:82:90:2c:cf:78:71:08:06:6f:d4:1f:91:6c:16:ad:e6:80:d6:71:3d:e8:e7:cd:46:49:43:69:e2:0f:83:15:63:b4:af:9f:a5:b3:a3:e5:13:7a:3d:b3:ee:f7:36:00:71:3f:ad:1d:48:48:1d:1c:2b:2f:c9:0a:d9:df:9f:22:06:8b:d6:b5:5a:3b:d9:66:50:d3:62:99:1a:4a:bc:19:71:0b:47:89:da:37:4f:64:d4:f2:5f:cd:ca:1f:83:d2:dc:d3:f1:ab:4e:e4:10:0e:7b:51:2f:c7:ca:f8:6a:0b:b0:3d:dd:53:7f:5e:3e:e5:d2:d8:92:50:eb:23:9b:4d:a4:9c:78:1e:97:16:97:11:5c:36:c8:0c:7b:8f:7f:39:3f:77:f6:98:43:f5:f3:72:e0:84:e8:a9:c6:6a:b4:ad:4d:cb:64:bf:ae:21:8e:d2:50:2d:64:bd:8c:57:b0:fe:43:5d:2a:21:2d:ed:35" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:27.823250000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494367.823250000", + "frame.time_delta": "0.061372000", + "frame.time_delta_displayed": "0.061372000", + "frame.time_relative": "776.362564000", + "frame.number": "2798", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c4e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003931", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "5231", + "tcp.ack": "23666", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006601", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:f1:7f:00:25:e0:2c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812146047, TSecr 2482220": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812146047", + "tcp.options.timestamp.tsecr": "2482220" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2797", + "tcp.analysis.ack_rtt": "0.061372000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:28.097645000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494368.097645000", + "frame.time_delta": "0.274395000", + "frame.time_delta_displayed": "0.274395000", + "frame.time_relative": "776.636959000", + "frame.number": "2799", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x0000955b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077ee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "23666", + "tcp.nxtseq": "23720", + "tcp.ack": "5231", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bbb6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e0:4e:a7:9d:f1:7f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2482254, TSecr 2812146047": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2482254", + "tcp.options.timestamp.tsecr": "2812146047" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:fe:37:a0:81:80:3d:1c:ce:8d:d2:88:b9:9c:09:4a:a9:62:76:50:da:7e:29:4e:7b:0b:d9:7c:b6:eb:ac:5f:f7:5a:0d:62:d4:5d:04:e9:4c:11:7c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:28.157818000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494368.157818000", + "frame.time_delta": "0.060173000", + "frame.time_delta_displayed": "0.060173000", + "frame.time_relative": "776.697132000", + "frame.number": "2800", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c4f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003930", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "5231", + "tcp.ack": "23720", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006555", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:f1:d3:00:25:e0:4e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812146131, TSecr 2482254": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812146131", + "tcp.options.timestamp.tsecr": "2482254" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2799", + "tcp.analysis.ack_rtt": "0.060173000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:28.852488000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494368.852488000", + "frame.time_delta": "0.694670000", + "frame.time_delta_displayed": "0.694670000", + "frame.time_relative": "777.391802000", + "frame.number": "2801", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:28.944945000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494368.944945000", + "frame.time_delta": "0.092457000", + "frame.time_delta_displayed": "0.092457000", + "frame.time_relative": "777.484259000", + "frame.number": "2802", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x000053f3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008566", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:29.561908000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494369.561908000", + "frame.time_delta": "0.616963000", + "frame.time_delta_displayed": "0.616963000", + "frame.time_relative": "778.101222000", + "frame.number": "2803", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.439121000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.439121000", + "frame.time_delta": "0.877213000", + "frame.time_delta_displayed": "0.877213000", + "frame.time_relative": "778.978435000", + "frame.number": "2804", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x000020ec", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e758", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52117", + "udp.dstport": "1900", + "udp.port": "52117", + "udp.port": "1900", + "udp.length": "134", + "udp.checksum": "0x00004d48", + "udp.checksum.status": "2", + "udp.stream": "10" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "7", + "http.prev_request_in": "2255" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.901748000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.901748000", + "frame.time_delta": "0.462627000", + "frame.time_delta_displayed": "0.462627000", + "frame.time_relative": "779.441062000", + "frame.number": "2805", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00007b0b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003c40", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "37", + "http.prev_response_in": "2317" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.905668000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.905668000", + "frame.time_delta": "0.003920000", + "frame.time_delta_displayed": "0.003920000", + "frame.time_relative": "779.444982000", + "frame.number": "2806", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000019bb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005eac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54588", + "tcp.dstport": "80", + "tcp.port": "54588", + "tcp.port": "80", + "tcp.stream": "123", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00005cf8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.906207000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.906207000", + "frame.time_delta": "0.000539000", + "frame.time_delta_displayed": "0.000539000", + "frame.time_relative": "779.445521000", + "frame.number": "2807", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54588", + "tcp.port": "80", + "tcp.port": "54588", + "tcp.stream": "123", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000023a1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2806", + "tcp.analysis.ack_rtt": "0.000539000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.908577000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.908577000", + "frame.time_delta": "0.002370000", + "frame.time_delta_displayed": "0.002370000", + "frame.time_relative": "779.447891000", + "frame.number": "2808", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019bc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005eb7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54588", + "tcp.dstport": "80", + "tcp.port": "54588", + "tcp.port": "80", + "tcp.stream": "123", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d57f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2807", + "tcp.analysis.ack_rtt": "0.002370000", + "tcp.analysis.initial_rtt": "0.002909000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.909197000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.909197000", + "frame.time_delta": "0.000620000", + "frame.time_delta_displayed": "0.000620000", + "frame.time_relative": "779.448511000", + "frame.number": "2809", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000019bd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e0f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54588", + "tcp.dstport": "80", + "tcp.port": "54588", + "tcp.port": "80", + "tcp.stream": "123", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000eaf8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002909000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.909688000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.909688000", + "frame.time_delta": "0.000491000", + "frame.time_delta_displayed": "0.000491000", + "frame.time_relative": "779.449002000", + "frame.number": "2810", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ccf2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eb80", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54588", + "tcp.port": "80", + "tcp.port": "54588", + "tcp.stream": "123", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c710", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2809", + "tcp.analysis.ack_rtt": "0.000491000", + "tcp.analysis.initial_rtt": "0.002909000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.910317000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.910317000", + "frame.time_delta": "0.000629000", + "frame.time_delta_displayed": "0.000629000", + "frame.time_relative": "779.449631000", + "frame.number": "2811", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000ccf3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eb6e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54588", + "tcp.port": "80", + "tcp.port": "54588", + "tcp.stream": "123", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000732", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002909000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.910660000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.910660000", + "frame.time_delta": "0.000343000", + "frame.time_delta_displayed": "0.000343000", + "frame.time_relative": "779.449974000", + "frame.number": "2812", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000ccf4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e79b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54588", + "tcp.port": "80", + "tcp.port": "54588", + "tcp.stream": "123", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000599b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002909000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "2811", + "tcp.segment": "2812", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001463000", + "http.request_in": "2809", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.915045000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.915045000", + "frame.time_delta": "0.004385000", + "frame.time_delta_displayed": "0.004385000", + "frame.time_relative": "779.454359000", + "frame.number": "2813", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019be", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005eb5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54588", + "tcp.dstport": "80", + "tcp.port": "54588", + "tcp.port": "80", + "tcp.stream": "123", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d0e7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2812", + "tcp.analysis.ack_rtt": "0.004385000", + "tcp.analysis.initial_rtt": "0.002909000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.916174000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.916174000", + "frame.time_delta": "0.001129000", + "frame.time_delta_displayed": "0.001129000", + "frame.time_relative": "779.455488000", + "frame.number": "2814", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019bf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005eb4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54588", + "tcp.dstport": "80", + "tcp.port": "54588", + "tcp.port": "80", + "tcp.stream": "123", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d0e6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.916620000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.916620000", + "frame.time_delta": "0.000446000", + "frame.time_delta_displayed": "0.000446000", + "frame.time_relative": "779.455934000", + "frame.number": "2815", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002534", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000933f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54588", + "tcp.port": "80", + "tcp.port": "54588", + "tcp.stream": "123", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c31a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2814", + "tcp.analysis.ack_rtt": "0.000446000", + "tcp.analysis.initial_rtt": "0.002909000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.954612000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.954612000", + "frame.time_delta": "0.037992000", + "frame.time_delta_displayed": "0.037992000", + "frame.time_relative": "779.493926000", + "frame.number": "2816", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00007b0e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003c34", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "38", + "http.prev_response_in": "2805" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.966250000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.966250000", + "frame.time_delta": "0.011638000", + "frame.time_delta_displayed": "0.011638000", + "frame.time_relative": "779.505564000", + "frame.number": "2817", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000019c0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ea7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54589", + "tcp.dstport": "80", + "tcp.port": "54589", + "tcp.port": "80", + "tcp.stream": "124", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00008f55", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.966798000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.966798000", + "frame.time_delta": "0.000548000", + "frame.time_delta_displayed": "0.000548000", + "frame.time_relative": "779.506112000", + "frame.number": "2818", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54589", + "tcp.port": "80", + "tcp.port": "54589", + "tcp.stream": "124", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000097ff", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2817", + "tcp.analysis.ack_rtt": "0.000548000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.969029000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.969029000", + "frame.time_delta": "0.002231000", + "frame.time_delta_displayed": "0.002231000", + "frame.time_relative": "779.508343000", + "frame.number": "2819", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019c1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005eb2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54589", + "tcp.dstport": "80", + "tcp.port": "54589", + "tcp.port": "80", + "tcp.stream": "124", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000049de", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2818", + "tcp.analysis.ack_rtt": "0.002231000", + "tcp.analysis.initial_rtt": "0.002779000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.969694000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.969694000", + "frame.time_delta": "0.000665000", + "frame.time_delta_displayed": "0.000665000", + "frame.time_relative": "779.509008000", + "frame.number": "2820", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000019c2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e0a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54589", + "tcp.dstport": "80", + "tcp.port": "54589", + "tcp.port": "80", + "tcp.stream": "124", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005f57", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002779000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.970220000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.970220000", + "frame.time_delta": "0.000526000", + "frame.time_delta_displayed": "0.000526000", + "frame.time_relative": "779.509534000", + "frame.number": "2821", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c4ef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f383", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54589", + "tcp.port": "80", + "tcp.port": "54589", + "tcp.stream": "124", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003b6f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2820", + "tcp.analysis.ack_rtt": "0.000526000", + "tcp.analysis.initial_rtt": "0.002779000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.970862000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.970862000", + "frame.time_delta": "0.000642000", + "frame.time_delta_displayed": "0.000642000", + "frame.time_relative": "779.510176000", + "frame.number": "2822", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000c4f0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f371", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54589", + "tcp.port": "80", + "tcp.port": "54589", + "tcp.stream": "124", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007b90", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002779000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.971215000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.971215000", + "frame.time_delta": "0.000353000", + "frame.time_delta_displayed": "0.000353000", + "frame.time_relative": "779.510529000", + "frame.number": "2823", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000c4f1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ef9e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54589", + "tcp.port": "80", + "tcp.port": "54589", + "tcp.stream": "124", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000cdf9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002779000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "2822", + "tcp.segment": "2823", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001521000", + "http.request_in": "2820", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.974199000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.974199000", + "frame.time_delta": "0.002984000", + "frame.time_delta_displayed": "0.002984000", + "frame.time_relative": "779.513513000", + "frame.number": "2824", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019c3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005eb0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54589", + "tcp.dstport": "80", + "tcp.port": "54589", + "tcp.port": "80", + "tcp.stream": "124", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004546", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2823", + "tcp.analysis.ack_rtt": "0.002984000", + "tcp.analysis.initial_rtt": "0.002779000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.974890000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.974890000", + "frame.time_delta": "0.000691000", + "frame.time_delta_displayed": "0.000691000", + "frame.time_relative": "779.514204000", + "frame.number": "2825", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019c4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005eaf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54589", + "tcp.dstport": "80", + "tcp.port": "54589", + "tcp.port": "80", + "tcp.stream": "124", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004545", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:30.975339000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494370.975339000", + "frame.time_delta": "0.000449000", + "frame.time_delta_displayed": "0.000449000", + "frame.time_relative": "779.514653000", + "frame.number": "2826", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002539", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000933a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54589", + "tcp.port": "80", + "tcp.port": "54589", + "tcp.stream": "124", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003779", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2825", + "tcp.analysis.ack_rtt": "0.000449000", + "tcp.analysis.initial_rtt": "0.002779000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.008411000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.008411000", + "frame.time_delta": "0.033072000", + "frame.time_delta_displayed": "0.033072000", + "frame.time_relative": "779.547725000", + "frame.number": "2827", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00007b10", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003c38", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "39", + "http.prev_response_in": "2816" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.025183000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.025183000", + "frame.time_delta": "0.016772000", + "frame.time_delta_displayed": "0.016772000", + "frame.time_relative": "779.564497000", + "frame.number": "2828", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000019c5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ea2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54590", + "tcp.dstport": "80", + "tcp.port": "54590", + "tcp.port": "80", + "tcp.stream": "125", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000085f9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.025741000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.025741000", + "frame.time_delta": "0.000558000", + "frame.time_delta_displayed": "0.000558000", + "frame.time_relative": "779.565055000", + "frame.number": "2829", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54590", + "tcp.port": "80", + "tcp.port": "54590", + "tcp.stream": "125", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000d56e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2828", + "tcp.analysis.ack_rtt": "0.000558000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.028604000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.028604000", + "frame.time_delta": "0.002863000", + "frame.time_delta_displayed": "0.002863000", + "frame.time_relative": "779.567918000", + "frame.number": "2830", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019c6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ead", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54590", + "tcp.dstport": "80", + "tcp.port": "54590", + "tcp.port": "80", + "tcp.stream": "125", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000874d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2829", + "tcp.analysis.ack_rtt": "0.002863000", + "tcp.analysis.initial_rtt": "0.003421000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.029263000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.029263000", + "frame.time_delta": "0.000659000", + "frame.time_delta_displayed": "0.000659000", + "frame.time_relative": "779.568577000", + "frame.number": "2831", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000019c7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e05", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54590", + "tcp.dstport": "80", + "tcp.port": "54590", + "tcp.port": "80", + "tcp.stream": "125", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009cc6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003421000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.029783000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.029783000", + "frame.time_delta": "0.000520000", + "frame.time_delta_displayed": "0.000520000", + "frame.time_relative": "779.569097000", + "frame.number": "2832", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cff5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54590", + "tcp.port": "80", + "tcp.port": "54590", + "tcp.stream": "125", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000078de", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2831", + "tcp.analysis.ack_rtt": "0.000520000", + "tcp.analysis.initial_rtt": "0.003421000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.030403000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.030403000", + "frame.time_delta": "0.000620000", + "frame.time_delta_displayed": "0.000620000", + "frame.time_relative": "779.569717000", + "frame.number": "2833", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000cff6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e86b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54590", + "tcp.port": "80", + "tcp.port": "54590", + "tcp.stream": "125", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b8ff", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003421000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.030749000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.030749000", + "frame.time_delta": "0.000346000", + "frame.time_delta_displayed": "0.000346000", + "frame.time_relative": "779.570063000", + "frame.number": "2834", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000cff7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e498", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54590", + "tcp.port": "80", + "tcp.port": "54590", + "tcp.stream": "125", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000b69", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003421000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "2833", + "tcp.segment": "2834", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001486000", + "http.request_in": "2831", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.032841000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.032841000", + "frame.time_delta": "0.002092000", + "frame.time_delta_displayed": "0.002092000", + "frame.time_relative": "779.572155000", + "frame.number": "2835", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019c8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005eab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54590", + "tcp.dstport": "80", + "tcp.port": "54590", + "tcp.port": "80", + "tcp.stream": "125", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000082b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2834", + "tcp.analysis.ack_rtt": "0.002092000", + "tcp.analysis.initial_rtt": "0.003421000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.033399000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.033399000", + "frame.time_delta": "0.000558000", + "frame.time_delta_displayed": "0.000558000", + "frame.time_relative": "779.572713000", + "frame.number": "2836", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019c9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005eaa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54590", + "tcp.dstport": "80", + "tcp.port": "54590", + "tcp.port": "80", + "tcp.stream": "125", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000082b4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.033843000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.033843000", + "frame.time_delta": "0.000444000", + "frame.time_delta_displayed": "0.000444000", + "frame.time_relative": "779.573157000", + "frame.number": "2837", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000253b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009338", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54590", + "tcp.port": "80", + "tcp.port": "54590", + "tcp.stream": "125", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000074e8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2836", + "tcp.analysis.ack_rtt": "0.000444000", + "tcp.analysis.initial_rtt": "0.003421000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.190165000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.190165000", + "frame.time_delta": "0.156322000", + "frame.time_delta_displayed": "0.156322000", + "frame.time_relative": "779.729479000", + "frame.number": "2838", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x0000955c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076c3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "23720", + "tcp.nxtseq": "24072", + "tcp.ack": "5231", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006658", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e1:83:a7:9d:f1:d3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2482563, TSecr 2812146131": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2482563", + "tcp.options.timestamp.tsecr": "2812146131" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "352", + "tcp.analysis.push_bytes_sent": "352" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "347", + "ssl.app_data": "13:6b:24:d2:9f:7e:44:ff:29:be:fa:62:ea:10:71:16:10:5f:35:db:c2:f9:88:b7:ac:84:93:66:ae:10:76:4d:4b:27:d1:60:9c:76:b1:76:0e:45:a3:82:5b:7f:cf:04:74:9a:76:e2:48:6e:b0:9f:8b:f0:16:0e:d9:88:3e:84:cf:cf:ed:d8:0d:48:b5:7d:8e:94:4d:2e:bb:02:c6:64:d6:48:27:4e:cd:23:1e:63:db:6a:64:65:f0:50:78:7d:71:68:be:f4:27:a6:84:c9:11:57:0b:33:ae:71:5e:32:78:ac:9c:0b:7a:2e:2a:8f:6e:61:9e:8b:0a:54:95:28:d0:ba:c2:33:80:06:5e:d9:97:9f:c7:dc:7d:cf:b0:a4:d0:14:fd:c3:f3:18:67:c4:fd:83:0e:4a:41:4f:2d:64:56:4b:b2:35:09:ba:bd:87:99:31:0f:96:00:1b:cf:c8:7c:94:8f:8f:3b:38:93:47:13:2f:7e:38:50:27:a4:b9:fb:3e:fe:95:4e:ac:60:1d:d7:aa:68:83:ab:f3:02:79:a9:d7:af:c9:d7:4a:b8:6c:bf:ae:81:a9:fc:5c:7a:3b:72:69:e1:13:67:32:15:be:e4:05:42:b7:63:04:fc:d6:a2:78:df:42:95:9f:ac:66:e5:87:01:f1:b4:76:55:7e:cf:9b:a7:01:c8:b6:69:d1:f4:56:2a:4c:82:d1:12:92:1d:f5:5c:76:ff:3a:a1:c6:81:ae:1e:e0:9e:17:4c:2a:1a:67:92:98:61:3d:6a:a6:33:70:e1:23:6e:80:d2:01:6a:d6:67:9a:bd:3c:11:6f:a5:4a:d6:82:c6:50:90:61:4a:ef:7d:d1:ae:f6:fa:91:00:23:84:08:81:85:f3:e5:73:7a:ee:70:27:c2:d5:ee:8f:3d:e9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.250502000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.250502000", + "frame.time_delta": "0.060337000", + "frame.time_delta_displayed": "0.060337000", + "frame.time_relative": "779.789816000", + "frame.number": "2839", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c50", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000392f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "5231", + "tcp.ack": "24072", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005fba", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:f4:d9:00:25:e1:83", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812146905, TSecr 2482563": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812146905", + "tcp.options.timestamp.tsecr": "2482563" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2838", + "tcp.analysis.ack_rtt": "0.060337000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.254376000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.254376000", + "frame.time_delta": "0.003874000", + "frame.time_delta_displayed": "0.003874000", + "frame.time_relative": "779.793690000", + "frame.number": "2840", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002c51", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038ff", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "5231", + "tcp.nxtseq": "5278", + "tcp.ack": "24072", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000573", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:f4:da:00:25:e1:83", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812146906, TSecr 2482563": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812146906", + "tcp.options.timestamp.tsecr": "2482563" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:58:0a:d3:b3:f4:cd:22:42:ce:c4:da:8f:ec:08:bd:90:b2:3e:a5:32:8a:80:c3:ce:11:8b:f3:f6:6f:14:ca:ea:a2:4e:cc" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.286616000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.286616000", + "frame.time_delta": "0.032240000", + "frame.time_delta_displayed": "0.032240000", + "frame.time_relative": "779.825930000", + "frame.number": "2841", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000955d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007822", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "24072", + "tcp.ack": "5278", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005e91", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e1:8d:a7:9d:f4:da", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2482573, TSecr 2812146906": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2482573", + "tcp.options.timestamp.tsecr": "2812146906" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2840", + "tcp.analysis.ack_rtt": "0.032240000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.954980000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.954980000", + "frame.time_delta": "0.668364000", + "frame.time_delta_displayed": "0.668364000", + "frame.time_relative": "780.494294000", + "frame.number": "2842", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00007b42", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003c09", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "40", + "http.prev_response_in": "2827" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.958840000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.958840000", + "frame.time_delta": "0.003860000", + "frame.time_delta_displayed": "0.003860000", + "frame.time_relative": "780.498154000", + "frame.number": "2843", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000019cb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e9c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54591", + "tcp.dstport": "80", + "tcp.port": "54591", + "tcp.port": "80", + "tcp.stream": "126", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00000166", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.959379000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.959379000", + "frame.time_delta": "0.000539000", + "frame.time_delta_displayed": "0.000539000", + "frame.time_relative": "780.498693000", + "frame.number": "2844", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54591", + "tcp.port": "80", + "tcp.port": "54591", + "tcp.stream": "126", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00007cdd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2843", + "tcp.analysis.ack_rtt": "0.000539000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.962478000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.962478000", + "frame.time_delta": "0.003099000", + "frame.time_delta_displayed": "0.003099000", + "frame.time_relative": "780.501792000", + "frame.number": "2845", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019cc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ea7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54591", + "tcp.dstport": "80", + "tcp.port": "54591", + "tcp.port": "80", + "tcp.stream": "126", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002ebc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2844", + "tcp.analysis.ack_rtt": "0.003099000", + "tcp.analysis.initial_rtt": "0.003638000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.963074000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.963074000", + "frame.time_delta": "0.000596000", + "frame.time_delta_displayed": "0.000596000", + "frame.time_relative": "780.502388000", + "frame.number": "2846", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000019cd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54591", + "tcp.dstport": "80", + "tcp.port": "54591", + "tcp.port": "80", + "tcp.stream": "126", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004435", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003638000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.963561000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.963561000", + "frame.time_delta": "0.000487000", + "frame.time_delta_displayed": "0.000487000", + "frame.time_relative": "780.502875000", + "frame.number": "2847", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e384", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d4ee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54591", + "tcp.port": "80", + "tcp.port": "54591", + "tcp.stream": "126", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000204d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2846", + "tcp.analysis.ack_rtt": "0.000487000", + "tcp.analysis.initial_rtt": "0.003638000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.964136000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.964136000", + "frame.time_delta": "0.000575000", + "frame.time_delta_displayed": "0.000575000", + "frame.time_relative": "780.503450000", + "frame.number": "2848", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000e385", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d4dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54591", + "tcp.port": "80", + "tcp.port": "54591", + "tcp.stream": "126", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000606e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003638000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.964487000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.964487000", + "frame.time_delta": "0.000351000", + "frame.time_delta_displayed": "0.000351000", + "frame.time_relative": "780.503801000", + "frame.number": "2849", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000e386", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d109", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54591", + "tcp.port": "80", + "tcp.port": "54591", + "tcp.stream": "126", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b2d7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003638000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "2848", + "tcp.segment": "2849", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001413000", + "http.request_in": "2846", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.966991000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.966991000", + "frame.time_delta": "0.002504000", + "frame.time_delta_displayed": "0.002504000", + "frame.time_relative": "780.506305000", + "frame.number": "2850", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019ce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ea5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54591", + "tcp.dstport": "80", + "tcp.port": "54591", + "tcp.port": "80", + "tcp.stream": "126", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002a24", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2849", + "tcp.analysis.ack_rtt": "0.002504000", + "tcp.analysis.initial_rtt": "0.003638000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.967636000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.967636000", + "frame.time_delta": "0.000645000", + "frame.time_delta_displayed": "0.000645000", + "frame.time_relative": "780.506950000", + "frame.number": "2851", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019cf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ea4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54591", + "tcp.dstport": "80", + "tcp.port": "54591", + "tcp.port": "80", + "tcp.stream": "126", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002a23", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:31.968065000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494371.968065000", + "frame.time_delta": "0.000429000", + "frame.time_delta_displayed": "0.000429000", + "frame.time_relative": "780.507379000", + "frame.number": "2852", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000257e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000092f5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54591", + "tcp.port": "80", + "tcp.port": "54591", + "tcp.stream": "126", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001c57", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2851", + "tcp.analysis.ack_rtt": "0.000429000", + "tcp.analysis.initial_rtt": "0.003638000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.007888000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.007888000", + "frame.time_delta": "0.039823000", + "frame.time_delta_displayed": "0.039823000", + "frame.time_relative": "780.547202000", + "frame.number": "2853", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00007b44", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003bfe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "41", + "http.prev_response_in": "2842" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.018304000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.018304000", + "frame.time_delta": "0.010416000", + "frame.time_delta_displayed": "0.010416000", + "frame.time_relative": "780.557618000", + "frame.number": "2854", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000019d0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e97", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54592", + "tcp.dstport": "80", + "tcp.port": "54592", + "tcp.port": "80", + "tcp.stream": "127", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00008b60", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.018855000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.018855000", + "frame.time_delta": "0.000551000", + "frame.time_delta_displayed": "0.000551000", + "frame.time_relative": "780.558169000", + "frame.number": "2855", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54592", + "tcp.port": "80", + "tcp.port": "54592", + "tcp.stream": "127", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008124", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2854", + "tcp.analysis.ack_rtt": "0.000551000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.021192000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.021192000", + "frame.time_delta": "0.002337000", + "frame.time_delta_displayed": "0.002337000", + "frame.time_relative": "780.560506000", + "frame.number": "2856", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019d1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ea2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54592", + "tcp.dstport": "80", + "tcp.port": "54592", + "tcp.port": "80", + "tcp.stream": "127", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003303", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2855", + "tcp.analysis.ack_rtt": "0.002337000", + "tcp.analysis.initial_rtt": "0.002888000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.021819000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.021819000", + "frame.time_delta": "0.000627000", + "frame.time_delta_displayed": "0.000627000", + "frame.time_relative": "780.561133000", + "frame.number": "2857", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000019d2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dfa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54592", + "tcp.dstport": "80", + "tcp.port": "54592", + "tcp.port": "80", + "tcp.stream": "127", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000487c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002888000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.022311000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.022311000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "780.561625000", + "frame.number": "2858", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002899", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008fda", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54592", + "tcp.port": "80", + "tcp.port": "54592", + "tcp.stream": "127", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002494", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2857", + "tcp.analysis.ack_rtt": "0.000492000", + "tcp.analysis.initial_rtt": "0.002888000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.022880000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.022880000", + "frame.time_delta": "0.000569000", + "frame.time_delta_displayed": "0.000569000", + "frame.time_relative": "780.562194000", + "frame.number": "2859", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000289a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008fc8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54592", + "tcp.port": "80", + "tcp.port": "54592", + "tcp.stream": "127", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000064b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002888000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.023230000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.023230000", + "frame.time_delta": "0.000350000", + "frame.time_delta_displayed": "0.000350000", + "frame.time_relative": "780.562544000", + "frame.number": "2860", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000289b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008bf5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54592", + "tcp.port": "80", + "tcp.port": "54592", + "tcp.stream": "127", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b71e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002888000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "2859", + "tcp.segment": "2860", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001411000", + "http.request_in": "2857", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.027107000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.027107000", + "frame.time_delta": "0.003877000", + "frame.time_delta_displayed": "0.003877000", + "frame.time_relative": "780.566421000", + "frame.number": "2861", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019d3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ea0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54592", + "tcp.dstport": "80", + "tcp.port": "54592", + "tcp.port": "80", + "tcp.stream": "127", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002e6b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2860", + "tcp.analysis.ack_rtt": "0.003877000", + "tcp.analysis.initial_rtt": "0.002888000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.027762000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.027762000", + "frame.time_delta": "0.000655000", + "frame.time_delta_displayed": "0.000655000", + "frame.time_relative": "780.567076000", + "frame.number": "2862", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019d4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e9f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54592", + "tcp.dstport": "80", + "tcp.port": "54592", + "tcp.port": "80", + "tcp.stream": "127", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002e6a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.028193000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.028193000", + "frame.time_delta": "0.000431000", + "frame.time_delta_displayed": "0.000431000", + "frame.time_relative": "780.567507000", + "frame.number": "2863", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002584", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000092ef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54592", + "tcp.port": "80", + "tcp.port": "54592", + "tcp.stream": "127", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000209e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2862", + "tcp.analysis.ack_rtt": "0.000431000", + "tcp.analysis.initial_rtt": "0.002888000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.060829000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.060829000", + "frame.time_delta": "0.032636000", + "frame.time_delta_displayed": "0.032636000", + "frame.time_relative": "780.600143000", + "frame.number": "2864", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00007b49", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003bff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "42", + "http.prev_response_in": "2853" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.064193000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.064193000", + "frame.time_delta": "0.003364000", + "frame.time_delta_displayed": "0.003364000", + "frame.time_relative": "780.603507000", + "frame.number": "2865", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000019d5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e92", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54593", + "tcp.dstport": "80", + "tcp.port": "54593", + "tcp.port": "80", + "tcp.stream": "128", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000097e8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.064752000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.064752000", + "frame.time_delta": "0.000559000", + "frame.time_delta_displayed": "0.000559000", + "frame.time_relative": "780.604066000", + "frame.number": "2866", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54593", + "tcp.port": "80", + "tcp.port": "54593", + "tcp.stream": "128", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000088f6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2865", + "tcp.analysis.ack_rtt": "0.000559000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.067392000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.067392000", + "frame.time_delta": "0.002640000", + "frame.time_delta_displayed": "0.002640000", + "frame.time_relative": "780.606706000", + "frame.number": "2867", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019d6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e9d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54593", + "tcp.dstport": "80", + "tcp.port": "54593", + "tcp.port": "80", + "tcp.stream": "128", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003ad5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2866", + "tcp.analysis.ack_rtt": "0.002640000", + "tcp.analysis.initial_rtt": "0.003199000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.068009000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.068009000", + "frame.time_delta": "0.000617000", + "frame.time_delta_displayed": "0.000617000", + "frame.time_relative": "780.607323000", + "frame.number": "2868", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000019d7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005df5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54593", + "tcp.dstport": "80", + "tcp.port": "54593", + "tcp.port": "80", + "tcp.stream": "128", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000504e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003199000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.068477000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.068477000", + "frame.time_delta": "0.000468000", + "frame.time_delta_displayed": "0.000468000", + "frame.time_relative": "780.607791000", + "frame.number": "2869", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c95a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ef18", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54593", + "tcp.port": "80", + "tcp.port": "54593", + "tcp.stream": "128", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002c66", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2868", + "tcp.analysis.ack_rtt": "0.000468000", + "tcp.analysis.initial_rtt": "0.003199000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.069168000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.069168000", + "frame.time_delta": "0.000691000", + "frame.time_delta_displayed": "0.000691000", + "frame.time_relative": "780.608482000", + "frame.number": "2870", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000c95b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ef06", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54593", + "tcp.port": "80", + "tcp.port": "54593", + "tcp.stream": "128", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006c87", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003199000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.069523000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.069523000", + "frame.time_delta": "0.000355000", + "frame.time_delta_displayed": "0.000355000", + "frame.time_relative": "780.608837000", + "frame.number": "2871", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000c95c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eb33", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54593", + "tcp.port": "80", + "tcp.port": "54593", + "tcp.stream": "128", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bef0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003199000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "2870", + "tcp.segment": "2871", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001514000", + "http.request_in": "2868", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.070311000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.070311000", + "frame.time_delta": "0.000788000", + "frame.time_delta_displayed": "0.000788000", + "frame.time_relative": "780.609625000", + "frame.number": "2872", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000c95d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eb32", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54593", + "tcp.port": "80", + "tcp.port": "54593", + "tcp.stream": "128", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bef0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003199000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.072360000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.072360000", + "frame.time_delta": "0.002049000", + "frame.time_delta_displayed": "0.002049000", + "frame.time_relative": "780.611674000", + "frame.number": "2873", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019d8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e9b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54593", + "tcp.dstport": "80", + "tcp.port": "54593", + "tcp.port": "80", + "tcp.stream": "128", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000363d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2871", + "tcp.analysis.ack_rtt": "0.002837000", + "tcp.analysis.initial_rtt": "0.003199000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.073472000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.073472000", + "frame.time_delta": "0.001112000", + "frame.time_delta_displayed": "0.001112000", + "frame.time_relative": "780.612786000", + "frame.number": "2874", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019d9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e9a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54593", + "tcp.dstport": "80", + "tcp.port": "54593", + "tcp.port": "80", + "tcp.stream": "128", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000363c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.073912000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.073912000", + "frame.time_delta": "0.000440000", + "frame.time_delta_displayed": "0.000440000", + "frame.time_relative": "780.613226000", + "frame.number": "2875", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002587", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000092ec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54593", + "tcp.port": "80", + "tcp.port": "54593", + "tcp.stream": "128", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002870", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2874", + "tcp.analysis.ack_rtt": "0.000440000", + "tcp.analysis.initial_rtt": "0.003199000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.074238000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.074238000", + "frame.time_delta": "0.000326000", + "frame.time_delta_displayed": "0.000326000", + "frame.time_relative": "780.613552000", + "frame.number": "2876", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000019da", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e8d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54593", + "tcp.dstport": "80", + "tcp.port": "54593", + "tcp.port": "80", + "tcp.stream": "128", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000cc90", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:2d:01:6a:d7:2d:01:6e:ba", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003199000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "2873", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.680230000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.680230000", + "frame.time_delta": "0.605992000", + "frame.time_delta_displayed": "0.605992000", + "frame.time_relative": "781.219544000", + "frame.number": "2877", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:32.680668000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494372.680668000", + "frame.time_delta": "0.000438000", + "frame.time_delta_displayed": "0.000438000", + "frame.time_relative": "781.219982000", + "frame.number": "2878", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:33.643546000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494373.643546000", + "frame.time_delta": "0.962878000", + "frame.time_delta_displayed": "0.962878000", + "frame.time_relative": "782.182860000", + "frame.number": "2879", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000fd3a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bb7f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "35351", + "udp.dstport": "53", + "udp.port": "35351", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00002c07", + "udp.checksum.status": "2", + "udp.stream": "71" + }, + "dns": { + "dns.id": "0x00000f1f", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:33.644194000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494373.644194000", + "frame.time_delta": "0.000648000", + "frame.time_delta_displayed": "0.000648000", + "frame.time_relative": "782.183508000", + "frame.number": "2880", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00003af1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007dc9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "35351", + "udp.port": "53", + "udp.port": "35351", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "71" + }, + "dns": { + "dns.response_to": "2879", + "dns.time": "0.000648000", + "dns.id": "0x00000f1f", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:33.645211000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494373.645211000", + "frame.time_delta": "0.001017000", + "frame.time_delta_displayed": "0.001017000", + "frame.time_relative": "782.184525000", + "frame.number": "2881", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000fd3b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bb7e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "55107", + "udp.dstport": "53", + "udp.port": "55107", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000f9d9", + "udp.checksum.status": "2", + "udp.stream": "72" + }, + "dns": { + "dns.id": "0x00000f20", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:33.645636000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494373.645636000", + "frame.time_delta": "0.000425000", + "frame.time_delta_displayed": "0.000425000", + "frame.time_relative": "782.184950000", + "frame.number": "2882", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00003af2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007db8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "55107", + "udp.port": "53", + "udp.port": "55107", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "72" + }, + "dns": { + "dns.response_to": "2881", + "dns.time": "0.000425000", + "dns.id": "0x00000f20", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3004", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:33.646391000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494373.646391000", + "frame.time_delta": "0.000755000", + "frame.time_delta_displayed": "0.000755000", + "frame.time_relative": "782.185705000", + "frame.number": "2883", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00003fdb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f5f4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35298", + "tcp.dstport": "80", + "tcp.port": "35298", + "tcp.port": "80", + "tcp.stream": "129", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000a3b1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:33.781737000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494373.781737000", + "frame.time_delta": "0.135346000", + "frame.time_delta_displayed": "0.135346000", + "frame.time_relative": "782.321051000", + "frame.number": "2884", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x0000bcb7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000ce1b", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35298", + "tcp.port": "80", + "tcp.port": "35298", + "tcp.stream": "129", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x00004a5c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2883", + "tcp.analysis.ack_rtt": "0.135346000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:33.782286000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494373.782286000", + "frame.time_delta": "0.000549000", + "frame.time_delta_displayed": "0.000549000", + "frame.time_relative": "782.321600000", + "frame.number": "2885", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003fdc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f5ff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35298", + "tcp.dstport": "80", + "tcp.port": "35298", + "tcp.port": "80", + "tcp.stream": "129", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000013eb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2884", + "tcp.analysis.ack_rtt": "0.000549000", + "tcp.analysis.initial_rtt": "0.135895000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:33.782299000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494373.782299000", + "frame.time_delta": "0.000013000", + "frame.time_delta_displayed": "0.000013000", + "frame.time_relative": "782.321613000", + "frame.number": "2886", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x00003fdd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f3a6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35298", + "tcp.dstport": "80", + "tcp.port": "35298", + "tcp.port": "80", + "tcp.stream": "129", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003e28", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.135895000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:37:22:2c:20:4e:6f:6e:63:65:3d:22:55:47:35:74:70:36:43:39:2b:6c:53:37:49:4e:55:49:48:69:66:38:67:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:4b:55:70:36:73:6a:68:30:6b:68:59:54:46:42:36:63:31:38:41:30:43:77:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:33.918506000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494373.918506000", + "frame.time_delta": "0.136207000", + "frame.time_delta_displayed": "0.136207000", + "frame.time_relative": "782.457820000", + "frame.number": "2887", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f57a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00009560", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35298", + "tcp.port": "80", + "tcp.port": "35298", + "tcp.stream": "129", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000711f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2886", + "tcp.analysis.ack_rtt": "0.136207000", + "tcp.analysis.initial_rtt": "0.135895000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:33.919164000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494373.919164000", + "frame.time_delta": "0.000658000", + "frame.time_delta_displayed": "0.000658000", + "frame.time_relative": "782.458478000", + "frame.number": "2888", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x00003fde", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f11d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35298", + "tcp.dstport": "80", + "tcp.port": "35298", + "tcp.port": "80", + "tcp.stream": "129", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000016e2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.135895000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "ad:1f:cb:8e:68:9a:e0:7c:41:5a:ea:55:58:00:d4:95:90:e3:ce:c1:bb:66:96:56:a5:33:e8:a5:8a:59:dd:4f:dc:d6:b0:c5:a1:ff:47:32:f8:72:fc:58:58:e8:a2:0d:33:d0:c7:f8:41:8b:d9:3a:a3:24:04:f8:23:c1:0b:1e:b8:7b:ef:e1:e4:e5:1e:3d:71:09:3c:de:86:34:c1:18:0b:a9:70:5d:0c:7b:cf:9e:b8:e6:e1:1b:83:97:68:50:d5:ff:6a:11:f9:ff:ec:ff:da:06:45:32:61:2a:22:12:d0:fc:55:73:26:1a:d2:25:58:d4:dc:36:0f:e5:67:49:e6:4a:7f:c4:68:75:3c:87:24:36:6c:c4:27:0e:7d:f3:72:ba:5d:d1:9a:f9:82:26:1b:c5:0c:05:46:f2:b3:83:c0:a3:cf:c1:fe:cb:7f:88:45:f7:5a:55:20:08:cc:dc:ac:ab:e1:ce:a4:8b:13:87:35:d4:32:68:cc:24:0c:a9:33:8f:9c:68:db:86:73:e1:20:f1:06:69:cf:3b:07:08:4d:ca:d9:3c:9b:06:50:0a:0d:ff:d5:44:49:e3:87:ab:45:5a:ac:c6:db:c1:8f:a7:c6:f2:28:64:5f:28:29:54:23:18:4b:61:02:7a:3b:79:da:3d:8d:0c:a4:a1:d1:7f:aa:65:c3:a8:c8:51:5a:4b:ed:3b:e5:63:cc:16:6e:9a:0d:6a:c6:b4:ba:fa:23:90:75:f6:e7:ff:62:33:9c:15:5c:16:dc:6b:1b:77:80:df:a0:57:26:6e:0b:c6:17:e2:01:78:02:97:68:b1:9a:96:91:26:15:46:1b:63:d4:66:eb:c1:9c:5e:78:fa:85:a0:3b:cf:91:92:99:e1:33:a3:31:09:d6:55:b1:08:52:87:ee:6c:95:39:94:38:bc:b6:52:09:d7:73:65:34:f0:1f:97:c4:b9:19:05:30:90:fa:0a:2f:c1:97:b9:43:ef:60:7d:01:9b:41:fa:35:02:28:05:91:24:18:b2:7d:c7:4c:af:3c:01:ae:35:6e:db:1c:b2:36:2c:fe:03:47:a4:54:f7:e2:6e:97:5c:99:b8:00:0c:be:e7:0e:e4:99:d4:69:1b:e2:4e:ea:92:58:1d:72:43:2f:bc:00:c1:2c:ca:8e:08:db:ae:e1:24:c6:e2:f7:65:26:40:88:2d:29:4b:ca:d4:a6:bf:8a:41:8d:b3:0a:7a:d0:52:3f:9b:9d:50:26:c3:0c:76:d4:11:d1:da:3d:a5:dc:f1:bd:21:8d:3b:1d:36:48:05:87:71:1f:eb:17:42:e7:95:bf:fb:78:67:d7:6b:5a:99:cc:02:e4:89:8d:92:36:aa:c4:18:28:04:d4:f4:90:f8:cd:0e:61:b8:ac:c9:f6:22:2d:79:3a:cd:39:c5:a5:a4:2f:33:9f:09:13:35:16:49:d7:f6:02:7d:40:5b:6e:98:ea:15:6a:68:66:0f:2e:ab:93:99:7c:ee:50:da:1a:4c:a0:c5:1c:60:91:5e:63:63:b4:fa:f5:94:1b:6e:df:de:16:06:b2:81:e4:4d:39:37:20:b4:76:ac:ad:a3:31:26:ae:7d:f9:d2:44:cd:10:f0:c7:9d:c4:ea:f7:63:d1:11:b4:3c:67:53:f1:21:c9:7e:29:a2:b6:fe:ce:d2:1d:97:ab:e6:d8:05:c1:a0:6e:38:30:9e:86:b5:8a:b7:39:14:92:9a:4c:83:b6:53:18:83:0e:46:67:af:e0:9a:29:56:69:fe:7d:e8:66:0e:97:f3:52:1c:1e:1f:c9:2c:a1:96:74:01:7e:6c:f0:9b:90:9e:39:eb:31:03:f5:5c:b7:98:b2:ba:5b:f4:62:c1:ce:3c:dd:5b:ed:ac:6e:53:91:53:e9:70:82:5e:a1:f2:11:25:fa:d5:9b:44:16:2c:64:86:33:a2:72:f7:7a:e4:da:40:2f:46:8b:2d:e0:82:ad:c9:0f:02:03:02:36:cc:10:8f:df:37:7c:1b:5a:12:c6:c8:63:4d:a6:e3:d6:7c:b7:62:41:a5:55:40:22:6d:70:9c:c4:4f:87:7a:e2:8d:e9:9d:2c:f7:1f:25:13:96:58:4b:34:62:3e:0f:d1:03:97:e4:7e:57:01:a8:d3:9d:7e:dc:74:48:74:0c:40:4b:91:e4:0f:0f:55:04:76:70:b6:31:aa:1a:9a:c9:40:19:2a:e9:74:f1:df:14:69:dd:dd:4e:c6:b6:da:ea:39:c3:a0:43:d6:cb:8e:52:19:60:e9:a1:b5:bf:fb:1e:87:38:88:03:3e:0f:e8:42:29:cc:d1:79:30:aa:df:de:24:dd:08:f2:4c:a6:14:0d:0b:a6:13:a4:19:b9:35:7b:fc:0d:fb:7f:ee:6b:ee:3b:d8:54:77:eb:c8:f8:d9:c0:80:d2:58:ae:16:84:b0:a9:39:00:65:b9:b7:4a:cf:49:e5:c6:f0:c7:0a:7a:71:21:71:6b:2d:fe:79:15:03:2c:7a:fe:b5:0e:cc:ea:6f:c4:d7:6a:0d:95:b4:7b:eb:60:14:bd:9d:ff:99:87:c6:a1:1d:b1:2f:f6:d3:a2:e4:97:de:4b:23:af:18:19:b3:e6:e8:0f:e2:f2:6d:4b:de:4c:64:14:06:9c:04:88:dd:6c:4b:4a:56:da:96:d4:dd:27:43:ad:bf:e3:b8:cc:d3:7f:db:d4:46:8f:56:98:49:ec:3f:69:0f:92:03:8e:f1:09:c2:c4:47:2d:9d:b7:6e:18:41:41:6d:7d:d1:5c:8a:1d:33:ee:3a:5d:a2:d7:64:fb:2e:e6:7f:1f:46:24:57:22:24:5e:3e:2c:49:f7:a2:7a:02:d6:19:0e:73:a0:49:e5:82:0e:9d:ee:1c:92:9e:7b:75:59:ce:58:a9:cb:0d:82:b0:96:66:a8:3c:bf:26:3a:63:e4:4d:ca:0e:61:ea:06:66:7a:11:ca:e6:97:ac:95:c4:d1:c5:b0:48:7f:4c:ed:ed:ab:45:ba:62:5a:f9:86:f0:88:1a:03:b6:58:00:f7:9d:60:7f:bd:71:48:d7:ee:0e:00:6c:47:a5:17:7f:03:69:36:f5:91:62:0d:14:cb:be:69:90:30:a5:db:f5:4e:71:f7:20:90:bc:26:d5:88:77:3a:5c:d0:4a:cc:99:7a:8a:f4:22:78:27:59:c4:03:0c:9e:9b:d4:ca:86:5d:6f:51:2e:41:78:bc:ed:56:ca:34:f5:66:4f:26:d0:de:29:0c:51:c2:12:f3:7e:17:17:39:15:ac:b1:d2:1d:37:8f:75:fb:d5:2c:a9:49:06:3e:34" + }, + "tcp.segments": { + "tcp.segment": "2886", + "tcp.segment": "2888", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:37:22:2c:20:4e:6f:6e:63:65:3d:22:55:47:35:74:70:36:43:39:2b:6c:53:37:49:4e:55:49:48:69:66:38:67:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:4b:55:70:36:73:6a:68:30:6b:68:59:54:46:42:36:63:31:38:41:30:43:77:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:ad:1f:cb:8e:68:9a:e0:7c:41:5a:ea:55:58:00:d4:95:90:e3:ce:c1:bb:66:96:56:a5:33:e8:a5:8a:59:dd:4f:dc:d6:b0:c5:a1:ff:47:32:f8:72:fc:58:58:e8:a2:0d:33:d0:c7:f8:41:8b:d9:3a:a3:24:04:f8:23:c1:0b:1e:b8:7b:ef:e1:e4:e5:1e:3d:71:09:3c:de:86:34:c1:18:0b:a9:70:5d:0c:7b:cf:9e:b8:e6:e1:1b:83:97:68:50:d5:ff:6a:11:f9:ff:ec:ff:da:06:45:32:61:2a:22:12:d0:fc:55:73:26:1a:d2:25:58:d4:dc:36:0f:e5:67:49:e6:4a:7f:c4:68:75:3c:87:24:36:6c:c4:27:0e:7d:f3:72:ba:5d:d1:9a:f9:82:26:1b:c5:0c:05:46:f2:b3:83:c0:a3:cf:c1:fe:cb:7f:88:45:f7:5a:55:20:08:cc:dc:ac:ab:e1:ce:a4:8b:13:87:35:d4:32:68:cc:24:0c:a9:33:8f:9c:68:db:86:73:e1:20:f1:06:69:cf:3b:07:08:4d:ca:d9:3c:9b:06:50:0a:0d:ff:d5:44:49:e3:87:ab:45:5a:ac:c6:db:c1:8f:a7:c6:f2:28:64:5f:28:29:54:23:18:4b:61:02:7a:3b:79:da:3d:8d:0c:a4:a1:d1:7f:aa:65:c3:a8:c8:51:5a:4b:ed:3b:e5:63:cc:16:6e:9a:0d:6a:c6:b4:ba:fa:23:90:75:f6:e7:ff:62:33:9c:15:5c:16:dc:6b:1b:77:80:df:a0:57:26:6e:0b:c6:17:e2:01:78:02:97:68:b1:9a:96:91:26:15:46:1b:63:d4:66:eb:c1:9c:5e:78:fa:85:a0:3b:cf:91:92:99:e1:33:a3:31:09:d6:55:b1:08:52:87:ee:6c:95:39:94:38:bc:b6:52:09:d7:73:65:34:f0:1f:97:c4:b9:19:05:30:90:fa:0a:2f:c1:97:b9:43:ef:60:7d:01:9b:41:fa:35:02:28:05:91:24:18:b2:7d:c7:4c:af:3c:01:ae:35:6e:db:1c:b2:36:2c:fe:03:47:a4:54:f7:e2:6e:97:5c:99:b8:00:0c:be:e7:0e:e4:99:d4:69:1b:e2:4e:ea:92:58:1d:72:43:2f:bc:00:c1:2c:ca:8e:08:db:ae:e1:24:c6:e2:f7:65:26:40:88:2d:29:4b:ca:d4:a6:bf:8a:41:8d:b3:0a:7a:d0:52:3f:9b:9d:50:26:c3:0c:76:d4:11:d1:da:3d:a5:dc:f1:bd:21:8d:3b:1d:36:48:05:87:71:1f:eb:17:42:e7:95:bf:fb:78:67:d7:6b:5a:99:cc:02:e4:89:8d:92:36:aa:c4:18:28:04:d4:f4:90:f8:cd:0e:61:b8:ac:c9:f6:22:2d:79:3a:cd:39:c5:a5:a4:2f:33:9f:09:13:35:16:49:d7:f6:02:7d:40:5b:6e:98:ea:15:6a:68:66:0f:2e:ab:93:99:7c:ee:50:da:1a:4c:a0:c5:1c:60:91:5e:63:63:b4:fa:f5:94:1b:6e:df:de:16:06:b2:81:e4:4d:39:37:20:b4:76:ac:ad:a3:31:26:ae:7d:f9:d2:44:cd:10:f0:c7:9d:c4:ea:f7:63:d1:11:b4:3c:67:53:f1:21:c9:7e:29:a2:b6:fe:ce:d2:1d:97:ab:e6:d8:05:c1:a0:6e:38:30:9e:86:b5:8a:b7:39:14:92:9a:4c:83:b6:53:18:83:0e:46:67:af:e0:9a:29:56:69:fe:7d:e8:66:0e:97:f3:52:1c:1e:1f:c9:2c:a1:96:74:01:7e:6c:f0:9b:90:9e:39:eb:31:03:f5:5c:b7:98:b2:ba:5b:f4:62:c1:ce:3c:dd:5b:ed:ac:6e:53:91:53:e9:70:82:5e:a1:f2:11:25:fa:d5:9b:44:16:2c:64:86:33:a2:72:f7:7a:e4:da:40:2f:46:8b:2d:e0:82:ad:c9:0f:02:03:02:36:cc:10:8f:df:37:7c:1b:5a:12:c6:c8:63:4d:a6:e3:d6:7c:b7:62:41:a5:55:40:22:6d:70:9c:c4:4f:87:7a:e2:8d:e9:9d:2c:f7:1f:25:13:96:58:4b:34:62:3e:0f:d1:03:97:e4:7e:57:01:a8:d3:9d:7e:dc:74:48:74:0c:40:4b:91:e4:0f:0f:55:04:76:70:b6:31:aa:1a:9a:c9:40:19:2a:e9:74:f1:df:14:69:dd:dd:4e:c6:b6:da:ea:39:c3:a0:43:d6:cb:8e:52:19:60:e9:a1:b5:bf:fb:1e:87:38:88:03:3e:0f:e8:42:29:cc:d1:79:30:aa:df:de:24:dd:08:f2:4c:a6:14:0d:0b:a6:13:a4:19:b9:35:7b:fc:0d:fb:7f:ee:6b:ee:3b:d8:54:77:eb:c8:f8:d9:c0:80:d2:58:ae:16:84:b0:a9:39:00:65:b9:b7:4a:cf:49:e5:c6:f0:c7:0a:7a:71:21:71:6b:2d:fe:79:15:03:2c:7a:fe:b5:0e:cc:ea:6f:c4:d7:6a:0d:95:b4:7b:eb:60:14:bd:9d:ff:99:87:c6:a1:1d:b1:2f:f6:d3:a2:e4:97:de:4b:23:af:18:19:b3:e6:e8:0f:e2:f2:6d:4b:de:4c:64:14:06:9c:04:88:dd:6c:4b:4a:56:da:96:d4:dd:27:43:ad:bf:e3:b8:cc:d3:7f:db:d4:46:8f:56:98:49:ec:3f:69:0f:92:03:8e:f1:09:c2:c4:47:2d:9d:b7:6e:18:41:41:6d:7d:d1:5c:8a:1d:33:ee:3a:5d:a2:d7:64:fb:2e:e6:7f:1f:46:24:57:22:24:5e:3e:2c:49:f7:a2:7a:02:d6:19:0e:73:a0:49:e5:82:0e:9d:ee:1c:92:9e:7b:75:59:ce:58:a9:cb:0d:82:b0:96:66:a8:3c:bf:26:3a:63:e4:4d:ca:0e:61:ea:06:66:7a:11:ca:e6:97:ac:95:c4:d1:c5:b0:48:7f:4c:ed:ed:ab:45:ba:62:5a:f9:86:f0:88:1a:03:b6:58:00:f7:9d:60:7f:bd:71:48:d7:ee:0e:00:6c:47:a5:17:7f:03:69:36:f5:91:62:0d:14:cb:be:69:90:30:a5:db:f5:4e:71:f7:20:90:bc:26:d5:88:77:3a:5c:d0:4a:cc:99:7a:8a:f4:22:78:27:59:c4:03:0c:9e:9b:d4:ca:86:5d:6f:51:2e:41:78:bc:ed:56:ca:34:f5:66:4f:26:d0:de:29:0c:51:c2:12:f3:7e:17:17:39:15:ac:b1:d2:1d:37:8f:75:fb:d5:2c:a9:49:06:3e:34" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"187\", Nonce=\"UG5tp6C9+lS7INUIHif8gw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"KUp6sjh0khYTFB6c18A0Cw==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"187\", Nonce=\"UG5tp6C9+lS7INUIHif8gw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"KUp6sjh0khYTFB6c18A0Cw==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "\u00ef\u00bf\u00bd\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdh\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|AZ\u00ef\u00bf\u00bdUX" + }, + "media": { + "media.type": "ad:1f:cb:8e:68:9a:e0:7c:41:5a:ea:55:58:00:d4:95:90:e3:ce:c1:bb:66:96:56:a5:33:e8:a5:8a:59:dd:4f:dc:d6:b0:c5:a1:ff:47:32:f8:72:fc:58:58:e8:a2:0d:33:d0:c7:f8:41:8b:d9:3a:a3:24:04:f8:23:c1:0b:1e:b8:7b:ef:e1:e4:e5:1e:3d:71:09:3c:de:86:34:c1:18:0b:a9:70:5d:0c:7b:cf:9e:b8:e6:e1:1b:83:97:68:50:d5:ff:6a:11:f9:ff:ec:ff:da:06:45:32:61:2a:22:12:d0:fc:55:73:26:1a:d2:25:58:d4:dc:36:0f:e5:67:49:e6:4a:7f:c4:68:75:3c:87:24:36:6c:c4:27:0e:7d:f3:72:ba:5d:d1:9a:f9:82:26:1b:c5:0c:05:46:f2:b3:83:c0:a3:cf:c1:fe:cb:7f:88:45:f7:5a:55:20:08:cc:dc:ac:ab:e1:ce:a4:8b:13:87:35:d4:32:68:cc:24:0c:a9:33:8f:9c:68:db:86:73:e1:20:f1:06:69:cf:3b:07:08:4d:ca:d9:3c:9b:06:50:0a:0d:ff:d5:44:49:e3:87:ab:45:5a:ac:c6:db:c1:8f:a7:c6:f2:28:64:5f:28:29:54:23:18:4b:61:02:7a:3b:79:da:3d:8d:0c:a4:a1:d1:7f:aa:65:c3:a8:c8:51:5a:4b:ed:3b:e5:63:cc:16:6e:9a:0d:6a:c6:b4:ba:fa:23:90:75:f6:e7:ff:62:33:9c:15:5c:16:dc:6b:1b:77:80:df:a0:57:26:6e:0b:c6:17:e2:01:78:02:97:68:b1:9a:96:91:26:15:46:1b:63:d4:66:eb:c1:9c:5e:78:fa:85:a0:3b:cf:91:92:99:e1:33:a3:31:09:d6:55:b1:08:52:87:ee:6c:95:39:94:38:bc:b6:52:09:d7:73:65:34:f0:1f:97:c4:b9:19:05:30:90:fa:0a:2f:c1:97:b9:43:ef:60:7d:01:9b:41:fa:35:02:28:05:91:24:18:b2:7d:c7:4c:af:3c:01:ae:35:6e:db:1c:b2:36:2c:fe:03:47:a4:54:f7:e2:6e:97:5c:99:b8:00:0c:be:e7:0e:e4:99:d4:69:1b:e2:4e:ea:92:58:1d:72:43:2f:bc:00:c1:2c:ca:8e:08:db:ae:e1:24:c6:e2:f7:65:26:40:88:2d:29:4b:ca:d4:a6:bf:8a:41:8d:b3:0a:7a:d0:52:3f:9b:9d:50:26:c3:0c:76:d4:11:d1:da:3d:a5:dc:f1:bd:21:8d:3b:1d:36:48:05:87:71:1f:eb:17:42:e7:95:bf:fb:78:67:d7:6b:5a:99:cc:02:e4:89:8d:92:36:aa:c4:18:28:04:d4:f4:90:f8:cd:0e:61:b8:ac:c9:f6:22:2d:79:3a:cd:39:c5:a5:a4:2f:33:9f:09:13:35:16:49:d7:f6:02:7d:40:5b:6e:98:ea:15:6a:68:66:0f:2e:ab:93:99:7c:ee:50:da:1a:4c:a0:c5:1c:60:91:5e:63:63:b4:fa:f5:94:1b:6e:df:de:16:06:b2:81:e4:4d:39:37:20:b4:76:ac:ad:a3:31:26:ae:7d:f9:d2:44:cd:10:f0:c7:9d:c4:ea:f7:63:d1:11:b4:3c:67:53:f1:21:c9:7e:29:a2:b6:fe:ce:d2:1d:97:ab:e6:d8:05:c1:a0:6e:38:30:9e:86:b5:8a:b7:39:14:92:9a:4c:83:b6:53:18:83:0e:46:67:af:e0:9a:29:56:69:fe:7d:e8:66:0e:97:f3:52:1c:1e:1f:c9:2c:a1:96:74:01:7e:6c:f0:9b:90:9e:39:eb:31:03:f5:5c:b7:98:b2:ba:5b:f4:62:c1:ce:3c:dd:5b:ed:ac:6e:53:91:53:e9:70:82:5e:a1:f2:11:25:fa:d5:9b:44:16:2c:64:86:33:a2:72:f7:7a:e4:da:40:2f:46:8b:2d:e0:82:ad:c9:0f:02:03:02:36:cc:10:8f:df:37:7c:1b:5a:12:c6:c8:63:4d:a6:e3:d6:7c:b7:62:41:a5:55:40:22:6d:70:9c:c4:4f:87:7a:e2:8d:e9:9d:2c:f7:1f:25:13:96:58:4b:34:62:3e:0f:d1:03:97:e4:7e:57:01:a8:d3:9d:7e:dc:74:48:74:0c:40:4b:91:e4:0f:0f:55:04:76:70:b6:31:aa:1a:9a:c9:40:19:2a:e9:74:f1:df:14:69:dd:dd:4e:c6:b6:da:ea:39:c3:a0:43:d6:cb:8e:52:19:60:e9:a1:b5:bf:fb:1e:87:38:88:03:3e:0f:e8:42:29:cc:d1:79:30:aa:df:de:24:dd:08:f2:4c:a6:14:0d:0b:a6:13:a4:19:b9:35:7b:fc:0d:fb:7f:ee:6b:ee:3b:d8:54:77:eb:c8:f8:d9:c0:80:d2:58:ae:16:84:b0:a9:39:00:65:b9:b7:4a:cf:49:e5:c6:f0:c7:0a:7a:71:21:71:6b:2d:fe:79:15:03:2c:7a:fe:b5:0e:cc:ea:6f:c4:d7:6a:0d:95:b4:7b:eb:60:14:bd:9d:ff:99:87:c6:a1:1d:b1:2f:f6:d3:a2:e4:97:de:4b:23:af:18:19:b3:e6:e8:0f:e2:f2:6d:4b:de:4c:64:14:06:9c:04:88:dd:6c:4b:4a:56:da:96:d4:dd:27:43:ad:bf:e3:b8:cc:d3:7f:db:d4:46:8f:56:98:49:ec:3f:69:0f:92:03:8e:f1:09:c2:c4:47:2d:9d:b7:6e:18:41:41:6d:7d:d1:5c:8a:1d:33:ee:3a:5d:a2:d7:64:fb:2e:e6:7f:1f:46:24:57:22:24:5e:3e:2c:49:f7:a2:7a:02:d6:19:0e:73:a0:49:e5:82:0e:9d:ee:1c:92:9e:7b:75:59:ce:58:a9:cb:0d:82:b0:96:66:a8:3c:bf:26:3a:63:e4:4d:ca:0e:61:ea:06:66:7a:11:ca:e6:97:ac:95:c4:d1:c5:b0:48:7f:4c:ed:ed:ab:45:ba:62:5a:f9:86:f0:88:1a:03:b6:58:00:f7:9d:60:7f:bd:71:48:d7:ee:0e:00:6c:47:a5:17:7f:03:69:36:f5:91:62:0d:14:cb:be:69:90:30:a5:db:f5:4e:71:f7:20:90:bc:26:d5:88:77:3a:5c:d0:4a:cc:99:7a:8a:f4:22:78:27:59:c4:03:0c:9e:9b:d4:ca:86:5d:6f:51:2e:41:78:bc:ed:56:ca:34:f5:66:4f:26:d0:de:29:0c:51:c2:12:f3:7e:17:17:39:15:ac:b1:d2:1d:37:8f:75:fb:d5:2c:a9:49:06:3e:34" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:34.054549000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494374.054549000", + "frame.time_delta": "0.135385000", + "frame.time_delta_displayed": "0.135385000", + "frame.time_relative": "782.593863000", + "frame.number": "2889", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002d4c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00005d8f", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35298", + "tcp.port": "80", + "tcp.port": "35298", + "tcp.stream": "129", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000675f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2888", + "tcp.analysis.ack_rtt": "0.135385000", + "tcp.analysis.initial_rtt": "0.135895000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:34.081130000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494374.081130000", + "frame.time_delta": "0.026581000", + "frame.time_delta_displayed": "0.026581000", + "frame.time_relative": "782.620444000", + "frame.number": "2890", + "frame.len": "925", + "frame.cap_len": "925", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "911", + "ip.id": "0x000037a8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00004fcc", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35298", + "tcp.port": "80", + "tcp.port": "35298", + "tcp.stream": "129", + "tcp.len": "871", + "tcp.seq": "1", + "tcp.nxtseq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000941a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.135895000", + "tcp.analysis.bytes_in_flight": "871", + "tcp.analysis.push_bytes_sent": "871" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_length_header": "560", + "http.content_length_header_tree": { + "http.content_length": "560" + }, + "http.response.line": "Content-Length: 560\r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Nonce=\"c8fP1lt0O2+7INUIyF8wag==\"", + "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"c8fP1lt0O2+7INUIyF8wag==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Tue, 31 Oct 2017 23:59:33 GMT", + "http.response.line": "Date: Tue, 31 Oct 2017 23:59:33 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.161966000", + "http.request_in": "2888", + "http.file_data": "\u00ef\u00bf\u00bd\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdh\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|AZ\u00ef\u00bf\u00bdUX" + }, + "media": { + "media.type": "ad:1f:cb:8e:68:9a:e0:7c:41:5a:ea:55:58:00:d4:95:90:e3:ce:c1:bb:66:96:56:a5:33:e8:a5:8a:59:dd:4f:b2:a9:99:a2:38:a5:ee:ab:1c:be:a6:68:cf:6f:46:f3:42:5c:5f:ed:b1:9b:9c:c8:e1:46:30:ee:d3:4c:9c:2e:6c:df:c6:05:4c:2a:bc:99:97:4b:40:d3:23:f1:9c:a4:41:66:80:e5:db:0f:71:69:b3:b6:10:84:ab:b4:46:6c:95:c3:96:4f:f7:03:48:6e:3f:00:a7:72:41:4b:dd:f8:16:c0:4a:ee:8b:c3:e4:b4:c7:0a:9c:be:50:48:6f:74:29:74:d0:01:15:c5:fb:33:57:1a:ac:f4:46:39:c0:c2:b0:6e:b9:3b:a3:92:f3:4c:83:f9:2f:f3:7b:a4:66:0f:7f:21:6e:62:ec:2d:21:7d:f3:69:0f:c5:18:b9:6f:f8:b6:ad:bb:66:21:17:be:d1:8b:9c:3e:8b:c0:3a:b4:ca:8f:ac:bb:ee:35:fd:ad:57:1a:73:2f:0b:e2:ea:fc:ad:fd:7f:84:78:c6:d4:5a:4d:58:00:b8:0d:c1:fc:6c:3e:66:6e:1d:6d:bf:ec:17:f7:c9:0c:ae:a0:71:20:90:64:70:40:f7:44:59:93:a9:6a:ad:ad:1e:31:7f:bd:9d:4f:1d:5b:99:3f:d8:b4:d1:e0:51:ea:2f:5a:c5:6c:7a:6e:3f:56:f2:32:c3:de:48:27:26:d7:ea:95:44:09:3d:73:83:34:9d:27:0d:d7:0c:24:24:74:05:bc:7f:27:34:a9:57:f0:ef:9d:f6:a6:4d:9e:11:4b:82:f6:a9:5e:01:06:b5:f3:52:59:3c:46:bb:d4:02:19:b2:54:71:99:c5:18:30:a0:7b:c9:f6:1c:0c:50:cd:50:89:65:e0:72:01:30:fc:59:7c:53:1f:59:b6:67:0f:fb:f0:fd:fb:a3:51:9d:72:94:bc:c8:7f:cd:ea:43:14:6e:48:c7:b9:53:bb:57:de:06:93:2c:07:1b:25:29:8f:d6:02:0f:58:7c:6f:5d:e8:f6:b4:11:40:34:c2:67:01:8f:d1:27:50:bb:09:ad:c8:7d:7f:84:39:a1:2d:12:74:fc:6d:52:14:fb:d2:15:11:60:6f:81:b6:6c:2a:98:25:5a:d1:f3:cc:75:68:c1:fa:55:40:6a:45:e5:b0:d7:cc:4d:6a:10:63:be:e7:ca:d5:66:d9:cc:c8:5e:63:22:f3:c1:e9:be:56:1e:db:51:74:84:f8:31:5c:9e:60:b2:db:ce:02:9d:1e:05:a2:de:49:20:73:e9:de:30:6a:b9:4d:51:5b:69:c4:ad:c2:50:3a:52:38:35:1d:da:57:ed:ec:d2:28:14:4c:63:44:73:26:20:d5:fb:51:c9:cf:23:41:15:b9:87:a6:ec:ea:6f:fb:d9:6e:91:15:83:a6:c0:3f:bd:18:af:59:64:12:a8" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:34.081221000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494374.081221000", + "frame.time_delta": "0.000091000", + "frame.time_delta_displayed": "0.000091000", + "frame.time_relative": "782.620535000", + "frame.number": "2891", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000037aa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00005331", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35298", + "tcp.port": "80", + "tcp.port": "35298", + "tcp.stream": "129", + "tcp.len": "0", + "tcp.seq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000063f7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:34.081706000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494374.081706000", + "frame.time_delta": "0.000485000", + "frame.time_delta_displayed": "0.000485000", + "frame.time_relative": "782.621020000", + "frame.number": "2892", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003fdf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f5fc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35298", + "tcp.dstport": "80", + "tcp.port": "35298", + "tcp.port": "80", + "tcp.stream": "129", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "872", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00000447", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2890", + "tcp.analysis.ack_rtt": "0.000576000", + "tcp.analysis.initial_rtt": "0.135895000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:34.082387000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494374.082387000", + "frame.time_delta": "0.000681000", + "frame.time_delta_displayed": "0.000681000", + "frame.time_relative": "782.621701000", + "frame.number": "2893", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003fe0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f5fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35298", + "tcp.dstport": "80", + "tcp.port": "35298", + "tcp.port": "80", + "tcp.stream": "129", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "873", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00000445", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2891", + "tcp.analysis.ack_rtt": "0.001166000", + "tcp.analysis.initial_rtt": "0.135895000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:34.217382000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494374.217382000", + "frame.time_delta": "0.134995000", + "frame.time_delta_displayed": "0.134995000", + "frame.time_relative": "782.756696000", + "frame.number": "2894", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007181", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000195a", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35298", + "tcp.port": "80", + "tcp.port": "35298", + "tcp.stream": "129", + "tcp.len": "0", + "tcp.seq": "873", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000063f6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "2893", + "tcp.analysis.ack_rtt": "0.134995000", + "tcp.analysis.initial_rtt": "0.135895000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:34.860241000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494374.860241000", + "frame.time_delta": "0.642859000", + "frame.time_delta_displayed": "0.642859000", + "frame.time_relative": "783.399555000", + "frame.number": "2895", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6a3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "241", + "tcp.ack": "217", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000004f7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:35.005706000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494375.005706000", + "frame.time_delta": "0.145465000", + "frame.time_delta_displayed": "0.145465000", + "frame.time_relative": "783.545020000", + "frame.number": "2896", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fdd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdb4", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "217", + "tcp.ack": "242", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000f6c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:36.422594000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494376.422594000", + "frame.time_delta": "1.416888000", + "frame.time_delta_displayed": "1.416888000", + "frame.time_relative": "784.961908000", + "frame.number": "2897", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005c4a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005b9f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:36.686412000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494376.686412000", + "frame.time_delta": "0.263818000", + "frame.time_delta_displayed": "0.263818000", + "frame.time_relative": "785.225726000", + "frame.number": "2898", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020ed", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e727", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58929", + "udp.dstport": "1900", + "udp.port": "58929", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x0000642c", + "udp.checksum.status": "2", + "udp.stream": "73" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:37.237257000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494377.237257000", + "frame.time_delta": "0.550845000", + "frame.time_delta_displayed": "0.550845000", + "frame.time_relative": "785.776571000", + "frame.number": "2899", + "frame.len": "354", + "frame.cap_len": "354", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "340", + "ip.id": "0x00002c52", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000380d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "288", + "tcp.seq": "5278", + "tcp.nxtseq": "5566", + "tcp.ack": "24072", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000093fc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:fa:b1:00:25:e1:8d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812148401, TSecr 2482573": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812148401", + "tcp.options.timestamp.tsecr": "2482573" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "288", + "tcp.analysis.push_bytes_sent": "288" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "283", + "ssl.app_data": "34:cd:34:17:47:48:0e:59:d8:38:dd:48:81:b3:18:f9:c5:a2:06:f4:d8:dc:96:4e:5e:b1:ec:f7:4a:e0:11:61:79:d2:66:fa:c4:99:8a:57:76:72:11:48:21:34:d1:d8:24:19:fd:56:f8:b4:95:f2:73:e7:44:13:34:cf:57:88:a0:58:85:01:d6:5c:b2:16:e2:d5:62:5c:14:73:76:73:33:39:1d:9f:36:36:6e:79:d3:80:0a:8c:58:06:c4:40:05:84:3b:eb:1b:76:b2:7c:47:5d:78:f7:9e:85:05:a2:f9:c2:19:76:63:e5:39:da:6f:82:fb:9f:ec:e5:fb:7c:93:6b:88:93:3c:54:b8:db:c3:3d:ec:1c:48:53:25:2b:4c:73:7d:ee:5a:3c:cc:d7:27:e4:0e:6b:75:4c:4f:3b:70:54:6b:c7:84:29:aa:cd:d3:df:89:ba:0d:bc:1b:0c:aa:74:eb:91:9f:9d:ca:41:d4:88:05:a1:76:fa:3c:ee:e8:d0:7c:6d:9e:d5:7c:bf:db:df:55:ac:3e:9a:51:7b:06:13:be:4f:af:c4:7e:0c:5a:97:bd:d3:40:04:0b:73:26:b4:c0:0f:76:a9:4c:06:65:45:69:ed:bc:31:e9:31:f9:1b:4d:5f:72:a7:d9:bb:4f:59:36:bc:4a:17:d3:63:73:ff:48:cf:f4:0b:0c:41:ad:2a:7a:fc:a8:44:7e:0c:36:52:97:27:57:0d:67:9a:55:a1:f5" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:37.237762000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494377.237762000", + "frame.time_delta": "0.000505000", + "frame.time_delta_displayed": "0.000505000", + "frame.time_relative": "785.777076000", + "frame.number": "2900", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000955e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007821", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "24072", + "tcp.ack": "5566", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005547", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e3:e0:a7:9d:fa:b1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2483168, TSecr 2812148401": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2483168", + "tcp.options.timestamp.tsecr": "2812148401" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2899", + "tcp.analysis.ack_rtt": "0.000505000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:37.246712000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494377.246712000", + "frame.time_delta": "0.008950000", + "frame.time_delta_displayed": "0.008950000", + "frame.time_relative": "785.786026000", + "frame.number": "2901", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x0000955f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077eb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "24072", + "tcp.nxtseq": "24125", + "tcp.ack": "5566", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b1b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e3:e1:a7:9d:fa:b1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2483169, TSecr 2812148401": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2483169", + "tcp.options.timestamp.tsecr": "2812148401" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:00:32:c3:43:57:df:16:b7:40:c5:11:28:29:5f:b4:b8:e0:26:cb:a7:8b:64:6d:cb:a4:99:15:c3:14:b3:f9:a9:8e:6c:c4:e9:cf:2b:14:e7:96" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:37.328593000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494377.328593000", + "frame.time_delta": "0.081881000", + "frame.time_delta_displayed": "0.081881000", + "frame.time_relative": "785.867907000", + "frame.number": "2902", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00007c50", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003afb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "305", + "udp.checksum": "0x0000dee9", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:37.346417000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494377.346417000", + "frame.time_delta": "0.017824000", + "frame.time_delta_displayed": "0.017824000", + "frame.time_relative": "785.885731000", + "frame.number": "2903", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c53", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000392c", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "5566", + "tcp.ack": "24125", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000055e4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:fa:cd:00:25:e3:e1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812148429, TSecr 2483169": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812148429", + "tcp.options.timestamp.tsecr": "2483169" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2901", + "tcp.analysis.ack_rtt": "0.099705000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:37.346979000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494377.346979000", + "frame.time_delta": "0.000562000", + "frame.time_delta_displayed": "0.000562000", + "frame.time_relative": "785.886293000", + "frame.number": "2904", + "frame.len": "765", + "frame.cap_len": "765", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "751", + "ip.id": "0x00009560", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007564", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "699", + "tcp.seq": "24125", + "tcp.nxtseq": "24824", + "tcp.ack": "5566", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000311b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e3:eb:a7:9d:fa:cd", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2483179, TSecr 2812148429": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2483179", + "tcp.options.timestamp.tsecr": "2812148429" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "699", + "tcp.analysis.push_bytes_sent": "699" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:01:72:df:96:0d:a3:b3:3e:ab:f3:47:86:6b:5b:e9:4c:57:70:e5:e6:2c:f0:e4:03:d3:85:1d:74:72:1b:00:82:3f:18:9f:ed:11:dc:3f:9f:d5:b5" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "251", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:02:18:43:cb:53:d9:d4:1f:54:91:c1:f6:6d:11:54:74:d0:29:db:f0:c2:ed:96:73:cc:30:ba:fd:9c:3c:38:c1:fd:0b:41:0a:a5:a3:dd:f0:bc:5b:59:0a:83:3c:97:a1:13:8f:2d:72:21:75:7d:0b:11:d6:d6:2c:79:13:e4:9b:94:3d:0d:f9:0e:09:0d:c1:bc:64:d2:c0:5f:4e:bb:ea:16:7e:ea:69:96:c5:3d:7c:b7:60:e3:da:1a:51:9b:c0:18:c1:d7:a1:b8:b9:a8:53:93:d4:45:fb:44:fe:cb:51:5e:e1:db:e6:64:25:c6:b9:21:1c:a9:d2:20:28:3b:74:94:88:68:5c:8c:da:3e:ca:0e:f2:e9:04:09:5a:1c:68:a8:b9:4a:1d:2d:ca:64:b1:f7:f1:c3:a7:dd:e4:25:00:6a:3a:e7:9d:11:75:a6:b4:b1:1e:3c:61:f7:d2:4e:cc:fb:df:6b:ad:03:6f:b6:b8:d8:dd:14:83:78:f6:2a:ee:8e:57:8f:22:8c:ef:fb:1a:6e:23:18:59:71:47:fe:ed:d4:d3:17:dd:83:4f:bb:a5:56:99:ee:dd:91:27:da:38:df:28:08:49:06:0d:13:fa:b9:f9:8e:54:c7:32:32:11:c7:a0:07:67" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "384", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:03:e0:8b:27:7b:f3:2e:f1:b5:be:85:47:df:44:a0:04:91:33:ba:2a:24:ac:6d:5a:8f:e7:c9:1c:c6:ce:d2:38:ae:a3:85:66:de:e9:19:e6:64:20:14:68:c3:86:d4:f2:f6:b4:1e:64:dc:d3:ef:b1:7d:4a:fa:66:8d:5a:fa:4e:18:70:c5:98:72:d1:89:8c:ea:a9:8f:dc:58:f1:fe:7d:eb:41:3f:15:c5:dc:a8:7e:a2:ee:5b:8b:67:74:f8:c3:0f:00:a2:73:7b:fe:f6:ae:4e:5a:65:f7:e7:fb:c1:d6:c1:30:f6:65:0f:38:cc:b9:63:9a:05:ef:f8:c4:e2:1b:ca:c4:07:10:8a:c0:6a:97:3a:a4:e4:d8:f2:3a:1e:e7:48:55:ac:b5:9f:25:63:26:91:8c:ce:f4:84:22:97:e0:ab:68:44:03:88:0f:75:c1:85:74:ec:a0:c4:57:a9:35:44:4c:da:61:2c:a3:15:c8:62:ff:dc:ed:19:6c:db:ac:ab:71:cb:53:c7:15:f9:e2:ed:8d:6e:c0:b3:12:3f:9e:4b:8d:17:2c:11:42:a6:a8:c3:d0:a7:eb:86:06:af:f0:0e:48:a6:a2:28:49:ad:ac:36:9a:ba:8f:e9:2c:66:e7:20:10:f2:fd:1f:54:9d:ba:ae:54:10:bb:4e:86:be:77:5f:7d:46:9f:68:96:5d:18:e7:41:99:39:fa:71:b5:8b:0d:50:a3:3b:75:af:e5:61:2a:31:18:0d:a3:ee:93:c3:70:20:50:30:9b:70:3f:4a:8a:41:1d:a4:aa:bb:54:08:db:22:52:eb:3a:2f:0a:fd:4e:31:55:8b:e6:bb:7b:5e:10:f1:01:0d:04:98:50:23:f8:62:56:21:03:c8:2a:2d:2e:27:10:9f:14:51:8e:89:43:54:ea:90:86:10:f5:4f:96:c3:73:78:25:b8:66:35:f8:a6:89:75:88:4a:89:8f:f0:40:3d:5a:49:a0:4c:ad:02" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:37.381339000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494377.381339000", + "frame.time_delta": "0.034360000", + "frame.time_delta_displayed": "0.034360000", + "frame.time_relative": "785.920653000", + "frame.number": "2905", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00007c54", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003aee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "314", + "udp.checksum": "0x0000ecd4", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "2902" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:37.407358000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494377.407358000", + "frame.time_delta": "0.026019000", + "frame.time_delta_displayed": "0.026019000", + "frame.time_relative": "785.946672000", + "frame.number": "2906", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c54", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000392b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "5566", + "tcp.ack": "24824", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005310", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:fa:dc:00:25:e3:eb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812148444, TSecr 2483179": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812148444", + "tcp.options.timestamp.tsecr": "2483179" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2904", + "tcp.analysis.ack_rtt": "0.060379000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:37.434351000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494377.434351000", + "frame.time_delta": "0.026993000", + "frame.time_delta_displayed": "0.026993000", + "frame.time_relative": "785.973665000", + "frame.number": "2907", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00007c59", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003aef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "308", + "udp.checksum": "0x0000105f", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "2905" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:37.659394000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494377.659394000", + "frame.time_delta": "0.225043000", + "frame.time_delta_displayed": "0.225043000", + "frame.time_relative": "786.198708000", + "frame.number": "2908", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009561", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077e8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "24824", + "tcp.nxtseq": "24878", + "tcp.ack": "5566", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009bcb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e4:0a:a7:9d:fa:dc", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2483210, TSecr 2812148444": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2483210", + "tcp.options.timestamp.tsecr": "2812148444" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:04:26:c8:c7:7e:1b:dd:b3:93:97:4f:48:bb:03:5c:b8:e5:b3:01:09:0f:2c:1c:8c:e9:c4:1b:bb:ea:09:8c:01:9b:80:6d:7a:75:e6:16:37:68:66" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:37.687041000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494377.687041000", + "frame.time_delta": "0.027647000", + "frame.time_delta_displayed": "0.027647000", + "frame.time_relative": "786.226355000", + "frame.number": "2909", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020ee", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e726", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58929", + "udp.dstport": "1900", + "udp.port": "58929", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x0000642c", + "udp.checksum.status": "2", + "udp.stream": "73" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "2898" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:37.719647000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494377.719647000", + "frame.time_delta": "0.032606000", + "frame.time_delta_displayed": "0.032606000", + "frame.time_relative": "786.258961000", + "frame.number": "2910", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c55", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000392a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "5566", + "tcp.ack": "24878", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000526d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:fb:2a:00:25:e4:0a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812148522, TSecr 2483210": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812148522", + "tcp.options.timestamp.tsecr": "2483210" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2908", + "tcp.analysis.ack_rtt": "0.060253000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:38.333458000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494378.333458000", + "frame.time_delta": "0.613811000", + "frame.time_delta_displayed": "0.613811000", + "frame.time_relative": "786.872772000", + "frame.number": "2911", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00007c78", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003ad3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "305", + "udp.checksum": "0x0000dee9", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "2907" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:38.386248000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494378.386248000", + "frame.time_delta": "0.052790000", + "frame.time_delta_displayed": "0.052790000", + "frame.time_relative": "786.925562000", + "frame.number": "2912", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00007c7c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003ac6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "314", + "udp.checksum": "0x0000ecd4", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "2911" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:38.439025000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494378.439025000", + "frame.time_delta": "0.052777000", + "frame.time_delta_displayed": "0.052777000", + "frame.time_relative": "786.978339000", + "frame.number": "2913", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00007c80", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003ac8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "308", + "udp.checksum": "0x0000105f", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "2912" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:38.650884000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494378.650884000", + "frame.time_delta": "0.211859000", + "frame.time_delta_displayed": "0.211859000", + "frame.time_relative": "787.190198000", + "frame.number": "2914", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:38.651251000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494378.651251000", + "frame.time_delta": "0.000367000", + "frame.time_delta_displayed": "0.000367000", + "frame.time_relative": "787.190565000", + "frame.number": "2915", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:38.687809000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494378.687809000", + "frame.time_delta": "0.036558000", + "frame.time_delta_displayed": "0.036558000", + "frame.time_relative": "787.227123000", + "frame.number": "2916", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020ef", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e725", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58929", + "udp.dstport": "1900", + "udp.port": "58929", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x0000642c", + "udp.checksum.status": "2", + "udp.stream": "73" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "2909" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:38.912968000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494378.912968000", + "frame.time_delta": "0.225159000", + "frame.time_delta_displayed": "0.225159000", + "frame.time_relative": "787.452282000", + "frame.number": "2917", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00007c9b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003ab0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "305", + "udp.checksum": "0x0000dee9", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "2913" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:38.965794000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494378.965794000", + "frame.time_delta": "0.052826000", + "frame.time_delta_displayed": "0.052826000", + "frame.time_relative": "787.505108000", + "frame.number": "2918", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00007c9f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003aa3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "314", + "udp.checksum": "0x0000ecd4", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "2917" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:39.018507000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494379.018507000", + "frame.time_delta": "0.052713000", + "frame.time_delta_displayed": "0.052713000", + "frame.time_relative": "787.557821000", + "frame.number": "2919", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00007ca2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003aa6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "308", + "udp.checksum": "0x0000105f", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "2918" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:39.386445000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494379.386445000", + "frame.time_delta": "0.367938000", + "frame.time_delta_displayed": "0.367938000", + "frame.time_relative": "787.925759000", + "frame.number": "2920", + "frame.len": "353", + "frame.cap_len": "353", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "339", + "ip.id": "0x00002c56", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000380a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "287", + "tcp.seq": "5566", + "tcp.nxtseq": "5853", + "tcp.ack": "24878", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c3fb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:fc:cb:00:25:e4:0a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812148939, TSecr 2483210": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812148939", + "tcp.options.timestamp.tsecr": "2483210" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "287", + "tcp.analysis.push_bytes_sent": "287" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "282", + "ssl.app_data": "34:cd:34:17:47:48:0e:5a:a9:52:55:e4:70:c0:c1:4d:48:3f:a3:c6:2f:dc:ab:47:9e:bf:02:62:71:0f:af:e3:15:8d:d2:3f:72:2a:1b:4a:bd:05:35:bf:10:e1:3f:4c:73:4e:d0:49:b4:24:41:7d:6b:60:eb:b7:50:ff:b2:d3:de:ba:6e:d9:eb:87:f1:cf:4d:ca:3a:c0:fe:8d:43:f5:20:71:95:e8:af:68:47:f7:2a:f9:a5:75:49:87:c2:5c:da:44:26:14:be:ec:11:cc:1c:0c:bf:fd:30:09:ad:54:51:2b:ce:f1:1d:98:36:52:f0:38:13:10:0d:7e:31:da:2b:45:a0:c1:b0:aa:85:31:50:01:47:8e:44:1b:d0:c7:2e:e4:fe:31:88:78:78:f8:c1:10:d7:6a:25:ab:6e:b8:c9:01:ae:55:2d:b1:a4:2d:46:94:73:9f:f5:98:8b:9a:aa:8b:04:96:9e:89:0c:c4:6f:cb:1d:e2:54:de:03:ff:af:0e:04:c7:73:31:d6:b6:e9:18:59:a8:b6:d7:20:d7:1b:73:7b:29:48:69:91:2d:23:5a:d3:c7:fd:b0:e9:df:d2:06:1f:28:ea:f0:73:1b:fd:b9:31:1a:ef:4a:7e:84:5e:6c:a6:2e:df:fa:ab:d6:43:7a:39:24:3b:4a:f0:83:50:ec:08:db:de:23:5e:40:34:4d:7a:48:eb:b1:86:ae:ba:86:c4:7c:25:c6:e9:31:7e:8d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:39.401107000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494379.401107000", + "frame.time_delta": "0.014662000", + "frame.time_delta_displayed": "0.014662000", + "frame.time_relative": "787.940421000", + "frame.number": "2921", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x00009562", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077e8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "24878", + "tcp.nxtseq": "24931", + "tcp.ack": "5853", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005f3e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e4:b8:a7:9d:fc:cb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2483384, TSecr 2812148939": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2483384", + "tcp.options.timestamp.tsecr": "2812148939" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2920", + "tcp.analysis.ack_rtt": "0.014662000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:05:70:cc:9d:66:3c:63:25:5e:a9:28:b2:7f:03:54:6a:7c:dc:e7:25:98:14:62:a8:87:26:3f:c6:ef:2f:d5:c7:06:04:dc:e0:29:da:49:d8:b1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:39.461262000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494379.461262000", + "frame.time_delta": "0.060155000", + "frame.time_delta_displayed": "0.060155000", + "frame.time_relative": "788.000576000", + "frame.number": "2922", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c57", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003928", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "5853", + "tcp.ack": "24931", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004eb8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:fc:dd:00:25:e4:b8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812148957, TSecr 2483384": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812148957", + "tcp.options.timestamp.tsecr": "2483384" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2921", + "tcp.analysis.ack_rtt": "0.060155000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:39.461814000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494379.461814000", + "frame.time_delta": "0.000552000", + "frame.time_delta_displayed": "0.000552000", + "frame.time_relative": "788.001128000", + "frame.number": "2923", + "frame.len": "764", + "frame.cap_len": "764", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "750", + "ip.id": "0x00009563", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007562", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "698", + "tcp.seq": "24931", + "tcp.nxtseq": "25629", + "tcp.ack": "5853", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ee7d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e4:be:a7:9d:fc:dd", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2483390, TSecr 2812148957": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2483390", + "tcp.options.timestamp.tsecr": "2812148957" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "698", + "tcp.analysis.push_bytes_sent": "698" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:06:45:3b:30:b9:56:56:b1:62:76:98:6f:a9:49:6e:7f:e0:7d:a7:c7:b4:40:10:ac:f1:9b:ed:48:35:08:61:d4:d7:b8:82:8b:1a:e8:af:18:ab:15" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "353", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:07:db:b1:16:4f:77:e4:d9:26:cf:0b:46:c5:ac:12:b0:71:46:47:09:fc:7d:00:85:5a:a1:48:f6:57:61:e1:10:bf:7a:37:60:dd:07:44:b6:72:a0:3e:77:09:8c:df:a6:21:67:2f:3b:30:0a:89:da:03:1c:ea:65:ed:4a:64:ea:4a:d7:54:4c:a2:5a:99:61:81:40:ef:a2:94:ef:c2:c4:19:0a:3b:3d:fd:7b:eb:4e:6e:19:26:e1:de:26:78:b8:b6:36:aa:77:4a:ac:71:52:31:01:18:4b:19:b5:d0:bc:2f:6b:b1:a7:9e:6f:4e:49:94:f9:f5:cb:7a:e6:3f:0a:9f:4a:15:68:42:59:1e:16:1f:a3:31:86:b7:a8:bd:a3:c0:76:36:e7:bd:63:14:d9:c9:a0:4f:64:12:60:81:b1:80:2c:2c:b8:b3:6b:1e:60:51:8c:c6:0d:29:64:57:33:85:3c:f1:d9:e9:df:59:37:15:9b:dc:04:71:6d:87:40:3d:48:12:a5:2d:c3:9b:f1:74:3b:2c:13:51:2b:3e:b0:d2:dd:43:5a:d0:6e:8a:d0:dc:8c:20:41:8c:42:00:11:8c:0c:80:5a:40:2a:41:c9:0c:5e:b1:55:ab:7f:bc:24:b6:b1:50:31:cf:88:ac:e0:f4:8b:30:0d:b2:48:90:e3:a5:ca:cb:64:85:aa:a2:54:ec:80:af:01:0d:c8:29:bd:9c:91:d8:06:4e:5f:65:c3:10:53:91:94:79:a0:7a:6d:2d:3b:3f:a8:35:aa:ab:65:67:29:a7:01:69:ea:7d:3d:f1:24:d0:1b:8f:08:2c:9c:80:c8:97:5d:f1:37:a5:21:68:e0:ca:f1:9c:f1:2a:39:8d:6e:ad:b7:72:fa:3f:75:d1:f4:b6:c2:cc:48:96:7f:14:70" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "281", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:08:fb:5f:c9:61:b5:6f:24:f6:a1:ac:a7:7e:69:47:71:2e:4f:ab:1d:e8:73:28:39:3b:e8:03:03:5f:f5:fa:05:96:8b:39:50:78:12:84:2a:b7:2e:9d:0a:68:fd:d3:83:f0:b6:bc:5e:c8:3a:e0:86:8f:4b:cb:ce:bf:c3:2c:bc:a1:b2:a5:7e:30:58:52:1b:80:0f:a6:1a:f4:a2:ad:77:57:4e:0c:79:db:ea:47:8b:a2:e3:aa:29:06:e6:32:b5:2c:de:94:d3:78:e5:6c:b5:3e:da:47:79:9d:9a:94:7b:84:27:36:ce:5b:6e:f0:8c:bd:e8:f5:f6:e3:be:67:71:03:39:ca:69:a8:36:2e:9f:d1:31:b8:b3:a6:7f:83:84:21:9c:bc:f8:f8:6b:8b:b9:14:62:54:be:34:26:11:da:b8:02:34:f5:01:25:77:12:20:14:e5:2d:31:65:83:7b:0e:a8:29:4f:44:54:2a:8f:31:95:95:4e:a4:29:5d:a8:7a:24:6d:62:14:1b:0b:af:b6:54:91:8b:9e:75:4f:26:32:6d:ee:14:51:ad:b9:d7:85:f4:eb:87:67:bc:08:d7:6d:7f:31:40:b3:fb:60:34:88:8e:3b:29:d6:62:32:bf:f5:33:34:52:02:5e:e3:9a:c3:7b:7c:34:dc:b5:69:5c:06:d9:01:93:4a:e0:d1:4d:4a:a9:54:82:1b:7e:09:b3:a8:a5" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:39.521949000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494379.521949000", + "frame.time_delta": "0.060135000", + "frame.time_delta_displayed": "0.060135000", + "frame.time_relative": "788.061263000", + "frame.number": "2924", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c58", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003927", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "5853", + "tcp.ack": "25629", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004be9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:fc:ec:00:25:e4:be", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812148972, TSecr 2483390": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812148972", + "tcp.options.timestamp.tsecr": "2483390" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2923", + "tcp.analysis.ack_rtt": "0.060135000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:39.688898000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494379.688898000", + "frame.time_delta": "0.166949000", + "frame.time_delta_displayed": "0.166949000", + "frame.time_relative": "788.228212000", + "frame.number": "2925", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020f0", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e724", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58929", + "udp.dstport": "1900", + "udp.port": "58929", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x0000642c", + "udp.checksum.status": "2", + "udp.stream": "73" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "2916" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:39.812813000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494379.812813000", + "frame.time_delta": "0.123915000", + "frame.time_delta_displayed": "0.123915000", + "frame.time_relative": "788.352127000", + "frame.number": "2926", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009564", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077e5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "25629", + "tcp.nxtseq": "25683", + "tcp.ack": "5853", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000044e1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e4:e1:a7:9d:fc:ec", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2483425, TSecr 2812148972": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2483425", + "tcp.options.timestamp.tsecr": "2812148972" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:09:52:e3:b3:01:ae:09:de:6d:b7:82:34:c2:96:2c:67:03:f9:94:3c:27:66:6a:a2:90:69:dd:9f:e1:f6:87:d5:4e:32:98:18:73:25:19:66:b2:31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:39.872889000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494379.872889000", + "frame.time_delta": "0.060076000", + "frame.time_delta_displayed": "0.060076000", + "frame.time_relative": "788.412203000", + "frame.number": "2927", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c59", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003926", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "5853", + "tcp.ack": "25683", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004b38", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:fd:44:00:25:e4:e1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812149060, TSecr 2483425": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812149060", + "tcp.options.timestamp.tsecr": "2483425" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2926", + "tcp.analysis.ack_rtt": "0.060076000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:39.965884000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494379.965884000", + "frame.time_delta": "0.092995000", + "frame.time_delta_displayed": "0.092995000", + "frame.time_relative": "788.505198000", + "frame.number": "2928", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00007cae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003a9d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "305", + "udp.checksum": "0x0000dee9", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "2919" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:40.018620000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494380.018620000", + "frame.time_delta": "0.052736000", + "frame.time_delta_displayed": "0.052736000", + "frame.time_relative": "788.557934000", + "frame.number": "2929", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00007cb1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003a91", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "314", + "udp.checksum": "0x0000ecd4", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "2928" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:40.071422000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494380.071422000", + "frame.time_delta": "0.052802000", + "frame.time_delta_displayed": "0.052802000", + "frame.time_relative": "788.610736000", + "frame.number": "2930", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00007cb2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003a96", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "308", + "udp.checksum": "0x0000105f", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "2929" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:41.175576000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494381.175576000", + "frame.time_delta": "1.104154000", + "frame.time_delta_displayed": "1.104154000", + "frame.time_relative": "789.714890000", + "frame.number": "2931", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00007cea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003a61", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "305", + "udp.checksum": "0x0000dee9", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "2930" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:41.228725000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494381.228725000", + "frame.time_delta": "0.053149000", + "frame.time_delta_displayed": "0.053149000", + "frame.time_relative": "789.768039000", + "frame.number": "2932", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00007ceb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003a57", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "314", + "udp.checksum": "0x0000ecd4", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "2931" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:41.281643000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494381.281643000", + "frame.time_delta": "0.052918000", + "frame.time_delta_displayed": "0.052918000", + "frame.time_relative": "789.820957000", + "frame.number": "2933", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00007cee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003a5a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "308", + "udp.checksum": "0x0000105f", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "2932" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:41.498719000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494381.498719000", + "frame.time_delta": "0.217076000", + "frame.time_delta_displayed": "0.217076000", + "frame.time_relative": "790.038033000", + "frame.number": "2934", + "frame.len": "354", + "frame.cap_len": "354", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "340", + "ip.id": "0x00002c5a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003805", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "288", + "tcp.seq": "5853", + "tcp.nxtseq": "6141", + "tcp.ack": "25683", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006265", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:fe:db:00:25:e4:e1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812149467, TSecr 2483425": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812149467", + "tcp.options.timestamp.tsecr": "2483425" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "288", + "tcp.analysis.push_bytes_sent": "288" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "283", + "ssl.app_data": "34:cd:34:17:47:48:0e:5b:5f:de:ad:d9:0e:29:91:d1:ae:71:d2:09:c0:e7:05:79:3b:17:34:93:f0:32:f9:30:ef:13:15:cb:75:88:cc:91:3d:02:08:4e:50:70:28:50:52:2b:c3:f3:30:51:87:fa:43:55:07:a5:ec:da:a1:bc:2e:e8:ce:59:f8:fb:4e:63:ed:3c:d0:d2:cc:2b:3b:f7:65:ab:ef:f9:4e:55:e6:55:fb:96:0d:01:b6:2d:80:f6:06:62:0e:38:05:93:57:68:37:34:f5:0f:5b:ac:89:75:4c:b4:be:2c:6d:4c:0a:59:ef:89:b5:b3:ca:b1:33:19:97:17:e1:32:0a:18:9b:0d:47:3f:aa:3e:90:f2:9f:12:09:f2:e5:f0:ff:8f:dd:1d:c9:4b:5b:ba:f7:e9:b3:4b:7a:75:8a:f1:a9:11:c5:4d:1b:2d:e3:3b:38:c0:d4:ed:0e:3c:f6:cf:57:0f:a3:3b:1a:e3:4e:26:16:5f:2e:5b:77:65:87:1c:9f:a7:be:1f:bb:81:58:6f:ad:af:ae:13:5a:30:68:81:af:58:d7:eb:17:98:e0:1d:17:88:ea:40:fb:ae:d5:35:27:a8:72:51:be:65:f0:50:a8:16:64:b6:c9:0b:b0:c1:36:ec:52:db:fd:99:13:93:9d:a6:4d:94:a8:a5:19:c2:36:2d:b8:ef:54:bf:ab:1e:27:ec:7c:9a:1a:10:c3:48:4f:eb:2f:b7:2e:aa:b9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:41.519779000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494381.519779000", + "frame.time_delta": "0.021060000", + "frame.time_delta_displayed": "0.021060000", + "frame.time_relative": "790.059093000", + "frame.number": "2935", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x00009565", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077e5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "25683", + "tcp.nxtseq": "25736", + "tcp.ack": "6141", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003d6d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e5:8c:a7:9d:fe:db", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2483596, TSecr 2812149467": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2483596", + "tcp.options.timestamp.tsecr": "2812149467" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2934", + "tcp.analysis.ack_rtt": "0.021060000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:0a:e7:31:6e:c6:45:56:d5:f7:90:91:d6:2e:46:2a:1d:18:b6:45:fa:6e:ba:94:a0:1a:84:29:90:dc:e5:74:3f:ef:79:fc:f5:b9:08:34:23:f7" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:41.579840000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494381.579840000", + "frame.time_delta": "0.060061000", + "frame.time_delta_displayed": "0.060061000", + "frame.time_relative": "790.119154000", + "frame.number": "2936", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c5b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003924", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "6141", + "tcp.ack": "25736", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000478d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:fe:ef:00:25:e5:8c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812149487, TSecr 2483596": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812149487", + "tcp.options.timestamp.tsecr": "2483596" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2935", + "tcp.analysis.ack_rtt": "0.060061000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:41.580384000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494381.580384000", + "frame.time_delta": "0.000544000", + "frame.time_delta_displayed": "0.000544000", + "frame.time_relative": "790.119698000", + "frame.number": "2937", + "frame.len": "765", + "frame.cap_len": "765", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "751", + "ip.id": "0x00009566", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000755e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "699", + "tcp.seq": "25736", + "tcp.nxtseq": "26435", + "tcp.ack": "6141", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008787", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e5:92:a7:9d:fe:ef", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2483602, TSecr 2812149487": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2483602", + "tcp.options.timestamp.tsecr": "2812149487" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "699", + "tcp.analysis.push_bytes_sent": "699" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:0b:6b:74:d8:af:76:2a:5d:5e:d4:48:06:22:a1:76:55:59:e7:d9:8c:6f:c1:6a:33:90:8a:83:66:17:ae:87:04:f5:c8:53:0f:76:9a:74:63:b2:05" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:0c:6c:bc:e5:13:4c:bf:d8:25:a1:86:0a:8a:57:1c:6a:bd:60:4c:77:02:14:1a:04:02:7b:4e:d7:17:60:f0:67:ee:d5:a9:6e:cd:2d:0c:bf:c4:51:ca:fa:03:18:d6:c3:47:4d:41:39:bf:2e:d6:2f:2a:ed:9f:0a:16:5d:00:c4:4a:96:46:c1:32:6a:ce:bf:db:4c:7a:c6:82:ad:69:f2:f0:9f:fc:57:3d:28:2a:08:f1" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "539", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:0d:a9:1d:7a:72:be:68:1e:6c:8e:bc:2a:15:a4:72:a1:92:5b:77:97:ed:eb:c3:87:9d:3e:92:fa:f5:fe:7b:d4:a0:9e:e8:c0:bf:e5:52:3f:74:2f:85:98:a2:10:af:35:44:03:f1:1d:9f:33:2c:0c:a7:b6:a2:7a:9e:0c:03:23:80:af:94:3a:52:31:12:5f:ae:42:93:d2:49:02:d1:c5:95:9c:b6:4e:ac:3a:6a:82:d2:b2:6d:b7:d1:22:a2:bf:4f:b3:72:00:69:05:84:c3:0d:c2:2b:23:66:6c:c2:b6:98:ed:ff:bc:72:41:6b:ce:9f:49:31:fd:39:28:41:9f:71:6e:53:0d:a8:8a:3a:ed:cf:4c:f3:b3:ce:66:06:03:98:66:3a:35:5b:9f:8a:bb:c8:f3:9a:ee:ec:c6:9c:13:7b:b2:a7:fa:56:17:98:74:b9:ac:0a:8f:66:20:73:ef:7c:cf:02:90:21:9d:03:9e:24:ad:87:b0:72:08:6a:c3:21:f8:0c:35:58:22:83:e0:c6:5d:46:6a:92:35:28:c4:3a:e1:43:49:e9:4b:0a:7b:0f:64:1a:f8:6d:b2:c7:5e:82:d3:e6:a1:34:6c:af:3e:17:dd:13:46:2f:f7:15:57:84:04:63:fa:0b:3c:90:2f:83:65:9f:d7:31:88:42:a0:11:2a:7f:c6:f6:83:52:f2:79:d9:d8:2c:36:e9:84:21:aa:fb:6e:6b:22:e3:dc:a3:f6:3b:37:cf:2a:df:15:9b:c7:d9:b4:7c:6b:ad:5d:ed:e7:87:04:88:7e:6c:d0:cc:bd:d7:c2:d3:8a:a4:a6:72:27:b8:cf:47:0e:83:c1:b3:dc:e1:f1:8b:f1:2c:c5:4f:fb:b9:39:cc:3c:33:ea:a7:23:ba:52:c7:4e:76:a9:a7:1e:f9:a8:a9:80:e2:0c:05:61:44:0c:2f:4a:23:fd:3c:e9:ce:46:d8:4f:1c:83:dd:e4:a3:23:c5:b6:e0:ba:1d:1f:1c:0e:71:0a:f0:2b:60:72:49:f0:7d:db:54:32:cc:3b:0b:04:b4:af:85:25:6f:b2:b6:e1:b1:52:c7:4a:30:56:e7:99:3e:33:86:c3:ae:b0:88:a9:ff:0d:c4:93:0a:a0:25:1b:50:ba:1e:1f:50:cb:1b:b5:af:7e:9d:23:df:ed:d9:fe:c9:0c:e0:eb:38:c0:75:f8:52:5f:0c:ba:5c:c7:a4:66:86:9d:b7:06:2b:52:be:4f:96:c7:47:db:a1:ce:c6:cd:91:6b:79:cd:34:53:38:f9:74:b9:0a:ce:73:64:21:fa:16:ab:e8:d8:e7:0d:a9:01:06:88:ce:ec:5b:81:57:6a:37:68:99:fe:8b:2b:ce:8b:13:db:4e:29:91:5d:af:96:4b:62:f0:39:64:aa:51:a2:ba" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:41.640630000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494381.640630000", + "frame.time_delta": "0.060246000", + "frame.time_delta_displayed": "0.060246000", + "frame.time_relative": "790.179944000", + "frame.number": "2938", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c5c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003923", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "6141", + "tcp.ack": "26435", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000044bd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:fe:fe:00:25:e5:92", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812149502, TSecr 2483602": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812149502", + "tcp.options.timestamp.tsecr": "2483602" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2937", + "tcp.analysis.ack_rtt": "0.060246000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:41.920695000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494381.920695000", + "frame.time_delta": "0.280065000", + "frame.time_delta_displayed": "0.280065000", + "frame.time_relative": "790.460009000", + "frame.number": "2939", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009567", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077e2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "26435", + "tcp.nxtseq": "26489", + "tcp.ack": "6141", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003ac9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e5:b4:a7:9d:fe:fe", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2483636, TSecr 2812149502": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2483636", + "tcp.options.timestamp.tsecr": "2812149502" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:0e:cb:8b:46:4d:22:62:97:11:b7:6d:1b:b4:dc:02:3a:ac:a3:c9:d1:ce:03:c0:58:c9:bf:d2:02:fe:0d:bf:3b:dc:f3:01:df:54:95:61:db:8e:ae" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:41.981092000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494381.981092000", + "frame.time_delta": "0.060397000", + "frame.time_delta_displayed": "0.060397000", + "frame.time_relative": "790.520406000", + "frame.number": "2940", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c5d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003922", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "6141", + "tcp.ack": "26489", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004410", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9d:ff:53:00:25:e5:b4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812149587, TSecr 2483636": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812149587", + "tcp.options.timestamp.tsecr": "2483636" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2939", + "tcp.analysis.ack_rtt": "0.060397000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:42.230451000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494382.230451000", + "frame.time_delta": "0.249359000", + "frame.time_delta_displayed": "0.249359000", + "frame.time_relative": "790.769765000", + "frame.number": "2941", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00007d00", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003a4b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "305", + "udp.checksum": "0x0000dee9", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "2933" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:42.283204000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494382.283204000", + "frame.time_delta": "0.052753000", + "frame.time_delta_displayed": "0.052753000", + "frame.time_relative": "790.822518000", + "frame.number": "2942", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00007d02", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003a40", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "314", + "udp.checksum": "0x0000ecd4", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "2941" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:42.335984000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494382.335984000", + "frame.time_delta": "0.052780000", + "frame.time_delta_displayed": "0.052780000", + "frame.time_relative": "790.875298000", + "frame.number": "2943", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00007d03", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003a45", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "308", + "udp.checksum": "0x0000105f", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "2942" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:42.704532000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494382.704532000", + "frame.time_delta": "0.368548000", + "frame.time_delta_displayed": "0.368548000", + "frame.time_relative": "791.243846000", + "frame.number": "2944", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00007d09", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003a42", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "305", + "udp.checksum": "0x0000dee9", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "2943" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:42.757301000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494382.757301000", + "frame.time_delta": "0.052769000", + "frame.time_delta_displayed": "0.052769000", + "frame.time_relative": "791.296615000", + "frame.number": "2945", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00007d0a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003a38", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "314", + "udp.checksum": "0x0000ecd4", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "2944" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:42.810187000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494382.810187000", + "frame.time_delta": "0.052886000", + "frame.time_delta_displayed": "0.052886000", + "frame.time_relative": "791.349501000", + "frame.number": "2946", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00007d0f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003a39", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "308", + "udp.checksum": "0x0000105f", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "2945" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:42.871509000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494382.871509000", + "frame.time_delta": "0.061322000", + "frame.time_delta_displayed": "0.061322000", + "frame.time_relative": "791.410823000", + "frame.number": "2947", + "frame.len": "353", + "frame.cap_len": "353", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "339", + "ip.id": "0x00002c5e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003802", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "287", + "tcp.seq": "6141", + "tcp.nxtseq": "6428", + "tcp.ack": "26489", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e36c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:00:32:00:25:e5:b4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812149810, TSecr 2483636": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812149810", + "tcp.options.timestamp.tsecr": "2483636" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "287", + "tcp.analysis.push_bytes_sent": "287" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "282", + "ssl.app_data": "34:cd:34:17:47:48:0e:5c:9c:4d:6e:32:b6:c1:c2:53:df:62:e4:ed:4e:2d:6c:fb:73:fa:ab:c9:06:09:3b:d4:28:8c:68:da:c8:69:e1:86:22:a4:4a:e1:e4:f2:e3:42:08:34:b6:ec:97:be:dc:27:88:57:e1:58:ed:a5:88:ef:7c:52:5c:02:2f:54:1d:74:3b:7a:e2:fa:2f:0f:10:cf:85:0b:0e:a0:1c:77:e2:ef:00:10:8d:40:10:a1:2b:c6:75:81:90:63:fe:5f:a5:82:c2:4f:14:ad:f3:cd:b6:9c:fa:e3:43:84:ef:f5:6c:a4:e0:ce:4c:fe:66:70:be:14:87:6f:bf:8e:26:be:b9:6b:a5:23:d3:bf:72:84:bb:32:c5:0a:1e:51:f2:19:cb:b5:83:2e:b9:e3:d7:74:59:61:7f:57:2b:54:de:f3:8b:97:bb:f5:c0:64:bd:f6:0c:00:36:1d:c7:93:6f:13:7b:c4:8d:c3:e4:7f:ea:d3:e4:9c:f4:db:c5:b9:74:c5:0b:ca:18:ce:78:9d:c1:42:71:d6:07:ce:e1:f0:57:2e:f2:d4:5d:5d:27:1f:10:2c:fe:b2:d4:e6:21:6e:ae:c2:61:ef:e6:b5:30:06:60:ae:a5:5d:bc:20:0d:af:e0:05:09:cb:6b:06:00:c6:f3:a5:1e:0a:5d:1d:19:08:47:f7:b3:07:b8:49:90:40:6a:a6:8b:d8:5d:02:0c:a6:ba:fa:8d:d4:17:dd" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:42.896940000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494382.896940000", + "frame.time_delta": "0.025431000", + "frame.time_delta_displayed": "0.025431000", + "frame.time_relative": "791.436254000", + "frame.number": "2948", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x00009568", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077e2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "26489", + "tcp.nxtseq": "26542", + "tcp.ack": "6428", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e3d9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e6:16:a7:9e:00:32", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2483734, TSecr 2812149810": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2483734", + "tcp.options.timestamp.tsecr": "2812149810" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2947", + "tcp.analysis.ack_rtt": "0.025431000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:0f:1c:be:3f:19:8f:33:15:5a:1a:c4:eb:01:ef:04:24:51:cb:a0:6f:9c:c9:1e:da:8e:33:53:bf:c7:1f:9f:c9:3f:bb:47:ad:87:60:c9:ec:48" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:42.957139000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494382.957139000", + "frame.time_delta": "0.060199000", + "frame.time_delta_displayed": "0.060199000", + "frame.time_relative": "791.496453000", + "frame.number": "2949", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c5f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003920", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "6428", + "tcp.ack": "26542", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004166", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:00:47:00:25:e6:16", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812149831, TSecr 2483734": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812149831", + "tcp.options.timestamp.tsecr": "2483734" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2948", + "tcp.analysis.ack_rtt": "0.060199000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:42.957665000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494382.957665000", + "frame.time_delta": "0.000526000", + "frame.time_delta_displayed": "0.000526000", + "frame.time_relative": "791.496979000", + "frame.number": "2950", + "frame.len": "764", + "frame.cap_len": "764", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "750", + "ip.id": "0x00009569", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000755c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "698", + "tcp.seq": "26542", + "tcp.nxtseq": "27240", + "tcp.ack": "6428", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c116", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e6:1c:a7:9e:00:47", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2483740, TSecr 2812149831": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2483740", + "tcp.options.timestamp.tsecr": "2812149831" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "698", + "tcp.analysis.push_bytes_sent": "698" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:10:48:c8:03:35:8d:a8:27:a5:20:24:d9:e7:79:1c:e3:cf:95:a4:a9:3f:56:90:ce:7e:bc:7f:b0:0d:3a:ba:38:aa:95:51:76:57:02:89:a3:7c:e7" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:11:9e:7c:36:f7:a0:6c:b5:52:c9:1b:1b:c2:3d:73:a0:41:71:af:d1:0c:65:0c:63:d2:f0:a2:c1:ef:72:93:8f:fa:20:07:77:63:fc:22:bc:e2:40:fa:7d:ac:65:9d:72:de:33:13:1a:c0:91:d2:1d:6e:33:c7:58:2f:a3:41:8a:f6:8c:c7:d1:a8:b1:d4:b6:33:70:e4:3a:f9:a3:6e:be:c2:1f:f8:50:18:e5:cb:8b:e6" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "538", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:12:1c:f0:bc:fd:a6:e0:b9:4e:51:d4:b1:85:e0:b7:92:ec:7a:7a:fe:81:da:3c:3a:64:7d:e3:b1:fa:54:fb:9b:ad:a9:4a:cd:d1:55:bc:23:13:f0:d5:fd:aa:de:7f:2c:4a:48:d9:65:77:35:d2:8b:56:c5:aa:3d:de:03:e3:e3:29:10:45:91:aa:fe:74:6c:ba:51:63:8b:b9:cc:40:25:8d:7a:c8:8b:13:b0:f6:ed:a5:e6:ce:c6:ae:fe:3d:05:ff:02:2a:f7:7a:ff:ec:84:0c:40:3e:dc:86:95:5e:45:05:c6:1a:59:80:8c:c7:98:99:51:91:04:eb:06:b1:05:a2:22:77:07:39:b5:e4:60:76:04:16:59:a1:55:7b:65:a7:ad:b5:ff:fc:d7:df:55:fe:47:78:a1:5d:ab:81:95:db:ad:78:70:8e:9b:84:36:fd:ad:b2:19:30:9e:41:44:d8:29:84:f7:be:d6:98:7b:27:8e:7f:10:ef:3b:29:bf:2c:35:df:d7:17:52:6b:43:36:14:8a:be:29:65:47:8b:3b:ca:8f:25:20:f8:de:be:75:af:9e:ba:c5:38:5c:bf:3b:a0:90:a9:bd:5e:fe:9c:0c:f9:d9:c4:a7:53:62:11:c8:5e:59:d2:1d:4f:b6:37:e9:1e:08:4c:c7:e3:cf:b4:6f:96:bd:d9:01:5f:e7:61:fe:b6:48:dc:93:87:c9:48:0f:34:17:74:f2:5b:dd:84:1d:b3:1a:16:c4:a9:b8:4a:80:e3:5e:f8:29:38:0b:ce:3f:4b:ba:d9:85:da:2f:da:dc:c0:9e:95:56:e0:8b:05:fd:dd:71:43:32:58:5c:31:f5:b7:b1:45:09:b7:b2:9f:60:23:d5:57:63:f5:90:74:c6:db:d2:66:6a:9e:59:d4:3e:3c:f7:77:2d:7c:5f:90:d0:ac:dc:3f:29:3b:b0:36:95:d2:15:28:44:91:02:fb:1d:78:a5:e2:4b:0f:c0:90:f6:e1:84:a9:6d:88:7c:d2:cd:9e:0d:52:62:f6:44:80:02:86:f2:a0:23:b2:2d:b4:b6:61:07:7e:38:fd:55:00:68:9b:96:ab:5e:24:4e:75:00:4d:c9:c1:55:3a:60:e8:05:64:f8:d7:66:c5:f2:c1:90:0c:b6:64:e5:26:de:fa:41:62:2e:e1:28:5b:af:3a:55:41:eb:92:6b:84:2b:2d:b3:15:84:eb:bf:f9:c0:0c:fd:e2:bf:6b:80:b0:b5:a2:5b:28:04:69:84:68:b1:b2:94:c3:3a:f4:6c:ee:a8:7c:6c:3a:4c:14:61:42:03:46:9f:73:0b:2d:32:f5:06:e7:06:31:0d:8d:6b:93:23:af:e4:f8:85:71:38:a0:cf:ce:8d:27:52:c2:63:11:d9:b5:33:11:12" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:43.017989000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494383.017989000", + "frame.time_delta": "0.060324000", + "frame.time_delta_displayed": "0.060324000", + "frame.time_relative": "791.557303000", + "frame.number": "2951", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c60", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000391f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "6428", + "tcp.ack": "27240", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003e97", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:00:56:00:25:e6:1c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812149846, TSecr 2483740": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812149846", + "tcp.options.timestamp.tsecr": "2483740" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2950", + "tcp.analysis.ack_rtt": "0.060324000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:43.296266000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494383.296266000", + "frame.time_delta": "0.278277000", + "frame.time_delta_displayed": "0.278277000", + "frame.time_relative": "791.835580000", + "frame.number": "2952", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x0000956a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077df", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "27240", + "tcp.nxtseq": "27294", + "tcp.ack": "6428", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000023da", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e6:3e:a7:9e:00:56", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2483774, TSecr 2812149846": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2483774", + "tcp.options.timestamp.tsecr": "2812149846" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:13:b3:db:0b:ff:23:10:c9:47:d8:77:e5:12:a1:44:f7:9a:2a:de:b2:96:b9:f4:3d:d2:98:fc:b7:4e:35:03:2d:bb:f1:3e:9c:3a:d5:60:87:41:d9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:43.356756000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494383.356756000", + "frame.time_delta": "0.060490000", + "frame.time_delta_displayed": "0.060490000", + "frame.time_relative": "791.896070000", + "frame.number": "2953", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c61", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000391e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "6428", + "tcp.ack": "27294", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003dea", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:00:ab:00:25:e6:3e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812149931, TSecr 2483774": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812149931", + "tcp.options.timestamp.tsecr": "2483774" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2952", + "tcp.analysis.ack_rtt": "0.060490000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:43.759858000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494383.759858000", + "frame.time_delta": "0.403102000", + "frame.time_delta_displayed": "0.403102000", + "frame.time_relative": "792.299172000", + "frame.number": "2954", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00007d34", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003a17", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "305", + "udp.checksum": "0x0000dee9", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "2946" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:43.812898000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494383.812898000", + "frame.time_delta": "0.053040000", + "frame.time_delta_displayed": "0.053040000", + "frame.time_relative": "792.352212000", + "frame.number": "2955", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00007d35", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003a0d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "314", + "udp.checksum": "0x0000ecd4", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "2954" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:43.865769000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494383.865769000", + "frame.time_delta": "0.052871000", + "frame.time_delta_displayed": "0.052871000", + "frame.time_relative": "792.405083000", + "frame.number": "2956", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00007d37", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003a11", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58929", + "udp.port": "1900", + "udp.port": "58929", + "udp.length": "308", + "udp.checksum": "0x0000105f", + "udp.checksum.status": "2", + "udp.stream": "74" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "2955" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:44.420785000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494384.420785000", + "frame.time_delta": "0.555016000", + "frame.time_delta_displayed": "0.555016000", + "frame.time_relative": "792.960099000", + "frame.number": "2957", + "frame.len": "145", + "frame.cap_len": "145", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "131", + "ip.id": "0x0000956b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077c5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "79", + "tcp.seq": "27294", + "tcp.nxtseq": "27373", + "tcp.ack": "6428", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003d46", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e6:ae:a7:9e:00:ab", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2483886, TSecr 2812149931": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2483886", + "tcp.options.timestamp.tsecr": "2812149931" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "79", + "tcp.analysis.push_bytes_sent": "79" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "74", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:14:48:57:59:64:90:2e:c4:e5:f7:a7:36:3d:66:b1:65:ff:5a:58:83:7f:0e:7c:1e:9b:7d:ad:de:97:e0:63:99:3c:23:f9:b2:dc:48:82:93:af:dd:50:68:01:d3:73:dc:d8:3d:5f:12:31:44:20:4d:84:38:bd:93:43:80:9e:ba:41:6a:d3" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:44.480958000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494384.480958000", + "frame.time_delta": "0.060173000", + "frame.time_delta_displayed": "0.060173000", + "frame.time_relative": "793.020272000", + "frame.number": "2958", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c62", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000391d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "6428", + "tcp.ack": "27373", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003c12", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:01:c4:00:25:e6:ae", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812150212, TSecr 2483886": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812150212", + "tcp.options.timestamp.tsecr": "2483886" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2957", + "tcp.analysis.ack_rtt": "0.060173000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:44.482039000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494384.482039000", + "frame.time_delta": "0.001081000", + "frame.time_delta_displayed": "0.001081000", + "frame.time_relative": "793.021353000", + "frame.number": "2959", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002c63", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038ed", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "6428", + "tcp.nxtseq": "6475", + "tcp.ack": "27373", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a35e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:01:c4:00:25:e6:ae", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812150212, TSecr 2483886": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812150212", + "tcp.options.timestamp.tsecr": "2483886" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:5d:b0:ea:65:be:0b:fb:af:ec:8b:cd:28:d9:eb:48:7f:8a:e9:a5:b7:bd:0e:b0:cb:fb:82:de:0b:73:6b:d8:68:a0:e9:e5" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:44.516064000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494384.516064000", + "frame.time_delta": "0.034025000", + "frame.time_delta_displayed": "0.034025000", + "frame.time_relative": "793.055378000", + "frame.number": "2960", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000956c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007813", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "27373", + "tcp.ack": "6475", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003aea", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e6:b8:a7:9e:01:c4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2483896, TSecr 2812150212": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2483896", + "tcp.options.timestamp.tsecr": "2812150212" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2959", + "tcp.analysis.ack_rtt": "0.034025000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:44.889146000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494384.889146000", + "frame.time_delta": "0.373082000", + "frame.time_delta_displayed": "0.373082000", + "frame.time_relative": "793.428460000", + "frame.number": "2961", + "frame.len": "353", + "frame.cap_len": "353", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "339", + "ip.id": "0x00002c64", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037fc", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "287", + "tcp.seq": "6475", + "tcp.nxtseq": "6762", + "tcp.ack": "27373", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000070c6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:02:27:00:25:e6:b8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812150311, TSecr 2483896": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812150311", + "tcp.options.timestamp.tsecr": "2483896" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "287", + "tcp.analysis.push_bytes_sent": "287" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "282", + "ssl.app_data": "34:cd:34:17:47:48:0e:5e:b7:c0:c7:7b:00:4c:66:09:ba:88:1d:65:3c:0e:88:e0:83:f9:fa:15:4d:26:7c:31:94:e6:f3:2d:0b:7d:0d:9f:7c:11:6a:1e:b6:9d:aa:d8:d0:e0:53:00:a4:5f:c1:0f:e1:30:2c:09:42:fa:69:0e:ea:6a:99:d8:d3:fb:94:9b:40:c7:ce:b4:53:29:4f:9e:ca:25:04:88:cb:e4:79:dc:3d:94:29:f3:41:26:b6:cb:9f:85:0c:4d:c1:02:3c:f5:72:ad:94:e9:62:e1:b0:f9:92:91:5b:02:56:b8:4d:79:13:39:f6:18:2a:37:c5:1b:3e:8d:47:c3:54:0d:bb:ac:fd:50:b8:84:2b:92:1c:fa:1c:98:99:b5:e9:b1:a8:a9:fc:62:1f:4c:0a:51:28:b9:94:11:17:9a:f8:d9:7b:55:97:50:39:56:63:a1:fa:c4:25:8b:d7:ce:bc:8a:52:20:cc:99:ef:77:1a:14:f3:e0:f6:03:65:64:d9:c7:ea:74:fa:64:45:d2:7a:ae:2a:ff:99:18:39:5e:8d:66:b4:bf:24:22:fe:50:f0:7b:95:fe:01:c0:a2:f4:62:53:ec:29:56:71:e3:71:2c:51:44:7f:5c:68:af:14:3c:a5:16:54:99:15:a5:b4:32:5c:37:0a:62:40:e6:46:00:65:2e:51:ce:42:64:71:6d:0c:41:c4:d7:ac:ac:91:29:86:db:7b:d3:b4" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:44.889620000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494384.889620000", + "frame.time_delta": "0.000474000", + "frame.time_delta_displayed": "0.000474000", + "frame.time_relative": "793.428934000", + "frame.number": "2962", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000956d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007812", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "27373", + "tcp.ack": "6762", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003943", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e6:dd:a7:9e:02:27", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2483933, TSecr 2812150311": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2483933", + "tcp.options.timestamp.tsecr": "2812150311" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2961", + "tcp.analysis.ack_rtt": "0.000474000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:44.909277000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494384.909277000", + "frame.time_delta": "0.019657000", + "frame.time_delta_displayed": "0.019657000", + "frame.time_relative": "793.448591000", + "frame.number": "2963", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x0000956e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "27373", + "tcp.nxtseq": "27426", + "tcp.ack": "6762", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ffc2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e6:df:a7:9e:02:27", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2483935, TSecr 2812150311": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2483935", + "tcp.options.timestamp.tsecr": "2812150311" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:15:e3:f5:d3:62:7e:e5:77:aa:18:f5:b0:82:7e:90:07:ad:d9:92:f3:5f:77:61:50:0d:ad:22:2f:82:7d:54:6a:0d:9f:89:92:46:13:de:85:69" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:45.006260000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494385.006260000", + "frame.time_delta": "0.096983000", + "frame.time_delta_displayed": "0.096983000", + "frame.time_relative": "793.545574000", + "frame.number": "2964", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c65", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000391a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "6762", + "tcp.ack": "27426", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000039da", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:02:48:00:25:e6:df", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812150344, TSecr 2483935": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812150344", + "tcp.options.timestamp.tsecr": "2483935" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2963", + "tcp.analysis.ack_rtt": "0.096983000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:45.006795000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494385.006795000", + "frame.time_delta": "0.000535000", + "frame.time_delta_displayed": "0.000535000", + "frame.time_relative": "793.546109000", + "frame.number": "2965", + "frame.len": "764", + "frame.cap_len": "764", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "750", + "ip.id": "0x0000956f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007556", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "698", + "tcp.seq": "27426", + "tcp.nxtseq": "28124", + "tcp.ack": "6762", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fba2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e6:e9:a7:9e:02:48", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2483945, TSecr 2812150344": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2483945", + "tcp.options.timestamp.tsecr": "2812150344" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "698", + "tcp.analysis.push_bytes_sent": "698" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:16:a8:2f:00:4a:21:8b:14:b6:87:35:fa:95:4c:96:7b:57:9f:7d:55:87:22:f9:77:a1:70:29:de:4b:9c:c2:12:7f:2a:c8:ae:08:ad:19:d3:a9:20" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:17:88:4d:ff:c0:28:ef:de:32:55:4b:99:ec:72:0d:a7:23:8a:05:fd:29:5a:05:fd:9e:b9:57:68:f7:9b:e4:10:67:fc:de:93:a6:2f:b8:f3:fa:30:d9:58:de:39:5c:19:e8:7a:40:33:01:38:b6:ae:77:34:96:56:63:02:1b:1a:5e:75:af:54:21:ba:5b:78:d2:52:24:09:f2:93:80:69:ea:a2:17:8d:42:8c:c8:33:8b" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "538", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:18:c3:80:b8:4e:07:06:2b:b4:0c:ee:06:5b:29:87:c6:20:6f:12:ea:de:ed:06:18:5a:b6:f8:1a:54:43:9d:b7:d6:d2:b6:a1:f0:da:0e:db:e9:a6:c4:fa:aa:50:44:4b:6e:68:e1:1a:29:3f:54:12:ef:de:87:1e:d7:27:ee:bc:2c:19:71:f8:9c:76:c5:1c:9d:d6:ae:95:bd:ee:90:86:79:3d:d0:9a:2b:cc:b1:56:96:1c:94:d5:06:87:e6:a3:9d:35:6e:e5:13:3b:06:ee:6c:2e:83:5b:eb:f2:0a:3b:1d:77:31:8a:91:1d:b0:01:b6:47:6a:fa:9b:02:17:d5:3a:05:3d:46:b6:fd:a4:b0:30:1f:1e:32:c3:da:fd:e6:8c:46:1b:94:93:8b:0c:61:29:53:6e:89:d6:8a:71:bd:91:0a:26:7c:f1:57:79:4d:91:de:df:e1:7f:8a:ee:cf:a6:ee:97:27:67:6e:c0:c0:c0:5e:ed:72:40:c2:4e:a9:31:eb:3a:52:41:d1:2b:45:04:b5:45:1a:a1:50:12:38:a6:d7:3b:58:16:28:73:9f:42:68:8e:39:f3:6f:20:03:cd:87:5e:f5:ed:74:49:e7:fa:ef:f3:29:85:e4:b4:30:5e:49:02:4a:fb:7e:06:d7:91:93:a4:b0:a7:56:2a:40:25:80:44:d8:cb:9a:67:8e:cf:8a:d6:68:91:22:77:95:10:fe:0a:c9:57:90:6c:e3:33:1d:a3:44:b3:12:8f:65:e2:ca:a7:d2:f9:20:6d:bc:19:72:17:4d:e1:bc:3f:0e:a2:a8:41:92:db:d8:7e:b9:26:9f:c7:87:c5:d1:aa:cc:7b:20:30:03:1a:37:43:c4:a7:2e:5e:ef:51:7e:4a:0e:65:08:9c:dc:90:2b:6b:0d:51:21:9e:94:cf:12:81:d8:53:f5:a3:d5:85:cf:fd:59:cf:49:7d:44:3c:a5:d5:83:a5:32:e2:2a:37:ce:69:36:f3:9a:0d:b4:1e:ac:a7:78:06:af:dc:ae:f0:37:19:df:02:87:29:de:0f:a5:c6:8d:46:00:35:91:c9:6c:b1:87:c0:4f:62:81:4b:ae:24:03:30:27:f8:4c:39:bb:48:26:cb:48:ba:5b:ea:3e:8d:07:dd:c0:4a:84:f4:ec:27:1e:e7:21:1b:e6:c1:2b:8e:39:33:2a:56:0b:fd:55:89:0f:ad:1e:e7:56:28:05:c3:6a:37:d8:1f:3b:88:2f:6b:cb:fc:27:f7:8b:4a:6f:2b:92:6d:ab:b4:70:c9:e2:a6:99:d6:68:a8:c8:dc:85:28:19:25:65:2c:6f:53:9c:d6:7d:a2:00:37:67:39:c9:90:60:3b:a9:6f:ba:bd:9c:0d:bd:1f:d7:44:42:72:ce:ec:6e:f3:ad:71" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:45.066978000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494385.066978000", + "frame.time_delta": "0.060183000", + "frame.time_delta_displayed": "0.060183000", + "frame.time_relative": "793.606292000", + "frame.number": "2966", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c66", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003919", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "6762", + "tcp.ack": "28124", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003707", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:02:57:00:25:e6:e9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812150359, TSecr 2483945": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812150359", + "tcp.options.timestamp.tsecr": "2483945" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2965", + "tcp.analysis.ack_rtt": "0.060183000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:45.308979000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494385.308979000", + "frame.time_delta": "0.242001000", + "frame.time_delta_displayed": "0.242001000", + "frame.time_relative": "793.848293000", + "frame.number": "2967", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009570", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077d9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "28124", + "tcp.nxtseq": "28178", + "tcp.ack": "6762", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b764", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e7:07:a7:9e:02:57", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2483975, TSecr 2812150359": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2483975", + "tcp.options.timestamp.tsecr": "2812150359" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:19:77:de:36:b3:0e:a9:55:b5:ea:33:09:1c:92:a8:cf:07:b6:4d:16:27:33:35:c6:2c:cb:7c:b0:48:36:15:b6:0d:56:f6:12:b3:ce:1a:e4:e9:85" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:45.369117000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494385.369117000", + "frame.time_delta": "0.060138000", + "frame.time_delta_displayed": "0.060138000", + "frame.time_relative": "793.908431000", + "frame.number": "2968", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c67", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003918", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "6762", + "tcp.ack": "28178", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003668", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:02:a2:00:25:e7:07", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812150434, TSecr 2483975": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812150434", + "tcp.options.timestamp.tsecr": "2483975" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2967", + "tcp.analysis.ack_rtt": "0.060138000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:48.253394000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494388.253394000", + "frame.time_delta": "2.884277000", + "frame.time_delta_displayed": "2.884277000", + "frame.time_relative": "796.792708000", + "frame.number": "2969", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:nbns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00005c4e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005b95", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "137", + "udp.dstport": "137", + "udp.port": "137", + "udp.port": "137", + "udp.length": "58", + "udp.checksum": "0x0000a42a", + "udp.checksum.status": "2", + "udp.stream": "28" + }, + "nbns": { + "nbns.id": "0x00009613", + "nbns.flags": "0x00000110", + "nbns.flags_tree": { + "nbns.flags.response": "0", + "nbns.flags.opcode": "0", + "nbns.flags.truncated": "0", + "nbns.flags.recdesired": "1", + "nbns.flags.broadcast": "1" + }, + "nbns.count.queries": "1", + "nbns.count.answers": "0", + "nbns.count.auth_rr": "0", + "nbns.count.add_rr": "0", + "Queries": { + "WPAD<00>: type NB, class IN": { + "nbns.name": "WPAD<00>", + "nbns.type": "32", + "nbns.class": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:48.254228000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494388.254228000", + "frame.time_delta": "0.000834000", + "frame.time_delta_displayed": "0.000834000", + "frame.time_relative": "796.793542000", + "frame.number": "2970", + "frame.len": "84", + "frame.cap_len": "84", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" + }, + "eth": { + "eth.dst": "33:33:00:01:00:03", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:03", + "eth.addr": "33:33:00:01:00:03", + "eth.addr_resolved": "IPv6mcast_01:00:03", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x000b0126", + "ipv6.plen": "30", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::790f:988f:49cf:68ba", + "ipv6.addr": "fe80::790f:988f:49cf:68ba", + "ipv6.src_host": "fe80::790f:988f:49cf:68ba", + "ipv6.host": "fe80::790f:988f:49cf:68ba", + "ipv6.dst": "ff02::1:3", + "ipv6.addr": "ff02::1:3", + "ipv6.dst_host": "ff02::1:3", + "ipv6.host": "ff02::1:3", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "55905", + "udp.dstport": "5355", + "udp.port": "55905", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000c898", + "udp.checksum.status": "2", + "udp.stream": "75" + }, + "llmnr": { + "dns.id": "0x0000ad40", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type A, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:48.254833000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494388.254833000", + "frame.time_delta": "0.000605000", + "frame.time_delta_displayed": "0.000605000", + "frame.time_relative": "796.794147000", + "frame.number": "2971", + "frame.len": "64", + "frame.cap_len": "64", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:llmnr" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fc", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fc", + "eth.addr": "01:00:5e:00:00:fc", + "eth.addr_resolved": "IPv4mcast_fc", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "50", + "ip.id": "0x00000576", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00001235", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "224.0.0.252", + "ip.addr": "224.0.0.252", + "ip.dst_host": "224.0.0.252", + "ip.host": "224.0.0.252", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "55905", + "udp.dstport": "5355", + "udp.port": "55905", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000e837", + "udp.checksum.status": "2", + "udp.stream": "76" + }, + "llmnr": { + "dns.id": "0x0000ad40", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type A, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:48.255495000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494388.255495000", + "frame.time_delta": "0.000662000", + "frame.time_delta_displayed": "0.000662000", + "frame.time_relative": "796.794809000", + "frame.number": "2972", + "frame.len": "84", + "frame.cap_len": "84", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" + }, + "eth": { + "eth.dst": "33:33:00:01:00:03", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:03", + "eth.addr": "33:33:00:01:00:03", + "eth.addr_resolved": "IPv6mcast_01:00:03", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x000d7f1e", + "ipv6.plen": "30", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::790f:988f:49cf:68ba", + "ipv6.addr": "fe80::790f:988f:49cf:68ba", + "ipv6.src_host": "fe80::790f:988f:49cf:68ba", + "ipv6.host": "fe80::790f:988f:49cf:68ba", + "ipv6.dst": "ff02::1:3", + "ipv6.addr": "ff02::1:3", + "ipv6.dst_host": "ff02::1:3", + "ipv6.host": "ff02::1:3", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "62461", + "udp.dstport": "5355", + "udp.port": "62461", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000aff3", + "udp.checksum.status": "2", + "udp.stream": "77" + }, + "llmnr": { + "dns.id": "0x0000ac2e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type AAAA, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:48.256141000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494388.256141000", + "frame.time_delta": "0.000646000", + "frame.time_delta_displayed": "0.000646000", + "frame.time_relative": "796.795455000", + "frame.number": "2973", + "frame.len": "64", + "frame.cap_len": "64", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:llmnr" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fc", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fc", + "eth.addr": "01:00:5e:00:00:fc", + "eth.addr_resolved": "IPv4mcast_fc", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "50", + "ip.id": "0x00000577", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00001234", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "224.0.0.252", + "ip.addr": "224.0.0.252", + "ip.dst_host": "224.0.0.252", + "ip.host": "224.0.0.252", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "62461", + "udp.dstport": "5355", + "udp.port": "62461", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000cf92", + "udp.checksum.status": "2", + "udp.stream": "78" + }, + "llmnr": { + "dns.id": "0x0000ac2e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type AAAA, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:48.665736000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494388.665736000", + "frame.time_delta": "0.409595000", + "frame.time_delta_displayed": "0.409595000", + "frame.time_relative": "797.205050000", + "frame.number": "2974", + "frame.len": "84", + "frame.cap_len": "84", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" + }, + "eth": { + "eth.dst": "33:33:00:01:00:03", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:03", + "eth.addr": "33:33:00:01:00:03", + "eth.addr_resolved": "IPv6mcast_01:00:03", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x000b0126", + "ipv6.plen": "30", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::790f:988f:49cf:68ba", + "ipv6.addr": "fe80::790f:988f:49cf:68ba", + "ipv6.src_host": "fe80::790f:988f:49cf:68ba", + "ipv6.host": "fe80::790f:988f:49cf:68ba", + "ipv6.dst": "ff02::1:3", + "ipv6.addr": "ff02::1:3", + "ipv6.dst_host": "ff02::1:3", + "ipv6.host": "ff02::1:3", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "55905", + "udp.dstport": "5355", + "udp.port": "55905", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000c898", + "udp.checksum.status": "2", + "udp.stream": "75" + }, + "llmnr": { + "dns.id": "0x0000ad40", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type A, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:48.666896000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494388.666896000", + "frame.time_delta": "0.001160000", + "frame.time_delta_displayed": "0.001160000", + "frame.time_relative": "797.206210000", + "frame.number": "2975", + "frame.len": "64", + "frame.cap_len": "64", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:llmnr" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fc", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fc", + "eth.addr": "01:00:5e:00:00:fc", + "eth.addr_resolved": "IPv4mcast_fc", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "50", + "ip.id": "0x00000578", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00001233", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "224.0.0.252", + "ip.addr": "224.0.0.252", + "ip.dst_host": "224.0.0.252", + "ip.host": "224.0.0.252", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "55905", + "udp.dstport": "5355", + "udp.port": "55905", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000e837", + "udp.checksum.status": "2", + "udp.stream": "76" + }, + "llmnr": { + "dns.id": "0x0000ad40", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type A, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:48.667455000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494388.667455000", + "frame.time_delta": "0.000559000", + "frame.time_delta_displayed": "0.000559000", + "frame.time_relative": "797.206769000", + "frame.number": "2976", + "frame.len": "84", + "frame.cap_len": "84", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" + }, + "eth": { + "eth.dst": "33:33:00:01:00:03", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:03", + "eth.addr": "33:33:00:01:00:03", + "eth.addr_resolved": "IPv6mcast_01:00:03", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x000d7f1e", + "ipv6.plen": "30", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::790f:988f:49cf:68ba", + "ipv6.addr": "fe80::790f:988f:49cf:68ba", + "ipv6.src_host": "fe80::790f:988f:49cf:68ba", + "ipv6.host": "fe80::790f:988f:49cf:68ba", + "ipv6.dst": "ff02::1:3", + "ipv6.addr": "ff02::1:3", + "ipv6.dst_host": "ff02::1:3", + "ipv6.host": "ff02::1:3", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "62461", + "udp.dstport": "5355", + "udp.port": "62461", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000aff3", + "udp.checksum.status": "2", + "udp.stream": "77" + }, + "llmnr": { + "dns.id": "0x0000ac2e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type AAAA, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:48.668263000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494388.668263000", + "frame.time_delta": "0.000808000", + "frame.time_delta_displayed": "0.000808000", + "frame.time_relative": "797.207577000", + "frame.number": "2977", + "frame.len": "64", + "frame.cap_len": "64", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:llmnr" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fc", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fc", + "eth.addr": "01:00:5e:00:00:fc", + "eth.addr_resolved": "IPv4mcast_fc", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "50", + "ip.id": "0x00000579", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00001232", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "224.0.0.252", + "ip.addr": "224.0.0.252", + "ip.dst_host": "224.0.0.252", + "ip.host": "224.0.0.252", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "62461", + "udp.dstport": "5355", + "udp.port": "62461", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000cf92", + "udp.checksum.status": "2", + "udp.stream": "78" + }, + "llmnr": { + "dns.id": "0x0000ac2e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type AAAA, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:48.968592000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494388.968592000", + "frame.time_delta": "0.300329000", + "frame.time_delta_displayed": "0.300329000", + "frame.time_relative": "797.507906000", + "frame.number": "2978", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00005df5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007b64", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:49.004742000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494389.004742000", + "frame.time_delta": "0.036150000", + "frame.time_delta_displayed": "0.036150000", + "frame.time_relative": "797.544056000", + "frame.number": "2979", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:nbns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00005c4f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005b94", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "137", + "udp.dstport": "137", + "udp.port": "137", + "udp.port": "137", + "udp.length": "58", + "udp.checksum": "0x0000a42a", + "udp.checksum.status": "2", + "udp.stream": "28" + }, + "nbns": { + "nbns.id": "0x00009613", + "nbns.flags": "0x00000110", + "nbns.flags_tree": { + "nbns.flags.response": "0", + "nbns.flags.opcode": "0", + "nbns.flags.truncated": "0", + "nbns.flags.recdesired": "1", + "nbns.flags.broadcast": "1" + }, + "nbns.count.queries": "1", + "nbns.count.answers": "0", + "nbns.count.auth_rr": "0", + "nbns.count.add_rr": "0", + "Queries": { + "WPAD<00>: type NB, class IN": { + "nbns.name": "WPAD<00>", + "nbns.type": "32", + "nbns.class": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:49.049697000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494389.049697000", + "frame.time_delta": "0.044955000", + "frame.time_delta_displayed": "0.044955000", + "frame.time_relative": "797.589011000", + "frame.number": "2980", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x0000ea2a", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x0084322e", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:49.167722000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494389.167722000", + "frame.time_delta": "0.118025000", + "frame.time_delta_displayed": "0.118025000", + "frame.time_relative": "797.707036000", + "frame.number": "2981", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x00003be6", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x00e8d546", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:49.174827000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494389.174827000", + "frame.time_delta": "0.007105000", + "frame.time_delta_displayed": "0.007105000", + "frame.time_relative": "797.714141000", + "frame.number": "2982", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:49.189761000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494389.189761000", + "frame.time_delta": "0.014934000", + "frame.time_delta_displayed": "0.014934000", + "frame.time_relative": "797.729075000", + "frame.number": "2983", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:49.756449000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494389.756449000", + "frame.time_delta": "0.566688000", + "frame.time_delta_displayed": "0.566688000", + "frame.time_relative": "798.295763000", + "frame.number": "2984", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:nbns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00005c50", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005b93", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "137", + "udp.dstport": "137", + "udp.port": "137", + "udp.port": "137", + "udp.length": "58", + "udp.checksum": "0x0000a42a", + "udp.checksum.status": "2", + "udp.stream": "28" + }, + "nbns": { + "nbns.id": "0x00009613", + "nbns.flags": "0x00000110", + "nbns.flags_tree": { + "nbns.flags.response": "0", + "nbns.flags.opcode": "0", + "nbns.flags.truncated": "0", + "nbns.flags.recdesired": "1", + "nbns.flags.broadcast": "1" + }, + "nbns.count.queries": "1", + "nbns.count.answers": "0", + "nbns.count.auth_rr": "0", + "nbns.count.add_rr": "0", + "Queries": { + "WPAD<00>: type NB, class IN": { + "nbns.name": "WPAD<00>", + "nbns.type": "32", + "nbns.class": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:50.195771000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494390.195771000", + "frame.time_delta": "0.439322000", + "frame.time_delta_displayed": "0.439322000", + "frame.time_relative": "798.735085000", + "frame.number": "2985", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:50.198618000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494390.198618000", + "frame.time_delta": "0.002847000", + "frame.time_delta_displayed": "0.002847000", + "frame.time_relative": "798.737932000", + "frame.number": "2986", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:50.199759000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494390.199759000", + "frame.time_delta": "0.001141000", + "frame.time_delta_displayed": "0.001141000", + "frame.time_relative": "798.739073000", + "frame.number": "2987", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:50.287116000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494390.287116000", + "frame.time_delta": "0.087357000", + "frame.time_delta_displayed": "0.087357000", + "frame.time_relative": "798.826430000", + "frame.number": "2988", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:50.593461000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494390.593461000", + "frame.time_delta": "0.306345000", + "frame.time_delta_displayed": "0.306345000", + "frame.time_relative": "799.132775000", + "frame.number": "2989", + "frame.len": "1323", + "frame.cap_len": "1323", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1309", + "ip.id": "0x00009571", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007325", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1257", + "tcp.seq": "28178", + "tcp.nxtseq": "29435", + "tcp.ack": "6762", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006c13", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:e9:17:a7:9e:02:a2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2484503, TSecr 2812150434": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2484503", + "tcp.options.timestamp.tsecr": "2812150434" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1257", + "tcp.analysis.push_bytes_sent": "1257" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1252", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:1a:21:92:28:f9:7e:8d:e5:99:c8:ff:90:d0:71:31:f1:ec:00:02:24:81:12:ab:9e:33:16:ce:88:35:6c:ac:22:9e:c1:a5:6a:5a:69:7c:b6:ae:f8:74:b4:4f:fb:9f:9a:24:61:dc:d0:94:b7:e3:7f:e6:58:73:fc:37:c7:0a:24:ce:f3:f8:c3:9c:b5:73:e1:f3:db:2d:00:ed:d7:38:2e:86:ef:ce:be:d5:eb:25:be:51:18:05:8a:52:2b:56:43:ed:99:b1:43:2a:70:94:b9:33:9b:6c:13:a7:b1:12:f2:af:c9:94:57:29:15:13:34:a0:a5:27:ce:c6:b1:be:e3:be:13:14:7a:3f:24:8a:a0:34:a0:56:a5:90:df:ce:51:42:81:5a:63:0e:c2:8c:ed:9b:0d:80:b5:75:78:bb:32:71:75:9e:26:4d:ec:10:53:a6:bf:0a:a5:94:a7:9b:58:da:ec:a2:7a:20:2b:a7:da:55:c7:b0:1a:4e:9b:31:17:66:fe:a4:2e:e1:48:d5:cb:0e:8f:f6:93:93:7f:36:23:e1:e2:4f:b7:1e:a7:36:62:de:a2:16:5c:77:00:88:1f:46:70:14:ff:2e:d5:37:5d:31:cf:b4:70:c9:ed:a4:ee:35:45:22:64:67:fc:61:58:e2:d3:80:24:6d:df:8c:00:0f:8b:8e:ed:a1:c1:3d:4c:d3:e9:36:e8:2d:c2:4d:15:98:64:1b:ef:bf:ac:84:c5:8a:95:c9:9e:1f:11:39:98:ab:8f:3b:d7:e3:d5:04:69:91:5e:85:74:a6:20:1f:af:8e:a0:b8:3f:20:40:2f:d3:37:20:c2:a2:a5:24:d8:c5:8c:c0:ee:0b:48:cb:5c:4f:ad:c5:95:9a:d2:8c:b3:6e:ad:ce:6a:3b:20:1e:86:66:81:55:bc:9b:43:7e:c6:2c:28:a1:6a:a6:39:36:7d:2a:1e:d2:28:6f:65:20:83:ed:ba:fa:2a:62:59:fd:dd:a0:6f:d6:6b:4d:9f:d6:e6:6c:1f:05:39:f3:ff:ca:18:b3:6f:b4:4e:c5:f2:1d:a3:f7:53:68:a0:c9:c0:46:d8:73:c4:46:c1:99:11:bf:70:11:6f:ef:12:c6:72:72:bc:a3:fd:f5:04:a7:ec:13:c0:60:6b:0c:3a:65:85:10:0f:c9:80:a4:d5:44:a7:7d:cb:e7:74:66:be:1d:91:97:11:36:a2:4a:e6:50:ef:3d:ae:92:a0:fb:90:4a:24:75:bc:0c:c3:b1:85:44:be:db:11:78:47:80:36:70:43:93:ba:e2:c2:a8:49:f5:12:d9:bb:58:1a:d3:fa:a5:7e:ae:0a:21:02:92:2e:1b:56:b2:a3:43:95:81:c9:ba:43:31:da:44:67:46:72:ef:12:40:9d:04:8b:b1:4f:50:1f:8e:fd:96:c1:43:1b:25:c7:87:d8:03:b0:07:9d:a8:6d:38:51:47:2b:0f:d6:57:b1:bc:1e:01:31:8c:fe:35:57:55:82:97:d8:e1:8f:bb:4a:a7:55:36:ac:e8:70:67:7a:d3:e9:e3:9c:66:bd:85:62:68:77:24:04:42:5e:48:02:8a:09:82:c1:dd:4c:b6:6b:99:57:50:a0:25:84:f0:c4:0a:83:ba:5f:3b:00:30:e9:61:d9:ae:40:25:b7:5f:5e:da:37:87:0e:12:a3:61:73:75:a3:b8:cf:95:52:26:d2:d5:a6:f7:1c:71:ce:76:b5:37:c7:6b:0c:88:2e:62:d6:25:63:9d:d2:54:c0:17:73:a0:b6:9d:89:cb:3b:01:16:28:45:36:1e:13:00:6a:89:51:0b:02:97:26:37:bf:f3:44:7d:4c:c2:31:cb:1a:20:4f:f1:f3:ac:91:31:e0:9f:39:21:9e:b8:f0:5b:d7:d2:d7:b2:03:b5:c8:e6:c4:fe:db:30:db:47:8f:e8:bc:ab:34:32:74:67:c1:f7:42:c6:11:56:c9:ae:66:a5:70:40:51:1f:21:f1:ba:f2:fe:bc:ee:cd:66:9a:8f:38:25:4f:c5:d3:ea:34:67:86:94:b7:01:e1:33:fd:96:a5:7a:1d:b4:64:22:f6:fa:2f:65:14:75:cb:b0:4e:f5:ae:ce:9e:d1:16:ac:78:a7:b0:20:d0:c6:27:d8:a4:87:20:c1:63:99:6e:f6:60:ac:74:a1:f4:e5:ef:ba:7e:2f:90:74:5d:63:d3:b3:7b:a9:0f:9b:1d:f1:98:9a:7a:1c:c9:54:f5:6a:a6:17:53:6a:7c:bc:14:e8:6e:7a:65:b7:97:39:fc:a4:c5:02:f9:49:88:5b:49:2c:9e:10:ab:70:e2:0d:a8:f5:f8:58:be:b3:c0:17:af:41:6c:7c:24:f7:a5:3c:b4:2f:b9:94:10:c0:ed:bc:e4:c7:4e:00:38:08:91:6f:c4:45:92:3d:98:ba:9f:ed:f9:c1:cb:73:a7:98:2a:76:ce:74:0e:e4:92:e4:8f:3c:96:6b:8a:fe:71:ae:15:b6:3d:52:0f:37:cc:a4:81:43:f2:8e:a7:e3:34:e2:82:24:76:a8:f2:af:bc:17:33:51:a3:5f:75:66:55:de:da:75:ea:85:c0:c3:a4:18:8a:78:ee:00:d7:19:f5:c8:b4:48:ee:73:4a:81:39:d4:f1:23:9b:02:8c:ec:46:73:fb:42:9a:55:a5:90:58:9e:d2:ee:6c:17:bb:d3:23:14:70:ac:17:1b:14:5a:59:be:2e:89:ec:0a:ee:36:39:b4:63:e3:1d:e4:6b:d0:e9:4a:25:e3:0a:e2:3b:77:97:26:4b:9d:57:fe:18:3b:92:59:a8:1b:95:24:7d:d7:77:09:c5:29:45:5f:86:2d:72:83:e2:24:82:fc:8d:7f:b9:c5:3a:4d:20:73:ca:b4:cc:11:70:2f:57:b2:89:dc:a4:04:1a:1c:03:ce:ab:cf:5c:3c:61:cc:be:70:17:80:fd:fd:31:af:7d:cb:ed:75:05:f5:c7:9c:dd:9b:38:da:a6:c3:a4:fa:bd:7d:2a:a2:af:53:9f:6f:7d:26:ab:5c:13:bc:19:81:30:16:81:d5:05:17:c7:c7:94:28:03:05:ee:c2:15:74:96:22:c9:7a:6e:d5:3c:89:69:5d:7c:00:9e:8a:78:0e:3e:c2:37:60:5a:4a:6c:02:25:8e:37:ba:ee:23:f2:18:a1:18:51:2f:32:6e:3c:89:e2:46:b8:f3:5d:b4:b0:a7:4b:91:ec:84:b3:c9:fa:16:b9:d3:67:a9:7a:58:8d:c5:b1:dc:52:f8:78:7a:c4:50:10:e3:ae:5a:a5:ac:43:9d:f0" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:50.654733000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494390.654733000", + "frame.time_delta": "0.061272000", + "frame.time_delta_displayed": "0.061272000", + "frame.time_relative": "799.194047000", + "frame.number": "2990", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c68", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003917", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "6762", + "tcp.ack": "29435", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002a46", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:07:cb:00:25:e9:17", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812151755, TSecr 2484503": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812151755", + "tcp.options.timestamp.tsecr": "2484503" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "2989", + "tcp.analysis.ack_rtt": "0.061272000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:51.128627000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494391.128627000", + "frame.time_delta": "0.473894000", + "frame.time_delta_displayed": "0.473894000", + "frame.time_relative": "799.667941000", + "frame.number": "2991", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x0000cc1f", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x004e506f", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:51.303132000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494391.303132000", + "frame.time_delta": "0.174505000", + "frame.time_delta_displayed": "0.174505000", + "frame.time_relative": "799.842446000", + "frame.number": "2992", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x0000c868", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x00fa48b2", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:51.322504000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494391.322504000", + "frame.time_delta": "0.019372000", + "frame.time_delta_displayed": "0.019372000", + "frame.time_relative": "799.861818000", + "frame.number": "2993", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:51.342115000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494391.342115000", + "frame.time_delta": "0.019611000", + "frame.time_delta_displayed": "0.019611000", + "frame.time_relative": "799.881429000", + "frame.number": "2994", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:53.053432000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494393.053432000", + "frame.time_delta": "1.711317000", + "frame.time_delta_displayed": "1.711317000", + "frame.time_relative": "801.592746000", + "frame.number": "2995", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:53.670282000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494393.670282000", + "frame.time_delta": "0.616850000", + "frame.time_delta_displayed": "0.616850000", + "frame.time_relative": "802.209596000", + "frame.number": "2996", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000000dc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b7de", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "33700", + "udp.dstport": "53", + "udp.port": "33700", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00003278", + "udp.checksum.status": "2", + "udp.stream": "79" + }, + "dns": { + "dns.id": "0x00000f21", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:53.670825000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494393.670825000", + "frame.time_delta": "0.000543000", + "frame.time_delta_displayed": "0.000543000", + "frame.time_relative": "802.210139000", + "frame.number": "2997", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00003b6c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007d4e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "33700", + "udp.port": "53", + "udp.port": "33700", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "79" + }, + "dns": { + "dns.response_to": "2996", + "dns.time": "0.000543000", + "dns.id": "0x00000f21", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:53.671627000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494393.671627000", + "frame.time_delta": "0.000802000", + "frame.time_delta_displayed": "0.000802000", + "frame.time_relative": "802.210941000", + "frame.number": "2998", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000000dd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b7dd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "33965", + "udp.dstport": "53", + "udp.port": "33965", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00004c6e", + "udp.checksum.status": "2", + "udp.stream": "80" + }, + "dns": { + "dns.id": "0x00000f22", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:53.672176000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494393.672176000", + "frame.time_delta": "0.000549000", + "frame.time_delta_displayed": "0.000549000", + "frame.time_relative": "802.211490000", + "frame.number": "2999", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00003b6d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007d3d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "33965", + "udp.port": "53", + "udp.port": "33965", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "80" + }, + "dns": { + "dns.response_to": "2998", + "dns.time": "0.000549000", + "dns.id": "0x00000f22", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2984", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:53.673218000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494393.673218000", + "frame.time_delta": "0.001042000", + "frame.time_delta_displayed": "0.001042000", + "frame.time_relative": "802.212532000", + "frame.number": "3000", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000014ae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002122", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35299", + "tcp.dstport": "80", + "tcp.port": "35299", + "tcp.port": "80", + "tcp.stream": "130", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000779b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:53.808778000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494393.808778000", + "frame.time_delta": "0.135560000", + "frame.time_delta_displayed": "0.135560000", + "frame.time_relative": "802.348092000", + "frame.number": "3001", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x000067e8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x000022eb", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35299", + "tcp.port": "80", + "tcp.port": "35299", + "tcp.stream": "130", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x00006fc3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3000", + "tcp.analysis.ack_rtt": "0.135560000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:53.809318000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494393.809318000", + "frame.time_delta": "0.000540000", + "frame.time_delta_displayed": "0.000540000", + "frame.time_relative": "802.348632000", + "frame.number": "3002", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000014af", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000212d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35299", + "tcp.dstport": "80", + "tcp.port": "35299", + "tcp.port": "80", + "tcp.stream": "130", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003952", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3001", + "tcp.analysis.ack_rtt": "0.000540000", + "tcp.analysis.initial_rtt": "0.136100000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:53.809877000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494393.809877000", + "frame.time_delta": "0.000559000", + "frame.time_delta_displayed": "0.000559000", + "frame.time_relative": "802.349191000", + "frame.number": "3003", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x000014b0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001ed4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35299", + "tcp.dstport": "80", + "tcp.port": "35299", + "tcp.port": "80", + "tcp.stream": "130", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000006c3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136100000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:38:22:2c:20:4e:6f:6e:63:65:3d:22:63:38:66:50:31:6c:74:30:4f:32:2b:37:49:4e:55:49:79:46:38:77:61:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:71:53:6c:36:37:51:2f:4a:35:37:70:58:6e:7a:6f:49:48:65:41:38:70:51:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:53.946324000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494393.946324000", + "frame.time_delta": "0.136447000", + "frame.time_delta_displayed": "0.136447000", + "frame.time_relative": "802.485638000", + "frame.number": "3004", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009ecb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000ec0f", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35299", + "tcp.port": "80", + "tcp.port": "35299", + "tcp.stream": "130", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00009686", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3003", + "tcp.analysis.ack_rtt": "0.136447000", + "tcp.analysis.initial_rtt": "0.136100000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:53.946953000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494393.946953000", + "frame.time_delta": "0.000629000", + "frame.time_delta_displayed": "0.000629000", + "frame.time_relative": "802.486267000", + "frame.number": "3005", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x000014b1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001c4b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35299", + "tcp.dstport": "80", + "tcp.port": "35299", + "tcp.port": "80", + "tcp.stream": "130", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000694c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136100000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "9c:2f:be:dc:a6:ac:10:6d:8f:e3:e5:17:c4:d9:a7:da:4e:32:23:28:1c:3a:f1:49:2c:47:c1:dd:07:ce:4e:28:70:75:6c:fe:96:0e:6d:3a:90:9c:86:71:cb:4e:a4:89:70:11:5c:6d:fd:0e:2e:53:c7:b3:a6:d8:13:2c:55:94:6d:77:10:39:0b:03:d4:0e:5c:4f:4c:47:52:4d:36:14:35:32:69:87:a9:84:9b:00:0d:c9:22:b1:ae:92:f0:ce:d7:ae:60:3c:c3:47:f3:77:e0:5d:3f:17:37:e3:d6:83:41:91:fb:b4:e4:22:9e:4d:91:ea:67:dc:c3:c1:9f:63:b7:d9:07:4e:2e:48:8f:70:0f:d0:70:74:76:38:ba:09:d5:5a:fa:ab:dd:c7:02:92:9b:1d:78:65:14:e7:58:d9:f8:fa:49:49:71:b0:45:3e:87:a7:65:5a:97:90:cd:62:fd:36:ba:48:9d:0a:41:d5:08:6e:c4:97:c8:8a:4f:47:37:57:eb:9a:ca:d1:d8:b2:ff:92:ed:ca:a3:45:51:ad:d7:b6:8f:de:9b:a2:23:fe:ec:48:43:23:41:d6:47:03:47:3d:eb:fb:e6:0d:6a:1c:c6:60:13:a7:94:d9:a8:7b:fa:12:fc:be:05:ca:4a:c2:72:be:e5:16:f1:5a:8d:e8:52:2a:4f:cb:9c:09:3a:e3:31:39:7a:26:19:8e:60:8c:b8:c1:6f:17:ab:01:e8:f3:e8:d4:bd:a7:3e:44:38:00:a0:35:92:5a:2d:25:6b:21:ce:ee:43:cb:63:73:0d:b7:63:5c:92:09:89:3b:e4:ef:ce:15:5d:5e:9f:00:2e:a8:c2:81:ef:3c:2d:c4:72:0c:b1:52:7d:1d:97:d2:ab:54:0a:91:92:e5:19:c8:8a:a9:a0:f1:35:d4:7d:b9:b0:f2:ea:b5:1d:2e:ab:57:66:f0:55:a3:6f:32:19:29:c4:af:e2:50:9b:2d:59:dc:f0:82:23:af:de:82:e9:3b:02:47:e4:9e:f8:3e:01:b3:2d:39:f6:a4:d5:92:28:23:75:b3:13:76:63:24:92:a1:f1:ba:95:ed:d6:f2:fd:fe:69:69:e7:53:3d:31:04:8d:30:cc:78:ae:7b:27:ca:bd:0d:61:86:55:e5:81:15:77:ac:8e:2c:43:d4:f1:7d:d6:34:06:4a:0d:3c:3d:03:48:87:b0:08:e9:dc:bf:9d:c5:4d:52:3f:3c:4a:9a:53:44:88:37:52:b6:0d:d1:37:e2:7d:92:f0:d6:0f:11:8a:a1:0a:de:e8:5f:93:00:e8:5c:96:e2:ef:45:b1:2b:35:83:f4:f0:62:98:d7:17:96:e2:45:7f:80:32:59:98:f0:d8:f3:00:7d:fe:bf:db:6a:d5:2d:d1:10:0d:36:d2:22:e7:88:ce:4e:c1:a1:1e:5f:fa:86:3d:b2:83:e9:51:f2:f7:7d:59:60:7a:ed:28:53:52:ae:a4:18:8f:b2:61:b7:6d:20:e1:c2:49:b9:95:e2:02:95:9e:f7:de:a1:d8:fa:23:86:c9:4e:9b:af:a3:47:6a:93:cc:6f:73:77:5a:fd:3c:7c:28:4c:01:06:45:66:45:58:6d:d2:18:d6:49:d7:4b:ad:0a:13:5c:c4:b3:3a:d1:0e:90:55:7d:21:c8:b5:c9:3a:ed:6c:0c:c6:70:27:63:83:40:dc:ec:37:30:30:81:5d:f8:07:6f:82:66:be:2f:e9:1c:3f:91:dd:e1:e7:09:f8:76:fc:23:07:94:15:0c:02:24:37:97:54:df:d9:53:59:f0:ce:e3:db:fc:7a:6e:be:f4:6c:17:d5:1a:69:3b:14:da:af:eb:79:15:5f:47:1d:af:39:b1:f4:1a:b5:a4:2e:35:c9:1d:09:07:db:55:07:fb:be:4a:05:82:d5:e4:d3:aa:fb:9c:72:e5:a4:79:ff:03:a1:f7:30:4a:61:99:f5:23:d0:af:46:37:f6:28:92:2f:d4:e9:c8:b9:52:b1:1f:d4:9c:bb:56:6c:b3:0f:b0:df:38:29:4f:45:d1:8f:b3:c4:e8:80:95:48:72:4b:fc:01:4c:16:b8:f2:2e:ff:b6:fb:1d:83:76:cc:2f:0d:74:77:71:32:af:1b:37:68:e9:0d:cc:bb:fa:f2:ec:b9:0d:7e:fc:ee:6f:7e:6c:77:55:22:05:1d:1a:c3:bb:42:f0:81:96:7b:70:dc:05:9b:9a:7b:2b:5d:47:b2:13:88:9f:4f:84:5c:44:f7:4a:f6:5b:0b:cb:33:80:65:b7:d7:8e:cb:a4:69:04:eb:69:21:f9:e6:b8:d1:8a:71:c1:a5:2b:b7:d2:24:2c:b4:0a:a7:e4:35:f7:05:24:2f:26:78:34:0e:50:0c:f8:4a:e8:36:6f:de:cf:4f:2a:fd:d4:67:e7:5d:2a:dc:61:de:ce:d6:62:1f:1b:d1:fa:bc:95:c2:13:29:e4:b6:00:5f:f3:5b:98:35:a0:93:53:c8:e2:5d:02:6c:b1:ac:fd:aa:62:75:7c:14:76:22:c3:b5:74:d2:5d:4d:70:2d:42:8d:44:a2:71:aa:00:e8:91:7d:27:c2:ac:99:9a:13:df:dc:d6:c9:59:67:f1:79:d9:e7:3c:99:22:f6:69:4a:65:b9:ef:c3:f8:e1:b1:53:b5:b0:f5:f8:03:17:77:c1:26:30:cd:91:53:96:56:37:1c:d2:f4:87:9b:c8:01:b9:04:d5:3d:6c:e4:39:4c:ee:95:20:f3:77:c7:c7:f3:9f:5f:ee:ad:0f:35:a6:0d:c0:d7:a1:74:d0:69:6a:df:19:66:87:6c:1f:fa:af:a5:ab:d6:c7:92:54:b1:ca:5d:cb:ff:d3:ac:ea:68:14:2c:ac:e6:f2:96:5f:bd:e7:aa:59:c2:03:68:dc:7d:91:a0:a2:c5:df:77:8f:5a:33:53:02:27:7e:fc:3d:24:3f:3b:56:e9:56:e3:0c:e4:61:2d:f7:50:0d:7e:40:6c:00:0c:89:34:68:86:c9:61:8a:f3:89:b8:00:09:36:1a:2a:71:03:66:13:80:7e:fd:7b:09:80:4d:31:a8:cd:5b:c9:04:88:de:e3:80:07:54:15:5a:85:7f:ef:70:6d:d8:7b:08:ab:16:f5:e9:73:cc:93:2f:cc:bd:e0:9c:1d:db:81:33:d6:b0:93:82:43:85:da:05:53:34:aa:27:17:8a:5b:66:fd:57:e2:64:f8:9e:5b:bb:6c:d5:20:72:81:1c:c2:76:51:a3:6b:aa:4d:3c:7c:39:0c:05:fb:8d:1a:3c:3c:51:0e:15:bd:45:40:21:b5" + }, + "tcp.segments": { + "tcp.segment": "3003", + "tcp.segment": "3005", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:38:22:2c:20:4e:6f:6e:63:65:3d:22:63:38:66:50:31:6c:74:30:4f:32:2b:37:49:4e:55:49:79:46:38:77:61:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:71:53:6c:36:37:51:2f:4a:35:37:70:58:6e:7a:6f:49:48:65:41:38:70:51:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:9c:2f:be:dc:a6:ac:10:6d:8f:e3:e5:17:c4:d9:a7:da:4e:32:23:28:1c:3a:f1:49:2c:47:c1:dd:07:ce:4e:28:70:75:6c:fe:96:0e:6d:3a:90:9c:86:71:cb:4e:a4:89:70:11:5c:6d:fd:0e:2e:53:c7:b3:a6:d8:13:2c:55:94:6d:77:10:39:0b:03:d4:0e:5c:4f:4c:47:52:4d:36:14:35:32:69:87:a9:84:9b:00:0d:c9:22:b1:ae:92:f0:ce:d7:ae:60:3c:c3:47:f3:77:e0:5d:3f:17:37:e3:d6:83:41:91:fb:b4:e4:22:9e:4d:91:ea:67:dc:c3:c1:9f:63:b7:d9:07:4e:2e:48:8f:70:0f:d0:70:74:76:38:ba:09:d5:5a:fa:ab:dd:c7:02:92:9b:1d:78:65:14:e7:58:d9:f8:fa:49:49:71:b0:45:3e:87:a7:65:5a:97:90:cd:62:fd:36:ba:48:9d:0a:41:d5:08:6e:c4:97:c8:8a:4f:47:37:57:eb:9a:ca:d1:d8:b2:ff:92:ed:ca:a3:45:51:ad:d7:b6:8f:de:9b:a2:23:fe:ec:48:43:23:41:d6:47:03:47:3d:eb:fb:e6:0d:6a:1c:c6:60:13:a7:94:d9:a8:7b:fa:12:fc:be:05:ca:4a:c2:72:be:e5:16:f1:5a:8d:e8:52:2a:4f:cb:9c:09:3a:e3:31:39:7a:26:19:8e:60:8c:b8:c1:6f:17:ab:01:e8:f3:e8:d4:bd:a7:3e:44:38:00:a0:35:92:5a:2d:25:6b:21:ce:ee:43:cb:63:73:0d:b7:63:5c:92:09:89:3b:e4:ef:ce:15:5d:5e:9f:00:2e:a8:c2:81:ef:3c:2d:c4:72:0c:b1:52:7d:1d:97:d2:ab:54:0a:91:92:e5:19:c8:8a:a9:a0:f1:35:d4:7d:b9:b0:f2:ea:b5:1d:2e:ab:57:66:f0:55:a3:6f:32:19:29:c4:af:e2:50:9b:2d:59:dc:f0:82:23:af:de:82:e9:3b:02:47:e4:9e:f8:3e:01:b3:2d:39:f6:a4:d5:92:28:23:75:b3:13:76:63:24:92:a1:f1:ba:95:ed:d6:f2:fd:fe:69:69:e7:53:3d:31:04:8d:30:cc:78:ae:7b:27:ca:bd:0d:61:86:55:e5:81:15:77:ac:8e:2c:43:d4:f1:7d:d6:34:06:4a:0d:3c:3d:03:48:87:b0:08:e9:dc:bf:9d:c5:4d:52:3f:3c:4a:9a:53:44:88:37:52:b6:0d:d1:37:e2:7d:92:f0:d6:0f:11:8a:a1:0a:de:e8:5f:93:00:e8:5c:96:e2:ef:45:b1:2b:35:83:f4:f0:62:98:d7:17:96:e2:45:7f:80:32:59:98:f0:d8:f3:00:7d:fe:bf:db:6a:d5:2d:d1:10:0d:36:d2:22:e7:88:ce:4e:c1:a1:1e:5f:fa:86:3d:b2:83:e9:51:f2:f7:7d:59:60:7a:ed:28:53:52:ae:a4:18:8f:b2:61:b7:6d:20:e1:c2:49:b9:95:e2:02:95:9e:f7:de:a1:d8:fa:23:86:c9:4e:9b:af:a3:47:6a:93:cc:6f:73:77:5a:fd:3c:7c:28:4c:01:06:45:66:45:58:6d:d2:18:d6:49:d7:4b:ad:0a:13:5c:c4:b3:3a:d1:0e:90:55:7d:21:c8:b5:c9:3a:ed:6c:0c:c6:70:27:63:83:40:dc:ec:37:30:30:81:5d:f8:07:6f:82:66:be:2f:e9:1c:3f:91:dd:e1:e7:09:f8:76:fc:23:07:94:15:0c:02:24:37:97:54:df:d9:53:59:f0:ce:e3:db:fc:7a:6e:be:f4:6c:17:d5:1a:69:3b:14:da:af:eb:79:15:5f:47:1d:af:39:b1:f4:1a:b5:a4:2e:35:c9:1d:09:07:db:55:07:fb:be:4a:05:82:d5:e4:d3:aa:fb:9c:72:e5:a4:79:ff:03:a1:f7:30:4a:61:99:f5:23:d0:af:46:37:f6:28:92:2f:d4:e9:c8:b9:52:b1:1f:d4:9c:bb:56:6c:b3:0f:b0:df:38:29:4f:45:d1:8f:b3:c4:e8:80:95:48:72:4b:fc:01:4c:16:b8:f2:2e:ff:b6:fb:1d:83:76:cc:2f:0d:74:77:71:32:af:1b:37:68:e9:0d:cc:bb:fa:f2:ec:b9:0d:7e:fc:ee:6f:7e:6c:77:55:22:05:1d:1a:c3:bb:42:f0:81:96:7b:70:dc:05:9b:9a:7b:2b:5d:47:b2:13:88:9f:4f:84:5c:44:f7:4a:f6:5b:0b:cb:33:80:65:b7:d7:8e:cb:a4:69:04:eb:69:21:f9:e6:b8:d1:8a:71:c1:a5:2b:b7:d2:24:2c:b4:0a:a7:e4:35:f7:05:24:2f:26:78:34:0e:50:0c:f8:4a:e8:36:6f:de:cf:4f:2a:fd:d4:67:e7:5d:2a:dc:61:de:ce:d6:62:1f:1b:d1:fa:bc:95:c2:13:29:e4:b6:00:5f:f3:5b:98:35:a0:93:53:c8:e2:5d:02:6c:b1:ac:fd:aa:62:75:7c:14:76:22:c3:b5:74:d2:5d:4d:70:2d:42:8d:44:a2:71:aa:00:e8:91:7d:27:c2:ac:99:9a:13:df:dc:d6:c9:59:67:f1:79:d9:e7:3c:99:22:f6:69:4a:65:b9:ef:c3:f8:e1:b1:53:b5:b0:f5:f8:03:17:77:c1:26:30:cd:91:53:96:56:37:1c:d2:f4:87:9b:c8:01:b9:04:d5:3d:6c:e4:39:4c:ee:95:20:f3:77:c7:c7:f3:9f:5f:ee:ad:0f:35:a6:0d:c0:d7:a1:74:d0:69:6a:df:19:66:87:6c:1f:fa:af:a5:ab:d6:c7:92:54:b1:ca:5d:cb:ff:d3:ac:ea:68:14:2c:ac:e6:f2:96:5f:bd:e7:aa:59:c2:03:68:dc:7d:91:a0:a2:c5:df:77:8f:5a:33:53:02:27:7e:fc:3d:24:3f:3b:56:e9:56:e3:0c:e4:61:2d:f7:50:0d:7e:40:6c:00:0c:89:34:68:86:c9:61:8a:f3:89:b8:00:09:36:1a:2a:71:03:66:13:80:7e:fd:7b:09:80:4d:31:a8:cd:5b:c9:04:88:de:e3:80:07:54:15:5a:85:7f:ef:70:6d:d8:7b:08:ab:16:f5:e9:73:cc:93:2f:cc:bd:e0:9c:1d:db:81:33:d6:b0:93:82:43:85:da:05:53:34:aa:27:17:8a:5b:66:fd:57:e2:64:f8:9e:5b:bb:6c:d5:20:72:81:1c:c2:76:51:a3:6b:aa:4d:3c:7c:39:0c:05:fb:8d:1a:3c:3c:51:0e:15:bd:45:40:21:b5" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"188\", Nonce=\"c8fP1lt0O2+7INUIyF8wag==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"qSl67Q\/J57pXnzoIHeA8pQ==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"188\", Nonce=\"c8fP1lt0O2+7INUIyF8wag==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"qSl67Q\/J57pXnzoIHeA8pQ==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0010m\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0017\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdN2#(\u001c:\u00ef\u00bf\u00bdI,G\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0007\u00ef\u00bf\u00bdN(pul\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000em:\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdq\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdp\u0011\\m\u00ef\u00bf\u00bd\u000e.S\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0013,U\u00ef\u00bf\u00bdmw\u00109\u000b\u0003\u00ef\u00bf\u00bd\u000e\\OLGRM6\u001452i\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "9c:2f:be:dc:a6:ac:10:6d:8f:e3:e5:17:c4:d9:a7:da:4e:32:23:28:1c:3a:f1:49:2c:47:c1:dd:07:ce:4e:28:70:75:6c:fe:96:0e:6d:3a:90:9c:86:71:cb:4e:a4:89:70:11:5c:6d:fd:0e:2e:53:c7:b3:a6:d8:13:2c:55:94:6d:77:10:39:0b:03:d4:0e:5c:4f:4c:47:52:4d:36:14:35:32:69:87:a9:84:9b:00:0d:c9:22:b1:ae:92:f0:ce:d7:ae:60:3c:c3:47:f3:77:e0:5d:3f:17:37:e3:d6:83:41:91:fb:b4:e4:22:9e:4d:91:ea:67:dc:c3:c1:9f:63:b7:d9:07:4e:2e:48:8f:70:0f:d0:70:74:76:38:ba:09:d5:5a:fa:ab:dd:c7:02:92:9b:1d:78:65:14:e7:58:d9:f8:fa:49:49:71:b0:45:3e:87:a7:65:5a:97:90:cd:62:fd:36:ba:48:9d:0a:41:d5:08:6e:c4:97:c8:8a:4f:47:37:57:eb:9a:ca:d1:d8:b2:ff:92:ed:ca:a3:45:51:ad:d7:b6:8f:de:9b:a2:23:fe:ec:48:43:23:41:d6:47:03:47:3d:eb:fb:e6:0d:6a:1c:c6:60:13:a7:94:d9:a8:7b:fa:12:fc:be:05:ca:4a:c2:72:be:e5:16:f1:5a:8d:e8:52:2a:4f:cb:9c:09:3a:e3:31:39:7a:26:19:8e:60:8c:b8:c1:6f:17:ab:01:e8:f3:e8:d4:bd:a7:3e:44:38:00:a0:35:92:5a:2d:25:6b:21:ce:ee:43:cb:63:73:0d:b7:63:5c:92:09:89:3b:e4:ef:ce:15:5d:5e:9f:00:2e:a8:c2:81:ef:3c:2d:c4:72:0c:b1:52:7d:1d:97:d2:ab:54:0a:91:92:e5:19:c8:8a:a9:a0:f1:35:d4:7d:b9:b0:f2:ea:b5:1d:2e:ab:57:66:f0:55:a3:6f:32:19:29:c4:af:e2:50:9b:2d:59:dc:f0:82:23:af:de:82:e9:3b:02:47:e4:9e:f8:3e:01:b3:2d:39:f6:a4:d5:92:28:23:75:b3:13:76:63:24:92:a1:f1:ba:95:ed:d6:f2:fd:fe:69:69:e7:53:3d:31:04:8d:30:cc:78:ae:7b:27:ca:bd:0d:61:86:55:e5:81:15:77:ac:8e:2c:43:d4:f1:7d:d6:34:06:4a:0d:3c:3d:03:48:87:b0:08:e9:dc:bf:9d:c5:4d:52:3f:3c:4a:9a:53:44:88:37:52:b6:0d:d1:37:e2:7d:92:f0:d6:0f:11:8a:a1:0a:de:e8:5f:93:00:e8:5c:96:e2:ef:45:b1:2b:35:83:f4:f0:62:98:d7:17:96:e2:45:7f:80:32:59:98:f0:d8:f3:00:7d:fe:bf:db:6a:d5:2d:d1:10:0d:36:d2:22:e7:88:ce:4e:c1:a1:1e:5f:fa:86:3d:b2:83:e9:51:f2:f7:7d:59:60:7a:ed:28:53:52:ae:a4:18:8f:b2:61:b7:6d:20:e1:c2:49:b9:95:e2:02:95:9e:f7:de:a1:d8:fa:23:86:c9:4e:9b:af:a3:47:6a:93:cc:6f:73:77:5a:fd:3c:7c:28:4c:01:06:45:66:45:58:6d:d2:18:d6:49:d7:4b:ad:0a:13:5c:c4:b3:3a:d1:0e:90:55:7d:21:c8:b5:c9:3a:ed:6c:0c:c6:70:27:63:83:40:dc:ec:37:30:30:81:5d:f8:07:6f:82:66:be:2f:e9:1c:3f:91:dd:e1:e7:09:f8:76:fc:23:07:94:15:0c:02:24:37:97:54:df:d9:53:59:f0:ce:e3:db:fc:7a:6e:be:f4:6c:17:d5:1a:69:3b:14:da:af:eb:79:15:5f:47:1d:af:39:b1:f4:1a:b5:a4:2e:35:c9:1d:09:07:db:55:07:fb:be:4a:05:82:d5:e4:d3:aa:fb:9c:72:e5:a4:79:ff:03:a1:f7:30:4a:61:99:f5:23:d0:af:46:37:f6:28:92:2f:d4:e9:c8:b9:52:b1:1f:d4:9c:bb:56:6c:b3:0f:b0:df:38:29:4f:45:d1:8f:b3:c4:e8:80:95:48:72:4b:fc:01:4c:16:b8:f2:2e:ff:b6:fb:1d:83:76:cc:2f:0d:74:77:71:32:af:1b:37:68:e9:0d:cc:bb:fa:f2:ec:b9:0d:7e:fc:ee:6f:7e:6c:77:55:22:05:1d:1a:c3:bb:42:f0:81:96:7b:70:dc:05:9b:9a:7b:2b:5d:47:b2:13:88:9f:4f:84:5c:44:f7:4a:f6:5b:0b:cb:33:80:65:b7:d7:8e:cb:a4:69:04:eb:69:21:f9:e6:b8:d1:8a:71:c1:a5:2b:b7:d2:24:2c:b4:0a:a7:e4:35:f7:05:24:2f:26:78:34:0e:50:0c:f8:4a:e8:36:6f:de:cf:4f:2a:fd:d4:67:e7:5d:2a:dc:61:de:ce:d6:62:1f:1b:d1:fa:bc:95:c2:13:29:e4:b6:00:5f:f3:5b:98:35:a0:93:53:c8:e2:5d:02:6c:b1:ac:fd:aa:62:75:7c:14:76:22:c3:b5:74:d2:5d:4d:70:2d:42:8d:44:a2:71:aa:00:e8:91:7d:27:c2:ac:99:9a:13:df:dc:d6:c9:59:67:f1:79:d9:e7:3c:99:22:f6:69:4a:65:b9:ef:c3:f8:e1:b1:53:b5:b0:f5:f8:03:17:77:c1:26:30:cd:91:53:96:56:37:1c:d2:f4:87:9b:c8:01:b9:04:d5:3d:6c:e4:39:4c:ee:95:20:f3:77:c7:c7:f3:9f:5f:ee:ad:0f:35:a6:0d:c0:d7:a1:74:d0:69:6a:df:19:66:87:6c:1f:fa:af:a5:ab:d6:c7:92:54:b1:ca:5d:cb:ff:d3:ac:ea:68:14:2c:ac:e6:f2:96:5f:bd:e7:aa:59:c2:03:68:dc:7d:91:a0:a2:c5:df:77:8f:5a:33:53:02:27:7e:fc:3d:24:3f:3b:56:e9:56:e3:0c:e4:61:2d:f7:50:0d:7e:40:6c:00:0c:89:34:68:86:c9:61:8a:f3:89:b8:00:09:36:1a:2a:71:03:66:13:80:7e:fd:7b:09:80:4d:31:a8:cd:5b:c9:04:88:de:e3:80:07:54:15:5a:85:7f:ef:70:6d:d8:7b:08:ab:16:f5:e9:73:cc:93:2f:cc:bd:e0:9c:1d:db:81:33:d6:b0:93:82:43:85:da:05:53:34:aa:27:17:8a:5b:66:fd:57:e2:64:f8:9e:5b:bb:6c:d5:20:72:81:1c:c2:76:51:a3:6b:aa:4d:3c:7c:39:0c:05:fb:8d:1a:3c:3c:51:0e:15:bd:45:40:21:b5" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:54.084043000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494394.084043000", + "frame.time_delta": "0.137090000", + "frame.time_delta_displayed": "0.137090000", + "frame.time_relative": "802.623357000", + "frame.number": "3006", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d4bf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000b61b", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35299", + "tcp.port": "80", + "tcp.port": "35299", + "tcp.stream": "130", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008cc6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3005", + "tcp.analysis.ack_rtt": "0.137090000", + "tcp.analysis.initial_rtt": "0.136100000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:54.109943000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494394.109943000", + "frame.time_delta": "0.025900000", + "frame.time_delta_displayed": "0.025900000", + "frame.time_relative": "802.649257000", + "frame.number": "3007", + "frame.len": "925", + "frame.cap_len": "925", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "911", + "ip.id": "0x0000defc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000a877", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35299", + "tcp.port": "80", + "tcp.port": "35299", + "tcp.stream": "130", + "tcp.len": "871", + "tcp.seq": "1", + "tcp.nxtseq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000f1bf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136100000", + "tcp.analysis.bytes_in_flight": "871", + "tcp.analysis.push_bytes_sent": "871" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_length_header": "560", + "http.content_length_header_tree": { + "http.content_length": "560" + }, + "http.response.line": "Content-Length: 560\r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Nonce=\"2hhU3nemMHu7INUIpcyq8g==\"", + "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"2hhU3nemMHu7INUIpcyq8g==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Tue, 31 Oct 2017 23:59:54 GMT", + "http.response.line": "Date: Tue, 31 Oct 2017 23:59:54 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.162990000", + "http.request_in": "3005", + "http.file_data": "\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0010m\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0017\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdN2#(\u001c:\u00ef\u00bf\u00bdI,G\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0007\u00ef\u00bf\u00bdN(\u00ef\u00bf\u00bd\u0005w\u00ef\u00bf\u00bd@" + }, + "media": { + "media.type": "9c:2f:be:dc:a6:ac:10:6d:8f:e3:e5:17:c4:d9:a7:da:4e:32:23:28:1c:3a:f1:49:2c:47:c1:dd:07:ce:4e:28:e9:05:77:9b:40:00:1b:ec:84:a2:6d:8d:1a:a7:ca:cc:b7:27:8a:3e:71:cb:78:ea:85:13:63:5e:3d:53:42:80:80:d8:70:ad:2e:4a:83:86:b0:cf:57:39:0a:49:0b:b5:02:2a:b9:aa:68:64:e0:a3:f3:e5:1e:ca:f5:9c:bd:06:66:5d:70:32:73:c1:08:e1:85:66:15:56:0d:f0:fa:82:b0:28:7b:6c:a3:c6:5d:22:c8:4c:4c:db:0e:dc:f4:2a:27:f7:61:42:55:78:db:f4:81:a7:a0:b0:e4:b5:e5:42:de:ba:5c:2b:c0:76:0a:08:9f:1d:63:db:22:48:a2:5f:c2:b7:50:00:59:79:ab:23:1c:af:2a:12:b7:8f:dd:c4:77:c4:e5:9c:c5:67:a8:95:1a:e5:46:22:be:26:a2:a5:c6:b9:d3:c1:dc:64:96:40:0b:20:5f:a6:0b:b1:de:4d:f1:3a:90:87:24:ad:e1:0b:c3:56:2b:d0:af:90:55:50:8a:ec:cd:e9:3d:a7:fc:3f:1c:ad:7c:08:94:33:81:85:2c:11:63:81:3d:64:7c:e0:96:2d:c3:ad:31:58:cb:ba:75:8b:a5:f0:e8:05:2b:84:a7:2c:6c:d2:95:05:45:20:44:5b:03:11:67:07:be:37:cd:b1:64:ae:d4:e5:5b:52:8c:46:b6:e6:b3:a2:2a:49:87:bc:03:55:89:d3:90:2f:98:50:c8:c2:b6:94:9d:24:cd:d7:e0:95:ea:07:a4:92:23:98:98:75:7a:fd:3f:e1:44:d6:d7:99:a4:85:84:b2:3d:47:99:0f:51:3c:b8:dd:66:88:bd:be:29:2a:8b:ea:1f:8e:d9:c1:42:40:d8:36:36:66:93:3e:b7:2a:d7:b4:d0:1e:5c:2a:21:bb:11:f5:8d:fd:02:2f:be:d3:cf:10:6b:06:09:3b:fe:c2:f1:1f:a8:a6:40:51:32:2a:dd:d6:0e:a3:a8:d7:38:7d:3c:e8:c0:cb:a9:75:ef:88:ca:78:e5:02:31:50:c9:61:67:6a:27:d8:51:eb:21:c5:99:e4:c1:17:64:76:bc:4f:fa:8d:8a:b6:56:3a:19:c6:e0:7d:b1:73:84:94:60:16:c9:2a:19:cc:71:89:15:07:92:7c:74:8d:a5:75:13:9d:9b:3e:f6:70:0d:17:74:99:65:ec:d4:4b:81:99:c2:8f:f3:66:ab:34:43:2c:fa:95:88:4a:4c:f8:c8:30:97:d1:e6:73:f1:aa:3d:15:55:28:e0:1e:60:2f:fe:f8:5d:fa:4d:41:37:5e:bc:1f:ce:8c:4f:60:b4:ac:aa:9c:38:18:b4:4f:66:52:f7:5a:ac:2f:93:17:11:e2:cd:41:eb:08:cd:4c:f9:3c:34:e0:ed:dd:58:26" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:54.110032000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494394.110032000", + "frame.time_delta": "0.000089000", + "frame.time_delta_displayed": "0.000089000", + "frame.time_relative": "802.649346000", + "frame.number": "3008", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000defe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000abdc", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35299", + "tcp.port": "80", + "tcp.port": "35299", + "tcp.stream": "130", + "tcp.len": "0", + "tcp.seq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000895e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:54.110516000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494394.110516000", + "frame.time_delta": "0.000484000", + "frame.time_delta_displayed": "0.000484000", + "frame.time_relative": "802.649830000", + "frame.number": "3009", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000014b2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000212a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35299", + "tcp.dstport": "80", + "tcp.port": "35299", + "tcp.port": "80", + "tcp.stream": "130", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "872", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000029ae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3007", + "tcp.analysis.ack_rtt": "0.000573000", + "tcp.analysis.initial_rtt": "0.136100000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:54.111188000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494394.111188000", + "frame.time_delta": "0.000672000", + "frame.time_delta_displayed": "0.000672000", + "frame.time_relative": "802.650502000", + "frame.number": "3010", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000014b3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002129", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35299", + "tcp.dstport": "80", + "tcp.port": "35299", + "tcp.port": "80", + "tcp.stream": "130", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "873", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000029ac", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3008", + "tcp.analysis.ack_rtt": "0.001156000", + "tcp.analysis.initial_rtt": "0.136100000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:54.247102000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494394.247102000", + "frame.time_delta": "0.135914000", + "frame.time_delta_displayed": "0.135914000", + "frame.time_relative": "802.786416000", + "frame.number": "3011", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001770", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000736b", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35299", + "tcp.port": "80", + "tcp.port": "35299", + "tcp.stream": "130", + "tcp.len": "0", + "tcp.seq": "873", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000895d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3010", + "tcp.analysis.ack_rtt": "0.135914000", + "tcp.analysis.initial_rtt": "0.136100000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 16:59:56.270503000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494396.270503000", + "frame.time_delta": "2.023401000", + "frame.time_delta_displayed": "2.023401000", + "frame.time_relative": "804.809817000", + "frame.number": "3012", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "50:c7:bf:59:d5:84", + "eth.src_tree": { + "eth.src_resolved": "Tp-LinkT_59:d5:84", + "eth.addr": "50:c7:bf:59:d5:84", + "eth.addr_resolved": "Tp-LinkT_59:d5:84", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "50:c7:bf:59:d5:84", + "arp.src.proto_ipv4": "192.168.0.221", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:00.168575000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494400.168575000", + "frame.time_delta": "3.898072000", + "frame.time_delta_displayed": "3.898072000", + "frame.time_relative": "808.707889000", + "frame.number": "3013", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000a794", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000021c3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:00.221474000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494400.221474000", + "frame.time_delta": "0.052899000", + "frame.time_delta_displayed": "0.052899000", + "frame.time_relative": "808.760788000", + "frame.number": "3014", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000a797", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000021c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:00.274279000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494400.274279000", + "frame.time_delta": "0.052805000", + "frame.time_delta_displayed": "0.052805000", + "frame.time_relative": "808.813593000", + "frame.number": "3015", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000a798", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000021b6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:00.327230000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494400.327230000", + "frame.time_delta": "0.052951000", + "frame.time_delta_displayed": "0.052951000", + "frame.time_relative": "808.866544000", + "frame.number": "3016", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000a79a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000021b4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:00.380034000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494400.380034000", + "frame.time_delta": "0.052804000", + "frame.time_delta_displayed": "0.052804000", + "frame.time_relative": "808.919348000", + "frame.number": "3017", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000a79f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000021b5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:00.432919000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494400.432919000", + "frame.time_delta": "0.052885000", + "frame.time_delta_displayed": "0.052885000", + "frame.time_relative": "808.972233000", + "frame.number": "3018", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000a7a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000021b3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:04.224248000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494404.224248000", + "frame.time_delta": "3.791329000", + "frame.time_delta_displayed": "3.791329000", + "frame.time_relative": "812.763562000", + "frame.number": "3019", + "frame.len": "94", + "frame.cap_len": "94", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "80", + "ip.id": "0x000057ef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a67a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "40", + "tcp.seq": "242", + "tcp.nxtseq": "282", + "tcp.ack": "217", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f223", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "40", + "tcp.analysis.push_bytes_sent": "40" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "35", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:e2:23:e0:ad:50:62:31:57:66:3f:cc:f3:e9:32:bf:e3:14:89:09:1e:b4:c9:d4:7d:13:62:ef:f0" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:04.371464000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494404.371464000", + "frame.time_delta": "0.147216000", + "frame.time_delta_displayed": "0.147216000", + "frame.time_relative": "812.910778000", + "frame.number": "3020", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00000fde", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd8f", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "36", + "tcp.seq": "217", + "tcp.nxtseq": "253", + "tcp.ack": "282", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000042b1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3019", + "tcp.analysis.ack_rtt": "0.147216000", + "tcp.analysis.bytes_in_flight": "36", + "tcp.analysis.push_bytes_sent": "36" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "31", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:68:13:6a:a9:c9:b4:10:b7:8f:3e:a0:72:86:21:7d:af:b7:55:5f:71:d2:ba:0a:51" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:04.371975000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494404.371975000", + "frame.time_delta": "0.000511000", + "frame.time_delta_displayed": "0.000511000", + "frame.time_relative": "812.911289000", + "frame.number": "3021", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057f0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6a1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "282", + "tcp.ack": "253", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000004aa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3020", + "tcp.analysis.ack_rtt": "0.000511000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:05.593160000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494405.593160000", + "frame.time_delta": "1.221185000", + "frame.time_delta_displayed": "1.221185000", + "frame.time_relative": "814.132474000", + "frame.number": "3022", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d9b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba55", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000e93", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000026f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=623", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:05.593687000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494405.593687000", + "frame.time_delta": "0.000527000", + "frame.time_delta_displayed": "0.000527000", + "frame.time_relative": "814.133001000", + "frame.number": "3023", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d9c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b50", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ef8e", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000026f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=623", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:05.594053000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494405.594053000", + "frame.time_delta": "0.000366000", + "frame.time_delta_displayed": "0.000366000", + "frame.time_relative": "814.133367000", + "frame.number": "3024", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007d54", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000026f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=623", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:06.473323000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494406.473323000", + "frame.time_delta": "0.879270000", + "frame.time_delta_displayed": "0.879270000", + "frame.time_relative": "815.012637000", + "frame.number": "3025", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005c54", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005b95", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:09.100907000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494409.100907000", + "frame.time_delta": "2.627584000", + "frame.time_delta_displayed": "2.627584000", + "frame.time_relative": "817.640221000", + "frame.number": "3026", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00006dd1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00006b88", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:10.592824000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494410.592824000", + "frame.time_delta": "1.491917000", + "frame.time_delta_displayed": "1.491917000", + "frame.time_relative": "819.132138000", + "frame.number": "3027", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d9d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba53", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000e93", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000026f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=623", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:10.593267000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494410.593267000", + "frame.time_delta": "0.000443000", + "frame.time_delta_displayed": "0.000443000", + "frame.time_relative": "819.132581000", + "frame.number": "3028", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d9e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b4e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ef8e", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000026f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=623", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:10.593689000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494410.593689000", + "frame.time_delta": "0.000422000", + "frame.time_delta_displayed": "0.000422000", + "frame.time_relative": "819.133003000", + "frame.number": "3029", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007d54", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000026f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=623", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:15.592316000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494415.592316000", + "frame.time_delta": "4.998627000", + "frame.time_delta_displayed": "4.998627000", + "frame.time_relative": "824.131630000", + "frame.number": "3030", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001d9f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba51", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000e93", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x0000026f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=623", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:15.596017000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494415.596017000", + "frame.time_delta": "0.003701000", + "frame.time_delta_displayed": "0.003701000", + "frame.time_relative": "824.135331000", + "frame.number": "3031", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001da0", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b4c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ef8e", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x0000026f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=623", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:15.596354000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494415.596354000", + "frame.time_delta": "0.000337000", + "frame.time_delta_displayed": "0.000337000", + "frame.time_relative": "824.135668000", + "frame.number": "3032", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007d54", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x0000026f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=623", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:15.923192000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494415.923192000", + "frame.time_delta": "0.326838000", + "frame.time_delta_displayed": "0.326838000", + "frame.time_relative": "824.462506000", + "frame.number": "3033", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009572", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "29435", + "tcp.nxtseq": "29484", + "tcp.ack": "6762", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f9b4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:f2:fc:a7:9e:07:cb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2487036, TSecr 2812151755": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2487036", + "tcp.options.timestamp.tsecr": "2812151755" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:1b:bc:4d:b6:46:1e:98:0d:b8:13:08:aa:d9:e2:fe:34:91:09:c7:06:e0:2c:19:1f:8d:fd:1f:c0:d0:a0:3c:2a:23:c9:ad:41:66" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:15.983525000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494415.983525000", + "frame.time_delta": "0.060333000", + "frame.time_delta_displayed": "0.060333000", + "frame.time_relative": "824.522839000", + "frame.number": "3034", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c69", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003916", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "6762", + "tcp.ack": "29484", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000773", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:20:88:00:25:f2:fc", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812158088, TSecr 2487036": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812158088", + "tcp.options.timestamp.tsecr": "2487036" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3033", + "tcp.analysis.ack_rtt": "0.060333000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:15.983980000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494415.983980000", + "frame.time_delta": "0.000455000", + "frame.time_delta_displayed": "0.000455000", + "frame.time_relative": "824.523294000", + "frame.number": "3035", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002c6a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038de", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "6762", + "tcp.nxtseq": "6817", + "tcp.ack": "29484", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000047aa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:20:88:00:25:f2:fc", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812158088, TSecr 2487036": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812158088", + "tcp.options.timestamp.tsecr": "2487036" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:5f:59:c6:a0:9d:b9:5c:2a:bc:4a:c4:e0:cb:7d:f8:91:60:56:63:dd:1b:5a:a2:33:c8:0c:11:7a:94:25:74:74:68:6f:6d:0b:b7:b9:d0:6b:d5:2b:4b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:16.014710000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494416.014710000", + "frame.time_delta": "0.030730000", + "frame.time_delta_displayed": "0.030730000", + "frame.time_relative": "824.554024000", + "frame.number": "3036", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009573", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000780c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "29484", + "tcp.ack": "6817", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000643", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:f3:06:a7:9e:20:88", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2487046, TSecr 2812158088": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2487046", + "tcp.options.timestamp.tsecr": "2812158088" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3035", + "tcp.analysis.ack_rtt": "0.030730000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:16.521108000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494416.521108000", + "frame.time_delta": "0.506398000", + "frame.time_delta_displayed": "0.506398000", + "frame.time_relative": "825.060422000", + "frame.number": "3037", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00007266", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000066f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000001", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:16.523876000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494416.523876000", + "frame.time_delta": "0.002768000", + "frame.time_delta_displayed": "0.002768000", + "frame.time_relative": "825.063190000", + "frame.number": "3038", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00007268", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000066f1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000001", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:17.001118000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494417.001118000", + "frame.time_delta": "0.477242000", + "frame.time_delta_displayed": "0.477242000", + "frame.time_relative": "825.540432000", + "frame.number": "3039", + "frame.len": "88", + "frame.cap_len": "88", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "74", + "ip.id": "0x000072f4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00006695", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "54", + "udp.checksum": "0x0000fd7d", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_services._dns-sd._udp.local", + "dns.qry.name.len": "28", + "dns.count.labels": "4", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:17.001277000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494417.001277000", + "frame.time_delta": "0.000159000", + "frame.time_delta_displayed": "0.000159000", + "frame.time_relative": "825.540591000", + "frame.number": "3040", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x000072f5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00006699", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:17.001421000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494417.001421000", + "frame.time_delta": "0.000144000", + "frame.time_delta_displayed": "0.000144000", + "frame.time_relative": "825.540735000", + "frame.number": "3041", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x000072f6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00006698", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:17.022759000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494417.022759000", + "frame.time_delta": "0.021338000", + "frame.time_delta_displayed": "0.021338000", + "frame.time_relative": "825.562073000", + "frame.number": "3042", + "frame.len": "211", + "frame.cap_len": "211", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "197", + "ip.id": "0x0000201c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000b875", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "177", + "udp.checksum": "0x00009320", + "udp.checksum.status": "2", + "udp.stream": "45" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "4", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { + "dns.resp.name": "_smartthings._tcp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "19", + "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { + "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "4500", + "dns.resp.len": "38", + "dns.txt.length": "6", + "dns.txt": "path=\/", + "dns.txt.length": "19", + "dns.txt": "id=D052A8A1D7EE0001", + "dns.txt.length": "10", + "dns.txt": "type=hubv2" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { + "dns.srv.service": "D052A8A1D7EE0001", + "dns.srv.proto": "_smartthings", + "dns.srv.name": "_tcp.local", + "dns.resp.type": "33", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "25", + "dns.srv.priority": "0", + "dns.srv.weight": "0", + "dns.srv.port": "8081", + "dns.srv.target": "D052A8A1D7EE0001.local" + }, + "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { + "dns.resp.name": "D052A8A1D7EE0001.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "4", + "dns.a": "192.168.0.242" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:17.117403000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494417.117403000", + "frame.time_delta": "0.094644000", + "frame.time_delta_displayed": "0.094644000", + "frame.time_relative": "825.656717000", + "frame.number": "3043", + "frame.len": "108", + "frame.cap_len": "108", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "c4:12:f5:de:38:20", + "eth.src_tree": { + "eth.src_resolved": "D-LinkIn_de:38:20", + "eth.addr": "c4:12:f5:de:38:20", + "eth.addr_resolved": "D-LinkIn_de:38:20", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "94", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000d995", + "ip.checksum.status": "2", + "ip.src": "192.168.0.85", + "ip.addr": "192.168.0.85", + "ip.src_host": "192.168.0.85", + "ip.host": "192.168.0.85", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "74", + "udp.checksum": "0x00009b9d", + "udp.checksum.status": "2", + "udp.stream": "50" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "14", + "dns.ptr.domain_name": "_dhnap._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:17.136174000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494417.136174000", + "frame.time_delta": "0.018771000", + "frame.time_delta_displayed": "0.018771000", + "frame.time_relative": "825.675488000", + "frame.number": "3044", + "frame.len": "108", + "frame.cap_len": "108", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "c4:12:f5:e3:dc:17", + "eth.src_tree": { + "eth.src_resolved": "D-LinkIn_e3:dc:17", + "eth.addr": "c4:12:f5:e3:dc:17", + "eth.addr_resolved": "D-LinkIn_e3:dc:17", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "94", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000d963", + "ip.checksum.status": "2", + "ip.src": "192.168.0.135", + "ip.addr": "192.168.0.135", + "ip.src_host": "192.168.0.135", + "ip.host": "192.168.0.135", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "74", + "udp.checksum": "0x00009b6b", + "udp.checksum.status": "2", + "udp.stream": "48" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "14", + "dns.ptr.domain_name": "_dhnap._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:17.152764000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494417.152764000", + "frame.time_delta": "0.016590000", + "frame.time_delta_displayed": "0.016590000", + "frame.time_relative": "825.692078000", + "frame.number": "3045", + "frame.len": "108", + "frame.cap_len": "108", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "90:8d:78:e3:81:0c", + "eth.src_tree": { + "eth.src_resolved": "D-LinkIn_e3:81:0c", + "eth.addr": "90:8d:78:e3:81:0c", + "eth.addr_resolved": "D-LinkIn_e3:81:0c", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "94", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000d8fa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.240", + "ip.addr": "192.168.0.240", + "ip.src_host": "192.168.0.240", + "ip.host": "192.168.0.240", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "74", + "udp.checksum": "0x00009b02", + "udp.checksum.status": "2", + "udp.stream": "49" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "14", + "dns.ptr.domain_name": "_dhnap._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:17.202581000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494417.202581000", + "frame.time_delta": "0.049817000", + "frame.time_delta_displayed": "0.049817000", + "frame.time_relative": "825.741895000", + "frame.number": "3046", + "frame.len": "114", + "frame.cap_len": "114", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "74:da:38:0d:05:55", + "eth.src_tree": { + "eth.src_resolved": "EdimaxTe_0d:05:55", + "eth.addr": "74:da:38:0d:05:55", + "eth.addr_resolved": "EdimaxTe_0d:05:55", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "100", + "ip.id": "0x00003827", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000a146", + "ip.checksum.status": "2", + "ip.src": "192.168.0.119", + "ip.addr": "192.168.0.119", + "ip.src_host": "192.168.0.119", + "ip.host": "192.168.0.119", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "80", + "udp.checksum": "0x00004200", + "udp.checksum.status": "2", + "udp.stream": "47" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _workstation._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "20", + "dns.ptr.domain_name": "_workstation._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:17.237071000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494417.237071000", + "frame.time_delta": "0.034490000", + "frame.time_delta_displayed": "0.034490000", + "frame.time_relative": "825.776385000", + "frame.number": "3047", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x000072fc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00006692", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:17.237225000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494417.237225000", + "frame.time_delta": "0.000154000", + "frame.time_delta_displayed": "0.000154000", + "frame.time_relative": "825.776539000", + "frame.number": "3048", + "frame.len": "88", + "frame.cap_len": "88", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "74", + "ip.id": "0x000072fd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000668c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "54", + "udp.checksum": "0x0000fd7d", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_services._dns-sd._udp.local", + "dns.qry.name.len": "28", + "dns.count.labels": "4", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:17.237363000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494417.237363000", + "frame.time_delta": "0.000138000", + "frame.time_delta_displayed": "0.000138000", + "frame.time_relative": "825.776677000", + "frame.number": "3049", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x000072fe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00006690", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:17.483591000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494417.483591000", + "frame.time_delta": "0.246228000", + "frame.time_delta_displayed": "0.246228000", + "frame.time_relative": "826.022905000", + "frame.number": "3050", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000730e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00006680", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:17.483765000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494417.483765000", + "frame.time_delta": "0.000174000", + "frame.time_delta_displayed": "0.000174000", + "frame.time_relative": "826.023079000", + "frame.number": "3051", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000730f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000667f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:17.483911000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494417.483911000", + "frame.time_delta": "0.000146000", + "frame.time_delta_displayed": "0.000146000", + "frame.time_relative": "826.023225000", + "frame.number": "3052", + "frame.len": "88", + "frame.cap_len": "88", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "74", + "ip.id": "0x00007310", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00006679", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "54", + "udp.checksum": "0x0000fd7d", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_services._dns-sd._udp.local", + "dns.qry.name.len": "28", + "dns.count.labels": "4", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:17.529973000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494417.529973000", + "frame.time_delta": "0.046062000", + "frame.time_delta_displayed": "0.046062000", + "frame.time_relative": "826.069287000", + "frame.number": "3053", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000731e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000663b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000002", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:17.723352000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494417.723352000", + "frame.time_delta": "0.193379000", + "frame.time_delta_displayed": "0.193379000", + "frame.time_relative": "826.262666000", + "frame.number": "3054", + "frame.len": "107", + "frame.cap_len": "107", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "93", + "ip.id": "0x0000046b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000d539", + "ip.checksum.status": "2", + "ip.src": "192.168.0.71", + "ip.addr": "192.168.0.71", + "ip.src_host": "192.168.0.71", + "ip.host": "192.168.0.71", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "73", + "udp.checksum": "0x0000791d", + "udp.checksum.status": "2", + "udp.stream": "46" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _http._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "13", + "dns.ptr.domain_name": "_http._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:17.777190000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494417.777190000", + "frame.time_delta": "0.053838000", + "frame.time_delta_displayed": "0.053838000", + "frame.time_relative": "826.316504000", + "frame.number": "3055", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00007321", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00006661", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "61", + "udp.checksum": "0x0000e755", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "192-168-0-117.local: type ANY, class IN, \"QM\" question": { + "dns.qry.name": "192-168-0-117.local", + "dns.qry.name.len": "19", + "dns.count.labels": "2", + "dns.qry.type": "255", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + }, + "Authoritative nameservers": { + "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "3600", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:18.530869000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494418.530869000", + "frame.time_delta": "0.753679000", + "frame.time_delta_displayed": "0.753679000", + "frame.time_relative": "827.070183000", + "frame.number": "3056", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00007373", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000065e6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:18.751526000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494418.751526000", + "frame.time_delta": "0.220657000", + "frame.time_delta_displayed": "0.220657000", + "frame.time_relative": "827.290840000", + "frame.number": "3057", + "frame.len": "142", + "frame.cap_len": "142", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:adwin_config" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "128", + "ip.id": "0x00000abe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edc6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "108", + "udp.checksum": "0x0000d490", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "adwin_config": { + "adwin_config.command": "1409286244", + "adwin_config.version": "1380667970", + "adwin_config.mac": "d0:73:d5:02:41:da", + "adwin_config.unused": "", + "adwin_config.server_ip": "88.70.73.76", + "adwin_config.unused": "", + "adwin_config.netmask": "237.213.187.196", + "adwin_config.unused": "", + "adwin_config.gateway": "0.0.0.59", + "adwin_config.unused": "", + "adwin_config.dhcp": "1", + "adwin_config.port": "351456555", + "adwin_config.password": "", + "adwin_config.bootloader": "0", + "adwin_config.unused": "", + "adwin_config.description": "", + "adwin_config.date": "", + "adwin_config.revision": "", + "adwin_config.processor_type_raw": "", + "adwin_config.processor_type": "Unknown", + "adwin_config.system_type_raw": "", + "adwin_config.system_type": "Unknown" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:18.776985000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494418.776985000", + "frame.time_delta": "0.025459000", + "frame.time_delta_displayed": "0.025459000", + "frame.time_relative": "827.316299000", + "frame.number": "3058", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x000073bb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000065c7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "61", + "udp.checksum": "0x0000e755", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "192-168-0-117.local: type ANY, class IN, \"QM\" question": { + "dns.qry.name": "192-168-0-117.local", + "dns.qry.name.len": "19", + "dns.count.labels": "2", + "dns.qry.type": "255", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + }, + "Authoritative nameservers": { + "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "3600", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:19.777025000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494419.777025000", + "frame.time_delta": "1.000040000", + "frame.time_delta_displayed": "1.000040000", + "frame.time_relative": "828.316339000", + "frame.number": "3059", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x000073f4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000658e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "61", + "udp.checksum": "0x0000e755", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "192-168-0-117.local: type ANY, class IN, \"QM\" question": { + "dns.qry.name": "192-168-0-117.local", + "dns.qry.name.len": "19", + "dns.count.labels": "2", + "dns.qry.type": "255", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + }, + "Authoritative nameservers": { + "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "3600", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:20.778356000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494420.778356000", + "frame.time_delta": "1.001331000", + "frame.time_delta_displayed": "1.001331000", + "frame.time_relative": "829.317670000", + "frame.number": "3060", + "frame.len": "89", + "frame.cap_len": "89", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "75", + "ip.id": "0x00007416", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00006572", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "55", + "udp.checksum": "0x00006fa3", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.response_to": "3059", + "dns.time": "1.001331000", + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "192-168-0-117.local: type A, class IN, cache flush, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "3600", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:21.784655000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494421.784655000", + "frame.time_delta": "1.006299000", + "frame.time_delta_displayed": "1.006299000", + "frame.time_relative": "830.323969000", + "frame.number": "3061", + "frame.len": "89", + "frame.cap_len": "89", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "75", + "ip.id": "0x000074fb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000648d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "55", + "udp.checksum": "0x00006fa3", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.response_to": "3059", + "dns.time": "2.007630000", + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "192-168-0-117.local: type A, class IN, cache flush, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "3600", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:27.433978000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494427.433978000", + "frame.time_delta": "5.649323000", + "frame.time_delta_displayed": "5.649323000", + "frame.time_relative": "835.973292000", + "frame.number": "3062", + "frame.len": "354", + "frame.cap_len": "354", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "340", + "ip.id": "0x00002c6b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037f4", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "288", + "tcp.seq": "6817", + "tcp.nxtseq": "7105", + "tcp.ack": "29484", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000381a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:2b:b6:00:25:f3:06", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812160950, TSecr 2487046": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812160950", + "tcp.options.timestamp.tsecr": "2487046" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "288", + "tcp.analysis.push_bytes_sent": "288" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "283", + "ssl.app_data": "34:cd:34:17:47:48:0e:60:79:6b:04:a3:82:68:e1:2e:1a:6c:22:69:e9:f6:08:16:b9:2c:95:b1:a6:c1:c0:e3:88:34:ce:b6:87:cc:9c:72:4c:a8:dd:63:ac:3b:a3:73:5e:8c:c3:2e:a4:e8:7d:87:33:70:b0:2a:fa:8e:42:55:af:77:04:53:b2:93:f5:c2:3f:db:d8:86:4a:bd:a4:6f:95:a7:34:82:33:80:ea:5e:15:dd:d6:84:7e:a3:a1:ba:ce:d2:97:51:02:7a:8a:38:0b:4d:84:0c:50:53:c5:26:15:5a:0d:ad:7d:f5:be:dd:b7:e0:34:bf:84:f2:fd:bd:66:45:f5:4f:57:d5:6c:6c:5a:09:38:55:5d:93:f6:61:3f:cf:97:21:c6:11:d1:18:9f:5b:85:aa:48:c4:87:2d:60:69:3a:14:5e:93:99:89:80:c7:5e:19:36:43:20:50:78:52:bf:12:58:3a:a0:1d:ff:3d:61:54:a7:1f:1f:0d:f6:ca:c3:87:31:d5:e2:fb:d4:8b:eb:22:cb:0d:7e:a1:ed:1e:7c:49:be:c6:9a:9e:b2:34:18:10:2a:d2:1f:b2:0f:d9:55:a7:3e:47:21:50:9f:77:10:86:41:b0:4e:12:34:e8:63:3c:7a:f5:0f:05:b2:1b:d3:3f:44:63:f8:e4:77:45:f4:0b:17:23:0c:12:9d:fa:f5:7f:84:b5:8d:b8:0d:7a:74:fe:da:bd:b2:05:ae:ed:0b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:27.434477000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494427.434477000", + "frame.time_delta": "0.000499000", + "frame.time_delta_displayed": "0.000499000", + "frame.time_relative": "835.973791000", + "frame.number": "3063", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009574", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000780b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "29484", + "tcp.ack": "7105", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f57e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:f7:7c:a7:9e:2b:b6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2488188, TSecr 2812160950": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2488188", + "tcp.options.timestamp.tsecr": "2812160950" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3062", + "tcp.analysis.ack_rtt": "0.000499000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:27.462183000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494427.462183000", + "frame.time_delta": "0.027706000", + "frame.time_delta_displayed": "0.027706000", + "frame.time_relative": "836.001497000", + "frame.number": "3064", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x00009575", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077d5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "29484", + "tcp.nxtseq": "29537", + "tcp.ack": "7105", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008733", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:f7:7e:a7:9e:2b:b6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2488190, TSecr 2812160950": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2488190", + "tcp.options.timestamp.tsecr": "2812160950" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:1c:b9:00:c9:4f:9c:80:88:3f:de:31:a2:03:49:93:cc:81:65:06:41:37:05:16:5e:30:9f:e5:98:c6:58:e7:db:84:62:91:34:76:ac:3a:f5:11" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:27.558692000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494427.558692000", + "frame.time_delta": "0.096509000", + "frame.time_delta_displayed": "0.096509000", + "frame.time_relative": "836.098006000", + "frame.number": "3065", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c6c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003913", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "7105", + "tcp.ack": "29537", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f616", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:2b:d6:00:25:f7:7e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812160982, TSecr 2488190": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812160982", + "tcp.options.timestamp.tsecr": "2488190" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3064", + "tcp.analysis.ack_rtt": "0.096509000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:27.559244000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494427.559244000", + "frame.time_delta": "0.000552000", + "frame.time_delta_displayed": "0.000552000", + "frame.time_relative": "836.098558000", + "frame.number": "3066", + "frame.len": "765", + "frame.cap_len": "765", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "751", + "ip.id": "0x00009576", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000754e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "699", + "tcp.seq": "29537", + "tcp.nxtseq": "30236", + "tcp.ack": "7105", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008178", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:f7:88:a7:9e:2b:d6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2488200, TSecr 2812160982": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2488200", + "tcp.options.timestamp.tsecr": "2812160982" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "699", + "tcp.analysis.push_bytes_sent": "699" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:1d:07:85:78:c1:88:06:97:0f:c4:ba:cc:ab:5c:49:21:88:cc:ae:fe:3b:61:e8:d7:05:e3:70:19:df:35:6c:43:8f:f0:33:fa:96:0a:14:70:0e:74" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:1e:51:6f:1c:05:0e:d9:77:f7:d3:bc:32:19:5d:2f:24:09:62:0e:e9:ca:95:13:dd:ce:d2:7c:79:91:1b:62:eb:b4:9c:f7:e9:95:6e:59:15:c5:2c:8d:fc:b7:be:e8:bf:51:0b:05:0b:6b:02:a6:67:7a:3e:c8:49:3d:97:87:6c:d2:32:3a:30:14:df:dd:f0:09:e9:32:da:d0:7c:58:f3:5f:6f:3b:c7:e0:4e:dd:ea:1c" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "539", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:1f:86:d8:41:4d:98:11:83:47:9e:29:0c:f3:e1:51:c1:88:87:f2:ce:39:35:f8:d5:45:5c:64:6b:16:22:ae:a6:a6:71:1e:0a:25:fb:35:7d:e6:ed:2b:81:ec:1c:55:8b:64:1b:29:ac:2b:c2:3f:02:1d:88:bd:9d:e3:29:39:19:09:0c:16:cf:ab:0a:e7:fa:bb:8b:cb:be:4a:f0:e7:ab:86:0c:fd:01:a8:45:3d:ac:68:73:a2:ec:8c:aa:ed:c2:49:35:36:06:ab:2c:8e:87:35:ff:ce:78:d5:2f:d2:8e:a4:20:07:e2:2b:14:83:6b:7e:3f:f5:52:22:88:1f:a0:e1:b7:e3:20:d5:ff:8d:97:1d:78:e9:77:0f:3a:c7:ec:c1:62:ed:38:96:15:ac:72:89:95:1c:66:57:b1:9c:fb:32:77:78:35:f9:be:7c:25:53:f1:7a:3e:60:57:07:21:df:63:32:c6:b3:64:a4:e4:08:1d:6c:8f:58:ac:aa:b6:37:2a:21:d2:9a:9c:d4:39:9f:16:e4:0f:01:54:70:bb:b8:f3:a2:37:52:be:dd:da:83:24:40:9f:02:28:df:13:6d:62:dd:63:5d:7b:89:af:60:72:55:c0:b6:2e:30:80:18:84:c0:88:4e:7e:2a:48:37:79:2e:b1:72:85:9a:31:7c:51:a6:f0:31:90:df:3b:89:3a:3b:8f:10:7f:27:8f:30:8a:2f:87:74:db:ea:fc:6c:ff:95:ad:68:5d:41:4a:81:63:fb:1d:54:2d:70:be:0d:53:4e:da:a8:ce:2d:3d:51:fb:d2:85:9d:22:74:28:53:7a:36:97:cc:dd:ac:5a:59:f3:47:21:48:ae:54:2b:b4:f5:65:39:a4:64:c7:06:c2:1d:62:d2:62:07:90:8b:de:94:1b:57:9b:14:64:14:1f:f0:4c:af:0e:a1:7e:d9:23:78:bf:c7:4e:25:fd:ac:b6:89:dd:2a:c6:d1:ba:06:64:a8:bd:03:e4:72:1a:45:32:05:48:73:a8:29:99:d0:53:5d:f8:53:73:31:86:fb:fd:6c:a1:71:58:04:ac:a8:47:e4:a0:50:14:d9:1c:50:62:80:e9:08:a0:11:5d:ab:65:af:17:5f:f1:cd:ea:70:5c:68:ad:28:8a:45:c0:a1:b5:07:80:9b:85:88:71:02:97:f1:5d:03:58:bd:9f:ba:91:d2:3f:b0:79:04:67:d9:24:20:f6:64:87:e1:c3:1d:b0:68:4d:a4:20:ee:f0:a9:88:23:de:07:09:2c:b3:3a:20:c9:9d:ed:8d:d6:6e:2c:5b:f5:50:20:05:eb:b7:0a:d4:48:ed:f5:b7:f2:1b:56:f9:5a:99:c2:c8:46:f2:8e:3f:ab:39:94:58:e2:3d:86:4a:e3:ea:6c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:27.619367000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494427.619367000", + "frame.time_delta": "0.060123000", + "frame.time_delta_displayed": "0.060123000", + "frame.time_relative": "836.158681000", + "frame.number": "3067", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c6d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003912", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "7105", + "tcp.ack": "30236", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f342", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:2b:e5:00:25:f7:88", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812160997, TSecr 2488200": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812160997", + "tcp.options.timestamp.tsecr": "2488200" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3066", + "tcp.analysis.ack_rtt": "0.060123000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:27.854726000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494427.854726000", + "frame.time_delta": "0.235359000", + "frame.time_delta_displayed": "0.235359000", + "frame.time_relative": "836.394040000", + "frame.number": "3068", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009577", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077d2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "30236", + "tcp.nxtseq": "30290", + "tcp.ack": "7105", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ab6e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:f7:a6:a7:9e:2b:e5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2488230, TSecr 2812160997": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2488230", + "tcp.options.timestamp.tsecr": "2812160997" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:20:2d:55:a2:e4:2f:9b:bf:ce:6c:6d:d3:c3:b5:d0:81:5a:b3:db:63:4c:5e:58:de:3b:fe:04:41:62:78:16:92:72:28:bf:c7:4f:4a:e6:31:7d:28" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:27.914872000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494427.914872000", + "frame.time_delta": "0.060146000", + "frame.time_delta_displayed": "0.060146000", + "frame.time_relative": "836.454186000", + "frame.number": "3069", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c6e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003911", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "7105", + "tcp.ack": "30290", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f2a4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:2c:2f:00:25:f7:a6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812161071, TSecr 2488230": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812161071", + "tcp.options.timestamp.tsecr": "2488230" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3068", + "tcp.analysis.ack_rtt": "0.060146000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:28.851679000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494428.851679000", + "frame.time_delta": "0.936807000", + "frame.time_delta_displayed": "0.936807000", + "frame.time_relative": "837.390993000", + "frame.number": "3070", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:31.723716000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494431.723716000", + "frame.time_delta": "2.872037000", + "frame.time_delta_displayed": "2.872037000", + "frame.time_relative": "840.263030000", + "frame.number": "3071", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00000743", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b177", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "44856", + "udp.dstport": "53", + "udp.port": "44856", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x000006e2", + "udp.checksum.status": "2", + "udp.stream": "81" + }, + "dns": { + "dns.id": "0x00000f23", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:31.724332000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494431.724332000", + "frame.time_delta": "0.000616000", + "frame.time_delta_displayed": "0.000616000", + "frame.time_relative": "840.263646000", + "frame.number": "3072", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000046ce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000071ec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "44856", + "udp.port": "53", + "udp.port": "44856", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "81" + }, + "dns": { + "dns.response_to": "3071", + "dns.time": "0.000616000", + "dns.id": "0x00000f23", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:31.725227000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494431.725227000", + "frame.time_delta": "0.000895000", + "frame.time_delta_displayed": "0.000895000", + "frame.time_relative": "840.264541000", + "frame.number": "3073", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00000744", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b176", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "43940", + "udp.dstport": "53", + "udp.port": "43940", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00002575", + "udp.checksum.status": "2", + "udp.stream": "82" + }, + "dns": { + "dns.id": "0x00000f24", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:31.725761000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494431.725761000", + "frame.time_delta": "0.000534000", + "frame.time_delta_displayed": "0.000534000", + "frame.time_relative": "840.265075000", + "frame.number": "3074", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x000046cf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000071db", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "43940", + "udp.port": "53", + "udp.port": "43940", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "82" + }, + "dns": { + "dns.response_to": "3073", + "dns.time": "0.000534000", + "dns.id": "0x00000f24", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2946", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:31.726517000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494431.726517000", + "frame.time_delta": "0.000756000", + "frame.time_delta_displayed": "0.000756000", + "frame.time_relative": "840.265831000", + "frame.number": "3075", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00007505", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c0ca", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35300", + "tcp.dstport": "80", + "tcp.port": "35300", + "tcp.port": "80", + "tcp.stream": "131", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00000c00", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:31.746839000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494431.746839000", + "frame.time_delta": "0.020322000", + "frame.time_delta_displayed": "0.020322000", + "frame.time_relative": "840.286153000", + "frame.number": "3076", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:31.861972000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494431.861972000", + "frame.time_delta": "0.115133000", + "frame.time_delta_displayed": "0.115133000", + "frame.time_relative": "840.401286000", + "frame.number": "3077", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x00004e93", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00003c40", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35300", + "tcp.port": "80", + "tcp.port": "35300", + "tcp.stream": "131", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x00003553", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3075", + "tcp.analysis.ack_rtt": "0.135455000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:31.862511000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494431.862511000", + "frame.time_delta": "0.000539000", + "frame.time_delta_displayed": "0.000539000", + "frame.time_relative": "840.401825000", + "frame.number": "3078", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007506", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c0d5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35300", + "tcp.dstport": "80", + "tcp.port": "35300", + "tcp.port": "80", + "tcp.stream": "131", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000fee1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3077", + "tcp.analysis.ack_rtt": "0.000539000", + "tcp.analysis.initial_rtt": "0.135994000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:31.863126000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494431.863126000", + "frame.time_delta": "0.000615000", + "frame.time_delta_displayed": "0.000615000", + "frame.time_relative": "840.402440000", + "frame.number": "3079", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x00007507", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000be7c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35300", + "tcp.dstport": "80", + "tcp.port": "35300", + "tcp.port": "80", + "tcp.stream": "131", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000a7d5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.135994000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:39:22:2c:20:4e:6f:6e:63:65:3d:22:32:68:68:55:33:6e:65:6d:4d:48:75:37:49:4e:55:49:70:63:79:71:38:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:4f:2f:50:44:65:48:6a:6a:44:53:61:41:4b:38:4b:62:4c:37:63:74:6f:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:31.975857000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494431.975857000", + "frame.time_delta": "0.112731000", + "frame.time_delta_displayed": "0.112731000", + "frame.time_relative": "840.515171000", + "frame.number": "3080", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:31.992273000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494431.992273000", + "frame.time_delta": "0.016416000", + "frame.time_delta_displayed": "0.016416000", + "frame.time_relative": "840.531587000", + "frame.number": "3081", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:31.999563000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494431.999563000", + "frame.time_delta": "0.007290000", + "frame.time_delta_displayed": "0.007290000", + "frame.time_relative": "840.538877000", + "frame.number": "3082", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008dd1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000fd09", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35300", + "tcp.port": "80", + "tcp.port": "35300", + "tcp.stream": "131", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00005c16", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3079", + "tcp.analysis.ack_rtt": "0.136437000", + "tcp.analysis.initial_rtt": "0.135994000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:32.000366000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494432.000366000", + "frame.time_delta": "0.000803000", + "frame.time_delta_displayed": "0.000803000", + "frame.time_relative": "840.539680000", + "frame.number": "3083", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x00007508", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bbf3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35300", + "tcp.dstport": "80", + "tcp.port": "35300", + "tcp.port": "80", + "tcp.stream": "131", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000f9e1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.135994000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "fa:cd:b8:e8:59:a2:00:2d:1b:93:7f:e0:e0:d9:02:57:a1:cb:54:c8:17:16:59:a1:c4:5d:8f:ad:7c:5d:8a:35:c5:bc:0a:8b:6c:ad:be:2f:91:30:10:f9:fd:28:ae:fb:08:ee:29:93:bb:e4:ef:57:21:42:ef:bb:2f:cf:fd:1d:ae:4e:45:f7:b7:e6:20:b0:80:92:8f:ed:58:78:62:6c:cc:b3:8b:e9:2b:e4:f5:09:e1:93:a8:e0:13:02:cf:b5:95:7b:e2:87:bb:d5:b8:c8:89:68:4e:ed:21:72:02:e2:5b:93:3b:32:fc:9d:5e:a8:d7:95:fa:6b:1d:5a:66:00:73:36:d0:35:6d:be:b6:7d:77:32:0a:ff:c0:e9:40:2e:1d:c4:92:33:fb:4a:58:1c:ac:fb:81:e2:43:42:b7:e9:c2:e1:b8:0e:e5:59:77:09:f4:6b:72:5f:70:e3:cb:1a:9c:27:27:cd:a0:c4:fc:8e:ad:4a:0e:72:39:bd:49:55:34:4c:b7:e6:95:ae:19:91:3c:e2:b7:4c:0e:d7:cf:6b:2c:df:cf:8b:36:87:5f:b9:b2:64:2c:98:d4:37:6a:a7:e0:44:4b:d2:d7:5f:02:b7:a2:57:7f:58:2e:e4:98:3f:57:29:ad:cd:c9:1b:bc:97:b1:33:39:b5:3f:fc:37:4e:bd:46:21:48:90:24:68:fa:01:31:9b:4f:5d:d0:ea:4a:cc:8f:88:9b:2a:58:27:95:9c:68:0b:6a:6a:07:65:63:1a:b3:97:a9:3e:fb:40:6f:b2:60:aa:fb:9c:91:bf:70:f6:1f:49:53:c5:7f:eb:34:99:a2:a6:83:4f:ac:dc:82:a6:74:dd:11:c3:a4:55:62:d4:a6:6f:b7:60:6b:8e:b4:e2:44:63:a0:61:7e:90:cb:41:b1:f3:3f:cc:56:bb:dc:39:c0:1d:0f:37:1e:1e:2b:12:70:d2:c0:4f:49:23:02:59:ad:5e:51:0c:ac:f4:2b:ef:1b:c1:ea:3a:98:2f:a9:75:b4:48:6f:7f:79:9a:09:0b:ed:42:17:2e:f7:79:a9:b1:10:97:0f:bf:3e:36:4e:22:b2:f7:8f:98:5e:c3:b2:f8:eb:92:20:68:dc:09:56:25:02:2e:1e:39:7b:50:63:84:e3:68:4c:27:12:35:86:1d:fe:e7:f1:02:60:95:c7:cb:c0:4f:2e:40:dd:42:04:cc:df:5e:f8:ec:4d:0f:39:8b:00:d8:68:f9:fa:72:1b:fb:fa:7d:40:12:b8:83:cd:55:68:28:80:34:21:56:fc:69:ac:30:9d:e0:38:5d:01:3c:cf:de:e2:c4:97:e4:5d:bb:13:31:9c:68:b8:66:1a:e5:50:34:3a:aa:ac:27:bd:63:88:d2:c6:a8:53:79:72:3f:df:e3:93:09:c1:de:8b:c5:d5:8d:89:ec:a6:3c:73:e1:e5:e4:b1:41:2e:9c:ed:1f:59:77:75:ad:db:b7:19:5e:5a:dd:31:97:4c:00:31:3e:b6:ba:28:0d:f4:f7:a1:85:15:c0:79:a9:e3:ae:8b:9a:c5:bd:85:f4:7b:3e:70:79:b5:89:8b:1b:d8:64:b2:61:68:00:34:34:c2:b3:5d:c6:85:61:78:a5:47:a0:b0:b9:81:12:a4:2b:63:10:cf:ce:3e:88:37:50:52:4c:8a:d6:fe:80:c9:6e:b8:dd:fb:d5:06:ca:61:fa:af:d1:04:b5:48:65:8b:d7:bf:a5:6a:ee:7d:a4:79:21:c5:49:36:0b:de:35:c1:20:86:ec:2b:e1:a5:d8:25:84:d7:1e:09:41:72:f3:6e:c7:7e:b1:bb:4d:87:72:bb:31:3d:7f:c4:2d:39:9f:79:c2:6f:76:c6:84:eb:41:9f:53:bc:99:2a:4a:fd:ac:d0:bc:73:43:84:61:11:06:6c:77:75:b6:df:a3:ab:ce:ae:c4:0b:a2:54:4c:3f:5b:e4:34:0d:d5:f3:15:af:e6:7e:c0:bd:3f:3c:e6:66:14:d8:5b:69:b0:94:d2:9c:75:86:28:82:40:5b:88:9f:bc:9c:56:b1:72:9e:48:b1:55:29:62:5e:b2:2d:c1:a3:27:af:a1:be:63:f9:b0:42:50:0d:c9:69:c8:21:b1:2b:99:f4:41:7f:b8:c8:a1:f1:96:60:35:b4:d5:29:90:0a:88:d9:ac:12:10:de:81:a1:a9:9c:3b:88:2f:e4:26:57:3b:ce:01:5f:2e:07:da:78:a8:59:e4:b2:b2:91:7f:3f:99:f6:90:e3:8f:5b:d9:e3:2b:6a:e1:e1:34:c3:c9:52:1d:b8:6e:48:47:fd:cd:ec:96:e1:49:71:d4:c4:97:35:16:e8:00:19:f9:58:dd:8d:0a:f4:cb:9a:e6:34:f9:e5:8c:53:09:ae:f9:7d:f1:2c:38:8c:8d:12:66:f9:57:68:dc:a5:a2:69:15:8b:e5:a3:95:f0:71:18:ef:d0:ef:33:c3:1e:16:ca:7b:6c:30:80:11:df:ec:3a:df:4e:d9:02:16:a6:df:8a:fa:05:fb:ca:1e:e8:cc:58:58:2c:10:04:a5:6d:b2:fa:ab:f6:c2:f8:50:7b:a8:8a:01:27:e5:89:fd:f6:ea:56:87:c4:b3:fa:9e:79:c7:dd:d0:e7:ad:6f:32:79:a4:59:c8:49:1b:83:ce:96:95:2e:78:13:eb:ca:e2:5e:65:86:cf:ae:85:1c:f0:6d:be:5e:6a:13:32:e8:53:7f:2a:2c:4a:78:47:be:eb:7e:9a:2d:00:75:57:0d:b5:0f:75:2c:7c:0c:87:a2:dc:67:de:1b:53:e2:d5:3e:37:56:55:f3:f5:3f:ac:56:77:2f:57:0a:8e:d6:30:78:13:c9:8e:ab:92:46:01:d1:2a:ad:48:81:ff:df:78:7b:c0:9a:84:14:7c:71:ee:38:eb:7b:be:28:75:e0:e7:d5:5d:49:87:a0:12:cd:84:12:bf:6f:ef:8c:56:15:37:6f:6e:b3:4a:2a:d0:b4:06:be:6b:02:03:b4:79:53:fa:59:ff:69:a3:3e:ca:a3:de:e9:e3:d4:e9:2d:33:9a:2a:eb:28:36:df:07:fb:8a:e6:8f:d3:ea:c8:83:67:f1:9e:15:cf:3d:6c:c2:b6:b3:9b:80:57:d8:75:6d:c5:45:26:56:0b:98:9d:65:f7:6a:ef:0a:c4:a5:09:74:b6:44:63:95:50:79:21:3a:3c:68:26:9f:14:02:19:2a:3f:cd:e8:24:16:30:05:2c:23:be:9f:ff:f7:d0:65:84:df:84:87:bc:19:06:47:a5:1e:70:79:86:f7:cc:b4:c5:4d:79" + }, + "tcp.segments": { + "tcp.segment": "3079", + "tcp.segment": "3083", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:39:22:2c:20:4e:6f:6e:63:65:3d:22:32:68:68:55:33:6e:65:6d:4d:48:75:37:49:4e:55:49:70:63:79:71:38:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:4f:2f:50:44:65:48:6a:6a:44:53:61:41:4b:38:4b:62:4c:37:63:74:6f:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:fa:cd:b8:e8:59:a2:00:2d:1b:93:7f:e0:e0:d9:02:57:a1:cb:54:c8:17:16:59:a1:c4:5d:8f:ad:7c:5d:8a:35:c5:bc:0a:8b:6c:ad:be:2f:91:30:10:f9:fd:28:ae:fb:08:ee:29:93:bb:e4:ef:57:21:42:ef:bb:2f:cf:fd:1d:ae:4e:45:f7:b7:e6:20:b0:80:92:8f:ed:58:78:62:6c:cc:b3:8b:e9:2b:e4:f5:09:e1:93:a8:e0:13:02:cf:b5:95:7b:e2:87:bb:d5:b8:c8:89:68:4e:ed:21:72:02:e2:5b:93:3b:32:fc:9d:5e:a8:d7:95:fa:6b:1d:5a:66:00:73:36:d0:35:6d:be:b6:7d:77:32:0a:ff:c0:e9:40:2e:1d:c4:92:33:fb:4a:58:1c:ac:fb:81:e2:43:42:b7:e9:c2:e1:b8:0e:e5:59:77:09:f4:6b:72:5f:70:e3:cb:1a:9c:27:27:cd:a0:c4:fc:8e:ad:4a:0e:72:39:bd:49:55:34:4c:b7:e6:95:ae:19:91:3c:e2:b7:4c:0e:d7:cf:6b:2c:df:cf:8b:36:87:5f:b9:b2:64:2c:98:d4:37:6a:a7:e0:44:4b:d2:d7:5f:02:b7:a2:57:7f:58:2e:e4:98:3f:57:29:ad:cd:c9:1b:bc:97:b1:33:39:b5:3f:fc:37:4e:bd:46:21:48:90:24:68:fa:01:31:9b:4f:5d:d0:ea:4a:cc:8f:88:9b:2a:58:27:95:9c:68:0b:6a:6a:07:65:63:1a:b3:97:a9:3e:fb:40:6f:b2:60:aa:fb:9c:91:bf:70:f6:1f:49:53:c5:7f:eb:34:99:a2:a6:83:4f:ac:dc:82:a6:74:dd:11:c3:a4:55:62:d4:a6:6f:b7:60:6b:8e:b4:e2:44:63:a0:61:7e:90:cb:41:b1:f3:3f:cc:56:bb:dc:39:c0:1d:0f:37:1e:1e:2b:12:70:d2:c0:4f:49:23:02:59:ad:5e:51:0c:ac:f4:2b:ef:1b:c1:ea:3a:98:2f:a9:75:b4:48:6f:7f:79:9a:09:0b:ed:42:17:2e:f7:79:a9:b1:10:97:0f:bf:3e:36:4e:22:b2:f7:8f:98:5e:c3:b2:f8:eb:92:20:68:dc:09:56:25:02:2e:1e:39:7b:50:63:84:e3:68:4c:27:12:35:86:1d:fe:e7:f1:02:60:95:c7:cb:c0:4f:2e:40:dd:42:04:cc:df:5e:f8:ec:4d:0f:39:8b:00:d8:68:f9:fa:72:1b:fb:fa:7d:40:12:b8:83:cd:55:68:28:80:34:21:56:fc:69:ac:30:9d:e0:38:5d:01:3c:cf:de:e2:c4:97:e4:5d:bb:13:31:9c:68:b8:66:1a:e5:50:34:3a:aa:ac:27:bd:63:88:d2:c6:a8:53:79:72:3f:df:e3:93:09:c1:de:8b:c5:d5:8d:89:ec:a6:3c:73:e1:e5:e4:b1:41:2e:9c:ed:1f:59:77:75:ad:db:b7:19:5e:5a:dd:31:97:4c:00:31:3e:b6:ba:28:0d:f4:f7:a1:85:15:c0:79:a9:e3:ae:8b:9a:c5:bd:85:f4:7b:3e:70:79:b5:89:8b:1b:d8:64:b2:61:68:00:34:34:c2:b3:5d:c6:85:61:78:a5:47:a0:b0:b9:81:12:a4:2b:63:10:cf:ce:3e:88:37:50:52:4c:8a:d6:fe:80:c9:6e:b8:dd:fb:d5:06:ca:61:fa:af:d1:04:b5:48:65:8b:d7:bf:a5:6a:ee:7d:a4:79:21:c5:49:36:0b:de:35:c1:20:86:ec:2b:e1:a5:d8:25:84:d7:1e:09:41:72:f3:6e:c7:7e:b1:bb:4d:87:72:bb:31:3d:7f:c4:2d:39:9f:79:c2:6f:76:c6:84:eb:41:9f:53:bc:99:2a:4a:fd:ac:d0:bc:73:43:84:61:11:06:6c:77:75:b6:df:a3:ab:ce:ae:c4:0b:a2:54:4c:3f:5b:e4:34:0d:d5:f3:15:af:e6:7e:c0:bd:3f:3c:e6:66:14:d8:5b:69:b0:94:d2:9c:75:86:28:82:40:5b:88:9f:bc:9c:56:b1:72:9e:48:b1:55:29:62:5e:b2:2d:c1:a3:27:af:a1:be:63:f9:b0:42:50:0d:c9:69:c8:21:b1:2b:99:f4:41:7f:b8:c8:a1:f1:96:60:35:b4:d5:29:90:0a:88:d9:ac:12:10:de:81:a1:a9:9c:3b:88:2f:e4:26:57:3b:ce:01:5f:2e:07:da:78:a8:59:e4:b2:b2:91:7f:3f:99:f6:90:e3:8f:5b:d9:e3:2b:6a:e1:e1:34:c3:c9:52:1d:b8:6e:48:47:fd:cd:ec:96:e1:49:71:d4:c4:97:35:16:e8:00:19:f9:58:dd:8d:0a:f4:cb:9a:e6:34:f9:e5:8c:53:09:ae:f9:7d:f1:2c:38:8c:8d:12:66:f9:57:68:dc:a5:a2:69:15:8b:e5:a3:95:f0:71:18:ef:d0:ef:33:c3:1e:16:ca:7b:6c:30:80:11:df:ec:3a:df:4e:d9:02:16:a6:df:8a:fa:05:fb:ca:1e:e8:cc:58:58:2c:10:04:a5:6d:b2:fa:ab:f6:c2:f8:50:7b:a8:8a:01:27:e5:89:fd:f6:ea:56:87:c4:b3:fa:9e:79:c7:dd:d0:e7:ad:6f:32:79:a4:59:c8:49:1b:83:ce:96:95:2e:78:13:eb:ca:e2:5e:65:86:cf:ae:85:1c:f0:6d:be:5e:6a:13:32:e8:53:7f:2a:2c:4a:78:47:be:eb:7e:9a:2d:00:75:57:0d:b5:0f:75:2c:7c:0c:87:a2:dc:67:de:1b:53:e2:d5:3e:37:56:55:f3:f5:3f:ac:56:77:2f:57:0a:8e:d6:30:78:13:c9:8e:ab:92:46:01:d1:2a:ad:48:81:ff:df:78:7b:c0:9a:84:14:7c:71:ee:38:eb:7b:be:28:75:e0:e7:d5:5d:49:87:a0:12:cd:84:12:bf:6f:ef:8c:56:15:37:6f:6e:b3:4a:2a:d0:b4:06:be:6b:02:03:b4:79:53:fa:59:ff:69:a3:3e:ca:a3:de:e9:e3:d4:e9:2d:33:9a:2a:eb:28:36:df:07:fb:8a:e6:8f:d3:ea:c8:83:67:f1:9e:15:cf:3d:6c:c2:b6:b3:9b:80:57:d8:75:6d:c5:45:26:56:0b:98:9d:65:f7:6a:ef:0a:c4:a5:09:74:b6:44:63:95:50:79:21:3a:3c:68:26:9f:14:02:19:2a:3f:cd:e8:24:16:30:05:2c:23:be:9f:ff:f7:d0:65:84:df:84:87:bc:19:06:47:a5:1e:70:79:86:f7:cc:b4:c5:4d:79" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"189\", Nonce=\"2hhU3nemMHu7INUIpcyq8g==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"O\/PDeHjjDSaAK8KbL7ctoA==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"189\", Nonce=\"2hhU3nemMHu7INUIpcyq8g==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"O\/PDeHjjDSaAK8KbL7ctoA==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdY\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "fa:cd:b8:e8:59:a2:00:2d:1b:93:7f:e0:e0:d9:02:57:a1:cb:54:c8:17:16:59:a1:c4:5d:8f:ad:7c:5d:8a:35:c5:bc:0a:8b:6c:ad:be:2f:91:30:10:f9:fd:28:ae:fb:08:ee:29:93:bb:e4:ef:57:21:42:ef:bb:2f:cf:fd:1d:ae:4e:45:f7:b7:e6:20:b0:80:92:8f:ed:58:78:62:6c:cc:b3:8b:e9:2b:e4:f5:09:e1:93:a8:e0:13:02:cf:b5:95:7b:e2:87:bb:d5:b8:c8:89:68:4e:ed:21:72:02:e2:5b:93:3b:32:fc:9d:5e:a8:d7:95:fa:6b:1d:5a:66:00:73:36:d0:35:6d:be:b6:7d:77:32:0a:ff:c0:e9:40:2e:1d:c4:92:33:fb:4a:58:1c:ac:fb:81:e2:43:42:b7:e9:c2:e1:b8:0e:e5:59:77:09:f4:6b:72:5f:70:e3:cb:1a:9c:27:27:cd:a0:c4:fc:8e:ad:4a:0e:72:39:bd:49:55:34:4c:b7:e6:95:ae:19:91:3c:e2:b7:4c:0e:d7:cf:6b:2c:df:cf:8b:36:87:5f:b9:b2:64:2c:98:d4:37:6a:a7:e0:44:4b:d2:d7:5f:02:b7:a2:57:7f:58:2e:e4:98:3f:57:29:ad:cd:c9:1b:bc:97:b1:33:39:b5:3f:fc:37:4e:bd:46:21:48:90:24:68:fa:01:31:9b:4f:5d:d0:ea:4a:cc:8f:88:9b:2a:58:27:95:9c:68:0b:6a:6a:07:65:63:1a:b3:97:a9:3e:fb:40:6f:b2:60:aa:fb:9c:91:bf:70:f6:1f:49:53:c5:7f:eb:34:99:a2:a6:83:4f:ac:dc:82:a6:74:dd:11:c3:a4:55:62:d4:a6:6f:b7:60:6b:8e:b4:e2:44:63:a0:61:7e:90:cb:41:b1:f3:3f:cc:56:bb:dc:39:c0:1d:0f:37:1e:1e:2b:12:70:d2:c0:4f:49:23:02:59:ad:5e:51:0c:ac:f4:2b:ef:1b:c1:ea:3a:98:2f:a9:75:b4:48:6f:7f:79:9a:09:0b:ed:42:17:2e:f7:79:a9:b1:10:97:0f:bf:3e:36:4e:22:b2:f7:8f:98:5e:c3:b2:f8:eb:92:20:68:dc:09:56:25:02:2e:1e:39:7b:50:63:84:e3:68:4c:27:12:35:86:1d:fe:e7:f1:02:60:95:c7:cb:c0:4f:2e:40:dd:42:04:cc:df:5e:f8:ec:4d:0f:39:8b:00:d8:68:f9:fa:72:1b:fb:fa:7d:40:12:b8:83:cd:55:68:28:80:34:21:56:fc:69:ac:30:9d:e0:38:5d:01:3c:cf:de:e2:c4:97:e4:5d:bb:13:31:9c:68:b8:66:1a:e5:50:34:3a:aa:ac:27:bd:63:88:d2:c6:a8:53:79:72:3f:df:e3:93:09:c1:de:8b:c5:d5:8d:89:ec:a6:3c:73:e1:e5:e4:b1:41:2e:9c:ed:1f:59:77:75:ad:db:b7:19:5e:5a:dd:31:97:4c:00:31:3e:b6:ba:28:0d:f4:f7:a1:85:15:c0:79:a9:e3:ae:8b:9a:c5:bd:85:f4:7b:3e:70:79:b5:89:8b:1b:d8:64:b2:61:68:00:34:34:c2:b3:5d:c6:85:61:78:a5:47:a0:b0:b9:81:12:a4:2b:63:10:cf:ce:3e:88:37:50:52:4c:8a:d6:fe:80:c9:6e:b8:dd:fb:d5:06:ca:61:fa:af:d1:04:b5:48:65:8b:d7:bf:a5:6a:ee:7d:a4:79:21:c5:49:36:0b:de:35:c1:20:86:ec:2b:e1:a5:d8:25:84:d7:1e:09:41:72:f3:6e:c7:7e:b1:bb:4d:87:72:bb:31:3d:7f:c4:2d:39:9f:79:c2:6f:76:c6:84:eb:41:9f:53:bc:99:2a:4a:fd:ac:d0:bc:73:43:84:61:11:06:6c:77:75:b6:df:a3:ab:ce:ae:c4:0b:a2:54:4c:3f:5b:e4:34:0d:d5:f3:15:af:e6:7e:c0:bd:3f:3c:e6:66:14:d8:5b:69:b0:94:d2:9c:75:86:28:82:40:5b:88:9f:bc:9c:56:b1:72:9e:48:b1:55:29:62:5e:b2:2d:c1:a3:27:af:a1:be:63:f9:b0:42:50:0d:c9:69:c8:21:b1:2b:99:f4:41:7f:b8:c8:a1:f1:96:60:35:b4:d5:29:90:0a:88:d9:ac:12:10:de:81:a1:a9:9c:3b:88:2f:e4:26:57:3b:ce:01:5f:2e:07:da:78:a8:59:e4:b2:b2:91:7f:3f:99:f6:90:e3:8f:5b:d9:e3:2b:6a:e1:e1:34:c3:c9:52:1d:b8:6e:48:47:fd:cd:ec:96:e1:49:71:d4:c4:97:35:16:e8:00:19:f9:58:dd:8d:0a:f4:cb:9a:e6:34:f9:e5:8c:53:09:ae:f9:7d:f1:2c:38:8c:8d:12:66:f9:57:68:dc:a5:a2:69:15:8b:e5:a3:95:f0:71:18:ef:d0:ef:33:c3:1e:16:ca:7b:6c:30:80:11:df:ec:3a:df:4e:d9:02:16:a6:df:8a:fa:05:fb:ca:1e:e8:cc:58:58:2c:10:04:a5:6d:b2:fa:ab:f6:c2:f8:50:7b:a8:8a:01:27:e5:89:fd:f6:ea:56:87:c4:b3:fa:9e:79:c7:dd:d0:e7:ad:6f:32:79:a4:59:c8:49:1b:83:ce:96:95:2e:78:13:eb:ca:e2:5e:65:86:cf:ae:85:1c:f0:6d:be:5e:6a:13:32:e8:53:7f:2a:2c:4a:78:47:be:eb:7e:9a:2d:00:75:57:0d:b5:0f:75:2c:7c:0c:87:a2:dc:67:de:1b:53:e2:d5:3e:37:56:55:f3:f5:3f:ac:56:77:2f:57:0a:8e:d6:30:78:13:c9:8e:ab:92:46:01:d1:2a:ad:48:81:ff:df:78:7b:c0:9a:84:14:7c:71:ee:38:eb:7b:be:28:75:e0:e7:d5:5d:49:87:a0:12:cd:84:12:bf:6f:ef:8c:56:15:37:6f:6e:b3:4a:2a:d0:b4:06:be:6b:02:03:b4:79:53:fa:59:ff:69:a3:3e:ca:a3:de:e9:e3:d4:e9:2d:33:9a:2a:eb:28:36:df:07:fb:8a:e6:8f:d3:ea:c8:83:67:f1:9e:15:cf:3d:6c:c2:b6:b3:9b:80:57:d8:75:6d:c5:45:26:56:0b:98:9d:65:f7:6a:ef:0a:c4:a5:09:74:b6:44:63:95:50:79:21:3a:3c:68:26:9f:14:02:19:2a:3f:cd:e8:24:16:30:05:2c:23:be:9f:ff:f7:d0:65:84:df:84:87:bc:19:06:47:a5:1e:70:79:86:f7:cc:b4:c5:4d:79" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:32.007024000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494432.007024000", + "frame.time_delta": "0.006658000", + "frame.time_delta_displayed": "0.006658000", + "frame.time_relative": "840.546338000", + "frame.number": "3084", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:32.082972000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494432.082972000", + "frame.time_delta": "0.075948000", + "frame.time_delta_displayed": "0.075948000", + "frame.time_relative": "840.622286000", + "frame.number": "3085", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:32.136135000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494432.136135000", + "frame.time_delta": "0.053163000", + "frame.time_delta_displayed": "0.053163000", + "frame.time_relative": "840.675449000", + "frame.number": "3086", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cfb2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000bb28", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35300", + "tcp.port": "80", + "tcp.port": "35300", + "tcp.stream": "131", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00005256", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3083", + "tcp.analysis.ack_rtt": "0.135769000", + "tcp.analysis.initial_rtt": "0.135994000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:32.180063000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494432.180063000", + "frame.time_delta": "0.043928000", + "frame.time_delta_displayed": "0.043928000", + "frame.time_relative": "840.719377000", + "frame.number": "3087", + "frame.len": "925", + "frame.cap_len": "925", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "911", + "ip.id": "0x0000e374", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000a3ff", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35300", + "tcp.port": "80", + "tcp.port": "35300", + "tcp.stream": "131", + "tcp.len": "871", + "tcp.seq": "1", + "tcp.nxtseq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000a4ff", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.135994000", + "tcp.analysis.bytes_in_flight": "871", + "tcp.analysis.push_bytes_sent": "871" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_length_header": "560", + "http.content_length_header_tree": { + "http.content_length": "560" + }, + "http.response.line": "Content-Length: 560\r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Nonce=\"5r6Va8g415G7INUIHtzlsw==\"", + "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"5r6Va8g415G7INUIHtzlsw==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Wed, 01 Nov 2017 00:00:31 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:00:31 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.179697000", + "http.request_in": "3083", + "http.file_data": "\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdY\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "fa:cd:b8:e8:59:a2:00:2d:1b:93:7f:e0:e0:d9:02:57:a1:cb:54:c8:17:16:59:a1:c4:5d:8f:ad:7c:5d:8a:35:1c:c1:92:7d:11:47:c2:5b:84:9e:55:c7:cf:7c:3e:f3:d3:b4:f1:54:a4:6e:57:9e:9c:16:32:21:65:7a:fc:c8:60:fe:69:ad:5c:f0:25:59:6c:02:30:d8:4f:0c:87:c4:40:8e:4b:1c:de:00:d4:48:01:c0:69:51:83:73:a1:3e:da:98:f5:6b:fa:e8:25:a5:aa:0a:ac:71:b4:3f:13:f1:b2:6b:6b:87:cc:fd:1e:82:3c:56:ea:51:ff:c0:e5:b8:20:21:f3:2c:bb:0b:39:fc:70:e7:31:5f:60:b3:66:4e:5e:63:59:a7:d8:2a:4a:e9:9a:b0:5e:20:14:81:58:7d:c0:ff:a6:88:40:75:aa:c1:59:ee:7e:4b:1c:b9:27:35:1e:f8:3f:3b:d7:e3:01:82:74:9a:0a:94:d7:9d:1a:96:b2:4e:f2:3d:34:b7:a2:e8:89:ec:fb:19:4c:8a:97:16:2d:07:ef:8d:38:8e:f4:5a:65:ef:14:e8:3d:5d:63:ba:aa:7a:74:b0:b2:46:11:79:84:65:5c:e3:ef:fd:1f:29:f9:28:58:91:a0:73:1e:64:d1:44:5d:39:18:fa:f9:d1:92:aa:ee:6f:ed:69:3d:55:05:a5:44:63:5c:6d:57:bc:6f:9b:f6:bc:e1:88:f0:74:09:a6:09:07:b7:c3:77:ac:37:f1:fb:ab:b8:14:97:02:53:0b:27:27:f8:7a:26:14:2c:4d:db:db:32:ed:01:a7:ff:93:7f:dd:2e:11:79:59:e8:f7:44:38:5a:e6:8d:88:8b:4c:dd:e4:c2:97:73:04:d2:c4:38:23:7e:93:dc:6c:7c:39:be:e6:fd:85:4f:3e:1e:b3:ea:a2:f1:15:2d:b8:8d:9d:87:62:48:1d:c8:6d:11:e0:52:40:db:41:fa:9f:0a:61:09:b2:14:f3:6d:1f:e4:73:e3:f0:e9:1a:c7:2e:6f:4b:75:93:99:c9:04:c4:d4:f5:26:c6:af:33:4c:a0:66:ea:5c:f5:46:b2:ef:c8:86:8a:81:f9:7e:0d:94:26:18:d9:5e:61:d0:19:08:4f:0e:0e:1e:24:b9:f1:41:29:21:da:9a:17:0c:22:2c:b0:09:7b:16:74:b7:5f:f0:c4:03:fa:2a:64:66:e3:b4:be:9f:9e:46:e1:11:15:ac:96:9f:a8:4d:af:20:17:ad:6d:47:50:2e:f5:97:7e:6a:a1:fa:83:5c:31:0d:d9:92:86:3b:8f:5d:62:c4:88:e4:0b:65:7b:6d:f4:69:66:c6:74:e9:29:8d:a4:1a:33:85:b1:b0:fd:1d:97:42:b6:72:6f:97:6e:74:a0:b3:e9:51:6b:de:e2:0c:24:09:e7:a7:88:4f:0c:f3:45:78:34:c1:30:f3:39:1f:a2:bf:fc:85:d6" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:32.180155000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494432.180155000", + "frame.time_delta": "0.000092000", + "frame.time_delta_displayed": "0.000092000", + "frame.time_relative": "840.719469000", + "frame.number": "3088", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e376", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000a764", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35300", + "tcp.port": "80", + "tcp.port": "35300", + "tcp.stream": "131", + "tcp.len": "0", + "tcp.seq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00004eee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:32.180625000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494432.180625000", + "frame.time_delta": "0.000470000", + "frame.time_delta_displayed": "0.000470000", + "frame.time_relative": "840.719939000", + "frame.number": "3089", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007509", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c0d2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35300", + "tcp.dstport": "80", + "tcp.port": "35300", + "tcp.port": "80", + "tcp.stream": "131", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "872", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000ef3d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3087", + "tcp.analysis.ack_rtt": "0.000562000", + "tcp.analysis.initial_rtt": "0.135994000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:32.181359000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494432.181359000", + "frame.time_delta": "0.000734000", + "frame.time_delta_displayed": "0.000734000", + "frame.time_relative": "840.720673000", + "frame.number": "3090", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000750a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c0d1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35300", + "tcp.dstport": "80", + "tcp.port": "35300", + "tcp.port": "80", + "tcp.stream": "131", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "873", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000ef3b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3088", + "tcp.analysis.ack_rtt": "0.001204000", + "tcp.analysis.initial_rtt": "0.135994000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:32.316603000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494432.316603000", + "frame.time_delta": "0.135244000", + "frame.time_delta_displayed": "0.135244000", + "frame.time_relative": "840.855917000", + "frame.number": "3091", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002295", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00006846", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35300", + "tcp.port": "80", + "tcp.port": "35300", + "tcp.stream": "131", + "tcp.len": "0", + "tcp.seq": "873", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00004eed", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3090", + "tcp.analysis.ack_rtt": "0.135244000", + "tcp.analysis.initial_rtt": "0.135994000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:32.440467000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494432.440467000", + "frame.time_delta": "0.123864000", + "frame.time_delta_displayed": "0.123864000", + "frame.time_relative": "840.979781000", + "frame.number": "3092", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:32.440916000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494432.440916000", + "frame.time_delta": "0.000449000", + "frame.time_delta_displayed": "0.000449000", + "frame.time_relative": "840.980230000", + "frame.number": "3093", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:33.780258000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494433.780258000", + "frame.time_delta": "1.339342000", + "frame.time_delta_displayed": "1.339342000", + "frame.time_relative": "842.319572000", + "frame.number": "3094", + "frame.len": "353", + "frame.cap_len": "353", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "339", + "ip.id": "0x00002c6f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037f1", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "287", + "tcp.seq": "7105", + "tcp.nxtseq": "7392", + "tcp.ack": "30290", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001f9e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:31:e9:00:25:f7:a6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812162537, TSecr 2488230": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812162537", + "tcp.options.timestamp.tsecr": "2488230" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "287", + "tcp.analysis.push_bytes_sent": "287" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "282", + "ssl.app_data": "34:cd:34:17:47:48:0e:61:1e:e7:94:6d:71:32:11:d6:ff:d4:63:a3:08:4a:e4:db:d3:7a:eb:a5:0e:22:05:db:16:50:56:86:bd:d1:1d:4b:7b:5b:7b:68:ed:96:02:f4:0d:ae:51:cc:a8:6b:0d:b5:54:30:bf:9c:c6:91:3b:9f:24:aa:ea:b2:5d:21:e6:74:d0:64:d1:a5:de:89:cf:77:19:99:26:39:2b:f7:3d:8d:24:98:21:ff:bc:5c:e6:d1:6d:2f:ef:b2:84:e3:1f:2e:1d:89:b5:50:57:a3:ea:1b:fe:7e:22:99:31:8f:f9:ff:f6:c8:e8:25:d0:37:11:66:79:43:0b:5d:64:1d:44:45:28:65:39:45:fb:77:c6:cb:80:a4:18:63:cd:82:60:5c:75:d7:08:97:cd:a1:47:4c:7d:80:90:6d:e1:4a:54:3a:2e:46:6c:4f:f8:ac:f1:f2:7a:77:5c:f7:84:c3:ec:f2:e8:6d:2c:3f:f1:87:36:ca:aa:ad:0a:29:82:17:75:aa:01:90:b5:66:79:ef:25:68:d6:3f:45:18:3f:3a:6a:ad:3d:cc:66:72:bb:ba:d7:b0:ac:e6:7b:30:3c:c2:7a:dc:04:6c:c0:53:e4:c4:fa:ac:64:c9:fe:15:7c:01:7a:18:5f:d6:5f:ee:4f:92:24:40:f8:5f:0e:4d:e5:39:d6:14:b5:60:b8:b0:39:bd:fe:62:c5:07:84:77:25:13:83:a7:f0:85" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:33.799636000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494433.799636000", + "frame.time_delta": "0.019378000", + "frame.time_delta_displayed": "0.019378000", + "frame.time_relative": "842.338950000", + "frame.number": "3095", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x00009578", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077d2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "30290", + "tcp.nxtseq": "30343", + "tcp.ack": "7392", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000be2c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:f9:f8:a7:9e:31:e9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2488824, TSecr 2812162537": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2488824", + "tcp.options.timestamp.tsecr": "2812162537" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3094", + "tcp.analysis.ack_rtt": "0.019378000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:21:d2:41:04:80:60:63:16:31:c4:1a:07:26:2d:d6:b3:73:27:64:15:f5:b4:87:e0:7d:66:a6:9e:aa:02:c3:9f:e5:28:12:2d:cb:02:11:34:db" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:33.859939000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494433.859939000", + "frame.time_delta": "0.060303000", + "frame.time_delta_displayed": "0.060303000", + "frame.time_relative": "842.399253000", + "frame.number": "3096", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c70", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000390f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "7392", + "tcp.ack": "30343", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e930", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:31:fd:00:25:f9:f8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812162557, TSecr 2488824": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812162557", + "tcp.options.timestamp.tsecr": "2488824" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3095", + "tcp.analysis.ack_rtt": "0.060303000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:33.860490000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494433.860490000", + "frame.time_delta": "0.000551000", + "frame.time_delta_displayed": "0.000551000", + "frame.time_relative": "842.399804000", + "frame.number": "3097", + "frame.len": "764", + "frame.cap_len": "764", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "750", + "ip.id": "0x00009579", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000754c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "698", + "tcp.seq": "30343", + "tcp.nxtseq": "31041", + "tcp.ack": "7392", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b5b3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:f9:fe:a7:9e:31:fd", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2488830, TSecr 2812162557": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2488830", + "tcp.options.timestamp.tsecr": "2812162557" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "698", + "tcp.analysis.push_bytes_sent": "698" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:22:55:ee:d5:4f:bb:8e:0a:29:f7:13:9a:26:f8:25:44:ee:99:7e:d2:bc:76:40:7a:02:81:cb:01:3d:ba:b2:0d:50:30:c6:ae:ea:9b:a5:2f:f1:dc" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:23:cc:b5:44:da:11:e0:2f:7f:b9:99:4b:3a:be:69:d8:e8:09:2b:c2:18:fd:4d:3f:c0:70:74:09:8c:10:a1:3d:b3:8a:bb:aa:b5:1d:65:43:02:5a:18:e3:65:64:8f:70:68:3b:60:af:c6:b2:40:dc:2d:42:e0:59:28:24:35:2b:41:37:20:f7:02:a7:5c:fd:d2:2a:e8:30:cc:95:91:ac:54:c8:7d:2f:6a:db:08:03:eb" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "538", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:24:c4:df:91:c8:a5:0c:0e:f8:a1:91:72:92:7b:19:70:ec:82:25:46:3a:f5:ff:ec:45:6b:42:9d:fd:81:74:9b:73:8f:b7:75:b0:c0:d7:91:5f:07:a9:17:51:7a:3f:8e:94:7e:fa:fc:e7:65:e2:87:7b:ec:f9:ea:e8:14:67:ff:dd:b4:80:3a:2e:40:0f:00:86:33:17:fa:d7:0e:84:cd:64:cc:3d:3b:24:fe:37:95:82:14:54:d5:8e:96:0b:ff:38:8c:0b:39:74:19:f0:10:33:1a:81:17:4b:d8:cb:0a:39:a3:e1:74:01:2c:02:11:5b:71:c0:1b:c4:09:8f:a8:12:9d:f3:63:22:21:98:93:ac:39:cb:be:4e:6c:cb:04:90:ca:90:bf:e8:55:e4:34:42:21:b6:74:04:e3:c4:a5:a2:cc:62:b5:59:2e:ef:3d:e7:d6:7c:36:0d:18:b3:05:95:3a:37:65:05:6a:13:72:ca:b5:b8:49:58:59:58:4a:a1:f5:04:8f:75:9d:14:b3:52:91:64:3a:5d:54:22:aa:40:eb:f6:d0:60:96:b9:3c:76:ef:3c:2f:4f:cd:d7:7f:ef:18:61:21:29:bc:7a:44:54:9c:e6:64:da:5d:65:ca:c0:d1:d4:e3:43:eb:71:c9:38:4f:37:28:58:f8:07:dc:9a:79:e4:b6:f0:ad:a8:da:26:c9:f7:56:e7:86:e4:39:68:fe:45:2b:0b:a0:72:88:01:d0:7d:8a:a2:57:01:06:10:bd:19:21:88:ff:57:22:f3:b4:28:50:57:dd:9a:fa:08:3a:95:a2:96:8a:5e:44:a9:b5:2f:77:bb:69:1f:20:7c:4e:7b:34:1e:26:54:f8:11:79:88:29:1f:e0:67:84:f8:4f:ea:0f:25:bd:72:fd:1c:c6:be:c6:77:17:c9:0d:58:f0:89:48:76:c4:5e:2b:b3:da:1b:81:35:6a:45:75:2f:cf:cc:d3:33:68:61:88:6f:3b:7b:ae:eb:29:c5:0d:72:1f:20:7c:e2:26:68:54:84:8b:e2:4c:0c:43:ae:bf:86:7f:00:04:bc:2a:a2:74:ed:12:5a:c9:e9:fa:e7:31:59:6c:34:2f:94:a7:be:15:1a:18:7a:61:b7:86:eb:b9:22:ae:97:b4:a2:d9:29:d8:b6:f2:1a:5b:74:cf:66:c9:f0:86:e9:34:31:78:04:bf:a7:71:14:93:68:c9:b6:b5:13:b9:78:66:de:d8:58:c8:7a:11:81:26:25:44:d3:0a:d5:60:d0:fb:70:3d:c3:68:4e:05:e7:4b:34:ce:de:db:77:a0:47:b1:47:82:6f:35:6b:a8:83:05:62:a5:3b:6d:61:ed:67:4f:d2:8f:20:7f:91:2e:a1:78:c9:f7:22:32:7f:6b:b1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:33.920742000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494433.920742000", + "frame.time_delta": "0.060252000", + "frame.time_delta_displayed": "0.060252000", + "frame.time_relative": "842.460056000", + "frame.number": "3098", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c71", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000390e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "7392", + "tcp.ack": "31041", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e661", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:32:0c:00:25:f9:fe", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812162572, TSecr 2488830": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812162572", + "tcp.options.timestamp.tsecr": "2488830" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3097", + "tcp.analysis.ack_rtt": "0.060252000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:34.194412000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494434.194412000", + "frame.time_delta": "0.273670000", + "frame.time_delta_displayed": "0.273670000", + "frame.time_relative": "842.733726000", + "frame.number": "3099", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x0000957a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077cf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "31041", + "tcp.nxtseq": "31095", + "tcp.ack": "7392", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000072aa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:fa:20:a7:9e:32:0c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2488864, TSecr 2812162572": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2488864", + "tcp.options.timestamp.tsecr": "2812162572" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:25:52:26:60:bf:ec:dc:54:3d:4e:27:70:a0:bf:d0:36:78:4c:08:47:76:13:38:5b:9f:5d:44:6e:f7:6d:7b:73:14:4f:d1:5a:4b:a9:7b:97:7b:05" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:34.254777000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494434.254777000", + "frame.time_delta": "0.060365000", + "frame.time_delta_displayed": "0.060365000", + "frame.time_relative": "842.794091000", + "frame.number": "3100", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c72", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000390d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "7392", + "tcp.ack": "31095", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e5b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:32:60:00:25:fa:20", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812162656, TSecr 2488864": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812162656", + "tcp.options.timestamp.tsecr": "2488864" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3099", + "tcp.analysis.ack_rtt": "0.060365000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:34.420152000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494434.420152000", + "frame.time_delta": "0.165375000", + "frame.time_delta_displayed": "0.165375000", + "frame.time_relative": "842.959466000", + "frame.number": "3101", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057f1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a6a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "281", + "tcp.ack": "253", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000004ab", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:34.564191000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494434.564191000", + "frame.time_delta": "0.144039000", + "frame.time_delta_displayed": "0.144039000", + "frame.time_relative": "843.103505000", + "frame.number": "3102", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fdf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdb2", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "253", + "tcp.ack": "282", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000f20", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:36.475551000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494436.475551000", + "frame.time_delta": "1.911360000", + "frame.time_delta_displayed": "1.911360000", + "frame.time_relative": "845.014865000", + "frame.number": "3103", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005c5b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005b8e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:36.730107000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494436.730107000", + "frame.time_delta": "0.254556000", + "frame.time_delta_displayed": "0.254556000", + "frame.time_relative": "845.269421000", + "frame.number": "3104", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:36.730503000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494436.730503000", + "frame.time_delta": "0.000396000", + "frame.time_delta_displayed": "0.000396000", + "frame.time_relative": "845.269817000", + "frame.number": "3105", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:37.188318000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494437.188318000", + "frame.time_delta": "0.457815000", + "frame.time_delta_displayed": "0.457815000", + "frame.time_relative": "845.727632000", + "frame.number": "3106", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:38.029215000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494438.029215000", + "frame.time_delta": "0.840897000", + "frame.time_delta_displayed": "0.840897000", + "frame.time_relative": "846.568529000", + "frame.number": "3107", + "frame.len": "354", + "frame.cap_len": "354", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "340", + "ip.id": "0x00002c73", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037ec", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "288", + "tcp.seq": "7392", + "tcp.nxtseq": "7680", + "tcp.ack": "31095", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000dbc3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:36:0f:00:25:fa:20", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812163599, TSecr 2488864": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812163599", + "tcp.options.timestamp.tsecr": "2488864" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "288", + "tcp.analysis.push_bytes_sent": "288" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "283", + "ssl.app_data": "34:cd:34:17:47:48:0e:62:3e:5a:63:1d:1b:13:6e:2a:f8:b8:2f:81:d1:46:c3:73:d9:da:71:9e:f3:52:97:22:f2:19:a0:d3:7a:39:e7:dd:03:fb:c1:9b:97:dd:a8:89:2f:79:8d:c8:31:93:5b:e0:3f:82:c0:c2:f5:2f:ad:08:91:04:3e:30:62:ae:8e:f5:41:75:12:1c:c1:ba:26:8a:5b:0f:14:8f:05:f3:9d:de:2e:ff:f3:48:fb:85:32:93:ec:d8:fb:0d:43:e6:5c:7d:f2:7c:fe:a2:e3:ed:31:ce:fe:95:d3:8d:38:dc:c5:53:a1:b2:10:d6:1b:41:a7:4a:4b:85:c5:c4:12:5a:99:8d:89:7e:a1:6f:87:c8:0c:5f:e6:61:b2:2c:c2:aa:c0:76:55:43:64:b5:9b:02:7e:06:1d:3b:1b:97:66:6e:76:dc:dc:30:20:2f:63:72:ba:62:34:c4:4e:f2:80:a2:64:41:e7:bd:67:e4:fb:ce:73:1c:11:d7:b2:0e:0f:38:41:30:9e:da:ce:0b:17:ae:c2:fe:bd:56:6d:75:50:de:82:f3:64:e4:50:65:6d:67:39:02:5f:f8:ba:73:d4:99:d3:e0:de:dd:77:2f:a8:fe:8c:a7:db:6c:cc:c7:c1:63:82:b4:d2:21:d9:79:0e:a0:9d:7e:85:dd:b3:58:62:a8:d3:f6:7c:6e:c4:52:a0:9a:0e:19:a9:45:dd:b3:08:d1:35:07:15:ff:38" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:38.050187000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494438.050187000", + "frame.time_delta": "0.020972000", + "frame.time_delta_displayed": "0.020972000", + "frame.time_relative": "846.589501000", + "frame.number": "3108", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x0000957b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077cf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "31095", + "tcp.nxtseq": "31148", + "tcp.ack": "7680", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000040ee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:fb:a1:a7:9e:36:0f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2489249, TSecr 2812163599": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2489249", + "tcp.options.timestamp.tsecr": "2812163599" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3107", + "tcp.analysis.ack_rtt": "0.020972000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:26:66:0f:ae:42:19:e4:7d:6e:77:95:e4:53:fb:83:0c:86:a9:49:67:b9:8b:fa:a6:fb:a1:11:2a:3d:4a:71:bb:6d:a3:6e:8b:68:10:e5:c6:f5" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:38.110120000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494438.110120000", + "frame.time_delta": "0.059933000", + "frame.time_delta_displayed": "0.059933000", + "frame.time_relative": "846.649434000", + "frame.number": "3109", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c74", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000390b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "7680", + "tcp.ack": "31148", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000df1b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:36:24:00:25:fb:a1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812163620, TSecr 2489249": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812163620", + "tcp.options.timestamp.tsecr": "2489249" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3108", + "tcp.analysis.ack_rtt": "0.059933000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:38.110597000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494438.110597000", + "frame.time_delta": "0.000477000", + "frame.time_delta_displayed": "0.000477000", + "frame.time_relative": "846.649911000", + "frame.number": "3110", + "frame.len": "765", + "frame.cap_len": "765", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "751", + "ip.id": "0x0000957c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007548", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "699", + "tcp.seq": "31148", + "tcp.nxtseq": "31847", + "tcp.ack": "7680", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009e6f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:fb:a7:a7:9e:36:24", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2489255, TSecr 2812163620": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2489255", + "tcp.options.timestamp.tsecr": "2812163620" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "699", + "tcp.analysis.push_bytes_sent": "699" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:27:43:38:b9:a8:4c:84:90:91:55:34:58:8e:b0:02:28:3a:03:e4:71:0e:d2:3b:84:bd:68:9b:22:6b:f1:ee:8a:ef:f2:72:74:03:ed:4b:9d:64:22" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:28:a8:79:b0:7d:7c:b7:db:3b:62:8b:d7:25:fe:cb:d7:00:8a:f2:54:e4:67:46:cc:96:c6:8d:83:aa:54:dc:fb:fe:3f:d1:86:e0:ad:49:7f:c7:3b:76:7f:ec:40:e3:5d:32:2b:c8:87:b3:2e:ff:06:c1:35:ae:e3:0a:43:d2:10:6c:da:26:4b:70:9c:43:c4:5e:97:b6:f8:da:7c:11:75:5e:92:1d:5d:34:ef:18:f6:96" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "539", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:29:ba:2a:1a:28:fc:c2:ac:59:b6:40:09:c0:70:dd:33:88:68:ab:fe:c1:b9:75:dd:7b:e5:40:9a:2a:4f:c6:9f:b1:a3:47:80:07:a6:4e:43:39:a5:b7:c0:6b:04:82:1c:2f:10:f9:58:cb:9c:a0:4a:29:cb:6a:62:ef:d3:ed:af:17:79:8f:a2:6c:40:69:16:5b:bb:e6:e1:9c:84:89:df:d8:fd:5a:60:ac:dd:77:82:64:41:a0:44:4c:75:8d:f0:bb:8d:85:88:0d:64:a5:c3:99:dc:09:15:91:42:e4:01:a9:9f:90:2f:67:29:1d:bd:c7:f2:12:9f:d2:e4:f1:dd:26:af:6e:2c:24:00:88:6d:59:4a:9b:60:5f:67:31:7c:c2:59:b5:48:54:e6:9c:01:72:9d:ee:48:c1:bd:9a:f1:70:64:80:10:17:e2:59:c6:50:71:d8:93:0a:ab:85:7e:3d:8c:fb:58:9e:38:9e:3c:9b:99:e5:03:50:cb:f6:cf:1c:18:3a:48:5f:cd:3d:78:c9:a6:e7:db:03:cd:02:6a:02:29:27:07:b5:44:17:8f:87:8a:84:85:19:60:e2:22:a8:ad:8d:d9:31:65:b7:a3:c5:94:b6:ed:67:91:ed:56:75:90:0b:f6:c7:60:ca:27:1b:0e:b4:c0:df:28:00:84:34:03:ee:4e:89:f2:80:ff:1b:d1:ed:42:cd:e7:9d:44:a1:a9:60:bb:5a:38:0e:c8:14:af:14:73:fd:7f:37:a2:3e:fe:d3:87:3d:c3:df:d9:8d:f6:fb:55:03:84:b8:f3:17:a4:6b:18:f5:bd:60:d5:d0:f6:10:bd:9e:96:12:6a:ce:98:00:2f:82:c6:78:66:18:de:46:f6:a6:20:ce:bb:f4:5a:c7:0d:d4:8e:6d:7f:0b:a9:2b:28:ca:ed:05:1e:cf:62:45:17:11:f3:05:48:8a:26:e1:b9:b6:6b:8f:fd:d3:b4:e1:3f:0b:64:89:be:d1:1c:45:a4:48:1e:a8:3d:b6:59:d6:55:32:de:3d:92:1f:55:40:65:cb:5e:96:50:60:1c:a8:30:9d:8d:db:95:a3:9f:f0:a6:e9:41:cd:9c:5a:95:75:29:9f:a5:75:9e:80:26:a3:c1:ac:35:b7:ef:ad:53:e0:fa:b3:b7:18:3a:bc:43:1e:11:e8:a2:9c:57:a9:b3:30:6c:fe:6b:bb:76:cc:bb:b0:19:d9:65:08:51:25:3e:22:77:b6:9d:07:fb:79:93:6e:60:f3:05:88:48:58:03:5d:f4:f5:5c:3e:9b:0c:6a:72:4e:45:3d:96:b1:41:e0:93:24:b0:91:a9:95:cc:1e:56:cb:dd:df:67:79:c2:73:7e:20:0e:f4:6b:a9:f2:59:0a:e2:38:11:8c:0c:01:75:17:c2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:38.170857000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494438.170857000", + "frame.time_delta": "0.060260000", + "frame.time_delta_displayed": "0.060260000", + "frame.time_relative": "846.710171000", + "frame.number": "3111", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c75", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000390a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "7680", + "tcp.ack": "31847", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000dc4b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:36:33:00:25:fb:a7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812163635, TSecr 2489255": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812163635", + "tcp.options.timestamp.tsecr": "2489255" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3110", + "tcp.analysis.ack_rtt": "0.060260000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:38.446216000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494438.446216000", + "frame.time_delta": "0.275359000", + "frame.time_delta_displayed": "0.275359000", + "frame.time_relative": "846.985530000", + "frame.number": "3112", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x0000957d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077cc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "31847", + "tcp.nxtseq": "31901", + "tcp.ack": "7680", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006da6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:fb:c9:a7:9e:36:33", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2489289, TSecr 2812163635": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2489289", + "tcp.options.timestamp.tsecr": "2812163635" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:2a:3e:44:db:73:04:47:29:08:b0:32:d7:18:14:7c:f4:8b:25:90:a8:8d:67:44:d9:d2:68:55:97:00:72:de:bc:02:14:68:0f:83:dc:fb:6a:8d:b6" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:38.506358000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494438.506358000", + "frame.time_delta": "0.060142000", + "frame.time_delta_displayed": "0.060142000", + "frame.time_relative": "847.045672000", + "frame.number": "3113", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c76", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003909", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "7680", + "tcp.ack": "31901", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000db9f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:36:87:00:25:fb:c9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812163719, TSecr 2489289": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812163719", + "tcp.options.timestamp.tsecr": "2489289" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3112", + "tcp.analysis.ack_rtt": "0.060142000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:38.534036000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494438.534036000", + "frame.time_delta": "0.027678000", + "frame.time_delta_displayed": "0.027678000", + "frame.time_relative": "847.073350000", + "frame.number": "3114", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x000077aa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000061af", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:43.739844000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494443.739844000", + "frame.time_delta": "5.205808000", + "frame.time_delta_displayed": "5.205808000", + "frame.time_relative": "852.279158000", + "frame.number": "3115", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000008a4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b016", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "55740", + "udp.dstport": "53", + "udp.port": "55740", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000dc5b", + "udp.checksum.status": "2", + "udp.stream": "83" + }, + "dns": { + "dns.id": "0x00000f25", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:43.740436000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494443.740436000", + "frame.time_delta": "0.000592000", + "frame.time_delta_displayed": "0.000592000", + "frame.time_relative": "852.279750000", + "frame.number": "3116", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00004702", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000071b8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "55740", + "udp.port": "53", + "udp.port": "55740", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "83" + }, + "dns": { + "dns.response_to": "3115", + "dns.time": "0.000592000", + "dns.id": "0x00000f25", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:43.741239000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494443.741239000", + "frame.time_delta": "0.000803000", + "frame.time_delta_displayed": "0.000803000", + "frame.time_relative": "852.280553000", + "frame.number": "3117", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000008a5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b015", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "41203", + "udp.dstport": "53", + "udp.port": "41203", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00003024", + "udp.checksum.status": "2", + "udp.stream": "84" + }, + "dns": { + "dns.id": "0x00000f26", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:43.741798000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494443.741798000", + "frame.time_delta": "0.000559000", + "frame.time_delta_displayed": "0.000559000", + "frame.time_relative": "852.281112000", + "frame.number": "3118", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00004703", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000071a7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "41203", + "udp.port": "53", + "udp.port": "41203", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "84" + }, + "dns": { + "dns.response_to": "3117", + "dns.time": "0.000559000", + "dns.id": "0x00000f26", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2934", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:43.742958000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494443.742958000", + "frame.time_delta": "0.001160000", + "frame.time_delta_displayed": "0.001160000", + "frame.time_relative": "852.282272000", + "frame.number": "3119", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000fb15", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003aba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35301", + "tcp.dstport": "80", + "tcp.port": "35301", + "tcp.port": "80", + "tcp.stream": "132", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000c45b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:43.878094000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494443.878094000", + "frame.time_delta": "0.135136000", + "frame.time_delta_displayed": "0.135136000", + "frame.time_relative": "852.417408000", + "frame.number": "3120", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x0000f206", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x000098cc", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35301", + "tcp.port": "80", + "tcp.port": "35301", + "tcp.stream": "132", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x0000cf66", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3119", + "tcp.analysis.ack_rtt": "0.135136000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:43.878632000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494443.878632000", + "frame.time_delta": "0.000538000", + "frame.time_delta_displayed": "0.000538000", + "frame.time_relative": "852.417946000", + "frame.number": "3121", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fb16", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003ac5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35301", + "tcp.dstport": "80", + "tcp.port": "35301", + "tcp.port": "80", + "tcp.stream": "132", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000098f5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3120", + "tcp.analysis.ack_rtt": "0.000538000", + "tcp.analysis.initial_rtt": "0.135674000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:43.878645000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494443.878645000", + "frame.time_delta": "0.000013000", + "frame.time_delta_displayed": "0.000013000", + "frame.time_relative": "852.417959000", + "frame.number": "3122", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x0000fb17", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000386c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35301", + "tcp.dstport": "80", + "tcp.port": "35301", + "tcp.port": "80", + "tcp.stream": "132", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000070c3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.135674000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:30:22:2c:20:4e:6f:6e:63:65:3d:22:35:72:36:56:61:38:67:34:31:35:47:37:49:4e:55:49:48:74:7a:6c:73:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:49:4a:4a:41:71:45:64:70:53:69:51:33:6a:64:4b:48:58:6e:4a:6c:69:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:44.014641000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494444.014641000", + "frame.time_delta": "0.135996000", + "frame.time_delta_displayed": "0.135996000", + "frame.time_relative": "852.553955000", + "frame.number": "3123", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003233", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x000058a8", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35301", + "tcp.port": "80", + "tcp.port": "35301", + "tcp.stream": "132", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000f629", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3122", + "tcp.analysis.ack_rtt": "0.135996000", + "tcp.analysis.initial_rtt": "0.135674000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:44.015279000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494444.015279000", + "frame.time_delta": "0.000638000", + "frame.time_delta_displayed": "0.000638000", + "frame.time_relative": "852.554593000", + "frame.number": "3124", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x0000fb18", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000035e3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35301", + "tcp.dstport": "80", + "tcp.port": "35301", + "tcp.port": "80", + "tcp.stream": "132", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000008c4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.135674000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "18:90:be:3a:3c:7c:5c:1e:6d:bb:3d:9c:52:4d:85:36:94:51:43:f2:e7:c1:1c:40:43:ed:b7:f3:24:c7:ad:1b:d4:79:5c:bd:ed:95:6b:1d:19:fb:50:0e:91:bc:7b:c0:24:f0:ea:df:ac:1a:e6:c7:84:7d:e3:32:c3:b4:cb:c6:a6:98:6a:9f:5c:40:cd:1b:e1:3f:ca:77:f5:08:89:b8:21:bc:e5:f4:63:e6:46:3c:af:a2:1c:18:83:bb:f4:dd:ea:3d:dd:0b:ea:c1:32:8d:e8:48:1b:9c:31:a0:d1:46:f5:b9:f3:62:f9:a0:09:44:f0:1e:dd:bf:17:cb:5a:08:79:22:69:d6:41:6e:52:82:75:8e:75:ad:e4:37:44:1d:53:d6:bf:c3:58:c5:00:00:5f:23:cf:30:3b:72:6d:71:61:9c:9b:56:43:c7:57:04:92:62:a9:91:69:55:66:d4:b5:06:04:a5:01:81:6f:65:f9:73:40:12:84:0f:b5:c4:67:44:78:d9:5e:e2:54:61:dd:71:cd:00:fd:6d:c2:ea:14:87:e8:71:35:ce:d4:78:45:ef:46:d9:cb:7e:a1:62:40:79:9d:f3:b3:e7:31:6e:84:b8:06:fa:bf:2c:26:73:cf:1e:10:d1:b8:06:4e:b8:92:17:24:65:d4:06:78:33:26:81:67:6f:b5:aa:c0:2e:f3:ad:e6:ef:9c:c4:5d:de:d4:74:b8:13:40:3e:38:3c:66:a3:48:8d:07:33:26:41:9c:e0:43:eb:8b:32:f6:11:f1:87:eb:e7:4b:85:82:37:28:f1:dd:ff:7f:0f:60:da:8f:30:27:3b:59:78:74:7d:fa:2d:e9:34:70:ea:78:23:7c:99:89:88:b4:9c:45:23:b5:28:30:97:67:66:5f:70:74:3c:95:4d:bd:07:a3:31:2f:d3:80:90:10:2b:cb:83:da:71:37:28:ca:4d:4d:cf:ce:5d:ef:cb:bd:39:10:f3:37:2f:91:dd:2a:8a:45:20:15:ae:89:4a:a4:8e:29:c1:57:4e:62:3b:2b:54:01:19:fc:75:b2:3e:d0:c0:37:e9:75:bd:7c:54:75:63:72:bc:b8:49:de:b6:79:c8:53:6b:b3:9a:07:53:4b:6d:1c:22:15:13:58:a8:68:e5:8a:82:8f:1a:56:4a:41:d9:1f:0c:1a:63:c0:dc:ac:de:fe:6f:1a:be:42:be:41:50:44:70:05:2e:49:e8:b3:c9:f5:33:8b:ae:98:b1:fd:73:5f:85:78:ab:9d:a6:b8:f7:ec:a2:d2:f0:74:ec:68:d6:52:9d:16:d1:50:d6:0a:cc:e8:fe:f1:96:56:36:b3:fd:47:f6:40:99:db:91:11:a2:d2:fa:0c:75:54:7a:b2:5e:0e:db:cb:0e:b2:5a:31:ca:11:f8:83:6c:57:23:43:c7:f6:01:57:0f:c4:10:cf:d2:ba:84:f7:d5:ec:33:9e:6c:72:95:c7:42:3e:99:f9:38:77:ee:f2:e0:0d:f1:bc:63:8b:e0:53:c3:d8:9e:2e:c4:71:49:c1:da:94:42:78:99:a7:e3:3c:31:63:01:3d:df:2b:d6:40:72:35:fd:ee:e4:50:9b:69:5f:fa:78:9d:fb:0c:0f:60:99:c8:af:17:be:27:c1:33:bc:51:e2:dc:90:64:c7:90:01:10:be:92:b5:04:13:c6:b1:0f:49:a3:2e:e2:6f:98:77:8d:d1:f0:df:2c:d4:b1:1d:ad:b0:b4:a3:6c:64:0a:be:d0:59:8b:6e:43:4d:07:db:d2:a8:35:68:b7:ae:e1:f8:b0:9c:58:a8:af:83:56:ba:99:d2:eb:4d:8c:aa:82:c7:47:c9:61:62:10:1f:7d:d8:fc:e3:0c:fd:fa:5d:2e:83:34:03:ac:3b:3e:e2:54:05:ff:f7:df:4c:39:e3:2d:82:98:80:fb:bc:93:0d:6a:79:d4:bd:52:45:ef:d3:f8:a2:ca:39:fc:f8:e9:88:16:04:2a:a6:0b:02:6d:45:b3:2b:04:3b:94:3f:e9:00:8c:f2:67:bb:91:95:29:99:ee:6d:88:25:b0:2c:ab:57:5d:34:19:f3:a1:75:f8:85:27:7c:5b:ca:f4:d2:21:a3:97:79:f0:3b:61:90:af:41:3c:96:84:92:00:59:1d:0f:f2:7c:56:00:77:81:62:f5:bf:e7:8d:ca:ac:7e:42:2a:4e:d7:e5:0d:6e:60:c5:09:3c:91:68:6e:1c:62:5c:e8:13:07:b5:47:24:35:64:98:04:d6:d0:17:7f:e0:24:29:03:73:79:7b:46:46:69:ef:56:9a:b4:04:78:9b:09:c3:71:64:19:c4:85:f9:b0:c3:e5:c1:7a:1b:27:f3:a0:ef:ad:85:4b:d2:8c:80:2c:43:33:cb:7a:15:14:18:db:5f:7c:45:20:a3:dd:be:e5:bb:29:16:06:f5:df:9b:a9:9c:5c:a6:29:34:45:9c:75:81:83:f8:e9:0a:58:b6:33:53:65:ed:86:0a:18:e6:93:7b:48:f7:0e:8c:68:1c:8d:57:56:c7:dd:08:ac:6b:ed:83:9f:47:66:d8:12:ac:d4:c1:2d:e1:6c:7f:f4:36:35:f5:52:3b:34:4e:d2:31:02:6c:49:6f:9d:61:d0:75:72:2e:39:d0:3d:0c:53:3d:a0:cc:a7:b8:c3:80:47:ce:bb:09:c4:bd:17:aa:f6:2b:a6:8d:98:67:0a:79:ff:e2:d5:59:8c:54:b7:d7:c3:60:8b:e4:fd:4e:56:3c:7b:49:df:50:1c:39:b7:a5:ad:22:9d:f5:64:8a:c0:29:1a:85:8c:40:9b:69:43:b9:22:1a:9d:54:db:64:14:24:12:48:55:58:e7:a4:1b:77:b9:cb:8e:df:3a:ef:aa:f9:9d:3b:b2:ff:b1:fb:1c:7d:04:ea:ee:f7:b2:65:03:78:73:81:ee:30:02:d2:99:0b:e4:93:46:c1:9c:96:b2:0b:01:44:dc:71:ff:ff:73:8d:ce:66:43:bb:0e:07:b0:a6:ea:4f:ff:01:2d:28:b7:b5:c1:77:f9:89:6b:f9:2b:d0:65:f5:f9:f7:9d:10:93:12:4f:7c:97:4b:2d:5d:f5:73:5a:50:34:8d:82:61:1b:cb:70:ec:d6:d6:45:62:09:5b:ce:0e:17:c8:d1:e3:ab:cb:a0:01:8f:b3:a6:73:0d:02:b2:32:48:3b:67:39:25:f3:ab:bb:0a:08:f3:97:22:b8:2b:da:ec:7a:46:92:ae:df:43:ff:44:40:b9:a8:7b:86:44:2d:ef:7b:f4:90:98:96:c3:e5:1b:31" + }, + "tcp.segments": { + "tcp.segment": "3122", + "tcp.segment": "3124", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:30:22:2c:20:4e:6f:6e:63:65:3d:22:35:72:36:56:61:38:67:34:31:35:47:37:49:4e:55:49:48:74:7a:6c:73:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:49:4a:4a:41:71:45:64:70:53:69:51:33:6a:64:4b:48:58:6e:4a:6c:69:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:18:90:be:3a:3c:7c:5c:1e:6d:bb:3d:9c:52:4d:85:36:94:51:43:f2:e7:c1:1c:40:43:ed:b7:f3:24:c7:ad:1b:d4:79:5c:bd:ed:95:6b:1d:19:fb:50:0e:91:bc:7b:c0:24:f0:ea:df:ac:1a:e6:c7:84:7d:e3:32:c3:b4:cb:c6:a6:98:6a:9f:5c:40:cd:1b:e1:3f:ca:77:f5:08:89:b8:21:bc:e5:f4:63:e6:46:3c:af:a2:1c:18:83:bb:f4:dd:ea:3d:dd:0b:ea:c1:32:8d:e8:48:1b:9c:31:a0:d1:46:f5:b9:f3:62:f9:a0:09:44:f0:1e:dd:bf:17:cb:5a:08:79:22:69:d6:41:6e:52:82:75:8e:75:ad:e4:37:44:1d:53:d6:bf:c3:58:c5:00:00:5f:23:cf:30:3b:72:6d:71:61:9c:9b:56:43:c7:57:04:92:62:a9:91:69:55:66:d4:b5:06:04:a5:01:81:6f:65:f9:73:40:12:84:0f:b5:c4:67:44:78:d9:5e:e2:54:61:dd:71:cd:00:fd:6d:c2:ea:14:87:e8:71:35:ce:d4:78:45:ef:46:d9:cb:7e:a1:62:40:79:9d:f3:b3:e7:31:6e:84:b8:06:fa:bf:2c:26:73:cf:1e:10:d1:b8:06:4e:b8:92:17:24:65:d4:06:78:33:26:81:67:6f:b5:aa:c0:2e:f3:ad:e6:ef:9c:c4:5d:de:d4:74:b8:13:40:3e:38:3c:66:a3:48:8d:07:33:26:41:9c:e0:43:eb:8b:32:f6:11:f1:87:eb:e7:4b:85:82:37:28:f1:dd:ff:7f:0f:60:da:8f:30:27:3b:59:78:74:7d:fa:2d:e9:34:70:ea:78:23:7c:99:89:88:b4:9c:45:23:b5:28:30:97:67:66:5f:70:74:3c:95:4d:bd:07:a3:31:2f:d3:80:90:10:2b:cb:83:da:71:37:28:ca:4d:4d:cf:ce:5d:ef:cb:bd:39:10:f3:37:2f:91:dd:2a:8a:45:20:15:ae:89:4a:a4:8e:29:c1:57:4e:62:3b:2b:54:01:19:fc:75:b2:3e:d0:c0:37:e9:75:bd:7c:54:75:63:72:bc:b8:49:de:b6:79:c8:53:6b:b3:9a:07:53:4b:6d:1c:22:15:13:58:a8:68:e5:8a:82:8f:1a:56:4a:41:d9:1f:0c:1a:63:c0:dc:ac:de:fe:6f:1a:be:42:be:41:50:44:70:05:2e:49:e8:b3:c9:f5:33:8b:ae:98:b1:fd:73:5f:85:78:ab:9d:a6:b8:f7:ec:a2:d2:f0:74:ec:68:d6:52:9d:16:d1:50:d6:0a:cc:e8:fe:f1:96:56:36:b3:fd:47:f6:40:99:db:91:11:a2:d2:fa:0c:75:54:7a:b2:5e:0e:db:cb:0e:b2:5a:31:ca:11:f8:83:6c:57:23:43:c7:f6:01:57:0f:c4:10:cf:d2:ba:84:f7:d5:ec:33:9e:6c:72:95:c7:42:3e:99:f9:38:77:ee:f2:e0:0d:f1:bc:63:8b:e0:53:c3:d8:9e:2e:c4:71:49:c1:da:94:42:78:99:a7:e3:3c:31:63:01:3d:df:2b:d6:40:72:35:fd:ee:e4:50:9b:69:5f:fa:78:9d:fb:0c:0f:60:99:c8:af:17:be:27:c1:33:bc:51:e2:dc:90:64:c7:90:01:10:be:92:b5:04:13:c6:b1:0f:49:a3:2e:e2:6f:98:77:8d:d1:f0:df:2c:d4:b1:1d:ad:b0:b4:a3:6c:64:0a:be:d0:59:8b:6e:43:4d:07:db:d2:a8:35:68:b7:ae:e1:f8:b0:9c:58:a8:af:83:56:ba:99:d2:eb:4d:8c:aa:82:c7:47:c9:61:62:10:1f:7d:d8:fc:e3:0c:fd:fa:5d:2e:83:34:03:ac:3b:3e:e2:54:05:ff:f7:df:4c:39:e3:2d:82:98:80:fb:bc:93:0d:6a:79:d4:bd:52:45:ef:d3:f8:a2:ca:39:fc:f8:e9:88:16:04:2a:a6:0b:02:6d:45:b3:2b:04:3b:94:3f:e9:00:8c:f2:67:bb:91:95:29:99:ee:6d:88:25:b0:2c:ab:57:5d:34:19:f3:a1:75:f8:85:27:7c:5b:ca:f4:d2:21:a3:97:79:f0:3b:61:90:af:41:3c:96:84:92:00:59:1d:0f:f2:7c:56:00:77:81:62:f5:bf:e7:8d:ca:ac:7e:42:2a:4e:d7:e5:0d:6e:60:c5:09:3c:91:68:6e:1c:62:5c:e8:13:07:b5:47:24:35:64:98:04:d6:d0:17:7f:e0:24:29:03:73:79:7b:46:46:69:ef:56:9a:b4:04:78:9b:09:c3:71:64:19:c4:85:f9:b0:c3:e5:c1:7a:1b:27:f3:a0:ef:ad:85:4b:d2:8c:80:2c:43:33:cb:7a:15:14:18:db:5f:7c:45:20:a3:dd:be:e5:bb:29:16:06:f5:df:9b:a9:9c:5c:a6:29:34:45:9c:75:81:83:f8:e9:0a:58:b6:33:53:65:ed:86:0a:18:e6:93:7b:48:f7:0e:8c:68:1c:8d:57:56:c7:dd:08:ac:6b:ed:83:9f:47:66:d8:12:ac:d4:c1:2d:e1:6c:7f:f4:36:35:f5:52:3b:34:4e:d2:31:02:6c:49:6f:9d:61:d0:75:72:2e:39:d0:3d:0c:53:3d:a0:cc:a7:b8:c3:80:47:ce:bb:09:c4:bd:17:aa:f6:2b:a6:8d:98:67:0a:79:ff:e2:d5:59:8c:54:b7:d7:c3:60:8b:e4:fd:4e:56:3c:7b:49:df:50:1c:39:b7:a5:ad:22:9d:f5:64:8a:c0:29:1a:85:8c:40:9b:69:43:b9:22:1a:9d:54:db:64:14:24:12:48:55:58:e7:a4:1b:77:b9:cb:8e:df:3a:ef:aa:f9:9d:3b:b2:ff:b1:fb:1c:7d:04:ea:ee:f7:b2:65:03:78:73:81:ee:30:02:d2:99:0b:e4:93:46:c1:9c:96:b2:0b:01:44:dc:71:ff:ff:73:8d:ce:66:43:bb:0e:07:b0:a6:ea:4f:ff:01:2d:28:b7:b5:c1:77:f9:89:6b:f9:2b:d0:65:f5:f9:f7:9d:10:93:12:4f:7c:97:4b:2d:5d:f5:73:5a:50:34:8d:82:61:1b:cb:70:ec:d6:d6:45:62:09:5b:ce:0e:17:c8:d1:e3:ab:cb:a0:01:8f:b3:a6:73:0d:02:b2:32:48:3b:67:39:25:f3:ab:bb:0a:08:f3:97:22:b8:2b:da:ec:7a:46:92:ae:df:43:ff:44:40:b9:a8:7b:86:44:2d:ef:7b:f4:90:98:96:c3:e5:1b:31" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"190\", Nonce=\"5r6Va8g415G7INUIHtzlsw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"IJJAqEdpSiQ3jdKHXnJlig==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"190\", Nonce=\"5r6Va8g415G7INUIHtzlsw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"IJJAqEdpSiQ3jdKHXnJlig==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "\u0018\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd:<|\\\u001em\u00ef\u00bf\u00bd=\u00ef\u00bf\u00bdRM\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bdQC\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c@C\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001b\u00ef\u00bf\u00bdy\\\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdk\u001d\u0019\u00ef\u00bf\u00bdP\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd{\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd}\u00ef\u00bf\u00bd2\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bd\\@\u00ef\u00bf\u00bd\u001b\u00ef\u00bf\u00bd?\u00ef\u00bf\u00bdw\u00ef\u00bf\u00bd\b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd!\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bdF<\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c\u0018\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd=\u00ef\u00bf\u00bd\u000b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd2\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdH\u001b\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdF\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdb\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\tD\u00ef\u00bf\u00bd\u001e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0017\u00ef\u00bf\u00bdZ\by\"i\u00ef\u00bf\u00bdAnR\u00ef\u00bf\u00bdu\u00ef\u00bf\u00bdu\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd7D\u001dS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdX\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "18:90:be:3a:3c:7c:5c:1e:6d:bb:3d:9c:52:4d:85:36:94:51:43:f2:e7:c1:1c:40:43:ed:b7:f3:24:c7:ad:1b:d4:79:5c:bd:ed:95:6b:1d:19:fb:50:0e:91:bc:7b:c0:24:f0:ea:df:ac:1a:e6:c7:84:7d:e3:32:c3:b4:cb:c6:a6:98:6a:9f:5c:40:cd:1b:e1:3f:ca:77:f5:08:89:b8:21:bc:e5:f4:63:e6:46:3c:af:a2:1c:18:83:bb:f4:dd:ea:3d:dd:0b:ea:c1:32:8d:e8:48:1b:9c:31:a0:d1:46:f5:b9:f3:62:f9:a0:09:44:f0:1e:dd:bf:17:cb:5a:08:79:22:69:d6:41:6e:52:82:75:8e:75:ad:e4:37:44:1d:53:d6:bf:c3:58:c5:00:00:5f:23:cf:30:3b:72:6d:71:61:9c:9b:56:43:c7:57:04:92:62:a9:91:69:55:66:d4:b5:06:04:a5:01:81:6f:65:f9:73:40:12:84:0f:b5:c4:67:44:78:d9:5e:e2:54:61:dd:71:cd:00:fd:6d:c2:ea:14:87:e8:71:35:ce:d4:78:45:ef:46:d9:cb:7e:a1:62:40:79:9d:f3:b3:e7:31:6e:84:b8:06:fa:bf:2c:26:73:cf:1e:10:d1:b8:06:4e:b8:92:17:24:65:d4:06:78:33:26:81:67:6f:b5:aa:c0:2e:f3:ad:e6:ef:9c:c4:5d:de:d4:74:b8:13:40:3e:38:3c:66:a3:48:8d:07:33:26:41:9c:e0:43:eb:8b:32:f6:11:f1:87:eb:e7:4b:85:82:37:28:f1:dd:ff:7f:0f:60:da:8f:30:27:3b:59:78:74:7d:fa:2d:e9:34:70:ea:78:23:7c:99:89:88:b4:9c:45:23:b5:28:30:97:67:66:5f:70:74:3c:95:4d:bd:07:a3:31:2f:d3:80:90:10:2b:cb:83:da:71:37:28:ca:4d:4d:cf:ce:5d:ef:cb:bd:39:10:f3:37:2f:91:dd:2a:8a:45:20:15:ae:89:4a:a4:8e:29:c1:57:4e:62:3b:2b:54:01:19:fc:75:b2:3e:d0:c0:37:e9:75:bd:7c:54:75:63:72:bc:b8:49:de:b6:79:c8:53:6b:b3:9a:07:53:4b:6d:1c:22:15:13:58:a8:68:e5:8a:82:8f:1a:56:4a:41:d9:1f:0c:1a:63:c0:dc:ac:de:fe:6f:1a:be:42:be:41:50:44:70:05:2e:49:e8:b3:c9:f5:33:8b:ae:98:b1:fd:73:5f:85:78:ab:9d:a6:b8:f7:ec:a2:d2:f0:74:ec:68:d6:52:9d:16:d1:50:d6:0a:cc:e8:fe:f1:96:56:36:b3:fd:47:f6:40:99:db:91:11:a2:d2:fa:0c:75:54:7a:b2:5e:0e:db:cb:0e:b2:5a:31:ca:11:f8:83:6c:57:23:43:c7:f6:01:57:0f:c4:10:cf:d2:ba:84:f7:d5:ec:33:9e:6c:72:95:c7:42:3e:99:f9:38:77:ee:f2:e0:0d:f1:bc:63:8b:e0:53:c3:d8:9e:2e:c4:71:49:c1:da:94:42:78:99:a7:e3:3c:31:63:01:3d:df:2b:d6:40:72:35:fd:ee:e4:50:9b:69:5f:fa:78:9d:fb:0c:0f:60:99:c8:af:17:be:27:c1:33:bc:51:e2:dc:90:64:c7:90:01:10:be:92:b5:04:13:c6:b1:0f:49:a3:2e:e2:6f:98:77:8d:d1:f0:df:2c:d4:b1:1d:ad:b0:b4:a3:6c:64:0a:be:d0:59:8b:6e:43:4d:07:db:d2:a8:35:68:b7:ae:e1:f8:b0:9c:58:a8:af:83:56:ba:99:d2:eb:4d:8c:aa:82:c7:47:c9:61:62:10:1f:7d:d8:fc:e3:0c:fd:fa:5d:2e:83:34:03:ac:3b:3e:e2:54:05:ff:f7:df:4c:39:e3:2d:82:98:80:fb:bc:93:0d:6a:79:d4:bd:52:45:ef:d3:f8:a2:ca:39:fc:f8:e9:88:16:04:2a:a6:0b:02:6d:45:b3:2b:04:3b:94:3f:e9:00:8c:f2:67:bb:91:95:29:99:ee:6d:88:25:b0:2c:ab:57:5d:34:19:f3:a1:75:f8:85:27:7c:5b:ca:f4:d2:21:a3:97:79:f0:3b:61:90:af:41:3c:96:84:92:00:59:1d:0f:f2:7c:56:00:77:81:62:f5:bf:e7:8d:ca:ac:7e:42:2a:4e:d7:e5:0d:6e:60:c5:09:3c:91:68:6e:1c:62:5c:e8:13:07:b5:47:24:35:64:98:04:d6:d0:17:7f:e0:24:29:03:73:79:7b:46:46:69:ef:56:9a:b4:04:78:9b:09:c3:71:64:19:c4:85:f9:b0:c3:e5:c1:7a:1b:27:f3:a0:ef:ad:85:4b:d2:8c:80:2c:43:33:cb:7a:15:14:18:db:5f:7c:45:20:a3:dd:be:e5:bb:29:16:06:f5:df:9b:a9:9c:5c:a6:29:34:45:9c:75:81:83:f8:e9:0a:58:b6:33:53:65:ed:86:0a:18:e6:93:7b:48:f7:0e:8c:68:1c:8d:57:56:c7:dd:08:ac:6b:ed:83:9f:47:66:d8:12:ac:d4:c1:2d:e1:6c:7f:f4:36:35:f5:52:3b:34:4e:d2:31:02:6c:49:6f:9d:61:d0:75:72:2e:39:d0:3d:0c:53:3d:a0:cc:a7:b8:c3:80:47:ce:bb:09:c4:bd:17:aa:f6:2b:a6:8d:98:67:0a:79:ff:e2:d5:59:8c:54:b7:d7:c3:60:8b:e4:fd:4e:56:3c:7b:49:df:50:1c:39:b7:a5:ad:22:9d:f5:64:8a:c0:29:1a:85:8c:40:9b:69:43:b9:22:1a:9d:54:db:64:14:24:12:48:55:58:e7:a4:1b:77:b9:cb:8e:df:3a:ef:aa:f9:9d:3b:b2:ff:b1:fb:1c:7d:04:ea:ee:f7:b2:65:03:78:73:81:ee:30:02:d2:99:0b:e4:93:46:c1:9c:96:b2:0b:01:44:dc:71:ff:ff:73:8d:ce:66:43:bb:0e:07:b0:a6:ea:4f:ff:01:2d:28:b7:b5:c1:77:f9:89:6b:f9:2b:d0:65:f5:f9:f7:9d:10:93:12:4f:7c:97:4b:2d:5d:f5:73:5a:50:34:8d:82:61:1b:cb:70:ec:d6:d6:45:62:09:5b:ce:0e:17:c8:d1:e3:ab:cb:a0:01:8f:b3:a6:73:0d:02:b2:32:48:3b:67:39:25:f3:ab:bb:0a:08:f3:97:22:b8:2b:da:ec:7a:46:92:ae:df:43:ff:44:40:b9:a8:7b:86:44:2d:ef:7b:f4:90:98:96:c3:e5:1b:31" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:44.150626000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494444.150626000", + "frame.time_delta": "0.135347000", + "frame.time_delta_displayed": "0.135347000", + "frame.time_relative": "852.689940000", + "frame.number": "3125", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006edc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00001bff", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35301", + "tcp.port": "80", + "tcp.port": "35301", + "tcp.stream": "132", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000ec69", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3124", + "tcp.analysis.ack_rtt": "0.135347000", + "tcp.analysis.initial_rtt": "0.135674000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:44.187348000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494444.187348000", + "frame.time_delta": "0.036722000", + "frame.time_delta_displayed": "0.036722000", + "frame.time_relative": "852.726662000", + "frame.number": "3126", + "frame.len": "925", + "frame.cap_len": "925", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "911", + "ip.id": "0x00007f4e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00000826", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35301", + "tcp.port": "80", + "tcp.port": "35301", + "tcp.stream": "132", + "tcp.len": "871", + "tcp.seq": "1", + "tcp.nxtseq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000cc50", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.135674000", + "tcp.analysis.bytes_in_flight": "871", + "tcp.analysis.push_bytes_sent": "871" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_length_header": "560", + "http.content_length_header_tree": { + "http.content_length": "560" + }, + "http.response.line": "Content-Length: 560\r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Nonce=\"9ooFVpb+B5m7INUIAH+wjw==\"", + "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"9ooFVpb+B5m7INUIAH+wjw==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Wed, 01 Nov 2017 00:00:43 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:00:43 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.172069000", + "http.request_in": "3124", + "http.file_data": "\u0018\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd:<|\\\u001em\u00ef\u00bf\u00bd=\u00ef\u00bf\u00bdRM\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bdQC\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c@C\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001b}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0015\u00ef\u00bf\u00bd#O\u00ef\u00bf\u00bdC\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\n\u00ef\u00bf\u00bd]\u00ef\u00bf\u00bdi\u00127T\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdL#{\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000e\u000e\u00ef\u00bf\u00bd3\u0012\u00ef\u00bf\u00bdRQ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd*\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\t7\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd:\u00ef\u00bf\u00bd\u0001\u00ef\u00bf\u00bd-n\u0004O\u00ef\u00bf\u00bd\u0001\u00ef\u00bf\u00bdP\u007f~\\*V\u00ef\u00bf\u00bdv'N\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdNH<[\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bdq\u0018|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdR\u00ef\u00bf\u00bd7\u00ef\u00bf\u00bd5x\u00ef\u00bf\u00bd\u0014\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0013}>\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdmsz\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdHqBK\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd9\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdNX\r\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdV\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd8\u00ef\u00bf\u00bdf\u00ef\u00bf\u00bdC}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0016VY\u00ef\u00bf\u00bd.\u00ef\u00bf\u00bd\u0018^h\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd*\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdF\u00ef\u00bf\u00bdD\u00ef\u00bf\u00bd}m\u00ef\u00bf\u00bd\u0005nB0\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdT:x4\u0013$\u001b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdLL\u00ef\u00bf\u00bd[\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd{Q]\\n\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdL%HuE4\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdp\u00ef\u00bf\u00bd\\\u00ef\u00bf\u00bdU\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdk\u00ef\u00bf\u00bd\u0004\u0003wx\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bdzw\u001b\u00ef\u00bf\u00bdoFh\u0016\u00ef\u00bf\u00bdn\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdWCx=\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdK\u0016$\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bd'\u00ef\u00bf\u00bdl\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0017\u000e\u00ef\u00bf\u00bdK\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdB\u001b\u00ef\u00bf\u00bdi0\u0011#\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdL\u00ef\u00bf\u00bdf\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0001\u0001\u0006\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd)\u0004\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001df\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdX_\u00ef\u00bf\u00bdb\u00ef\u00bf\u00bd|\u00ef\u00bf\u00bdY\u00ef\u00bf\u00bd<\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdC\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bdmP\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bderRx \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\f\u00ef\u00bf\u00bdEA\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003\/4\u00ef\u00bf\u00bde`\u00ef\u00bf\u00bd6w%n\u00ef\u00bf\u00bd8g@\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd*\u00ef\u00bf\u00bdM9fB\u0018\u000enqe1X#t',\u00ef\u00bf\u00bd:\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd0u\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bdJ\u00ef\u00bf\u00bdl\u000f\u00ef\u00bf\u00bd\f`\"\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdm\u0005r\u00ef\u00bf\u00bd>\u00ef\u00bf\u00bd,\u00ef\u00bf\u00bdz\u00ef\u00bf\u00bd\t\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bd\u0004f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd*.L\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\r\u00ef\u00bf\u00bd*\u00ef\u00bf\u00bd5\u00ef\u00bf\u00bd@\u0019rA\u00ef\u00bf\u00bdN*U\u0017D@\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdRE \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdE" + }, + "media": { + "media.type": "18:90:be:3a:3c:7c:5c:1e:6d:bb:3d:9c:52:4d:85:36:94:51:43:f2:e7:c1:1c:40:43:ed:b7:f3:24:c7:ad:1b:7d:d6:d7:d8:15:cf:23:4f:d6:43:bd:e7:9d:0a:f8:5d:a8:69:12:37:54:9d:ad:a0:4c:23:7b:05:ab:bf:b2:0e:0e:ab:33:12:88:52:51:a3:e4:85:72:fa:81:94:2a:de:f0:f3:36:db:bf:09:37:fe:ad:f2:e8:3a:f1:01:c8:2d:6e:04:4f:9e:01:8e:50:7f:7e:5c:2a:56:d7:76:27:4e:b8:f0:4e:48:3c:5b:94:ee:ca:a1:03:d1:71:18:7c:b7:b0:63:14:bd:e5:dc:80:52:f9:37:c5:35:78:9d:14:1f:fe:eb:99:cc:13:7d:3e:f9:a6:95:6d:73:7a:d4:a0:48:71:42:4b:ca:8f:39:90:81:fa:c5:e4:4e:58:0d:83:ab:ee:56:02:ec:e7:38:93:66:99:43:7d:af:fc:cd:9b:16:56:59:b8:2e:db:18:5e:68:b9:bb:93:ff:c7:2a:b6:87:f4:a5:fc:46:ca:44:81:7d:6d:b9:05:6e:42:30:98:ce:54:3a:78:34:13:24:1b:a9:b1:4c:4c:be:5b:f6:a3:7b:51:5d:5c:6e:b0:ac:4c:25:48:75:45:34:cc:92:70:e9:5c:dd:55:9f:dd:b4:6b:f4:04:03:77:78:c7:33:cf:7a:77:1b:da:6f:46:68:16:f9:6e:d0:df:90:bd:d7:57:43:78:3d:bc:a7:c3:de:72:88:a3:ab:4b:16:24:ca:18:a8:27:b7:6c:d2:b8:17:0e:d2:4b:d2:a6:c2:42:1b:e6:69:30:11:23:cb:d6:c4:4c:c9:66:19:9e:87:c3:d2:cd:01:01:06:99:a3:f4:b1:da:8c:85:a8:29:04:be:91:84:ac:b5:a0:1d:66:9a:ae:58:5f:92:62:f3:7c:98:59:e5:3c:ae:c0:43:93:7e:90:6d:50:c7:db:89:8a:65:72:52:78:20:df:a1:0c:a2:45:41:83:f4:03:2f:34:8d:65:60:9a:36:77:25:6e:ca:38:67:40:c8:d5:2a:d5:4d:39:66:42:18:0e:6e:71:65:31:58:23:74:27:2c:b5:3a:f5:e3:30:75:91:bd:6a:b8:14:c0:4a:af:6c:0f:d2:0c:60:22:b2:e2:85:6d:05:72:8d:3e:95:2c:be:7a:ce:09:fd:c4:6a:bc:04:66:df:d0:90:2a:2e:4c:f4:fa:8c:0d:a6:2a:f1:35:fa:40:19:72:41:c1:4e:2a:55:17:44:40:ba:af:52:45:20:98:cb:7c:e7:8b:cf:e6:eb:19:91:e5:e0:45:00:0c:bd:38:e3:43:2b:eb:6d:b8:d3:7c:44:6d:8c:24:b8:62:83:e4:29:65:88:f9:ee:25:2b:b5:2f:6b:a7:67:fa:b6:68:62:91:9e:79:c5:23:39:89:46:2c:f2:00:c7:a7" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:44.187434000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494444.187434000", + "frame.time_delta": "0.000086000", + "frame.time_delta_displayed": "0.000086000", + "frame.time_relative": "852.726748000", + "frame.number": "3127", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007f50", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00000b8b", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35301", + "tcp.port": "80", + "tcp.port": "35301", + "tcp.stream": "132", + "tcp.len": "0", + "tcp.seq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000e901", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:44.187928000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494444.187928000", + "frame.time_delta": "0.000494000", + "frame.time_delta_displayed": "0.000494000", + "frame.time_relative": "852.727242000", + "frame.number": "3128", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fb19", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003ac2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35301", + "tcp.dstport": "80", + "tcp.port": "35301", + "tcp.port": "80", + "tcp.stream": "132", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "872", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008951", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3126", + "tcp.analysis.ack_rtt": "0.000580000", + "tcp.analysis.initial_rtt": "0.135674000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:44.188626000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494444.188626000", + "frame.time_delta": "0.000698000", + "frame.time_delta_displayed": "0.000698000", + "frame.time_relative": "852.727940000", + "frame.number": "3129", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fb1a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003ac1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35301", + "tcp.dstport": "80", + "tcp.port": "35301", + "tcp.port": "80", + "tcp.stream": "132", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "873", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000894f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3127", + "tcp.analysis.ack_rtt": "0.001192000", + "tcp.analysis.initial_rtt": "0.135674000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:44.323968000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494444.323968000", + "frame.time_delta": "0.135342000", + "frame.time_delta_displayed": "0.135342000", + "frame.time_relative": "852.863282000", + "frame.number": "3130", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000bfe3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000caf7", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35301", + "tcp.port": "80", + "tcp.port": "35301", + "tcp.stream": "132", + "tcp.len": "0", + "tcp.seq": "873", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000e900", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3129", + "tcp.analysis.ack_rtt": "0.135342000", + "tcp.analysis.initial_rtt": "0.135674000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:45.888821000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494445.888821000", + "frame.time_delta": "1.564853000", + "frame.time_delta_displayed": "1.564853000", + "frame.time_relative": "854.428135000", + "frame.number": "3131", + "frame.len": "415", + "frame.cap_len": "415", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "401", + "ip.id": "0x0000957e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076a4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "349", + "tcp.seq": "31901", + "tcp.nxtseq": "32250", + "tcp.ack": "7680", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000c13", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:fe:b1:a7:9e:36:87", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2490033, TSecr 2812163719": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2490033", + "tcp.options.timestamp.tsecr": "2812163719" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "349", + "tcp.analysis.push_bytes_sent": "349" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "344", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:2b:51:b2:28:e8:25:37:0b:74:25:4f:c5:a7:7d:cd:92:bc:b3:1f:ac:8d:50:d9:5a:82:67:41:ab:9e:46:50:7e:72:ea:33:be:b4:8e:a8:2b:b3:3f:49:9e:bf:05:60:f9:a6:a8:35:00:9c:86:1a:53:c5:f4:7f:36:14:59:9c:4f:0d:1a:75:7c:9f:98:a2:cc:0a:29:42:d4:f9:f4:32:8f:23:ec:9c:3b:ca:d8:06:04:7d:34:ce:8a:11:24:c1:17:c2:d0:1a:3f:7f:79:5e:64:50:8f:45:09:67:66:67:21:ef:64:30:6f:ce:01:19:e0:3f:89:08:8d:76:3d:f5:89:10:15:fa:cb:78:8d:6e:3d:15:df:e0:5c:3a:43:5f:2e:9b:b6:33:d0:12:97:e2:9f:b4:56:94:8e:96:1b:6d:ae:09:7b:81:c9:de:35:49:58:5a:8b:78:1d:60:82:bb:b4:ea:59:05:74:28:63:c2:f7:ac:90:62:9b:0d:33:bc:7b:d4:57:15:75:97:d9:c6:02:be:0f:58:fe:b1:b2:b5:47:46:c4:10:89:58:87:94:f3:86:63:93:00:87:f3:a9:ed:cb:ab:df:8d:2e:23:81:bb:17:fe:37:67:3c:4f:80:8c:5c:32:11:30:ee:a3:63:c8:aa:17:f2:b0:49:22:22:d4:f0:75:e6:4b:7a:e6:b1:04:6f:2f:10:86:de:00:76:88:fa:d2:6a:a0:fd:de:28:ed:e6:25:b1:41:69:09:2a:2d:cc:db:96:0f:a6:77:98:d2:fa:9a:22:30:61:c7:bb:98:39:8b:78:2b:ed:c6:e4:95:e4:9e:f3:8c:c4:5a:e9:50:0e:09:1c:ec:d4:07:60:6d:db:6f:af:77:8a:19:93:4c:16" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:45.950579000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494445.950579000", + "frame.time_delta": "0.061758000", + "frame.time_delta_displayed": "0.061758000", + "frame.time_relative": "854.489893000", + "frame.number": "3132", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c77", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003908", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "7680", + "tcp.ack": "32250", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d016", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:3d:cb:00:25:fe:b1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812165579, TSecr 2490033": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812165579", + "tcp.options.timestamp.tsecr": "2490033" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3131", + "tcp.analysis.ack_rtt": "0.061758000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:45.957700000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494445.957700000", + "frame.time_delta": "0.007121000", + "frame.time_delta_displayed": "0.007121000", + "frame.time_relative": "854.497014000", + "frame.number": "3133", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002c78", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038d8", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "7680", + "tcp.nxtseq": "7727", + "tcp.ack": "32250", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bf84", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:3d:cd:00:25:fe:b1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812165581, TSecr 2490033": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812165581", + "tcp.options.timestamp.tsecr": "2490033" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:63:f3:e4:90:54:2f:c7:2a:33:c3:f5:15:51:33:64:26:61:a0:a2:3f:bb:0d:17:18:b3:c5:53:75:e8:bd:56:af:16:d8:2a" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:45.993445000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494445.993445000", + "frame.time_delta": "0.035745000", + "frame.time_delta_displayed": "0.035745000", + "frame.time_relative": "854.532759000", + "frame.number": "3134", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000957f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007800", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "32250", + "tcp.ack": "7727", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ceeb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:25:fe:bc:a7:9e:3d:cd", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2490044, TSecr 2812165581": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2490044", + "tcp.options.timestamp.tsecr": "2812165581" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3133", + "tcp.analysis.ack_rtt": "0.035745000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:47.020130000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494447.020130000", + "frame.time_delta": "1.026685000", + "frame.time_delta_displayed": "1.026685000", + "frame.time_relative": "855.559444000", + "frame.number": "3135", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:49.724202000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494449.724202000", + "frame.time_delta": "2.704072000", + "frame.time_delta_displayed": "2.704072000", + "frame.time_relative": "858.263516000", + "frame.number": "3136", + "frame.len": "1324", + "frame.cap_len": "1324", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1310", + "ip.id": "0x00009580", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007315", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1258", + "tcp.seq": "32250", + "tcp.nxtseq": "33508", + "tcp.ack": "7727", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002926", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:00:31:a7:9e:3d:cd", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2490417, TSecr 2812165581": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2490417", + "tcp.options.timestamp.tsecr": "2812165581" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1258", + "tcp.analysis.push_bytes_sent": "1258" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1253", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:2c:9b:1e:b7:01:cd:36:f8:52:65:db:90:17:16:d9:79:00:51:72:f1:40:cb:19:87:40:ed:80:89:b7:c3:a3:3e:00:ab:09:2d:17:b3:80:66:d2:01:f0:01:e0:71:0a:9d:7d:f6:43:37:46:47:4a:a7:63:c6:ff:87:57:d8:34:e4:be:92:bb:e8:6b:96:db:11:f2:f0:34:b3:48:08:28:21:80:fa:94:d3:4e:db:76:f6:f1:8b:ce:10:e0:11:41:47:c1:51:94:24:14:b3:bd:3f:b6:f2:fb:34:4a:17:bc:d5:fe:80:ec:f2:9f:25:75:f3:9b:bb:79:eb:ce:c6:14:10:f3:c4:ce:c3:b9:88:13:2c:06:c9:7e:8a:44:36:de:1e:38:d8:72:a8:c1:0c:91:3a:90:40:35:05:53:51:55:1d:61:98:8b:aa:f2:cc:17:24:d0:b5:c5:56:72:8a:32:67:bd:4a:d4:82:bd:17:73:47:a4:d8:4f:ea:19:37:60:7f:7c:a9:b8:07:fc:a3:b9:0c:5a:1a:5f:d4:67:14:e9:9b:0a:49:33:54:10:1a:44:f6:09:62:d6:73:d9:9d:74:09:db:47:46:63:3d:6b:75:70:7e:5a:45:7e:75:29:7a:06:2d:bf:98:eb:e3:c5:ee:37:a5:c9:4b:f5:a2:75:56:27:9f:24:fc:3e:a2:5b:db:b6:92:a5:17:3d:5d:68:c2:74:a8:eb:6c:98:10:a0:9f:20:86:e3:17:78:0c:d0:4f:c2:35:df:9c:0a:e7:a7:47:0d:4d:5b:27:ee:b0:a2:24:04:8e:0f:02:4d:08:bc:74:15:02:01:77:ac:8f:de:63:7e:89:6c:06:f1:e7:df:db:03:99:6e:fd:53:53:89:e2:b7:0a:a1:79:b8:ed:3e:d4:27:7c:2f:f5:44:b8:c2:71:d7:d6:b7:14:ad:0b:23:01:3e:af:5c:a4:a4:b1:52:7e:f6:9c:4d:1f:21:2e:84:8c:cc:e0:f8:29:f3:8e:e0:57:b8:7d:90:d5:96:ea:03:fd:02:4e:7c:3b:64:84:ec:85:89:d2:34:1a:aa:dd:18:6c:24:70:38:26:e5:9b:91:bc:d3:40:cc:e7:96:17:d4:2e:17:7e:af:27:6f:75:64:17:49:8a:3a:c1:4b:2c:d6:a3:44:72:56:f0:79:31:e2:e3:9d:fc:b7:59:27:fa:6c:1d:a0:c7:c1:cd:39:bb:bd:19:33:35:46:40:4f:28:fb:79:89:dc:d4:3d:27:81:af:6c:85:2e:7a:16:bd:8f:bb:51:a8:dd:89:42:97:41:15:90:94:45:e2:b6:0a:c8:d8:65:c1:04:e4:be:b3:c3:fb:78:9c:e0:28:fd:09:69:77:3f:f1:00:80:ff:c6:be:86:67:e2:24:63:9e:bc:fc:c6:09:df:fa:04:d7:c1:b1:08:60:f2:36:5a:36:a8:7b:f5:eb:4c:a8:fc:17:e1:d8:d8:67:78:7b:7a:1f:10:7c:2f:c4:dd:28:fa:09:e2:17:f3:3c:1c:41:0a:89:1a:a2:75:7d:12:04:e0:61:27:71:92:7b:fb:11:d8:7b:26:03:4c:43:fa:10:97:8f:9e:0c:1c:a2:06:41:f7:4c:4c:34:4f:33:d3:14:2e:e6:30:f0:41:84:22:38:fe:31:c9:06:b4:4b:65:77:c3:9b:d2:e7:8d:5b:89:2b:71:52:32:3a:30:fb:33:f2:24:b4:d9:0b:d0:bf:49:29:db:d9:f6:eb:08:41:cb:96:51:90:72:65:44:2c:86:a6:71:ff:20:02:38:52:e8:bf:ed:02:f3:38:8c:9f:90:39:e5:15:ff:d3:ed:ce:7e:1d:97:04:ff:b6:1a:5f:db:3a:c8:b7:85:3a:0b:7e:5a:fc:c5:e0:14:61:39:23:a9:84:6b:82:cb:a7:1c:fa:3a:58:3b:3e:9e:5d:40:15:9e:7f:d9:21:1c:82:96:ed:fb:72:3d:12:5e:bb:2b:47:c4:f2:82:64:3e:3a:2a:08:1d:e2:ae:0b:12:de:ec:79:97:62:6b:22:94:47:27:a1:92:81:d7:5c:97:68:fc:ba:84:99:74:30:f4:58:38:bf:c6:23:f1:e6:a2:c0:56:c1:41:18:fd:32:91:5d:32:d2:a4:aa:e5:9d:f7:61:fc:11:74:b6:cd:40:01:e8:e0:ed:40:b0:a1:b1:5c:a7:9c:ca:36:60:2f:de:8d:ae:7b:db:09:81:b9:4a:96:07:1c:e2:08:9f:76:2d:fd:09:dc:68:07:93:e1:23:36:33:ee:d7:72:c7:10:e1:5b:b5:0e:d9:e7:c1:39:71:01:a1:df:5e:1e:6d:9e:28:05:cf:8f:d3:d5:d4:79:16:e0:e8:ed:48:19:bf:23:a4:a9:d9:e3:51:39:2e:3b:72:4c:12:ef:6f:52:cf:9b:26:eb:52:0f:f7:e7:26:de:16:61:c3:0f:74:03:41:fe:7b:fd:06:98:12:37:f3:81:e8:45:e0:c0:b4:45:7a:f5:71:90:9a:a6:d3:2d:ed:8b:51:69:5f:4a:1a:dd:a5:97:59:0c:96:46:9f:ca:54:ce:88:67:c0:69:64:97:0c:5f:52:e2:ff:a1:64:20:28:2d:76:a4:fb:ce:23:65:d4:e8:c0:53:47:9d:35:ae:27:ed:6f:0d:ba:1f:95:59:9f:78:05:b5:c5:30:17:5d:2d:35:d9:a5:ce:f0:c3:59:24:12:83:a2:13:d5:f2:82:da:74:7d:4b:ec:07:fb:44:5f:62:6e:3b:1a:9a:11:01:3d:2b:6e:22:82:88:4f:ad:ea:d3:4b:49:00:31:57:cd:1d:bd:53:db:95:f0:2d:a3:99:70:17:38:16:8f:c8:5d:38:67:ee:32:73:ab:1c:f1:d2:a6:6b:1c:6b:3a:5c:8c:8b:23:c1:bb:36:f2:2f:fe:19:0f:89:e9:bc:5a:a1:76:43:50:c0:50:75:2d:27:a9:cc:fa:4b:b4:27:5e:bf:4b:ad:0b:54:f4:59:ed:c0:c8:65:b4:eb:96:95:06:81:ea:8d:2d:28:1f:12:28:b7:5b:fd:09:a5:57:7d:ce:d1:e8:98:e5:26:d7:76:15:e3:c6:26:72:37:93:4b:06:3a:56:3b:4e:95:53:be:d4:41:30:db:49:ed:7f:b2:c3:c5:78:35:3f:b9:39:6c:04:23:c0:b5:0e:28:97:41:83:a6:db:ac:c1:46:b4:b5:64:f5:eb:c9:ff:56:c0:2b:9a:e8:48:93:1c:3d:f7:a5:fd:0f:80:23:71:51:99:f3:ad:1c:43:8c:1f:37:c7:b7:c3" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:49.822351000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494449.822351000", + "frame.time_delta": "0.098149000", + "frame.time_delta_displayed": "0.098149000", + "frame.time_relative": "858.361665000", + "frame.number": "3137", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c79", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003906", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "7727", + "tcp.ack": "33508", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c5b4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:41:94:00:26:00:31", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812166548, TSecr 2490417": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812166548", + "tcp.options.timestamp.tsecr": "2490417" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3136", + "tcp.analysis.ack_rtt": "0.098149000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:53.221592000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494453.221592000", + "frame.time_delta": "3.399241000", + "frame.time_delta_displayed": "3.399241000", + "frame.time_relative": "861.760906000", + "frame.number": "3138", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000b19d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000017ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:53.235853000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494453.235853000", + "frame.time_delta": "0.014261000", + "frame.time_delta_displayed": "0.014261000", + "frame.time_relative": "861.775167000", + "frame.number": "3139", + "frame.len": "213", + "frame.cap_len": "213", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "199", + "ip.id": "0x00009581", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000776b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "147", + "tcp.seq": "33508", + "tcp.nxtseq": "33655", + "tcp.ack": "7727", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008716", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:01:90:a7:9e:41:94", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2490768, TSecr 2812166548": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2490768", + "tcp.options.timestamp.tsecr": "2812166548" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "147", + "tcp.analysis.push_bytes_sent": "147" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "142", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:2d:51:28:fc:ec:08:37:25:cc:65:52:f0:11:25:39:3f:7b:da:ca:c2:95:60:b1:b7:08:79:e6:2c:25:58:66:3c:8d:9b:58:a5:b6:08:d4:bc:64:cb:ad:4e:6b:2e:8d:57:a2:da:19:68:14:a2:30:7e:17:46:84:12:a2:0b:fd:b0:8f:00:ba:c8:02:e9:da:98:5c:3f:2f:c3:47:b0:98:5b:f5:3d:a0:33:77:f4:df:7d:d9:7e:b6:fd:a8:02:52:e9:8f:1b:2b:78:19:d3:d1:fd:57:f5:9c:c5:3b:ff:b1:1d:d4:16:a5:51:86:de:c7:74:cc:d2:5e:17:19:52:3e:8f:7e:00:63:3d:6f:a8:05" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:53.274501000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494453.274501000", + "frame.time_delta": "0.038648000", + "frame.time_delta_displayed": "0.038648000", + "frame.time_relative": "861.813815000", + "frame.number": "3140", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000b1a2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000017b5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:53.296635000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494453.296635000", + "frame.time_delta": "0.022134000", + "frame.time_delta_displayed": "0.022134000", + "frame.time_relative": "861.835949000", + "frame.number": "3141", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c7a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003905", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "7727", + "tcp.ack": "33655", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c05e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:44:f8:00:26:01:90", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812167416, TSecr 2490768": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812167416", + "tcp.options.timestamp.tsecr": "2490768" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3139", + "tcp.analysis.ack_rtt": "0.060782000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:53.327352000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494453.327352000", + "frame.time_delta": "0.030717000", + "frame.time_delta_displayed": "0.030717000", + "frame.time_relative": "861.866666000", + "frame.number": "3142", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000b1a6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000017a8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:53.353907000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494453.353907000", + "frame.time_delta": "0.026555000", + "frame.time_delta_displayed": "0.026555000", + "frame.time_relative": "861.893221000", + "frame.number": "3143", + "frame.len": "196", + "frame.cap_len": "196", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "182", + "ip.id": "0x00009582", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000777b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "130", + "tcp.seq": "33655", + "tcp.nxtseq": "33785", + "tcp.ack": "7727", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008a95", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:01:9c:a7:9e:44:f8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2490780, TSecr 2812167416": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2490780", + "tcp.options.timestamp.tsecr": "2812167416" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "130", + "tcp.analysis.push_bytes_sent": "130" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "125", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:2e:da:ca:72:96:82:ad:da:de:e7:00:0d:c9:2b:d7:55:fb:1a:f3:73:54:27:01:cc:61:46:2c:1c:16:88:06:de:b9:b2:6d:f2:6e:92:15:12:e2:2f:50:cb:26:84:15:dc:cc:5e:cd:21:f8:04:75:4d:e5:82:ce:52:bd:87:d0:02:e1:da:fd:17:64:47:13:bf:1f:64:51:5b:25:77:02:c0:46:3c:52:fd:26:71:ce:d2:2e:46:28:df:6b:15:51:7a:3f:1e:7a:cb:32:39:28:ea:0b:52:dd:58:09:a4:f7:26:d4:8c:95:6e:d7:3e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:53.380376000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494453.380376000", + "frame.time_delta": "0.026469000", + "frame.time_delta_displayed": "0.026469000", + "frame.time_relative": "861.919690000", + "frame.number": "3144", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000b1a7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000017a7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:53.414386000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494453.414386000", + "frame.time_delta": "0.034010000", + "frame.time_delta_displayed": "0.034010000", + "frame.time_relative": "861.953700000", + "frame.number": "3145", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c7b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003904", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "7727", + "tcp.ack": "33785", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bfb3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:45:15:00:26:01:9c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812167445, TSecr 2490780": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812167445", + "tcp.options.timestamp.tsecr": "2490780" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3143", + "tcp.analysis.ack_rtt": "0.060479000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:53.433220000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494453.433220000", + "frame.time_delta": "0.018834000", + "frame.time_delta_displayed": "0.018834000", + "frame.time_relative": "861.972534000", + "frame.number": "3146", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000b1a9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000017ab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:53.486106000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494453.486106000", + "frame.time_delta": "0.052886000", + "frame.time_delta_displayed": "0.052886000", + "frame.time_relative": "862.025420000", + "frame.number": "3147", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000b1ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000017a7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:54.959098000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494454.959098000", + "frame.time_delta": "1.472992000", + "frame.time_delta_displayed": "1.472992000", + "frame.time_relative": "863.498412000", + "frame.number": "3148", + "frame.len": "353", + "frame.cap_len": "353", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "339", + "ip.id": "0x00002c7c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037e4", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "287", + "tcp.seq": "7727", + "tcp.nxtseq": "8014", + "tcp.ack": "33785", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000017d6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:46:98:00:26:01:9c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812167832, TSecr 2490780": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812167832", + "tcp.options.timestamp.tsecr": "2490780" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "287", + "tcp.analysis.push_bytes_sent": "287" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "282", + "ssl.app_data": "34:cd:34:17:47:48:0e:64:4f:2f:da:dd:79:14:31:0b:fc:3e:90:32:d6:01:a6:07:09:ae:45:21:fe:1d:0a:8b:a9:a4:88:18:d4:d3:8c:ee:77:8c:6a:ac:7a:1b:90:f1:9c:4a:83:4b:bf:5f:e5:a3:2a:0b:00:21:39:e6:d9:04:0d:bb:21:26:45:9c:fe:4b:7b:79:93:3b:47:77:b9:2a:7c:a8:fc:f1:ef:06:2f:05:d7:a8:7c:23:76:09:77:25:5c:88:0a:ff:72:3c:23:4b:f9:45:ca:d8:0d:a2:f6:73:fd:1b:37:d0:4e:68:8b:36:4c:d3:a4:62:be:e6:c5:03:7e:b1:1e:54:9d:5c:3f:4e:33:68:d6:42:e0:74:4f:20:d5:9f:7e:d4:c3:52:35:38:c8:29:e8:6c:43:d2:07:28:48:67:93:4e:45:67:af:1b:32:71:e6:6c:eb:03:62:16:a1:94:2d:99:c9:11:f0:22:42:d4:f8:e0:f9:cd:b8:79:b0:25:80:67:04:9a:c9:51:ec:3f:05:3d:9c:2f:b9:cb:c3:13:ad:3d:e2:d0:1b:fe:4a:2f:23:5f:e5:19:7e:dc:ab:df:5e:83:eb:0c:33:85:62:46:8f:38:bf:b4:d8:2b:74:2c:70:60:2b:33:02:86:10:c8:39:b7:a9:db:a1:69:e9:d7:6c:a1:35:26:e8:3a:58:ab:20:be:2a:f9:c6:8b:20:37:b3:92:2f:e3:7b:03:30:17" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:54.959610000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494454.959610000", + "frame.time_delta": "0.000512000", + "frame.time_delta_displayed": "0.000512000", + "frame.time_relative": "863.498924000", + "frame.number": "3149", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009583", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077fc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "33785", + "tcp.ack": "8014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bb82", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:02:3c:a7:9e:46:98", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2490940, TSecr 2812167832": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2490940", + "tcp.options.timestamp.tsecr": "2812167832" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3148", + "tcp.analysis.ack_rtt": "0.000512000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:54.980571000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494454.980571000", + "frame.time_delta": "0.020961000", + "frame.time_delta_displayed": "0.020961000", + "frame.time_relative": "863.519885000", + "frame.number": "3150", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x00009584", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077c6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "33785", + "tcp.nxtseq": "33838", + "tcp.ack": "8014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e60b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:02:3e:a7:9e:46:98", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2490942, TSecr 2812167832": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2490942", + "tcp.options.timestamp.tsecr": "2812167832" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:2f:b1:d8:af:ad:ab:d2:5c:e4:ca:55:a8:14:1c:f8:e6:51:ec:b2:e0:13:f4:98:dc:fe:44:b2:db:54:6e:19:e4:65:7f:84:1a:a3:f4:63:98:3d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:55.042851000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494455.042851000", + "frame.time_delta": "0.062280000", + "frame.time_delta_displayed": "0.062280000", + "frame.time_relative": "863.582165000", + "frame.number": "3151", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c7d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003902", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8014", + "tcp.ack": "33838", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bc26", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:46:ac:00:26:02:3e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812167852, TSecr 2490942": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812167852", + "tcp.options.timestamp.tsecr": "2490942" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3150", + "tcp.analysis.ack_rtt": "0.062280000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:55.043393000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494455.043393000", + "frame.time_delta": "0.000542000", + "frame.time_delta_displayed": "0.000542000", + "frame.time_relative": "863.582707000", + "frame.number": "3152", + "frame.len": "764", + "frame.cap_len": "764", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "750", + "ip.id": "0x00009585", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007540", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "698", + "tcp.seq": "33838", + "tcp.nxtseq": "34536", + "tcp.ack": "8014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d765", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:02:45:a7:9e:46:ac", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2490949, TSecr 2812167852": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2490949", + "tcp.options.timestamp.tsecr": "2812167852" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "698", + "tcp.analysis.push_bytes_sent": "698" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:30:98:bf:70:be:e1:ef:64:66:6c:58:72:c8:c2:74:08:41:c1:0f:43:63:d4:5c:89:30:55:77:37:b2:29:b7:ac:96:5e:d2:97:95:1b:66:4e:c1:90" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:31:79:7e:87:ab:af:66:63:ae:8c:e1:f1:08:e1:50:af:f8:6e:e2:c5:42:6f:a2:07:a5:b7:e8:0e:95:79:43:ff:e4:41:75:9a:c4:62:bf:ed:69:41:39:df:2d:2d:2e:05:43:bc:11:fb:25:0a:ea:d2:14:af:63:10:8f:47:72:03:67:a2:2b:09:2c:61:16:40:17:fe:a3:ba:fb:c9:8c:44:d3:25:a1:50:e9:38:cc:f8:87" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "538", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:32:04:c3:33:ae:eb:9f:c1:c7:e5:4c:6c:4a:29:4b:b0:85:3f:07:a1:5e:40:c9:ba:2c:33:b4:b9:ca:96:51:a9:c6:33:9c:8f:3c:1e:f6:6e:8f:47:01:e0:ab:91:1c:df:9d:33:56:60:b6:27:a6:e2:31:64:c6:f4:dd:79:13:9a:4a:1a:0d:5e:11:f8:f1:c8:a3:2c:3d:25:b7:59:e6:67:9b:88:2c:35:d7:11:80:1f:e7:aa:07:99:e8:57:7e:41:02:1e:67:f0:18:ff:89:c8:93:8c:7e:aa:67:ee:9d:b4:74:ae:63:74:88:30:24:c7:6a:2c:c0:97:31:02:a1:92:31:b8:d0:4f:4d:2b:ae:36:37:8e:bf:16:ae:73:fc:3f:a7:4a:2c:34:75:d7:b6:6b:af:7b:71:b3:f4:9c:25:26:67:02:e4:a6:2a:b9:08:08:87:03:65:32:e9:a8:83:40:f3:9b:f5:02:d1:86:24:0b:b9:79:58:60:0a:c6:42:e2:b8:d8:b8:d2:de:38:cd:ad:99:1b:08:b6:ad:48:6a:8a:72:35:1a:af:08:40:6f:64:21:83:b8:ba:90:05:60:67:2f:00:b1:2d:4b:a9:23:9b:f4:ef:1e:1f:78:f6:f3:cc:1a:43:bd:de:a3:31:8d:7c:aa:aa:29:1b:e1:b4:d5:a7:70:57:ed:9b:99:a8:f8:10:6b:37:1a:c9:5a:1e:79:bc:3e:4f:53:80:6c:43:85:4f:a8:e4:df:63:cc:df:de:ec:61:c0:1e:5a:d6:42:bf:5f:d0:06:03:10:c3:3a:45:f0:a2:df:8a:38:a5:5c:d1:57:37:93:1f:d0:ab:5b:a8:4d:ae:8b:4e:f0:e9:c6:a2:98:b1:46:60:75:6c:f5:ff:0b:58:de:2c:ad:06:5e:ce:3f:99:9c:36:6d:97:64:42:99:e1:d9:2c:6b:2b:a0:f3:7f:f1:15:9c:8b:2a:f4:ab:f3:4e:5c:26:10:d1:05:d4:b9:6e:63:5b:8e:bc:bf:b3:0b:ef:b0:bb:08:f4:b9:c0:91:31:7d:ec:9e:19:52:61:d7:fd:aa:4f:d5:47:44:e7:77:0f:ac:13:97:f8:90:24:32:43:1b:65:57:1a:e9:3b:06:c1:4d:41:e3:af:9e:38:bf:bf:84:b6:0c:65:db:87:82:59:f9:1f:d3:f4:0b:52:66:92:4a:24:2e:64:a9:91:88:01:ba:eb:89:b6:36:9d:30:1b:12:e6:24:fd:4e:be:85:ab:a6:b4:2e:aa:b6:26:97:88:9d:ee:9b:4c:92:49:e9:14:e0:40:ae:a5:33:d8:0d:6b:d0:2a:8d:ba:bb:ec:4c:b6:f8:ac:51:e4:12:dd:cb:bb:d6:76:3c:61:f0:11:d4:36:a2:1e:ed:79:b9:9f:c6:73:fd:eb" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:55.103657000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494455.103657000", + "frame.time_delta": "0.060264000", + "frame.time_delta_displayed": "0.060264000", + "frame.time_relative": "863.642971000", + "frame.number": "3153", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c7e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003901", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8014", + "tcp.ack": "34536", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b955", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:46:bc:00:26:02:45", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812167868, TSecr 2490949": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812167868", + "tcp.options.timestamp.tsecr": "2490949" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3152", + "tcp.analysis.ack_rtt": "0.060264000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:55.359774000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494455.359774000", + "frame.time_delta": "0.256117000", + "frame.time_delta_displayed": "0.256117000", + "frame.time_relative": "863.899088000", + "frame.number": "3154", + "frame.len": "134", + "frame.cap_len": "134", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:adwin_config" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "120", + "ip.id": "0x00000ac1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edcb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "100", + "udp.checksum": "0x0000c47c", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "adwin_config": { + "adwin_config.pattern": "0x5c000054", + "adwin_config.version": "1112689490", + "adwin_config.scan_id": "0xd073d502", + "adwin_config.status": "0x41da0000", + "adwin_config.timeout": "1279870552", + "adwin_config.filename": "V2", + "adwin_config.mac": "02:d3:af:c3:9f:42", + "adwin_config.unused": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:55.375118000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494455.375118000", + "frame.time_delta": "0.015344000", + "frame.time_delta_displayed": "0.015344000", + "frame.time_relative": "863.914432000", + "frame.number": "3155", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009586", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077c3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "34536", + "tcp.nxtseq": "34590", + "tcp.ack": "8014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000886b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:02:66:a7:9e:46:bc", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2490982, TSecr 2812167868": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2490982", + "tcp.options.timestamp.tsecr": "2812167868" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:33:48:cf:50:5a:9e:05:f6:af:87:17:1a:3e:67:8d:89:e6:7c:8b:b6:38:30:c4:29:08:ee:f0:b0:d7:b5:1c:59:fe:ea:bb:2d:9d:5f:29:1c:55:ec" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:55.435269000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494455.435269000", + "frame.time_delta": "0.060151000", + "frame.time_delta_displayed": "0.060151000", + "frame.time_relative": "863.974583000", + "frame.number": "3156", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c7f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003900", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8014", + "tcp.ack": "34590", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b8ab", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:47:0f:00:26:02:66", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812167951, TSecr 2490982": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812167951", + "tcp.options.timestamp.tsecr": "2490982" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3155", + "tcp.analysis.ack_rtt": "0.060151000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:57.452979000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494457.452979000", + "frame.time_delta": "2.017710000", + "frame.time_delta_displayed": "2.017710000", + "frame.time_relative": "865.992293000", + "frame.number": "3157", + "frame.len": "354", + "frame.cap_len": "354", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "340", + "ip.id": "0x00002c80", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037df", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "288", + "tcp.seq": "8014", + "tcp.nxtseq": "8302", + "tcp.ack": "34590", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001679", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:49:07:00:26:02:66", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812168455, TSecr 2490982": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812168455", + "tcp.options.timestamp.tsecr": "2490982" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "288", + "tcp.analysis.push_bytes_sent": "288" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "283", + "ssl.app_data": "34:cd:34:17:47:48:0e:65:65:86:af:d4:f7:65:c1:1e:83:73:4c:0b:c7:1c:88:7d:1c:c2:60:7c:70:45:1a:42:df:ef:42:40:7c:08:cf:48:5a:8e:8c:74:0a:af:cc:34:d1:32:7e:92:79:89:a5:4a:b6:e9:6a:44:c1:7e:c3:da:38:32:ba:30:76:67:8d:58:1b:d6:ff:fc:c9:3f:d4:9d:bc:34:4e:69:40:af:d7:49:47:41:c1:21:0a:b2:84:ff:d1:ef:55:a4:9d:68:42:00:62:21:81:b2:f3:3b:cf:af:51:68:74:ed:44:10:35:0a:8b:88:20:89:09:a3:7e:0d:ed:0e:c5:93:1f:f0:0f:5b:f0:3d:b6:25:76:65:51:cb:42:d0:57:9f:a0:27:49:44:51:2d:33:22:f7:b6:63:45:c7:cc:b1:9b:41:c3:8e:2e:2f:51:fb:d5:ef:0f:9e:f0:a2:53:e5:4a:18:d0:35:0e:ca:50:76:01:13:8e:46:0c:99:38:eb:64:77:e3:11:79:08:da:2e:d6:50:a5:05:bc:19:89:4d:cc:69:ba:18:92:b7:79:de:2c:af:1d:30:3b:49:fa:05:09:be:50:8d:63:80:93:1b:66:e2:30:d1:21:30:6a:1c:67:06:48:48:0c:9f:44:c3:d3:85:b0:ed:d6:c4:b4:5b:a1:a2:b5:fe:07:2e:48:ea:03:b5:8b:5b:42:ea:1a:ad:9b:89:7c:fe:13:55:a0:b4" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:57.473747000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494457.473747000", + "frame.time_delta": "0.020768000", + "frame.time_delta_displayed": "0.020768000", + "frame.time_relative": "866.013061000", + "frame.number": "3158", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x00009587", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077c3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "34590", + "tcp.nxtseq": "34643", + "tcp.ack": "8302", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e565", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:03:38:a7:9e:49:07", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2491192, TSecr 2812168455": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2491192", + "tcp.options.timestamp.tsecr": "2812168455" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3157", + "tcp.analysis.ack_rtt": "0.020768000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:34:1e:87:01:91:15:12:8f:74:bd:dd:10:87:ae:91:3a:8c:05:70:31:60:75:e9:10:c3:c7:1c:7b:6d:58:af:23:e0:0f:6c:b2:38:c3:1b:92:1b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:57.537481000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494457.537481000", + "frame.time_delta": "0.063734000", + "frame.time_delta_displayed": "0.063734000", + "frame.time_relative": "866.076795000", + "frame.number": "3159", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c81", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038fe", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8302", + "tcp.ack": "34643", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b478", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:49:1b:00:26:03:38", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812168475, TSecr 2491192": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812168475", + "tcp.options.timestamp.tsecr": "2491192" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3158", + "tcp.analysis.ack_rtt": "0.063734000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:57.537929000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494457.537929000", + "frame.time_delta": "0.000448000", + "frame.time_delta_displayed": "0.000448000", + "frame.time_relative": "866.077243000", + "frame.number": "3160", + "frame.len": "765", + "frame.cap_len": "765", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "751", + "ip.id": "0x00009588", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000753c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "699", + "tcp.seq": "34643", + "tcp.nxtseq": "35342", + "tcp.ack": "8302", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000028ca", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:03:3e:a7:9e:49:1b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2491198, TSecr 2812168475": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2491198", + "tcp.options.timestamp.tsecr": "2812168475" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "699", + "tcp.analysis.push_bytes_sent": "699" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:35:48:31:6e:eb:33:00:b5:f8:0b:01:fc:9c:e0:cb:b7:d6:4b:71:63:26:45:17:30:ea:b3:17:59:7b:80:71:18:5d:52:f0:e0:f4:3d:dd:5f:7a:a5" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:36:29:f0:3b:32:3e:3b:06:c4:96:e3:23:a4:c5:83:38:0f:dd:2e:ad:dc:30:74:cd:71:41:ae:ad:78:e8:91:96:ea:60:7f:7d:33:37:70:79:11:26:05:ac:56:a8:d1:6f:9f:ab:95:d9:a7:8a:76:4c:68:6e:41:20:62:d2:ae:43:05:98:09:46:c6:d3:58:7e:26:2d:be:b4:3b:da:63:29:b8:da:b6:b1:a8:6e:b2:69:7f" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "539", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:37:59:1f:c5:2a:76:bd:de:47:1a:97:17:a1:7a:4b:71:73:10:cf:4c:55:54:d6:a4:23:5f:5f:19:49:a0:39:b2:59:25:f5:fa:6c:a6:01:51:9a:9f:39:e2:14:d1:b3:24:ae:a7:6e:a2:79:d1:16:71:dd:b3:ea:89:2c:3f:e1:50:a2:92:09:8a:39:d8:44:19:3a:39:1b:03:44:9d:1d:d3:65:ab:b0:a8:94:5b:ba:df:37:83:17:ab:21:5b:84:cc:a5:51:6d:7b:8c:31:37:cf:4b:79:8c:2b:89:f9:99:c2:58:93:90:d9:e8:82:3a:e4:3f:62:02:4a:aa:cc:35:e5:f4:fc:a3:5d:c1:10:cd:62:dd:b7:45:8b:9c:29:a0:7e:bc:a5:7d:eb:2b:39:39:fe:55:25:3e:1f:ac:13:b6:dd:7b:44:3d:23:29:77:1f:40:48:cc:9e:57:af:a5:3e:f5:78:2c:cd:a9:bf:ea:84:41:7f:2d:18:00:6c:dd:d8:f6:18:8f:88:6a:1c:56:93:2e:d3:53:58:c3:ba:ad:ed:37:89:63:22:5a:87:da:40:97:a1:1e:ca:4b:cc:33:23:97:cf:ee:3a:06:46:0e:1f:95:09:bf:8c:95:53:da:bb:6a:c5:00:1d:39:af:93:f9:e7:97:3e:08:7b:4a:b4:b5:b4:67:85:ff:3f:74:e7:db:f2:89:2f:89:43:c9:35:55:9b:51:e0:9d:a3:e5:c2:74:23:00:42:7e:77:6c:38:3e:64:57:6f:bb:2e:99:61:6b:c9:da:5c:e9:cd:6b:95:30:e3:e4:b2:50:3b:80:38:d8:13:fe:dc:bd:b4:98:c6:7e:b3:c8:d2:a0:a0:c4:e9:32:62:b0:cf:e7:28:4a:4e:04:4a:24:73:a4:cc:e5:e3:b7:6a:2c:d9:07:7b:b6:cb:ab:d5:bf:d7:42:d5:60:9a:f4:4a:cd:bc:85:ad:e1:b6:ba:41:42:f8:0f:1b:d1:98:9f:f0:79:17:b1:c7:98:ba:a3:b7:ba:c0:f2:76:b5:d9:28:67:64:5e:71:2f:ce:5f:d6:4f:e6:12:e8:97:d2:b2:7b:e0:d5:aa:28:62:78:c0:5a:b3:17:01:80:ff:7b:4d:69:4c:59:2f:35:b2:e7:0c:55:8e:76:3c:bd:2f:35:48:3b:d3:60:5f:fa:ef:ae:59:9f:d4:c8:e4:c6:2c:d0:4d:a1:71:78:48:f6:f6:9c:be:5e:44:80:4a:4c:5c:6e:ba:07:2c:4b:e8:3d:3d:2f:e1:42:ad:a5:d3:be:63:3d:1d:28:68:f7:71:57:13:ce:4d:41:86:1c:4b:13:e9:cf:a4:4e:39:e6:b0:48:36:13:72:8f:02:38:9a:f5:a7:92:54:1b:e7:9b:6e:e1:10:b1:f8:b6:39:df:88:c4:9d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:57.601107000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494457.601107000", + "frame.time_delta": "0.063178000", + "frame.time_delta_displayed": "0.063178000", + "frame.time_relative": "866.140421000", + "frame.number": "3161", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c82", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038fd", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8302", + "tcp.ack": "35342", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b1a7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:49:2b:00:26:03:3e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812168491, TSecr 2491198": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812168491", + "tcp.options.timestamp.tsecr": "2491198" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3160", + "tcp.analysis.ack_rtt": "0.063178000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:57.883471000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494457.883471000", + "frame.time_delta": "0.282364000", + "frame.time_delta_displayed": "0.282364000", + "frame.time_relative": "866.422785000", + "frame.number": "3162", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009589", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "35342", + "tcp.nxtseq": "35396", + "tcp.ack": "8302", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004487", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:03:61:a7:9e:49:2b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2491233, TSecr 2812168491": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2491233", + "tcp.options.timestamp.tsecr": "2812168491" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:38:fe:21:40:95:84:af:eb:25:87:61:58:d0:aa:76:65:d4:79:91:cc:6a:1e:b5:87:8c:5c:e9:e2:91:b3:22:0d:a7:98:1a:cb:69:b3:e4:8c:36:81" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:57.944297000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494457.944297000", + "frame.time_delta": "0.060826000", + "frame.time_delta_displayed": "0.060826000", + "frame.time_relative": "866.483611000", + "frame.number": "3163", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c83", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038fc", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8302", + "tcp.ack": "35396", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b0f7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:49:82:00:26:03:61", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812168578, TSecr 2491233": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812168578", + "tcp.options.timestamp.tsecr": "2491233" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3162", + "tcp.analysis.ack_rtt": "0.060826000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.444832000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.444832000", + "frame.time_delta": "0.500535000", + "frame.time_delta_displayed": "0.500535000", + "frame.time_relative": "866.984146000", + "frame.number": "3164", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00000748", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b119", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "59589", + "udp.dstport": "53", + "udp.port": "59589", + "udp.port": "53", + "udp.length": "52", + "udp.checksum": "0x0000d0b4", + "udp.checksum.status": "2", + "udp.stream": "85" + }, + "dns": { + "dns.id": "0x00005d21", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type A, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.444848000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.444848000", + "frame.time_delta": "0.000016000", + "frame.time_delta_displayed": "0.000016000", + "frame.time_relative": "866.984162000", + "frame.number": "3165", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00000749", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b118", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "59589", + "udp.dstport": "53", + "udp.port": "59589", + "udp.port": "53", + "udp.length": "52", + "udp.checksum": "0x00009953", + "udp.checksum.status": "2", + "udp.stream": "85" + }, + "dns": { + "dns.id": "0x00009467", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type AAAA, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.445915000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.445915000", + "frame.time_delta": "0.001067000", + "frame.time_delta_displayed": "0.001067000", + "frame.time_relative": "866.985229000", + "frame.number": "3166", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00002fe0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008881", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "59589", + "udp.port": "53", + "udp.port": "59589", + "udp.length": "52", + "udp.checksum": "0x00008289", + "udp.checksum.status": "2", + "udp.stream": "85" + }, + "dns": { + "dns.response_to": "3165", + "dns.time": "0.001067000", + "dns.id": "0x00009467", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type AAAA, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.446855000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.446855000", + "frame.time_delta": "0.000940000", + "frame.time_delta_displayed": "0.000940000", + "frame.time_relative": "866.986169000", + "frame.number": "3167", + "frame.len": "447", + "frame.cap_len": "447", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "433", + "ip.id": "0x00002fe1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008717", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "59589", + "udp.port": "53", + "udp.port": "59589", + "udp.length": "413", + "udp.checksum": "0x000083f2", + "udp.checksum.status": "2", + "udp.stream": "85" + }, + "dns": { + "dns.response_to": "3164", + "dns.time": "0.002023000", + "dns.id": "0x00005d21", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "3", + "dns.count.auth_rr": "4", + "dns.count.add_rr": "8", + "Queries": { + "fw-update2.smartthings.com: type A, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "fw-update2.smartthings.com: type A, class IN, addr 52.70.238.171": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58", + "dns.resp.len": "4", + "dns.a": "52.70.238.171" + }, + "fw-update2.smartthings.com: type A, class IN, addr 52.4.156.100": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58", + "dns.resp.len": "4", + "dns.a": "52.4.156.100" + }, + "fw-update2.smartthings.com: type A, class IN, addr 34.231.50.247": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58", + "dns.resp.len": "4", + "dns.a": "34.231.50.247" + } + }, + "Authoritative nameservers": { + "smartthings.com: type NS, class IN, ns ns-1275.awsdns-31.org": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "64271", + "dns.resp.len": "23", + "dns.ns": "ns-1275.awsdns-31.org" + }, + "smartthings.com: type NS, class IN, ns ns-779.awsdns-33.net": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "64271", + "dns.resp.len": "22", + "dns.ns": "ns-779.awsdns-33.net" + }, + "smartthings.com: type NS, class IN, ns ns-1610.awsdns-09.co.uk": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "64271", + "dns.resp.len": "25", + "dns.ns": "ns-1610.awsdns-09.co.uk" + }, + "smartthings.com: type NS, class IN, ns ns-442.awsdns-55.com": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "64271", + "dns.resp.len": "19", + "dns.ns": "ns-442.awsdns-55.com" + } + }, + "Additional records": { + "ns-442.awsdns-55.com: type A, class IN, addr 205.251.193.186": { + "dns.resp.name": "ns-442.awsdns-55.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "151095", + "dns.resp.len": "4", + "dns.a": "205.251.193.186" + }, + "ns-779.awsdns-33.net: type A, class IN, addr 205.251.195.11": { + "dns.resp.name": "ns-779.awsdns-33.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60132", + "dns.resp.len": "4", + "dns.a": "205.251.195.11" + }, + "ns-1275.awsdns-31.org: type A, class IN, addr 205.251.196.251": { + "dns.resp.name": "ns-1275.awsdns-31.org", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58371", + "dns.resp.len": "4", + "dns.a": "205.251.196.251" + }, + "ns-1610.awsdns-09.co.uk: type A, class IN, addr 205.251.198.74": { + "dns.resp.name": "ns-1610.awsdns-09.co.uk", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58473", + "dns.resp.len": "4", + "dns.a": "205.251.198.74" + }, + "ns-442.awsdns-55.com: type AAAA, class IN, addr 2600:9000:5301:ba00::1": { + "dns.resp.name": "ns-442.awsdns-55.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "102028", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5301:ba00::1" + }, + "ns-779.awsdns-33.net: type AAAA, class IN, addr 2600:9000:5303:b00::1": { + "dns.resp.name": "ns-779.awsdns-33.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60132", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5303:b00::1" + }, + "ns-1275.awsdns-31.org: type AAAA, class IN, addr 2600:9000:5304:fb00::1": { + "dns.resp.name": "ns-1275.awsdns-31.org", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58371", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5304:fb00::1" + }, + "ns-1610.awsdns-09.co.uk: type AAAA, class IN, addr 2600:9000:5306:4a00::1": { + "dns.resp.name": "ns-1610.awsdns-09.co.uk", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58473", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5306:4a00::1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.447924000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.447924000", + "frame.time_delta": "0.001069000", + "frame.time_delta_displayed": "0.001069000", + "frame.time_relative": "866.987238000", + "frame.number": "3168", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000a403", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b22c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34258", + "tcp.dstport": "443", + "tcp.port": "34258", + "tcp.port": "443", + "tcp.stream": "133", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x0000a3ee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:26:03:99:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 2491289, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2491289", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.518192000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.518192000", + "frame.time_delta": "0.070268000", + "frame.time_delta_displayed": "0.070268000", + "frame.time_relative": "867.057506000", + "frame.number": "3169", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000af2f", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34258", + "tcp.port": "443", + "tcp.port": "34258", + "tcp.stream": "133", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "26847", + "tcp.window_size": "26847", + "tcp.checksum": "0x0000e0ce", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:4b:45:97:e6:00:26:03:99:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 1262852070, TSecr 2491289": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262852070", + "tcp.options.timestamp.tsecr": "2491289" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3168", + "tcp.analysis.ack_rtt": "0.070268000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.518707000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.518707000", + "frame.time_delta": "0.000515000", + "frame.time_delta_displayed": "0.000515000", + "frame.time_relative": "867.058021000", + "frame.number": "3170", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000a404", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b233", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34258", + "tcp.dstport": "443", + "tcp.port": "34258", + "tcp.port": "443", + "tcp.stream": "133", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000778f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:03:a0:4b:45:97:e6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2491296, TSecr 1262852070": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2491296", + "tcp.options.timestamp.tsecr": "1262852070" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3169", + "tcp.analysis.ack_rtt": "0.000515000", + "tcp.analysis.initial_rtt": "0.070783000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.520822000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.520822000", + "frame.time_delta": "0.002115000", + "frame.time_delta_displayed": "0.002115000", + "frame.time_relative": "867.060136000", + "frame.number": "3171", + "frame.len": "373", + "frame.cap_len": "373", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "359", + "ip.id": "0x0000a405", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b0ff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34258", + "tcp.dstport": "443", + "tcp.port": "34258", + "tcp.port": "443", + "tcp.stream": "133", + "tcp.len": "307", + "tcp.seq": "1", + "tcp.nxtseq": "308", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000ff0d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:03:a0:4b:45:97:e6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2491296, TSecr 1262852070": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2491296", + "tcp.options.timestamp.tsecr": "1262852070" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.070783000", + "tcp.analysis.bytes_in_flight": "307", + "tcp.analysis.push_bytes_sent": "307" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000301", + "ssl.record.length": "302", + "ssl.handshake": { + "ssl.handshake.type": "1", + "ssl.handshake.length": "298", + "ssl.handshake.version": "0x00000303", + "Random": { + "ssl.handshake.random_time": "Jan 3, 2007 00:29:32.000000000 PST", + "ssl.handshake.random": "e3:7d:69:b5:5b:a7:d1:b5:87:ad:5d:03:5f:9e:29:0f:89:cf:00:be:b1:d7:86:66:c4:63:93:89" + }, + "ssl.handshake.session_id_length": "0", + "ssl.handshake.cipher_suites_length": "148", + "ssl.handshake.ciphersuites": { + "ssl.handshake.ciphersuite": "49200", + "ssl.handshake.ciphersuite": "49196", + "ssl.handshake.ciphersuite": "49192", + "ssl.handshake.ciphersuite": "49188", + "ssl.handshake.ciphersuite": "49172", + "ssl.handshake.ciphersuite": "49162", + "ssl.handshake.ciphersuite": "163", + "ssl.handshake.ciphersuite": "159", + "ssl.handshake.ciphersuite": "107", + "ssl.handshake.ciphersuite": "106", + "ssl.handshake.ciphersuite": "57", + "ssl.handshake.ciphersuite": "56", + "ssl.handshake.ciphersuite": "136", + "ssl.handshake.ciphersuite": "135", + "ssl.handshake.ciphersuite": "49202", + "ssl.handshake.ciphersuite": "49198", + "ssl.handshake.ciphersuite": "49194", + "ssl.handshake.ciphersuite": "49190", + "ssl.handshake.ciphersuite": "49167", + "ssl.handshake.ciphersuite": "49157", + "ssl.handshake.ciphersuite": "157", + "ssl.handshake.ciphersuite": "61", + "ssl.handshake.ciphersuite": "53", + "ssl.handshake.ciphersuite": "132", + "ssl.handshake.ciphersuite": "49199", + "ssl.handshake.ciphersuite": "49195", + "ssl.handshake.ciphersuite": "49191", + "ssl.handshake.ciphersuite": "49187", + "ssl.handshake.ciphersuite": "49171", + "ssl.handshake.ciphersuite": "49161", + "ssl.handshake.ciphersuite": "162", + "ssl.handshake.ciphersuite": "158", + "ssl.handshake.ciphersuite": "103", + "ssl.handshake.ciphersuite": "64", + "ssl.handshake.ciphersuite": "51", + "ssl.handshake.ciphersuite": "50", + "ssl.handshake.ciphersuite": "154", + "ssl.handshake.ciphersuite": "153", + "ssl.handshake.ciphersuite": "69", + "ssl.handshake.ciphersuite": "68", + "ssl.handshake.ciphersuite": "49201", + "ssl.handshake.ciphersuite": "49197", + "ssl.handshake.ciphersuite": "49193", + "ssl.handshake.ciphersuite": "49189", + "ssl.handshake.ciphersuite": "49166", + "ssl.handshake.ciphersuite": "49156", + "ssl.handshake.ciphersuite": "156", + "ssl.handshake.ciphersuite": "60", + "ssl.handshake.ciphersuite": "47", + "ssl.handshake.ciphersuite": "150", + "ssl.handshake.ciphersuite": "65", + "ssl.handshake.ciphersuite": "7", + "ssl.handshake.ciphersuite": "49169", + "ssl.handshake.ciphersuite": "49159", + "ssl.handshake.ciphersuite": "49164", + "ssl.handshake.ciphersuite": "49154", + "ssl.handshake.ciphersuite": "5", + "ssl.handshake.ciphersuite": "4", + "ssl.handshake.ciphersuite": "49170", + "ssl.handshake.ciphersuite": "49160", + "ssl.handshake.ciphersuite": "22", + "ssl.handshake.ciphersuite": "19", + "ssl.handshake.ciphersuite": "49165", + "ssl.handshake.ciphersuite": "49155", + "ssl.handshake.ciphersuite": "10", + "ssl.handshake.ciphersuite": "21", + "ssl.handshake.ciphersuite": "18", + "ssl.handshake.ciphersuite": "9", + "ssl.handshake.ciphersuite": "20", + "ssl.handshake.ciphersuite": "17", + "ssl.handshake.ciphersuite": "8", + "ssl.handshake.ciphersuite": "6", + "ssl.handshake.ciphersuite": "3", + "ssl.handshake.ciphersuite": "255" + }, + "ssl.handshake.comp_methods_length": "1", + "ssl.handshake.comp_methods": { + "ssl.handshake.comp_method": "0" + }, + "ssl.handshake.extensions_length": "109", + "Extension: ec_point_formats": { + "ssl.handshake.extension.type": "0x0000000b", + "ssl.handshake.extension.len": "4", + "ssl.handshake.extensions_ec_point_formats_length": "3", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_ec_point_format": "0", + "ssl.handshake.extensions_ec_point_format": "1", + "ssl.handshake.extensions_ec_point_format": "2" + } + }, + "Extension: elliptic_curves": { + "ssl.handshake.extension.type": "0x0000000a", + "ssl.handshake.extension.len": "52", + "ssl.handshake.extensions_elliptic_curves_length": "50", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_elliptic_curve": "0x0000000e", + "ssl.handshake.extensions_elliptic_curve": "0x0000000d", + "ssl.handshake.extensions_elliptic_curve": "0x00000019", + "ssl.handshake.extensions_elliptic_curve": "0x0000000b", + "ssl.handshake.extensions_elliptic_curve": "0x0000000c", + "ssl.handshake.extensions_elliptic_curve": "0x00000018", + "ssl.handshake.extensions_elliptic_curve": "0x00000009", + "ssl.handshake.extensions_elliptic_curve": "0x0000000a", + "ssl.handshake.extensions_elliptic_curve": "0x00000016", + "ssl.handshake.extensions_elliptic_curve": "0x00000017", + "ssl.handshake.extensions_elliptic_curve": "0x00000008", + "ssl.handshake.extensions_elliptic_curve": "0x00000006", + "ssl.handshake.extensions_elliptic_curve": "0x00000007", + "ssl.handshake.extensions_elliptic_curve": "0x00000014", + "ssl.handshake.extensions_elliptic_curve": "0x00000015", + "ssl.handshake.extensions_elliptic_curve": "0x00000004", + "ssl.handshake.extensions_elliptic_curve": "0x00000005", + "ssl.handshake.extensions_elliptic_curve": "0x00000012", + "ssl.handshake.extensions_elliptic_curve": "0x00000013", + "ssl.handshake.extensions_elliptic_curve": "0x00000001", + "ssl.handshake.extensions_elliptic_curve": "0x00000002", + "ssl.handshake.extensions_elliptic_curve": "0x00000003", + "ssl.handshake.extensions_elliptic_curve": "0x0000000f", + "ssl.handshake.extensions_elliptic_curve": "0x00000010", + "ssl.handshake.extensions_elliptic_curve": "0x00000011" + } + }, + "Extension: SessionTicket TLS": { + "ssl.handshake.extension.type": "0x00000023", + "ssl.handshake.extension.len": "0", + "ssl.handshake.extension.data": "" + }, + "Extension: signature_algorithms": { + "ssl.handshake.extension.type": "0x0000000d", + "ssl.handshake.extension.len": "32", + "ssl.handshake.sig_hash_alg_len": "30", + "ssl.handshake.sig_hash_algs": { + "ssl.handshake.sig_hash_alg": "0x00000601", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000602", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000603", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000501", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000502", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000503", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000401", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000402", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000403", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000301", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000302", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000303", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000201", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000202", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000203", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "3" + } + } + }, + "Extension: Heartbeat": { + "ssl.handshake.extension.type": "0x0000000f", + "ssl.handshake.extension.len": "1", + "ssl.handshake.extension.heartbeat.mode": "1" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.580207000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.580207000", + "frame.time_delta": "0.059385000", + "frame.time_delta_displayed": "0.059385000", + "frame.time_relative": "867.119521000", + "frame.number": "3172", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x000083a0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000055b9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.591131000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.591131000", + "frame.time_delta": "0.010924000", + "frame.time_delta_displayed": "0.010924000", + "frame.time_relative": "867.130445000", + "frame.number": "3173", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000fcdd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000b259", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34258", + "tcp.port": "443", + "tcp.port": "34258", + "tcp.stream": "133", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000076c1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:45:97:f8:00:26:03:a0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262852088, TSecr 2491296": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262852088", + "tcp.options.timestamp.tsecr": "2491296" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3171", + "tcp.analysis.ack_rtt": "0.070309000", + "tcp.analysis.initial_rtt": "0.070783000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.592384000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.592384000", + "frame.time_delta": "0.001253000", + "frame.time_delta_displayed": "0.001253000", + "frame.time_relative": "867.131698000", + "frame.number": "3174", + "frame.len": "1514", + "frame.cap_len": "1514", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1500", + "ip.id": "0x0000fcde", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000acb0", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34258", + "tcp.port": "443", + "tcp.port": "34258", + "tcp.stream": "133", + "tcp.len": "1448", + "tcp.seq": "1", + "tcp.nxtseq": "1449", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ea5a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:45:97:f8:00:26:03:a0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262852088, TSecr 2491296": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262852088", + "tcp.options.timestamp.tsecr": "2491296" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.070783000", + "tcp.analysis.bytes_in_flight": "1448", + "tcp.analysis.push_bytes_sent": "1448" + }, + "tcp.segment_data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e" + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "89", + "ssl.handshake": { + "ssl.handshake.type": "2", + "ssl.handshake.length": "85", + "ssl.handshake.version": "0x00000303", + "Random": { + "ssl.handshake.random_time": "Jan 16, 2023 09:13:17.000000000 PST", + "ssl.handshake.random": "b0:4a:b1:b3:a2:83:46:44:26:16:d0:b0:f2:2c:48:8a:9a:11:c4:85:de:5e:19:a2:30:e2:6b:d3" + }, + "ssl.handshake.session_id_length": "32", + "ssl.handshake.session_id": "c6:e5:f8:17:69:1f:b1:d3:45:bd:16:ef:97:b5:4b:71:a6:c4:83:0b:23:2c:bc:72:8b:66:53:9d:22:55:39:86", + "ssl.handshake.ciphersuite": "49199", + "ssl.handshake.comp_method": "0", + "ssl.handshake.extensions_length": "13", + "Extension: renegotiation_info": { + "ssl.handshake.extension.type": "0x0000ff01", + "ssl.handshake.extension.len": "1", + "Renegotiation Info extension": { + "ssl.handshake.extensions_reneg_info_len": "0" + } + }, + "Extension: ec_point_formats": { + "ssl.handshake.extension.type": "0x0000000b", + "ssl.handshake.extension.len": "4", + "ssl.handshake.extensions_ec_point_formats_length": "3", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_ec_point_format": "0", + "ssl.handshake.extensions_ec_point_format": "1", + "ssl.handshake.extensions_ec_point_format": "2" + } + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.592404000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.592404000", + "frame.time_delta": "0.000020000", + "frame.time_delta_displayed": "0.000020000", + "frame.time_relative": "867.131718000", + "frame.number": "3175", + "frame.len": "289", + "frame.cap_len": "289", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:x509ce:ns_cert_exts:x509ce:x509ce:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "275", + "ip.id": "0x0000fcdf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000b178", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34258", + "tcp.port": "443", + "tcp.port": "34258", + "tcp.stream": "133", + "tcp.len": "223", + "tcp.seq": "1449", + "tcp.nxtseq": "1672", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e591", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:45:97:f8:00:26:03:a0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262852088, TSecr 2491296": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262852088", + "tcp.options.timestamp.tsecr": "2491296" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.070783000", + "tcp.analysis.bytes_in_flight": "1671", + "tcp.analysis.push_bytes_sent": "1671" + }, + "tcp.segment_data": "3a:cd:63:9f" + }, + "tcp.segments": { + "tcp.segment": "3174", + "tcp.segment": "3175", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1358", + "tcp.reassembled.data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1353", + "ssl.handshake": { + "ssl.handshake.type": "11", + "ssl.handshake.length": "1349", + "ssl.handshake.certificates_length": "1346", + "ssl.handshake.certificates": { + "ssl.handshake.certificate_length": "777", + "ssl.handshake.certificate": "30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79", + "ssl.handshake.certificate_tree": { + "x509af.signedCertificate_element": { + "x509af.version": "2", + "x509af.serialNumber": "0", + "x509af.signature_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "x509af.issuer": "0", + "x509af.issuer_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.validity_element": { + "x509af.notBefore": "0", + "x509af.notBefore_tree": { + "x509af.utcTime": "15-03-05 21:25:44 (UTC)" + }, + "x509af.notAfter": "0", + "x509af.notAfter_tree": { + "x509af.utcTime": "25-03-02 21:25:44 (UTC)" + } + }, + "x509af.subject": "0", + "x509af.subject_tree": { + "x509af.rdnSequence": "5", + "x509af.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STFWSRV" + } + } + } + } + }, + "x509af.subjectPublicKeyInfo_element": { + "x509af.algorithm_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.1" + }, + "x509af.subjectPublicKey": "30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01", + "x509af.subjectPublicKey_tree": { + "pkcs1.modulus": "00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b", + "pkcs1.publicExponent": "65537" + } + }, + "x509af.extensions": "4", + "x509af.extensions_tree": { + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.19", + "x509ce.BasicConstraintsSyntax_element": "" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.16.840.1.113730.1.13", + "ns_cert_exts.Comment": "OpenSSL Generated Certificate" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.14", + "x509ce.SubjectKeyIdentifier": "01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.35", + "x509ce.AuthorityKeyIdentifier_element": { + "x509ce.authorityCertIssuer": "1", + "x509ce.authorityCertIssuer_tree": { + "x509ce.GeneralName": "4", + "x509ce.GeneralName_tree": { + "x509ce.directoryName": "0", + "x509ce.directoryName_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + } + } + }, + "x509ce.authorityCertSerialNumber": "-2877719464742176835" + } + } + } + }, + "x509af.algorithmIdentifier_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "ber.bitstring.padding": "0", + "x509af.encrypted": "0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79" + }, + "ssl.handshake.certificate_length": "563", + "ssl.handshake.certificate": "30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f", + "ssl.handshake.certificate_tree": { + "x509af.signedCertificate_element": { + "x509af.serialNumber": "-2877719464742176835", + "x509af.signature_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "x509af.issuer": "0", + "x509af.issuer_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.validity_element": { + "x509af.notBefore": "0", + "x509af.notBefore_tree": { + "x509af.utcTime": "15-03-05 21:25:34 (UTC)" + }, + "x509af.notAfter": "0", + "x509af.notAfter_tree": { + "x509af.utcTime": "25-03-02 21:25:34 (UTC)" + } + }, + "x509af.subject": "0", + "x509af.subject_tree": { + "x509af.rdnSequence": "5", + "x509af.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.subjectPublicKeyInfo_element": { + "x509af.algorithm_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.1" + }, + "x509af.subjectPublicKey": "30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01", + "x509af.subjectPublicKey_tree": { + "pkcs1.modulus": "00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f", + "pkcs1.publicExponent": "65537" + } + } + }, + "x509af.algorithmIdentifier_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "ber.bitstring.padding": "0", + "x509af.encrypted": "48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" + } + } + } + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "205", + "ssl.handshake": { + "ssl.handshake.type": "12", + "ssl.handshake.length": "201", + "EC Diffie-Hellman Server Params": { + "ssl.handshake.server_curve_type": "0x00000003", + "ssl.handshake.server_named_curve": "0x00000017", + "ssl.handshake.server_point_len": "65", + "ssl.handshake.server_point": "04:ee:fc:45:8b:e0:cf:2e:aa:95:73:0a:92:d6:4c:63:97:ef:78:fc:b4:48:77:29:c8:0a:1c:e1:2e:05:7d:9a:a6:5b:b9:e7:a0:29:7b:fc:74:d8:d0:e3:52:2e:e2:0b:44:e9:ad:c6:32:1d:b1:b9:ba:58:7e:91:01:50:18:30:c6", + "ssl.handshake.sig_hash_alg": "0x00000601", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_len": "128", + "ssl.handshake.sig": "ab:98:8c:c7:4d:fd:55:0d:92:08:00:3b:f9:83:46:1d:b3:ed:94:b6:91:86:05:b4:da:ba:5f:74:99:28:dc:ea:72:c2:f9:92:3b:24:ff:39:aa:bf:46:91:fb:b4:f0:4b:8f:02:ec:4b:10:c3:24:5d:9f:92:ec:8f:82:5a:6b:7d:db:43:f1:bf:a6:46:a2:50:ed:22:9c:29:c6:e3:1e:6d:d4:65:03:7e:32:53:77:2e:88:cc:9d:1e:cd:6c:5f:df:32:1b:2c:fa:e7:17:26:34:e5:17:82:97:d2:22:6e:8f:2c:04:68:59:30:cd:9f:d6:90:6b:cd:c0:24:15:ac:35" + } + } + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "4", + "ssl.handshake": { + "ssl.handshake.type": "14", + "ssl.handshake.length": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.592984000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.592984000", + "frame.time_delta": "0.000580000", + "frame.time_delta_displayed": "0.000580000", + "frame.time_relative": "867.132298000", + "frame.number": "3176", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000a406", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b231", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34258", + "tcp.dstport": "443", + "tcp.port": "34258", + "tcp.port": "443", + "tcp.stream": "133", + "tcp.len": "0", + "tcp.seq": "308", + "tcp.ack": "1672", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00006f87", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:03:a8:4b:45:97:f8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2491304, TSecr 1262852088": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2491304", + "tcp.options.timestamp.tsecr": "1262852088" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3175", + "tcp.analysis.ack_rtt": "0.000580000", + "tcp.analysis.initial_rtt": "0.070783000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.611349000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.611349000", + "frame.time_delta": "0.018365000", + "frame.time_delta_displayed": "0.018365000", + "frame.time_relative": "867.150663000", + "frame.number": "3177", + "frame.len": "192", + "frame.cap_len": "192", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "178", + "ip.id": "0x0000a407", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b1b2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34258", + "tcp.dstport": "443", + "tcp.port": "34258", + "tcp.port": "443", + "tcp.stream": "133", + "tcp.len": "126", + "tcp.seq": "308", + "tcp.nxtseq": "434", + "tcp.ack": "1672", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000998e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:03:a9:4b:45:97:f8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2491305, TSecr 1262852088": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2491305", + "tcp.options.timestamp.tsecr": "1262852088" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.070783000", + "tcp.analysis.bytes_in_flight": "126", + "tcp.analysis.push_bytes_sent": "126" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "70", + "ssl.handshake": { + "ssl.handshake.type": "16", + "ssl.handshake.length": "66", + "EC Diffie-Hellman Client Params": { + "ssl.handshake.client_point_len": "65", + "ssl.handshake.client_point": "04:e4:05:01:0a:92:4f:f8:cd:ae:e4:c1:71:00:83:da:93:89:79:a2:1b:87:ef:e7:70:a9:86:cf:1d:41:b2:d4:af:68:e0:f3:13:6b:54:ed:e5:d0:1d:df:da:22:06:37:f5:2d:50:f6:32:de:1f:24:2d:72:57:8d:9e:0f:d9:a3:aa" + } + } + }, + "ssl.record": { + "ssl.record.content_type": "20", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1", + "ssl.change_cipher_spec": "" + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "40", + "ssl.handshake": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.681727000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.681727000", + "frame.time_delta": "0.070378000", + "frame.time_delta_displayed": "0.070378000", + "frame.time_relative": "867.221041000", + "frame.number": "3178", + "frame.len": "117", + "frame.cap_len": "117", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "103", + "ip.id": "0x0000fce0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000b223", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34258", + "tcp.port": "443", + "tcp.port": "34258", + "tcp.stream": "133", + "tcp.len": "51", + "tcp.seq": "1672", + "tcp.nxtseq": "1723", + "tcp.ack": "434", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003411", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:45:98:0f:00:26:03:a9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262852111, TSecr 2491305": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262852111", + "tcp.options.timestamp.tsecr": "2491305" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3177", + "tcp.analysis.ack_rtt": "0.070378000", + "tcp.analysis.initial_rtt": "0.070783000", + "tcp.analysis.bytes_in_flight": "51", + "tcp.analysis.push_bytes_sent": "51" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "20", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1", + "ssl.change_cipher_spec": "" + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "40", + "ssl.handshake": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.682878000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.682878000", + "frame.time_delta": "0.001151000", + "frame.time_delta_displayed": "0.001151000", + "frame.time_relative": "867.222192000", + "frame.number": "3179", + "frame.len": "135", + "frame.cap_len": "135", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "121", + "ip.id": "0x0000a408", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b1ea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34258", + "tcp.dstport": "443", + "tcp.port": "34258", + "tcp.port": "443", + "tcp.stream": "133", + "tcp.len": "69", + "tcp.seq": "434", + "tcp.nxtseq": "503", + "tcp.ack": "1723", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00000c52", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:03:b0:4b:45:98:0f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2491312, TSecr 1262852111": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2491312", + "tcp.options.timestamp.tsecr": "1262852111" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3178", + "tcp.analysis.ack_rtt": "0.001151000", + "tcp.analysis.initial_rtt": "0.070783000", + "tcp.analysis.bytes_in_flight": "69", + "tcp.analysis.push_bytes_sent": "69" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "64", + "ssl.app_data": "67:0f:57:86:63:76:3e:ee:89:8b:30:76:a8:24:93:d8:2b:74:7c:a9:05:24:4f:57:c3:4b:44:44:58:6c:68:54:25:f7:72:3f:35:4f:22:71:da:2b:c1:1d:fe:e3:7a:51:f9:6b:4c:38:88:b1:0f:d0:b3:16:27:72:c2:46:79:b9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.754031000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.754031000", + "frame.time_delta": "0.071153000", + "frame.time_delta_displayed": "0.071153000", + "frame.time_relative": "867.293345000", + "frame.number": "3180", + "frame.len": "135", + "frame.cap_len": "135", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "121", + "ip.id": "0x0000fce1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000b210", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34258", + "tcp.port": "443", + "tcp.port": "34258", + "tcp.stream": "133", + "tcp.len": "69", + "tcp.seq": "1723", + "tcp.nxtseq": "1792", + "tcp.ack": "503", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007d5f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:45:98:21:00:26:03:b0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262852129, TSecr 2491312": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262852129", + "tcp.options.timestamp.tsecr": "2491312" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3179", + "tcp.analysis.ack_rtt": "0.071153000", + "tcp.analysis.initial_rtt": "0.070783000", + "tcp.analysis.bytes_in_flight": "69", + "tcp.analysis.push_bytes_sent": "69" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "64", + "ssl.app_data": "5d:d4:a8:41:f6:2d:2e:bb:7e:24:44:07:ee:16:18:1a:37:00:15:38:1f:ec:ee:6f:3b:c2:9e:3b:ff:94:0a:40:bd:a0:ce:2e:4e:cc:f2:00:ad:90:4c:21:55:1c:ae:bd:a6:ed:6d:62:e5:6a:79:8a:6e:78:f9:69:73:8a:10:f9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.754979000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.754979000", + "frame.time_delta": "0.000948000", + "frame.time_delta_displayed": "0.000948000", + "frame.time_relative": "867.294293000", + "frame.number": "3181", + "frame.len": "555", + "frame.cap_len": "555", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "541", + "ip.id": "0x0000a409", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b045", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34258", + "tcp.dstport": "443", + "tcp.port": "34258", + "tcp.port": "443", + "tcp.stream": "133", + "tcp.len": "489", + "tcp.seq": "503", + "tcp.nxtseq": "992", + "tcp.ack": "1792", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000f54a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:03:b8:4b:45:98:21", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2491320, TSecr 1262852129": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2491320", + "tcp.options.timestamp.tsecr": "1262852129" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3180", + "tcp.analysis.ack_rtt": "0.000948000", + "tcp.analysis.initial_rtt": "0.070783000", + "tcp.analysis.bytes_in_flight": "489", + "tcp.analysis.push_bytes_sent": "489" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "484", + "ssl.app_data": "67:0f:57:86:63:76:3e:ef:66:0b:01:d6:9a:c9:ed:35:1e:61:a7:95:dd:c9:50:60:86:02:9d:3e:2b:43:30:79:12:e5:ab:f7:91:56:f3:ce:61:6f:d1:a0:0d:57:1f:d6:1f:22:c2:01:36:c1:18:a9:ec:2b:66:63:b6:de:ad:35:78:ba:06:d1:03:fb:43:f3:85:6d:54:45:2f:b6:59:8a:d2:ea:d4:42:43:6b:e3:3f:33:5d:e0:02:5e:bf:37:db:26:be:f2:f7:59:d6:53:9f:a5:a4:6e:15:35:9c:18:45:50:ba:26:0a:06:51:c2:ac:a5:d5:76:3f:ad:17:ec:aa:8d:66:70:5c:a4:1c:0f:02:b9:13:08:fb:29:87:e8:0e:26:26:cb:7c:b3:38:b4:1e:12:02:fe:81:cb:e6:c0:0e:5e:01:a6:d8:db:e5:d2:3e:a4:ba:fb:cf:0c:53:70:ba:2f:05:89:93:07:e3:b1:55:72:c3:40:11:52:34:f0:a1:27:0e:a1:25:1d:93:05:c7:98:3e:14:5a:ae:a5:cc:31:70:65:9e:ac:2f:8a:5d:90:41:be:ee:04:d2:23:33:c0:be:d7:4a:49:08:5f:a4:10:78:d9:2f:30:69:f0:01:26:ae:b3:4b:bd:68:7f:40:06:f2:e9:f4:1f:24:0c:9c:17:0c:0a:80:f5:61:46:6b:e9:4b:78:df:2e:84:c3:b1:50:b5:a9:d9:1e:ce:71:fd:dd:b9:16:ce:83:ca:e8:a3:3b:69:ad:34:11:f4:c4:52:5c:81:63:15:4e:b8:ba:fd:c3:3b:cb:8c:5a:9e:52:30:92:19:93:a3:06:f8:a3:84:45:ed:e9:43:54:5a:32:d6:1a:aa:24:fe:4e:53:c9:95:7f:68:d6:54:c8:4c:73:21:fd:11:0f:26:a9:3d:49:e8:ec:8f:cd:a0:e5:97:d0:ad:ac:7d:3d:8d:f1:5b:70:34:4e:5e:73:08:9d:af:c4:88:98:7a:4f:1b:f5:f1:3e:28:1b:36:e5:94:8d:6b:ce:e1:fd:78:8a:37:e5:2e:0e:30:09:b6:de:b0:ee:2c:2a:12:3c:35:4b:c3:89:6a:4a:dd:b3:f9:ae:92:8e:83:07:ac:07:7d:91:e8:de:ba:57:91:2c:b7:63:75:68:55:8c:93:61:08:81:7c:92:9b:1f:fc:72:fa:f6:e0:66:1d:e9:34:11:e5:52:a1:e8:18:10:60:a6:09:77:bb:b4:33:fb:95:b0:fb:f8:05:5e:a4:e3:81:97:65:47:35:3c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.826268000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.826268000", + "frame.time_delta": "0.071289000", + "frame.time_delta_displayed": "0.071289000", + "frame.time_relative": "867.365582000", + "frame.number": "3182", + "frame.len": "141", + "frame.cap_len": "141", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "127", + "ip.id": "0x0000fce2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000b209", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34258", + "tcp.port": "443", + "tcp.port": "34258", + "tcp.stream": "133", + "tcp.len": "75", + "tcp.seq": "1792", + "tcp.nxtseq": "1867", + "tcp.ack": "992", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b11b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:45:98:33:00:26:03:b8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262852147, TSecr 2491320": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262852147", + "tcp.options.timestamp.tsecr": "2491320" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3181", + "tcp.analysis.ack_rtt": "0.071289000", + "tcp.analysis.initial_rtt": "0.070783000", + "tcp.analysis.bytes_in_flight": "75", + "tcp.analysis.push_bytes_sent": "75" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "70", + "ssl.app_data": "5d:d4:a8:41:f6:2d:2e:bc:60:ad:41:65:dc:8d:83:eb:8a:96:e2:15:0a:81:ba:16:78:bb:43:76:e1:58:c7:b8:bc:51:09:ab:a9:ce:36:8a:3b:a7:3b:9e:ab:7f:fb:a4:e6:5a:b7:89:56:ad:6f:b0:6a:b4:d3:e3:f9:f7:2d:0c:81:01:5f:ab:19:fc" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.827031000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.827031000", + "frame.time_delta": "0.000763000", + "frame.time_delta_displayed": "0.000763000", + "frame.time_relative": "867.366345000", + "frame.number": "3183", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000a40a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b22d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34258", + "tcp.dstport": "443", + "tcp.port": "34258", + "tcp.port": "443", + "tcp.stream": "133", + "tcp.len": "0", + "tcp.seq": "992", + "tcp.ack": "1867", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00006bc5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:03:bf:4b:45:98:33", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2491327, TSecr 1262852147": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2491327", + "tcp.options.timestamp.tsecr": "1262852147" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3182", + "tcp.analysis.ack_rtt": "0.000763000", + "tcp.analysis.initial_rtt": "0.070783000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.897025000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.897025000", + "frame.time_delta": "0.069994000", + "frame.time_delta_displayed": "0.069994000", + "frame.time_relative": "867.436339000", + "frame.number": "3184", + "frame.len": "97", + "frame.cap_len": "97", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "83", + "ip.id": "0x0000fce3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000b234", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34258", + "tcp.port": "443", + "tcp.port": "34258", + "tcp.stream": "133", + "tcp.len": "31", + "tcp.seq": "1867", + "tcp.nxtseq": "1898", + "tcp.ack": "993", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004f86", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:45:98:45:00:26:03:bf", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262852165, TSecr 2491327": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262852165", + "tcp.options.timestamp.tsecr": "2491327" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3183", + "tcp.analysis.ack_rtt": "0.069994000", + "tcp.analysis.initial_rtt": "0.070783000", + "tcp.analysis.bytes_in_flight": "31", + "tcp.analysis.push_bytes_sent": "31" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "21", + "ssl.record.version": "0x00000303", + "ssl.record.length": "26", + "ssl.alert_message": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.897110000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.897110000", + "frame.time_delta": "0.000085000", + "frame.time_delta_displayed": "0.000085000", + "frame.time_relative": "867.436424000", + "frame.number": "3185", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000fce4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000b252", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34258", + "tcp.port": "443", + "tcp.port": "34258", + "tcp.stream": "133", + "tcp.len": "0", + "tcp.seq": "1898", + "tcp.ack": "993", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006c3a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:45:98:45:00:26:03:bf", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262852165, TSecr 2491327": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262852165", + "tcp.options.timestamp.tsecr": "2491327" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.897536000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.897536000", + "frame.time_delta": "0.000426000", + "frame.time_delta_displayed": "0.000426000", + "frame.time_relative": "867.436850000", + "frame.number": "3186", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e292", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000073b1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34258", + "tcp.dstport": "443", + "tcp.port": "34258", + "tcp.port": "443", + "tcp.stream": "133", + "tcp.len": "0", + "tcp.seq": "993", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x000044b4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:00:58.897548000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494458.897548000", + "frame.time_delta": "0.000012000", + "frame.time_delta_displayed": "0.000012000", + "frame.time_relative": "867.436862000", + "frame.number": "3187", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e293", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000073b0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34258", + "tcp.dstport": "443", + "tcp.port": "34258", + "tcp.port": "443", + "tcp.stream": "133", + "tcp.len": "0", + "tcp.seq": "993", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x000044b4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:00.594823000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494460.594823000", + "frame.time_delta": "1.697275000", + "frame.time_delta_displayed": "1.697275000", + "frame.time_relative": "869.134137000", + "frame.number": "3188", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001da6", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba4a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000d92", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000270", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=624", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:00.595378000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494460.595378000", + "frame.time_delta": "0.000555000", + "frame.time_delta_displayed": "0.000555000", + "frame.time_relative": "869.134692000", + "frame.number": "3189", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001da7", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b45", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ee8d", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000270", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=624", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:00.595976000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494460.595976000", + "frame.time_delta": "0.000598000", + "frame.time_delta_displayed": "0.000598000", + "frame.time_relative": "869.135290000", + "frame.number": "3190", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007c53", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000270", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=624", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:00.630326000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494460.630326000", + "frame.time_delta": "0.034350000", + "frame.time_delta_displayed": "0.034350000", + "frame.time_relative": "869.169640000", + "frame.number": "3191", + "frame.len": "354", + "frame.cap_len": "354", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "340", + "ip.id": "0x00002c84", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037db", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "288", + "tcp.seq": "8302", + "tcp.nxtseq": "8590", + "tcp.ack": "35396", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000d4d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:4c:21:00:26:03:61", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812169249, TSecr 2491233": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812169249", + "tcp.options.timestamp.tsecr": "2491233" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "288", + "tcp.analysis.push_bytes_sent": "288" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "283", + "ssl.app_data": "34:cd:34:17:47:48:0e:66:70:d7:08:18:94:c4:2b:ae:f3:92:68:e1:a8:34:c2:61:66:bc:8d:3d:34:c6:50:e6:91:d4:57:dd:84:c2:73:72:b2:b8:22:9e:3d:78:b3:4f:b5:3e:5c:20:54:df:e4:11:d1:23:0a:52:5f:59:7f:63:ae:84:c9:b9:9e:e5:04:06:5a:31:95:45:97:5b:a3:6e:94:9d:d8:3a:22:55:cb:ee:4b:c5:db:5e:b9:97:7d:4f:de:1c:4e:25:c9:0f:95:a1:6f:10:0a:cb:69:c3:a5:bf:ac:86:75:5c:76:2a:67:d3:ae:16:29:85:bb:a2:71:ec:c9:92:c6:74:4f:57:70:99:9e:46:2e:e3:71:9b:10:2f:64:9a:e4:25:0f:50:94:ea:18:69:82:f4:12:8a:da:76:4f:90:7d:37:14:27:1f:c9:07:ac:ea:3d:fd:da:bd:03:7f:7a:65:e0:57:0c:51:10:57:52:26:2e:50:dc:be:77:b2:5d:c9:0f:6d:3d:24:98:be:db:48:43:eb:33:51:3d:ac:9a:61:59:86:f5:86:fe:ad:3e:8c:25:16:54:39:e1:65:63:aa:57:7f:73:e3:f9:4b:8e:7f:e3:ed:9c:07:2c:94:79:92:50:c4:29:08:21:13:bf:b1:cb:9e:46:88:2a:93:e9:03:eb:8f:59:69:7b:82:08:84:13:23:42:a4:ea:cc:ab:00:19:05:01:b1:d2:62:e3:b8" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:00.651112000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494460.651112000", + "frame.time_delta": "0.020786000", + "frame.time_delta_displayed": "0.020786000", + "frame.time_relative": "869.190426000", + "frame.number": "3192", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x0000958a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "35396", + "tcp.nxtseq": "35449", + "tcp.ack": "8590", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000edad", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:04:75:a7:9e:4c:21", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2491509, TSecr 2812169249": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2491509", + "tcp.options.timestamp.tsecr": "2812169249" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3191", + "tcp.analysis.ack_rtt": "0.020786000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:39:ae:e5:41:2c:9e:dc:b4:ea:53:ab:41:04:23:8e:fa:08:28:22:21:5c:e4:f4:ba:4d:7a:b0:16:73:76:3f:01:77:bd:87:e7:41:a8:97:f5:61" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:00.711239000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494460.711239000", + "frame.time_delta": "0.060127000", + "frame.time_delta_displayed": "0.060127000", + "frame.time_relative": "869.250553000", + "frame.number": "3193", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c85", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038fa", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8590", + "tcp.ack": "35449", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000abda", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:4c:36:00:26:04:75", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812169270, TSecr 2491509": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812169270", + "tcp.options.timestamp.tsecr": "2491509" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3192", + "tcp.analysis.ack_rtt": "0.060127000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:00.711795000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494460.711795000", + "frame.time_delta": "0.000556000", + "frame.time_delta_displayed": "0.000556000", + "frame.time_relative": "869.251109000", + "frame.number": "3194", + "frame.len": "765", + "frame.cap_len": "765", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "751", + "ip.id": "0x0000958b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007539", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "699", + "tcp.seq": "35449", + "tcp.nxtseq": "36148", + "tcp.ack": "8590", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003da5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:04:7b:a7:9e:4c:36", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2491515, TSecr 2812169270": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2491515", + "tcp.options.timestamp.tsecr": "2812169270" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "699", + "tcp.analysis.push_bytes_sent": "699" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:3a:25:10:56:b3:7b:79:55:44:89:46:c9:42:f1:b7:42:52:70:a4:e6:6d:8d:b4:3e:35:f3:8b:91:6b:c4:d2:0f:3a:55:a0:bf:d7:0c:09:a5:75:1f" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:3b:ba:c1:8e:73:97:a7:55:59:7f:5b:f9:a6:65:65:a1:a4:59:de:9e:62:8d:25:bc:cb:e4:9d:fb:ca:4f:b7:ca:cf:c5:a5:ea:03:77:61:8d:78:40:d6:03:54:0f:7e:41:47:a8:5c:a2:28:c8:75:8f:11:7f:28:04:cf:dd:42:df:86:9f:37:60:1b:b3:e3:41:2e:9d:70:86:34:e6:81:ee:20:1f:a9:b8:61:a3:5f:3d:6b" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "539", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:3c:85:ed:5e:0e:d7:a7:48:b3:ae:27:d8:21:a6:f6:8c:ca:56:74:42:e2:fc:20:57:f1:56:76:93:fd:0f:b2:a7:3f:f3:4a:c7:42:d2:e7:d7:23:e1:9a:32:fb:06:42:29:ab:7e:c9:c9:b8:af:22:2b:78:fc:d6:1c:76:9e:fc:3b:c0:16:f3:38:30:bf:d3:3b:bb:44:5d:fc:83:bf:43:2a:32:6b:1b:69:8a:28:65:3a:b1:57:a1:d1:74:10:6d:d4:58:34:60:e1:3a:a0:ec:b1:11:9c:56:fb:a7:11:1d:2f:2e:30:17:0f:02:f3:81:89:0a:a6:70:fa:b9:95:c9:15:32:08:59:ff:51:ea:20:16:4a:3b:a7:3c:30:51:98:8d:04:b8:c1:4d:0c:13:03:64:a6:9d:77:3f:72:21:9d:85:7d:9e:86:1a:34:4d:91:cb:03:96:79:cb:11:db:97:4e:ec:3d:db:e3:35:2c:b5:0d:3b:d2:87:9a:7d:90:b8:99:4d:ec:1e:7c:e3:fa:c1:b5:fd:27:8d:52:5c:a7:17:f8:4e:35:76:5a:aa:a5:56:8d:d1:76:d0:27:9d:e0:b2:82:f2:28:e0:39:82:1b:a1:60:b4:28:4e:9e:36:13:3d:de:16:4d:5d:80:6c:c1:87:b3:30:e6:1d:63:eb:55:54:de:84:1c:2a:93:8f:8b:35:48:71:d8:8e:5d:47:65:c6:ef:f6:95:b3:75:48:f7:e6:f6:9c:6c:69:e2:7c:8e:cf:dd:b6:af:01:4b:15:82:5e:9c:12:b6:7e:59:f8:3f:6a:de:72:df:af:28:be:9a:d7:f2:a3:c1:c2:14:5e:08:9a:1e:1a:fb:14:d4:99:cb:ff:65:00:4c:8e:62:68:4a:7f:1d:29:aa:e9:c8:0e:62:e6:05:00:5b:62:d4:67:a0:2b:61:dc:c5:5c:cd:43:fa:cf:c3:10:cf:31:c4:fb:cf:67:3e:b0:af:85:df:48:b0:74:99:37:24:e6:e0:d6:ea:6a:d0:d7:08:63:9a:e0:c2:a9:e6:fd:cc:d7:f2:ef:9b:f5:12:ca:82:7a:6b:31:40:63:d1:9b:cb:4a:4e:a9:40:5c:30:2a:ca:34:6c:df:79:cc:38:e3:25:72:62:64:78:a2:24:92:1d:a4:4f:8f:ce:51:ae:f2:4d:1c:cf:08:fd:3d:e7:61:11:89:24:c2:92:2d:bd:b8:22:42:c8:8e:79:a6:7e:3a:6f:89:12:d5:02:f6:92:e4:cf:ab:e0:9b:29:a9:8a:91:cc:5f:8e:e5:d4:9e:51:2b:a8:72:81:cf:7c:69:0d:de:f4:78:cc:c8:29:1e:8e:c4:56:f8:43:82:7e:29:e5:0b:d1:3d:55:70:34:59:aa:fe:40:88:f3:6a:b0:b0:9e:f0:4c:72:5d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:00.772004000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494460.772004000", + "frame.time_delta": "0.060209000", + "frame.time_delta_displayed": "0.060209000", + "frame.time_relative": "869.311318000", + "frame.number": "3195", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c86", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038f9", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8590", + "tcp.ack": "36148", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a90a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:4c:45:00:26:04:7b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812169285, TSecr 2491515": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812169285", + "tcp.options.timestamp.tsecr": "2491515" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3194", + "tcp.analysis.ack_rtt": "0.060209000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:01.049028000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494461.049028000", + "frame.time_delta": "0.277024000", + "frame.time_delta_displayed": "0.277024000", + "frame.time_relative": "869.588342000", + "frame.number": "3196", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x0000958c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077bd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "36148", + "tcp.nxtseq": "36202", + "tcp.ack": "8590", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000603", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:04:9d:a7:9e:4c:45", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2491549, TSecr 2812169285": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2491549", + "tcp.options.timestamp.tsecr": "2812169285" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:3d:b8:20:ed:7d:ad:85:a9:62:3b:f2:10:2e:1f:4e:d1:6b:44:b6:1c:a8:f2:5b:d7:9e:fa:17:a3:8d:ac:62:03:1c:4a:53:5a:b9:af:00:3d:71:55" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:01.109344000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494461.109344000", + "frame.time_delta": "0.060316000", + "frame.time_delta_displayed": "0.060316000", + "frame.time_relative": "869.648658000", + "frame.number": "3197", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c87", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038f8", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8590", + "tcp.ack": "36202", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a85e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:4c:99:00:26:04:9d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812169369, TSecr 2491549": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812169369", + "tcp.options.timestamp.tsecr": "2491549" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3196", + "tcp.analysis.ack_rtt": "0.060316000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:03.337659000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494463.337659000", + "frame.time_delta": "2.228315000", + "frame.time_delta_displayed": "2.228315000", + "frame.time_relative": "871.876973000", + "frame.number": "3198", + "frame.len": "354", + "frame.cap_len": "354", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "340", + "ip.id": "0x00002c88", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037d7", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "288", + "tcp.seq": "8590", + "tcp.nxtseq": "8878", + "tcp.ack": "36202", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000918e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:4e:c6:00:26:04:9d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812169926, TSecr 2491549": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812169926", + "tcp.options.timestamp.tsecr": "2491549" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "288", + "tcp.analysis.push_bytes_sent": "288" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "283", + "ssl.app_data": "34:cd:34:17:47:48:0e:67:79:2b:83:81:6c:f3:db:22:cc:6b:b3:90:e6:0d:4f:c3:73:17:a0:bc:e8:e6:57:a9:cf:1e:1a:5e:53:38:88:97:d9:db:a8:44:24:ea:90:f3:00:ba:1d:fc:b0:11:57:f7:e6:7c:2e:f6:3e:3a:fb:16:15:79:ab:53:e4:3c:b7:65:d5:52:8a:2f:d6:f8:b0:40:d4:76:fe:78:42:67:da:d5:30:d9:a9:68:6b:10:ff:2e:78:4a:83:9e:4d:82:7a:7e:66:e5:82:42:1c:ea:43:f3:d7:35:8f:f3:f7:f1:40:dc:2f:c7:1e:62:0e:9f:b4:8d:5b:25:c9:26:1e:47:5c:a2:0b:7b:62:98:78:cd:7d:72:e7:65:06:38:1a:1a:fc:5a:13:92:0c:d5:3f:0a:b0:29:1b:e2:e7:a8:c1:46:9a:16:c3:85:e1:95:e1:2b:1e:32:47:0d:ca:1b:bd:ad:08:43:93:98:79:66:56:8c:ce:37:0d:12:11:c4:2c:00:8e:25:e3:ed:d5:1b:5d:7a:46:c8:61:02:6b:c7:b9:55:ad:53:15:a3:ba:47:b0:4e:4d:4a:44:25:a6:26:ea:d9:c5:96:9c:de:85:03:33:12:2e:9d:50:8a:b8:96:53:2b:3f:81:8e:92:cb:c5:44:ad:0f:4b:8f:f6:a1:4b:67:e4:48:7c:bf:f3:28:9f:7c:f1:64:57:da:1a:50:ee:18:8e:ef:c1:87:76:96" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:03.352258000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494463.352258000", + "frame.time_delta": "0.014599000", + "frame.time_delta_displayed": "0.014599000", + "frame.time_relative": "871.891572000", + "frame.number": "3199", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x0000958d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077bd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "36202", + "tcp.nxtseq": "36255", + "tcp.ack": "8878", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ab69", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:05:83:a7:9e:4e:c6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2491779, TSecr 2812169926": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2491779", + "tcp.options.timestamp.tsecr": "2812169926" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3198", + "tcp.analysis.ack_rtt": "0.014599000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:3e:8f:85:ca:9c:a5:99:b8:ec:13:59:d8:ae:fb:51:48:2c:5b:e8:43:a6:33:73:ff:3a:ae:8f:d4:2d:cd:94:a4:49:d0:66:3d:27:10:4f:a8:ce" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:03.412343000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494463.412343000", + "frame.time_delta": "0.060085000", + "frame.time_delta_displayed": "0.060085000", + "frame.time_relative": "871.951657000", + "frame.number": "3200", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c89", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038f6", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8878", + "tcp.ack": "36255", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a3e3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:4e:d9:00:26:05:83", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812169945, TSecr 2491779": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812169945", + "tcp.options.timestamp.tsecr": "2491779" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3199", + "tcp.analysis.ack_rtt": "0.060085000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:03.412882000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494463.412882000", + "frame.time_delta": "0.000539000", + "frame.time_delta_displayed": "0.000539000", + "frame.time_relative": "871.952196000", + "frame.number": "3201", + "frame.len": "765", + "frame.cap_len": "765", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "751", + "ip.id": "0x0000958e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007536", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "699", + "tcp.seq": "36255", + "tcp.nxtseq": "36954", + "tcp.ack": "8878", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000782", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:05:8a:a7:9e:4e:d9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2491786, TSecr 2812169945": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2491786", + "tcp.options.timestamp.tsecr": "2812169945" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "699", + "tcp.analysis.push_bytes_sent": "699" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:3f:9e:c7:da:55:b8:ea:97:e7:30:99:53:e3:6d:7a:9c:96:ae:9b:61:e6:f3:68:83:e9:48:8e:c9:86:32:6f:4e:7e:92:eb:bf:e4:ed:0a:0e:26:ef" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:40:8d:b5:03:17:e9:07:c9:21:dd:69:e6:5f:f9:20:e7:8d:16:2a:83:24:39:70:ea:0e:87:8f:d9:22:a0:99:d6:ba:d9:eb:5d:fd:41:9c:c8:c8:46:93:df:2f:da:68:2f:02:1c:29:c5:5c:78:ca:04:2f:4f:35:22:1b:92:2b:42:6f:53:56:05:d7:02:9c:2b:d6:b8:28:d0:39:7f:0f:86:be:06:8c:14:24:bc:9a:a6:46" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "539", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:41:c4:9b:e4:b9:78:38:79:c2:2f:0d:2e:53:24:1c:67:c9:d9:9a:c8:8d:37:5b:9b:38:2d:9c:d6:89:8a:cc:34:c2:eb:11:66:eb:7d:5b:f9:a7:86:fa:36:84:11:a8:48:47:63:63:de:80:58:14:41:26:9f:2d:17:1d:ae:0b:7d:09:7e:6a:f0:f3:ec:6b:f5:a0:80:ea:37:4e:d2:59:27:8a:e4:e8:8d:30:a8:38:f8:dd:bd:91:2e:28:d1:5c:a4:ee:6d:0a:3c:a5:f5:6e:f4:c5:01:a7:dd:31:79:a7:0c:91:40:98:67:aa:6b:ab:c8:42:1b:98:bf:2d:16:09:45:3e:5a:aa:e0:13:34:12:61:cb:23:82:b5:75:e9:a8:f2:84:6c:2f:37:2b:4c:92:e9:9f:38:bc:b8:6b:86:04:25:db:22:4d:cb:74:4b:22:bd:f7:0b:7a:bf:74:e2:a6:6c:91:f3:5f:4a:00:ca:e8:97:99:c8:c8:32:3e:b3:60:75:57:a3:90:18:16:69:82:20:b6:ca:be:03:44:6d:bd:67:86:ef:55:5b:cf:b3:4f:05:85:ef:42:cd:b4:3f:69:16:e6:a5:ca:dc:a7:8c:77:72:fc:85:77:ec:c3:46:1d:8e:9e:3d:ff:e7:6b:13:f0:53:68:9a:7a:a3:73:a4:d4:67:19:5e:ce:75:10:31:f2:65:82:ae:3a:ab:ea:45:3a:4f:64:d4:17:c8:26:00:bd:55:b6:ff:5a:30:5c:05:73:14:e9:00:53:df:a4:94:10:23:93:d0:b1:02:96:a9:56:2b:54:ce:fa:07:18:9b:e8:cc:fa:49:ab:f8:84:a2:1f:4f:a0:84:2f:55:42:2d:36:83:30:42:4a:74:ea:94:73:f5:d0:10:95:99:4d:b7:c5:fd:a0:2f:f2:fe:84:16:eb:5c:00:b6:85:a7:0d:f7:8b:b3:77:0e:9b:f7:c7:94:8c:c2:09:b2:21:fa:bb:b0:02:5d:af:53:0b:a0:94:48:84:36:73:2d:99:1c:15:61:75:ed:f3:81:3d:03:d4:4b:eb:12:08:09:80:b8:d0:c4:0e:5d:74:1e:82:05:df:dc:62:7d:e3:98:b0:37:bc:cf:97:8c:6c:62:cd:9a:4e:63:29:c6:c7:40:19:00:68:84:fa:70:d9:0b:a4:a5:2c:a8:37:2b:e8:80:d5:1d:a5:b4:50:7b:d4:0b:13:6a:9e:7c:62:e7:47:4d:c1:35:06:06:ca:15:e9:39:46:49:fc:61:59:c1:7c:07:c1:ca:88:cb:e3:f5:23:79:f8:74:4c:27:26:1b:b6:8e:a5:f0:0c:f5:2e:f4:f2:d3:3c:9f:d5:a6:ff:c7:6b:27:92:53:27:c3:a8:66:8f:d5:e2:9e:82:3a:5c:d0:81:45:ad:8d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:03.473067000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494463.473067000", + "frame.time_delta": "0.060185000", + "frame.time_delta_displayed": "0.060185000", + "frame.time_relative": "872.012381000", + "frame.number": "3202", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c8a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038f5", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8878", + "tcp.ack": "36954", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a112", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:4e:e8:00:26:05:8a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812169960, TSecr 2491786": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812169960", + "tcp.options.timestamp.tsecr": "2491786" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3201", + "tcp.analysis.ack_rtt": "0.060185000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:03.759864000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494463.759864000", + "frame.time_delta": "0.286797000", + "frame.time_delta_displayed": "0.286797000", + "frame.time_relative": "872.299178000", + "frame.number": "3203", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x0000958f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "36954", + "tcp.nxtseq": "37008", + "tcp.ack": "8878", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fa66", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:05:ac:a7:9e:4e:e8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2491820, TSecr 2812169960": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2491820", + "tcp.options.timestamp.tsecr": "2812169960" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:42:64:5b:41:17:ae:cf:b8:f3:03:72:0b:76:b8:f2:58:7e:0a:9e:d1:ba:d4:0e:ce:cc:e3:bd:48:14:c7:9d:60:0a:f0:50:79:3a:19:1e:3b:74:7e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:03.820031000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494463.820031000", + "frame.time_delta": "0.060167000", + "frame.time_delta_displayed": "0.060167000", + "frame.time_relative": "872.359345000", + "frame.number": "3204", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c8b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038f4", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8878", + "tcp.ack": "37008", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a063", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:4f:3f:00:26:05:ac", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812170047, TSecr 2491820": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812170047", + "tcp.options.timestamp.tsecr": "2491820" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3203", + "tcp.analysis.ack_rtt": "0.060167000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:04.560185000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494464.560185000", + "frame.time_delta": "0.740154000", + "frame.time_delta_displayed": "0.740154000", + "frame.time_relative": "873.099499000", + "frame.number": "3205", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057f2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a69f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "281", + "tcp.ack": "253", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000004ab", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:04.703481000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494464.703481000", + "frame.time_delta": "0.143296000", + "frame.time_delta_displayed": "0.143296000", + "frame.time_relative": "873.242795000", + "frame.number": "3206", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fe0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdb1", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "253", + "tcp.ack": "282", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000f20", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:05.595121000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494465.595121000", + "frame.time_delta": "0.891640000", + "frame.time_delta_displayed": "0.891640000", + "frame.time_relative": "874.134435000", + "frame.number": "3207", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001da8", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba48", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000d92", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000270", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=624", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:05.595676000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494465.595676000", + "frame.time_delta": "0.000555000", + "frame.time_delta_displayed": "0.000555000", + "frame.time_relative": "874.134990000", + "frame.number": "3208", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001da9", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b43", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ee8d", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000270", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=624", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:05.596247000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494465.596247000", + "frame.time_delta": "0.000571000", + "frame.time_delta_displayed": "0.000571000", + "frame.time_relative": "874.135561000", + "frame.number": "3209", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007c53", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000270", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=624", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:06.478366000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494466.478366000", + "frame.time_delta": "0.882119000", + "frame.time_delta_displayed": "0.882119000", + "frame.time_relative": "875.017680000", + "frame.number": "3210", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005c62", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005b87", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:07.771076000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494467.771076000", + "frame.time_delta": "1.292710000", + "frame.time_delta_displayed": "1.292710000", + "frame.time_relative": "876.310390000", + "frame.number": "3211", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00000a2b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ae8f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "39740", + "udp.dstport": "53", + "udp.port": "39740", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00001ada", + "udp.checksum.status": "2", + "udp.stream": "86" + }, + "dns": { + "dns.id": "0x00000f27", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:07.771663000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494467.771663000", + "frame.time_delta": "0.000587000", + "frame.time_delta_displayed": "0.000587000", + "frame.time_relative": "876.310977000", + "frame.number": "3212", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00004fa6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006914", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "39740", + "udp.port": "53", + "udp.port": "39740", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "86" + }, + "dns": { + "dns.response_to": "3211", + "dns.time": "0.000587000", + "dns.id": "0x00000f27", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:07.772472000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494467.772472000", + "frame.time_delta": "0.000809000", + "frame.time_delta_displayed": "0.000809000", + "frame.time_relative": "876.311786000", + "frame.number": "3213", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00000a2c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ae8e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "45541", + "udp.dstport": "53", + "udp.port": "45541", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00001f30", + "udp.checksum.status": "2", + "udp.stream": "87" + }, + "dns": { + "dns.id": "0x00000f28", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:07.773013000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494467.773013000", + "frame.time_delta": "0.000541000", + "frame.time_delta_displayed": "0.000541000", + "frame.time_relative": "876.312327000", + "frame.number": "3214", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00004fa7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006903", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "45541", + "udp.port": "53", + "udp.port": "45541", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "87" + }, + "dns": { + "dns.response_to": "3213", + "dns.time": "0.000541000", + "dns.id": "0x00000f28", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2910", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:07.774165000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494467.774165000", + "frame.time_delta": "0.001152000", + "frame.time_delta_displayed": "0.001152000", + "frame.time_relative": "876.313479000", + "frame.number": "3215", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000089f7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000abd8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35302", + "tcp.dstport": "80", + "tcp.port": "35302", + "tcp.port": "80", + "tcp.stream": "134", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000087ad", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:07.909526000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494467.909526000", + "frame.time_delta": "0.135361000", + "frame.time_delta_displayed": "0.135361000", + "frame.time_relative": "876.448840000", + "frame.number": "3216", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x00009658", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000f47a", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35302", + "tcp.port": "80", + "tcp.port": "35302", + "tcp.stream": "134", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x000026cd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3215", + "tcp.analysis.ack_rtt": "0.135361000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:07.910089000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494467.910089000", + "frame.time_delta": "0.000563000", + "frame.time_delta_displayed": "0.000563000", + "frame.time_relative": "876.449403000", + "frame.number": "3217", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000089f8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000abe3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35302", + "tcp.dstport": "80", + "tcp.port": "35302", + "tcp.port": "80", + "tcp.stream": "134", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000f05b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3216", + "tcp.analysis.ack_rtt": "0.000563000", + "tcp.analysis.initial_rtt": "0.135924000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:07.910103000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494467.910103000", + "frame.time_delta": "0.000014000", + "frame.time_delta_displayed": "0.000014000", + "frame.time_relative": "876.449417000", + "frame.number": "3218", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x000089f9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a98a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35302", + "tcp.dstport": "80", + "tcp.port": "35302", + "tcp.port": "80", + "tcp.stream": "134", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000f56f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.135924000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:31:22:2c:20:4e:6f:6e:63:65:3d:22:39:6f:6f:46:56:70:62:2b:42:35:6d:37:49:4e:55:49:41:48:2b:77:6a:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:6f:57:6d:49:6b:6a:38:6f:53:65:35:5a:4a:32:4f:43:63:33:48:66:4f:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:08.046066000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494468.046066000", + "frame.time_delta": "0.135963000", + "frame.time_delta_displayed": "0.135963000", + "frame.time_relative": "876.585380000", + "frame.number": "3219", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000da6d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000b06d", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35302", + "tcp.port": "80", + "tcp.port": "35302", + "tcp.stream": "134", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00004d90", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3218", + "tcp.analysis.ack_rtt": "0.135963000", + "tcp.analysis.initial_rtt": "0.135924000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:08.046698000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494468.046698000", + "frame.time_delta": "0.000632000", + "frame.time_delta_displayed": "0.000632000", + "frame.time_relative": "876.586012000", + "frame.number": "3220", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x000089fa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a701", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35302", + "tcp.dstport": "80", + "tcp.port": "35302", + "tcp.port": "80", + "tcp.stream": "134", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000bbb0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.135924000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "bc:6b:25:cf:33:b3:b6:a2:7e:8a:cd:7f:15:a0:56:f0:ac:85:6b:b4:03:ff:26:06:90:76:04:96:12:bd:59:37:b9:46:46:d6:34:85:83:7f:52:2c:62:2e:d4:c3:e7:52:53:e2:24:94:79:25:9c:f1:e3:cb:c7:83:9a:49:c9:e5:9b:12:04:c2:8b:aa:7c:52:e5:a7:f7:e7:0d:76:e0:32:d1:cf:17:09:c9:32:46:74:f2:a8:61:10:e4:5e:51:94:6b:0b:d7:d8:53:96:8a:49:67:d1:ba:3e:63:0e:77:d3:1a:1a:30:4f:58:1f:87:75:48:a8:b4:2b:b0:5c:fe:96:56:3d:e5:0c:dc:77:72:8a:4e:a0:77:e8:3c:4a:5a:1a:40:a3:48:e5:4a:a7:e3:e4:95:19:32:7e:66:6c:e5:a4:72:49:a1:27:46:1c:83:77:3a:ff:62:3f:44:69:aa:9d:9e:ee:cc:17:18:7d:cb:c9:1d:22:b3:e0:4b:de:44:aa:15:2a:3f:45:f4:09:18:fe:37:94:58:97:19:ba:66:9a:80:87:0b:29:4e:cc:0d:19:09:4d:a4:40:a7:9e:9c:86:88:8e:5c:f9:60:8c:be:bf:3b:12:ba:ca:3d:2f:7a:8d:c3:89:bb:45:37:70:00:f5:1f:95:5c:c4:31:e0:30:a5:a8:68:e4:c8:7d:59:4a:8c:70:48:42:25:ef:1f:10:89:4e:b7:67:0f:1c:9d:c2:90:b7:a1:21:4d:9c:7b:67:30:62:ef:f5:87:da:08:f1:5b:aa:04:53:f3:de:0e:5e:fd:44:3a:27:de:b3:87:43:88:d3:86:6f:5d:46:1e:10:1b:ed:49:93:fc:5b:4c:7e:4b:a5:81:6b:90:97:ab:6f:09:4f:63:a6:c3:b3:6e:2e:03:95:6e:f6:a4:d7:f0:ff:95:11:1f:b1:ca:88:37:f3:fe:6b:8a:da:5d:11:23:6f:a4:7b:a6:75:6e:08:73:7b:44:f9:d6:39:fe:81:8f:c2:44:e7:0c:49:67:51:bc:b3:80:5a:a8:91:fe:a3:a2:93:2b:65:59:c2:7e:b5:bf:2c:8a:6f:64:22:6b:ef:49:b9:3d:e0:f9:06:0f:9e:f0:b8:25:a2:85:ad:b6:5e:8e:1b:b5:8a:fb:a7:68:eb:ce:9c:ae:9b:a6:7b:03:2f:11:da:44:27:7d:d6:a5:90:65:bd:c9:bc:cf:cf:43:04:ad:3b:67:49:31:c4:77:c4:d1:e2:4c:87:85:e0:18:93:ae:be:0f:9d:2a:e1:06:5e:7b:ea:9e:c0:3b:95:cd:f9:45:4e:56:86:b4:d8:09:04:48:b4:c5:87:b3:90:c9:7e:22:c4:fe:8b:21:80:82:2c:30:2c:6b:70:f9:87:83:67:17:a1:a2:87:01:cd:bf:de:43:1c:d6:70:2f:76:f9:ed:b9:d5:93:f1:b8:51:5a:f9:98:5b:4e:9d:95:89:c3:a5:c7:90:f3:8e:de:e9:4d:5f:d0:4b:44:f3:62:0a:f8:2a:79:89:9d:ad:e8:cd:ea:e1:21:ee:15:da:e4:3e:63:78:17:48:13:02:6a:b1:e3:4c:34:ac:e9:96:3a:26:5c:ad:64:b8:33:57:41:37:30:f5:21:07:9a:44:c6:70:28:54:8f:9b:e1:80:93:6d:f3:43:29:e2:f7:af:7a:f6:97:5a:66:2f:09:fd:fe:12:05:8c:f3:e0:31:09:01:8f:c4:b6:81:df:fc:25:25:d9:8f:34:6b:77:3b:95:21:09:8c:bb:65:f5:9a:b3:c3:51:1c:1d:87:44:1a:1c:ec:c8:83:4b:5e:88:d4:f3:7f:76:78:cd:21:78:11:8f:5d:2b:4a:eb:fd:e6:a5:9a:0a:40:8d:dd:f6:fe:20:f6:85:c3:90:a9:3f:f5:2a:b2:60:15:48:96:99:f1:8b:64:84:d6:bb:33:e1:00:9b:bf:a5:17:80:7f:5f:b9:fd:37:dd:be:3b:02:bc:8e:ca:8a:46:90:90:48:1d:2b:f3:ef:2b:9a:24:be:c7:1f:a5:da:b8:36:8f:7a:c5:19:38:92:c0:0e:0a:6c:a2:ac:81:d4:9e:00:a1:ba:71:c7:94:6b:1e:3e:7d:f4:60:98:d4:5f:d7:7e:79:86:cf:e4:62:b9:ad:34:9e:18:b8:82:b7:77:cb:83:e8:98:fc:39:dd:69:a3:59:7c:ab:d2:2f:52:73:e4:4e:6e:c2:79:13:b7:d6:b0:ee:11:e8:0a:87:f7:77:2c:58:93:0b:47:76:22:c8:ab:9b:b0:65:a9:a1:84:ad:92:5f:5c:7b:7e:99:80:ae:b1:98:45:e8:ce:67:30:2d:28:18:da:8f:86:70:f3:9f:87:fa:88:6b:fb:38:7d:5f:29:2f:9b:29:cc:cf:97:16:45:ee:e3:f7:af:ff:fc:d3:d2:57:e2:dc:60:1a:36:6d:7e:97:c0:f5:55:db:ed:c1:f6:cb:2c:f4:dc:1f:f1:dc:d1:ab:74:52:45:50:26:21:d0:82:d2:3b:99:be:bc:4c:67:07:73:74:e1:36:0d:90:5f:a2:b0:21:fb:17:4f:83:8b:32:60:b3:5a:3f:93:b1:86:7e:de:4b:57:f6:fd:0d:de:50:af:84:a7:4f:12:39:f6:36:53:ea:b2:b2:f4:eb:16:67:c7:30:29:5d:f8:f5:ea:a5:37:d1:e2:69:95:da:66:da:a1:77:ef:a0:2b:55:3c:f1:b5:3f:87:de:ca:2d:9e:a2:6f:88:5a:a3:b3:c4:0c:e0:71:bc:93:62:9d:e8:b2:5f:16:64:c9:86:6f:07:8d:9d:0a:19:0b:c7:c8:54:7f:88:f6:aa:52:d7:d0:22:b9:bd:53:b4:a3:9d:c0:49:d3:ed:5e:c2:cc:b2:f9:a5:3a:f0:05:8c:54:4e:88:31:34:fa:b2:8b:ea:9e:05:74:83:e3:d0:25:05:29:8c:8e:1c:fa:17:da:10:7d:7c:3e:96:87:75:93:d9:47:33:84:41:a9:be:ab:3a:56:a1:e1:ab:dd:5e:b1:80:23:27:c1:e1:d7:8f:e9:29:03:cc:e3:b5:b2:fd:d4:9b:d1:30:06:83:e9:7b:6a:13:28:09:fd:ab:67:f3:3c:73:30:cc:89:36:be:68:be:03:fb:02:9a:3c:0b:23:c2:fe:f0:3d:25:c6:ed:62:ef:1e:43:3d:d8:c9:44:d1:0b:9b:6a:70:89:6f:a9:64:34:3a:77:48:07:fb:7e:b7:da:13:59:fc:64:01:e0:df:8a:11:db:5a:f2:01:be:d7:33:e0:81:1e:c4:fa:ee:21:f3:37:79:bc" + }, + "tcp.segments": { + "tcp.segment": "3218", + "tcp.segment": "3220", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:31:22:2c:20:4e:6f:6e:63:65:3d:22:39:6f:6f:46:56:70:62:2b:42:35:6d:37:49:4e:55:49:41:48:2b:77:6a:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:6f:57:6d:49:6b:6a:38:6f:53:65:35:5a:4a:32:4f:43:63:33:48:66:4f:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:bc:6b:25:cf:33:b3:b6:a2:7e:8a:cd:7f:15:a0:56:f0:ac:85:6b:b4:03:ff:26:06:90:76:04:96:12:bd:59:37:b9:46:46:d6:34:85:83:7f:52:2c:62:2e:d4:c3:e7:52:53:e2:24:94:79:25:9c:f1:e3:cb:c7:83:9a:49:c9:e5:9b:12:04:c2:8b:aa:7c:52:e5:a7:f7:e7:0d:76:e0:32:d1:cf:17:09:c9:32:46:74:f2:a8:61:10:e4:5e:51:94:6b:0b:d7:d8:53:96:8a:49:67:d1:ba:3e:63:0e:77:d3:1a:1a:30:4f:58:1f:87:75:48:a8:b4:2b:b0:5c:fe:96:56:3d:e5:0c:dc:77:72:8a:4e:a0:77:e8:3c:4a:5a:1a:40:a3:48:e5:4a:a7:e3:e4:95:19:32:7e:66:6c:e5:a4:72:49:a1:27:46:1c:83:77:3a:ff:62:3f:44:69:aa:9d:9e:ee:cc:17:18:7d:cb:c9:1d:22:b3:e0:4b:de:44:aa:15:2a:3f:45:f4:09:18:fe:37:94:58:97:19:ba:66:9a:80:87:0b:29:4e:cc:0d:19:09:4d:a4:40:a7:9e:9c:86:88:8e:5c:f9:60:8c:be:bf:3b:12:ba:ca:3d:2f:7a:8d:c3:89:bb:45:37:70:00:f5:1f:95:5c:c4:31:e0:30:a5:a8:68:e4:c8:7d:59:4a:8c:70:48:42:25:ef:1f:10:89:4e:b7:67:0f:1c:9d:c2:90:b7:a1:21:4d:9c:7b:67:30:62:ef:f5:87:da:08:f1:5b:aa:04:53:f3:de:0e:5e:fd:44:3a:27:de:b3:87:43:88:d3:86:6f:5d:46:1e:10:1b:ed:49:93:fc:5b:4c:7e:4b:a5:81:6b:90:97:ab:6f:09:4f:63:a6:c3:b3:6e:2e:03:95:6e:f6:a4:d7:f0:ff:95:11:1f:b1:ca:88:37:f3:fe:6b:8a:da:5d:11:23:6f:a4:7b:a6:75:6e:08:73:7b:44:f9:d6:39:fe:81:8f:c2:44:e7:0c:49:67:51:bc:b3:80:5a:a8:91:fe:a3:a2:93:2b:65:59:c2:7e:b5:bf:2c:8a:6f:64:22:6b:ef:49:b9:3d:e0:f9:06:0f:9e:f0:b8:25:a2:85:ad:b6:5e:8e:1b:b5:8a:fb:a7:68:eb:ce:9c:ae:9b:a6:7b:03:2f:11:da:44:27:7d:d6:a5:90:65:bd:c9:bc:cf:cf:43:04:ad:3b:67:49:31:c4:77:c4:d1:e2:4c:87:85:e0:18:93:ae:be:0f:9d:2a:e1:06:5e:7b:ea:9e:c0:3b:95:cd:f9:45:4e:56:86:b4:d8:09:04:48:b4:c5:87:b3:90:c9:7e:22:c4:fe:8b:21:80:82:2c:30:2c:6b:70:f9:87:83:67:17:a1:a2:87:01:cd:bf:de:43:1c:d6:70:2f:76:f9:ed:b9:d5:93:f1:b8:51:5a:f9:98:5b:4e:9d:95:89:c3:a5:c7:90:f3:8e:de:e9:4d:5f:d0:4b:44:f3:62:0a:f8:2a:79:89:9d:ad:e8:cd:ea:e1:21:ee:15:da:e4:3e:63:78:17:48:13:02:6a:b1:e3:4c:34:ac:e9:96:3a:26:5c:ad:64:b8:33:57:41:37:30:f5:21:07:9a:44:c6:70:28:54:8f:9b:e1:80:93:6d:f3:43:29:e2:f7:af:7a:f6:97:5a:66:2f:09:fd:fe:12:05:8c:f3:e0:31:09:01:8f:c4:b6:81:df:fc:25:25:d9:8f:34:6b:77:3b:95:21:09:8c:bb:65:f5:9a:b3:c3:51:1c:1d:87:44:1a:1c:ec:c8:83:4b:5e:88:d4:f3:7f:76:78:cd:21:78:11:8f:5d:2b:4a:eb:fd:e6:a5:9a:0a:40:8d:dd:f6:fe:20:f6:85:c3:90:a9:3f:f5:2a:b2:60:15:48:96:99:f1:8b:64:84:d6:bb:33:e1:00:9b:bf:a5:17:80:7f:5f:b9:fd:37:dd:be:3b:02:bc:8e:ca:8a:46:90:90:48:1d:2b:f3:ef:2b:9a:24:be:c7:1f:a5:da:b8:36:8f:7a:c5:19:38:92:c0:0e:0a:6c:a2:ac:81:d4:9e:00:a1:ba:71:c7:94:6b:1e:3e:7d:f4:60:98:d4:5f:d7:7e:79:86:cf:e4:62:b9:ad:34:9e:18:b8:82:b7:77:cb:83:e8:98:fc:39:dd:69:a3:59:7c:ab:d2:2f:52:73:e4:4e:6e:c2:79:13:b7:d6:b0:ee:11:e8:0a:87:f7:77:2c:58:93:0b:47:76:22:c8:ab:9b:b0:65:a9:a1:84:ad:92:5f:5c:7b:7e:99:80:ae:b1:98:45:e8:ce:67:30:2d:28:18:da:8f:86:70:f3:9f:87:fa:88:6b:fb:38:7d:5f:29:2f:9b:29:cc:cf:97:16:45:ee:e3:f7:af:ff:fc:d3:d2:57:e2:dc:60:1a:36:6d:7e:97:c0:f5:55:db:ed:c1:f6:cb:2c:f4:dc:1f:f1:dc:d1:ab:74:52:45:50:26:21:d0:82:d2:3b:99:be:bc:4c:67:07:73:74:e1:36:0d:90:5f:a2:b0:21:fb:17:4f:83:8b:32:60:b3:5a:3f:93:b1:86:7e:de:4b:57:f6:fd:0d:de:50:af:84:a7:4f:12:39:f6:36:53:ea:b2:b2:f4:eb:16:67:c7:30:29:5d:f8:f5:ea:a5:37:d1:e2:69:95:da:66:da:a1:77:ef:a0:2b:55:3c:f1:b5:3f:87:de:ca:2d:9e:a2:6f:88:5a:a3:b3:c4:0c:e0:71:bc:93:62:9d:e8:b2:5f:16:64:c9:86:6f:07:8d:9d:0a:19:0b:c7:c8:54:7f:88:f6:aa:52:d7:d0:22:b9:bd:53:b4:a3:9d:c0:49:d3:ed:5e:c2:cc:b2:f9:a5:3a:f0:05:8c:54:4e:88:31:34:fa:b2:8b:ea:9e:05:74:83:e3:d0:25:05:29:8c:8e:1c:fa:17:da:10:7d:7c:3e:96:87:75:93:d9:47:33:84:41:a9:be:ab:3a:56:a1:e1:ab:dd:5e:b1:80:23:27:c1:e1:d7:8f:e9:29:03:cc:e3:b5:b2:fd:d4:9b:d1:30:06:83:e9:7b:6a:13:28:09:fd:ab:67:f3:3c:73:30:cc:89:36:be:68:be:03:fb:02:9a:3c:0b:23:c2:fe:f0:3d:25:c6:ed:62:ef:1e:43:3d:d8:c9:44:d1:0b:9b:6a:70:89:6f:a9:64:34:3a:77:48:07:fb:7e:b7:da:13:59:fc:64:01:e0:df:8a:11:db:5a:f2:01:be:d7:33:e0:81:1e:c4:fa:ee:21:f3:37:79:bc" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"191\", Nonce=\"9ooFVpb+B5m7INUIAH+wjw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"oWmIkj8oSe5ZJ2OCc3HfOA==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"191\", Nonce=\"9ooFVpb+B5m7INUIAH+wjw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"oWmIkj8oSe5ZJ2OCc3HfOA==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "\u00ef\u00bf\u00bdk%\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u007f\u0015\u00ef\u00bf\u00bdV\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdk\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd&\u0006\u00ef\u00bf\u00bdv\u0004\u00ef\u00bf\u00bd\u0012\u00ef\u00bf\u00bdY7\u00ef\u00bf\u00bdFF\u00ef\u00bf\u00bd4\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u007fR,b.\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdRS\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bdy%\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdI\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0012\u0004\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|R\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\rv\u00ef\u00bf\u00bd2\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0017\t\u00ef\u00bf\u00bd2Ft\u00ef\u00bf\u00bd\u00ef\u00bf\u00bda\u0010\u00ef\u00bf\u00bd^Q\u00ef\u00bf\u00bdk\u000b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdIg\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd>c\u000ew\u00ef\u00bf\u00bd\u001a\u001a0OX\u001f\u00ef\u00bf\u00bduH\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd+\u00ef\u00bf\u00bd\\\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdV=\u00ef\u00bf\u00bd\f\u00ef\u00bf\u00bdwr\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bdw\u00ef\u00bf\u00bd<JZ\u001a@\u00ef\u00bf\u00bdH\u00ef\u00bf\u00bdJ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00192~fl\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdrI\u00ef\u00bf\u00bd'F\u001c\u00ef\u00bf\u00bdw:\u00ef\u00bf\u00bdb?Di\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0017\u0018}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001d\"\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdK\u00ef\u00bf\u00bdD\u00ef\u00bf\u00bd\u0015*?E\u00ef\u00bf\u00bd\t\u0018\u00ef\u00bf\u00bd7\u00ef\u00bf\u00bdX\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bdf\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000b)N\u00ef\u00bf\u00bd\r\u0019\tM\u00ef\u00bf\u00bd@\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\\\u00ef\u00bf\u00bd`\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd;\u0012\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd=\/z\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdE7p" + }, + "media": { + "media.type": "bc:6b:25:cf:33:b3:b6:a2:7e:8a:cd:7f:15:a0:56:f0:ac:85:6b:b4:03:ff:26:06:90:76:04:96:12:bd:59:37:b9:46:46:d6:34:85:83:7f:52:2c:62:2e:d4:c3:e7:52:53:e2:24:94:79:25:9c:f1:e3:cb:c7:83:9a:49:c9:e5:9b:12:04:c2:8b:aa:7c:52:e5:a7:f7:e7:0d:76:e0:32:d1:cf:17:09:c9:32:46:74:f2:a8:61:10:e4:5e:51:94:6b:0b:d7:d8:53:96:8a:49:67:d1:ba:3e:63:0e:77:d3:1a:1a:30:4f:58:1f:87:75:48:a8:b4:2b:b0:5c:fe:96:56:3d:e5:0c:dc:77:72:8a:4e:a0:77:e8:3c:4a:5a:1a:40:a3:48:e5:4a:a7:e3:e4:95:19:32:7e:66:6c:e5:a4:72:49:a1:27:46:1c:83:77:3a:ff:62:3f:44:69:aa:9d:9e:ee:cc:17:18:7d:cb:c9:1d:22:b3:e0:4b:de:44:aa:15:2a:3f:45:f4:09:18:fe:37:94:58:97:19:ba:66:9a:80:87:0b:29:4e:cc:0d:19:09:4d:a4:40:a7:9e:9c:86:88:8e:5c:f9:60:8c:be:bf:3b:12:ba:ca:3d:2f:7a:8d:c3:89:bb:45:37:70:00:f5:1f:95:5c:c4:31:e0:30:a5:a8:68:e4:c8:7d:59:4a:8c:70:48:42:25:ef:1f:10:89:4e:b7:67:0f:1c:9d:c2:90:b7:a1:21:4d:9c:7b:67:30:62:ef:f5:87:da:08:f1:5b:aa:04:53:f3:de:0e:5e:fd:44:3a:27:de:b3:87:43:88:d3:86:6f:5d:46:1e:10:1b:ed:49:93:fc:5b:4c:7e:4b:a5:81:6b:90:97:ab:6f:09:4f:63:a6:c3:b3:6e:2e:03:95:6e:f6:a4:d7:f0:ff:95:11:1f:b1:ca:88:37:f3:fe:6b:8a:da:5d:11:23:6f:a4:7b:a6:75:6e:08:73:7b:44:f9:d6:39:fe:81:8f:c2:44:e7:0c:49:67:51:bc:b3:80:5a:a8:91:fe:a3:a2:93:2b:65:59:c2:7e:b5:bf:2c:8a:6f:64:22:6b:ef:49:b9:3d:e0:f9:06:0f:9e:f0:b8:25:a2:85:ad:b6:5e:8e:1b:b5:8a:fb:a7:68:eb:ce:9c:ae:9b:a6:7b:03:2f:11:da:44:27:7d:d6:a5:90:65:bd:c9:bc:cf:cf:43:04:ad:3b:67:49:31:c4:77:c4:d1:e2:4c:87:85:e0:18:93:ae:be:0f:9d:2a:e1:06:5e:7b:ea:9e:c0:3b:95:cd:f9:45:4e:56:86:b4:d8:09:04:48:b4:c5:87:b3:90:c9:7e:22:c4:fe:8b:21:80:82:2c:30:2c:6b:70:f9:87:83:67:17:a1:a2:87:01:cd:bf:de:43:1c:d6:70:2f:76:f9:ed:b9:d5:93:f1:b8:51:5a:f9:98:5b:4e:9d:95:89:c3:a5:c7:90:f3:8e:de:e9:4d:5f:d0:4b:44:f3:62:0a:f8:2a:79:89:9d:ad:e8:cd:ea:e1:21:ee:15:da:e4:3e:63:78:17:48:13:02:6a:b1:e3:4c:34:ac:e9:96:3a:26:5c:ad:64:b8:33:57:41:37:30:f5:21:07:9a:44:c6:70:28:54:8f:9b:e1:80:93:6d:f3:43:29:e2:f7:af:7a:f6:97:5a:66:2f:09:fd:fe:12:05:8c:f3:e0:31:09:01:8f:c4:b6:81:df:fc:25:25:d9:8f:34:6b:77:3b:95:21:09:8c:bb:65:f5:9a:b3:c3:51:1c:1d:87:44:1a:1c:ec:c8:83:4b:5e:88:d4:f3:7f:76:78:cd:21:78:11:8f:5d:2b:4a:eb:fd:e6:a5:9a:0a:40:8d:dd:f6:fe:20:f6:85:c3:90:a9:3f:f5:2a:b2:60:15:48:96:99:f1:8b:64:84:d6:bb:33:e1:00:9b:bf:a5:17:80:7f:5f:b9:fd:37:dd:be:3b:02:bc:8e:ca:8a:46:90:90:48:1d:2b:f3:ef:2b:9a:24:be:c7:1f:a5:da:b8:36:8f:7a:c5:19:38:92:c0:0e:0a:6c:a2:ac:81:d4:9e:00:a1:ba:71:c7:94:6b:1e:3e:7d:f4:60:98:d4:5f:d7:7e:79:86:cf:e4:62:b9:ad:34:9e:18:b8:82:b7:77:cb:83:e8:98:fc:39:dd:69:a3:59:7c:ab:d2:2f:52:73:e4:4e:6e:c2:79:13:b7:d6:b0:ee:11:e8:0a:87:f7:77:2c:58:93:0b:47:76:22:c8:ab:9b:b0:65:a9:a1:84:ad:92:5f:5c:7b:7e:99:80:ae:b1:98:45:e8:ce:67:30:2d:28:18:da:8f:86:70:f3:9f:87:fa:88:6b:fb:38:7d:5f:29:2f:9b:29:cc:cf:97:16:45:ee:e3:f7:af:ff:fc:d3:d2:57:e2:dc:60:1a:36:6d:7e:97:c0:f5:55:db:ed:c1:f6:cb:2c:f4:dc:1f:f1:dc:d1:ab:74:52:45:50:26:21:d0:82:d2:3b:99:be:bc:4c:67:07:73:74:e1:36:0d:90:5f:a2:b0:21:fb:17:4f:83:8b:32:60:b3:5a:3f:93:b1:86:7e:de:4b:57:f6:fd:0d:de:50:af:84:a7:4f:12:39:f6:36:53:ea:b2:b2:f4:eb:16:67:c7:30:29:5d:f8:f5:ea:a5:37:d1:e2:69:95:da:66:da:a1:77:ef:a0:2b:55:3c:f1:b5:3f:87:de:ca:2d:9e:a2:6f:88:5a:a3:b3:c4:0c:e0:71:bc:93:62:9d:e8:b2:5f:16:64:c9:86:6f:07:8d:9d:0a:19:0b:c7:c8:54:7f:88:f6:aa:52:d7:d0:22:b9:bd:53:b4:a3:9d:c0:49:d3:ed:5e:c2:cc:b2:f9:a5:3a:f0:05:8c:54:4e:88:31:34:fa:b2:8b:ea:9e:05:74:83:e3:d0:25:05:29:8c:8e:1c:fa:17:da:10:7d:7c:3e:96:87:75:93:d9:47:33:84:41:a9:be:ab:3a:56:a1:e1:ab:dd:5e:b1:80:23:27:c1:e1:d7:8f:e9:29:03:cc:e3:b5:b2:fd:d4:9b:d1:30:06:83:e9:7b:6a:13:28:09:fd:ab:67:f3:3c:73:30:cc:89:36:be:68:be:03:fb:02:9a:3c:0b:23:c2:fe:f0:3d:25:c6:ed:62:ef:1e:43:3d:d8:c9:44:d1:0b:9b:6a:70:89:6f:a9:64:34:3a:77:48:07:fb:7e:b7:da:13:59:fc:64:01:e0:df:8a:11:db:5a:f2:01:be:d7:33:e0:81:1e:c4:fa:ee:21:f3:37:79:bc" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:08.181974000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494468.181974000", + "frame.time_delta": "0.135276000", + "frame.time_delta_displayed": "0.135276000", + "frame.time_relative": "876.721288000", + "frame.number": "3221", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001fb7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00006b24", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35302", + "tcp.port": "80", + "tcp.port": "35302", + "tcp.stream": "134", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000043d0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3220", + "tcp.analysis.ack_rtt": "0.135276000", + "tcp.analysis.initial_rtt": "0.135924000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:08.199533000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494468.199533000", + "frame.time_delta": "0.017559000", + "frame.time_delta_displayed": "0.017559000", + "frame.time_relative": "876.738847000", + "frame.number": "3222", + "frame.len": "151", + "frame.cap_len": "151", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "137", + "ip.id": "0x00002c8c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000389e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "85", + "tcp.seq": "8878", + "tcp.nxtseq": "8963", + "tcp.ack": "37008", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000072e6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:53:86:00:26:05:ac", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812171142, TSecr 2491820": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812171142", + "tcp.options.timestamp.tsecr": "2491820" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "85", + "tcp.analysis.push_bytes_sent": "85" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "80", + "ssl.app_data": "34:cd:34:17:47:48:0e:68:33:4b:82:6b:87:ff:42:1f:f0:c2:cb:af:9a:18:ce:95:cb:7e:e3:a2:28:fe:3f:fa:f0:f0:dd:34:03:8b:3b:e6:92:ab:6b:4d:d8:39:fa:86:5f:3c:42:f8:2d:31:04:cb:cd:94:89:99:45:e0:b0:40:a7:44:d9:fc:b3:9b:73:6e:73:69:54:33:c1:7c:28:e3" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:08.206328000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494468.206328000", + "frame.time_delta": "0.006795000", + "frame.time_delta_displayed": "0.006795000", + "frame.time_relative": "876.745642000", + "frame.number": "3223", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00009590", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "37008", + "tcp.nxtseq": "37055", + "tcp.ack": "8963", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000993e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:07:69:a7:9e:53:86", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492265, TSecr 2812171142": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492265", + "tcp.options.timestamp.tsecr": "2812171142" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3222", + "tcp.analysis.ack_rtt": "0.006795000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:43:10:0c:90:6d:c7:f7:18:19:99:c4:40:92:1c:82:61:d2:0d:41:24:48:c3:18:d9:57:ac:a9:4e:7f:3f:f8:59:ae:49:bd" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:08.223353000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494468.223353000", + "frame.time_delta": "0.017025000", + "frame.time_delta_displayed": "0.017025000", + "frame.time_relative": "876.762667000", + "frame.number": "3224", + "frame.len": "162", + "frame.cap_len": "162", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "148", + "ip.id": "0x000087ab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004218", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "10023", + "udp.dstport": "1900", + "udp.port": "10023", + "udp.port": "1900", + "udp.length": "128", + "udp.checksum": "0x0000e91a", + "udp.checksum.status": "2", + "udp.stream": "88" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "MX: 4\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST:239.255.255.250:1900\r\n", + "http.request.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:08.232402000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494468.232402000", + "frame.time_delta": "0.009049000", + "frame.time_delta_displayed": "0.009049000", + "frame.time_relative": "876.771716000", + "frame.number": "3225", + "frame.len": "925", + "frame.cap_len": "925", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "911", + "ip.id": "0x00003a1d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00004d57", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35302", + "tcp.port": "80", + "tcp.port": "35302", + "tcp.stream": "134", + "tcp.len": "871", + "tcp.seq": "1", + "tcp.nxtseq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000bdf9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.135924000", + "tcp.analysis.bytes_in_flight": "871", + "tcp.analysis.push_bytes_sent": "871" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_length_header": "560", + "http.content_length_header_tree": { + "http.content_length": "560" + }, + "http.response.line": "Content-Length: 560\r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Nonce=\"Q8NQBIifW6e7INUIn+yRKg==\"", + "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"Q8NQBIifW6e7INUIn+yRKg==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Wed, 01 Nov 2017 00:01:08 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:01:08 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.185704000", + "http.request_in": "3220", + "http.file_data": "\u00ef\u00bf\u00bdk%\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u007f\u0015\u00ef\u00bf\u00bdV\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdk\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd&\u0006\u00ef\u00bf\u00bdv\u0004\u00ef\u00bf\u00bd\u0012\u00ef\u00bf\u00bdY7\u0005\u00ef\u00bf\u00bd\u0016\u0016F\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd0i\u000e" + }, + "media": { + "media.type": "bc:6b:25:cf:33:b3:b6:a2:7e:8a:cd:7f:15:a0:56:f0:ac:85:6b:b4:03:ff:26:06:90:76:04:96:12:bd:59:37:05:ea:16:16:46:da:ad:30:69:0e:00:18:42:e1:18:9b:1b:88:3c:ad:93:cb:bb:8e:19:e0:57:f6:ea:5c:8b:f4:e6:ae:d4:f4:17:88:28:35:3b:73:a8:4b:88:ac:52:94:3d:08:06:43:24:78:98:b8:65:4d:64:5f:09:87:ab:2e:0a:57:1e:47:ce:06:a5:d4:77:ac:42:ab:40:f1:81:f6:1e:58:e2:f4:f1:81:05:f3:f3:fd:bb:b6:60:a5:b6:09:57:d3:43:5a:5b:f4:32:d9:79:ef:0e:96:7d:fd:cd:a3:00:4a:dc:c1:1f:6e:93:81:86:30:64:df:70:03:c0:a5:8f:1d:41:c2:cf:ed:aa:0c:a5:8d:ed:fb:ed:46:42:b0:8b:c7:2c:ae:05:8f:b3:9f:22:bb:96:34:34:f8:eb:f2:c9:80:35:a2:04:d7:46:58:e7:60:a5:b5:09:fa:fa:ed:21:23:47:d5:92:23:d1:6b:48:62:14:10:7d:54:23:09:08:30:e3:b3:2e:97:75:86:75:f7:20:04:68:6c:74:24:57:1b:f0:76:74:f6:c8:7c:24:fd:2a:09:56:d1:5a:b6:01:79:da:41:c1:16:2c:6a:ac:44:67:0a:e4:87:a6:a5:80:ff:93:13:50:b8:b6:c8:90:4a:f9:10:cc:d9:69:3f:5f:a5:e9:4f:e4:3d:d8:90:70:50:c3:4c:2f:de:71:d5:ce:0a:32:48:84:d1:e3:d8:22:9b:93:1f:b7:2f:1b:b0:70:1e:72:d5:85:29:aa:60:74:90:9f:d9:87:e8:a8:19:ff:dd:fa:83:f8:40:46:8e:06:ca:90:98:5d:97:0a:9f:34:12:88:be:9b:29:70:37:0a:a8:9e:96:aa:c1:f6:24:bc:3c:a4:c2:06:2a:89:1e:a3:c3:af:d3:9f:77:47:1e:97:19:84:ea:82:da:03:b4:f5:4a:39:ed:9b:11:f6:01:6e:e9:6b:3a:a6:bd:6b:97:a5:7c:d6:24:22:03:16:da:a7:51:72:a9:19:8c:b8:be:2e:26:e8:66:39:83:b2:9b:3b:a6:d9:8b:1d:2f:4f:6c:bb:97:d3:3e:f3:f5:1d:26:45:7b:38:ce:12:a6:91:65:8d:11:ec:ba:56:29:e8:33:6f:31:d6:9f:d3:83:5f:f0:47:4c:55:50:e7:05:1b:e4:a8:0a:1a:97:7e:37:b1:23:20:ae:30:5a:90:41:ac:29:65:a4:a3:72:48:d3:ba:26:cc:18:d4:96:fc:17:3e:17:b8:44:db:71:f7:6f:54:9f:12:07:23:02:22:33:ce:81:f9:d3:97:09:1a:d1:38:93:e3:1a:f3:08:7a:3f:fa:26:1b:ec:37:e3:2c:5d:19:ec:db:cb:ed:62:45:7e:01:7d" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:08.232488000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494468.232488000", + "frame.time_delta": "0.000086000", + "frame.time_delta_displayed": "0.000086000", + "frame.time_relative": "876.771802000", + "frame.number": "3226", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003a1f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x000050bc", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35302", + "tcp.port": "80", + "tcp.port": "35302", + "tcp.stream": "134", + "tcp.len": "0", + "tcp.seq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00004068", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:08.232961000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494468.232961000", + "frame.time_delta": "0.000473000", + "frame.time_delta_displayed": "0.000473000", + "frame.time_relative": "876.772275000", + "frame.number": "3227", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000089fb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000abe0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35302", + "tcp.dstport": "80", + "tcp.port": "35302", + "tcp.port": "80", + "tcp.stream": "134", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "872", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000e0b7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3225", + "tcp.analysis.ack_rtt": "0.000559000", + "tcp.analysis.initial_rtt": "0.135924000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:08.233605000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494468.233605000", + "frame.time_delta": "0.000644000", + "frame.time_delta_displayed": "0.000644000", + "frame.time_relative": "876.772919000", + "frame.number": "3228", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000089fc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000abdf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35302", + "tcp.dstport": "80", + "tcp.port": "35302", + "tcp.port": "80", + "tcp.stream": "134", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "873", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000e0b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3226", + "tcp.analysis.ack_rtt": "0.001117000", + "tcp.analysis.initial_rtt": "0.135924000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:08.266803000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494468.266803000", + "frame.time_delta": "0.033198000", + "frame.time_delta_displayed": "0.033198000", + "frame.time_relative": "876.806117000", + "frame.number": "3229", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c8d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038f2", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8963", + "tcp.ack": "37055", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000099ca", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:53:97:00:26:07:69", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812171159, TSecr 2492265": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812171159", + "tcp.options.timestamp.tsecr": "2492265" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3223", + "tcp.analysis.ack_rtt": "0.060475000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:08.267234000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494468.267234000", + "frame.time_delta": "0.000431000", + "frame.time_delta_displayed": "0.000431000", + "frame.time_relative": "876.806548000", + "frame.number": "3230", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "160", + "ip.id": "0x00009591", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007782", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "108", + "tcp.seq": "37055", + "tcp.nxtseq": "37163", + "tcp.ack": "8963", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f4aa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:07:6f:a7:9e:53:97", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492271, TSecr 2812171159": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492271", + "tcp.options.timestamp.tsecr": "2812171159" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "108", + "tcp.analysis.push_bytes_sent": "108" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:44:0f:34:14:be:74:ae:3b:8e:34:b0:d4:36:27:70:8a:5c:a0:0e:6d:d0:20:ba:00:79:61:ae:ed:2e:dc:50:f8:f1:60:8d:e4:a0:0a:9a:51:d5:b7" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:45:5b:76:d3:9f:c3:cb:10:61:b2:93:85:76:07:85:c6:48:60:1c:da:47:7d:95:95:ed:30:e0:6f:fe:9b:73:71:6f:06:8d:51:d4:e5:9a:da:98:1e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:08.327452000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494468.327452000", + "frame.time_delta": "0.060218000", + "frame.time_delta_displayed": "0.060218000", + "frame.time_relative": "876.866766000", + "frame.number": "3231", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c8e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038f1", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8963", + "tcp.ack": "37163", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009949", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:53:a6:00:26:07:6f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812171174, TSecr 2492271": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812171174", + "tcp.options.timestamp.tsecr": "2492271" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3230", + "tcp.analysis.ack_rtt": "0.060218000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:08.369039000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494468.369039000", + "frame.time_delta": "0.041587000", + "frame.time_delta_displayed": "0.041587000", + "frame.time_relative": "876.908353000", + "frame.number": "3232", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007de1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00000cfa", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35302", + "tcp.port": "80", + "tcp.port": "35302", + "tcp.stream": "134", + "tcp.len": "0", + "tcp.seq": "873", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00004067", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3228", + "tcp.analysis.ack_rtt": "0.135434000", + "tcp.analysis.initial_rtt": "0.135924000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:08.421089000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494468.421089000", + "frame.time_delta": "0.052050000", + "frame.time_delta_displayed": "0.052050000", + "frame.time_relative": "876.960403000", + "frame.number": "3233", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x00009592", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007755", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "37163", + "tcp.nxtseq": "37315", + "tcp.ack": "8963", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c9d6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:07:7e:a7:9e:53:a6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492286, TSecr 2812171174": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492286", + "tcp.options.timestamp.tsecr": "2812171174" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:46:33:2f:10:6c:25:07:bd:ca:f4:b8:39:a7:53:dd:95:00:40:0a:89:f3:92:3e:71:d8:c9:6a:07:92:ee:cd:4b:e7:ce:77:15:04:9a:d5:9f:ac:63:07:2f:42:c7:98:37:72:d3:f1:60:4d:ce:fb:8e:4a:36:ce:67:94:5e:65:41:79:1d:fd:53:49:3b:45:53:b4:02:42:09:dd:88:ef:ed:7f:d7:bf:ce:51:3c:60:25:5a:99:c4:fa:2b:76:ed:b0:e7:c4:34:20:bc:b7:14:93:40:0e:92:6b:34:93:57:74:8a:52:17:06:69:b9:fb:01:69:62:c6:9f:a0:98:4c:ca:9a:59:7a:25:bc:47:77:9a:f8:b2:69:99" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:08.481388000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494468.481388000", + "frame.time_delta": "0.060299000", + "frame.time_delta_displayed": "0.060299000", + "frame.time_relative": "877.020702000", + "frame.number": "3234", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c8f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038f0", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8963", + "tcp.ack": "37315", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000987c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:53:cc:00:26:07:7e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812171212, TSecr 2492286": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812171212", + "tcp.options.timestamp.tsecr": "2492286" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3233", + "tcp.analysis.ack_rtt": "0.060299000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:08.481888000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494468.481888000", + "frame.time_delta": "0.000500000", + "frame.time_delta_displayed": "0.000500000", + "frame.time_relative": "877.021202000", + "frame.number": "3235", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x00009593", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000774b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "37315", + "tcp.nxtseq": "37476", + "tcp.ack": "8963", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000048a8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:07:84:a7:9e:53:cc", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492292, TSecr 2812171212": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492292", + "tcp.options.timestamp.tsecr": "2812171212" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:47:7a:41:b5:d6:18:c3:19:f3:b2:fe:3f:7b:cc:4b:44:93:11:42:95:f7:3a:9b:5c:a3:b6:46:b4:41:ff:ad:ec:6d:bf:58:b8:80:1b:c8:70:e8:77:27:3f:0f:bf:b0:e6:2e:d7:2b:6e:63:7b:45:ce:d0:e3:d6:cd:bf:c9:a5:71:5c:a3:8a:bb:d0:ae:d0:d4:60:0b:f9:75:44:c1:3c:42:2b:e6:c4:ea:b6:e4:bf:11:62:a1:61:b6:90:8d:c5:6b:f8:94:4b:50:a7:fe:ba:6c:64:a8:de:ff:c4:69:82:af:20:08:b4:27:ab:a6:42:50:f7:4c:92:bb:fa:46:b9:8c:4b:bd:bb:e2:f3:57:d3:46:51:f1:98:cb:07:74:d3:9c:77:88:ad:13:00" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:08.542096000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494468.542096000", + "frame.time_delta": "0.060208000", + "frame.time_delta_displayed": "0.060208000", + "frame.time_relative": "877.081410000", + "frame.number": "3236", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c90", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038ef", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8963", + "tcp.ack": "37476", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000097c6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:53:db:00:26:07:84", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812171227, TSecr 2492292": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812171227", + "tcp.options.timestamp.tsecr": "2492292" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3235", + "tcp.analysis.ack_rtt": "0.060208000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:08.542593000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494468.542593000", + "frame.time_delta": "0.000497000", + "frame.time_delta_displayed": "0.000497000", + "frame.time_relative": "877.081907000", + "frame.number": "3237", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00009594", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007750", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "37476", + "tcp.nxtseq": "37631", + "tcp.ack": "8963", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006829", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:07:8b:a7:9e:53:db", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492299, TSecr 2812171227": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492299", + "tcp.options.timestamp.tsecr": "2812171227" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:48:6e:26:57:f7:67:f2:00:4c:8a:c6:be:40:a4:08:c2:78:68:aa:b5:d6:82:ef:b9:bd:f9:0a:3f:af:20:1b:bf:7b:80:dc:51:20:26:e7:ff:60:28:16:7f:a1:84:23:36:d3:c8:a8:ae:cf:c0:03:46:19:5f:39:b3:25:51:43:53:2a:fd:22:e6:58:bf:cd:09:06:bf:3b:24:63:82:fb:c6:c0:b4:4a:24:f2:56:c6:6e:0a:f1:cf:70:c0:b5:d6:50:35:9c:c8:cf:cf:61:66:43:ab:1a:83:cd:b0:50:c5:98:b9:7b:03:9c:1c:07:cb:a5:e6:77:80:99:6c:04:fb:02:ad:bc:fe:5c:30:79:63:d6:d6:3c:8b:07:c4:b3:ee" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:08.602756000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494468.602756000", + "frame.time_delta": "0.060163000", + "frame.time_delta_displayed": "0.060163000", + "frame.time_relative": "877.142070000", + "frame.number": "3238", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c91", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038ee", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8963", + "tcp.ack": "37631", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009714", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:53:eb:00:26:07:8b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812171243, TSecr 2492299": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812171243", + "tcp.options.timestamp.tsecr": "2492299" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3237", + "tcp.analysis.ack_rtt": "0.060163000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:09.470436000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494469.470436000", + "frame.time_delta": "0.867680000", + "frame.time_delta_displayed": "0.867680000", + "frame.time_relative": "878.009750000", + "frame.number": "3239", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x00009595", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007752", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "37631", + "tcp.nxtseq": "37783", + "tcp.ack": "8963", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000664b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:07:e7:a7:9e:53:eb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492391, TSecr 2812171243": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492391", + "tcp.options.timestamp.tsecr": "2812171243" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:49:d5:99:f2:09:5d:20:d7:ef:e0:06:e9:ef:90:66:36:ca:0f:83:d7:27:a8:a9:bc:08:9c:0a:5b:e7:6f:95:eb:b7:88:a7:48:24:16:5a:22:c6:cb:db:5e:1e:7d:5e:00:cd:23:98:15:c3:40:3d:26:a2:cc:ef:34:11:44:29:71:f4:02:0b:29:f4:2b:fd:dd:78:94:3d:e1:0a:f4:15:77:c6:96:56:3e:f7:d1:ce:6a:82:c8:bc:1a:2f:51:ed:f0:47:d4:ae:f5:f3:6a:e7:39:f1:6c:29:eb:f2:fe:a6:d7:f4:e2:fc:4a:8e:18:df:24:8e:7d:b6:cc:19:d5:ee:08:f4:17:1e:06:a9:78:9e:6a:dc:59:1d:ae" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:09.531253000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494469.531253000", + "frame.time_delta": "0.060817000", + "frame.time_delta_displayed": "0.060817000", + "frame.time_relative": "878.070567000", + "frame.number": "3240", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c92", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038ed", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8963", + "tcp.ack": "37783", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009538", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:54:d3:00:26:07:e7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812171475, TSecr 2492391": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812171475", + "tcp.options.timestamp.tsecr": "2492391" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3239", + "tcp.analysis.ack_rtt": "0.060817000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:09.531749000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494469.531749000", + "frame.time_delta": "0.000496000", + "frame.time_delta_displayed": "0.000496000", + "frame.time_relative": "878.071063000", + "frame.number": "3241", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x00009596", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007748", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "37783", + "tcp.nxtseq": "37944", + "tcp.ack": "8963", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000efc4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:07:ed:a7:9e:54:d3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492397, TSecr 2812171475": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492397", + "tcp.options.timestamp.tsecr": "2812171475" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:4a:70:bf:68:8b:92:11:fa:45:0a:7b:12:cb:d0:97:1a:70:8b:87:02:0c:7e:3d:8c:e6:6e:d9:50:36:40:bb:a0:ef:20:f6:68:79:12:21:47:17:24:ce:26:5e:4e:41:73:31:d6:4b:91:d9:45:78:88:c6:72:91:c1:4b:bb:80:e8:c5:1b:78:b0:ee:45:c4:5f:5a:90:7f:4d:f8:9d:5a:12:f7:29:eb:f3:2c:45:5d:98:97:97:6c:2b:c2:c4:ed:e6:4c:04:8b:89:1d:52:77:b7:35:9b:dc:1f:b8:21:d2:3c:07:82:1b:10:cf:c0:ce:1c:81:ec:bb:bd:f5:81:36:f2:cd:50:1f:d3:83:bc:3f:13:c4:ff:e7:08:e8:90:5f:b8:31:d8:4b:48:e8" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:09.591935000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494469.591935000", + "frame.time_delta": "0.060186000", + "frame.time_delta_displayed": "0.060186000", + "frame.time_relative": "878.131249000", + "frame.number": "3242", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c93", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038ec", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8963", + "tcp.ack": "37944", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009482", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:54:e2:00:26:07:ed", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812171490, TSecr 2492397": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812171490", + "tcp.options.timestamp.tsecr": "2492397" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3241", + "tcp.analysis.ack_rtt": "0.060186000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:09.592475000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494469.592475000", + "frame.time_delta": "0.000540000", + "frame.time_delta_displayed": "0.000540000", + "frame.time_relative": "878.131789000", + "frame.number": "3243", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00009597", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000774d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "37944", + "tcp.nxtseq": "38099", + "tcp.ack": "8963", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000078c3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:07:f4:a7:9e:54:e2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492404, TSecr 2812171490": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492404", + "tcp.options.timestamp.tsecr": "2812171490" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:4b:d3:fb:c3:14:b6:fb:a5:6d:d6:ee:87:a3:67:03:bd:6e:fb:64:8d:64:1d:7e:81:ad:ff:ef:6a:e4:c6:48:72:12:9c:ed:8e:90:c1:fc:83:29:65:93:ea:e0:1a:b8:f1:cd:28:43:aa:ea:f2:b9:f7:ae:c7:6c:2e:3b:f7:37:b7:fb:54:89:07:16:bd:e9:05:cc:90:f0:11:6e:10:f5:50:cb:1c:ec:ff:9f:45:4f:14:87:4f:61:aa:63:4e:10:38:6d:8f:0e:f8:a9:82:bb:51:bb:f2:fb:0f:76:17:9f:b8:74:e7:a9:ff:86:20:85:6e:79:4d:e3:e2:ca:02:85:bb:bf:97:72:26:0f:20:ef:9a:7c:f8:b6:c4:26:af:f2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:09.652614000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494469.652614000", + "frame.time_delta": "0.060139000", + "frame.time_delta_displayed": "0.060139000", + "frame.time_relative": "878.191928000", + "frame.number": "3244", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c94", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038eb", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "8963", + "tcp.ack": "38099", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000093d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:54:f1:00:26:07:f4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812171505, TSecr 2492404": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812171505", + "tcp.options.timestamp.tsecr": "2492404" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3243", + "tcp.analysis.ack_rtt": "0.060139000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:10.219162000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494470.219162000", + "frame.time_delta": "0.566548000", + "frame.time_delta_displayed": "0.566548000", + "frame.time_relative": "878.758476000", + "frame.number": "3245", + "frame.len": "353", + "frame.cap_len": "353", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "339", + "ip.id": "0x00002c95", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037cb", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "287", + "tcp.seq": "8963", + "tcp.nxtseq": "9250", + "tcp.ack": "38099", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009ba1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:55:7d:00:26:07:f4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812171645, TSecr 2492404": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812171645", + "tcp.options.timestamp.tsecr": "2492404" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "287", + "tcp.analysis.push_bytes_sent": "287" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "282", + "ssl.app_data": "34:cd:34:17:47:48:0e:69:49:fb:49:23:96:f9:f0:9a:32:ed:ca:a1:94:57:13:cc:d5:e5:ef:2f:dc:65:99:56:9b:c6:ec:8f:e6:c3:ea:83:b6:e8:87:b2:19:a9:ff:92:9e:fa:58:ea:7f:b5:d3:2a:8b:36:f1:f2:f2:9c:19:96:19:6c:08:09:21:3a:2c:5b:61:82:dc:4a:93:1a:40:fd:7f:27:a0:e0:18:6d:ee:d3:9f:2e:0a:2a:23:34:1d:ee:4f:b6:8c:5b:66:1a:26:9c:7f:1d:17:ae:92:5d:1d:e9:bd:2d:72:cc:c3:76:bc:bb:c0:d6:09:07:dd:50:07:24:13:ad:dc:e0:cf:d2:27:39:cf:15:93:09:e3:c0:28:64:e0:23:fb:e9:79:28:99:db:b8:05:c4:06:66:e2:f3:0a:1c:ef:20:20:c9:cd:59:65:e3:3a:43:71:22:b5:0b:95:ac:f4:63:e5:eb:ed:64:42:65:0c:08:9e:3b:b1:46:d3:4f:2f:80:a0:ea:cd:88:a5:10:17:8d:1d:52:49:df:8f:dc:b5:ff:8d:81:36:75:ea:14:da:4e:89:62:80:40:cf:dc:ab:42:eb:e9:1e:d1:23:0a:09:4b:59:08:b1:c9:55:ca:c4:6e:4f:b2:fe:12:7e:6e:27:02:c9:84:77:ed:79:d2:fd:98:64:cd:9d:07:8c:74:f6:ca:d1:42:52:53:e4:d9:6e:3c:06:96:da:4c:eb:98:0e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:10.239575000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494470.239575000", + "frame.time_delta": "0.020413000", + "frame.time_delta_displayed": "0.020413000", + "frame.time_relative": "878.778889000", + "frame.number": "3246", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x00009598", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077b2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "38099", + "tcp.nxtseq": "38152", + "tcp.ack": "9250", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000ed4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:08:34:a7:9e:55:7d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492468, TSecr 2812171645": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492468", + "tcp.options.timestamp.tsecr": "2812171645" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3245", + "tcp.analysis.ack_rtt": "0.020413000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:4c:e5:9f:5a:c9:03:19:46:4f:57:dc:33:15:ec:f8:00:f8:a9:2d:5b:8f:63:76:9a:4c:13:0c:8f:33:75:1f:bc:bd:64:6e:b0:25:bc:0d:1c:3d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:10.299838000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494470.299838000", + "frame.time_delta": "0.060263000", + "frame.time_delta_displayed": "0.060263000", + "frame.time_relative": "878.839152000", + "frame.number": "3247", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c96", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038e9", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9250", + "tcp.ack": "38152", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000919b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:55:93:00:26:08:34", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812171667, TSecr 2492468": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812171667", + "tcp.options.timestamp.tsecr": "2492468" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3246", + "tcp.analysis.ack_rtt": "0.060263000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:10.300390000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494470.300390000", + "frame.time_delta": "0.000552000", + "frame.time_delta_displayed": "0.000552000", + "frame.time_relative": "878.839704000", + "frame.number": "3248", + "frame.len": "764", + "frame.cap_len": "764", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "750", + "ip.id": "0x00009599", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000752c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "698", + "tcp.seq": "38152", + "tcp.nxtseq": "38850", + "tcp.ack": "9250", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f1c3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:08:3a:a7:9e:55:93", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492474, TSecr 2812171667": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492474", + "tcp.options.timestamp.tsecr": "2812171667" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "698", + "tcp.analysis.push_bytes_sent": "698" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:4d:b7:46:57:72:11:1f:d2:2e:a5:4d:ae:bb:4d:04:c3:a9:67:02:6d:28:d9:a2:df:7a:fb:79:2f:42:c7:a3:dd:43:b9:51:d5:5b:ae:79:1a:5f:91" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:4e:a1:ce:c6:06:cd:db:40:dd:3e:33:b0:e2:0a:14:f3:c2:08:30:50:9a:43:14:21:94:4d:86:47:5d:91:4b:fb:43:59:a8:df:d1:34:be:d4:07:26:7b:43:6c:c4:3a:77:0e:c1:21:80:32:76:de:78:7f:e2:be:aa:e2:ab:56:63:d3:e8:20:80:11:4b:83:0b:75:ee:0d:b4:dd:96:64:8b:cd:4d:87:cb:16:69:df:3d:83" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "538", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:4f:98:ce:72:06:5b:19:ce:7d:b8:af:69:38:e8:03:30:bc:fb:43:6b:35:32:96:97:f2:12:24:b6:a7:8e:bb:fe:1c:3e:6a:4b:50:47:ae:c0:ac:9e:0f:18:a9:eb:63:e8:17:47:ea:99:d2:56:14:34:2e:47:56:6a:4b:4a:c3:57:36:73:90:f8:d9:a9:8f:41:c8:01:b3:c5:d0:af:29:85:8e:1c:b5:43:c4:ae:4e:90:81:17:58:39:f3:b3:2c:d2:0c:04:44:7e:81:b2:5d:45:df:fc:5f:6b:dd:b9:74:c4:17:a7:9e:08:1c:af:be:7c:ed:ac:07:81:3e:55:51:dc:a8:c3:7a:f8:29:1e:15:38:b9:1f:c9:1c:6f:4c:f6:05:22:2b:14:89:57:9c:24:34:39:14:42:fe:ae:d5:15:89:ea:c2:4b:e7:20:6e:93:69:17:30:01:a0:8a:e2:cd:2b:10:fb:91:fa:0b:22:e1:f9:3a:e7:d1:7d:0d:6e:06:b7:7b:e9:b6:ae:c3:de:1b:12:ac:72:a1:87:14:0f:ab:fd:de:9d:cb:af:2d:ea:57:ed:09:51:ff:bc:4c:e9:c4:4d:dc:e0:60:13:3d:82:64:bc:05:d6:03:ba:75:95:39:36:11:6c:3f:dd:22:a4:50:d6:bf:10:62:6a:ce:88:e9:64:cc:47:7d:e2:79:11:c1:96:68:e5:36:54:54:b3:38:b7:24:c5:e1:5d:f3:55:1f:e4:d2:b1:ba:f0:bc:4c:99:a2:8b:4c:82:8e:12:ab:53:12:a0:3c:dd:f6:d6:9c:e6:4f:8b:5a:0a:47:0f:20:08:81:96:4d:72:44:1f:ea:73:12:d0:3a:07:01:88:a8:13:a7:ce:ca:ef:e4:aa:fd:f6:02:f2:74:ba:84:04:c0:df:e2:45:1d:8c:a3:42:1b:54:e2:29:06:ec:94:d5:39:b1:60:f9:42:77:e8:38:9f:4b:12:f5:73:d8:98:ec:f4:6e:69:7a:af:f0:19:9c:41:7b:f8:2b:c2:dc:a8:3e:f8:52:67:dd:2f:1d:5b:74:ee:44:97:7a:62:72:47:8c:3f:95:10:57:f5:90:90:f3:83:4b:df:bc:50:cd:ab:96:ed:17:69:e5:06:d4:a4:50:66:d3:08:f2:fb:b4:19:f9:ae:20:68:3a:61:9f:d0:34:e7:19:e3:23:e2:ed:2f:cc:92:24:bb:41:4d:7b:3a:91:9d:5e:4a:ce:8c:6f:2d:ab:7f:cf:27:e2:79:64:c6:f0:da:6e:6f:78:5c:7b:2b:51:0d:77:6f:28:23:58:68:c1:78:96:26:ee:ae:43:02:39:12:6f:3d:aa:2d:0d:d7:b4:78:50:1d:97:3a:c9:c8:59:df:c9:c3:a7:8d:0b:27:ec:ca:0b:0e:6b:3d:a1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:10.360566000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494470.360566000", + "frame.time_delta": "0.060176000", + "frame.time_delta_displayed": "0.060176000", + "frame.time_relative": "878.899880000", + "frame.number": "3249", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c97", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038e8", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9250", + "tcp.ack": "38850", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008ecc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:55:a2:00:26:08:3a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812171682, TSecr 2492474": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812171682", + "tcp.options.timestamp.tsecr": "2492474" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3248", + "tcp.analysis.ack_rtt": "0.060176000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:10.595381000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494470.595381000", + "frame.time_delta": "0.234815000", + "frame.time_delta_displayed": "0.234815000", + "frame.time_relative": "879.134695000", + "frame.number": "3250", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001daa", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba46", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000d92", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000270", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=624", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:10.595945000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494470.595945000", + "frame.time_delta": "0.000564000", + "frame.time_delta_displayed": "0.000564000", + "frame.time_relative": "879.135259000", + "frame.number": "3251", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001dab", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b41", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ee8d", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000270", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=624", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:10.596526000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494470.596526000", + "frame.time_delta": "0.000581000", + "frame.time_delta_displayed": "0.000581000", + "frame.time_relative": "879.135840000", + "frame.number": "3252", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007c53", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000270", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=624", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:10.637502000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494470.637502000", + "frame.time_delta": "0.040976000", + "frame.time_delta_displayed": "0.040976000", + "frame.time_relative": "879.176816000", + "frame.number": "3253", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x0000959a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077af", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "38850", + "tcp.nxtseq": "38904", + "tcp.ack": "9250", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d497", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:08:5c:a7:9e:55:a2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492508, TSecr 2812171682": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492508", + "tcp.options.timestamp.tsecr": "2812171682" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:50:f1:c3:b4:d5:b0:54:a9:50:53:0d:5e:7b:78:a9:e3:49:7d:75:3e:5f:a2:ac:5a:24:fa:28:89:36:68:a1:31:16:b7:65:57:7d:5b:74:1c:92:5b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:10.697824000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494470.697824000", + "frame.time_delta": "0.060322000", + "frame.time_delta_displayed": "0.060322000", + "frame.time_relative": "879.237138000", + "frame.number": "3254", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c98", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038e7", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9250", + "tcp.ack": "38904", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008e20", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:55:f6:00:26:08:5c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812171766, TSecr 2492508": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812171766", + "tcp.options.timestamp.tsecr": "2492508" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3253", + "tcp.analysis.ack_rtt": "0.060322000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:11.200990000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494471.200990000", + "frame.time_delta": "0.503166000", + "frame.time_delta_displayed": "0.503166000", + "frame.time_relative": "879.740304000", + "frame.number": "3255", + "frame.len": "156", + "frame.cap_len": "156", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "142", + "ip.id": "0x00002c99", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000388c", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "90", + "tcp.seq": "9250", + "tcp.nxtseq": "9340", + "tcp.ack": "38904", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000182e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:56:74:00:26:08:5c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812171892, TSecr 2492508": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812171892", + "tcp.options.timestamp.tsecr": "2492508" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "90", + "tcp.analysis.push_bytes_sent": "90" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "85", + "ssl.app_data": "34:cd:34:17:47:48:0e:6a:35:d6:e8:51:c0:a3:7e:e2:3e:5b:0e:3a:48:ab:5c:5c:14:27:4a:37:7a:d5:c0:1c:e3:b3:31:ec:72:9b:3e:8f:b3:a5:c3:fa:48:a7:5c:b6:dd:9b:24:df:c1:f0:0e:e3:d2:95:1c:21:1c:3e:8a:71:cd:c1:e4:73:dd:ba:a1:ce:c9:c9:ab:05:d4:15:a4:2b:04:38:d9:4c:1f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:11.205572000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494471.205572000", + "frame.time_delta": "0.004582000", + "frame.time_delta_displayed": "0.004582000", + "frame.time_relative": "879.744886000", + "frame.number": "3256", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x0000959b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077b5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "38904", + "tcp.nxtseq": "38951", + "tcp.ack": "9340", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007491", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:08:95:a7:9e:56:74", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492565, TSecr 2812171892": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492565", + "tcp.options.timestamp.tsecr": "2812171892" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3255", + "tcp.analysis.ack_rtt": "0.004582000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:51:81:97:63:6b:1b:d4:24:6d:48:0c:59:4f:2d:c2:95:a2:34:d2:46:32:64:3c:a4:ee:67:d0:4c:37:fc:ea:89:eb:ee:b3" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:11.222032000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494471.222032000", + "frame.time_delta": "0.016460000", + "frame.time_delta_displayed": "0.016460000", + "frame.time_relative": "879.761346000", + "frame.number": "3257", + "frame.len": "167", + "frame.cap_len": "167", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "153", + "ip.id": "0x00008881", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000413d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "10024", + "udp.dstport": "1900", + "udp.port": "10024", + "udp.port": "1900", + "udp.length": "133", + "udp.checksum": "0x00009659", + "udp.checksum.status": "2", + "udp.stream": "89" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "MX: 4\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST:239.255.255.250:1900\r\n", + "http.request.line": "ST: urn:schemas-upnp-org:device:ZonePlayer:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:11.265787000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494471.265787000", + "frame.time_delta": "0.043755000", + "frame.time_delta_displayed": "0.043755000", + "frame.time_relative": "879.805101000", + "frame.number": "3258", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c9a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038e5", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9340", + "tcp.ack": "38951", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008cd0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:56:84:00:26:08:95", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812171908, TSecr 2492565": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812171908", + "tcp.options.timestamp.tsecr": "2492565" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3256", + "tcp.analysis.ack_rtt": "0.060215000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:11.266281000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494471.266281000", + "frame.time_delta": "0.000494000", + "frame.time_delta_displayed": "0.000494000", + "frame.time_relative": "879.805595000", + "frame.number": "3259", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "160", + "ip.id": "0x0000959c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007777", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "108", + "tcp.seq": "38951", + "tcp.nxtseq": "39059", + "tcp.ack": "9340", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cd7c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:08:9b:a7:9e:56:84", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492571, TSecr 2812171908": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492571", + "tcp.options.timestamp.tsecr": "2812171908" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "108", + "tcp.analysis.push_bytes_sent": "108" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:52:76:00:c6:fe:ab:69:0c:32:4a:97:cf:1e:6e:df:be:2f:57:fa:21:04:6b:3e:b3:a8:d5:bf:35:34:51:cf:fd:55:d8:2f:29:f9:dd:48:f3:15:23" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:53:da:9d:12:f6:1e:de:b3:34:1a:f8:44:62:48:f5:24:7a:6a:02:7b:7b:99:f0:4f:02:20:94:4d:2e:30:99:c5:3a:c1:74:6a:38:2c:43:2c:bb:44" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:11.326500000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494471.326500000", + "frame.time_delta": "0.060219000", + "frame.time_delta_displayed": "0.060219000", + "frame.time_relative": "879.865814000", + "frame.number": "3260", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c9b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038e4", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9340", + "tcp.ack": "39059", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008c4e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:56:94:00:26:08:9b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812171924, TSecr 2492571": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812171924", + "tcp.options.timestamp.tsecr": "2492571" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3259", + "tcp.analysis.ack_rtt": "0.060219000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:11.405912000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494471.405912000", + "frame.time_delta": "0.079412000", + "frame.time_delta_displayed": "0.079412000", + "frame.time_relative": "879.945226000", + "frame.number": "3261", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x0000959d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000774a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "39059", + "tcp.nxtseq": "39211", + "tcp.ack": "9340", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006886", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:08:a9:a7:9e:56:94", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492585, TSecr 2812171924": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492585", + "tcp.options.timestamp.tsecr": "2812171924" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:54:06:d5:2d:4f:ab:6b:a7:00:52:13:ee:f6:0c:01:82:2f:27:3a:eb:6f:34:1c:b7:0c:f8:9a:72:4e:9c:5f:63:9c:96:c1:07:cd:3a:52:6a:d3:e8:79:0b:64:1e:7b:1d:35:b7:49:8f:71:33:4e:34:5f:41:63:2b:8d:b8:3c:9b:14:af:ab:e3:2b:eb:fe:a2:11:3d:37:ca:72:37:0c:f6:3e:e6:76:21:89:3c:10:0a:80:43:50:6b:37:bd:1b:30:63:5c:f0:05:47:04:c6:1b:2e:d9:17:36:44:27:fd:fa:12:bf:45:35:d2:f5:81:c9:5e:bd:e7:ed:db:2f:81:6f:f4:14:c1:aa:82:4d:61:45:e1:48:2f:dc" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:11.466234000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494471.466234000", + "frame.time_delta": "0.060322000", + "frame.time_delta_displayed": "0.060322000", + "frame.time_relative": "880.005548000", + "frame.number": "3262", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c9c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038e3", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9340", + "tcp.ack": "39211", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008b86", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:56:b6:00:26:08:a9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812171958, TSecr 2492585": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812171958", + "tcp.options.timestamp.tsecr": "2492585" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3261", + "tcp.analysis.ack_rtt": "0.060322000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:11.474454000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494471.474454000", + "frame.time_delta": "0.008220000", + "frame.time_delta_displayed": "0.008220000", + "frame.time_relative": "880.013768000", + "frame.number": "3263", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x0000959e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007740", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "39211", + "tcp.nxtseq": "39372", + "tcp.ack": "9340", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001d71", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:08:b0:a7:9e:56:b6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492592, TSecr 2812171958": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492592", + "tcp.options.timestamp.tsecr": "2812171958" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:55:af:b2:af:b6:52:e4:c2:08:5c:01:13:e2:43:9e:2f:99:16:01:15:02:e5:85:ae:fb:c5:aa:35:4d:e1:3d:67:41:02:3e:f3:2d:94:5d:82:97:fe:70:ee:2d:12:37:f5:d7:88:6d:5c:17:69:25:b6:06:01:78:20:34:c6:72:c1:e8:43:a2:c4:ea:f0:51:90:1f:bf:2d:f4:86:04:9f:39:f9:d7:df:c3:cc:90:f2:1b:d7:e4:01:52:4e:22:f1:50:6b:c7:a7:8d:34:3b:a7:23:a5:04:3d:bc:11:d9:37:be:5b:49:e5:1d:4d:50:5e:04:9a:16:04:3d:a1:b4:35:9e:4f:3e:4f:de:b2:d4:71:56:22:1f:31:c3:0f:12:b2:9d:6c:0b:8c:8b:1f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:11.534674000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494471.534674000", + "frame.time_delta": "0.060220000", + "frame.time_delta_displayed": "0.060220000", + "frame.time_relative": "880.073988000", + "frame.number": "3264", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c9d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038e2", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9340", + "tcp.ack": "39372", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008acc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:56:c8:00:26:08:b0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812171976, TSecr 2492592": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812171976", + "tcp.options.timestamp.tsecr": "2492592" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3263", + "tcp.analysis.ack_rtt": "0.060220000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:11.535163000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494471.535163000", + "frame.time_delta": "0.000489000", + "frame.time_delta_displayed": "0.000489000", + "frame.time_relative": "880.074477000", + "frame.number": "3265", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x0000959f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007745", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "39372", + "tcp.nxtseq": "39527", + "tcp.ack": "9340", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000074ba", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:08:b6:a7:9e:56:c8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492598, TSecr 2812171976": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492598", + "tcp.options.timestamp.tsecr": "2812171976" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:56:0d:3a:0a:f7:84:bb:d6:dd:3b:e2:01:be:09:d4:30:22:21:fb:b6:c3:03:93:78:62:1e:67:ff:75:6a:17:d0:b0:a4:6c:69:be:fd:e5:22:e7:7c:aa:55:f3:36:e7:e1:f5:81:21:c3:93:5d:62:22:3c:62:1a:e6:ed:2a:1d:a7:96:60:88:cc:a7:b8:8c:c2:40:03:d3:75:9a:dc:39:11:78:e2:7d:af:da:60:80:98:ae:5b:e7:01:1c:bb:d2:62:ed:fc:58:d6:7a:ba:a6:7d:b2:2e:42:f9:42:1f:6e:7d:f5:46:e0:67:4d:62:2e:16:5e:7d:30:f6:c3:0f:c1:25:9a:bb:96:91:00:e9:29:ba:ab:5d:8b:59:13:69:81" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:11.596085000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494471.596085000", + "frame.time_delta": "0.060922000", + "frame.time_delta_displayed": "0.060922000", + "frame.time_relative": "880.135399000", + "frame.number": "3266", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c9e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038e1", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9340", + "tcp.ack": "39527", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008a1c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:56:d7:00:26:08:b6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812171991, TSecr 2492598": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812171991", + "tcp.options.timestamp.tsecr": "2492598" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3265", + "tcp.analysis.ack_rtt": "0.060922000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:12.467877000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494472.467877000", + "frame.time_delta": "0.871792000", + "frame.time_delta_displayed": "0.871792000", + "frame.time_relative": "881.007191000", + "frame.number": "3267", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000095a0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007747", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "39527", + "tcp.nxtseq": "39679", + "tcp.ack": "9340", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006d20", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:09:13:a7:9e:56:d7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492691, TSecr 2812171991": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492691", + "tcp.options.timestamp.tsecr": "2812171991" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:57:8d:3d:7d:c7:73:27:e4:ca:c4:05:19:4c:a0:bc:c3:97:2a:be:ff:a3:a7:84:3e:b3:6a:11:09:43:d4:ce:fe:01:82:6f:c2:17:e5:32:70:b0:9a:3d:89:81:87:a2:36:ac:ce:31:a7:ae:4c:de:b4:43:7a:71:da:c8:0a:ef:70:58:42:64:63:71:df:91:74:7e:e7:21:bb:de:81:50:73:06:29:f8:6c:f2:26:74:09:7b:92:a0:43:d4:b6:64:be:5d:30:9d:d8:a4:f1:8c:d3:db:24:44:24:af:3e:e0:46:2d:9a:81:17:82:30:a6:e6:e8:c6:72:91:98:a6:3b:1f:49:43:82:6c:e4:48:0c:07:f6:fb:7a:0d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:12.528477000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494472.528477000", + "frame.time_delta": "0.060600000", + "frame.time_delta_displayed": "0.060600000", + "frame.time_relative": "881.067791000", + "frame.number": "3268", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002c9f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038e0", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9340", + "tcp.ack": "39679", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000883e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:57:c0:00:26:09:13", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812172224, TSecr 2492691": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812172224", + "tcp.options.timestamp.tsecr": "2492691" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3267", + "tcp.analysis.ack_rtt": "0.060600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:12.528970000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494472.528970000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "881.068284000", + "frame.number": "3269", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000095a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000773d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "39679", + "tcp.nxtseq": "39840", + "tcp.ack": "9340", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bb46", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:09:19:a7:9e:57:c0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492697, TSecr 2812172224": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492697", + "tcp.options.timestamp.tsecr": "2812172224" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:58:7b:5e:42:42:30:be:15:d8:81:2f:a3:eb:83:2f:10:a4:09:9f:3a:c9:b2:1d:e2:ec:94:01:c5:79:21:f4:82:18:5d:c8:34:db:55:de:85:97:df:76:7d:f0:de:51:f5:03:fe:02:e1:24:f9:ae:e6:88:58:27:a7:4c:a5:34:ce:0b:08:2d:47:4b:5f:1a:06:e7:10:f2:ea:1b:32:85:60:70:56:5f:2e:6b:b1:db:89:2e:e8:67:d7:1f:1a:1e:ed:c2:5e:2a:ac:51:c0:99:25:7f:bf:43:f7:e8:48:c1:d7:f1:6d:10:e3:fa:90:70:26:d6:52:46:d1:6a:a8:f8:6e:ef:26:e7:44:7d:0b:1d:8a:64:1d:55:c7:30:7f:38:b5:7a:28:63:ba:58" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:12.589297000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494472.589297000", + "frame.time_delta": "0.060327000", + "frame.time_delta_displayed": "0.060327000", + "frame.time_relative": "881.128611000", + "frame.number": "3270", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ca0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038df", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9340", + "tcp.ack": "39840", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008788", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:57:cf:00:26:09:19", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812172239, TSecr 2492697": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812172239", + "tcp.options.timestamp.tsecr": "2492697" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3269", + "tcp.analysis.ack_rtt": "0.060327000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:12.589795000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494472.589795000", + "frame.time_delta": "0.000498000", + "frame.time_delta_displayed": "0.000498000", + "frame.time_relative": "881.129109000", + "frame.number": "3271", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000095a2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007742", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "39840", + "tcp.nxtseq": "39995", + "tcp.ack": "9340", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000065c6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:09:1f:a7:9e:57:cf", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492703, TSecr 2812172239": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492703", + "tcp.options.timestamp.tsecr": "2812172239" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:59:9c:8b:af:bc:fa:ef:14:6e:88:7b:70:fa:f7:21:6e:42:5f:3a:56:0e:33:70:39:12:9b:ae:55:e5:b3:52:14:ee:1b:3c:56:13:9a:9a:e1:d1:09:7d:ee:8a:f2:f4:3d:13:a2:5c:0d:dc:19:7c:53:20:2b:06:18:6f:d7:48:d1:88:8c:8f:75:cf:f3:9d:6c:1d:56:da:6d:ec:68:f2:c0:33:56:b0:e4:d2:5e:04:f2:0f:73:ca:f4:0c:0a:96:dc:43:a2:a0:c2:4b:81:04:58:57:f1:85:01:91:30:67:3b:84:fd:48:8b:95:07:93:3b:ca:c3:5b:c8:69:1e:2f:9e:53:a3:84:69:1d:ce:b0:21:39:e5:37:56:4a:40:25" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:12.650207000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494472.650207000", + "frame.time_delta": "0.060412000", + "frame.time_delta_displayed": "0.060412000", + "frame.time_relative": "881.189521000", + "frame.number": "3272", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ca1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038de", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9340", + "tcp.ack": "39995", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000086d8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:57:de:00:26:09:1f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812172254, TSecr 2492703": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812172254", + "tcp.options.timestamp.tsecr": "2492703" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3271", + "tcp.analysis.ack_rtt": "0.060412000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:13.248172000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494473.248172000", + "frame.time_delta": "0.597965000", + "frame.time_delta_displayed": "0.597965000", + "frame.time_relative": "881.787486000", + "frame.number": "3273", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000095a3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077a6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "39995", + "tcp.nxtseq": "40049", + "tcp.ack": "9340", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a987", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:09:61:a7:9e:57:de", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492769, TSecr 2812172254": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492769", + "tcp.options.timestamp.tsecr": "2812172254" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:5a:05:96:c3:f0:ed:bf:d7:df:14:06:0b:f7:ae:cc:a6:f2:f8:ee:f8:a4:ee:b8:3d:6b:f1:ac:38:f5:df:2e:c3:76:c4:5c:36:72:c7:9e:71:29:9e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:13.308275000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494473.308275000", + "frame.time_delta": "0.060103000", + "frame.time_delta_displayed": "0.060103000", + "frame.time_relative": "881.847589000", + "frame.number": "3274", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ca2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038dd", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9340", + "tcp.ack": "40049", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000085bb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:58:83:00:26:09:61", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812172419, TSecr 2492769": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812172419", + "tcp.options.timestamp.tsecr": "2492769" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3273", + "tcp.analysis.ack_rtt": "0.060103000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:14.201614000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494474.201614000", + "frame.time_delta": "0.893339000", + "frame.time_delta_displayed": "0.893339000", + "frame.time_relative": "882.740928000", + "frame.number": "3275", + "frame.len": "162", + "frame.cap_len": "162", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "148", + "ip.id": "0x00002ca3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000387c", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "96", + "tcp.seq": "9340", + "tcp.nxtseq": "9436", + "tcp.ack": "40049", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000dcac", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:59:62:00:26:09:61", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812172642, TSecr 2492769": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812172642", + "tcp.options.timestamp.tsecr": "2492769" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "96", + "tcp.analysis.push_bytes_sent": "96" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "91", + "ssl.app_data": "34:cd:34:17:47:48:0e:6b:10:9e:a3:48:a8:6e:37:54:ee:cd:5f:c7:78:98:af:03:e0:b8:82:96:91:17:01:e9:77:0a:05:35:86:78:17:c3:8f:9c:e4:33:82:58:0e:5e:49:9f:22:7b:44:4b:8c:9e:a8:dc:79:8b:ae:66:50:68:39:6f:08:94:ee:47:76:a0:c5:02:3f:f7:9f:5a:29:f0:d4:be:b3:8e:04:75:c3:ea:ee:53:d4" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:14.205518000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494474.205518000", + "frame.time_delta": "0.003904000", + "frame.time_delta_displayed": "0.003904000", + "frame.time_relative": "882.744832000", + "frame.number": "3276", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x000095a4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "40049", + "tcp.nxtseq": "40096", + "tcp.ack": "9436", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000100e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:09:c1:a7:9e:59:62", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492865, TSecr 2812172642": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492865", + "tcp.options.timestamp.tsecr": "2812172642" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3275", + "tcp.analysis.ack_rtt": "0.003904000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:5b:c7:87:2d:03:22:35:0b:d3:7d:8a:5e:e1:8e:a3:89:a8:5d:66:87:e6:3e:a4:03:f7:18:5b:18:b7:d5:56:6b:bb:16:c0" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:14.222087000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494474.222087000", + "frame.time_delta": "0.016569000", + "frame.time_delta_displayed": "0.016569000", + "frame.time_relative": "882.761401000", + "frame.number": "3277", + "frame.len": "173", + "frame.cap_len": "173", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "159", + "ip.id": "0x00008898", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004120", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "10023", + "udp.dstport": "1900", + "udp.port": "10023", + "udp.port": "1900", + "udp.length": "139", + "udp.checksum": "0x000082c4", + "udp.checksum.status": "2", + "udp.stream": "88" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "MX: 4\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST:239.255.255.250:1900\r\n", + "http.request.line": "ST: urn:samsung.com:device:RemoteControlReceiver:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "3224" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:14.265753000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494474.265753000", + "frame.time_delta": "0.043666000", + "frame.time_delta_displayed": "0.043666000", + "frame.time_relative": "882.805067000", + "frame.number": "3278", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ca4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038db", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9436", + "tcp.ack": "40096", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000083dd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:59:72:00:26:09:c1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812172658, TSecr 2492865": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812172658", + "tcp.options.timestamp.tsecr": "2492865" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3276", + "tcp.analysis.ack_rtt": "0.060235000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:14.266243000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494474.266243000", + "frame.time_delta": "0.000490000", + "frame.time_delta_displayed": "0.000490000", + "frame.time_relative": "882.805557000", + "frame.number": "3279", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "160", + "ip.id": "0x000095a5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000776e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "108", + "tcp.seq": "40096", + "tcp.nxtseq": "40204", + "tcp.ack": "9436", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e153", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:09:c7:a7:9e:59:72", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492871, TSecr 2812172658": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492871", + "tcp.options.timestamp.tsecr": "2812172658" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "108", + "tcp.analysis.push_bytes_sent": "108" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:5c:8c:9d:7d:16:63:f5:db:59:68:24:4e:e7:80:51:7d:8f:de:0c:86:75:4d:86:b7:8b:59:7e:e8:76:17:06:45:cd:e1:fa:0a:70:63:4b:07:7d:db" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:5d:04:c0:d7:7f:15:fc:2e:4b:be:66:ec:18:2e:90:b9:0f:7e:8f:f0:1a:33:7f:bf:5c:b2:50:ae:32:52:9c:47:a2:6e:e5:6c:cb:6d:de:ba:d9:94" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:14.376642000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494474.376642000", + "frame.time_delta": "0.110399000", + "frame.time_delta_displayed": "0.110399000", + "frame.time_relative": "882.915956000", + "frame.number": "3280", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ca5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038da", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9436", + "tcp.ack": "40204", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000835b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:59:82:00:26:09:c7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812172674, TSecr 2492871": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812172674", + "tcp.options.timestamp.tsecr": "2492871" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3279", + "tcp.analysis.ack_rtt": "0.110399000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:14.431616000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494474.431616000", + "frame.time_delta": "0.054974000", + "frame.time_delta_displayed": "0.054974000", + "frame.time_relative": "882.970930000", + "frame.number": "3281", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000095a6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007741", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "40204", + "tcp.nxtseq": "40356", + "tcp.ack": "9436", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000021ca", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:09:d7:a7:9e:59:82", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492887, TSecr 2812172674": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492887", + "tcp.options.timestamp.tsecr": "2812172674" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:5e:00:0d:34:c4:f0:73:eb:cf:f8:d7:e9:1d:97:65:64:b4:c5:2a:c7:62:fe:79:ab:5f:9a:e9:9b:d7:45:88:f1:c4:f6:91:3d:c4:f4:10:bb:cf:a0:2a:53:eb:ae:b1:90:4e:3f:02:a9:08:79:97:8e:b9:03:2d:fd:5b:7a:fd:21:0b:fb:5b:15:f2:3c:be:6c:be:51:3b:ed:cf:49:72:18:1b:fa:b8:45:49:0a:e2:1f:d3:f6:2f:54:81:dd:f6:f0:05:f7:86:51:96:38:87:6a:33:88:51:b1:5d:58:bf:31:f2:14:c2:78:d2:7d:4f:44:45:00:4c:d2:52:85:ee:d3:fd:db:90:cf:e5:b0:5a:ff:a4:06:97:2d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:14.491707000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494474.491707000", + "frame.time_delta": "0.060091000", + "frame.time_delta_displayed": "0.060091000", + "frame.time_relative": "883.031021000", + "frame.number": "3282", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ca6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038d9", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9436", + "tcp.ack": "40356", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000828a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:59:ab:00:26:09:d7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812172715, TSecr 2492887": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812172715", + "tcp.options.timestamp.tsecr": "2492887" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3281", + "tcp.analysis.ack_rtt": "0.060091000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:14.492249000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494474.492249000", + "frame.time_delta": "0.000542000", + "frame.time_delta_displayed": "0.000542000", + "frame.time_relative": "883.031563000", + "frame.number": "3283", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000095a7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007737", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "40356", + "tcp.nxtseq": "40517", + "tcp.ack": "9436", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000dee8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:09:de:a7:9e:59:ab", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492894, TSecr 2812172715": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492894", + "tcp.options.timestamp.tsecr": "2812172715" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:5f:e2:ed:d6:df:41:98:2c:63:91:b5:4d:90:c3:05:0a:74:32:fd:9a:37:b8:14:05:64:02:ae:50:b0:45:14:3e:97:71:9f:55:ca:9e:60:0c:a4:4e:e2:b4:8f:74:5e:61:81:d2:34:e6:6d:c6:d5:ec:9a:c9:c2:ce:f5:cc:8c:a4:8f:cc:34:e9:b0:d0:29:34:e5:4d:e8:8b:f2:cb:f1:fc:6b:eb:37:be:cf:4c:a9:a9:37:f9:8e:62:dd:5d:1f:20:4c:38:c7:35:9a:32:9c:aa:df:aa:86:de:46:7f:9a:38:21:ab:64:64:cd:f9:96:8d:af:b1:fc:1b:4b:34:f6:72:7a:68:3d:b0:c2:68:e3:7a:e1:99:46:2d:f3:e9:ef:72:9e:51:cd:08:08" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:14.552306000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494474.552306000", + "frame.time_delta": "0.060057000", + "frame.time_delta_displayed": "0.060057000", + "frame.time_relative": "883.091620000", + "frame.number": "3284", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ca7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038d8", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9436", + "tcp.ack": "40517", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000081d3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:59:ba:00:26:09:de", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812172730, TSecr 2492894": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812172730", + "tcp.options.timestamp.tsecr": "2492894" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3283", + "tcp.analysis.ack_rtt": "0.060057000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:14.552788000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494474.552788000", + "frame.time_delta": "0.000482000", + "frame.time_delta_displayed": "0.000482000", + "frame.time_relative": "883.092102000", + "frame.number": "3285", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000095a8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000773c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "40517", + "tcp.nxtseq": "40672", + "tcp.ack": "9436", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000dd60", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:09:e4:a7:9e:59:ba", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492900, TSecr 2812172730": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492900", + "tcp.options.timestamp.tsecr": "2812172730" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:60:11:ec:7a:72:68:04:c6:b6:df:f1:45:ed:a7:dd:a7:41:38:13:57:8b:60:e1:0e:d9:e4:41:45:17:27:92:c7:1d:6f:19:31:25:a2:00:84:26:a3:eb:83:52:8f:98:e6:07:cd:d4:88:14:c0:e5:86:6f:75:f5:17:5d:98:0f:0d:48:a4:80:c9:d3:6b:2c:24:22:85:00:36:e7:77:04:b3:20:59:95:92:77:25:1d:43:d3:1b:23:6c:40:32:17:b7:71:c2:f9:b3:54:3a:a1:d4:a0:9f:b6:96:bb:29:a7:d6:cb:b1:55:d5:50:c4:89:c2:b4:14:23:c2:34:05:8a:3c:ab:7c:dc:7e:8a:bd:79:6e:ac:36:27:5a:0c:fa:ec" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:14.613101000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494474.613101000", + "frame.time_delta": "0.060313000", + "frame.time_delta_displayed": "0.060313000", + "frame.time_relative": "883.152415000", + "frame.number": "3286", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ca8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038d7", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9436", + "tcp.ack": "40672", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008123", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:59:c9:00:26:09:e4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812172745, TSecr 2492900": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812172745", + "tcp.options.timestamp.tsecr": "2492900" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3285", + "tcp.analysis.ack_rtt": "0.060313000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:15.477124000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494475.477124000", + "frame.time_delta": "0.864023000", + "frame.time_delta_displayed": "0.864023000", + "frame.time_relative": "884.016438000", + "frame.number": "3287", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000095a9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000773e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "40672", + "tcp.nxtseq": "40824", + "tcp.ack": "9436", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000895a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0a:40:a7:9e:59:c9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492992, TSecr 2812172745": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492992", + "tcp.options.timestamp.tsecr": "2812172745" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:61:05:73:d0:e2:c6:cb:49:13:e9:5b:fd:7a:73:79:20:c9:9b:6e:de:1a:81:35:e8:c0:fd:48:b9:fd:79:8f:85:a6:08:11:f8:ed:9f:f6:c6:68:24:55:c2:68:f9:04:d8:a8:56:b3:61:e8:a1:4e:88:6d:02:e1:74:94:88:fb:fd:91:6c:a8:84:c6:9a:bd:32:9d:69:b2:db:4a:7a:75:4c:c6:c6:51:01:67:0f:9a:7a:53:0c:8d:95:1f:84:cb:96:51:bc:d2:4a:70:bc:49:f5:f7:ea:07:6e:98:12:15:90:7f:e2:c1:6d:8b:22:c8:77:38:9c:e1:77:6f:7f:8b:11:e3:70:82:53:e8:cc:67:00:3d:c7:71:4b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:15.537341000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494475.537341000", + "frame.time_delta": "0.060217000", + "frame.time_delta_displayed": "0.060217000", + "frame.time_relative": "884.076655000", + "frame.number": "3288", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ca9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038d6", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9436", + "tcp.ack": "40824", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007f48", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5a:b0:00:26:0a:40", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812172976, TSecr 2492992": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812172976", + "tcp.options.timestamp.tsecr": "2492992" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3287", + "tcp.analysis.ack_rtt": "0.060217000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:15.537833000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494475.537833000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "884.077147000", + "frame.number": "3289", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000095aa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007734", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "40824", + "tcp.nxtseq": "40985", + "tcp.ack": "9436", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000003f2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0a:46:a7:9e:5a:b0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2492998, TSecr 2812172976": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2492998", + "tcp.options.timestamp.tsecr": "2812172976" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:62:04:1f:59:a6:17:5d:bf:87:c0:c2:eb:f8:09:d1:51:52:25:b9:db:25:15:c2:6e:a4:fd:3b:e1:00:5c:59:9f:87:ae:6f:12:f8:3f:85:6b:05:27:a8:b3:38:6c:70:91:12:21:2f:fa:8f:25:c1:84:82:70:55:ae:c3:aa:5f:b7:e7:2a:d2:c6:c7:6a:4d:0b:b2:7f:9d:68:01:78:20:5a:0a:e6:f3:dd:01:e1:e7:fc:91:eb:8b:35:95:1e:70:25:4b:91:f1:3c:0d:c0:75:a4:f5:0b:bc:f2:b0:20:ab:14:10:da:39:28:33:78:88:f7:d0:ce:42:a0:d5:92:97:40:99:23:47:eb:e6:97:21:ab:22:87:8b:e9:f7:06:ef:7a:e9:86:13:60:cc" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:15.597960000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494475.597960000", + "frame.time_delta": "0.060127000", + "frame.time_delta_displayed": "0.060127000", + "frame.time_relative": "884.137274000", + "frame.number": "3290", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002caa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038d5", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9436", + "tcp.ack": "40985", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007e92", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5a:bf:00:26:0a:46", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812172991, TSecr 2492998": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812172991", + "tcp.options.timestamp.tsecr": "2492998" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3289", + "tcp.analysis.ack_rtt": "0.060127000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:15.598442000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494475.598442000", + "frame.time_delta": "0.000482000", + "frame.time_delta_displayed": "0.000482000", + "frame.time_relative": "884.137756000", + "frame.number": "3291", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000095ab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007739", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "40985", + "tcp.nxtseq": "41140", + "tcp.ack": "9436", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d103", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0a:4c:a7:9e:5a:bf", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493004, TSecr 2812172991": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493004", + "tcp.options.timestamp.tsecr": "2812172991" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:63:a4:a2:e0:27:f5:75:60:c6:70:93:59:82:fd:48:6e:18:47:44:05:1f:68:89:72:27:6a:0e:20:e6:85:e6:35:ed:df:c9:14:21:66:3d:18:c1:3d:42:89:b1:8d:c5:e0:72:e5:6e:a1:79:c8:0f:1f:d2:a1:2c:2c:eb:cd:b3:a8:e2:40:99:d8:c7:33:a7:7c:21:bd:3e:62:ca:e1:2c:58:57:eb:ca:37:ad:d3:d4:02:14:75:c2:03:86:db:46:29:65:47:23:0a:f1:59:b6:7d:4a:f3:90:c7:88:c4:b5:dd:4f:a8:4a:e8:e4:3f:e0:b5:a8:ab:57:14:30:b0:88:06:da:11:8c:8e:17:8a:68:68:96:9a:ac:18:88:98:38" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:15.658603000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494475.658603000", + "frame.time_delta": "0.060161000", + "frame.time_delta_displayed": "0.060161000", + "frame.time_relative": "884.197917000", + "frame.number": "3292", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038d4", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9436", + "tcp.ack": "41140", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007de1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5a:cf:00:26:0a:4c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812173007, TSecr 2493004": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812173007", + "tcp.options.timestamp.tsecr": "2493004" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3291", + "tcp.analysis.ack_rtt": "0.060161000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:15.779497000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494475.779497000", + "frame.time_delta": "0.120894000", + "frame.time_delta_displayed": "0.120894000", + "frame.time_relative": "884.318811000", + "frame.number": "3293", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00000a5f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ae5b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "34965", + "udp.dstport": "53", + "udp.port": "34965", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00002d7f", + "udp.checksum.status": "2", + "udp.stream": "90" + }, + "dns": { + "dns.id": "0x00000f29", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:15.780266000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494475.780266000", + "frame.time_delta": "0.000769000", + "frame.time_delta_displayed": "0.000769000", + "frame.time_relative": "884.319580000", + "frame.number": "3294", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00005079", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006841", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "34965", + "udp.port": "53", + "udp.port": "34965", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "90" + }, + "dns": { + "dns.response_to": "3293", + "dns.time": "0.000769000", + "dns.id": "0x00000f29", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:15.782258000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494475.782258000", + "frame.time_delta": "0.001992000", + "frame.time_delta_displayed": "0.001992000", + "frame.time_relative": "884.321572000", + "frame.number": "3295", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00000a60", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ae5a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "40080", + "udp.dstport": "53", + "udp.port": "40080", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00003483", + "udp.checksum.status": "2", + "udp.stream": "91" + }, + "dns": { + "dns.id": "0x00000f2a", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:15.782804000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494475.782804000", + "frame.time_delta": "0.000546000", + "frame.time_delta_displayed": "0.000546000", + "frame.time_relative": "884.322118000", + "frame.number": "3296", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x0000507a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006830", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "40080", + "udp.port": "53", + "udp.port": "40080", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "91" + }, + "dns": { + "dns.response_to": "3295", + "dns.time": "0.000546000", + "dns.id": "0x00000f2a", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2902", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:15.783796000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494475.783796000", + "frame.time_delta": "0.000992000", + "frame.time_delta_displayed": "0.000992000", + "frame.time_relative": "884.323110000", + "frame.number": "3297", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00003413", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000001bd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35303", + "tcp.dstport": "80", + "tcp.port": "35303", + "tcp.port": "80", + "tcp.stream": "135", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008f24", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:15.918043000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494475.918043000", + "frame.time_delta": "0.134247000", + "frame.time_delta_displayed": "0.134247000", + "frame.time_relative": "884.457357000", + "frame.number": "3298", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x0000d77d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000b355", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35303", + "tcp.port": "80", + "tcp.port": "35303", + "tcp.stream": "135", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x000070be", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3297", + "tcp.analysis.ack_rtt": "0.134247000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:15.918586000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494475.918586000", + "frame.time_delta": "0.000543000", + "frame.time_delta_displayed": "0.000543000", + "frame.time_relative": "884.457900000", + "frame.number": "3299", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003414", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000001c8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35303", + "tcp.dstport": "80", + "tcp.port": "35303", + "tcp.port": "80", + "tcp.stream": "135", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003a4d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3298", + "tcp.analysis.ack_rtt": "0.000543000", + "tcp.analysis.initial_rtt": "0.134790000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:15.918600000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494475.918600000", + "frame.time_delta": "0.000014000", + "frame.time_delta_displayed": "0.000014000", + "frame.time_relative": "884.457914000", + "frame.number": "3300", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x00003415", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ff6e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35303", + "tcp.dstport": "80", + "tcp.port": "35303", + "tcp.port": "80", + "tcp.stream": "135", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000048dc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.134790000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:32:22:2c:20:4e:6f:6e:63:65:3d:22:51:38:4e:51:42:49:69:66:57:36:65:37:49:4e:55:49:6e:2b:79:52:4b:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:57:47:30:4a:76:31:31:65:37:57:2b:74:31:33:7a:47:4a:71:6e:30:4b:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:16.053372000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494476.053372000", + "frame.time_delta": "0.134772000", + "frame.time_delta_displayed": "0.134772000", + "frame.time_relative": "884.592686000", + "frame.number": "3301", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001762", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00007379", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35303", + "tcp.port": "80", + "tcp.port": "35303", + "tcp.stream": "135", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00009781", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3300", + "tcp.analysis.ack_rtt": "0.134772000", + "tcp.analysis.initial_rtt": "0.134790000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:16.054000000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494476.054000000", + "frame.time_delta": "0.000628000", + "frame.time_delta_displayed": "0.000628000", + "frame.time_relative": "884.593314000", + "frame.number": "3302", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x00003416", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fce5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35303", + "tcp.dstport": "80", + "tcp.port": "35303", + "tcp.port": "80", + "tcp.stream": "135", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00005d0a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.134790000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "b0:5e:73:20:88:2c:35:9f:a3:e9:75:22:05:f7:a0:18:d4:42:8f:a8:2d:1d:d1:63:45:5d:6c:01:76:28:f8:07:52:c8:ea:6a:5a:6a:cb:cc:a5:00:41:0e:67:4b:5c:13:06:a3:9d:35:14:ec:64:4c:b8:d4:c8:6a:a6:3d:9b:c3:1c:16:ee:e2:b4:92:37:b1:a1:10:c0:cf:f0:69:e9:87:58:a3:cd:c1:77:97:84:a2:ca:f8:41:7f:16:26:8f:84:b1:b0:2f:23:58:b0:2a:6d:d7:2b:cc:06:68:bb:8a:d4:da:38:7f:7d:b5:44:8b:35:94:61:66:1e:60:ae:69:0b:98:90:63:ee:e7:b4:72:64:f9:31:57:ed:d7:34:0e:06:5e:dd:a9:42:d8:d0:dc:0f:d5:87:e6:a7:82:1d:67:cc:86:01:61:ef:d1:90:1b:dd:db:a7:b7:80:23:05:e8:9d:64:ec:9c:9b:66:a4:51:4a:6f:80:aa:7e:b6:3d:e1:2c:4e:b0:95:c7:d9:da:95:70:5a:29:3f:83:92:37:3e:84:c6:cf:f9:84:13:e2:45:55:82:ab:6c:03:8e:21:e4:7a:f4:da:fe:75:06:ce:a1:b3:20:97:36:7e:6b:93:88:51:b3:59:3b:e8:1e:1d:4d:e2:cc:ab:1f:7f:64:03:ee:df:64:70:6d:74:18:1d:ac:0a:4b:69:35:f4:3a:d9:74:e6:81:4f:08:e0:fc:1e:3e:fa:48:7b:97:73:5d:44:22:fd:f5:80:a1:d8:c7:95:25:f9:c1:59:88:0b:c5:00:70:c4:0c:33:12:66:38:3a:3b:ef:8c:cd:a5:58:ba:24:de:bd:29:ca:37:e0:f0:df:94:aa:9b:c2:6c:6b:eb:3b:1a:b3:d0:a5:63:f0:ed:62:c4:4b:6c:38:32:52:86:86:12:32:85:8f:75:03:ba:62:27:51:10:3c:b0:63:80:0a:88:09:48:5b:8b:bf:91:7e:a9:d7:2e:e1:57:24:89:95:da:29:49:bf:ca:f6:f2:ce:b5:12:27:c3:5b:86:2d:17:35:be:63:47:60:bd:83:e8:fd:f4:7d:7b:ee:c3:d5:a9:ae:1c:d5:26:27:a4:5a:9b:e8:7b:c8:e7:9e:fc:13:b8:f4:3b:4f:5a:1e:d3:04:62:4b:5b:0a:84:fb:0b:30:e7:52:fa:20:fb:c5:4e:34:56:ae:eb:24:2c:4f:f7:87:24:e6:12:6d:7f:ec:cd:10:15:ba:55:1c:85:f4:59:24:25:5c:33:fa:df:44:6d:98:f4:82:df:f4:c0:57:18:a6:f8:83:b4:73:00:5a:25:48:d8:f3:0c:f3:dc:78:d9:b9:44:6a:60:65:81:08:5f:0f:55:b7:db:e8:42:98:97:a7:3e:93:9d:8a:1b:0f:c7:1a:98:90:6e:e4:d8:42:b1:0e:ea:ff:25:f2:c5:07:3a:00:b4:4b:d4:9f:04:9c:da:97:fd:5e:8b:ad:6b:aa:ea:8a:b1:88:6e:35:8b:4a:11:3d:9d:62:f2:86:48:b6:37:65:68:03:5e:8d:c0:6b:c2:62:5c:67:53:c4:f8:fd:37:c9:25:3f:95:97:6d:48:6a:1e:07:dd:93:bd:05:60:ea:fd:92:7d:6e:5e:8f:6f:ea:27:a5:20:79:1a:44:c9:d1:a4:05:fe:88:6f:a1:48:4e:fa:72:03:77:3b:d7:2b:05:38:fc:24:57:75:b9:e1:aa:64:95:b0:26:08:0b:fb:8e:03:b9:f2:16:1e:c7:75:4b:7f:be:cc:6b:d5:0f:d5:5c:f8:70:72:48:81:30:ba:ae:0e:b3:9b:4c:88:cd:27:dc:af:f4:89:d0:91:54:79:df:27:db:e3:39:af:0c:8e:d3:5c:87:da:ca:9d:47:e8:26:d7:7a:2f:71:62:0b:0f:1c:86:b8:86:f5:aa:1b:de:ae:7d:8a:bb:8b:39:af:34:a2:93:f4:77:7f:11:71:3e:81:62:46:a9:c3:11:13:81:6b:20:d6:8a:7f:81:cc:cc:4c:89:34:05:1a:bf:65:dc:67:f4:22:39:dd:e3:ad:a4:21:de:76:a3:b6:87:26:5a:8c:4f:7b:0d:38:e3:90:8f:6c:f5:a7:27:0f:34:52:30:fb:22:98:4a:8a:2c:17:e7:6c:9e:cb:95:91:c2:d7:a5:5f:36:a9:b2:90:e5:7b:23:41:70:e0:6c:8e:2c:09:f9:f8:73:ce:a2:22:20:00:64:d4:76:27:44:1a:f1:a5:25:80:73:72:fb:32:fb:7a:73:2c:0f:9a:c8:0b:31:dd:1e:22:f8:70:ed:18:a8:4a:10:c0:59:da:3d:de:59:28:bd:80:67:d7:bd:b5:be:6b:e5:fb:6e:02:81:22:32:a0:e5:87:0b:1c:ec:a0:14:19:45:5b:3a:42:f3:58:dd:87:25:97:0c:d3:c0:03:da:38:48:c9:53:4f:75:83:48:64:7d:45:a1:e7:65:ee:e1:cc:4f:27:bb:ff:c8:62:e7:2a:26:43:83:e6:07:de:03:a7:51:19:2f:c0:de:53:0d:62:e8:93:fe:2c:4d:09:3f:1d:6e:23:1c:cf:3e:d2:96:bd:3c:28:c0:d7:1d:22:4c:78:97:8e:2e:49:00:16:fa:eb:d7:c6:14:89:7c:5b:6a:bf:91:dc:16:28:d4:75:6a:af:34:50:8f:2f:52:c8:f2:1a:36:b3:a4:3f:04:cc:26:40:4f:2b:7a:ff:71:bc:18:f1:00:ff:ba:bf:eb:6e:48:9d:ca:f5:1d:b5:50:0c:a6:11:e7:55:a2:e8:94:99:d3:be:d2:73:09:24:7e:5c:78:35:78:3d:0c:85:31:73:73:f1:a1:48:a5:82:56:e0:cc:20:3f:13:26:9c:d8:ce:94:1e:d0:38:ab:96:57:04:b8:74:42:40:32:d2:18:a1:49:a0:0a:85:b6:ce:c7:34:d8:3a:62:5a:dc:09:b4:9c:64:d1:c4:b1:a0:b8:71:45:f8:79:7d:a9:3f:f1:ae:73:11:99:dc:93:71:66:8c:a3:ee:60:30:71:d9:53:52:67:24:ca:40:ba:d2:6b:d0:fc:75:42:9e:b3:2d:28:80:d5:9d:c2:62:6d:51:8a:02:00:68:98:94:00:ea:3a:ef:a4:da:76:0c:6c:a8:f5:a6:18:d3:74:43:2a:7e:de:24:db:c2:57:09:d8:6e:b7:79:1d:0e:8b:39:1c:19:f1:1f:cb:3c:73:cf:4a:4d:63:dc:ca:d3:47:1a:35:d6:9d:8f:9c:1e:ae:66:e4:f4:f7:0d:f3:3b:8d:b4:b1:83:75:ee:14" + }, + "tcp.segments": { + "tcp.segment": "3300", + "tcp.segment": "3302", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:32:22:2c:20:4e:6f:6e:63:65:3d:22:51:38:4e:51:42:49:69:66:57:36:65:37:49:4e:55:49:6e:2b:79:52:4b:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:57:47:30:4a:76:31:31:65:37:57:2b:74:31:33:7a:47:4a:71:6e:30:4b:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:b0:5e:73:20:88:2c:35:9f:a3:e9:75:22:05:f7:a0:18:d4:42:8f:a8:2d:1d:d1:63:45:5d:6c:01:76:28:f8:07:52:c8:ea:6a:5a:6a:cb:cc:a5:00:41:0e:67:4b:5c:13:06:a3:9d:35:14:ec:64:4c:b8:d4:c8:6a:a6:3d:9b:c3:1c:16:ee:e2:b4:92:37:b1:a1:10:c0:cf:f0:69:e9:87:58:a3:cd:c1:77:97:84:a2:ca:f8:41:7f:16:26:8f:84:b1:b0:2f:23:58:b0:2a:6d:d7:2b:cc:06:68:bb:8a:d4:da:38:7f:7d:b5:44:8b:35:94:61:66:1e:60:ae:69:0b:98:90:63:ee:e7:b4:72:64:f9:31:57:ed:d7:34:0e:06:5e:dd:a9:42:d8:d0:dc:0f:d5:87:e6:a7:82:1d:67:cc:86:01:61:ef:d1:90:1b:dd:db:a7:b7:80:23:05:e8:9d:64:ec:9c:9b:66:a4:51:4a:6f:80:aa:7e:b6:3d:e1:2c:4e:b0:95:c7:d9:da:95:70:5a:29:3f:83:92:37:3e:84:c6:cf:f9:84:13:e2:45:55:82:ab:6c:03:8e:21:e4:7a:f4:da:fe:75:06:ce:a1:b3:20:97:36:7e:6b:93:88:51:b3:59:3b:e8:1e:1d:4d:e2:cc:ab:1f:7f:64:03:ee:df:64:70:6d:74:18:1d:ac:0a:4b:69:35:f4:3a:d9:74:e6:81:4f:08:e0:fc:1e:3e:fa:48:7b:97:73:5d:44:22:fd:f5:80:a1:d8:c7:95:25:f9:c1:59:88:0b:c5:00:70:c4:0c:33:12:66:38:3a:3b:ef:8c:cd:a5:58:ba:24:de:bd:29:ca:37:e0:f0:df:94:aa:9b:c2:6c:6b:eb:3b:1a:b3:d0:a5:63:f0:ed:62:c4:4b:6c:38:32:52:86:86:12:32:85:8f:75:03:ba:62:27:51:10:3c:b0:63:80:0a:88:09:48:5b:8b:bf:91:7e:a9:d7:2e:e1:57:24:89:95:da:29:49:bf:ca:f6:f2:ce:b5:12:27:c3:5b:86:2d:17:35:be:63:47:60:bd:83:e8:fd:f4:7d:7b:ee:c3:d5:a9:ae:1c:d5:26:27:a4:5a:9b:e8:7b:c8:e7:9e:fc:13:b8:f4:3b:4f:5a:1e:d3:04:62:4b:5b:0a:84:fb:0b:30:e7:52:fa:20:fb:c5:4e:34:56:ae:eb:24:2c:4f:f7:87:24:e6:12:6d:7f:ec:cd:10:15:ba:55:1c:85:f4:59:24:25:5c:33:fa:df:44:6d:98:f4:82:df:f4:c0:57:18:a6:f8:83:b4:73:00:5a:25:48:d8:f3:0c:f3:dc:78:d9:b9:44:6a:60:65:81:08:5f:0f:55:b7:db:e8:42:98:97:a7:3e:93:9d:8a:1b:0f:c7:1a:98:90:6e:e4:d8:42:b1:0e:ea:ff:25:f2:c5:07:3a:00:b4:4b:d4:9f:04:9c:da:97:fd:5e:8b:ad:6b:aa:ea:8a:b1:88:6e:35:8b:4a:11:3d:9d:62:f2:86:48:b6:37:65:68:03:5e:8d:c0:6b:c2:62:5c:67:53:c4:f8:fd:37:c9:25:3f:95:97:6d:48:6a:1e:07:dd:93:bd:05:60:ea:fd:92:7d:6e:5e:8f:6f:ea:27:a5:20:79:1a:44:c9:d1:a4:05:fe:88:6f:a1:48:4e:fa:72:03:77:3b:d7:2b:05:38:fc:24:57:75:b9:e1:aa:64:95:b0:26:08:0b:fb:8e:03:b9:f2:16:1e:c7:75:4b:7f:be:cc:6b:d5:0f:d5:5c:f8:70:72:48:81:30:ba:ae:0e:b3:9b:4c:88:cd:27:dc:af:f4:89:d0:91:54:79:df:27:db:e3:39:af:0c:8e:d3:5c:87:da:ca:9d:47:e8:26:d7:7a:2f:71:62:0b:0f:1c:86:b8:86:f5:aa:1b:de:ae:7d:8a:bb:8b:39:af:34:a2:93:f4:77:7f:11:71:3e:81:62:46:a9:c3:11:13:81:6b:20:d6:8a:7f:81:cc:cc:4c:89:34:05:1a:bf:65:dc:67:f4:22:39:dd:e3:ad:a4:21:de:76:a3:b6:87:26:5a:8c:4f:7b:0d:38:e3:90:8f:6c:f5:a7:27:0f:34:52:30:fb:22:98:4a:8a:2c:17:e7:6c:9e:cb:95:91:c2:d7:a5:5f:36:a9:b2:90:e5:7b:23:41:70:e0:6c:8e:2c:09:f9:f8:73:ce:a2:22:20:00:64:d4:76:27:44:1a:f1:a5:25:80:73:72:fb:32:fb:7a:73:2c:0f:9a:c8:0b:31:dd:1e:22:f8:70:ed:18:a8:4a:10:c0:59:da:3d:de:59:28:bd:80:67:d7:bd:b5:be:6b:e5:fb:6e:02:81:22:32:a0:e5:87:0b:1c:ec:a0:14:19:45:5b:3a:42:f3:58:dd:87:25:97:0c:d3:c0:03:da:38:48:c9:53:4f:75:83:48:64:7d:45:a1:e7:65:ee:e1:cc:4f:27:bb:ff:c8:62:e7:2a:26:43:83:e6:07:de:03:a7:51:19:2f:c0:de:53:0d:62:e8:93:fe:2c:4d:09:3f:1d:6e:23:1c:cf:3e:d2:96:bd:3c:28:c0:d7:1d:22:4c:78:97:8e:2e:49:00:16:fa:eb:d7:c6:14:89:7c:5b:6a:bf:91:dc:16:28:d4:75:6a:af:34:50:8f:2f:52:c8:f2:1a:36:b3:a4:3f:04:cc:26:40:4f:2b:7a:ff:71:bc:18:f1:00:ff:ba:bf:eb:6e:48:9d:ca:f5:1d:b5:50:0c:a6:11:e7:55:a2:e8:94:99:d3:be:d2:73:09:24:7e:5c:78:35:78:3d:0c:85:31:73:73:f1:a1:48:a5:82:56:e0:cc:20:3f:13:26:9c:d8:ce:94:1e:d0:38:ab:96:57:04:b8:74:42:40:32:d2:18:a1:49:a0:0a:85:b6:ce:c7:34:d8:3a:62:5a:dc:09:b4:9c:64:d1:c4:b1:a0:b8:71:45:f8:79:7d:a9:3f:f1:ae:73:11:99:dc:93:71:66:8c:a3:ee:60:30:71:d9:53:52:67:24:ca:40:ba:d2:6b:d0:fc:75:42:9e:b3:2d:28:80:d5:9d:c2:62:6d:51:8a:02:00:68:98:94:00:ea:3a:ef:a4:da:76:0c:6c:a8:f5:a6:18:d3:74:43:2a:7e:de:24:db:c2:57:09:d8:6e:b7:79:1d:0e:8b:39:1c:19:f1:1f:cb:3c:73:cf:4a:4d:63:dc:ca:d3:47:1a:35:d6:9d:8f:9c:1e:ae:66:e4:f4:f7:0d:f3:3b:8d:b4:b1:83:75:ee:14" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"192\", Nonce=\"Q8NQBIifW6e7INUIn+yRKg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"WG0Jv11e7W+t13zGJqn0Kg==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"192\", Nonce=\"Q8NQBIifW6e7INUIn+yRKg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"WG0Jv11e7W+t13zGJqn0Kg==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "\u00ef\u00bf\u00bd^s \u00ef\u00bf\u00bd,5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdu\"\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bdB\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd-\u001d\u00ef\u00bf\u00bdcE]l\u0001v(\u00ef\u00bf\u00bd\u0007R\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdjZj\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "b0:5e:73:20:88:2c:35:9f:a3:e9:75:22:05:f7:a0:18:d4:42:8f:a8:2d:1d:d1:63:45:5d:6c:01:76:28:f8:07:52:c8:ea:6a:5a:6a:cb:cc:a5:00:41:0e:67:4b:5c:13:06:a3:9d:35:14:ec:64:4c:b8:d4:c8:6a:a6:3d:9b:c3:1c:16:ee:e2:b4:92:37:b1:a1:10:c0:cf:f0:69:e9:87:58:a3:cd:c1:77:97:84:a2:ca:f8:41:7f:16:26:8f:84:b1:b0:2f:23:58:b0:2a:6d:d7:2b:cc:06:68:bb:8a:d4:da:38:7f:7d:b5:44:8b:35:94:61:66:1e:60:ae:69:0b:98:90:63:ee:e7:b4:72:64:f9:31:57:ed:d7:34:0e:06:5e:dd:a9:42:d8:d0:dc:0f:d5:87:e6:a7:82:1d:67:cc:86:01:61:ef:d1:90:1b:dd:db:a7:b7:80:23:05:e8:9d:64:ec:9c:9b:66:a4:51:4a:6f:80:aa:7e:b6:3d:e1:2c:4e:b0:95:c7:d9:da:95:70:5a:29:3f:83:92:37:3e:84:c6:cf:f9:84:13:e2:45:55:82:ab:6c:03:8e:21:e4:7a:f4:da:fe:75:06:ce:a1:b3:20:97:36:7e:6b:93:88:51:b3:59:3b:e8:1e:1d:4d:e2:cc:ab:1f:7f:64:03:ee:df:64:70:6d:74:18:1d:ac:0a:4b:69:35:f4:3a:d9:74:e6:81:4f:08:e0:fc:1e:3e:fa:48:7b:97:73:5d:44:22:fd:f5:80:a1:d8:c7:95:25:f9:c1:59:88:0b:c5:00:70:c4:0c:33:12:66:38:3a:3b:ef:8c:cd:a5:58:ba:24:de:bd:29:ca:37:e0:f0:df:94:aa:9b:c2:6c:6b:eb:3b:1a:b3:d0:a5:63:f0:ed:62:c4:4b:6c:38:32:52:86:86:12:32:85:8f:75:03:ba:62:27:51:10:3c:b0:63:80:0a:88:09:48:5b:8b:bf:91:7e:a9:d7:2e:e1:57:24:89:95:da:29:49:bf:ca:f6:f2:ce:b5:12:27:c3:5b:86:2d:17:35:be:63:47:60:bd:83:e8:fd:f4:7d:7b:ee:c3:d5:a9:ae:1c:d5:26:27:a4:5a:9b:e8:7b:c8:e7:9e:fc:13:b8:f4:3b:4f:5a:1e:d3:04:62:4b:5b:0a:84:fb:0b:30:e7:52:fa:20:fb:c5:4e:34:56:ae:eb:24:2c:4f:f7:87:24:e6:12:6d:7f:ec:cd:10:15:ba:55:1c:85:f4:59:24:25:5c:33:fa:df:44:6d:98:f4:82:df:f4:c0:57:18:a6:f8:83:b4:73:00:5a:25:48:d8:f3:0c:f3:dc:78:d9:b9:44:6a:60:65:81:08:5f:0f:55:b7:db:e8:42:98:97:a7:3e:93:9d:8a:1b:0f:c7:1a:98:90:6e:e4:d8:42:b1:0e:ea:ff:25:f2:c5:07:3a:00:b4:4b:d4:9f:04:9c:da:97:fd:5e:8b:ad:6b:aa:ea:8a:b1:88:6e:35:8b:4a:11:3d:9d:62:f2:86:48:b6:37:65:68:03:5e:8d:c0:6b:c2:62:5c:67:53:c4:f8:fd:37:c9:25:3f:95:97:6d:48:6a:1e:07:dd:93:bd:05:60:ea:fd:92:7d:6e:5e:8f:6f:ea:27:a5:20:79:1a:44:c9:d1:a4:05:fe:88:6f:a1:48:4e:fa:72:03:77:3b:d7:2b:05:38:fc:24:57:75:b9:e1:aa:64:95:b0:26:08:0b:fb:8e:03:b9:f2:16:1e:c7:75:4b:7f:be:cc:6b:d5:0f:d5:5c:f8:70:72:48:81:30:ba:ae:0e:b3:9b:4c:88:cd:27:dc:af:f4:89:d0:91:54:79:df:27:db:e3:39:af:0c:8e:d3:5c:87:da:ca:9d:47:e8:26:d7:7a:2f:71:62:0b:0f:1c:86:b8:86:f5:aa:1b:de:ae:7d:8a:bb:8b:39:af:34:a2:93:f4:77:7f:11:71:3e:81:62:46:a9:c3:11:13:81:6b:20:d6:8a:7f:81:cc:cc:4c:89:34:05:1a:bf:65:dc:67:f4:22:39:dd:e3:ad:a4:21:de:76:a3:b6:87:26:5a:8c:4f:7b:0d:38:e3:90:8f:6c:f5:a7:27:0f:34:52:30:fb:22:98:4a:8a:2c:17:e7:6c:9e:cb:95:91:c2:d7:a5:5f:36:a9:b2:90:e5:7b:23:41:70:e0:6c:8e:2c:09:f9:f8:73:ce:a2:22:20:00:64:d4:76:27:44:1a:f1:a5:25:80:73:72:fb:32:fb:7a:73:2c:0f:9a:c8:0b:31:dd:1e:22:f8:70:ed:18:a8:4a:10:c0:59:da:3d:de:59:28:bd:80:67:d7:bd:b5:be:6b:e5:fb:6e:02:81:22:32:a0:e5:87:0b:1c:ec:a0:14:19:45:5b:3a:42:f3:58:dd:87:25:97:0c:d3:c0:03:da:38:48:c9:53:4f:75:83:48:64:7d:45:a1:e7:65:ee:e1:cc:4f:27:bb:ff:c8:62:e7:2a:26:43:83:e6:07:de:03:a7:51:19:2f:c0:de:53:0d:62:e8:93:fe:2c:4d:09:3f:1d:6e:23:1c:cf:3e:d2:96:bd:3c:28:c0:d7:1d:22:4c:78:97:8e:2e:49:00:16:fa:eb:d7:c6:14:89:7c:5b:6a:bf:91:dc:16:28:d4:75:6a:af:34:50:8f:2f:52:c8:f2:1a:36:b3:a4:3f:04:cc:26:40:4f:2b:7a:ff:71:bc:18:f1:00:ff:ba:bf:eb:6e:48:9d:ca:f5:1d:b5:50:0c:a6:11:e7:55:a2:e8:94:99:d3:be:d2:73:09:24:7e:5c:78:35:78:3d:0c:85:31:73:73:f1:a1:48:a5:82:56:e0:cc:20:3f:13:26:9c:d8:ce:94:1e:d0:38:ab:96:57:04:b8:74:42:40:32:d2:18:a1:49:a0:0a:85:b6:ce:c7:34:d8:3a:62:5a:dc:09:b4:9c:64:d1:c4:b1:a0:b8:71:45:f8:79:7d:a9:3f:f1:ae:73:11:99:dc:93:71:66:8c:a3:ee:60:30:71:d9:53:52:67:24:ca:40:ba:d2:6b:d0:fc:75:42:9e:b3:2d:28:80:d5:9d:c2:62:6d:51:8a:02:00:68:98:94:00:ea:3a:ef:a4:da:76:0c:6c:a8:f5:a6:18:d3:74:43:2a:7e:de:24:db:c2:57:09:d8:6e:b7:79:1d:0e:8b:39:1c:19:f1:1f:cb:3c:73:cf:4a:4d:63:dc:ca:d3:47:1a:35:d6:9d:8f:9c:1e:ae:66:e4:f4:f7:0d:f3:3b:8d:b4:b1:83:75:ee:14" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:16.188220000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494476.188220000", + "frame.time_delta": "0.134220000", + "frame.time_delta_displayed": "0.134220000", + "frame.time_relative": "884.727534000", + "frame.number": "3303", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057d7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00003304", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35303", + "tcp.port": "80", + "tcp.port": "35303", + "tcp.stream": "135", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008dc1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3302", + "tcp.analysis.ack_rtt": "0.134220000", + "tcp.analysis.initial_rtt": "0.134790000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:16.222327000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494476.222327000", + "frame.time_delta": "0.034107000", + "frame.time_delta_displayed": "0.034107000", + "frame.time_relative": "884.761641000", + "frame.number": "3304", + "frame.len": "925", + "frame.cap_len": "925", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "911", + "ip.id": "0x0000678a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00001fea", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35303", + "tcp.port": "80", + "tcp.port": "35303", + "tcp.stream": "135", + "tcp.len": "871", + "tcp.seq": "1", + "tcp.nxtseq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000124b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.134790000", + "tcp.analysis.bytes_in_flight": "871", + "tcp.analysis.push_bytes_sent": "871" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_length_header": "560", + "http.content_length_header_tree": { + "http.content_length": "560" + }, + "http.response.line": "Content-Length: 560\r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Nonce=\"2ZfS9PLIH6y7INUIe9Rh+w==\"", + "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"2ZfS9PLIH6y7INUIe9Rh+w==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Wed, 01 Nov 2017 00:01:15 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:01:15 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.168327000", + "http.request_in": "3302", + "http.file_data": "\u00ef\u00bf\u00bd^s \u00ef\u00bf\u00bd,5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdu\"\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bdB\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd-\u001d\u00ef\u00bf\u00bdcE]l\u0001v(\u00ef\u00bf\u00bd\u0007\u001c$\u00ef\u00bf\u00bdm\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd d)\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd>,\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdng\\8\u00ef\u00bf\u00bdV\u00ef\u00bf\u00bdt]\n|G4\t\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd.\u00ef\u00bf\u00bd\u0003 \u0017\u00ef\u00bf\u00bdi,\u0019\u001bR\u00ef\u00bf\u00bd\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd-\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdG\u00ef\u00bf\u00bd\u0004f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd.\u00ef\u00bf\u00bda\u0007\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0019T\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u007f\u0015\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bddm1\u00ef\u00bf\u00bd\u0015\u000b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bd\u0004\u0013\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdzQ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd@T\u0003\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "b0:5e:73:20:88:2c:35:9f:a3:e9:75:22:05:f7:a0:18:d4:42:8f:a8:2d:1d:d1:63:45:5d:6c:01:76:28:f8:07:1c:24:e7:6d:e7:a1:d0:ff:b7:20:64:29:ac:d7:ae:df:3e:2c:f0:8a:d0:7e:84:86:53:a9:c4:e4:36:8f:b9:6e:67:5c:38:b4:56:d3:74:5d:0a:7c:47:34:09:88:cf:2e:8f:03:20:17:ee:69:2c:19:1b:52:d1:05:82:cc:2d:98:82:ee:f0:47:ae:04:66:dd:90:2e:fa:61:07:f3:c6:ca:d2:19:54:0e:8d:c1:7f:15:ca:a6:ce:64:6d:31:c1:15:0b:b9:cd:d8:11:80:04:13:ea:ae:f0:80:7a:51:b1:97:40:54:03:a8:00:32:1b:31:5d:99:d4:af:43:c4:aa:e9:e8:c4:94:e2:93:80:0c:65:74:d0:45:65:ff:45:d9:e8:e6:5a:a4:8c:81:09:39:6b:27:15:b4:a7:3a:c8:0e:12:e4:17:dd:bb:dd:12:19:88:a0:01:78:06:88:6f:a1:25:fd:78:1f:b6:91:66:11:e5:14:c4:02:93:9a:30:65:68:36:d7:4a:cc:e7:a9:5c:e6:b8:ea:35:20:e3:e1:73:80:14:37:df:f9:bd:55:78:30:f3:8c:19:96:60:1d:6e:88:43:a9:6b:1b:67:f7:22:ec:37:d7:4c:19:12:d7:4d:60:eb:e3:c0:21:af:31:b8:36:a2:f6:55:4b:19:e2:80:bf:77:8d:e7:5a:fc:b8:8b:12:3e:d1:75:90:3f:4c:d9:4d:9b:e4:b9:9c:3a:9c:02:22:14:a2:64:28:02:76:09:b3:25:71:99:7d:12:57:aa:eb:e7:78:f0:bd:b5:93:0f:2a:cb:e6:5b:90:0d:f2:ee:0c:a8:7b:c8:ce:0f:c3:b9:d5:90:10:40:d1:f2:ac:01:4b:d9:f0:37:65:20:68:fb:06:57:84:0f:9f:8b:25:5c:18:d7:75:27:e4:b4:02:a8:ee:0f:13:08:6a:f9:3b:f2:fe:05:7f:dc:37:1c:d1:62:e4:ed:0e:1c:5e:c0:fc:c0:01:50:89:ff:a1:35:96:72:d1:b6:ba:46:45:2d:2b:17:e0:b6:30:b9:ce:81:fe:d3:5b:60:8f:92:03:6c:f5:eb:7b:d2:14:ca:16:71:de:1a:66:9b:aa:6f:6c:84:f8:80:68:8d:69:b6:9b:f5:44:3e:0c:cd:b8:a1:46:6c:45:00:d9:2b:5b:9a:68:21:87:57:2f:74:47:14:96:96:e0:f5:3f:d0:2b:a5:36:26:0e:34:64:a5:50:1e:af:d9:86:3e:fe:c6:b4:ff:5c:ee:d8:9f:e4:64:13:1c:a3:f6:66:64:c2:da:03:4d:0d:b0:3b:8c:a6:57:2f:50:4f:5b:f6:22:78:cb:a7:51:1f:6e:e5:9f:50:c8:f7:94:9b:94:75:05:a3:cb:9d:c4:ff:0b:60:ea:1d" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:16.222413000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494476.222413000", + "frame.time_delta": "0.000086000", + "frame.time_delta_displayed": "0.000086000", + "frame.time_relative": "884.761727000", + "frame.number": "3305", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000678c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000234f", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35303", + "tcp.port": "80", + "tcp.port": "35303", + "tcp.stream": "135", + "tcp.len": "0", + "tcp.seq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008a59", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:16.222891000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494476.222891000", + "frame.time_delta": "0.000478000", + "frame.time_delta_displayed": "0.000478000", + "frame.time_relative": "884.762205000", + "frame.number": "3306", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003417", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000001c5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35303", + "tcp.dstport": "80", + "tcp.port": "35303", + "tcp.port": "80", + "tcp.stream": "135", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "872", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00002aa9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3304", + "tcp.analysis.ack_rtt": "0.000564000", + "tcp.analysis.initial_rtt": "0.134790000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:16.223529000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494476.223529000", + "frame.time_delta": "0.000638000", + "frame.time_delta_displayed": "0.000638000", + "frame.time_relative": "884.762843000", + "frame.number": "3307", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003418", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000001c4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35303", + "tcp.dstport": "80", + "tcp.port": "35303", + "tcp.port": "80", + "tcp.stream": "135", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "873", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00002aa7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3305", + "tcp.analysis.ack_rtt": "0.001116000", + "tcp.analysis.initial_rtt": "0.134790000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:16.242472000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494476.242472000", + "frame.time_delta": "0.018943000", + "frame.time_delta_displayed": "0.018943000", + "frame.time_relative": "884.781786000", + "frame.number": "3308", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000095ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000779d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "41140", + "tcp.nxtseq": "41194", + "tcp.ack": "9436", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e7cd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0a:8d:a7:9e:5a:cf", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493069, TSecr 2812173007": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493069", + "tcp.options.timestamp.tsecr": "2812173007" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:64:b0:1a:e4:b0:63:d0:b6:02:aa:0a:36:b6:5d:aa:b5:5f:c2:ce:e9:f6:cf:73:0a:10:1a:ff:26:bd:df:47:92:4c:b7:04:cc:60:31:c1:2c:fe:c7" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:16.302609000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494476.302609000", + "frame.time_delta": "0.060137000", + "frame.time_delta_displayed": "0.060137000", + "frame.time_relative": "884.841923000", + "frame.number": "3309", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038d3", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9436", + "tcp.ack": "41194", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007cc9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5b:70:00:26:0a:8d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812173168, TSecr 2493069": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812173168", + "tcp.options.timestamp.tsecr": "2493069" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3308", + "tcp.analysis.ack_rtt": "0.060137000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:16.357428000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494476.357428000", + "frame.time_delta": "0.054819000", + "frame.time_delta_displayed": "0.054819000", + "frame.time_relative": "884.896742000", + "frame.number": "3310", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a589", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000e551", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35303", + "tcp.port": "80", + "tcp.port": "35303", + "tcp.stream": "135", + "tcp.len": "0", + "tcp.seq": "873", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008a58", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3307", + "tcp.analysis.ack_rtt": "0.133899000", + "tcp.analysis.initial_rtt": "0.134790000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:17.202450000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494477.202450000", + "frame.time_delta": "0.845022000", + "frame.time_delta_displayed": "0.845022000", + "frame.time_relative": "885.741764000", + "frame.number": "3311", + "frame.len": "159", + "frame.cap_len": "159", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "145", + "ip.id": "0x00002cad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003875", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "93", + "tcp.seq": "9436", + "tcp.nxtseq": "9529", + "tcp.ack": "41194", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c9ac", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5c:51:00:26:0a:8d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812173393, TSecr 2493069": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812173393", + "tcp.options.timestamp.tsecr": "2493069" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "93", + "tcp.analysis.push_bytes_sent": "93" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "88", + "ssl.app_data": "34:cd:34:17:47:48:0e:6c:36:ff:92:39:2d:3f:3f:58:0b:ac:9f:16:21:a9:13:b8:87:e9:cb:9e:ac:13:f5:12:29:53:02:28:03:3a:1d:10:7a:09:4f:24:72:90:cb:9b:4f:17:ed:bf:42:6d:d3:86:ec:20:af:8f:16:34:9b:0c:1d:b8:55:20:ba:b4:96:0e:a1:45:fb:3f:d3:a6:e3:fb:b2:5d:b0:bd:13:68:88:e0" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:17.207602000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494477.207602000", + "frame.time_delta": "0.005152000", + "frame.time_delta_displayed": "0.005152000", + "frame.time_relative": "885.746916000", + "frame.number": "3312", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x000095ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077a3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "41194", + "tcp.nxtseq": "41241", + "tcp.ack": "9529", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006f1f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0a:ed:a7:9e:5c:51", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493165, TSecr 2812173393": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493165", + "tcp.options.timestamp.tsecr": "2812173393" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3311", + "tcp.analysis.ack_rtt": "0.005152000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:65:c5:ad:97:ec:dd:ae:a6:19:c4:b2:0c:b9:a5:78:2d:b5:d6:6f:4b:7f:d9:a1:41:a4:12:00:1b:65:d8:70:f6:38:06:65" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:17.223482000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494477.223482000", + "frame.time_delta": "0.015880000", + "frame.time_delta_displayed": "0.015880000", + "frame.time_relative": "885.762796000", + "frame.number": "3313", + "frame.len": "170", + "frame.cap_len": "170", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "156", + "ip.id": "0x00008922", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004099", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "10024", + "udp.dstport": "1900", + "udp.port": "10024", + "udp.port": "1900", + "udp.length": "136", + "udp.checksum": "0x00005981", + "udp.checksum.status": "2", + "udp.stream": "89" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "MX: 4\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST:239.255.255.250:1900\r\n", + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "3257" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:17.270712000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494477.270712000", + "frame.time_delta": "0.047230000", + "frame.time_delta_displayed": "0.047230000", + "frame.time_relative": "885.810026000", + "frame.number": "3314", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038d1", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9529", + "tcp.ack": "41241", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007aec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5c:61:00:26:0a:ed", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812173409, TSecr 2493165": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812173409", + "tcp.options.timestamp.tsecr": "2493165" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3312", + "tcp.analysis.ack_rtt": "0.063110000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:17.271191000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494477.271191000", + "frame.time_delta": "0.000479000", + "frame.time_delta_displayed": "0.000479000", + "frame.time_relative": "885.810505000", + "frame.number": "3315", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "160", + "ip.id": "0x000095ae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007765", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "108", + "tcp.seq": "41241", + "tcp.nxtseq": "41349", + "tcp.ack": "9529", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003259", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0a:f3:a7:9e:5c:61", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493171, TSecr 2812173409": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493171", + "tcp.options.timestamp.tsecr": "2812173409" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "108", + "tcp.analysis.push_bytes_sent": "108" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:66:e8:22:82:38:d2:b5:19:14:a0:88:29:26:06:c7:ec:27:f5:f0:a7:a7:f8:6b:77:31:3b:88:b9:a5:76:b2:e6:08:42:24:3f:4b:93:6f:3b:39:5a" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:67:8b:f8:03:76:d8:9b:c1:71:6f:37:cf:55:b0:cc:fc:d2:35:4f:3c:16:83:b8:2c:a7:1c:6e:79:ad:31:b7:fd:1e:b1:b7:4a:46:6f:49:81:c8:e4" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:17.331801000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494477.331801000", + "frame.time_delta": "0.060610000", + "frame.time_delta_displayed": "0.060610000", + "frame.time_relative": "885.871115000", + "frame.number": "3316", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002caf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038d0", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9529", + "tcp.ack": "41349", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007a6a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5c:71:00:26:0a:f3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812173425, TSecr 2493171": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812173425", + "tcp.options.timestamp.tsecr": "2493171" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3315", + "tcp.analysis.ack_rtt": "0.060610000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:17.417600000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494477.417600000", + "frame.time_delta": "0.085799000", + "frame.time_delta_displayed": "0.085799000", + "frame.time_relative": "885.956914000", + "frame.number": "3317", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000095af", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007738", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "41349", + "tcp.nxtseq": "41501", + "tcp.ack": "9529", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e82c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0b:02:a7:9e:5c:71", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493186, TSecr 2812173425": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493186", + "tcp.options.timestamp.tsecr": "2812173425" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:68:b9:34:bc:b7:c6:7d:f4:e9:b5:35:04:bb:57:01:90:aa:13:aa:70:c7:94:7b:ab:11:65:ca:b8:8d:5e:62:23:a6:3f:57:d9:f7:e0:6b:13:0d:c8:ee:d9:7d:21:62:4e:e0:17:91:5f:b4:f2:d5:8f:86:62:53:b1:03:fd:63:df:ba:ea:5e:8a:70:d4:6b:19:d4:83:9b:6d:e4:d5:a0:aa:70:79:d7:f9:db:39:0d:8a:0e:18:68:d5:7c:69:84:26:bd:fb:89:55:9e:5e:99:1d:3d:f2:1c:4e:88:c1:ce:47:43:77:86:d5:b5:e4:4d:17:d2:70:53:41:fe:4d:62:76:9b:a0:0e:0f:6f:1a:f6:0a:d8:cf:9b:39" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:17.477988000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494477.477988000", + "frame.time_delta": "0.060388000", + "frame.time_delta_displayed": "0.060388000", + "frame.time_relative": "886.017302000", + "frame.number": "3318", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cb0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038cf", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9529", + "tcp.ack": "41501", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000799f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5c:95:00:26:0b:02", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812173461, TSecr 2493186": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812173461", + "tcp.options.timestamp.tsecr": "2493186" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3317", + "tcp.analysis.ack_rtt": "0.060388000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:17.480002000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494477.480002000", + "frame.time_delta": "0.002014000", + "frame.time_delta_displayed": "0.002014000", + "frame.time_relative": "886.019316000", + "frame.number": "3319", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000095b0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000772e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "41501", + "tcp.nxtseq": "41662", + "tcp.ack": "9529", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008d87", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0b:08:a7:9e:5c:95", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493192, TSecr 2812173461": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493192", + "tcp.options.timestamp.tsecr": "2812173461" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:69:a0:51:9c:54:2c:9f:62:69:2b:02:bb:37:f7:d0:66:2b:b6:7e:49:1b:85:8a:cc:e0:bc:28:1c:a4:94:d8:af:be:86:cd:90:ef:ab:5a:b6:93:ec:df:ab:56:26:ce:0e:90:7e:69:6c:6c:79:be:30:63:48:20:ce:4f:d3:76:db:57:4a:92:23:6f:32:91:d6:6b:59:44:97:04:e5:32:29:56:09:a0:bc:a1:d7:12:fd:71:b1:35:5c:c8:9e:b5:0d:0d:ae:d2:e0:50:6f:cd:c1:c6:c5:e9:b2:14:f7:e9:b6:d8:25:81:6a:0d:3f:bf:e3:7e:91:1b:d4:09:48:bc:72:de:2b:07:e0:5a:c7:f2:c4:fd:4b:5c:b7:02:d1:7b:2e:2e:50:40:c8:50" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:17.540889000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494477.540889000", + "frame.time_delta": "0.060887000", + "frame.time_delta_displayed": "0.060887000", + "frame.time_relative": "886.080203000", + "frame.number": "3320", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cb1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038ce", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9529", + "tcp.ack": "41662", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000078e8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5c:a5:00:26:0b:08", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812173477, TSecr 2493192": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812173477", + "tcp.options.timestamp.tsecr": "2493192" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3319", + "tcp.analysis.ack_rtt": "0.060887000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:17.541421000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494477.541421000", + "frame.time_delta": "0.000532000", + "frame.time_delta_displayed": "0.000532000", + "frame.time_relative": "886.080735000", + "frame.number": "3321", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000095b1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007733", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "41662", + "tcp.nxtseq": "41817", + "tcp.ack": "9529", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000038c6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0b:0e:a7:9e:5c:a5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493198, TSecr 2812173477": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493198", + "tcp.options.timestamp.tsecr": "2812173477" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:6a:be:39:78:dd:f1:0f:06:01:81:66:ef:41:51:3c:7f:bc:04:31:f7:5a:ae:b8:ea:3e:01:31:13:78:c1:a6:93:95:93:23:c9:f1:40:d1:e3:e4:5e:1a:73:52:b8:e3:5a:16:74:d6:24:06:8c:6c:36:0e:d0:17:1a:1d:12:39:c5:23:86:31:91:90:11:22:11:ef:7b:b6:e8:a2:d7:e2:30:c4:9e:28:14:f2:7b:d8:2e:8d:83:37:ed:0e:25:3e:7d:6b:3b:3f:a5:8a:fd:9f:7e:c4:d3:4c:39:16:87:2d:0b:1f:cb:aa:43:36:00:8a:e8:1d:81:cd:25:0f:49:76:ff:f5:a1:59:23:5b:24:c6:2f:06:d4:e2:fd:79:91:48" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:17.601984000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494477.601984000", + "frame.time_delta": "0.060563000", + "frame.time_delta_displayed": "0.060563000", + "frame.time_relative": "886.141298000", + "frame.number": "3322", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cb2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038cd", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9529", + "tcp.ack": "41817", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007838", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5c:b4:00:26:0b:0e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812173492, TSecr 2493198": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812173492", + "tcp.options.timestamp.tsecr": "2493198" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3321", + "tcp.analysis.ack_rtt": "0.060563000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:18.483700000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494478.483700000", + "frame.time_delta": "0.881716000", + "frame.time_delta_displayed": "0.881716000", + "frame.time_relative": "887.023014000", + "frame.number": "3323", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000095b2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007735", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "41817", + "tcp.nxtseq": "41969", + "tcp.ack": "9529", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fb9f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0b:6d:a7:9e:5c:b4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493293, TSecr 2812173492": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493293", + "tcp.options.timestamp.tsecr": "2812173492" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:6b:01:c1:70:77:d7:9d:3e:2a:56:02:63:75:98:50:f2:2a:6b:4a:fc:31:48:49:54:25:ec:81:38:cc:d5:9a:fd:9b:52:ed:92:08:52:af:59:6c:26:63:e2:11:f7:49:09:54:54:da:7a:54:0e:0e:36:06:87:28:cc:7b:5c:4c:b6:dc:82:32:c2:6d:54:7c:74:ee:53:e7:94:f6:b8:50:70:2e:7a:82:26:c8:ba:d9:c1:76:c2:c9:19:f7:3a:4a:0a:08:3c:bb:0b:5a:99:47:ee:b7:0d:2c:71:a4:96:1f:a6:7b:dd:d4:37:a8:a3:62:1a:01:64:d3:81:cd:c1:3e:db:97:fb:ab:c2:ad:16:e2:f8:4e:0e:93:91" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:18.544613000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494478.544613000", + "frame.time_delta": "0.060913000", + "frame.time_delta_displayed": "0.060913000", + "frame.time_relative": "887.083927000", + "frame.number": "3324", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cb3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038cc", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9529", + "tcp.ack": "41969", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007655", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5d:a0:00:26:0b:6d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812173728, TSecr 2493293": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812173728", + "tcp.options.timestamp.tsecr": "2493293" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3323", + "tcp.analysis.ack_rtt": "0.060913000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:18.545455000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494478.545455000", + "frame.time_delta": "0.000842000", + "frame.time_delta_displayed": "0.000842000", + "frame.time_relative": "887.084769000", + "frame.number": "3325", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000095b3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000772b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "41969", + "tcp.nxtseq": "42130", + "tcp.ack": "9529", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000aae7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0b:73:a7:9e:5d:a0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493299, TSecr 2812173728": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493299", + "tcp.options.timestamp.tsecr": "2812173728" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:6c:e2:4e:68:d1:33:fc:8d:2a:95:fc:75:97:a7:ed:1e:8e:13:87:11:fb:9d:a1:9e:2e:5a:26:ae:5e:d4:a4:f9:a5:7e:d2:91:8d:73:da:cf:bd:6f:5e:df:83:73:a2:f2:03:3e:37:de:9d:be:2c:d7:09:e7:03:e8:63:37:db:8e:e4:5b:92:0b:21:8f:af:f5:de:d3:6e:e2:2b:52:d3:21:1e:b1:f7:fe:32:8a:35:f7:38:99:59:35:1b:41:64:8a:d3:76:7d:ed:97:9c:8d:0c:bc:23:3c:b5:87:08:0a:93:ff:75:27:8a:ed:a1:36:ea:27:ca:ab:a3:0b:64:a3:ff:ef:84:86:09:06:ef:e0:95:2e:4b:d8:5c:6f:8d:9e:a1:84:12:40:89:78" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:18.589528000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494478.589528000", + "frame.time_delta": "0.044073000", + "frame.time_delta_displayed": "0.044073000", + "frame.time_relative": "887.128842000", + "frame.number": "3326", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x000090c3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004896", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:18.606883000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494478.606883000", + "frame.time_delta": "0.017355000", + "frame.time_delta_displayed": "0.017355000", + "frame.time_relative": "887.146197000", + "frame.number": "3327", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cb4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038cb", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9529", + "tcp.ack": "42130", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000759f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5d:af:00:26:0b:73", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812173743, TSecr 2493299": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812173743", + "tcp.options.timestamp.tsecr": "2493299" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3325", + "tcp.analysis.ack_rtt": "0.061428000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:18.607331000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494478.607331000", + "frame.time_delta": "0.000448000", + "frame.time_delta_displayed": "0.000448000", + "frame.time_relative": "887.146645000", + "frame.number": "3328", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000095b4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007730", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "42130", + "tcp.nxtseq": "42285", + "tcp.ack": "9529", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fe79", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0b:79:a7:9e:5d:af", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493305, TSecr 2812173743": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493305", + "tcp.options.timestamp.tsecr": "2812173743" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:6d:31:6e:af:a7:eb:11:72:45:ae:c4:bc:f7:47:d3:95:03:39:1f:9f:13:ad:75:35:1c:be:ed:bf:7c:05:bd:89:54:3c:2a:5c:52:47:ad:09:f4:90:57:00:71:1f:3d:36:eb:c1:e4:f9:8c:00:d7:fa:5c:27:7c:cc:82:8e:fb:43:ae:d2:a5:07:e9:75:d2:2f:23:9f:55:69:d1:a9:92:06:fe:b1:dd:e7:92:5f:f0:47:14:5a:04:ea:14:9a:8f:aa:b0:63:ee:15:59:f6:fd:8e:dd:78:13:f2:e4:bf:39:d5:8f:33:c5:fe:7c:f2:5e:0c:02:cc:e2:29:5e:fd:9e:51:9a:ad:d1:bc:c9:2f:18:4d:95:80:45:be:b5:30:ac" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:18.667946000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494478.667946000", + "frame.time_delta": "0.060615000", + "frame.time_delta_displayed": "0.060615000", + "frame.time_relative": "887.207260000", + "frame.number": "3329", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cb5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038ca", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9529", + "tcp.ack": "42285", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000074ee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5d:bf:00:26:0b:79", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812173759, TSecr 2493305": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812173759", + "tcp.options.timestamp.tsecr": "2493305" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3328", + "tcp.analysis.ack_rtt": "0.060615000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:19.243134000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494479.243134000", + "frame.time_delta": "0.575188000", + "frame.time_delta_displayed": "0.575188000", + "frame.time_relative": "887.782448000", + "frame.number": "3330", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000095b5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007794", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "42285", + "tcp.nxtseq": "42339", + "tcp.ack": "9529", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a8c4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0b:b9:a7:9e:5d:bf", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493369, TSecr 2812173759": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493369", + "tcp.options.timestamp.tsecr": "2812173759" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:6e:f4:2b:d3:6c:6f:dc:f4:9a:77:02:90:4e:8d:0c:10:9c:3c:2d:11:34:00:05:eb:86:01:04:02:c0:b2:be:e8:bb:9f:92:0b:b9:f6:b1:c1:21:90" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:19.303241000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494479.303241000", + "frame.time_delta": "0.060107000", + "frame.time_delta_displayed": "0.060107000", + "frame.time_relative": "887.842555000", + "frame.number": "3331", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cb6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038c9", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9529", + "tcp.ack": "42339", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000073d9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5e:5e:00:26:0b:b9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812173918, TSecr 2493369": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812173918", + "tcp.options.timestamp.tsecr": "2493369" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3330", + "tcp.analysis.ack_rtt": "0.060107000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:19.437907000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494479.437907000", + "frame.time_delta": "0.134666000", + "frame.time_delta_displayed": "0.134666000", + "frame.time_relative": "887.977221000", + "frame.number": "3332", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000095b6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007793", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "42339", + "tcp.nxtseq": "42393", + "tcp.ack": "9529", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000063c6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0b:cc:a7:9e:5e:5e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493388, TSecr 2812173918": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493388", + "tcp.options.timestamp.tsecr": "2812173918" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:6f:8d:b1:69:ba:dd:29:da:30:4a:6e:d6:55:c6:50:ae:e2:8b:a6:41:c2:2f:94:f3:63:7f:66:a3:22:a2:03:cb:7e:e4:ed:d6:16:bd:fe:15:6a:5f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:19.497950000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494479.497950000", + "frame.time_delta": "0.060043000", + "frame.time_delta_displayed": "0.060043000", + "frame.time_relative": "888.037264000", + "frame.number": "3333", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cb7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038c8", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9529", + "tcp.ack": "42393", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007360", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5e:8e:00:26:0b:cc", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812173966, TSecr 2493388": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812173966", + "tcp.options.timestamp.tsecr": "2493388" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3332", + "tcp.analysis.ack_rtt": "0.060043000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:19.498451000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494479.498451000", + "frame.time_delta": "0.000501000", + "frame.time_delta_displayed": "0.000501000", + "frame.time_relative": "888.037765000", + "frame.number": "3334", + "frame.len": "336", + "frame.cap_len": "336", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "322", + "ip.id": "0x000095b7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "270", + "tcp.seq": "42393", + "tcp.nxtseq": "42663", + "tcp.ack": "9529", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c0b1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0b:d2:a7:9e:5e:8e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493394, TSecr 2812173966": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493394", + "tcp.options.timestamp.tsecr": "2812173966" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "270", + "tcp.analysis.push_bytes_sent": "270" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "265", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:70:18:81:49:18:34:ae:46:e4:b1:07:80:75:94:a5:d0:b2:ed:38:20:f3:17:f0:3a:3b:be:1b:25:69:a4:e5:3b:2d:55:c9:66:63:d6:3c:38:8d:cf:01:2d:1b:c8:e6:59:45:55:5c:a9:45:af:ae:b3:50:59:45:19:ff:f9:a9:3f:8a:3b:9d:ce:ab:7c:50:66:d0:b2:f0:fc:3b:f0:78:bd:fd:4f:a1:8c:20:8b:c4:de:ae:f7:26:63:5a:73:0a:43:d6:ab:d0:34:0a:4e:62:db:8b:31:29:56:d4:82:b7:7c:95:f3:04:54:10:81:b4:9d:72:c9:a5:c0:cd:96:9e:f0:a8:91:86:fe:61:ff:5e:6d:10:08:5f:a4:a2:52:5f:34:64:ca:5e:67:3c:d8:a8:54:3f:3d:7b:d9:90:3a:a0:b8:08:21:93:27:6a:bb:64:6d:6e:4f:33:c4:09:7b:ef:5b:a3:05:d8:dd:62:97:84:f3:43:da:95:f7:04:6f:77:d8:bd:04:fd:74:e4:f7:59:be:09:c6:35:9b:1a:4f:0a:87:a6:3b:91:61:6f:87:61:d0:9f:d4:f0:c2:ea:08:ad:e4:6f:8a:a6:b4:8b:cf:81:79:4e:e4:5b:e1:03:13:c0:8c:ab:cf:2d:de:7d:18:ee:42:de:99:72:16:c6:b4:68:1d:75:70" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:19.558558000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494479.558558000", + "frame.time_delta": "0.060107000", + "frame.time_delta_displayed": "0.060107000", + "frame.time_relative": "888.097872000", + "frame.number": "3335", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cb8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038c7", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "9529", + "tcp.ack": "42663", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000723c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5e:9e:00:26:0b:d2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812173982, TSecr 2493394": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812173982", + "tcp.options.timestamp.tsecr": "2493394" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3334", + "tcp.analysis.ack_rtt": "0.060107000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:19.559305000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494479.559305000", + "frame.time_delta": "0.000747000", + "frame.time_delta_displayed": "0.000747000", + "frame.time_relative": "888.098619000", + "frame.number": "3336", + "frame.len": "157", + "frame.cap_len": "157", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "143", + "ip.id": "0x00002cb9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000386b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "91", + "tcp.seq": "9529", + "tcp.nxtseq": "9620", + "tcp.ack": "42663", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006f68", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5e:9e:00:26:0b:d2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812173982, TSecr 2493394": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812173982", + "tcp.options.timestamp.tsecr": "2493394" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "91", + "tcp.analysis.push_bytes_sent": "91" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "86", + "ssl.app_data": "34:cd:34:17:47:48:0e:6d:b6:4b:21:a6:b3:75:5f:18:56:b8:97:ce:c0:1a:8d:ae:04:96:1c:59:b6:a5:18:d1:04:0f:7b:ca:f0:16:27:16:17:b2:2d:e5:78:4d:d5:c8:88:d1:4b:dc:06:79:ff:a1:eb:6a:a2:31:ba:c4:7c:63:30:7d:50:2c:e0:13:9e:89:96:6c:d8:99:43:60:c3:6d:96:6a:2d:53:94:a7" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:19.563637000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494479.563637000", + "frame.time_delta": "0.004332000", + "frame.time_delta_displayed": "0.004332000", + "frame.time_relative": "888.102951000", + "frame.number": "3337", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x000095b8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007798", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "42663", + "tcp.nxtseq": "42710", + "tcp.ack": "9620", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b892", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0b:d9:a7:9e:5e:9e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493401, TSecr 2812173982": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493401", + "tcp.options.timestamp.tsecr": "2812173982" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3336", + "tcp.analysis.ack_rtt": "0.004332000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:71:ea:ac:bb:67:0f:3f:ff:fa:e6:d2:c9:df:b3:d2:64:23:5c:40:04:ea:2c:cc:5d:71:be:ab:8e:a5:f4:28:55:3e:01:2f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:19.579833000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494479.579833000", + "frame.time_delta": "0.016196000", + "frame.time_delta_displayed": "0.016196000", + "frame.time_relative": "888.119147000", + "frame.number": "3338", + "frame.len": "440", + "frame.cap_len": "440", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "426", + "ip.id": "0x00002cba", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000374f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "374", + "tcp.seq": "9620", + "tcp.nxtseq": "9994", + "tcp.ack": "42663", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005c0d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5e:a3:00:26:0b:d2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812173987, TSecr 2493394": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812173987", + "tcp.options.timestamp.tsecr": "2493394" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "374", + "tcp.analysis.push_bytes_sent": "374" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "369", + "ssl.app_data": "34:cd:34:17:47:48:0e:6e:84:9d:2c:c1:d0:80:d1:2d:02:ba:5f:a0:eb:22:77:cd:c2:82:41:da:77:4b:06:e8:9c:c6:1a:14:26:e9:a1:78:bd:df:e5:4c:f6:c8:60:5f:59:03:c3:1f:02:b1:d7:54:34:ef:aa:00:5d:fe:ac:08:f5:ca:6d:b1:b9:5e:f4:19:12:47:ae:53:9e:13:a0:0b:c7:44:84:5a:7b:37:0a:d7:79:a0:69:a9:61:f5:61:2b:37:8d:18:54:8f:b5:4f:97:c0:37:31:6d:3b:5a:64:9e:b0:89:08:b2:8f:5a:19:1a:e1:72:38:af:06:7f:0e:e8:de:2f:fa:5e:e5:7a:c9:ae:86:d9:ad:b7:e6:39:8f:1e:cd:26:57:b7:2a:85:6b:2c:71:8e:c9:94:ad:1f:83:35:68:14:2c:e2:99:62:b6:65:b8:51:85:44:ab:02:d9:b5:0b:b9:3f:61:3c:36:ab:bd:45:ed:1a:15:81:5b:d3:0d:21:66:b5:1e:8a:5f:c6:30:7d:fe:4c:49:0e:6a:0c:e5:cc:2e:f9:35:36:96:6b:f5:d5:5f:f8:a6:0e:cf:04:2c:9d:ae:81:f8:4a:05:88:0b:ef:ac:6a:a2:ed:21:63:78:71:c8:f9:bb:5e:17:8b:98:4c:08:25:a4:b7:76:92:0a:a0:c1:80:1f:7f:2c:54:84:9b:a2:ce:d7:5e:2b:fb:5f:b4:05:88:8c:20:0b:10:ea:7e:fa:f8:46:bb:58:e0:c4:24:9c:5a:a4:6b:6c:a4:2b:51:1b:a2:b3:1c:25:db:37:12:34:cf:c6:da:e5:dc:f1:62:b0:4e:9b:8f:b9:62:f8:a1:0b:26:0a:a2:91:ac:60:4f:7d:a4:a3:35:88:3b:b3:44:c9:3d:c1:b8:9c:f8:d1:67:d0:c3:d8:02:79:52:0f:d0:93:57:b9:18:1a:e6:0e:59:96:c4:8f:30:13:04:22:3e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:19.612035000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494479.612035000", + "frame.time_delta": "0.032202000", + "frame.time_delta_displayed": "0.032202000", + "frame.time_relative": "888.151349000", + "frame.number": "3339", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000095b9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000077c6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "42710", + "tcp.ack": "9994", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006f3c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0b:de:a7:9e:5e:a3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493406, TSecr 2812173987": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493406", + "tcp.options.timestamp.tsecr": "2812173987" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3338", + "tcp.analysis.ack_rtt": "0.032202000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:19.624383000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494479.624383000", + "frame.time_delta": "0.012348000", + "frame.time_delta_displayed": "0.012348000", + "frame.time_relative": "888.163697000", + "frame.number": "3340", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002cbb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003895", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "9994", + "tcp.nxtseq": "10041", + "tcp.ack": "42710", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000094db", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5e:ae:00:26:0b:d9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812173998, TSecr 2493401": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812173998", + "tcp.options.timestamp.tsecr": "2493401" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3337", + "tcp.analysis.ack_rtt": "0.060746000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:6f:59:92:56:d7:fb:5e:fd:04:05:1e:0a:6a:d3:2a:5e:18:0c:4a:cc:4b:84:c9:9a:73:51:19:59:6e:38:1d:b0:92:dc:57" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:19.624876000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494479.624876000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "888.164190000", + "frame.number": "3341", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000095ba", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007724", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "42710", + "tcp.nxtseq": "42871", + "tcp.ack": "10041", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000058f3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0b:df:a7:9e:5e:ae", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493407, TSecr 2812173998": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493407", + "tcp.options.timestamp.tsecr": "2812173998" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3340", + "tcp.analysis.ack_rtt": "0.000493000", + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:72:07:06:4a:96:ba:08:99:0c:b7:05:f9:ad:63:b3:bf:eb:9b:59:98:b7:e5:a6:69:31:2b:f6:d6:08:88:28:82:b9:85:09:f8:52:89:8a:cd:cc:1f" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:73:e7:e5:16:c9:53:4e:3a:49:52:cd:e9:1b:f7:2d:b2:a8:b9:a8:8f:ea:59:f6:97:b8:56:d9:6b:ee:50:1e:ee:67:76:c3:fb:66:e7:7c:8b:9f" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:74:65:e7:21:9a:d7:50:21:81:11:7c:8f:68:88:f1:0b:71:bd:a0:8f:2c:23:2a:c9:87:f2:a6:23:ad:52:05:c5:a9:b5:55:f2:f8:2c:f5:b1:b6:fe" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:19.722642000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494479.722642000", + "frame.time_delta": "0.097766000", + "frame.time_delta_displayed": "0.097766000", + "frame.time_relative": "888.261956000", + "frame.number": "3342", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cbc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038c3", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10041", + "tcp.ack": "42871", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006f36", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5e:c7:00:26:0b:df", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812174023, TSecr 2493407": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812174023", + "tcp.options.timestamp.tsecr": "2493407" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3341", + "tcp.analysis.ack_rtt": "0.097766000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:19.723167000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494479.723167000", + "frame.time_delta": "0.000525000", + "frame.time_delta_displayed": "0.000525000", + "frame.time_relative": "888.262481000", + "frame.number": "3343", + "frame.len": "526", + "frame.cap_len": "526", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "512", + "ip.id": "0x000095bb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075f8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "460", + "tcp.seq": "42871", + "tcp.nxtseq": "43331", + "tcp.ack": "10041", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007422", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0b:e9:a7:9e:5e:c7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493417, TSecr 2812174023": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493417", + "tcp.options.timestamp.tsecr": "2812174023" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "460", + "tcp.analysis.push_bytes_sent": "460" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "354", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:75:02:fb:e4:e1:84:4f:f7:99:57:5f:c6:9f:3c:13:cd:10:cb:26:65:b6:71:35:4d:2b:d0:bf:a8:cf:6d:59:36:fe:29:63:9c:93:d5:0c:3d:2d:47:1f:95:5e:b6:09:12:7c:9a:62:4d:65:ef:3c:63:58:a8:c3:68:39:0b:a0:b7:31:9a:c5:6e:52:e8:e9:db:04:93:24:23:14:85:07:61:9b:7b:0b:c8:08:bf:53:b6:ca:01:a7:23:4a:39:7b:32:05:a4:36:80:71:8a:ad:77:97:22:4f:48:c6:ff:ad:35:8f:ed:aa:1d:75:ed:44:1e:f2:f9:be:0a:81:76:3d:79:5d:a4:c8:f4:92:d5:c8:01:d7:43:07:f6:70:c8:b5:6d:4d:08:56:87:ef:87:87:4b:8d:43:4d:8e:4a:91:47:43:6c:a3:d4:66:05:52:c1:4a:6a:52:63:a9:f9:fc:60:a0:91:4c:0b:99:c2:48:5c:1e:2a:d3:b1:b4:52:9e:e7:b0:37:a1:d3:a6:97:c9:f9:eb:48:72:a9:e2:90:26:fe:b4:74:6e:48:1f:a2:d5:fd:53:2f:20:47:77:da:60:5a:df:2d:57:bb:38:53:59:ab:05:07:ce:6f:1a:7c:4d:bf:47:5b:7b:b7:bb:09:b9:8a:77:1f:31:aa:1f:42:15:d2:79:26:a9:bd:ab:b4:4d:8d:1f:9a:cd:95:49:14:c3:aa:a1:0c:2c:36:6c:f5:80:55:9f:62:9a:6b:d5:c5:18:54:a5:be:51:27:87:df:82:cc:30:d9:a8:93:13:10:95:b8:6f:45:c8:d6:15:52:02:bc:cb:07:08:27:9a:6d:26:de:e4:94:54:8f:be:02:0c:a5:36:77:26:e3:6d:04:a5:05:d6:f9:98:c1:f3:ef:d5:dc:03:d2:c8:55" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:76:11:27:ce:4d:ea:dc:f9:01:20:44:ac:4d:95:51:28:66:e5:e8:9f:3d:54:8c:28:a6:87:02:cc:ea:73:b0:62:be:4d:64" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:77:5b:d9:c6:64:88:08:ca:53:c3:10:0b:48:59:32:df:41:ba:c7:e3:a7:a9:86:ab:18:5d:58:98:6b:4c:81:34:1c:38:f0:9a:7a:b4:3b:07:2e:9b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:19.783378000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494479.783378000", + "frame.time_delta": "0.060211000", + "frame.time_delta_displayed": "0.060211000", + "frame.time_relative": "888.322692000", + "frame.number": "3344", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cbd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038c2", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10041", + "tcp.ack": "43331", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006d51", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5e:d6:00:26:0b:e9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812174038, TSecr 2493417": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812174038", + "tcp.options.timestamp.tsecr": "2493417" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3343", + "tcp.analysis.ack_rtt": "0.060211000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:19.785313000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494479.785313000", + "frame.time_delta": "0.001935000", + "frame.time_delta_displayed": "0.001935000", + "frame.time_relative": "888.324627000", + "frame.number": "3345", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002cbe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003892", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "10041", + "tcp.nxtseq": "10088", + "tcp.ack": "43331", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008a60", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5e:d6:00:26:0b:e9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812174038, TSecr 2493417": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812174038", + "tcp.options.timestamp.tsecr": "2493417" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:70:d6:f4:0d:f1:53:57:38:2f:bb:a3:60:f5:20:5a:55:f2:e6:81:34:99:98:03:f8:c6:db:63:ec:64:be:16:17:3b:ab:af" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:19.793438000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494479.793438000", + "frame.time_delta": "0.008125000", + "frame.time_delta_displayed": "0.008125000", + "frame.time_relative": "888.332752000", + "frame.number": "3346", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x000095bc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007794", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "43331", + "tcp.nxtseq": "43378", + "tcp.ack": "10088", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000eaa7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0b:f0:a7:9e:5e:d6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493424, TSecr 2812174038": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493424", + "tcp.options.timestamp.tsecr": "2812174038" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3345", + "tcp.analysis.ack_rtt": "0.008125000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:78:48:39:d5:38:d2:41:5e:ef:e5:1e:4b:cb:bf:eb:9f:12:a8:92:73:14:10:83:6f:f4:cf:60:de:b5:12:13:99:e0:58:54" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:19.890462000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494479.890462000", + "frame.time_delta": "0.097024000", + "frame.time_delta_displayed": "0.097024000", + "frame.time_relative": "888.429776000", + "frame.number": "3347", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cbf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038c0", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10088", + "tcp.ack": "43378", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006cd1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5e:f1:00:26:0b:f0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812174065, TSecr 2493424": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812174065", + "tcp.options.timestamp.tsecr": "2493424" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3346", + "tcp.analysis.ack_rtt": "0.097024000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:19.890943000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494479.890943000", + "frame.time_delta": "0.000481000", + "frame.time_delta_displayed": "0.000481000", + "frame.time_relative": "888.430257000", + "frame.number": "3348", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000095bd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000778c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "43378", + "tcp.nxtseq": "43432", + "tcp.ack": "10088", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000017d7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0b:f9:a7:9e:5e:f1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493433, TSecr 2812174065": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493433", + "tcp.options.timestamp.tsecr": "2812174065" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:79:70:ae:99:50:b0:7f:bf:92:a5:9f:3c:98:03:9e:04:e1:b5:04:56:37:a6:96:29:ab:16:a4:55:a0:5a:bd:b9:57:8c:96:51:49:9e:12:d6:40:91" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:19.951137000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494479.951137000", + "frame.time_delta": "0.060194000", + "frame.time_delta_displayed": "0.060194000", + "frame.time_relative": "888.490451000", + "frame.number": "3349", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cc0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038bf", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10088", + "tcp.ack": "43432", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006c83", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5f:00:00:26:0b:f9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812174080, TSecr 2493433": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812174080", + "tcp.options.timestamp.tsecr": "2493433" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3348", + "tcp.analysis.ack_rtt": "0.060194000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:20.204210000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494480.204210000", + "frame.time_delta": "0.253073000", + "frame.time_delta_displayed": "0.253073000", + "frame.time_relative": "888.743524000", + "frame.number": "3350", + "frame.len": "143", + "frame.cap_len": "143", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "129", + "ip.id": "0x00002cc1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003871", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "77", + "tcp.seq": "10088", + "tcp.nxtseq": "10165", + "tcp.ack": "43432", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000322a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5f:3f:00:26:0b:f9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812174143, TSecr 2493433": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812174143", + "tcp.options.timestamp.tsecr": "2493433" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "77", + "tcp.analysis.push_bytes_sent": "77" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "72", + "ssl.app_data": "34:cd:34:17:47:48:0e:71:43:1c:50:e7:5d:70:81:31:88:a6:90:43:11:91:5e:9b:fb:3b:ec:bd:36:24:60:f8:05:a8:b0:cf:3f:48:00:17:37:8f:67:0a:e3:a2:74:2d:4f:0d:1b:0c:b0:a9:b0:ce:c4:dc:1c:04:51:8f:f5:a3:43:c3:eb:2c:d6:0e:a3:81" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:20.208125000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494480.208125000", + "frame.time_delta": "0.003915000", + "frame.time_delta_displayed": "0.003915000", + "frame.time_relative": "888.747439000", + "frame.number": "3351", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x000095be", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007792", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "43432", + "tcp.nxtseq": "43479", + "tcp.ack": "10165", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007368", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0c:19:a7:9e:5f:3f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493465, TSecr 2812174143": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493465", + "tcp.options.timestamp.tsecr": "2812174143" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3350", + "tcp.analysis.ack_rtt": "0.003915000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:7a:d8:66:fa:fb:96:cc:c9:9a:02:61:27:30:b9:b9:a5:8e:90:c5:67:56:90:5a:e9:e8:43:64:4f:93:2e:c5:6e:b9:c9:03" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:20.222861000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494480.222861000", + "frame.time_delta": "0.014736000", + "frame.time_delta_displayed": "0.014736000", + "frame.time_relative": "888.762175000", + "frame.number": "3352", + "frame.len": "154", + "frame.cap_len": "154", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "140", + "ip.id": "0x000089f8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00003fd3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "10023", + "udp.dstport": "1900", + "udp.port": "10023", + "udp.port": "1900", + "udp.length": "120", + "udp.checksum": "0x000043d3", + "udp.checksum.status": "2", + "udp.stream": "88" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "MX: 4\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST:239.255.255.250:1900\r\n", + "http.request.line": "ST: urn:Belkin:device:insight:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "3277" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:20.268936000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494480.268936000", + "frame.time_delta": "0.046075000", + "frame.time_delta_displayed": "0.046075000", + "frame.time_relative": "888.808250000", + "frame.number": "3353", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cc2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038bd", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10165", + "tcp.ack": "43479", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006b98", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5f:4f:00:26:0c:19", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812174159, TSecr 2493465": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812174159", + "tcp.options.timestamp.tsecr": "2493465" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3351", + "tcp.analysis.ack_rtt": "0.060811000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:20.269462000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494480.269462000", + "frame.time_delta": "0.000526000", + "frame.time_delta_displayed": "0.000526000", + "frame.time_relative": "888.808776000", + "frame.number": "3354", + "frame.len": "145", + "frame.cap_len": "145", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "131", + "ip.id": "0x000095bf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007771", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "79", + "tcp.seq": "43479", + "tcp.nxtseq": "43558", + "tcp.ack": "10165", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000031e5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0c:1f:a7:9e:5f:4f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493471, TSecr 2812174159": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493471", + "tcp.options.timestamp.tsecr": "2812174159" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "79", + "tcp.analysis.push_bytes_sent": "79" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "74", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:7b:dc:8d:46:d3:fd:8d:91:3a:ec:30:fa:02:d8:f0:0f:11:42:0c:71:89:22:64:04:79:1c:2d:4b:7e:ac:04:9c:2c:a8:3d:74:97:4e:d4:ea:73:eb:c4:0d:18:7d:14:b5:47:36:68:f3:37:d3:7b:f6:aa:40:e1:15:ba:6e:90:c4:14:3d:90" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:20.329716000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494480.329716000", + "frame.time_delta": "0.060254000", + "frame.time_delta_displayed": "0.060254000", + "frame.time_relative": "888.869030000", + "frame.number": "3355", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cc3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038bc", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10165", + "tcp.ack": "43558", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006b34", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5f:5e:00:26:0c:1f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812174174, TSecr 2493471": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812174174", + "tcp.options.timestamp.tsecr": "2493471" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3354", + "tcp.analysis.ack_rtt": "0.060254000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:20.374781000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494480.374781000", + "frame.time_delta": "0.045065000", + "frame.time_delta_displayed": "0.045065000", + "frame.time_relative": "888.914095000", + "frame.number": "3356", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "14:91:82:25:10:77", + "arp.src.proto_ipv4": "192.168.0.65", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:20.375209000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494480.375209000", + "frame.time_delta": "0.000428000", + "frame.time_delta_displayed": "0.000428000", + "frame.time_relative": "888.914523000", + "frame.number": "3357", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "14:91:82:25:10:77", + "arp.dst.proto_ipv4": "192.168.0.65" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:20.394735000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494480.394735000", + "frame.time_delta": "0.019526000", + "frame.time_delta_displayed": "0.019526000", + "frame.time_relative": "888.934049000", + "frame.number": "3358", + "frame.len": "444", + "frame.cap_len": "444", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "430", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b6bb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3118", + "udp.dstport": "10023", + "udp.port": "3118", + "udp.port": "10023", + "udp.length": "410", + "udp.checksum": "0x000053fa", + "udp.checksum.status": "2", + "udp.stream": "92" + }, + "data": { + "data.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:41:43:48:45:2d:43:4f:4e:54:52:4f:4c:3a:20:6d:61:78:2d:61:67:65:3d:38:36:34:30:30:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:30:31:3a:32:30:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:4c:4f:43:41:54:49:4f:4e:3a:20:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:36:35:3a:34:39:31:35:34:2f:73:65:74:75:70:2e:78:6d:6c:0d:0a:4f:50:54:3a:20:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:75:70:6e:70:2e:6f:72:67:2f:75:70:6e:70:2f:31:2f:30:2f:22:3b:20:6e:73:3d:30:31:0d:0a:30:31:2d:4e:4c:53:3a:20:61:30:66:33:37:36:66:61:2d:31:64:64:31:2d:31:31:62:32:2d:62:65:35:36:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:53:54:3a:20:75:72:6e:3a:42:65:6c:6b:69:6e:3a:64:65:76:69:63:65:3a:69:6e:73:69:67:68:74:3a:31:0d:0a:55:53:4e:3a:20:75:75:69:64:3a:49:6e:73:69:67:68:74:2d:31:5f:30:2d:32:33:31:36:32:30:4b:31:32:30:30:38:30:45:3a:3a:75:72:6e:3a:42:65:6c:6b:69:6e:3a:64:65:76:69:63:65:3a:69:6e:73:69:67:68:74:3a:31:0d:0a:0d:0a", + "data.len": "402" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:20.411375000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494480.411375000", + "frame.time_delta": "0.016640000", + "frame.time_delta_displayed": "0.016640000", + "frame.time_relative": "888.950689000", + "frame.number": "3359", + "frame.len": "226", + "frame.cap_len": "226", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "212", + "ip.id": "0x000095c0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000771f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "160", + "tcp.seq": "43558", + "tcp.nxtseq": "43718", + "tcp.ack": "10165", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e145", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0c:2d:a7:9e:5f:5e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493485, TSecr 2812174174": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493485", + "tcp.options.timestamp.tsecr": "2812174174" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "160", + "tcp.analysis.push_bytes_sent": "160" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "155", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:7c:27:2a:0b:8d:73:be:ca:3a:2a:26:d4:bf:08:c5:64:c7:a7:69:f9:6c:a0:80:3f:6e:05:7b:a4:e6:0b:5a:d5:f3:41:e0:5f:64:a1:79:89:ab:47:54:29:3b:87:92:62:be:ec:21:64:4f:b9:92:55:95:4e:f2:b4:bf:82:66:ea:7a:bd:dc:ca:af:13:cc:63:f2:ac:b6:95:39:8b:8f:bd:74:34:e3:d6:54:a2:9f:e0:5a:56:48:96:00:62:bb:48:bf:b2:e1:c5:6e:5e:95:e1:b3:8b:d4:6e:e6:1c:99:f0:23:eb:ef:1d:69:71:8c:f0:4d:f6:c6:6a:fb:4c:47:36:68:c4:70:63:d4:41:82:e2:ff:fc:9a:0f:82:b6:01:7b:0c:16:ac:e6" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:20.471655000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494480.471655000", + "frame.time_delta": "0.060280000", + "frame.time_delta_displayed": "0.060280000", + "frame.time_relative": "889.010969000", + "frame.number": "3360", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cc4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038bb", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10165", + "tcp.ack": "43718", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006a62", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5f:82:00:26:0c:2d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812174210, TSecr 2493485": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812174210", + "tcp.options.timestamp.tsecr": "2493485" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3359", + "tcp.analysis.ack_rtt": "0.060280000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:20.472146000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494480.472146000", + "frame.time_delta": "0.000491000", + "frame.time_delta_displayed": "0.000491000", + "frame.time_relative": "889.011460000", + "frame.number": "3361", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000095c1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007726", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "43718", + "tcp.nxtseq": "43870", + "tcp.ack": "10165", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000086c0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0c:34:a7:9e:5f:82", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493492, TSecr 2812174210": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493492", + "tcp.options.timestamp.tsecr": "2812174210" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:7d:92:59:de:39:f4:69:f2:e6:15:c6:90:40:5c:2f:12:fa:fa:e7:ea:0e:40:3c:bd:b4:39:19:e2:60:41:59:ea:41:34:6a:12:3a:11:3e:85:23:77:f6:10:be:16:58:dd:34:7f:be:f8:4d:71:9a:24:7f:5e:aa:6b:b4:bf:8c:8f:e4:ea:d3:14:79:71:4e:0f:be:16:49:aa:0b:d8:61:bb:c6:88:bc:8f:8b:99:d7:ad:92:a4:75:64:53:05:d9:ac:53:f6:84:f4:0c:d2:dd:15:c5:7f:86:5c:d2:18:a2:10:1a:e7:a4:60:32:94:45:e5:94:ac:d2:c4:f3:a0:7f:3f:5e:07:68:ce:0b:0e:ac:12:c9:a5:a4:5b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:20.532372000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494480.532372000", + "frame.time_delta": "0.060226000", + "frame.time_delta_displayed": "0.060226000", + "frame.time_relative": "889.071686000", + "frame.number": "3362", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cc5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038ba", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10165", + "tcp.ack": "43870", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000069b4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5f:91:00:26:0c:34", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812174225, TSecr 2493492": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812174225", + "tcp.options.timestamp.tsecr": "2493492" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3361", + "tcp.analysis.ack_rtt": "0.060226000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:20.532865000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494480.532865000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "889.072179000", + "frame.number": "3363", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000095c2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000771c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "43870", + "tcp.nxtseq": "44031", + "tcp.ack": "10165", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008194", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0c:3a:a7:9e:5f:91", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493498, TSecr 2812174225": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493498", + "tcp.options.timestamp.tsecr": "2812174225" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:7e:17:db:02:39:9a:6a:f9:1e:79:b9:88:be:b6:5e:04:b5:ef:57:0c:07:93:50:fe:28:28:0f:02:fb:08:02:d6:6c:11:85:02:44:a1:6d:b0:6c:99:6b:f0:0a:66:65:32:73:f6:3e:9b:f2:27:d8:2d:3c:a3:02:96:1e:46:55:77:d0:63:26:f6:b4:c0:75:1e:2d:7c:bb:89:1d:65:de:36:17:ba:56:e2:58:97:4f:0f:92:cc:82:93:d2:ec:aa:30:43:9b:ff:ee:fa:4e:01:5b:49:84:2f:53:82:28:77:da:67:a4:c6:d0:f1:00:9e:11:10:52:c2:b5:3c:0f:a6:47:5a:02:b1:25:c9:9a:e2:08:56:b8:8f:04:1c:bf:40:ee:72:59:2d:d9:5e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:20.619068000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494480.619068000", + "frame.time_delta": "0.086203000", + "frame.time_delta_displayed": "0.086203000", + "frame.time_relative": "889.158382000", + "frame.number": "3364", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cc6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038b9", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10165", + "tcp.ack": "44031", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000068fe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5f:a0:00:26:0c:3a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812174240, TSecr 2493498": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812174240", + "tcp.options.timestamp.tsecr": "2493498" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3363", + "tcp.analysis.ack_rtt": "0.086203000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:20.619562000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494480.619562000", + "frame.time_delta": "0.000494000", + "frame.time_delta_displayed": "0.000494000", + "frame.time_relative": "889.158876000", + "frame.number": "3365", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000095c3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007721", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "44031", + "tcp.nxtseq": "44186", + "tcp.ack": "10165", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e0e3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0c:42:a7:9e:5f:a0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493506, TSecr 2812174240": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493506", + "tcp.options.timestamp.tsecr": "2812174240" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:7f:e5:8a:17:73:54:ec:d5:1e:23:d6:03:16:ac:26:f1:81:e3:27:16:b3:d0:50:41:1c:2f:6f:37:a3:f3:0b:46:a2:d8:cb:4b:4b:9f:4f:21:bd:70:bc:99:ce:c7:0f:d1:15:bf:cf:ee:76:a0:d3:54:fa:07:2c:96:8a:70:ee:06:d6:cf:dd:2e:12:7e:a4:5a:ef:98:5d:53:8d:81:d1:2e:4f:09:6e:24:67:6c:1b:ed:f3:ca:3f:93:0f:82:a6:67:69:91:61:b0:a5:1e:9e:f4:09:c5:ec:43:4b:0e:6c:9c:62:48:bd:58:70:56:ae:6b:6f:96:2f:1b:83:99:55:a5:e8:ff:a9:72:81:e7:21:1d:fb:1e:bd:1c:95:34:30" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:20.679715000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494480.679715000", + "frame.time_delta": "0.060153000", + "frame.time_delta_displayed": "0.060153000", + "frame.time_relative": "889.219029000", + "frame.number": "3366", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cc7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038b8", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10165", + "tcp.ack": "44186", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006845", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:5f:b6:00:26:0c:42", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812174262, TSecr 2493506": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812174262", + "tcp.options.timestamp.tsecr": "2493506" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3365", + "tcp.analysis.ack_rtt": "0.060153000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:21.493447000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494481.493447000", + "frame.time_delta": "0.813732000", + "frame.time_delta_displayed": "0.813732000", + "frame.time_relative": "890.032761000", + "frame.number": "3367", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000095c4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007723", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "44186", + "tcp.nxtseq": "44338", + "tcp.ack": "10165", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c8a5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0c:9a:a7:9e:5f:b6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493594, TSecr 2812174262": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493594", + "tcp.options.timestamp.tsecr": "2812174262" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:80:d4:06:fd:92:2f:07:7f:be:e5:6a:68:57:09:b1:a7:2a:41:09:c4:e5:cf:a9:78:47:ed:ee:0b:1a:99:39:be:07:f6:dc:e4:0f:0e:6c:9d:26:dc:7d:24:e7:fb:b8:fa:66:a8:26:31:de:d2:01:5c:7d:8c:2c:5a:62:92:6c:12:b2:98:5c:2c:a6:12:de:a6:e7:7e:d9:34:24:e2:f4:66:97:b2:20:06:62:76:bc:23:e1:d7:d4:10:b4:ee:cc:65:d8:e1:82:e7:ec:a7:75:6c:a3:a7:29:8b:4d:77:1d:56:6c:7d:ca:93:88:6f:74:e7:28:82:73:60:50:8d:4d:87:b2:c3:c9:bf:58:74:f0:23:76:0d:ed:f6" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:21.553727000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494481.553727000", + "frame.time_delta": "0.060280000", + "frame.time_delta_displayed": "0.060280000", + "frame.time_relative": "890.093041000", + "frame.number": "3368", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cc8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038b7", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10165", + "tcp.ack": "44338", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000667b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:60:90:00:26:0c:9a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812174480, TSecr 2493594": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812174480", + "tcp.options.timestamp.tsecr": "2493594" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3367", + "tcp.analysis.ack_rtt": "0.060280000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:21.554220000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494481.554220000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "890.093534000", + "frame.number": "3369", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000095c5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007719", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "44338", + "tcp.nxtseq": "44499", + "tcp.ack": "10165", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009f38", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0c:a0:a7:9e:60:90", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493600, TSecr 2812174480": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493600", + "tcp.options.timestamp.tsecr": "2812174480" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:81:7a:c7:75:b6:18:00:5c:da:75:14:38:3e:76:19:89:73:75:13:49:dc:7e:aa:4a:bb:50:f4:db:20:c0:ee:8e:02:84:86:d9:3f:58:1a:5b:e4:0f:28:83:3f:1a:39:5a:40:e1:dd:ab:dd:dd:96:21:c1:b0:b7:75:c1:90:cb:8b:67:44:44:f5:3b:78:d5:58:2e:d4:8a:09:c6:b0:96:14:7b:b4:dd:38:3f:0f:d2:29:96:7e:de:eb:63:4e:3b:8c:ec:f8:66:3a:b6:54:f1:72:19:74:49:b8:ac:fc:1e:f7:e7:46:7f:2f:4e:a3:bb:cc:33:97:24:38:d9:d4:38:24:51:ad:72:a1:1f:a7:a3:6f:94:53:5e:29:a7:08:fa:27:89:b5:fe:d9:46" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:21.615496000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494481.615496000", + "frame.time_delta": "0.061276000", + "frame.time_delta_displayed": "0.061276000", + "frame.time_relative": "890.154810000", + "frame.number": "3370", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cc9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038b6", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10165", + "tcp.ack": "44499", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000065c4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:60:a0:00:26:0c:a0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812174496, TSecr 2493600": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812174496", + "tcp.options.timestamp.tsecr": "2493600" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3369", + "tcp.analysis.ack_rtt": "0.061276000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:21.615987000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494481.615987000", + "frame.time_delta": "0.000491000", + "frame.time_delta_displayed": "0.000491000", + "frame.time_relative": "890.155301000", + "frame.number": "3371", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000095c6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000771e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "44499", + "tcp.nxtseq": "44654", + "tcp.ack": "10165", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000676d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0c:a6:a7:9e:60:a0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493606, TSecr 2812174496": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493606", + "tcp.options.timestamp.tsecr": "2812174496" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:82:86:d2:55:58:01:a0:c8:5f:fb:c0:f2:f6:a9:0b:6f:ae:89:67:b5:b1:2a:f6:7f:e6:12:77:41:88:3f:6d:60:5b:5c:94:a0:82:4c:25:91:57:1a:67:26:06:ff:8b:b0:0d:81:7b:af:1e:dd:8a:0e:05:8a:8a:dc:1c:58:12:98:0d:9d:71:51:20:9c:88:29:3d:0c:13:14:94:de:08:5e:05:ac:d3:dd:3c:56:3b:50:f5:3e:7c:ae:a5:da:77:52:29:a6:9c:e4:ef:ad:c8:fd:d8:7b:18:e6:68:d1:4b:29:ef:77:85:52:b7:1e:a8:d4:45:76:00:5e:eb:72:e4:cf:01:89:2f:f0:5f:e4:14:4c:20:aa:ef:4d:02:6f:78" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:21.676099000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494481.676099000", + "frame.time_delta": "0.060112000", + "frame.time_delta_displayed": "0.060112000", + "frame.time_relative": "890.215413000", + "frame.number": "3372", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038b5", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10165", + "tcp.ack": "44654", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006514", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:60:af:00:26:0c:a6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812174511, TSecr 2493606": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812174511", + "tcp.options.timestamp.tsecr": "2493606" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3371", + "tcp.analysis.ack_rtt": "0.060112000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:22.210433000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494482.210433000", + "frame.time_delta": "0.534334000", + "frame.time_delta_displayed": "0.534334000", + "frame.time_relative": "890.749747000", + "frame.number": "3373", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:22.210883000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494482.210883000", + "frame.time_delta": "0.000450000", + "frame.time_delta_displayed": "0.000450000", + "frame.time_relative": "890.750197000", + "frame.number": "3374", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:22.243287000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494482.243287000", + "frame.time_delta": "0.032404000", + "frame.time_delta_displayed": "0.032404000", + "frame.time_relative": "890.782601000", + "frame.number": "3375", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000095c7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007782", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "44654", + "tcp.nxtseq": "44708", + "tcp.ack": "10165", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000030d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0c:e5:a7:9e:60:af", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493669, TSecr 2812174511": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493669", + "tcp.options.timestamp.tsecr": "2812174511" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:83:7c:df:11:31:82:c8:61:fb:58:08:ec:f2:ff:11:ed:b7:07:a0:54:32:9e:be:ec:0f:8e:ef:0e:3b:16:dd:e3:52:f5:87:46:54:2c:97:cf:cd:20" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:22.303694000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494482.303694000", + "frame.time_delta": "0.060407000", + "frame.time_delta_displayed": "0.060407000", + "frame.time_relative": "890.843008000", + "frame.number": "3376", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ccb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038b4", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10165", + "tcp.ack": "44708", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006402", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:61:4c:00:26:0c:e5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812174668, TSecr 2493669": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812174668", + "tcp.options.timestamp.tsecr": "2493669" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3375", + "tcp.analysis.ack_rtt": "0.060407000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:23.204022000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494483.204022000", + "frame.time_delta": "0.900328000", + "frame.time_delta_displayed": "0.900328000", + "frame.time_relative": "891.743336000", + "frame.number": "3377", + "frame.len": "146", + "frame.cap_len": "146", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "132", + "ip.id": "0x00002ccc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003863", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "80", + "tcp.seq": "10165", + "tcp.nxtseq": "10245", + "tcp.ack": "44708", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e04f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:62:2d:00:26:0c:e5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812174893, TSecr 2493669": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812174893", + "tcp.options.timestamp.tsecr": "2493669" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "80", + "tcp.analysis.push_bytes_sent": "80" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "75", + "ssl.app_data": "34:cd:34:17:47:48:0e:72:93:57:e6:66:14:78:54:de:d4:87:bd:12:5d:4a:80:b8:b8:a0:ac:ac:f0:42:78:95:b8:59:27:2a:2d:09:6d:d7:90:15:52:e2:aa:1e:b6:32:e4:b4:ed:0a:e8:a9:9a:4a:62:57:08:e9:22:7a:fa:38:e6:8c:ef:61:ed:c3:0a:07:fb:96:33" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:23.208040000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494483.208040000", + "frame.time_delta": "0.004018000", + "frame.time_delta_displayed": "0.004018000", + "frame.time_relative": "891.747354000", + "frame.number": "3378", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x000095c8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007788", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "44708", + "tcp.nxtseq": "44755", + "tcp.ack": "10245", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000030b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0d:45:a7:9e:62:2d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493765, TSecr 2812174893": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493765", + "tcp.options.timestamp.tsecr": "2812174893" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3377", + "tcp.analysis.ack_rtt": "0.004018000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:84:fb:b6:ea:8e:e7:ae:43:cc:3a:c9:d8:56:f9:62:61:25:94:01:41:b5:e1:a4:d0:84:27:6b:cb:82:32:b8:7d:4e:cb:6d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:23.223874000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494483.223874000", + "frame.time_delta": "0.015834000", + "frame.time_delta_displayed": "0.015834000", + "frame.time_relative": "891.763188000", + "frame.number": "3379", + "frame.len": "157", + "frame.cap_len": "157", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "143", + "ip.id": "0x00008b1a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00003eae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "10024", + "udp.dstport": "1900", + "udp.port": "10024", + "udp.port": "1900", + "udp.length": "123", + "udp.checksum": "0x00006e5f", + "udp.checksum.status": "2", + "udp.stream": "89" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "MX: 4\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST:239.255.255.250:1900\r\n", + "http.request.line": "ST: urn:Belkin:device:controllee:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "3313" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:23.268985000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494483.268985000", + "frame.time_delta": "0.045111000", + "frame.time_delta_displayed": "0.045111000", + "frame.time_relative": "891.808299000", + "frame.number": "3380", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ccd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038b2", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10245", + "tcp.ack": "44755", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006232", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:62:3d:00:26:0d:45", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812174909, TSecr 2493765": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812174909", + "tcp.options.timestamp.tsecr": "2493765" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3378", + "tcp.analysis.ack_rtt": "0.060945000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:23.269492000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494483.269492000", + "frame.time_delta": "0.000507000", + "frame.time_delta_displayed": "0.000507000", + "frame.time_relative": "891.808806000", + "frame.number": "3381", + "frame.len": "145", + "frame.cap_len": "145", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "131", + "ip.id": "0x000095c9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007767", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "79", + "tcp.seq": "44755", + "tcp.nxtseq": "44834", + "tcp.ack": "10245", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c8ec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0d:4b:a7:9e:62:3d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493771, TSecr 2812174909": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493771", + "tcp.options.timestamp.tsecr": "2812174909" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "79", + "tcp.analysis.push_bytes_sent": "79" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "74", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:85:91:46:cc:00:d5:60:d6:f3:aa:a0:89:28:d8:95:14:d4:12:a7:94:f0:72:fa:a0:75:f4:0b:80:d3:d7:b1:f9:cc:23:2f:35:2f:2f:8e:da:0c:82:1f:16:09:a2:0f:f4:b4:f7:ce:b0:98:06:0a:79:aa:29:7b:e3:60:98:5d:48:06:06:7b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:23.329857000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494483.329857000", + "frame.time_delta": "0.060365000", + "frame.time_delta_displayed": "0.060365000", + "frame.time_relative": "891.869171000", + "frame.number": "3382", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038b1", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10245", + "tcp.ack": "44834", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000061ce", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:62:4c:00:26:0d:4b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812174924, TSecr 2493771": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812174924", + "tcp.options.timestamp.tsecr": "2493771" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3381", + "tcp.analysis.ack_rtt": "0.060365000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:23.434548000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494483.434548000", + "frame.time_delta": "0.104691000", + "frame.time_delta_displayed": "0.104691000", + "frame.time_relative": "891.973862000", + "frame.number": "3383", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000095ca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000771d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "44834", + "tcp.nxtseq": "44986", + "tcp.ack": "10245", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000075e3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0d:5c:a7:9e:62:4c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493788, TSecr 2812174924": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493788", + "tcp.options.timestamp.tsecr": "2812174924" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:86:df:bc:88:53:66:27:fc:72:09:68:5a:df:eb:c5:da:87:da:b6:06:d8:ea:85:27:b8:d6:f8:13:03:61:92:ec:6b:eb:86:11:e2:99:16:4e:02:da:5e:34:b9:0c:80:73:85:0e:f8:b3:c7:5a:3f:0b:aa:fe:f3:07:78:54:a3:79:52:c5:c0:43:a9:6d:00:2d:43:47:14:61:56:f4:35:c6:e6:79:41:e3:ac:ce:54:ee:d5:3d:0a:32:01:fd:d1:de:6d:07:6f:ce:98:69:fc:78:a2:d7:00:7f:a0:08:0f:8b:1d:74:16:34:e7:b6:78:17:7b:54:b1:73:c6:65:0d:8b:5a:66:e2:63:dc:bc:75:b9:38:d4:fc:44" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:23.455514000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494483.455514000", + "frame.time_delta": "0.020966000", + "frame.time_delta_displayed": "0.020966000", + "frame.time_relative": "891.994828000", + "frame.number": "3384", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "94:10:3e:36:60:09", + "arp.src.proto_ipv4": "192.168.0.225", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:23.455945000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494483.455945000", + "frame.time_delta": "0.000431000", + "frame.time_delta_displayed": "0.000431000", + "frame.time_relative": "891.995259000", + "frame.number": "3385", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "94:10:3e:36:60:09", + "arp.dst.proto_ipv4": "192.168.0.225" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:23.462923000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494483.462923000", + "frame.time_delta": "0.006978000", + "frame.time_delta_displayed": "0.006978000", + "frame.time_relative": "892.002237000", + "frame.number": "3386", + "frame.len": "450", + "frame.cap_len": "450", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "436", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b615", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3077", + "udp.dstport": "10024", + "udp.port": "3077", + "udp.port": "10024", + "udp.length": "416", + "udp.checksum": "0x0000f982", + "udp.checksum.status": "2", + "udp.stream": "93" + }, + "data": { + "data.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:41:43:48:45:2d:43:4f:4e:54:52:4f:4c:3a:20:6d:61:78:2d:61:67:65:3d:38:36:34:30:30:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:30:31:3a:32:33:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:4c:4f:43:41:54:49:4f:4e:3a:20:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:32:32:35:3a:34:39:31:35:33:2f:73:65:74:75:70:2e:78:6d:6c:0d:0a:4f:50:54:3a:20:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:75:70:6e:70:2e:6f:72:67:2f:75:70:6e:70:2f:31:2f:30:2f:22:3b:20:6e:73:3d:30:31:0d:0a:30:31:2d:4e:4c:53:3a:20:61:35:61:35:62:30:39:36:2d:31:64:64:31:2d:31:31:62:32:2d:62:64:62:38:2d:38:32:36:39:32:65:66:62:30:64:37:65:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:53:54:3a:20:75:72:6e:3a:42:65:6c:6b:69:6e:3a:64:65:76:69:63:65:3a:63:6f:6e:74:72:6f:6c:6c:65:65:3a:31:0d:0a:55:53:4e:3a:20:75:75:69:64:3a:53:6f:63:6b:65:74:2d:31:5f:30:2d:32:32:31:35:32:33:4b:30:31:30:30:42:31:31:3a:3a:75:72:6e:3a:42:65:6c:6b:69:6e:3a:64:65:76:69:63:65:3a:63:6f:6e:74:72:6f:6c:6c:65:65:3a:31:0d:0a:0d:0a", + "data.len": "408" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:23.494756000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494483.494756000", + "frame.time_delta": "0.031833000", + "frame.time_delta_displayed": "0.031833000", + "frame.time_relative": "892.034070000", + "frame.number": "3387", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ccf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038b0", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10245", + "tcp.ack": "44986", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000060fb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:62:76:00:26:0d:5c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812174966, TSecr 2493788": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812174966", + "tcp.options.timestamp.tsecr": "2493788" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3383", + "tcp.analysis.ack_rtt": "0.060208000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:23.495260000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494483.495260000", + "frame.time_delta": "0.000504000", + "frame.time_delta_displayed": "0.000504000", + "frame.time_relative": "892.034574000", + "frame.number": "3388", + "frame.len": "231", + "frame.cap_len": "231", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "217", + "ip.id": "0x000095cb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000770f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "165", + "tcp.seq": "44986", + "tcp.nxtseq": "45151", + "tcp.ack": "10245", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001d7b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0d:62:a7:9e:62:76", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493794, TSecr 2812174966": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493794", + "tcp.options.timestamp.tsecr": "2812174966" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "165", + "tcp.analysis.push_bytes_sent": "165" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "160", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:87:77:4d:3d:ee:bb:0a:d6:98:66:8a:11:69:0c:4d:5c:52:d5:e8:56:c3:5e:8f:46:0b:1d:62:0a:d5:a2:60:2a:b7:38:aa:4f:7e:2a:6e:ed:55:23:1b:5a:dc:d1:30:67:09:8e:f0:78:01:9f:3a:62:83:5a:bc:aa:17:92:d2:24:6e:95:2a:92:da:a6:49:21:40:ef:73:8d:f3:64:3b:e8:a7:28:c0:d7:8c:87:83:c9:2e:5b:b2:52:b2:b6:1c:83:5e:51:4b:b7:d5:89:29:50:75:2f:93:85:62:28:33:e6:c3:ca:b7:46:2e:d0:90:ee:99:63:9f:0d:97:ac:33:a5:3e:c2:5d:17:13:91:6c:65:2c:5c:4e:bc:d2:0c:df:40:a0:11:f1:3d:81:66:e5:9b:38" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:23.555584000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494483.555584000", + "frame.time_delta": "0.060324000", + "frame.time_delta_displayed": "0.060324000", + "frame.time_relative": "892.094898000", + "frame.number": "3389", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cd0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038af", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10245", + "tcp.ack": "45151", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006041", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:62:85:00:26:0d:62", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812174981, TSecr 2493794": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812174981", + "tcp.options.timestamp.tsecr": "2493794" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3388", + "tcp.analysis.ack_rtt": "0.060324000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:23.556093000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494483.556093000", + "frame.time_delta": "0.000509000", + "frame.time_delta_displayed": "0.000509000", + "frame.time_relative": "892.095407000", + "frame.number": "3390", + "frame.len": "382", + "frame.cap_len": "382", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "368", + "ip.id": "0x000095cc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007677", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "316", + "tcp.seq": "45151", + "tcp.nxtseq": "45467", + "tcp.ack": "10245", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bb1b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0d:68:a7:9e:62:85", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493800, TSecr 2812174981": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493800", + "tcp.options.timestamp.tsecr": "2812174981" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "316", + "tcp.analysis.push_bytes_sent": "316" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:88:85:3c:ba:72:89:9d:b2:0c:e8:8e:31:d7:92:f8:34:35:4a:7b:2e:0f:1b:8a:e7:6c:08:91:5e:4e:2d:e5:fd:c8:3a:e2:0a:1f:88:f4:62:3e:cd:c8:70:d9:11:28:55:79:e7:21:64:f5:0e:f9:5c:06:e7:b3:a5:04:11:3b:6b:7b:5b:25:5f:9e:37:a5:56:35:b1:c0:f0:20:b8:63:84:5d:5c:0d:b1:85:48:72:de:ef:f1:ca:50:ea:72:bf:f7:02:cf:0e:3c:53:77:24:fc:23:21:d1:0f:62:7c:f2:1e:69:ee:45:bf:31:09:2d:8a:2d:da:2d:f9:1a:72:9b:0b:8c:3f:6e:e3:5c:ac:49:d0:ae:7f:bd:88:1a:89:5f:4a:aa:75:ed:2d:8a" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:89:ae:86:f3:a8:ec:c9:99:7f:d6:e4:26:01:73:91:ae:98:a4:5c:85:d2:bd:e9:e1:29:1c:7a:a9:76:2a:da:37:83:81:75:1a:73:a6:a1:25:83:90:1c:5a:bb:c1:b8:15:c6:45:3e:76:34:99:a5:7a:e1:40:b8:98:82:e5:20:30:92:b6:ce:41:da:92:38:34:ed:a4:e8:ec:20:ef:82:da:6e:9c:c1:c1:0f:b6:ba:7d:ba:2f:0d:23:23:e7:ed:3b:e1:3a:74:1b:fa:c4:2e:9e:02:e2:bd:b7:ef:05:a9:b8:ca:a3:90:6c:09:a3:d3:1d:f8:2d:35:f3:a3:38:ef:d1:b5:29:c7:ad:63:e0:55:0b:e5:96:49:9a:30:fe:d4" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:23.616230000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494483.616230000", + "frame.time_delta": "0.060137000", + "frame.time_delta_displayed": "0.060137000", + "frame.time_relative": "892.155544000", + "frame.number": "3391", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cd1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038ae", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10245", + "tcp.ack": "45467", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005ef0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:62:94:00:26:0d:68", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812174996, TSecr 2493800": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812174996", + "tcp.options.timestamp.tsecr": "2493800" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3390", + "tcp.analysis.ack_rtt": "0.060137000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:24.433147000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494484.433147000", + "frame.time_delta": "0.816917000", + "frame.time_delta_displayed": "0.816917000", + "frame.time_relative": "892.972461000", + "frame.number": "3392", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000095cd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000771a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "45467", + "tcp.nxtseq": "45619", + "tcp.ack": "10245", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008a96", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0d:c0:a7:9e:62:94", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493888, TSecr 2812174996": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493888", + "tcp.options.timestamp.tsecr": "2812174996" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:8a:b7:bb:f5:bc:b9:12:c7:f6:a1:05:de:53:eb:53:da:59:f5:3e:e1:7a:92:ba:65:b1:18:72:dc:f9:27:5f:0c:e3:26:f2:f0:c8:8d:01:d3:98:f0:29:80:19:ee:69:ed:f9:34:78:57:47:92:54:67:cc:7d:26:ed:f1:39:d9:e8:fc:0d:86:74:0e:b6:66:da:bc:58:10:86:6f:38:9e:a7:3c:f7:27:03:38:17:bd:32:81:81:b6:b1:8d:7d:04:80:7f:67:e0:ce:46:e3:77:a6:6f:d1:f5:59:1f:80:ba:97:7f:59:33:05:e2:83:31:60:74:2d:38:0b:59:2d:9b:e4:0b:46:d3:89:af:60:ec:d7:cc:36:ae:f6" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:24.493320000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494484.493320000", + "frame.time_delta": "0.060173000", + "frame.time_delta_displayed": "0.060173000", + "frame.time_relative": "893.032634000", + "frame.number": "3393", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cd2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038ad", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10245", + "tcp.ack": "45619", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005d25", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:63:6f:00:26:0d:c0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812175215, TSecr 2493888": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812175215", + "tcp.options.timestamp.tsecr": "2493888" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3392", + "tcp.analysis.ack_rtt": "0.060173000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:24.493842000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494484.493842000", + "frame.time_delta": "0.000522000", + "frame.time_delta_displayed": "0.000522000", + "frame.time_relative": "893.033156000", + "frame.number": "3394", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000095ce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007710", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "45619", + "tcp.nxtseq": "45780", + "tcp.ack": "10245", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d20e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0d:c6:a7:9e:63:6f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493894, TSecr 2812175215": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493894", + "tcp.options.timestamp.tsecr": "2812175215" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:8b:ea:2b:73:d4:3e:88:6b:29:0a:a7:08:50:50:c4:99:ee:a3:3a:1f:da:0e:a6:67:12:e2:c5:d5:f9:65:aa:5c:07:99:f0:b8:39:f8:bd:0b:60:95:a2:91:ef:d0:3a:31:1f:44:67:00:c3:09:94:16:1a:45:08:fa:55:d1:87:ed:ca:3d:0c:73:16:6f:e4:74:93:32:70:1c:d9:85:f0:cc:8a:bd:38:8a:09:00:d6:93:a7:58:90:a9:d1:85:94:42:2e:56:1a:24:c6:24:6e:b9:19:0f:32:91:f6:58:42:78:06:2e:d3:22:f8:29:89:c4:ff:80:a4:3f:c2:35:6a:fd:37:ec:46:45:a4:7a:4d:43:2b:0c:cf:76:67:c9:8b:d3:cb:bb:83:17:43" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:24.554006000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494484.554006000", + "frame.time_delta": "0.060164000", + "frame.time_delta_displayed": "0.060164000", + "frame.time_relative": "893.093320000", + "frame.number": "3395", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cd3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038ac", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10245", + "tcp.ack": "45780", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005c6f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:63:7e:00:26:0d:c6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812175230, TSecr 2493894": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812175230", + "tcp.options.timestamp.tsecr": "2493894" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3394", + "tcp.analysis.ack_rtt": "0.060164000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:24.554487000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494484.554487000", + "frame.time_delta": "0.000481000", + "frame.time_delta_displayed": "0.000481000", + "frame.time_relative": "893.093801000", + "frame.number": "3396", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000095cf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007715", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "45780", + "tcp.nxtseq": "45935", + "tcp.ack": "10245", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d3c4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0d:cc:a7:9e:63:7e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493900, TSecr 2812175230": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493900", + "tcp.options.timestamp.tsecr": "2812175230" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:8c:df:4d:cd:c1:db:e0:b0:a5:61:44:90:dc:6c:85:ce:41:cb:3f:8c:78:88:22:b5:59:58:1f:a5:63:0b:6b:f7:3b:7d:18:0a:e9:68:81:32:34:6d:b5:dc:79:2d:33:08:85:40:f0:ea:7e:01:a9:ea:10:fe:e6:12:62:55:32:7c:b7:40:dd:46:7c:25:56:49:9c:6e:91:b2:40:cf:84:aa:14:36:da:b0:bb:cf:6c:72:86:1d:b3:8f:f4:c9:65:c7:69:7f:04:4b:b5:c0:81:c3:31:4d:9d:b2:8e:ab:db:cf:18:61:ed:ee:68:61:88:25:66:60:e9:fc:6e:88:cd:05:0b:bc:44:bd:0d:bd:45:91:a3:07:e4:91:df:71:fc" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:24.615055000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494484.615055000", + "frame.time_delta": "0.060568000", + "frame.time_delta_displayed": "0.060568000", + "frame.time_relative": "893.154369000", + "frame.number": "3397", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cd4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038ab", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10245", + "tcp.ack": "45935", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005bbe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:63:8e:00:26:0d:cc", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812175246, TSecr 2493900": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812175246", + "tcp.options.timestamp.tsecr": "2493900" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3396", + "tcp.analysis.ack_rtt": "0.060568000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:25.240483000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494485.240483000", + "frame.time_delta": "0.625428000", + "frame.time_delta_displayed": "0.625428000", + "frame.time_relative": "893.779797000", + "frame.number": "3398", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000095d0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007779", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "45935", + "tcp.nxtseq": "45989", + "tcp.ack": "10245", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003098", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0e:10:a7:9e:63:8e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2493968, TSecr 2812175246": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2493968", + "tcp.options.timestamp.tsecr": "2812175246" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:8d:d9:2e:57:68:32:10:63:c6:81:0c:1c:d0:a4:9b:c5:93:29:de:a5:ad:25:4c:11:db:24:77:f0:48:9e:e5:af:c6:bd:26:92:53:e2:d0:0d:b1:1c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:25.300638000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494485.300638000", + "frame.time_delta": "0.060155000", + "frame.time_delta_displayed": "0.060155000", + "frame.time_relative": "893.839952000", + "frame.number": "3399", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cd5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038aa", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10245", + "tcp.ack": "45989", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005a99", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:64:39:00:26:0e:10", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812175417, TSecr 2493968": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812175417", + "tcp.options.timestamp.tsecr": "2493968" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3398", + "tcp.analysis.ack_rtt": "0.060155000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:25.394059000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494485.394059000", + "frame.time_delta": "0.093421000", + "frame.time_delta_displayed": "0.093421000", + "frame.time_relative": "893.933373000", + "frame.number": "3400", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "14:91:82:25:10:77", + "arp.src.proto_ipv4": "192.168.0.65", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:25.394495000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494485.394495000", + "frame.time_delta": "0.000436000", + "frame.time_delta_displayed": "0.000436000", + "frame.time_relative": "893.933809000", + "frame.number": "3401", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "14:91:82:25:10:77", + "arp.dst.proto_ipv4": "192.168.0.65" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:26.204947000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494486.204947000", + "frame.time_delta": "0.810452000", + "frame.time_delta_displayed": "0.810452000", + "frame.time_relative": "894.744261000", + "frame.number": "3402", + "frame.len": "142", + "frame.cap_len": "142", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "128", + "ip.id": "0x00002cd6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000385d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "76", + "tcp.seq": "10245", + "tcp.nxtseq": "10321", + "tcp.ack": "45989", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000264e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:65:1b:00:26:0e:10", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812175643, TSecr 2493968": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812175643", + "tcp.options.timestamp.tsecr": "2493968" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "76", + "tcp.analysis.push_bytes_sent": "76" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "71", + "ssl.app_data": "34:cd:34:17:47:48:0e:73:31:96:52:c1:53:00:0d:53:67:d8:ff:df:08:ac:61:8c:82:57:47:85:80:47:2b:8e:16:d4:5a:fc:d4:05:1e:bf:c0:44:51:e6:50:e2:9f:2f:f1:6e:4c:29:71:6f:dc:06:d6:37:4e:82:5c:7c:2c:f2:28:25:c4:6b:49:49:51" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:26.209290000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494486.209290000", + "frame.time_delta": "0.004343000", + "frame.time_delta_displayed": "0.004343000", + "frame.time_relative": "894.748604000", + "frame.number": "3403", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x000095d1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000777f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "45989", + "tcp.nxtseq": "46036", + "tcp.ack": "10321", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e2e2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0e:71:a7:9e:65:1b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2494065, TSecr 2812175643": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2494065", + "tcp.options.timestamp.tsecr": "2812175643" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3402", + "tcp.analysis.ack_rtt": "0.004343000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:8e:83:83:e7:f7:25:82:90:24:80:71:ba:e0:b1:3c:f3:50:dc:c0:96:c1:ce:d2:b1:58:8f:21:83:66:49:d6:3d:0d:52:cb" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:26.224136000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494486.224136000", + "frame.time_delta": "0.014846000", + "frame.time_delta_displayed": "0.014846000", + "frame.time_relative": "894.763450000", + "frame.number": "3404", + "frame.len": "153", + "frame.cap_len": "153", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "139", + "ip.id": "0x00008b54", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00003e78", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "10023", + "udp.dstport": "1900", + "udp.port": "10023", + "udp.port": "1900", + "udp.length": "119", + "udp.checksum": "0x0000482d", + "udp.checksum.status": "2", + "udp.stream": "88" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "MX: 4\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST:239.255.255.250:1900\r\n", + "http.request.line": "ST: urn:Belkin:device:sensor:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "3352" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:26.269633000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494486.269633000", + "frame.time_delta": "0.045497000", + "frame.time_delta_displayed": "0.045497000", + "frame.time_relative": "894.808947000", + "frame.number": "3405", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cd7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038a8", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10321", + "tcp.ack": "46036", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000058cb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:65:2b:00:26:0e:71", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812175659, TSecr 2494065": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812175659", + "tcp.options.timestamp.tsecr": "2494065" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3403", + "tcp.analysis.ack_rtt": "0.060343000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:26.270078000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494486.270078000", + "frame.time_delta": "0.000445000", + "frame.time_delta_displayed": "0.000445000", + "frame.time_relative": "894.809392000", + "frame.number": "3406", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "160", + "ip.id": "0x000095d2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007741", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "108", + "tcp.seq": "46036", + "tcp.nxtseq": "46144", + "tcp.ack": "10321", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007529", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0e:77:a7:9e:65:2b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2494071, TSecr 2812175659": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2494071", + "tcp.options.timestamp.tsecr": "2812175659" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "108", + "tcp.analysis.push_bytes_sent": "108" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:8f:fc:cf:4e:26:b9:33:59:24:33:12:c4:79:9c:df:2b:ff:03:d9:ca:d1:41:06:5f:f9:a8:2a:83:36:12:f8:25:40:4e:23:66:f9:b7:f3:75:e5:5f" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:90:24:7d:03:f0:ca:3b:8d:02:9c:9b:f2:26:92:64:f2:d5:d7:61:1d:fc:a2:60:0b:04:e7:ee:9d:52:38:7c:6f:f0:99:00:c5:8b:bf:29:7d:f1:c5" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:26.330369000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494486.330369000", + "frame.time_delta": "0.060291000", + "frame.time_delta_displayed": "0.060291000", + "frame.time_relative": "894.869683000", + "frame.number": "3407", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cd8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038a7", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10321", + "tcp.ack": "46144", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000584a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:65:3a:00:26:0e:77", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812175674, TSecr 2494071": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812175674", + "tcp.options.timestamp.tsecr": "2494071" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3406", + "tcp.analysis.ack_rtt": "0.060291000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:26.431570000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494486.431570000", + "frame.time_delta": "0.101201000", + "frame.time_delta_displayed": "0.101201000", + "frame.time_relative": "894.970884000", + "frame.number": "3408", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000095d3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007714", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "46144", + "tcp.nxtseq": "46296", + "tcp.ack": "10321", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d213", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0e:87:a7:9e:65:3a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2494087, TSecr 2812175674": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2494087", + "tcp.options.timestamp.tsecr": "2812175674" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:91:90:80:98:1b:84:9b:95:0f:f9:b5:7f:fb:62:45:77:f2:e6:57:de:f2:05:83:4a:59:60:49:3f:e7:7f:2a:be:f7:da:3a:72:d0:eb:a0:92:bc:a2:07:2d:e6:5c:c5:29:32:a5:83:e9:d0:78:4f:3e:15:c8:8d:c1:05:eb:ea:57:ad:8b:45:09:a6:a6:89:fa:76:30:53:b4:f5:ce:58:be:d6:66:d8:50:54:03:46:42:aa:59:22:9c:72:4b:96:79:7e:05:10:d0:2a:3e:7a:e7:05:b5:14:4f:0b:b8:49:c6:52:04:6a:84:40:a8:47:13:2d:38:15:14:bc:3f:fc:24:43:44:80:82:44:b9:4f:22:c7:70:fd:d2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:26.491834000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494486.491834000", + "frame.time_delta": "0.060264000", + "frame.time_delta_displayed": "0.060264000", + "frame.time_relative": "895.031148000", + "frame.number": "3409", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cd9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038a6", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10321", + "tcp.ack": "46296", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005779", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:65:63:00:26:0e:87", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812175715, TSecr 2494087": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812175715", + "tcp.options.timestamp.tsecr": "2494087" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3408", + "tcp.analysis.ack_rtt": "0.060264000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:26.492322000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494486.492322000", + "frame.time_delta": "0.000488000", + "frame.time_delta_displayed": "0.000488000", + "frame.time_relative": "895.031636000", + "frame.number": "3410", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000095d4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000770a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "46296", + "tcp.nxtseq": "46457", + "tcp.ack": "10321", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003d67", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0e:8e:a7:9e:65:63", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2494094, TSecr 2812175715": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2494094", + "tcp.options.timestamp.tsecr": "2812175715" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:92:5f:f2:16:55:51:c4:3e:71:23:6d:e5:c6:ff:2f:a0:46:03:d5:3e:9c:be:d5:29:1e:1c:87:4c:06:8e:5c:1b:35:c3:63:a3:9d:2f:c4:f2:2e:b7:f7:ea:5b:e0:3d:09:0b:6c:54:84:72:94:6c:bc:91:11:1c:82:a5:77:6a:d2:10:d5:4b:39:c0:fa:51:a2:26:db:37:16:bc:16:68:e2:be:52:36:77:9f:cc:0c:3d:ef:52:38:27:a5:ff:71:2a:7b:e9:54:1f:08:f6:c4:5f:78:4c:50:35:9a:1f:83:a0:c6:b3:74:ad:2a:cf:01:5f:aa:e8:c7:7a:65:60:e3:91:10:9d:ea:1c:e8:08:30:64:e3:64:e4:52:4a:79:05:d7:a6:83:49:ec:52" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:26.552708000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494486.552708000", + "frame.time_delta": "0.060386000", + "frame.time_delta_displayed": "0.060386000", + "frame.time_relative": "895.092022000", + "frame.number": "3411", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cda", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038a5", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10321", + "tcp.ack": "46457", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000056c2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:65:72:00:26:0e:8e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812175730, TSecr 2494094": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812175730", + "tcp.options.timestamp.tsecr": "2494094" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3410", + "tcp.analysis.ack_rtt": "0.060386000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:26.553206000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494486.553206000", + "frame.time_delta": "0.000498000", + "frame.time_delta_displayed": "0.000498000", + "frame.time_relative": "895.092520000", + "frame.number": "3412", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000095d5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000770f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "46457", + "tcp.nxtseq": "46612", + "tcp.ack": "10321", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000035e0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0e:94:a7:9e:65:72", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2494100, TSecr 2812175730": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2494100", + "tcp.options.timestamp.tsecr": "2812175730" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:93:b8:6a:2d:8e:8c:a0:a3:7c:31:b2:58:40:63:67:f5:83:7c:eb:4f:37:0d:12:91:ba:8b:c5:4f:50:d7:3f:f8:1d:bf:7d:9c:3e:53:90:e4:de:f0:4f:47:83:44:b0:f5:d1:d1:3f:51:ee:e6:c9:8c:de:a4:5a:b9:ab:a9:74:4a:e6:c5:4a:25:f7:a3:69:61:04:77:c2:39:75:1c:5b:0b:ba:1e:bc:5e:81:84:83:17:c4:f1:83:95:87:48:a0:87:8f:b9:ec:0c:75:96:75:20:4a:f0:3e:1a:c2:31:2b:5f:41:c8:a7:57:80:9e:82:84:77:c2:d6:06:8b:f6:f6:68:52:b5:b7:24:65:db:a0:67:b9:25:c5:ce:7e:5b:3b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:26.613537000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494486.613537000", + "frame.time_delta": "0.060331000", + "frame.time_delta_displayed": "0.060331000", + "frame.time_relative": "895.152851000", + "frame.number": "3413", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cdb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038a4", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10321", + "tcp.ack": "46612", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005612", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:65:81:00:26:0e:94", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812175745, TSecr 2494100": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812175745", + "tcp.options.timestamp.tsecr": "2494100" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3412", + "tcp.analysis.ack_rtt": "0.060331000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:27.008417000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494487.008417000", + "frame.time_delta": "0.394880000", + "frame.time_delta_displayed": "0.394880000", + "frame.time_relative": "895.547731000", + "frame.number": "3414", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000944a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004544", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:27.015665000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494487.015665000", + "frame.time_delta": "0.007248000", + "frame.time_delta_displayed": "0.007248000", + "frame.time_relative": "895.554979000", + "frame.number": "3415", + "frame.len": "211", + "frame.cap_len": "211", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "197", + "ip.id": "0x000030ba", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000a7d7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "177", + "udp.checksum": "0x00009320", + "udp.checksum.status": "2", + "udp.stream": "45" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "4", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { + "dns.resp.name": "_smartthings._tcp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "19", + "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { + "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "4500", + "dns.resp.len": "38", + "dns.txt.length": "6", + "dns.txt": "path=\/", + "dns.txt.length": "19", + "dns.txt": "id=D052A8A1D7EE0001", + "dns.txt.length": "10", + "dns.txt": "type=hubv2" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { + "dns.srv.service": "D052A8A1D7EE0001", + "dns.srv.proto": "_smartthings", + "dns.srv.name": "_tcp.local", + "dns.resp.type": "33", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "25", + "dns.srv.priority": "0", + "dns.srv.weight": "0", + "dns.srv.port": "8081", + "dns.srv.target": "D052A8A1D7EE0001.local" + }, + "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { + "dns.resp.name": "D052A8A1D7EE0001.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "4", + "dns.a": "192.168.0.242" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:27.234761000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494487.234761000", + "frame.time_delta": "0.219096000", + "frame.time_delta_displayed": "0.219096000", + "frame.time_relative": "895.774075000", + "frame.number": "3416", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000944c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004542", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:27.463746000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494487.463746000", + "frame.time_delta": "0.228985000", + "frame.time_delta_displayed": "0.228985000", + "frame.time_relative": "896.003060000", + "frame.number": "3417", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000948c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004502", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:27.489693000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494487.489693000", + "frame.time_delta": "0.025947000", + "frame.time_delta_displayed": "0.025947000", + "frame.time_relative": "896.029007000", + "frame.number": "3418", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000095d6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007711", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "46612", + "tcp.nxtseq": "46764", + "tcp.ack": "10321", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ad1a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0e:f1:a7:9e:65:81", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2494193, TSecr 2812175745": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2494193", + "tcp.options.timestamp.tsecr": "2812175745" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:94:59:df:89:c2:5e:69:57:fb:a4:10:9f:d1:ef:ae:d0:5b:dd:51:12:20:11:30:37:8b:42:8c:cb:6c:df:f2:22:c7:44:2c:67:be:4a:e4:34:9b:d7:ef:13:bb:a6:fb:f4:42:46:ee:1c:d0:40:9c:72:ca:c8:e0:69:d2:08:8b:a5:60:8d:ca:dc:49:94:f7:c8:b4:2c:4e:61:42:95:9b:09:5d:74:80:58:31:3b:93:b8:29:1c:4c:2e:91:fd:8e:15:a2:5b:52:e5:f5:38:35:6c:92:b1:de:df:c4:5d:ec:b6:dc:84:2d:a5:d2:67:49:9d:b3:6b:eb:b2:4f:1d:3e:32:12:84:e2:1b:77:bf:c4:b6:68:fe:6a:09" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:27.549988000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494487.549988000", + "frame.time_delta": "0.060295000", + "frame.time_delta_displayed": "0.060295000", + "frame.time_relative": "896.089302000", + "frame.number": "3419", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cdc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038a3", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10321", + "tcp.ack": "46764", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005433", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:66:6b:00:26:0e:f1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812175979, TSecr 2494193": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812175979", + "tcp.options.timestamp.tsecr": "2494193" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3418", + "tcp.analysis.ack_rtt": "0.060295000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:27.550470000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494487.550470000", + "frame.time_delta": "0.000482000", + "frame.time_delta_displayed": "0.000482000", + "frame.time_relative": "896.089784000", + "frame.number": "3420", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000095d7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007707", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "46764", + "tcp.nxtseq": "46925", + "tcp.ack": "10321", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000034c9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0e:f7:a7:9e:66:6b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2494199, TSecr 2812175979": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2494199", + "tcp.options.timestamp.tsecr": "2812175979" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:95:aa:40:0f:76:7b:2d:08:51:24:0f:4b:05:d1:b9:32:6a:74:14:8d:e9:77:2e:4d:3d:54:e9:c3:06:79:3d:e5:74:17:f1:bf:1e:b3:21:1d:6c:ee:17:7c:7c:fb:90:07:e8:a4:07:68:a1:23:1b:84:e0:6a:f5:c3:aa:c6:eb:a8:af:eb:09:48:03:1e:8f:5b:e0:eb:79:1c:18:24:51:d2:51:9e:7a:dc:b1:b7:d5:41:71:05:57:fd:37:8d:71:0c:16:c3:74:58:81:2e:dc:d6:0d:eb:61:28:39:df:1f:3b:01:73:cf:6d:91:02:47:17:cc:92:8b:be:6a:59:66:00:5f:db:b2:58:fc:94:2b:b6:c9:34:72:9e:12:e1:a2:23:b4:c5:f1:86:97" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:27.610867000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494487.610867000", + "frame.time_delta": "0.060397000", + "frame.time_delta_displayed": "0.060397000", + "frame.time_relative": "896.150181000", + "frame.number": "3421", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cdd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038a2", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10321", + "tcp.ack": "46925", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000537c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:66:7b:00:26:0e:f7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812175995, TSecr 2494199": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812175995", + "tcp.options.timestamp.tsecr": "2494199" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3420", + "tcp.analysis.ack_rtt": "0.060397000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:27.611356000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494487.611356000", + "frame.time_delta": "0.000489000", + "frame.time_delta_displayed": "0.000489000", + "frame.time_relative": "896.150670000", + "frame.number": "3422", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000095d8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000770c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "46925", + "tcp.nxtseq": "47080", + "tcp.ack": "10321", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a1d7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0e:fd:a7:9e:66:7b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2494205, TSecr 2812175995": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2494205", + "tcp.options.timestamp.tsecr": "2812175995" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:96:38:d4:dd:19:4c:77:22:bc:af:ec:8d:58:f7:11:9a:1b:42:6e:c5:d7:02:53:03:4a:b5:57:00:77:f6:97:10:bf:2b:9e:f8:af:3a:23:73:d5:4b:32:a8:ce:44:c7:db:1b:b8:47:3f:5c:cb:24:06:0a:4d:e1:47:49:26:78:17:61:0b:0c:eb:7f:18:a0:8d:31:50:e0:d2:3f:cd:1e:47:1b:a9:33:be:99:76:9b:41:96:72:eb:ee:0a:e6:7d:26:7c:0a:67:4b:b3:ca:64:90:63:44:24:af:5b:68:16:ab:43:8c:42:50:5e:37:c4:e3:0a:1c:88:0f:76:c8:b6:66:06:cd:62:57:8f:b5:fe:f5:b8:82:49:aa:ba:e1:d1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:27.671663000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494487.671663000", + "frame.time_delta": "0.060307000", + "frame.time_delta_displayed": "0.060307000", + "frame.time_relative": "896.210977000", + "frame.number": "3423", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cde", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038a1", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10321", + "tcp.ack": "47080", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000052cc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:66:8a:00:26:0e:fd", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812176010, TSecr 2494205": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812176010", + "tcp.options.timestamp.tsecr": "2494205" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3422", + "tcp.analysis.ack_rtt": "0.060307000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:28.247439000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494488.247439000", + "frame.time_delta": "0.575776000", + "frame.time_delta_displayed": "0.575776000", + "frame.time_relative": "896.786753000", + "frame.number": "3424", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000095d9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007770", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "47080", + "tcp.nxtseq": "47134", + "tcp.ack": "10321", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a04e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0f:3d:a7:9e:66:8a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2494269, TSecr 2812176010": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2494269", + "tcp.options.timestamp.tsecr": "2812176010" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:97:72:d3:a5:ea:7a:3b:07:e8:f0:9f:8f:9c:2f:83:74:5b:43:03:e0:51:ab:25:d9:79:68:07:43:22:3f:be:51:1f:e2:1d:8a:53:24:79:b1:2f:0b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:28.307937000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494488.307937000", + "frame.time_delta": "0.060498000", + "frame.time_delta_displayed": "0.060498000", + "frame.time_relative": "896.847251000", + "frame.number": "3425", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cdf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000038a0", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10321", + "tcp.ack": "47134", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000051b7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:67:29:00:26:0f:3d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812176169, TSecr 2494269": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812176169", + "tcp.options.timestamp.tsecr": "2494269" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3424", + "tcp.analysis.ack_rtt": "0.060498000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:28.463066000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494488.463066000", + "frame.time_delta": "0.155129000", + "frame.time_delta_displayed": "0.155129000", + "frame.time_relative": "897.002380000", + "frame.number": "3426", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "94:10:3e:36:60:09", + "arp.src.proto_ipv4": "192.168.0.225", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:28.463498000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494488.463498000", + "frame.time_delta": "0.000432000", + "frame.time_delta_displayed": "0.000432000", + "frame.time_relative": "897.002812000", + "frame.number": "3427", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "94:10:3e:36:60:09", + "arp.dst.proto_ipv4": "192.168.0.225" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:28.850833000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494488.850833000", + "frame.time_delta": "0.387335000", + "frame.time_delta_displayed": "0.387335000", + "frame.time_relative": "897.390147000", + "frame.number": "3428", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:29.206175000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494489.206175000", + "frame.time_delta": "0.355342000", + "frame.time_delta_displayed": "0.355342000", + "frame.time_relative": "897.745489000", + "frame.number": "3429", + "frame.len": "147", + "frame.cap_len": "147", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "133", + "ip.id": "0x00002ce0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000384e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "81", + "tcp.seq": "10321", + "tcp.nxtseq": "10402", + "tcp.ack": "47134", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000064d4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:68:09:00:26:0f:3d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812176393, TSecr 2494269": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812176393", + "tcp.options.timestamp.tsecr": "2494269" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "81", + "tcp.analysis.push_bytes_sent": "81" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "76", + "ssl.app_data": "34:cd:34:17:47:48:0e:74:29:20:7f:0a:85:d7:1b:65:05:9d:87:a4:24:0f:15:b9:c6:e4:41:6c:0e:f3:86:c6:d7:f7:13:bf:13:03:16:9a:57:40:e5:b9:bc:4a:c0:c5:54:19:c6:26:d1:81:b5:e8:3d:71:dd:32:33:b2:56:ac:3f:a0:2e:18:65:99:cc:09:85:95:fe:6b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:29.210157000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494489.210157000", + "frame.time_delta": "0.003982000", + "frame.time_delta_displayed": "0.003982000", + "frame.time_relative": "897.749471000", + "frame.number": "3430", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x000095da", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007776", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "47134", + "tcp.nxtseq": "47181", + "tcp.ack": "10402", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cb4a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0f:9d:a7:9e:68:09", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2494365, TSecr 2812176393": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2494365", + "tcp.options.timestamp.tsecr": "2812176393" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3429", + "tcp.analysis.ack_rtt": "0.003982000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:98:1f:a4:d1:a2:18:25:ba:47:36:07:7c:c6:0c:b0:ba:90:36:c6:b7:26:02:3c:f1:d3:2b:b7:76:8a:dc:2d:8a:a8:6c:14" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:29.226854000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494489.226854000", + "frame.time_delta": "0.016697000", + "frame.time_delta_displayed": "0.016697000", + "frame.time_relative": "897.766168000", + "frame.number": "3431", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "144", + "ip.id": "0x00008bb5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00003e12", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "10024", + "udp.dstport": "1900", + "udp.port": "10024", + "udp.port": "1900", + "udp.length": "124", + "udp.checksum": "0x000071e6", + "udp.checksum.status": "2", + "udp.stream": "89" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "MX: 4\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST:239.255.255.250:1900\r\n", + "http.request.line": "ST: urn:Belkin:device:lightswitch:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "3379" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:29.271186000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494489.271186000", + "frame.time_delta": "0.044332000", + "frame.time_delta_displayed": "0.044332000", + "frame.time_relative": "897.810500000", + "frame.number": "3432", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ce1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000389e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10402", + "tcp.ack": "47181", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004fe6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:68:1a:00:26:0f:9d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812176410, TSecr 2494365": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812176410", + "tcp.options.timestamp.tsecr": "2494365" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3430", + "tcp.analysis.ack_rtt": "0.061029000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:29.271679000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494489.271679000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "897.810993000", + "frame.number": "3433", + "frame.len": "145", + "frame.cap_len": "145", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "131", + "ip.id": "0x000095db", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007755", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "79", + "tcp.seq": "47181", + "tcp.nxtseq": "47260", + "tcp.ack": "10402", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004ae3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0f:a4:a7:9e:68:1a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2494372, TSecr 2812176410": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2494372", + "tcp.options.timestamp.tsecr": "2812176410" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "79", + "tcp.analysis.push_bytes_sent": "79" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "74", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:99:08:c4:6e:67:04:bd:45:66:2f:53:cb:35:25:8c:6d:49:71:75:d3:3b:b4:8c:f7:99:c6:ef:61:0c:50:d6:4f:2e:6a:3f:16:d9:a9:14:92:6f:22:82:d8:72:03:f7:47:bb:79:8c:d2:fc:05:d0:20:54:f5:3f:29:61:ee:66:39:9e:d1:2c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:29.331929000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494489.331929000", + "frame.time_delta": "0.060250000", + "frame.time_delta_displayed": "0.060250000", + "frame.time_relative": "897.871243000", + "frame.number": "3434", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ce2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000389d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10402", + "tcp.ack": "47260", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004f81", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:68:29:00:26:0f:a4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812176425, TSecr 2494372": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812176425", + "tcp.options.timestamp.tsecr": "2494372" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3433", + "tcp.analysis.ack_rtt": "0.060250000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:29.444744000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494489.444744000", + "frame.time_delta": "0.112815000", + "frame.time_delta_displayed": "0.112815000", + "frame.time_relative": "897.984058000", + "frame.number": "3435", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000095dc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000770b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "47260", + "tcp.nxtseq": "47412", + "tcp.ack": "10402", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bf8d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0f:b5:a7:9e:68:29", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2494389, TSecr 2812176425": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2494389", + "tcp.options.timestamp.tsecr": "2812176425" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:9a:9b:cc:30:6a:9f:b3:08:5a:25:fc:fd:48:e4:c4:74:cd:9e:0f:58:02:3c:e1:11:22:79:cd:dd:44:b5:8b:36:ec:e6:16:36:2f:cc:d7:c6:40:24:35:fc:1a:04:e2:b2:c0:b0:73:87:3a:c4:1a:1a:d9:42:30:cb:35:f9:9b:12:5e:be:fd:8c:2e:72:88:c3:ad:5e:74:e0:ab:c9:b6:d5:a2:ee:2d:89:52:1f:89:f5:3e:2d:ed:0e:ce:79:88:e4:ad:64:0a:cf:47:a1:61:60:5b:12:4b:4a:cc:65:56:74:e9:8e:64:cb:f7:48:20:e1:ba:7b:a0:49:77:16:e1:19:a3:86:56:ef:59:2a:66:ec:9b:f3:78:15" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:29.506747000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494489.506747000", + "frame.time_delta": "0.062003000", + "frame.time_delta_displayed": "0.062003000", + "frame.time_relative": "898.046061000", + "frame.number": "3436", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ce3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000389c", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10402", + "tcp.ack": "47412", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004ead", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:68:54:00:26:0f:b5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812176468, TSecr 2494389": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812176468", + "tcp.options.timestamp.tsecr": "2494389" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3435", + "tcp.analysis.ack_rtt": "0.062003000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:29.507252000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494489.507252000", + "frame.time_delta": "0.000505000", + "frame.time_delta_displayed": "0.000505000", + "frame.time_relative": "898.046566000", + "frame.number": "3437", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000095dd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007701", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "47412", + "tcp.nxtseq": "47573", + "tcp.ack": "10402", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002cae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0f:bb:a7:9e:68:54", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2494395, TSecr 2812176468": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2494395", + "tcp.options.timestamp.tsecr": "2812176468" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:9b:cb:65:b0:3c:2f:9e:a7:d6:f1:40:54:aa:98:48:fd:f3:1e:a0:97:7e:0f:2b:f1:d1:9c:66:ea:32:87:bf:3a:47:8f:e1:0a:f5:9f:33:76:3f:32:a5:45:94:a7:aa:11:f3:7f:f7:55:0b:a3:43:16:1e:d3:a8:18:6a:b4:5d:8d:49:a4:b9:33:cc:21:71:e0:01:1f:a4:8a:b4:7a:3c:00:67:ec:58:c0:0d:0b:62:a7:a5:50:4d:f4:94:86:df:d5:52:cb:ba:4a:1a:aa:16:d8:3e:1a:64:78:3b:19:44:9d:42:70:83:e5:4d:fc:94:4d:46:44:dc:2d:01:e2:ce:10:03:f6:5d:92:30:75:84:83:45:77:23:d7:c5:a4:da:6f:86:76:5c:32:b4" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:29.567699000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494489.567699000", + "frame.time_delta": "0.060447000", + "frame.time_delta_displayed": "0.060447000", + "frame.time_relative": "898.107013000", + "frame.number": "3438", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ce4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000389b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10402", + "tcp.ack": "47573", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004df6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:68:64:00:26:0f:bb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812176484, TSecr 2494395": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812176484", + "tcp.options.timestamp.tsecr": "2494395" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3437", + "tcp.analysis.ack_rtt": "0.060447000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:29.568180000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494489.568180000", + "frame.time_delta": "0.000481000", + "frame.time_delta_displayed": "0.000481000", + "frame.time_relative": "898.107494000", + "frame.number": "3439", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000095de", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007706", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "47573", + "tcp.nxtseq": "47728", + "tcp.ack": "10402", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001115", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:0f:c1:a7:9e:68:64", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2494401, TSecr 2812176484": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2494401", + "tcp.options.timestamp.tsecr": "2812176484" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:9c:c8:a4:47:02:7f:12:de:ea:1d:5c:da:ce:83:87:c9:72:8b:a5:62:b3:a0:7e:63:1e:47:14:17:b7:38:c4:1c:6c:81:7c:38:d8:74:0a:3c:99:bf:7f:e7:1e:4d:aa:30:bc:06:b3:7e:08:e8:f6:07:ea:78:16:dc:11:15:ed:1c:ff:ee:7b:26:ec:a4:0a:c5:19:ec:2c:2c:fb:77:e2:52:ab:39:02:4a:6a:e8:66:72:4b:58:be:37:bd:b3:e0:1f:db:8c:fd:cc:44:6e:59:a8:45:71:22:1c:e8:ed:31:a1:0c:1b:fa:92:c6:f4:d8:53:a7:43:05:57:79:5f:04:41:1f:ad:50:3a:c1:ff:e0:be:53:a5:94:ef:b1:a4:95" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:29.628387000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494489.628387000", + "frame.time_delta": "0.060207000", + "frame.time_delta_displayed": "0.060207000", + "frame.time_relative": "898.167701000", + "frame.number": "3440", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ce5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000389a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10402", + "tcp.ack": "47728", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004d46", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:68:73:00:26:0f:c1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812176499, TSecr 2494401": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812176499", + "tcp.options.timestamp.tsecr": "2494401" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3439", + "tcp.analysis.ack_rtt": "0.060207000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:30.439016000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494490.439016000", + "frame.time_delta": "0.810629000", + "frame.time_delta_displayed": "0.810629000", + "frame.time_relative": "898.978330000", + "frame.number": "3441", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x000020f1", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e753", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52117", + "udp.dstport": "1900", + "udp.port": "52117", + "udp.port": "1900", + "udp.length": "134", + "udp.checksum": "0x00004d48", + "udp.checksum.status": "2", + "udp.stream": "10" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "8", + "http.prev_request_in": "2804" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:30.496173000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494490.496173000", + "frame.time_delta": "0.057157000", + "frame.time_delta_displayed": "0.057157000", + "frame.time_relative": "899.035487000", + "frame.number": "3442", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000095df", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007708", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "47728", + "tcp.nxtseq": "47880", + "tcp.ack": "10402", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f290", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:10:1e:a7:9e:68:73", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2494494, TSecr 2812176499": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2494494", + "tcp.options.timestamp.tsecr": "2812176499" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:9d:22:36:43:f3:46:d7:1f:49:d3:52:dc:29:14:ca:1e:90:bf:54:8a:85:30:0d:04:e0:27:ec:ed:c3:95:f4:92:05:2c:ef:ce:0a:be:0e:13:a7:31:cd:f3:41:c9:da:b9:75:fc:1c:2b:55:2e:4a:9c:c5:0e:88:9d:22:f2:4d:4c:73:4e:18:37:ea:e2:34:42:22:9a:2b:42:5a:6a:59:ae:ea:fe:12:08:b4:8b:3d:7e:b3:bd:45:15:5d:39:d1:25:f3:b9:56:d9:52:51:ad:67:e3:be:d6:19:5b:f4:99:02:a8:ac:c6:3e:71:da:f0:d0:e7:72:f6:f9:e8:04:0d:f6:e4:d2:61:d2:35:f1:80:fb:84:87:51:d4" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:30.556790000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494490.556790000", + "frame.time_delta": "0.060617000", + "frame.time_delta_displayed": "0.060617000", + "frame.time_relative": "899.096104000", + "frame.number": "3443", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ce6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003899", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10402", + "tcp.ack": "47880", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004b69", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:69:5b:00:26:10:1e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812176731, TSecr 2494494": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812176731", + "tcp.options.timestamp.tsecr": "2494494" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3442", + "tcp.analysis.ack_rtt": "0.060617000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:30.557286000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494490.557286000", + "frame.time_delta": "0.000496000", + "frame.time_delta_displayed": "0.000496000", + "frame.time_relative": "899.096600000", + "frame.number": "3444", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000095e0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076fe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "47880", + "tcp.nxtseq": "48041", + "tcp.ack": "10402", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000135c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:10:24:a7:9e:69:5b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2494500, TSecr 2812176731": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2494500", + "tcp.options.timestamp.tsecr": "2812176731" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:9e:f9:5f:4d:9a:49:73:66:11:92:10:a6:ca:cb:84:10:f8:c5:52:a7:48:1a:a7:35:84:a2:3e:43:59:11:26:d2:5c:34:3e:71:35:2a:1e:53:f5:c2:e1:fe:95:74:48:66:89:9f:1a:4d:44:cd:5b:c9:66:22:39:51:09:04:17:52:e1:9e:26:f3:5e:85:ae:89:e8:9d:57:fd:00:40:d6:6a:0d:42:28:32:bd:ad:64:dd:1f:0e:50:97:3d:95:3e:19:b7:6d:4b:cd:83:6a:e0:a7:da:70:d9:2d:f2:47:88:cd:86:fe:6b:ee:59:53:ca:42:3e:4a:c3:cf:18:f4:fb:f7:9a:47:2d:10:25:22:65:05:37:dd:83:6e:77:86:20:1a:ce:2d:bf:50:bc" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:30.621868000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494490.621868000", + "frame.time_delta": "0.064582000", + "frame.time_delta_displayed": "0.064582000", + "frame.time_relative": "899.161182000", + "frame.number": "3445", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ce7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003898", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10402", + "tcp.ack": "48041", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004ab3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:69:6a:00:26:10:24", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812176746, TSecr 2494500": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812176746", + "tcp.options.timestamp.tsecr": "2494500" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3444", + "tcp.analysis.ack_rtt": "0.064582000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:30.622346000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494490.622346000", + "frame.time_delta": "0.000478000", + "frame.time_delta_displayed": "0.000478000", + "frame.time_relative": "899.161660000", + "frame.number": "3446", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000095e1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007703", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "48041", + "tcp.nxtseq": "48196", + "tcp.ack": "10402", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c0b7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:10:2b:a7:9e:69:6a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2494507, TSecr 2812176746": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2494507", + "tcp.options.timestamp.tsecr": "2812176746" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:9f:03:79:7f:7d:67:89:1c:99:a7:90:04:f9:40:30:e0:59:13:80:e6:7f:af:ea:49:79:ed:cc:8a:9d:c2:36:95:6f:1b:79:1a:08:b1:71:e8:38:64:86:b3:15:57:e7:2d:a2:62:a1:8b:9d:81:28:95:c2:f4:1c:b3:c6:db:4c:34:47:8e:f5:e2:c9:39:3b:36:db:38:6e:b8:48:39:bb:7c:f0:c8:7f:d7:27:ab:a1:f2:f4:11:7a:b9:7f:f8:ea:c1:3e:72:84:ae:3a:7e:b9:14:07:e9:b0:85:e0:95:56:e6:56:1f:eb:09:66:39:06:f4:cc:dd:90:be:33:14:98:94:2f:90:e8:aa:3c:45:ad:cf:e0:b8:00:9f:8e:51:9c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:30.689043000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494490.689043000", + "frame.time_delta": "0.066697000", + "frame.time_delta_displayed": "0.066697000", + "frame.time_relative": "899.228357000", + "frame.number": "3447", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ce8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003897", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10402", + "tcp.ack": "48196", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004a00", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:69:7b:00:26:10:2b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812176763, TSecr 2494507": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812176763", + "tcp.options.timestamp.tsecr": "2494507" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3446", + "tcp.analysis.ack_rtt": "0.066697000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.216837000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.216837000", + "frame.time_delta": "0.527794000", + "frame.time_delta_displayed": "0.527794000", + "frame.time_relative": "899.756151000", + "frame.number": "3448", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000082da", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003471", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "43", + "http.prev_response_in": "2864" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.220695000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.220695000", + "frame.time_delta": "0.003858000", + "frame.time_delta_displayed": "0.003858000", + "frame.time_relative": "899.760009000", + "frame.number": "3449", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000019f9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e6e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54598", + "tcp.dstport": "80", + "tcp.port": "54598", + "tcp.port": "80", + "tcp.stream": "136", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000f6e3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.221230000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.221230000", + "frame.time_delta": "0.000535000", + "frame.time_delta_displayed": "0.000535000", + "frame.time_relative": "899.760544000", + "frame.number": "3450", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54598", + "tcp.port": "80", + "tcp.port": "54598", + "tcp.stream": "136", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000043d8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3449", + "tcp.analysis.ack_rtt": "0.000535000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.224084000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.224084000", + "frame.time_delta": "0.002854000", + "frame.time_delta_displayed": "0.002854000", + "frame.time_relative": "899.763398000", + "frame.number": "3451", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019fa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e79", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54598", + "tcp.dstport": "80", + "tcp.port": "54598", + "tcp.port": "80", + "tcp.stream": "136", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f5b6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3450", + "tcp.analysis.ack_rtt": "0.002854000", + "tcp.analysis.initial_rtt": "0.003389000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.225146000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.225146000", + "frame.time_delta": "0.001062000", + "frame.time_delta_displayed": "0.001062000", + "frame.time_relative": "899.764460000", + "frame.number": "3452", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000019fb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dd1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54598", + "tcp.dstport": "80", + "tcp.port": "54598", + "tcp.port": "80", + "tcp.stream": "136", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000b30", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003389000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.225630000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.225630000", + "frame.time_delta": "0.000484000", + "frame.time_delta_displayed": "0.000484000", + "frame.time_relative": "899.764944000", + "frame.number": "3453", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b76e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000105", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54598", + "tcp.port": "80", + "tcp.port": "54598", + "tcp.stream": "136", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e747", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3452", + "tcp.analysis.ack_rtt": "0.000484000", + "tcp.analysis.initial_rtt": "0.003389000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.226201000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.226201000", + "frame.time_delta": "0.000571000", + "frame.time_delta_displayed": "0.000571000", + "frame.time_relative": "899.765515000", + "frame.number": "3454", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000b76f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000000f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54598", + "tcp.port": "80", + "tcp.port": "54598", + "tcp.stream": "136", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002769", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003389000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.226555000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.226555000", + "frame.time_delta": "0.000354000", + "frame.time_delta_displayed": "0.000354000", + "frame.time_relative": "899.765869000", + "frame.number": "3455", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000b770", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fd1f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54598", + "tcp.port": "80", + "tcp.port": "54598", + "tcp.stream": "136", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000079d2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003389000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "3454", + "tcp.segment": "3455", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001409000", + "http.request_in": "3452", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.229154000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.229154000", + "frame.time_delta": "0.002599000", + "frame.time_delta_displayed": "0.002599000", + "frame.time_relative": "899.768468000", + "frame.number": "3456", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019fc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e77", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54598", + "tcp.dstport": "80", + "tcp.port": "54598", + "tcp.port": "80", + "tcp.stream": "136", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f11e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3455", + "tcp.analysis.ack_rtt": "0.002599000", + "tcp.analysis.initial_rtt": "0.003389000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.229819000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.229819000", + "frame.time_delta": "0.000665000", + "frame.time_delta_displayed": "0.000665000", + "frame.time_relative": "899.769133000", + "frame.number": "3457", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019fd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e76", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54598", + "tcp.dstport": "80", + "tcp.port": "54598", + "tcp.port": "80", + "tcp.stream": "136", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f11d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.230287000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.230287000", + "frame.time_delta": "0.000468000", + "frame.time_delta_displayed": "0.000468000", + "frame.time_relative": "899.769601000", + "frame.number": "3458", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003e5e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007a15", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54598", + "tcp.port": "80", + "tcp.port": "54598", + "tcp.stream": "136", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e351", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3457", + "tcp.analysis.ack_rtt": "0.000468000", + "tcp.analysis.initial_rtt": "0.003389000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.244503000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.244503000", + "frame.time_delta": "0.014216000", + "frame.time_delta_displayed": "0.014216000", + "frame.time_relative": "899.783817000", + "frame.number": "3459", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000095e2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007767", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "48196", + "tcp.nxtseq": "48250", + "tcp.ack": "10402", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f061", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:10:69:a7:9e:69:7b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2494569, TSecr 2812176763": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2494569", + "tcp.options.timestamp.tsecr": "2812176763" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:a0:a9:3d:d7:ae:e7:85:6f:a7:41:98:e1:fb:a8:e5:bd:95:a1:dd:90:b7:04:a1:3c:c5:8b:49:ab:08:99:ef:0a:04:db:af:54:05:f5:71:55:1e:e8" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.269720000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.269720000", + "frame.time_delta": "0.025217000", + "frame.time_delta_displayed": "0.025217000", + "frame.time_relative": "899.809034000", + "frame.number": "3460", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000082dc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003466", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "44", + "http.prev_response_in": "3448" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.272788000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.272788000", + "frame.time_delta": "0.003068000", + "frame.time_delta_displayed": "0.003068000", + "frame.time_relative": "899.812102000", + "frame.number": "3461", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000019fe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e69", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54599", + "tcp.dstport": "80", + "tcp.port": "54599", + "tcp.port": "80", + "tcp.stream": "137", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000029cc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.273337000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.273337000", + "frame.time_delta": "0.000549000", + "frame.time_delta_displayed": "0.000549000", + "frame.time_relative": "899.812651000", + "frame.number": "3462", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54599", + "tcp.port": "80", + "tcp.port": "54599", + "tcp.stream": "137", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00000e46", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3461", + "tcp.analysis.ack_rtt": "0.000549000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.276196000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.276196000", + "frame.time_delta": "0.002859000", + "frame.time_delta_displayed": "0.002859000", + "frame.time_relative": "899.815510000", + "frame.number": "3463", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000019ff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e74", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54599", + "tcp.dstport": "80", + "tcp.port": "54599", + "tcp.port": "80", + "tcp.stream": "137", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c024", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3462", + "tcp.analysis.ack_rtt": "0.002859000", + "tcp.analysis.initial_rtt": "0.003408000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.276768000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.276768000", + "frame.time_delta": "0.000572000", + "frame.time_delta_displayed": "0.000572000", + "frame.time_relative": "899.816082000", + "frame.number": "3464", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001a00", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dcc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54599", + "tcp.dstport": "80", + "tcp.port": "54599", + "tcp.port": "80", + "tcp.stream": "137", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d59d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003408000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.277244000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.277244000", + "frame.time_delta": "0.000476000", + "frame.time_delta_displayed": "0.000476000", + "frame.time_relative": "899.816558000", + "frame.number": "3465", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e706", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d16c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54599", + "tcp.port": "80", + "tcp.port": "54599", + "tcp.stream": "137", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b1b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3464", + "tcp.analysis.ack_rtt": "0.000476000", + "tcp.analysis.initial_rtt": "0.003408000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.277811000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.277811000", + "frame.time_delta": "0.000567000", + "frame.time_delta_displayed": "0.000567000", + "frame.time_relative": "899.817125000", + "frame.number": "3466", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000e707", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d15a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54599", + "tcp.port": "80", + "tcp.port": "54599", + "tcp.stream": "137", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f1d6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003408000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.278166000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.278166000", + "frame.time_delta": "0.000355000", + "frame.time_delta_displayed": "0.000355000", + "frame.time_relative": "899.817480000", + "frame.number": "3467", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000e708", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cd87", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54599", + "tcp.port": "80", + "tcp.port": "54599", + "tcp.stream": "137", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004440", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003408000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "3466", + "tcp.segment": "3467", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001398000", + "http.request_in": "3464", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.280215000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.280215000", + "frame.time_delta": "0.002049000", + "frame.time_delta_displayed": "0.002049000", + "frame.time_relative": "899.819529000", + "frame.number": "3468", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000e709", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cd86", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54599", + "tcp.port": "80", + "tcp.port": "54599", + "tcp.stream": "137", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004440", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003408000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.281051000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.281051000", + "frame.time_delta": "0.000836000", + "frame.time_delta_displayed": "0.000836000", + "frame.time_relative": "899.820365000", + "frame.number": "3469", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a01", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e72", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54599", + "tcp.dstport": "80", + "tcp.port": "54599", + "tcp.port": "80", + "tcp.stream": "137", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bb8c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3467", + "tcp.analysis.ack_rtt": "0.002885000", + "tcp.analysis.initial_rtt": "0.003408000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.283246000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.283246000", + "frame.time_delta": "0.002195000", + "frame.time_delta_displayed": "0.002195000", + "frame.time_relative": "899.822560000", + "frame.number": "3470", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a02", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e71", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54599", + "tcp.dstport": "80", + "tcp.port": "54599", + "tcp.port": "80", + "tcp.stream": "137", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bb8b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.283691000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.283691000", + "frame.time_delta": "0.000445000", + "frame.time_delta_displayed": "0.000445000", + "frame.time_relative": "899.823005000", + "frame.number": "3471", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003e63", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007a10", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54599", + "tcp.port": "80", + "tcp.port": "54599", + "tcp.stream": "137", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000adbf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3470", + "tcp.analysis.ack_rtt": "0.000445000", + "tcp.analysis.initial_rtt": "0.003408000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.283924000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.283924000", + "frame.time_delta": "0.000233000", + "frame.time_delta_displayed": "0.000233000", + "frame.time_relative": "899.823238000", + "frame.number": "3472", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001a03", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e64", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54599", + "tcp.dstport": "80", + "tcp.port": "54599", + "tcp.port": "80", + "tcp.stream": "137", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000038b8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:6f:30:35:3c:6f:30:39:1f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003408000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "3469", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.304769000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.304769000", + "frame.time_delta": "0.020845000", + "frame.time_delta_displayed": "0.020845000", + "frame.time_relative": "899.844083000", + "frame.number": "3473", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ce9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003896", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10402", + "tcp.ack": "48250", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000048f1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:6a:16:00:26:10:69", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812176918, TSecr 2494569": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812176918", + "tcp.options.timestamp.tsecr": "2494569" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3459", + "tcp.analysis.ack_rtt": "0.060266000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.322940000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.322940000", + "frame.time_delta": "0.018171000", + "frame.time_delta_displayed": "0.018171000", + "frame.time_relative": "899.862254000", + "frame.number": "3474", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000082dd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000346b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "45", + "http.prev_response_in": "3460" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.332008000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.332008000", + "frame.time_delta": "0.009068000", + "frame.time_delta_displayed": "0.009068000", + "frame.time_relative": "899.871322000", + "frame.number": "3475", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001a04", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e63", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54600", + "tcp.dstport": "80", + "tcp.port": "54600", + "tcp.port": "80", + "tcp.stream": "138", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00006df3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.332549000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.332549000", + "frame.time_delta": "0.000541000", + "frame.time_delta_displayed": "0.000541000", + "frame.time_relative": "899.871863000", + "frame.number": "3476", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54600", + "tcp.port": "80", + "tcp.port": "54600", + "tcp.stream": "138", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000cd2d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3475", + "tcp.analysis.ack_rtt": "0.000541000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.340029000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.340029000", + "frame.time_delta": "0.007480000", + "frame.time_delta_displayed": "0.007480000", + "frame.time_relative": "899.879343000", + "frame.number": "3477", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a05", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e6e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54600", + "tcp.dstport": "80", + "tcp.port": "54600", + "tcp.port": "80", + "tcp.stream": "138", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007f0c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3476", + "tcp.analysis.ack_rtt": "0.007480000", + "tcp.analysis.initial_rtt": "0.008021000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.341092000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.341092000", + "frame.time_delta": "0.001063000", + "frame.time_delta_displayed": "0.001063000", + "frame.time_relative": "899.880406000", + "frame.number": "3478", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001a06", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dc6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54600", + "tcp.dstport": "80", + "tcp.port": "54600", + "tcp.port": "80", + "tcp.stream": "138", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009485", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008021000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.341588000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.341588000", + "frame.time_delta": "0.000496000", + "frame.time_delta_displayed": "0.000496000", + "frame.time_relative": "899.880902000", + "frame.number": "3479", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000823d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003636", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54600", + "tcp.port": "80", + "tcp.port": "54600", + "tcp.stream": "138", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000709d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3478", + "tcp.analysis.ack_rtt": "0.000496000", + "tcp.analysis.initial_rtt": "0.008021000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.342241000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.342241000", + "frame.time_delta": "0.000653000", + "frame.time_delta_displayed": "0.000653000", + "frame.time_relative": "899.881555000", + "frame.number": "3480", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000823e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003624", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54600", + "tcp.port": "80", + "tcp.port": "54600", + "tcp.stream": "138", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b0be", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008021000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.342593000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.342593000", + "frame.time_delta": "0.000352000", + "frame.time_delta_displayed": "0.000352000", + "frame.time_relative": "899.881907000", + "frame.number": "3481", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000823f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003251", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54600", + "tcp.port": "80", + "tcp.port": "54600", + "tcp.stream": "138", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000328", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008021000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "3480", + "tcp.segment": "3481", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001501000", + "http.request_in": "3478", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.345127000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.345127000", + "frame.time_delta": "0.002534000", + "frame.time_delta_displayed": "0.002534000", + "frame.time_relative": "899.884441000", + "frame.number": "3482", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a07", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e6c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54600", + "tcp.dstport": "80", + "tcp.port": "54600", + "tcp.port": "80", + "tcp.stream": "138", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007a74", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3481", + "tcp.analysis.ack_rtt": "0.002534000", + "tcp.analysis.initial_rtt": "0.008021000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.345704000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.345704000", + "frame.time_delta": "0.000577000", + "frame.time_delta_displayed": "0.000577000", + "frame.time_relative": "899.885018000", + "frame.number": "3483", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a08", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e6b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54600", + "tcp.dstport": "80", + "tcp.port": "54600", + "tcp.port": "80", + "tcp.stream": "138", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007a73", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:31.346159000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494491.346159000", + "frame.time_delta": "0.000455000", + "frame.time_delta_displayed": "0.000455000", + "frame.time_relative": "899.885473000", + "frame.number": "3484", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003e69", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007a0a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54600", + "tcp.port": "80", + "tcp.port": "54600", + "tcp.stream": "138", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006ca7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3483", + "tcp.analysis.ack_rtt": "0.000455000", + "tcp.analysis.initial_rtt": "0.008021000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.269339000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.269339000", + "frame.time_delta": "0.923180000", + "frame.time_delta_displayed": "0.923180000", + "frame.time_relative": "900.808653000", + "frame.number": "3485", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000831f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000342c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "46", + "http.prev_response_in": "3474" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.272597000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.272597000", + "frame.time_delta": "0.003258000", + "frame.time_delta_displayed": "0.003258000", + "frame.time_relative": "900.811911000", + "frame.number": "3486", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001a0a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e5d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54601", + "tcp.dstport": "80", + "tcp.port": "54601", + "tcp.port": "80", + "tcp.stream": "139", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000072ec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.273139000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.273139000", + "frame.time_delta": "0.000542000", + "frame.time_delta_displayed": "0.000542000", + "frame.time_relative": "900.812453000", + "frame.number": "3487", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54601", + "tcp.port": "80", + "tcp.port": "54601", + "tcp.stream": "139", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00003e7c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3486", + "tcp.analysis.ack_rtt": "0.000542000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.276021000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.276021000", + "frame.time_delta": "0.002882000", + "frame.time_delta_displayed": "0.002882000", + "frame.time_relative": "900.815335000", + "frame.number": "3488", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a0b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e68", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54601", + "tcp.dstport": "80", + "tcp.port": "54601", + "tcp.port": "80", + "tcp.stream": "139", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f05a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3487", + "tcp.analysis.ack_rtt": "0.002882000", + "tcp.analysis.initial_rtt": "0.003424000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.276635000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.276635000", + "frame.time_delta": "0.000614000", + "frame.time_delta_displayed": "0.000614000", + "frame.time_relative": "900.815949000", + "frame.number": "3489", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001a0c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dc0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54601", + "tcp.dstport": "80", + "tcp.port": "54601", + "tcp.port": "80", + "tcp.stream": "139", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000005d4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003424000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.277121000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.277121000", + "frame.time_delta": "0.000486000", + "frame.time_delta_displayed": "0.000486000", + "frame.time_relative": "900.816435000", + "frame.number": "3490", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000059fd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005e76", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54601", + "tcp.port": "80", + "tcp.port": "54601", + "tcp.stream": "139", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e1eb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3489", + "tcp.analysis.ack_rtt": "0.000486000", + "tcp.analysis.initial_rtt": "0.003424000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.277695000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.277695000", + "frame.time_delta": "0.000574000", + "frame.time_delta_displayed": "0.000574000", + "frame.time_relative": "900.817009000", + "frame.number": "3491", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000059fe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005e64", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54601", + "tcp.port": "80", + "tcp.port": "54601", + "tcp.stream": "139", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000220d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003424000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.278078000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.278078000", + "frame.time_delta": "0.000383000", + "frame.time_delta_displayed": "0.000383000", + "frame.time_relative": "900.817392000", + "frame.number": "3492", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000059ff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005a91", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54601", + "tcp.port": "80", + "tcp.port": "54601", + "tcp.stream": "139", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007476", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003424000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "3491", + "tcp.segment": "3492", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001443000", + "http.request_in": "3489", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.280231000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.280231000", + "frame.time_delta": "0.002153000", + "frame.time_delta_displayed": "0.002153000", + "frame.time_relative": "900.819545000", + "frame.number": "3493", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a0d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e66", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54601", + "tcp.dstport": "80", + "tcp.port": "54601", + "tcp.port": "80", + "tcp.stream": "139", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ebc2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3492", + "tcp.analysis.ack_rtt": "0.002153000", + "tcp.analysis.initial_rtt": "0.003424000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.280185000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.280185000", + "frame.time_delta": "-0.000046000", + "frame.time_delta_displayed": "-0.000046000", + "frame.time_relative": "900.819499000", + "frame.number": "3494", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00005a00", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005a90", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54601", + "tcp.port": "80", + "tcp.port": "54601", + "tcp.stream": "139", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007476", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003424000", + "tcp.analysis.bytes_in_flight": "996", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.280829000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.280829000", + "frame.time_delta": "0.000644000", + "frame.time_delta_displayed": "0.000644000", + "frame.time_relative": "900.820143000", + "frame.number": "3495", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a0e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e65", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54601", + "tcp.dstport": "80", + "tcp.port": "54601", + "tcp.port": "80", + "tcp.stream": "139", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ebc1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3494", + "tcp.analysis.ack_rtt": "0.000644000", + "tcp.analysis.initial_rtt": "0.003424000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.281268000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.281268000", + "frame.time_delta": "0.000439000", + "frame.time_delta_displayed": "0.000439000", + "frame.time_relative": "900.820582000", + "frame.number": "3496", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003e78", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000079fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54601", + "tcp.port": "80", + "tcp.port": "54601", + "tcp.stream": "139", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ddf5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3495", + "tcp.analysis.ack_rtt": "0.000439000", + "tcp.analysis.initial_rtt": "0.003424000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.284164000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.284164000", + "frame.time_delta": "0.002896000", + "frame.time_delta_displayed": "0.002896000", + "frame.time_relative": "900.823478000", + "frame.number": "3497", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001a0f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e58", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54601", + "tcp.dstport": "80", + "tcp.port": "54601", + "tcp.port": "80", + "tcp.stream": "139", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000371a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:31:d9:8b:7d:31:d9:8f:60", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003424000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "3493", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.322291000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.322291000", + "frame.time_delta": "0.038127000", + "frame.time_delta_displayed": "0.038127000", + "frame.time_relative": "900.861605000", + "frame.number": "3498", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00008324", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000341e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "47", + "http.prev_response_in": "3485" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.333004000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.333004000", + "frame.time_delta": "0.010713000", + "frame.time_delta_displayed": "0.010713000", + "frame.time_relative": "900.872318000", + "frame.number": "3499", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001a10", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e57", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54602", + "tcp.dstport": "80", + "tcp.port": "54602", + "tcp.port": "80", + "tcp.stream": "140", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000c540", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.333559000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.333559000", + "frame.time_delta": "0.000555000", + "frame.time_delta_displayed": "0.000555000", + "frame.time_relative": "900.872873000", + "frame.number": "3500", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54602", + "tcp.port": "80", + "tcp.port": "54602", + "tcp.stream": "140", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00006e90", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3499", + "tcp.analysis.ack_rtt": "0.000555000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.336314000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.336314000", + "frame.time_delta": "0.002755000", + "frame.time_delta_displayed": "0.002755000", + "frame.time_relative": "900.875628000", + "frame.number": "3501", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a11", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e62", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54602", + "tcp.dstport": "80", + "tcp.port": "54602", + "tcp.port": "80", + "tcp.stream": "140", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000206f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3500", + "tcp.analysis.ack_rtt": "0.002755000", + "tcp.analysis.initial_rtt": "0.003310000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.337009000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.337009000", + "frame.time_delta": "0.000695000", + "frame.time_delta_displayed": "0.000695000", + "frame.time_relative": "900.876323000", + "frame.number": "3502", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001a12", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54602", + "tcp.dstport": "80", + "tcp.port": "54602", + "tcp.port": "80", + "tcp.stream": "140", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000035e8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003310000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.337484000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.337484000", + "frame.time_delta": "0.000475000", + "frame.time_delta_displayed": "0.000475000", + "frame.time_relative": "900.876798000", + "frame.number": "3503", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ab52", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000d21", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54602", + "tcp.port": "80", + "tcp.port": "54602", + "tcp.stream": "140", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001200", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3502", + "tcp.analysis.ack_rtt": "0.000475000", + "tcp.analysis.initial_rtt": "0.003310000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.338137000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.338137000", + "frame.time_delta": "0.000653000", + "frame.time_delta_displayed": "0.000653000", + "frame.time_relative": "900.877451000", + "frame.number": "3504", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000ab53", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000d0f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54602", + "tcp.port": "80", + "tcp.port": "54602", + "tcp.stream": "140", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005221", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003310000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.338517000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.338517000", + "frame.time_delta": "0.000380000", + "frame.time_delta_displayed": "0.000380000", + "frame.time_relative": "900.877831000", + "frame.number": "3505", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000ab54", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000093c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54602", + "tcp.port": "80", + "tcp.port": "54602", + "tcp.stream": "140", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a48a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003310000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "3504", + "tcp.segment": "3505", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001508000", + "http.request_in": "3502", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.340163000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.340163000", + "frame.time_delta": "0.001646000", + "frame.time_delta_displayed": "0.001646000", + "frame.time_relative": "900.879477000", + "frame.number": "3506", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000ab55", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000093b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54602", + "tcp.port": "80", + "tcp.port": "54602", + "tcp.stream": "140", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a48a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003310000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.341990000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.341990000", + "frame.time_delta": "0.001827000", + "frame.time_delta_displayed": "0.001827000", + "frame.time_relative": "900.881304000", + "frame.number": "3507", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a13", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54602", + "tcp.dstport": "80", + "tcp.port": "54602", + "tcp.port": "80", + "tcp.stream": "140", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001bd7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3505", + "tcp.analysis.ack_rtt": "0.003473000", + "tcp.analysis.initial_rtt": "0.003310000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.345003000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.345003000", + "frame.time_delta": "0.003013000", + "frame.time_delta_displayed": "0.003013000", + "frame.time_relative": "900.884317000", + "frame.number": "3508", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a14", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e5f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54602", + "tcp.dstport": "80", + "tcp.port": "54602", + "tcp.port": "80", + "tcp.stream": "140", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001bd6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.345451000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.345451000", + "frame.time_delta": "0.000448000", + "frame.time_delta_displayed": "0.000448000", + "frame.time_relative": "900.884765000", + "frame.number": "3509", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003e7c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000079f7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54602", + "tcp.port": "80", + "tcp.port": "54602", + "tcp.stream": "140", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000e0a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3508", + "tcp.analysis.ack_rtt": "0.000448000", + "tcp.analysis.initial_rtt": "0.003310000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.345698000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.345698000", + "frame.time_delta": "0.000247000", + "frame.time_delta_displayed": "0.000247000", + "frame.time_relative": "900.885012000", + "frame.number": "3510", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001a15", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e52", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54602", + "tcp.dstport": "80", + "tcp.port": "54602", + "tcp.port": "80", + "tcp.stream": "140", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000022ae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:65:c0:79:d6:65:c0:7d:b9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003310000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "3507", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.375717000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.375717000", + "frame.time_delta": "0.030019000", + "frame.time_delta_displayed": "0.030019000", + "frame.time_relative": "900.915031000", + "frame.number": "3511", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00008329", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000341f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "48", + "http.prev_response_in": "3498" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.390134000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.390134000", + "frame.time_delta": "0.014417000", + "frame.time_delta_displayed": "0.014417000", + "frame.time_relative": "900.929448000", + "frame.number": "3512", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001a16", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e51", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54603", + "tcp.dstport": "80", + "tcp.port": "54603", + "tcp.port": "80", + "tcp.stream": "141", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00000bd9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.390687000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.390687000", + "frame.time_delta": "0.000553000", + "frame.time_delta_displayed": "0.000553000", + "frame.time_relative": "900.930001000", + "frame.number": "3513", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54603", + "tcp.port": "80", + "tcp.port": "54603", + "tcp.stream": "141", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000091e3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3512", + "tcp.analysis.ack_rtt": "0.000553000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.393790000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.393790000", + "frame.time_delta": "0.003103000", + "frame.time_delta_displayed": "0.003103000", + "frame.time_relative": "900.933104000", + "frame.number": "3514", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a17", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e5c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54603", + "tcp.dstport": "80", + "tcp.port": "54603", + "tcp.port": "80", + "tcp.stream": "141", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000043c2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3513", + "tcp.analysis.ack_rtt": "0.003103000", + "tcp.analysis.initial_rtt": "0.003656000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.394940000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.394940000", + "frame.time_delta": "0.001150000", + "frame.time_delta_displayed": "0.001150000", + "frame.time_relative": "900.934254000", + "frame.number": "3515", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001a18", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005db4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54603", + "tcp.dstport": "80", + "tcp.port": "54603", + "tcp.port": "80", + "tcp.stream": "141", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000593b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003656000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.395426000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.395426000", + "frame.time_delta": "0.000486000", + "frame.time_delta_displayed": "0.000486000", + "frame.time_relative": "900.934740000", + "frame.number": "3516", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009d01", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001b72", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54603", + "tcp.port": "80", + "tcp.port": "54603", + "tcp.stream": "141", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003553", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3515", + "tcp.analysis.ack_rtt": "0.000486000", + "tcp.analysis.initial_rtt": "0.003656000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.396001000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.396001000", + "frame.time_delta": "0.000575000", + "frame.time_delta_displayed": "0.000575000", + "frame.time_relative": "900.935315000", + "frame.number": "3517", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00009d02", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001b60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54603", + "tcp.port": "80", + "tcp.port": "54603", + "tcp.stream": "141", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007574", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003656000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.396354000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.396354000", + "frame.time_delta": "0.000353000", + "frame.time_delta_displayed": "0.000353000", + "frame.time_relative": "900.935668000", + "frame.number": "3518", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00009d03", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000178d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54603", + "tcp.port": "80", + "tcp.port": "54603", + "tcp.stream": "141", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c7dd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003656000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "3517", + "tcp.segment": "3518", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001414000", + "http.request_in": "3515", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.398425000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.398425000", + "frame.time_delta": "0.002071000", + "frame.time_delta_displayed": "0.002071000", + "frame.time_relative": "900.937739000", + "frame.number": "3519", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a19", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e5a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54603", + "tcp.dstport": "80", + "tcp.port": "54603", + "tcp.port": "80", + "tcp.stream": "141", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003f2a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3518", + "tcp.analysis.ack_rtt": "0.002071000", + "tcp.analysis.initial_rtt": "0.003656000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.399411000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.399411000", + "frame.time_delta": "0.000986000", + "frame.time_delta_displayed": "0.000986000", + "frame.time_relative": "900.938725000", + "frame.number": "3520", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a1a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e59", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54603", + "tcp.dstport": "80", + "tcp.port": "54603", + "tcp.port": "80", + "tcp.stream": "141", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003f29", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:32.399883000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494492.399883000", + "frame.time_delta": "0.000472000", + "frame.time_delta_displayed": "0.000472000", + "frame.time_relative": "900.939197000", + "frame.number": "3521", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003e7f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000079f4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54603", + "tcp.port": "80", + "tcp.port": "54603", + "tcp.stream": "141", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000315d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3520", + "tcp.analysis.ack_rtt": "0.000472000", + "tcp.analysis.initial_rtt": "0.003656000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:34.259390000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494494.259390000", + "frame.time_delta": "1.859507000", + "frame.time_delta_displayed": "1.859507000", + "frame.time_relative": "902.798704000", + "frame.number": "3522", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000095e3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007766", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "48250", + "tcp.nxtseq": "48304", + "tcp.ack": "10402", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008605", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:11:96:a7:9e:6a:16", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2494870, TSecr 2812176918": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2494870", + "tcp.options.timestamp.tsecr": "2812176918" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:a1:1f:57:99:d8:6e:ef:7e:c4:3a:fc:b9:35:20:ce:7d:f0:3b:f3:c3:62:df:33:3b:e7:15:c3:fb:d4:c0:f1:22:45:98:a4:a6:bb:e3:cd:3b:d5:c9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:34.320537000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494494.320537000", + "frame.time_delta": "0.061147000", + "frame.time_delta_displayed": "0.061147000", + "frame.time_relative": "902.859851000", + "frame.number": "3523", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003895", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10402", + "tcp.ack": "48304", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000449c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:6d:08:00:26:11:96", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812177672, TSecr 2494870": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812177672", + "tcp.options.timestamp.tsecr": "2494870" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3522", + "tcp.analysis.ack_rtt": "0.061147000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:34.700045000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494494.700045000", + "frame.time_delta": "0.379508000", + "frame.time_delta_displayed": "0.379508000", + "frame.time_relative": "903.239359000", + "frame.number": "3524", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057f3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a69e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "281", + "tcp.ack": "253", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000004ab", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:34.843655000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494494.843655000", + "frame.time_delta": "0.143610000", + "frame.time_delta_displayed": "0.143610000", + "frame.time_relative": "903.382969000", + "frame.number": "3525", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fe1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdb0", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "253", + "tcp.ack": "282", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000f20", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:36.481061000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494496.481061000", + "frame.time_delta": "1.637406000", + "frame.time_delta_displayed": "1.637406000", + "frame.time_relative": "905.020375000", + "frame.number": "3526", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005c8a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005b5f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:36.683277000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494496.683277000", + "frame.time_delta": "0.202216000", + "frame.time_delta_displayed": "0.202216000", + "frame.time_relative": "905.222591000", + "frame.number": "3527", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020f2", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e722", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50915", + "udp.dstport": "1900", + "udp.port": "50915", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x0000837a", + "udp.checksum.status": "2", + "udp.stream": "94" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:37.328929000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494497.328929000", + "frame.time_delta": "0.645652000", + "frame.time_delta_displayed": "0.645652000", + "frame.time_relative": "905.868243000", + "frame.number": "3528", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00008463", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000032e8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "305", + "udp.checksum": "0x0000fe37", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:37.381851000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494497.381851000", + "frame.time_delta": "0.052922000", + "frame.time_delta_displayed": "0.052922000", + "frame.time_relative": "905.921165000", + "frame.number": "3529", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00008464", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000032de", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "314", + "udp.checksum": "0x00000c23", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "3528" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:37.434687000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494497.434687000", + "frame.time_delta": "0.052836000", + "frame.time_delta_displayed": "0.052836000", + "frame.time_relative": "905.974001000", + "frame.number": "3530", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00008466", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000032e2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "308", + "udp.checksum": "0x00002fad", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "3529" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:37.683950000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494497.683950000", + "frame.time_delta": "0.249263000", + "frame.time_delta_displayed": "0.249263000", + "frame.time_relative": "906.223264000", + "frame.number": "3531", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020f3", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e721", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50915", + "udp.dstport": "1900", + "udp.port": "50915", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x0000837a", + "udp.checksum.status": "2", + "udp.stream": "94" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "3527" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.386471000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.386471000", + "frame.time_delta": "0.702521000", + "frame.time_delta_displayed": "0.702521000", + "frame.time_relative": "906.925785000", + "frame.number": "3532", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000084aa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000032a1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "305", + "udp.checksum": "0x0000fe37", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "3530" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.439221000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.439221000", + "frame.time_delta": "0.052750000", + "frame.time_delta_displayed": "0.052750000", + "frame.time_relative": "906.978535000", + "frame.number": "3533", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000084ab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003297", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "314", + "udp.checksum": "0x00000c23", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "3532" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.461721000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.461721000", + "frame.time_delta": "0.022500000", + "frame.time_delta_displayed": "0.022500000", + "frame.time_relative": "907.001035000", + "frame.number": "3534", + "frame.len": "622", + "frame.cap_len": "622", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "608", + "ip.id": "0x00002ceb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003668", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "556", + "tcp.seq": "10402", + "tcp.nxtseq": "10958", + "tcp.ack": "48304", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000068d8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:71:13:00:26:11:96", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812178707, TSecr 2494870": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812178707", + "tcp.options.timestamp.tsecr": "2494870" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "556", + "tcp.analysis.push_bytes_sent": "556" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "551", + "ssl.app_data": "34:cd:34:17:47:48:0e:75:da:cd:69:cd:74:9f:fb:44:97:ab:d2:15:4e:d8:18:3d:3b:ec:bc:f3:b4:a5:c0:c6:6a:64:27:0a:4e:c1:02:6d:ae:d5:da:8d:d7:27:9e:e9:40:5e:e7:2f:bc:a8:b5:c9:37:fa:c4:4a:0d:74:6c:31:45:a7:4f:0d:d4:1b:9d:2a:89:a5:c2:67:e1:ac:ef:27:8d:83:e3:e1:43:ce:8c:66:6b:bb:88:1f:f9:b4:6b:da:77:e0:2c:13:67:67:3e:cc:14:64:3a:f8:df:4b:27:99:28:91:6a:cd:c1:36:4d:b4:c3:36:fd:87:b2:07:13:38:83:9b:a6:97:c4:e0:7d:17:b8:8d:0d:57:f2:56:78:fa:d8:80:99:ee:ca:15:6f:a7:80:1a:60:49:1f:ca:f3:20:38:87:47:cb:f9:54:a2:c7:1d:74:99:3d:ff:2a:44:8f:68:2b:9c:41:47:af:96:b6:1f:a1:7f:61:ad:d8:93:2a:ce:e6:ed:c3:89:70:1d:b8:69:11:9b:c2:e2:67:03:42:2c:f0:38:21:87:78:40:1d:07:f9:77:6f:1f:fb:3f:4c:08:b2:75:a9:f5:98:44:49:45:d3:66:8f:da:53:ea:25:2a:81:6d:82:ef:d6:ac:88:92:1f:11:26:6c:5c:f7:1b:f2:ee:7c:a1:12:e6:6b:1a:db:53:16:52:fc:9c:87:2d:76:25:b3:a3:09:79:9f:ac:b3:2f:f2:23:ba:37:f0:d6:a4:12:16:d9:95:f1:85:40:50:dd:6c:1a:69:0c:8a:19:55:3c:d9:2b:59:20:fe:f3:3e:f0:8f:5f:9a:56:54:b3:46:5a:85:37:e7:23:1b:c7:57:37:44:f3:13:ab:b9:8b:df:79:92:af:da:29:47:83:ec:cc:9f:32:2d:07:1c:a4:2c:95:f9:94:22:9d:20:92:90:a9:8d:6e:c0:90:37:a0:24:94:38:62:4b:df:ea:9a:fd:d7:f8:c4:75:10:9a:1e:de:eb:c3:ed:c9:01:b6:d5:d3:83:30:3b:eb:54:31:cd:25:0f:73:e3:b0:e3:91:9e:80:c3:9d:2b:cf:0a:c9:52:07:d2:cf:f0:33:94:7a:9a:22:86:cd:cb:fb:4b:af:17:48:c1:6d:1e:2d:1f:3f:76:80:94:bb:78:b1:2c:23:7e:c6:6e:dd:c0:1e:a8:a3:01:14:a3:3f:ba:2c:67:1d:07:ff:ab:b9:ce:9d:44:10:03:12:d0:21:74:0c:0b:fb:5e:8a:c6:8b:18:3f:f3:5b:f5:05:b2:fe:bf:39:e3:d5:3a:07:27:6b:ba:8a:e1:17:1e:cf:bd:86:d3:ec:a6:1c:03:99:20:1f:55:69:db:a2:49:c8:05:96:97:0a:9f:12:44:98:3f:2f:6b:96:cc:06:b5:54:51:36:1e:5c:78:04:da:0d:83:05:c2:b5:a7:13" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.491963000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.491963000", + "frame.time_delta": "0.030242000", + "frame.time_delta_displayed": "0.030242000", + "frame.time_relative": "907.031277000", + "frame.number": "3535", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000084ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000329b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "308", + "udp.checksum": "0x00002fad", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "3533" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.501226000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.501226000", + "frame.time_delta": "0.009263000", + "frame.time_delta_displayed": "0.009263000", + "frame.time_relative": "907.040540000", + "frame.number": "3536", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000095e4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000779b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "48304", + "tcp.ack": "10958", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003bcd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:13:3f:a7:9e:71:13", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2495295, TSecr 2812178707": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2495295", + "tcp.options.timestamp.tsecr": "2812178707" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3534", + "tcp.analysis.ack_rtt": "0.039505000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.508245000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.508245000", + "frame.time_delta": "0.007019000", + "frame.time_delta_displayed": "0.007019000", + "frame.time_relative": "907.047559000", + "frame.number": "3537", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x000095e5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007765", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "48304", + "tcp.nxtseq": "48357", + "tcp.ack": "10958", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cb48", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:13:3f:a7:9e:71:13", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2495295, TSecr 2812178707": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2495295", + "tcp.options.timestamp.tsecr": "2812178707" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:a2:f8:c7:db:2b:f5:a4:8f:12:1e:4a:cf:87:10:b4:49:fd:7b:71:1d:50:fd:be:0a:69:d9:5c:67:0c:bd:15:92:34:b8:35:88:95:e6:28:2e:08" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.515923000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.515923000", + "frame.time_delta": "0.007678000", + "frame.time_delta_displayed": "0.007678000", + "frame.time_relative": "907.055237000", + "frame.number": "3538", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000dda6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d9f1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36171", + "tcp.dstport": "49153", + "tcp.port": "36171", + "tcp.port": "49153", + "tcp.stream": "142", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 49153", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x00003889", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:26:13:40:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 2495296, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2495296", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.517584000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.517584000", + "frame.time_delta": "0.001661000", + "frame.time_delta_displayed": "0.001661000", + "frame.time_relative": "907.056898000", + "frame.number": "3539", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b7a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36171", + "tcp.port": "49153", + "tcp.port": "36171", + "tcp.stream": "142", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 49153", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5840", + "tcp.window_size": "5840", + "tcp.checksum": "0x00005e8c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 1 (multiply by 2)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "1", + "tcp.options.wscale.multiplier": "2" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3538", + "tcp.analysis.ack_rtt": "0.001661000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.518181000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.518181000", + "frame.time_delta": "0.000597000", + "frame.time_delta_displayed": "0.000597000", + "frame.time_relative": "907.057495000", + "frame.number": "3540", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000dda7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000da04", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36171", + "tcp.dstport": "49153", + "tcp.port": "36171", + "tcp.port": "49153", + "tcp.stream": "142", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000b543", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3539", + "tcp.analysis.ack_rtt": "0.000597000", + "tcp.analysis.initial_rtt": "0.002258000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.529090000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.529090000", + "frame.time_delta": "0.010909000", + "frame.time_delta_displayed": "0.010909000", + "frame.time_relative": "907.068404000", + "frame.number": "3541", + "frame.len": "558", + "frame.cap_len": "558", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "544", + "ip.id": "0x0000dda8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d80b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36171", + "tcp.dstport": "49153", + "tcp.port": "36171", + "tcp.port": "49153", + "tcp.stream": "142", + "tcp.len": "504", + "tcp.seq": "1", + "tcp.nxtseq": "505", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000fd0c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002258000", + "tcp.analysis.bytes_in_flight": "504", + "tcp.analysis.push_bytes_sent": "504" + } + }, + "http": { + "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/upnp\/control\/basicevent1", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "SOAPAction: \"urn:Belkin:service:basicevent:1#SetBinaryState\"\n", + "http.host": "192.168.0.225:49153", + "http.request.line": "Host: 192.168.0.225:49153\n", + "http.content_type": "text\/xml", + "http.request.line": "Content-Type: text\/xml\n", + "http.content_length_header": "333", + "http.content_length_header_tree": { + "http.content_length": "333" + }, + "http.request.line": "Content-Length: 333\n", + "\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.225:49153\/upnp\/control\/basicevent1", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "<?xml version=\"1.0\"?>\n<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">\n<SOAP-ENV:Body>\n <m:SetBinaryState xmlns:m=\"urn:Belkin:service:basicevent:1\">\n<BinaryState>1<\/BinaryState>\n <\/m:SetBinaryState>\n<\/SOAP-ENV:Body>\n<\/SOAP-ENV:Envelope>" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\"?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "?>": "" + }, + "xml.tag": "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", + "xml.attribute": "SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", + "xml.tag": "<SOAP-ENV:Body>", + "xml.tag_tree": { + "xml.tag": "<m:SetBinaryState xmlns:m=\"urn:Belkin:service:basicevent:1\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:m=\"urn:Belkin:service:basicevent:1\"", + "xml.tag": "<BinaryState>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/BinaryState>": "" + }, + "<\/m:SetBinaryState>": "" + }, + "<\/SOAP-ENV:Body>": "" + }, + "<\/SOAP-ENV:Envelope>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.531089000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.531089000", + "frame.time_delta": "0.001999000", + "frame.time_delta_displayed": "0.001999000", + "frame.time_relative": "907.070403000", + "frame.number": "3542", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b43d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000036f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36171", + "tcp.port": "49153", + "tcp.port": "36171", + "tcp.stream": "142", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "505", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000a6b0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3541", + "tcp.analysis.ack_rtt": "0.001999000", + "tcp.analysis.initial_rtt": "0.002258000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.561123000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.561123000", + "frame.time_delta": "0.030034000", + "frame.time_delta_displayed": "0.030034000", + "frame.time_relative": "907.100437000", + "frame.number": "3543", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000b43e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000002ae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36171", + "tcp.port": "49153", + "tcp.port": "36171", + "tcp.stream": "142", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "505", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000afb1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002258000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:33:37:36:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:30:31:3a:33:38:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.561696000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.561696000", + "frame.time_delta": "0.000573000", + "frame.time_delta_displayed": "0.000573000", + "frame.time_relative": "907.101010000", + "frame.number": "3544", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000dda9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000da02", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36171", + "tcp.dstport": "49153", + "tcp.port": "36171", + "tcp.port": "49153", + "tcp.stream": "142", + "tcp.len": "0", + "tcp.seq": "505", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000b27b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3543", + "tcp.analysis.ack_rtt": "0.000573000", + "tcp.analysis.initial_rtt": "0.002258000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.562569000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.562569000", + "frame.time_delta": "0.000873000", + "frame.time_delta_displayed": "0.000873000", + "frame.time_relative": "907.101883000", + "frame.number": "3545", + "frame.len": "430", + "frame.cap_len": "430", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "416", + "ip.id": "0x0000b43f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000001f5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36171", + "tcp.port": "49153", + "tcp.port": "36171", + "tcp.stream": "142", + "tcp.len": "376", + "tcp.seq": "193", + "tcp.nxtseq": "570", + "tcp.ack": "505", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000a8c9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002258000", + "tcp.analysis.bytes_in_flight": "377", + "tcp.analysis.push_bytes_sent": "376" + }, + "tcp.segment_data": "3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:30:3c:2f:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:0d:0a:3c:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:31:35:30:39:34:39:34:34:39:38:3c:2f:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:0d:0a:3c:2f:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" + }, + "tcp.segments": { + "tcp.segment": "3543", + "tcp.segment": "3545", + "tcp.segment.count": "2", + "tcp.reassembled.length": "568", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:33:37:36:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:30:31:3a:33:38:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a:3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:30:3c:2f:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:0d:0a:3c:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:31:35:30:39:34:39:34:34:39:38:3c:2f:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:0d:0a:3c:2f:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_length_header": "376", + "http.content_length_header_tree": { + "http.content_length": "376" + }, + "http.response.line": "CONTENT-LENGTH: 376\r\n", + "http.content_type": "text\/xml; charset=\"utf-8\"", + "http.response.line": "CONTENT-TYPE: text\/xml; charset=\"utf-8\"\r\n", + "http.date": "Wed, 01 Nov 2017 00:01:38 GMT", + "http.response.line": "DATE: Wed, 01 Nov 2017 00:01:38 GMT\r\n", + "http.response.line": "EXT:\r\n", + "http.server": "Unspecified, UPnP\/1.0, Unspecified", + "http.response.line": "SERVER: Unspecified, UPnP\/1.0, Unspecified\r\n", + "http.response.line": "X-User-Agent: redsonic\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.033479000", + "http.request_in": "3541", + "http.file_data": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"><s:Body>\n<u:SetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">\r\n<BinaryState>1<\/BinaryState>\r\n<CountdownEndTime>0<\/CountdownEndTime>\r\n<deviceCurrentTime>1509494498<\/deviceCurrentTime>\r\n<\/u:SetBinaryStateResponse>\r\n<\/s:Body> <\/s:Envelope>" + }, + "xml": { + "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", + "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", + "xml.tag": "<s:Body>", + "xml.tag_tree": { + "xml.tag": "<u:SetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:u=\"urn:Belkin:service:basicevent:1\"", + "xml.tag": "<BinaryState>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/BinaryState>": "" + }, + "xml.tag": "<CountdownEndTime>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/CountdownEndTime>": "" + }, + "xml.tag": "<deviceCurrentTime>", + "xml.tag_tree": { + "xml.cdata": "1509494498", + "<\/deviceCurrentTime>": "" + }, + "<\/u:SetBinaryStateResponse>": "" + }, + "<\/s:Body>": "" + }, + "<\/s:Envelope>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.568298000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.568298000", + "frame.time_delta": "0.005729000", + "frame.time_delta_displayed": "0.005729000", + "frame.time_relative": "907.107612000", + "frame.number": "3546", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003893", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10958", + "tcp.ack": "48357", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003c6c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:71:2e:00:26:13:3f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812178734, TSecr 2495295": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812178734", + "tcp.options.timestamp.tsecr": "2495295" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3537", + "tcp.analysis.ack_rtt": "0.060053000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.568743000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.568743000", + "frame.time_delta": "0.000445000", + "frame.time_delta_displayed": "0.000445000", + "frame.time_relative": "907.108057000", + "frame.number": "3547", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "160", + "ip.id": "0x000095e6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000772d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "108", + "tcp.seq": "48357", + "tcp.nxtseq": "48465", + "tcp.ack": "10958", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000eea0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:13:45:a7:9e:71:2e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2495301, TSecr 2812178734": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2495301", + "tcp.options.timestamp.tsecr": "2812178734" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "108", + "tcp.analysis.push_bytes_sent": "108" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:a3:81:ee:40:9f:6e:96:e0:71:76:73:9d:1b:17:c0:26:21:7f:84:45:63:9a:4b:5a:8f:18:86:7c:aa:b3:39:22:62:70:eb:53:b5:d1:27:5d:92:57" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:a4:87:f0:16:89:03:84:d4:a0:25:ad:c8:59:96:ed:66:3c:ce:5f:56:25:f6:3b:68:d0:f3:7b:a3:25:53:c7:d3:df:16:34:50:36:d5:52:09:9f:66" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.601186000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.601186000", + "frame.time_delta": "0.032443000", + "frame.time_delta_displayed": "0.032443000", + "frame.time_relative": "907.140500000", + "frame.number": "3548", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ddaa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000da01", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36171", + "tcp.dstport": "49153", + "tcp.port": "36171", + "tcp.port": "49153", + "tcp.stream": "142", + "tcp.len": "0", + "tcp.seq": "505", + "tcp.ack": "570", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000b0f1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3545", + "tcp.analysis.ack_rtt": "0.038617000", + "tcp.analysis.initial_rtt": "0.002258000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.616901000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.616901000", + "frame.time_delta": "0.015715000", + "frame.time_delta_displayed": "0.015715000", + "frame.time_relative": "907.156215000", + "frame.number": "3549", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00009d53", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00003c06", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.628923000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.628923000", + "frame.time_delta": "0.012022000", + "frame.time_delta_displayed": "0.012022000", + "frame.time_relative": "907.168237000", + "frame.number": "3550", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ced", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003892", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10958", + "tcp.ack": "48465", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003beb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:71:3d:00:26:13:45", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812178749, TSecr 2495301": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812178749", + "tcp.options.timestamp.tsecr": "2495301" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3547", + "tcp.analysis.ack_rtt": "0.060180000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.629420000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.629420000", + "frame.time_delta": "0.000497000", + "frame.time_delta_displayed": "0.000497000", + "frame.time_relative": "907.168734000", + "frame.number": "3551", + "frame.len": "752", + "frame.cap_len": "752", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "738", + "ip.id": "0x000095e7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000074ea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "686", + "tcp.seq": "48465", + "tcp.nxtseq": "49151", + "tcp.ack": "10958", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000046a5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:13:4b:a7:9e:71:3d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2495307, TSecr 2812178749": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2495307", + "tcp.options.timestamp.tsecr": "2812178749" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "686", + "tcp.analysis.push_bytes_sent": "686" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "246", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:a5:44:e3:3d:f5:dd:c1:26:7f:ea:d2:38:ee:36:5b:84:6b:f1:cb:51:f0:a5:7b:04:9b:8d:d0:48:b0:ac:46:9c:3f:24:01:10:69:a0:f7:41:46:50:28:5b:55:c5:c1:e4:5d:68:0d:37:8f:0e:3b:2a:21:6d:3c:24:08:ee:d6:cb:a7:90:ef:d8:b6:fd:22:3c:10:8b:df:83:4d:8e:c5:40:6f:d9:72:98:75:9d:5c:73:ca:15:e3:35:0d:be:93:68:26:f3:b0:f3:ec:c6:dc:9d:0b:28:2f:17:68:2b:78:a1:a9:0e:7b:97:08:32:c5:4c:fa:84:14:85:7e:26:00:81:a9:d2:8e:57:82:3d:60:d0:73:ea:47:3d:d1:a1:4f:b0:9b:c2:ae:dc:5e:1a:54:2f:7d:71:f2:1f:72:d6:1a:39:75:58:ef:8f:06:29:f7:d5:2e:c2:5d:25:39:b6:26:0b:f4:1c:6f:d9:44:c1:71:20:ef:8d:1b:69:5e:a7:43:18:89:7f:6f:4a:14:87:d3:1f:ac:30:c9:1c:36:1b:52:c9:1f:98:77:10:22:a3:72:45:56:9d:f8:b5:b4:77:1f:75:91:ec:8b:ee:9a:d4:aa:75:bb:7e:99:7a:00:dd:16" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "430", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:a6:8f:c2:8b:64:fa:58:10:d5:0a:34:c7:46:f0:da:f2:c5:6a:0d:bb:82:4f:b9:62:c7:4a:6c:28:27:bf:5b:9d:bf:dc:31:34:d2:06:5e:cd:34:ac:a5:34:92:b0:4d:3c:99:89:9f:db:95:f1:7c:3a:22:f5:51:b4:17:d4:23:8a:45:22:e1:71:93:19:86:b8:cd:25:b3:c8:f2:34:58:e9:8d:f7:b4:60:9b:85:02:48:ba:27:5f:90:cc:a5:2f:f1:60:c1:0a:3b:c4:77:eb:cf:5d:96:2d:a8:e7:42:9a:c6:20:fc:bf:1e:92:26:42:4d:fe:25:2b:7b:ed:2a:07:a7:1e:58:8f:47:95:b1:d8:0f:cb:12:82:26:90:8a:78:64:63:47:d5:32:ad:a1:61:43:9e:84:91:2b:7a:7a:f8:2e:b6:7d:18:72:36:82:54:05:a0:f9:e8:bd:32:e2:37:fb:38:a0:58:42:d4:be:08:47:4c:b9:12:02:78:6c:54:13:ec:63:4e:bd:70:2a:b4:11:70:a7:59:3d:6e:2b:a0:17:73:1a:46:fe:c0:cf:a6:75:09:a6:39:23:f0:cd:1c:88:b7:e8:97:62:ae:5a:b6:1e:44:c6:2a:fe:18:c4:22:88:07:8c:23:cc:43:ac:17:68:c4:f6:d4:e9:bb:8f:89:f8:71:d6:77:20:26:5b:22:90:3e:44:47:64:77:1b:ae:25:2e:ef:a6:26:8f:5f:91:b0:5f:49:bc:02:ce:de:94:47:37:19:e1:b6:d3:9b:ad:2f:4e:a8:f2:48:96:b7:7e:13:a4:ad:11:61:32:9c:fe:c4:e9:64:1f:20:70:f1:5d:08:6b:5f:23:e5:64:a3:cf:0a:4b:11:a5:5e:a4:aa:f1:6d:34:28:21:9d:e8:c1:90:19:40:7d:5d:bb:62:18:2c:63:e9:d4:91:33:da:25:15:90:24:10:7e:6f:80:9d:fa:45:c4:aa:08:87:50:02:6f:cf:c4:e5:04:bc:09:de:05:e5:c0:e3:16:9a:7d:5f:ca:37:54:72:63:98:81:58:c7:9a:18:85:97:52:a7:7f:35:60:ec:ad:4f:b0:d1:65:3c:35:86:61:6c:22:ed:20:de" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.684573000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.684573000", + "frame.time_delta": "0.055153000", + "frame.time_delta_displayed": "0.055153000", + "frame.time_relative": "907.223887000", + "frame.number": "3552", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020f4", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e720", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50915", + "udp.dstport": "1900", + "udp.port": "50915", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x0000837a", + "udp.checksum.status": "2", + "udp.stream": "94" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "3531" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.689648000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.689648000", + "frame.time_delta": "0.005075000", + "frame.time_delta_displayed": "0.005075000", + "frame.time_relative": "907.228962000", + "frame.number": "3553", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003891", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "10958", + "tcp.ack": "49151", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003928", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:71:4c:00:26:13:4b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812178764, TSecr 2495307": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812178764", + "tcp.options.timestamp.tsecr": "2495307" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3551", + "tcp.analysis.ack_rtt": "0.060228000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.690561000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.690561000", + "frame.time_delta": "0.000913000", + "frame.time_delta_displayed": "0.000913000", + "frame.time_relative": "907.229875000", + "frame.number": "3554", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002cef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003861", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "10958", + "tcp.nxtseq": "11005", + "tcp.ack": "49151", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000784a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:71:4d:00:26:13:4b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812178765, TSecr 2495307": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812178765", + "tcp.options.timestamp.tsecr": "2495307" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:76:d6:11:30:e3:e4:20:25:9b:60:69:47:b5:6d:1b:4a:65:3a:81:79:7f:25:4c:5f:8c:e7:0b:70:62:10:a4:ad:30:25:6d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.691026000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.691026000", + "frame.time_delta": "0.000465000", + "frame.time_delta_displayed": "0.000465000", + "frame.time_relative": "907.230340000", + "frame.number": "3555", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000095e8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007797", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "49151", + "tcp.ack": "11005", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003803", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:13:51:a7:9e:71:4d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2495313, TSecr 2812178765": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2495313", + "tcp.options.timestamp.tsecr": "2812178765" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3554", + "tcp.analysis.ack_rtt": "0.000465000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.692475000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.692475000", + "frame.time_delta": "0.001449000", + "frame.time_delta_displayed": "0.001449000", + "frame.time_relative": "907.231789000", + "frame.number": "3556", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000d107", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e698", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "3553", + "tcp.dstport": "39500", + "tcp.port": "3553", + "tcp.port": "39500", + "tcp.stream": "143", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 39500", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5840", + "tcp.window_size": "5840", + "tcp.checksum": "0x0000d157", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 1 (multiply by 2)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "1", + "tcp.options.wscale.multiplier": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.692940000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.692940000", + "frame.time_delta": "0.000465000", + "frame.time_delta_displayed": "0.000465000", + "frame.time_relative": "907.232254000", + "frame.number": "3557", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b7a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "3553", + "tcp.port": "39500", + "tcp.port": "3553", + "tcp.stream": "143", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 39500", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x0000a217", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3556", + "tcp.analysis.ack_rtt": "0.000465000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.694710000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.694710000", + "frame.time_delta": "0.001770000", + "frame.time_delta_displayed": "0.001770000", + "frame.time_relative": "907.234024000", + "frame.number": "3558", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x000095e9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007767", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "49151", + "tcp.nxtseq": "49198", + "tcp.ack": "11005", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c229", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:13:52:a7:9e:71:4d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2495314, TSecr 2812178765": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2495314", + "tcp.options.timestamp.tsecr": "2812178765" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:a7:6d:3a:89:d6:a7:f8:7d:5c:bb:2c:c3:ba:f9:23:d6:22:d8:8e:ce:fa:4f:dd:5b:9f:f0:ef:0d:49:cc:13:90:96:68:50" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.694760000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.694760000", + "frame.time_delta": "0.000050000", + "frame.time_delta_displayed": "0.000050000", + "frame.time_relative": "907.234074000", + "frame.number": "3559", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d108", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e6a3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "3553", + "tcp.dstport": "39500", + "tcp.port": "3553", + "tcp.port": "39500", + "tcp.stream": "143", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00001089", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3557", + "tcp.analysis.ack_rtt": "0.001820000", + "tcp.analysis.initial_rtt": "0.002285000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.695567000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.695567000", + "frame.time_delta": "0.000807000", + "frame.time_delta_displayed": "0.000807000", + "frame.time_relative": "907.234881000", + "frame.number": "3560", + "frame.len": "258", + "frame.cap_len": "258", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "244", + "ip.id": "0x0000d109", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e5d6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "3553", + "tcp.dstport": "39500", + "tcp.port": "3553", + "tcp.port": "39500", + "tcp.stream": "143", + "tcp.len": "204", + "tcp.seq": "1", + "tcp.nxtseq": "205", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000dd3b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002285000", + "tcp.analysis.bytes_in_flight": "204", + "tcp.analysis.push_bytes_sent": "204" + }, + "tcp.segment_data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:33:32:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:37:63:63:64:39:66:33:38:2d:31:64:64:32:2d:31:31:62:32:2d:62:64:62:64:2d:38:32:36:39:32:65:66:62:30:64:37:65:0d:0a:53:45:51:3a:20:31:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.696030000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.696030000", + "frame.time_delta": "0.000463000", + "frame.time_delta_displayed": "0.000463000", + "frame.time_relative": "907.235344000", + "frame.number": "3561", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000055de", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000061ce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "3553", + "tcp.port": "39500", + "tcp.port": "3553", + "tcp.stream": "143", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "205", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00001a30", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3560", + "tcp.analysis.ack_rtt": "0.000463000", + "tcp.analysis.initial_rtt": "0.002285000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.698141000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.698141000", + "frame.time_delta": "0.002111000", + "frame.time_delta_displayed": "0.002111000", + "frame.time_relative": "907.237455000", + "frame.number": "3562", + "frame.len": "187", + "frame.cap_len": "187", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml:http:data" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "173", + "ip.id": "0x0000d10a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e61c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "3553", + "tcp.dstport": "39500", + "tcp.port": "3553", + "tcp.port": "39500", + "tcp.stream": "143", + "tcp.len": "133", + "tcp.seq": "205", + "tcp.nxtseq": "338", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00006b63", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002285000", + "tcp.analysis.bytes_in_flight": "133", + "tcp.analysis.push_bytes_sent": "133" + }, + "tcp.segment_data": "3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" + }, + "tcp.segments": { + "tcp.segment": "3560", + "tcp.segment": "3562", + "tcp.segment.count": "2", + "tcp.reassembled.length": "336", + "tcp.reassembled.data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:33:32:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:37:63:63:64:39:66:33:38:2d:31:64:64:32:2d:31:31:62:32:2d:62:64:62:64:2d:38:32:36:39:32:65:66:62:30:64:37:65:0d:0a:53:45:51:3a:20:31:0d:0a:0d:0a:3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" + }, + "http": { + "NOTIFY \/ HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY \/ HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "\/", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.242:39500", + "http.content_type": "text\/xml; charset=\"utf-8\"", + "http.content_length_header": "132", + "http.content_length_header_tree": { + "http.content_length": "132" + }, + "http.unknown_header": "NT: upnp:event\\r\\n", + "http.unknown_header": "NTS: upnp:propchange\\r\\n", + "http.unknown_header": "SID: uuid:7ccd9f38-1dd2-11b2-bdbd-82692efb0d7e\\r\\n", + "http.unknown_header": "SEQ: 1\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.242:39500\/", + "http.notification": "1", + "http.file_data": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">\n<e:property>\n<BinaryState>1<\/BinaryState>\n<\/e:property>\n<\/e:propertyset>\n\n\r" + }, + "xml": { + "xml.tag": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:e=\"urn:schemas-upnp-org:event-1-0\"", + "xml.tag": "<e:property>", + "xml.tag_tree": { + "xml.tag": "<BinaryState>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/BinaryState>": "" + }, + "<\/e:property>": "" + }, + "<\/e:propertyset>": "" + } + }, + "http": { + "data": { + "data.data": "0a", + "data.len": "1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.698585000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.698585000", + "frame.time_delta": "0.000444000", + "frame.time_delta_displayed": "0.000444000", + "frame.time_relative": "907.237899000", + "frame.number": "3563", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000055df", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000061cd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "3553", + "tcp.port": "39500", + "tcp.port": "3553", + "tcp.stream": "143", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "338", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000199a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3562", + "tcp.analysis.ack_rtt": "0.000444000", + "tcp.analysis.initial_rtt": "0.002285000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.711211000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.711211000", + "frame.time_delta": "0.012626000", + "frame.time_delta_displayed": "0.012626000", + "frame.time_relative": "907.250525000", + "frame.number": "3564", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ddab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000da00", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36171", + "tcp.dstport": "49153", + "tcp.port": "36171", + "tcp.port": "49153", + "tcp.stream": "142", + "tcp.len": "0", + "tcp.seq": "505", + "tcp.ack": "570", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000b0f0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.713057000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.713057000", + "frame.time_delta": "0.001846000", + "frame.time_delta_displayed": "0.001846000", + "frame.time_relative": "907.252371000", + "frame.number": "3565", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b7ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36171", + "tcp.port": "49153", + "tcp.port": "36171", + "tcp.stream": "142", + "tcp.len": "0", + "tcp.seq": "570", + "tcp.ack": "506", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000a476", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3564", + "tcp.analysis.ack_rtt": "0.001846000", + "tcp.analysis.initial_rtt": "0.002258000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.794261000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.794261000", + "frame.time_delta": "0.081204000", + "frame.time_delta_displayed": "0.081204000", + "frame.time_relative": "907.333575000", + "frame.number": "3566", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cf0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000388f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "11005", + "tcp.ack": "49198", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000038a8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:71:67:00:26:13:52", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812178791, TSecr 2495314": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812178791", + "tcp.options.timestamp.tsecr": "2495314" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3558", + "tcp.analysis.ack_rtt": "0.099551000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.794784000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.794784000", + "frame.time_delta": "0.000523000", + "frame.time_delta_displayed": "0.000523000", + "frame.time_relative": "907.334098000", + "frame.number": "3567", + "frame.len": "512", + "frame.cap_len": "512", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "498", + "ip.id": "0x000095ea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075d7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "446", + "tcp.seq": "49198", + "tcp.nxtseq": "49644", + "tcp.ack": "11005", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ce86", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:13:5c:a7:9e:71:67", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2495324, TSecr 2812178791": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2495324", + "tcp.options.timestamp.tsecr": "2812178791" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "446", + "tcp.analysis.push_bytes_sent": "446" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "441", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:a8:65:07:aa:23:e1:98:a8:c4:87:0b:76:71:11:4b:c1:36:29:49:de:29:78:b6:38:d8:95:df:ed:6a:72:91:b0:e1:b6:eb:d7:89:e1:fe:e2:30:63:7c:38:cc:15:59:d3:22:d6:33:09:06:42:08:a9:00:2d:ac:ae:ed:49:02:4d:b8:15:52:7c:87:f0:44:16:a8:8d:33:29:a5:6b:dd:1e:e9:ae:af:7f:5e:3e:6a:31:59:9b:03:76:18:71:b3:43:a0:04:42:83:5f:cb:7b:2f:f8:29:66:95:a1:ad:62:fa:fd:e6:7b:29:a8:5f:6a:91:46:a9:93:80:12:7c:06:e5:5c:d3:2d:3a:84:65:79:86:4c:0f:a6:3a:b3:4f:92:54:2b:47:15:10:4c:3c:a6:6f:86:de:d8:49:5c:0d:f1:ea:ab:9b:6e:c5:1d:3f:83:76:72:35:3d:d1:96:e8:ac:ff:ce:60:20:03:dc:f7:fd:e8:6b:55:01:7d:6a:43:18:ec:15:f8:44:82:08:26:d7:25:02:f5:51:a7:a3:0a:6d:46:be:9a:a4:26:c1:1c:dd:ab:08:90:f7:19:8f:4a:c0:c0:d3:d0:78:76:ad:79:d7:f8:52:31:1a:09:ba:42:7d:10:96:8c:b2:cc:6e:9e:45:a3:93:34:31:32:5f:c6:de:1a:2b:48:d1:11:3c:7e:63:64:68:ae:ea:d3:e7:dc:7e:d6:6a:cd:71:c6:86:b8:e6:77:85:cc:87:76:6e:2c:0b:77:a0:50:39:68:7c:8d:db:4a:75:5b:2a:c0:16:02:c4:5c:fc:96:99:5e:37:26:46:67:ba:94:b6:c1:61:74:91:ee:b6:bf:18:06:d2:aa:47:91:67:e9:7b:d0:24:8d:be:6b:c0:d1:fd:4f:ca:b3:64:2e:b2:b7:02:21:eb:a6:4b:82:7c:65:49:29:3e:da:99:fb:22:89:8f:44:08:47:8a:5c:c6:a7:c3:ad:1e:22:9d:73:f0:78:94:c2:1f:df:87:74:57:09:22:06:84:73:95:f6:9b:c0:14:70:20:5f:a4:7d:21:c7:90:58:d7:44:ef:6d:19:84:2b:0c:80:bc:bb:67:ed:4c:0a:aa:37:2e:44:ce:9c:2f:1c:fd:b9:2d:c8:57:f9:13" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.855012000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.855012000", + "frame.time_delta": "0.060228000", + "frame.time_delta_displayed": "0.060228000", + "frame.time_relative": "907.394326000", + "frame.number": "3568", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cf1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000388e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "11005", + "tcp.ack": "49644", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000036d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:71:76:00:26:13:5c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812178806, TSecr 2495324": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812178806", + "tcp.options.timestamp.tsecr": "2495324" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3567", + "tcp.analysis.ack_rtt": "0.060228000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.855894000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.855894000", + "frame.time_delta": "0.000882000", + "frame.time_delta_displayed": "0.000882000", + "frame.time_relative": "907.395208000", + "frame.number": "3569", + "frame.len": "151", + "frame.cap_len": "151", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "137", + "ip.id": "0x00002cf2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003838", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "85", + "tcp.seq": "11005", + "tcp.nxtseq": "11090", + "tcp.ack": "49644", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005fb0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:71:76:00:26:13:5c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812178806, TSecr 2495324": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812178806", + "tcp.options.timestamp.tsecr": "2495324" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "85", + "tcp.analysis.push_bytes_sent": "85" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "80", + "ssl.app_data": "34:cd:34:17:47:48:0e:77:48:a5:9a:2b:75:1a:30:1e:1f:cc:38:4e:8b:56:0a:69:74:9c:2f:90:f6:17:a7:97:23:81:2e:19:e5:9d:ce:b3:34:85:cc:18:78:fa:77:94:13:3f:4a:e2:b6:10:f8:d9:96:c5:59:46:bd:a3:7b:c3:70:7b:9c:6d:64:63:b9:19:c2:16:ea:24:a9:98:9c:36" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.862431000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.862431000", + "frame.time_delta": "0.006537000", + "frame.time_delta_displayed": "0.006537000", + "frame.time_relative": "907.401745000", + "frame.number": "3570", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x000095eb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007765", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "49644", + "tcp.nxtseq": "49691", + "tcp.ack": "11090", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000062b4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:13:63:a7:9e:71:76", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2495331, TSecr 2812178806": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2495331", + "tcp.options.timestamp.tsecr": "2812178806" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3569", + "tcp.analysis.ack_rtt": "0.006537000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:a9:0d:48:71:6c:b8:5d:83:08:06:66:25:f9:2f:86:68:63:4a:b4:05:c9:bd:e3:1d:75:02:30:14:e5:a5:a6:52:ff:c0:34" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.874251000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.874251000", + "frame.time_delta": "0.011820000", + "frame.time_delta_displayed": "0.011820000", + "frame.time_relative": "907.413565000", + "frame.number": "3571", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x000055e0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000061a6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "3553", + "tcp.port": "39500", + "tcp.port": "3553", + "tcp.stream": "143", + "tcp.len": "38", + "tcp.seq": "1", + "tcp.nxtseq": "39", + "tcp.ack": "338", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00002625", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002285000", + "tcp.analysis.bytes_in_flight": "38", + "tcp.analysis.push_bytes_sent": "38" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.876091000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.876091000", + "frame.time_delta": "0.001840000", + "frame.time_delta_displayed": "0.001840000", + "frame.time_relative": "907.415405000", + "frame.number": "3572", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d10b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e6a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "3553", + "tcp.dstport": "39500", + "tcp.port": "3553", + "tcp.port": "39500", + "tcp.stream": "143", + "tcp.len": "0", + "tcp.seq": "338", + "tcp.ack": "39", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00000f12", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3571", + "tcp.analysis.ack_rtt": "0.001840000", + "tcp.analysis.initial_rtt": "0.002285000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.876939000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.876939000", + "frame.time_delta": "0.000848000", + "frame.time_delta_displayed": "0.000848000", + "frame.time_relative": "907.416253000", + "frame.number": "3573", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d10c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e69f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "3553", + "tcp.dstport": "39500", + "tcp.port": "3553", + "tcp.port": "39500", + "tcp.stream": "143", + "tcp.len": "0", + "tcp.seq": "338", + "tcp.ack": "39", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00000f11", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.877568000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.877568000", + "frame.time_delta": "0.000629000", + "frame.time_delta_displayed": "0.000629000", + "frame.time_relative": "907.416882000", + "frame.number": "3574", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000055e1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000061cb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "3553", + "tcp.port": "39500", + "tcp.port": "3553", + "tcp.stream": "143", + "tcp.len": "0", + "tcp.seq": "39", + "tcp.ack": "339", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00001972", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3573", + "tcp.analysis.ack_rtt": "0.000629000", + "tcp.analysis.initial_rtt": "0.002285000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.879251000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.879251000", + "frame.time_delta": "0.001683000", + "frame.time_delta_displayed": "0.001683000", + "frame.time_relative": "907.418565000", + "frame.number": "3575", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d10d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e69e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "3553", + "tcp.dstport": "39500", + "tcp.port": "3553", + "tcp.port": "39500", + "tcp.stream": "143", + "tcp.len": "0", + "tcp.seq": "339", + "tcp.ack": "40", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00000f10", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3574", + "tcp.analysis.ack_rtt": "0.001683000", + "tcp.analysis.initial_rtt": "0.002285000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.923184000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.923184000", + "frame.time_delta": "0.043933000", + "frame.time_delta_displayed": "0.043933000", + "frame.time_relative": "907.462498000", + "frame.number": "3576", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002cf3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000385d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "11090", + "tcp.nxtseq": "11137", + "tcp.ack": "49691", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000009d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:71:87:00:26:13:63", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812178823, TSecr 2495331": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812178823", + "tcp.options.timestamp.tsecr": "2495331" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3570", + "tcp.analysis.ack_rtt": "0.060753000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:78:06:82:d0:71:1b:42:42:54:b2:10:62:7e:0a:69:30:e0:94:0e:f7:92:be:ff:98:b1:be:6a:81:56:80:e1:7f:9e:f7:55" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:38.923678000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494498.923678000", + "frame.time_delta": "0.000494000", + "frame.time_delta_displayed": "0.000494000", + "frame.time_relative": "907.462992000", + "frame.number": "3577", + "frame.len": "145", + "frame.cap_len": "145", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "131", + "ip.id": "0x000095ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007744", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "79", + "tcp.seq": "49691", + "tcp.nxtseq": "49770", + "tcp.ack": "11137", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003dba", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:13:69:a7:9e:71:87", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2495337, TSecr 2812178823": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2495337", + "tcp.options.timestamp.tsecr": "2812178823" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3576", + "tcp.analysis.ack_rtt": "0.000494000", + "tcp.analysis.bytes_in_flight": "79", + "tcp.analysis.push_bytes_sent": "79" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "74", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:aa:c2:cf:28:76:f4:ff:a5:94:7d:ec:c1:21:eb:55:9e:fa:95:d3:4c:31:d9:df:ce:c6:ab:d0:29:80:79:fb:41:e8:09:ce:21:60:20:95:02:63:2f:8c:fb:05:b0:0c:4e:e8:d6:14:d7:bd:75:1f:db:14:9f:ec:42:8f:e9:71:4f:dd:e2:93" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:39.018541000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494499.018541000", + "frame.time_delta": "0.094863000", + "frame.time_delta_displayed": "0.094863000", + "frame.time_relative": "907.557855000", + "frame.number": "3578", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000084ce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000327d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "305", + "udp.checksum": "0x0000fe37", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "3535" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:39.022385000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494499.022385000", + "frame.time_delta": "0.003844000", + "frame.time_delta_displayed": "0.003844000", + "frame.time_relative": "907.561699000", + "frame.number": "3579", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cf4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000388b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "11137", + "tcp.ack": "49770", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003598", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:71:a0:00:26:13:69", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812178848, TSecr 2495337": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812178848", + "tcp.options.timestamp.tsecr": "2495337" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3577", + "tcp.analysis.ack_rtt": "0.098707000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:39.022876000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494499.022876000", + "frame.time_delta": "0.000491000", + "frame.time_delta_displayed": "0.000491000", + "frame.time_relative": "907.562190000", + "frame.number": "3580", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x000095ed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007761", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "49770", + "tcp.nxtseq": "49819", + "tcp.ack": "11137", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a89a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:13:73:a7:9e:71:a0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2495347, TSecr 2812178848": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2495347", + "tcp.options.timestamp.tsecr": "2812178848" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:ab:a4:5d:49:04:d4:d3:8d:84:ac:30:78:f6:f2:61:5f:3b:70:54:56:42:a2:47:ed:1f:67:f6:13:23:2c:4f:52:7e:58:00:3c:7a" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:39.071362000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494499.071362000", + "frame.time_delta": "0.048486000", + "frame.time_delta_displayed": "0.048486000", + "frame.time_relative": "907.610676000", + "frame.number": "3581", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000084cf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003273", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "314", + "udp.checksum": "0x00000c23", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "3578" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:39.083381000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494499.083381000", + "frame.time_delta": "0.012019000", + "frame.time_delta_displayed": "0.012019000", + "frame.time_relative": "907.622695000", + "frame.number": "3582", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cf5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000388a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "11137", + "tcp.ack": "49819", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000354e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:71:af:00:26:13:73", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812178863, TSecr 2495347": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812178863", + "tcp.options.timestamp.tsecr": "2495347" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3580", + "tcp.analysis.ack_rtt": "0.060505000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:39.124175000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494499.124175000", + "frame.time_delta": "0.040794000", + "frame.time_delta_displayed": "0.040794000", + "frame.time_relative": "907.663489000", + "frame.number": "3583", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000084d3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003275", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "308", + "udp.checksum": "0x00002fad", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "3581" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:39.684780000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494499.684780000", + "frame.time_delta": "0.560605000", + "frame.time_delta_displayed": "0.560605000", + "frame.time_relative": "908.224094000", + "frame.number": "3584", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020f5", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e71f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50915", + "udp.dstport": "1900", + "udp.port": "50915", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x0000837a", + "udp.checksum.status": "2", + "udp.stream": "94" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "3552" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:39.850173000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494499.850173000", + "frame.time_delta": "0.165393000", + "frame.time_delta_displayed": "0.165393000", + "frame.time_relative": "908.389487000", + "frame.number": "3585", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:39.850589000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494499.850589000", + "frame.time_delta": "0.000416000", + "frame.time_delta_displayed": "0.000416000", + "frame.time_relative": "908.389903000", + "frame.number": "3586", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:40.070866000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494500.070866000", + "frame.time_delta": "0.220277000", + "frame.time_delta_displayed": "0.220277000", + "frame.time_relative": "908.610180000", + "frame.number": "3587", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000084fb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003250", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "305", + "udp.checksum": "0x0000fe37", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "3583" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:40.123683000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494500.123683000", + "frame.time_delta": "0.052817000", + "frame.time_delta_displayed": "0.052817000", + "frame.time_relative": "908.662997000", + "frame.number": "3588", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000084fd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003245", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "314", + "udp.checksum": "0x00000c23", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "3587" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:40.176552000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494500.176552000", + "frame.time_delta": "0.052869000", + "frame.time_delta_displayed": "0.052869000", + "frame.time_relative": "908.715866000", + "frame.number": "3589", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00008502", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003246", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "308", + "udp.checksum": "0x00002fad", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "3588" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:40.209159000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494500.209159000", + "frame.time_delta": "0.032607000", + "frame.time_delta_displayed": "0.032607000", + "frame.time_relative": "908.748473000", + "frame.number": "3590", + "frame.len": "134", + "frame.cap_len": "134", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:adwin_config" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "120", + "ip.id": "0x00000ac4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edc8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "100", + "udp.checksum": "0x0000e7d4", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "adwin_config": { + "adwin_config.pattern": "0x5c000054", + "adwin_config.version": "1112689490", + "adwin_config.scan_id": "0xd073d502", + "adwin_config.status": "0x41da0000", + "adwin_config.timeout": "1279870552", + "adwin_config.filename": "V2", + "adwin_config.mac": "fc:de:8e:3a:f3:96", + "adwin_config.unused": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:40.387118000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494500.387118000", + "frame.time_delta": "0.177959000", + "frame.time_delta_displayed": "0.177959000", + "frame.time_relative": "908.926432000", + "frame.number": "3591", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00008510", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000323b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "305", + "udp.checksum": "0x0000fe37", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "3589" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:40.439933000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494500.439933000", + "frame.time_delta": "0.052815000", + "frame.time_delta_displayed": "0.052815000", + "frame.time_relative": "908.979247000", + "frame.number": "3592", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00008514", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000322e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "314", + "udp.checksum": "0x00000c23", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "3591" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:40.492677000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494500.492677000", + "frame.time_delta": "0.052744000", + "frame.time_delta_displayed": "0.052744000", + "frame.time_relative": "909.031991000", + "frame.number": "3593", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00008515", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003233", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "308", + "udp.checksum": "0x00002fad", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "3592" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:41.439808000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494501.439808000", + "frame.time_delta": "0.947131000", + "frame.time_delta_displayed": "0.947131000", + "frame.time_relative": "909.979122000", + "frame.number": "3594", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00008550", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000031fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "305", + "udp.checksum": "0x0000fe37", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "3593" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:41.492591000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494501.492591000", + "frame.time_delta": "0.052783000", + "frame.time_delta_displayed": "0.052783000", + "frame.time_relative": "910.031905000", + "frame.number": "3595", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00008555", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000031ed", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "314", + "udp.checksum": "0x00000c23", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "3594" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:41.545415000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494501.545415000", + "frame.time_delta": "0.052824000", + "frame.time_delta_displayed": "0.052824000", + "frame.time_relative": "910.084729000", + "frame.number": "3596", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00008559", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000031ef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "308", + "udp.checksum": "0x00002fad", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "3595" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:42.123723000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494502.123723000", + "frame.time_delta": "0.578308000", + "frame.time_delta_displayed": "0.578308000", + "frame.time_relative": "910.663037000", + "frame.number": "3597", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000856a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000031e1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "305", + "udp.checksum": "0x0000fe37", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "3596" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:42.176478000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494502.176478000", + "frame.time_delta": "0.052755000", + "frame.time_delta_displayed": "0.052755000", + "frame.time_relative": "910.715792000", + "frame.number": "3598", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000856e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000031d4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "314", + "udp.checksum": "0x00000c23", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "3597" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:42.229279000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494502.229279000", + "frame.time_delta": "0.052801000", + "frame.time_delta_displayed": "0.052801000", + "frame.time_relative": "910.768593000", + "frame.number": "3599", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00008572", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000031d6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "308", + "udp.checksum": "0x00002fad", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "3598" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:43.176226000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494503.176226000", + "frame.time_delta": "0.946947000", + "frame.time_delta_displayed": "0.946947000", + "frame.time_relative": "911.715540000", + "frame.number": "3600", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000858e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000031bd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "305", + "udp.checksum": "0x0000fe37", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "3599" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:43.228956000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494503.228956000", + "frame.time_delta": "0.052730000", + "frame.time_delta_displayed": "0.052730000", + "frame.time_relative": "911.768270000", + "frame.number": "3601", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000858f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000031b3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "314", + "udp.checksum": "0x00000c23", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "3600" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:43.281735000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494503.281735000", + "frame.time_delta": "0.052779000", + "frame.time_delta_displayed": "0.052779000", + "frame.time_relative": "911.821049000", + "frame.number": "3602", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00008590", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000031b8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50915", + "udp.port": "1900", + "udp.port": "50915", + "udp.length": "308", + "udp.checksum": "0x00002fad", + "udp.checksum.status": "2", + "udp.stream": "95" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "3601" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:43.792871000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494503.792871000", + "frame.time_delta": "0.511136000", + "frame.time_delta_displayed": "0.511136000", + "frame.time_relative": "912.332185000", + "frame.number": "3603", + "frame.len": "318", + "frame.cap_len": "318", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "304", + "ip.id": "0x0000916f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "46", + "ip.proto": "6", + "ip.checksum": "0x000085ae", + "ip.checksum.status": "2", + "ip.src": "52.9.63.129", + "ip.addr": "52.9.63.129", + "ip.src_host": "52.9.63.129", + "ip.host": "52.9.63.129", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49768", + "tcp.port": "80", + "tcp.port": "49768", + "tcp.stream": "107", + "tcp.len": "264", + "tcp.seq": "1", + "tcp.nxtseq": "265", + "tcp.ack": "258", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "15544", + "tcp.window_size": "15544", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00006b70", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018000000", + "tcp.analysis.bytes_in_flight": "264", + "tcp.analysis.push_bytes_sent": "264" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.date": "Wed, 01 Nov 2017 00:01:43 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:01:43 GMT\r\n", + "http.content_type": "text\/javascript; charset=\"UTF-8\"", + "http.response.line": "Content-Type: text\/javascript; charset=\"UTF-8\"\r\n", + "http.content_length_header": "24", + "http.content_length_header_tree": { + "http.content_length": "24" + }, + "http.response.line": "Content-Length: 24\r\n", + "http.connection": "keep-alive", + "http.response.line": "Connection: keep-alive\r\n", + "http.cache_control": "no-cache", + "http.response.line": "Cache-Control: no-cache\r\n", + "http.response.line": "Access-Control-Allow-Origin: *\r\n", + "http.response.line": "Access-Control-Allow-Methods: GET\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "280.029376000", + "http.request_in": "2217", + "http.file_data": "[[],\"15094933571306917\"]" + }, + "data-text-lines": { + "[[],\"15094933571306917\"]": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:43.826331000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494503.826331000", + "frame.time_delta": "0.033460000", + "frame.time_delta_displayed": "0.033460000", + "frame.time_relative": "912.365645000", + "frame.number": "3604", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000101f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x00007706", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "52.9.63.129", + "ip.addr": "52.9.63.129", + "ip.dst_host": "52.9.63.129", + "ip.host": "52.9.63.129", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49768", + "tcp.dstport": "80", + "tcp.port": "49768", + "tcp.port": "80", + "tcp.stream": "107", + "tcp.len": "0", + "tcp.seq": "258", + "tcp.ack": "265", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5336", + "tcp.window_size": "5336", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008257", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3603", + "tcp.analysis.ack_rtt": "0.033460000", + "tcp.analysis.initial_rtt": "0.018000000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:43.838653000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494503.838653000", + "frame.time_delta": "0.012322000", + "frame.time_delta_displayed": "0.012322000", + "frame.time_relative": "912.377967000", + "frame.number": "3605", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009170", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "46", + "ip.proto": "6", + "ip.checksum": "0x000086b5", + "ip.checksum.status": "2", + "ip.src": "52.9.63.129", + "ip.addr": "52.9.63.129", + "ip.src_host": "52.9.63.129", + "ip.host": "52.9.63.129", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49768", + "tcp.port": "80", + "tcp.port": "49768", + "tcp.stream": "107", + "tcp.len": "0", + "tcp.seq": "265", + "tcp.ack": "259", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "15544", + "tcp.window_size": "15544", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00005a76", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3604", + "tcp.analysis.ack_rtt": "0.012322000", + "tcp.analysis.initial_rtt": "0.018000000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:43.844475000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494503.844475000", + "frame.time_delta": "0.005822000", + "frame.time_delta_displayed": "0.005822000", + "frame.time_relative": "912.383789000", + "frame.number": "3606", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001020", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x00007705", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "52.9.63.129", + "ip.addr": "52.9.63.129", + "ip.dst_host": "52.9.63.129", + "ip.host": "52.9.63.129", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49768", + "tcp.dstport": "80", + "tcp.port": "49768", + "tcp.port": "80", + "tcp.stream": "107", + "tcp.len": "0", + "tcp.seq": "259", + "tcp.ack": "266", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5335", + "tcp.window_size": "5335", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008257", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3605", + "tcp.analysis.ack_rtt": "0.005822000", + "tcp.analysis.initial_rtt": "0.018000000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:44.833006000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494504.833006000", + "frame.time_delta": "0.988531000", + "frame.time_delta_displayed": "0.988531000", + "frame.time_relative": "913.372320000", + "frame.number": "3607", + "frame.len": "77", + "frame.cap_len": "77", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "63", + "ip.id": "0x00001021", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000029c3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49153", + "udp.dstport": "53", + "udp.port": "49153", + "udp.port": "53", + "udp.length": "43", + "udp.checksum": "0x0000ae31", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "pubsub.pubnub.com: type A, class IN": { + "dns.qry.name": "pubsub.pubnub.com", + "dns.qry.name.len": "17", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:44.834637000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494504.834637000", + "frame.time_delta": "0.001631000", + "frame.time_delta_displayed": "0.001631000", + "frame.time_relative": "913.373951000", + "frame.number": "3608", + "frame.len": "540", + "frame.cap_len": "540", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "526", + "ip.id": "0x00007a18", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003cfd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49153", + "udp.port": "53", + "udp.port": "49153", + "udp.length": "506", + "udp.checksum": "0x000083d5", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.response_to": "3607", + "dns.time": "0.001631000", + "dns.id": "0x00000000", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "2", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "11", + "Queries": { + "pubsub.pubnub.com: type A, class IN": { + "dns.qry.name": "pubsub.pubnub.com", + "dns.qry.name.len": "17", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "pubsub.pubnub.com: type A, class IN, addr 54.241.191.234": { + "dns.resp.name": "pubsub.pubnub.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "47", + "dns.resp.len": "4", + "dns.a": "54.241.191.234" + }, + "pubsub.pubnub.com: type A, class IN, addr 52.9.63.129": { + "dns.resp.name": "pubsub.pubnub.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "47", + "dns.resp.len": "4", + "dns.a": "52.9.63.129" + } + }, + "Authoritative nameservers": { + "pubnub.com: type NS, class IN, ns ns-22.awsdns-02.com": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53055", + "dns.resp.len": "18", + "dns.ns": "ns-22.awsdns-02.com" + }, + "pubnub.com: type NS, class IN, ns ns2.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53055", + "dns.resp.len": "20", + "dns.ns": "ns2.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns3.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53055", + "dns.resp.len": "6", + "dns.ns": "ns3.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns-1127.awsdns-12.org": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53055", + "dns.resp.len": "23", + "dns.ns": "ns-1127.awsdns-12.org" + }, + "pubnub.com: type NS, class IN, ns ns-1979.awsdns-55.co.uk": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53055", + "dns.resp.len": "25", + "dns.ns": "ns-1979.awsdns-55.co.uk" + }, + "pubnub.com: type NS, class IN, ns ns-907.awsdns-49.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53055", + "dns.resp.len": "19", + "dns.ns": "ns-907.awsdns-49.net" + }, + "pubnub.com: type NS, class IN, ns ns4.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53055", + "dns.resp.len": "6", + "dns.ns": "ns4.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns1.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53055", + "dns.resp.len": "6", + "dns.ns": "ns1.p19.dynect.net" + } + }, + "Additional records": { + "ns1.p19.dynect.net: type A, class IN, addr 208.78.70.19": { + "dns.resp.name": "ns1.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5346", + "dns.resp.len": "4", + "dns.a": "208.78.70.19" + }, + "ns2.p19.dynect.net: type A, class IN, addr 204.13.250.19": { + "dns.resp.name": "ns2.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57306", + "dns.resp.len": "4", + "dns.a": "204.13.250.19" + }, + "ns3.p19.dynect.net: type A, class IN, addr 208.78.71.19": { + "dns.resp.name": "ns3.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3616", + "dns.resp.len": "4", + "dns.a": "208.78.71.19" + }, + "ns4.p19.dynect.net: type A, class IN, addr 204.13.251.19": { + "dns.resp.name": "ns4.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57307", + "dns.resp.len": "4", + "dns.a": "204.13.251.19" + }, + "ns-22.awsdns-02.com: type A, class IN, addr 205.251.192.22": { + "dns.resp.name": "ns-22.awsdns-02.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58048", + "dns.resp.len": "4", + "dns.a": "205.251.192.22" + }, + "ns-907.awsdns-49.net: type A, class IN, addr 205.251.195.139": { + "dns.resp.name": "ns-907.awsdns-49.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58156", + "dns.resp.len": "4", + "dns.a": "205.251.195.139" + }, + "ns-1127.awsdns-12.org: type A, class IN, addr 205.251.196.103": { + "dns.resp.name": "ns-1127.awsdns-12.org", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57698", + "dns.resp.len": "4", + "dns.a": "205.251.196.103" + }, + "ns-1979.awsdns-55.co.uk: type A, class IN, addr 205.251.199.187": { + "dns.resp.name": "ns-1979.awsdns-55.co.uk", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57499", + "dns.resp.len": "4", + "dns.a": "205.251.199.187" + }, + "ns-22.awsdns-02.com: type AAAA, class IN, addr 2600:9000:5300:1600::1": { + "dns.resp.name": "ns-22.awsdns-02.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58048", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5300:1600::1" + }, + "ns-907.awsdns-49.net: type AAAA, class IN, addr 2600:9000:5303:8b00::1": { + "dns.resp.name": "ns-907.awsdns-49.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58156", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5303:8b00::1" + }, + "ns-1127.awsdns-12.org: type AAAA, class IN, addr 2600:9000:5304:6700::1": { + "dns.resp.name": "ns-1127.awsdns-12.org", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57698", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5304:6700::1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:44.840863000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494504.840863000", + "frame.time_delta": "0.006226000", + "frame.time_delta_displayed": "0.006226000", + "frame.time_relative": "913.380177000", + "frame.number": "3609", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00001022", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f3ad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.234", + "ip.addr": "54.241.191.234", + "ip.dst_host": "54.241.191.234", + "ip.host": "54.241.191.234", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49769", + "tcp.dstport": "80", + "tcp.port": "49769", + "tcp.port": "80", + "tcp.stream": "144", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.checksum": "0x000029e4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:78", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1400" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:44.852837000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494504.852837000", + "frame.time_delta": "0.011974000", + "frame.time_delta_displayed": "0.011974000", + "frame.time_relative": "913.392151000", + "frame.number": "3610", + "frame.len": "58", + "frame.cap_len": "58", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x000093d0", + "ip.checksum.status": "2", + "ip.src": "54.241.191.234", + "ip.addr": "54.241.191.234", + "ip.src_host": "54.241.191.234", + "ip.host": "54.241.191.234", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49769", + "tcp.port": "80", + "tcp.port": "49769", + "tcp.stream": "144", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000b30d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3609", + "tcp.analysis.ack_rtt": "0.011974000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:44.858959000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494504.858959000", + "frame.time_delta": "0.006122000", + "frame.time_delta_displayed": "0.006122000", + "frame.time_relative": "913.398273000", + "frame.number": "3611", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001023", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f3b0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.234", + "ip.addr": "54.241.191.234", + "ip.dst_host": "54.241.191.234", + "ip.host": "54.241.191.234", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49769", + "tcp.dstport": "80", + "tcp.port": "49769", + "tcp.port": "80", + "tcp.stream": "144", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000026fb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3610", + "tcp.analysis.ack_rtt": "0.006122000", + "tcp.analysis.initial_rtt": "0.018096000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:44.878062000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494504.878062000", + "frame.time_delta": "0.019103000", + "frame.time_delta_displayed": "0.019103000", + "frame.time_relative": "913.417376000", + "frame.number": "3612", + "frame.len": "69", + "frame.cap_len": "69", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "55", + "ip.id": "0x00001024", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f3a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.234", + "ip.addr": "54.241.191.234", + "ip.dst_host": "54.241.191.234", + "ip.host": "54.241.191.234", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49769", + "tcp.dstport": "80", + "tcp.port": "49769", + "tcp.port": "80", + "tcp.stream": "144", + "tcp.len": "15", + "tcp.seq": "1", + "tcp.nxtseq": "16", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00006f76", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018096000", + "tcp.analysis.bytes_in_flight": "15", + "tcp.analysis.push_bytes_sent": "15" + }, + "tcp.segment_data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:44.889545000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494504.889545000", + "frame.time_delta": "0.011483000", + "frame.time_delta_displayed": "0.011483000", + "frame.time_relative": "913.428859000", + "frame.number": "3613", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000c1e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x000087b6", + "ip.checksum.status": "2", + "ip.src": "54.241.191.234", + "ip.addr": "54.241.191.234", + "ip.src_host": "54.241.191.234", + "ip.host": "54.241.191.234", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49769", + "tcp.port": "80", + "tcp.port": "49769", + "tcp.stream": "144", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "16", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000cabb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3612", + "tcp.analysis.ack_rtt": "0.011483000", + "tcp.analysis.initial_rtt": "0.018096000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:44.894646000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494504.894646000", + "frame.time_delta": "0.005101000", + "frame.time_delta_displayed": "0.005101000", + "frame.time_relative": "913.433960000", + "frame.number": "3614", + "frame.len": "296", + "frame.cap_len": "296", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "282", + "ip.id": "0x00001025", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f2bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.234", + "ip.addr": "54.241.191.234", + "ip.dst_host": "54.241.191.234", + "ip.host": "54.241.191.234", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49769", + "tcp.dstport": "80", + "tcp.port": "49769", + "tcp.port": "80", + "tcp.stream": "144", + "tcp.len": "242", + "tcp.seq": "16", + "tcp.nxtseq": "258", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000b508", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018096000", + "tcp.analysis.bytes_in_flight": "242", + "tcp.analysis.push_bytes_sent": "242" + }, + "tcp.segment_data": "73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:33:33:35:37:31:33:30:36:39:31:37:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" + }, + "tcp.segments": { + "tcp.segment": "3612", + "tcp.segment": "3614", + "tcp.segment.count": "2", + "tcp.reassembled.length": "257", + "tcp.reassembled.data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f:73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:33:33:35:37:31:33:30:36:39:31:37:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" + }, + "http": { + "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917 HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917 HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "pubsub.pubnub.com", + "http.request.line": "Host: pubsub.pubnub.com\r\n", + "http.user_agent": "lwsockets\/0.1", + "http.request.line": "User-Agent: lwsockets\/0.1\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.cache_control": "no-cache, no-store, max-age=0", + "http.request.line": "Cache-Control: no-cache, no-store, max-age=0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/pubsub.pubnub.com\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:44.906967000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494504.906967000", + "frame.time_delta": "0.012321000", + "frame.time_delta_displayed": "0.012321000", + "frame.time_relative": "913.446281000", + "frame.number": "3615", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000c1f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x000087b5", + "ip.checksum.status": "2", + "ip.src": "54.241.191.234", + "ip.addr": "54.241.191.234", + "ip.src_host": "54.241.191.234", + "ip.host": "54.241.191.234", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49769", + "tcp.port": "80", + "tcp.port": "49769", + "tcp.stream": "144", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "258", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30016", + "tcp.window_size": "30016", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000c699", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3614", + "tcp.analysis.ack_rtt": "0.012321000", + "tcp.analysis.initial_rtt": "0.018096000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.031124000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.031124000", + "frame.time_delta": "0.124157000", + "frame.time_delta_displayed": "0.124157000", + "frame.time_relative": "913.570438000", + "frame.number": "3616", + "frame.len": "621", + "frame.cap_len": "621", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "607", + "ip.id": "0x00002cf6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000365e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "555", + "tcp.seq": "11137", + "tcp.nxtseq": "11692", + "tcp.ack": "49819", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003293", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:77:7e:00:26:13:73", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812180350, TSecr 2495347": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812180350", + "tcp.options.timestamp.tsecr": "2495347" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "555", + "tcp.analysis.push_bytes_sent": "555" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "550", + "ssl.app_data": "34:cd:34:17:47:48:0e:79:78:22:df:38:b9:21:f2:5e:05:51:65:fa:c1:84:ae:5e:3b:54:b4:a8:87:44:f6:e6:6b:34:14:cc:2a:ba:08:d4:d2:8d:3a:74:ab:54:83:18:c0:2a:78:2c:41:58:b1:a2:58:6b:dc:c0:f6:65:d6:ee:4a:1b:be:30:e2:f0:f2:c1:71:13:e0:da:f1:6a:c8:ba:63:6d:76:06:76:4f:72:16:82:65:9a:b4:38:92:6d:74:62:5c:d7:84:40:9b:5a:10:74:b9:aa:6f:4e:2f:0c:85:46:51:0c:71:ea:a4:90:cb:c8:e3:ef:ae:2c:d3:93:67:3a:2d:1b:c0:db:5d:40:3d:2d:1c:f7:41:15:81:c1:ef:ac:b4:5a:57:5a:c7:1e:f2:c7:0d:6a:ab:e6:fa:fd:45:34:a6:5d:1c:78:a9:a9:d0:a8:19:87:be:77:78:d9:e8:7a:ea:44:42:79:37:2a:79:2e:5a:fc:7c:fa:15:14:f8:ee:a2:3b:6c:2f:30:a1:78:c0:01:50:67:f2:c7:e1:4c:01:70:3a:47:e4:f8:95:8f:23:4c:35:ff:e4:ba:48:05:2a:73:73:ad:3f:0f:79:5f:6e:e1:66:77:ec:5d:e9:58:00:39:3b:95:d9:15:46:66:e7:b5:43:5f:c0:2c:4f:0c:a3:f9:54:b4:93:46:3b:37:64:04:63:25:3e:1e:31:b6:7d:da:01:de:5a:45:6d:38:6c:08:4e:f7:61:bc:fe:5f:a5:24:44:f5:da:87:ce:eb:bf:ab:71:61:0e:fb:aa:9d:49:2e:c3:74:98:a7:e0:ab:ca:75:5a:8f:85:57:f2:78:04:3b:34:15:a1:42:78:b8:37:31:df:5e:cf:d6:36:ba:4b:14:8a:74:a3:9d:8a:1d:5f:a6:f0:bf:15:a3:07:6c:40:9a:94:60:5d:4e:2d:e3:92:fe:d9:82:d4:f6:aa:b9:70:c1:4a:f6:41:cf:2e:9e:86:75:eb:0e:d5:1c:ba:4c:54:cc:20:e0:85:1e:aa:50:cc:07:a6:df:db:55:28:75:15:b6:e1:b5:2a:7e:d2:33:57:04:21:51:a1:26:9a:85:31:3d:4f:c0:7f:f6:ac:55:c0:e1:03:1f:24:c7:7d:74:42:e2:a4:22:d8:3a:93:da:4e:a3:b8:73:6d:7d:1f:68:66:23:4d:10:d0:cb:c7:e4:cd:41:c4:e8:7f:38:85:ce:ad:10:9e:85:82:a5:7f:c4:a2:ac:8c:2a:95:11:a7:74:f5:0f:18:f3:21:02:78:7e:d5:84:2a:92:e9:c3:24:34:4e:aa:b2:2e:be:c0:36:53:aa:f4:91:c4:96:08:a2:70:0e:fd:f3:93:73:ae:02:47:80:7c:13:58:7f:17:3f:47:60:86:84:03:43:d5:b3:83:9c:3d:c2:61:3d:23:bf:6b:84:31:12:f6:8e:d9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.070947000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.070947000", + "frame.time_delta": "0.039823000", + "frame.time_delta_displayed": "0.039823000", + "frame.time_relative": "913.610261000", + "frame.number": "3617", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000095ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007791", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "49819", + "tcp.ack": "11692", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002a08", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:15:d0:a7:9e:77:7e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2495952, TSecr 2812180350": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2495952", + "tcp.options.timestamp.tsecr": "2812180350" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3616", + "tcp.analysis.ack_rtt": "0.039823000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.076987000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.076987000", + "frame.time_delta": "0.006040000", + "frame.time_delta_displayed": "0.006040000", + "frame.time_relative": "913.616301000", + "frame.number": "3618", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x000095ef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000775b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "49819", + "tcp.nxtseq": "49872", + "tcp.ack": "11692", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006c66", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:15:d0:a7:9e:77:7e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2495952, TSecr 2812180350": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2495952", + "tcp.options.timestamp.tsecr": "2812180350" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:ac:b7:0b:36:4d:7d:d1:cb:65:f8:9b:2b:67:c9:b8:d9:2a:1e:9a:7d:79:64:c7:96:fb:c5:cf:75:41:a6:3a:0c:4b:19:c6:3f:6d:85:a2:e2:50" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.079772000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.079772000", + "frame.time_delta": "0.002785000", + "frame.time_delta_displayed": "0.002785000", + "frame.time_relative": "913.619086000", + "frame.number": "3619", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00004dab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006a8d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36175", + "tcp.dstport": "49154", + "tcp.port": "36175", + "tcp.port": "49154", + "tcp.stream": "145", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 49154", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x000041d4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:26:15:d0:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 2495952, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2495952", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.082741000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.082741000", + "frame.time_delta": "0.002969000", + "frame.time_delta_displayed": "0.002969000", + "frame.time_relative": "913.622055000", + "frame.number": "3620", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b840", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36175", + "tcp.port": "49154", + "tcp.port": "36175", + "tcp.stream": "145", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 49154", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5840", + "tcp.window_size": "5840", + "tcp.checksum": "0x0000b182", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 1 (multiply by 2)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "1", + "tcp.options.wscale.multiplier": "2" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3619", + "tcp.analysis.ack_rtt": "0.002969000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.083214000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.083214000", + "frame.time_delta": "0.000473000", + "frame.time_delta_displayed": "0.000473000", + "frame.time_relative": "913.622528000", + "frame.number": "3621", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004dac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006aa0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36175", + "tcp.dstport": "49154", + "tcp.port": "36175", + "tcp.port": "49154", + "tcp.stream": "145", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000083a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3620", + "tcp.analysis.ack_rtt": "0.000473000", + "tcp.analysis.initial_rtt": "0.003442000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.094173000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.094173000", + "frame.time_delta": "0.010959000", + "frame.time_delta_displayed": "0.010959000", + "frame.time_relative": "913.633487000", + "frame.number": "3622", + "frame.len": "557", + "frame.cap_len": "557", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "543", + "ip.id": "0x00004dad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000068a8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36175", + "tcp.dstport": "49154", + "tcp.port": "36175", + "tcp.port": "49154", + "tcp.stream": "145", + "tcp.len": "503", + "tcp.seq": "1", + "tcp.nxtseq": "504", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00004041", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003442000", + "tcp.analysis.bytes_in_flight": "503", + "tcp.analysis.push_bytes_sent": "503" + } + }, + "http": { + "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/upnp\/control\/basicevent1", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "SOAPAction: \"urn:Belkin:service:basicevent:1#SetBinaryState\"\n", + "http.host": "192.168.0.65:49154", + "http.request.line": "Host: 192.168.0.65:49154\n", + "http.content_type": "text\/xml", + "http.request.line": "Content-Type: text\/xml\n", + "http.content_length_header": "333", + "http.content_length_header_tree": { + "http.content_length": "333" + }, + "http.request.line": "Content-Length: 333\n", + "\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.65:49154\/upnp\/control\/basicevent1", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "<?xml version=\"1.0\"?>\n<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">\n<SOAP-ENV:Body>\n <m:SetBinaryState xmlns:m=\"urn:Belkin:service:basicevent:1\">\n<BinaryState>1<\/BinaryState>\n <\/m:SetBinaryState>\n<\/SOAP-ENV:Body>\n<\/SOAP-ENV:Envelope>" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\"?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "?>": "" + }, + "xml.tag": "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", + "xml.attribute": "SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", + "xml.tag": "<SOAP-ENV:Body>", + "xml.tag_tree": { + "xml.tag": "<m:SetBinaryState xmlns:m=\"urn:Belkin:service:basicevent:1\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:m=\"urn:Belkin:service:basicevent:1\"", + "xml.tag": "<BinaryState>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/BinaryState>": "" + }, + "<\/m:SetBinaryState>": "" + }, + "<\/SOAP-ENV:Body>": "" + }, + "<\/SOAP-ENV:Envelope>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.095744000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.095744000", + "frame.time_delta": "0.001571000", + "frame.time_delta_displayed": "0.001571000", + "frame.time_relative": "913.635058000", + "frame.number": "3623", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000724a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004602", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36175", + "tcp.port": "49154", + "tcp.port": "36175", + "tcp.stream": "145", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "504", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000f9a7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3622", + "tcp.analysis.ack_rtt": "0.001571000", + "tcp.analysis.initial_rtt": "0.003442000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.122759000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.122759000", + "frame.time_delta": "0.027015000", + "frame.time_delta_displayed": "0.027015000", + "frame.time_relative": "913.662073000", + "frame.number": "3624", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000724b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004541", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36175", + "tcp.port": "49154", + "tcp.port": "36175", + "tcp.stream": "145", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "504", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x000006b1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003442000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:34:32:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:30:31:3a:34:35:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.123234000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.123234000", + "frame.time_delta": "0.000475000", + "frame.time_delta_displayed": "0.000475000", + "frame.time_relative": "913.662548000", + "frame.number": "3625", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004dae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006a9e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36175", + "tcp.dstport": "49154", + "tcp.port": "36175", + "tcp.port": "49154", + "tcp.stream": "145", + "tcp.len": "0", + "tcp.seq": "504", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00000573", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3624", + "tcp.analysis.ack_rtt": "0.000475000", + "tcp.analysis.initial_rtt": "0.003442000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.124931000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.124931000", + "frame.time_delta": "0.001697000", + "frame.time_delta_displayed": "0.001697000", + "frame.time_relative": "913.664245000", + "frame.number": "3626", + "frame.len": "474", + "frame.cap_len": "474", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "460", + "ip.id": "0x0000724c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000445c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36175", + "tcp.port": "49154", + "tcp.port": "36175", + "tcp.stream": "145", + "tcp.len": "420", + "tcp.seq": "193", + "tcp.nxtseq": "614", + "tcp.ack": "504", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00002f08", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003442000", + "tcp.analysis.bytes_in_flight": "421", + "tcp.analysis.push_bytes_sent": "420" + }, + "tcp.segment_data": "3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:38:7c:31:35:30:39:34:39:33:33:34:36:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:30:3c:2f:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:0d:0a:3c:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:31:35:30:39:34:39:34:35:30:35:3c:2f:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:0d:0a:3c:2f:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" + }, + "tcp.segments": { + "tcp.segment": "3624", + "tcp.segment": "3626", + "tcp.segment.count": "2", + "tcp.reassembled.length": "612", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:34:32:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:30:31:3a:34:35:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a:3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:38:7c:31:35:30:39:34:39:33:33:34:36:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:30:3c:2f:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:0d:0a:3c:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:31:35:30:39:34:39:34:35:30:35:3c:2f:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:0d:0a:3c:2f:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_length_header": "420", + "http.content_length_header_tree": { + "http.content_length": "420" + }, + "http.response.line": "CONTENT-LENGTH: 420\r\n", + "http.content_type": "text\/xml; charset=\"utf-8\"", + "http.response.line": "CONTENT-TYPE: text\/xml; charset=\"utf-8\"\r\n", + "http.date": "Wed, 01 Nov 2017 00:01:45 GMT", + "http.response.line": "DATE: Wed, 01 Nov 2017 00:01:45 GMT\r\n", + "http.response.line": "EXT:\r\n", + "http.server": "Unspecified, UPnP\/1.0, Unspecified", + "http.response.line": "SERVER: Unspecified, UPnP\/1.0, Unspecified\r\n", + "http.response.line": "X-User-Agent: redsonic\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.030758000", + "http.request_in": "3622", + "http.file_data": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"><s:Body>\n<u:SetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">\r\n<BinaryState>8|1509493346|0|0|14320|1209600|15|0|0|4860051<\/BinaryState>\r\n<CountdownEndTime>0<\/CountdownEndTime>\r\n<deviceCurrentTime>1509494505<\/deviceCurrentTime>\r\n<\/u:SetBinaryStateResponse>\r\n<\/s:Body> <\/s:Envelope>" + }, + "xml": { + "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", + "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", + "xml.tag": "<s:Body>", + "xml.tag_tree": { + "xml.tag": "<u:SetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:u=\"urn:Belkin:service:basicevent:1\"", + "xml.tag": "<BinaryState>", + "xml.tag_tree": { + "xml.cdata": "8|1509493346|0|0|14320|1209600|15|0|0|4860051", + "<\/BinaryState>": "" + }, + "xml.tag": "<CountdownEndTime>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/CountdownEndTime>": "" + }, + "xml.tag": "<deviceCurrentTime>", + "xml.tag_tree": { + "xml.cdata": "1509494505", + "<\/deviceCurrentTime>": "" + }, + "<\/u:SetBinaryStateResponse>": "" + }, + "<\/s:Body>": "" + }, + "<\/s:Envelope>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.137817000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.137817000", + "frame.time_delta": "0.012886000", + "frame.time_delta_displayed": "0.012886000", + "frame.time_relative": "913.677131000", + "frame.number": "3627", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cf7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003888", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "11692", + "tcp.ack": "49872", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002aa8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:77:98:00:26:15:d0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812180376, TSecr 2495952": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812180376", + "tcp.options.timestamp.tsecr": "2495952" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3618", + "tcp.analysis.ack_rtt": "0.060830000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.138352000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.138352000", + "frame.time_delta": "0.000535000", + "frame.time_delta_displayed": "0.000535000", + "frame.time_relative": "913.677666000", + "frame.number": "3628", + "frame.len": "425", + "frame.cap_len": "425", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "411", + "ip.id": "0x000095f0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007628", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "359", + "tcp.seq": "49872", + "tcp.nxtseq": "50231", + "tcp.ack": "11692", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fd7e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:15:d6:a7:9e:77:98", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2495958, TSecr 2812180376": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2495958", + "tcp.options.timestamp.tsecr": "2812180376" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "359", + "tcp.analysis.push_bytes_sent": "359" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:ad:45:6d:3b:96:02:0f:72:bb:4b:0f:38:3d:4c:e8:f4:74:f1:4b:e8:58:9e:3c:25:a7:7f:2f:61:52:eb:16:ab:44:01:62:1e:9d:cb:9c:3b:83:74" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:ae:2d:69:02:58:62:f6:81:e4:93:cf:63:e6:1e:c5:24:de:2c:74:01:be:ff:f0:3b:de:06:34:61:4a:e2:42:6e:f4:d2:84:97:24:94:71:67:ef:10" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "246", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:af:f8:3f:a4:75:1d:2e:83:ab:08:8e:72:43:81:de:2e:6e:e9:92:2c:2c:d4:7b:f7:f9:66:15:5a:29:36:97:d6:ce:56:03:9e:1a:3b:b8:92:13:20:fa:83:e6:3a:47:44:3d:a9:2f:5e:32:a1:88:d7:21:aa:bb:e5:62:32:7a:cd:90:8a:3a:c3:b3:8a:67:f9:08:f4:11:d5:19:fd:06:46:bb:6f:a6:fa:b8:2e:91:1d:56:4a:bd:cf:42:34:d3:55:d7:3a:0d:a7:e8:31:69:a4:f1:b6:79:88:07:f4:75:ca:62:63:a6:45:b8:2e:a3:9b:60:18:82:bf:1f:89:80:a3:2b:ab:ee:81:29:bc:42:2d:55:10:3a:1b:a5:67:e0:27:40:6e:6e:e7:60:92:16:11:c5:7e:9e:ba:8f:bd:dc:0e:3f:d2:47:3d:5f:78:1f:d5:0e:a7:dc:e0:4e:d8:ca:68:f9:cc:16:05:ee:fd:c0:83:a1:cf:44:9b:72:76:43:94:b6:6f:42:da:bc:61:87:04:41:e6:1b:d4:70:6f:1e:da:b9:ef:78:6a:d6:ba:07:94:64:3d:3f:90:ff:ab:9b:9f:33:0e:f1:7f:06:22:e3:72:53:93:44:3c:85:71:7b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.160935000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.160935000", + "frame.time_delta": "0.022583000", + "frame.time_delta_displayed": "0.022583000", + "frame.time_relative": "913.700249000", + "frame.number": "3629", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004daf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006a9d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36175", + "tcp.dstport": "49154", + "tcp.port": "36175", + "tcp.port": "49154", + "tcp.stream": "145", + "tcp.len": "0", + "tcp.seq": "504", + "tcp.ack": "614", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x000003bd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3626", + "tcp.analysis.ack_rtt": "0.036004000", + "tcp.analysis.initial_rtt": "0.003442000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.198581000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.198581000", + "frame.time_delta": "0.037646000", + "frame.time_delta_displayed": "0.037646000", + "frame.time_relative": "913.737895000", + "frame.number": "3630", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cf8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003887", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "11692", + "tcp.ack": "50231", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000292b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:77:a8:00:26:15:d6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812180392, TSecr 2495958": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812180392", + "tcp.options.timestamp.tsecr": "2495958" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3628", + "tcp.analysis.ack_rtt": "0.060229000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.199107000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.199107000", + "frame.time_delta": "0.000526000", + "frame.time_delta_displayed": "0.000526000", + "frame.time_relative": "913.738421000", + "frame.number": "3631", + "frame.len": "545", + "frame.cap_len": "545", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "531", + "ip.id": "0x000095f1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075af", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "479", + "tcp.seq": "50231", + "tcp.nxtseq": "50710", + "tcp.ack": "11692", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003880", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:15:dc:a7:9e:77:a8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2495964, TSecr 2812180392": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2495964", + "tcp.options.timestamp.tsecr": "2812180392" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "479", + "tcp.analysis.push_bytes_sent": "479" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "474", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:b0:63:95:e9:2a:d1:df:c3:3f:f1:45:48:7b:79:20:cc:fd:da:e4:ff:26:f0:be:83:c4:62:20:6d:ed:f3:94:d1:c1:31:39:e5:34:a0:ed:58:d2:3f:fe:1d:18:16:f6:55:e1:47:f4:b2:b7:cd:af:1f:9c:11:f4:50:09:69:7d:b6:4e:83:31:e7:0a:f6:ac:cf:c5:c9:89:80:7f:f9:4b:d8:71:f2:e2:0b:95:a0:81:e9:ef:35:1b:e7:f3:24:19:ca:d6:5b:38:cc:91:e9:6b:15:3f:d3:d0:d6:df:af:5f:7e:41:ff:c7:92:b1:81:93:a1:c1:a1:85:70:e6:01:50:75:13:0c:02:a4:ba:75:89:bc:1f:c4:69:04:72:04:63:eb:e5:a0:96:5c:05:8d:0d:24:ae:95:85:e7:5f:28:8b:e0:ea:f6:e9:e7:62:36:ae:2b:ca:31:6c:23:ab:7f:7d:0f:3d:15:1c:90:ff:97:9c:67:4b:b0:e7:c8:b5:9b:f5:64:ce:b9:81:cb:81:d1:f2:30:9f:0d:e5:75:16:e1:fd:f6:79:23:6f:40:00:98:6d:94:08:41:53:52:93:53:0d:a4:9c:21:5c:ce:93:d9:d1:25:8f:ed:fe:6b:9a:07:9a:ff:06:22:61:c7:00:8d:03:0e:a5:30:c0:c6:7c:85:e0:f0:0c:cf:fc:91:0e:29:af:72:ff:31:f1:a6:7d:17:08:a1:a1:9f:d6:06:39:00:96:c3:76:59:0b:58:24:3e:91:0e:47:eb:38:c3:37:1e:c7:a0:cb:c5:49:8a:6b:79:95:8a:c1:2c:f3:85:bc:a4:47:ab:04:26:c0:84:9c:28:ed:4c:20:92:3f:43:98:53:3d:91:fc:8d:b4:cf:72:4b:00:45:fe:19:40:6a:cf:7a:24:49:6c:d7:9f:d8:e9:a8:e8:4b:16:f5:61:dc:b5:4e:96:3c:f4:31:be:49:cb:f7:25:f6:5c:ac:23:2e:d7:ca:c2:7b:b8:8c:31:48:39:41:23:d9:56:1e:1d:fd:22:e1:db:28:c4:ab:8d:8a:cf:78:c9:45:f8:af:d0:8a:df:c5:bd:1f:9e:89:3d:71:91:a3:a3:6e:75:da:65:49:55:f9:16:54:cd:3c:03:dc:f6:55:83:e7:ba:ee:37:09:78:07:22:14:8f:5b:f6:f1:1d:31:c5:e4:c9:b1:f6:b0:b4:fd:04:ed:45:52:37:64:cc:08:95:38:7b:9c:0e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.259285000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.259285000", + "frame.time_delta": "0.060178000", + "frame.time_delta_displayed": "0.060178000", + "frame.time_relative": "913.798599000", + "frame.number": "3632", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cf9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003886", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "11692", + "tcp.ack": "50710", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002737", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:77:b7:00:26:15:dc", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812180407, TSecr 2495964": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812180407", + "tcp.options.timestamp.tsecr": "2495964" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3631", + "tcp.analysis.ack_rtt": "0.060178000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.259997000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.259997000", + "frame.time_delta": "0.000712000", + "frame.time_delta_displayed": "0.000712000", + "frame.time_relative": "913.799311000", + "frame.number": "3633", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002cfa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003856", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "11692", + "tcp.nxtseq": "11739", + "tcp.ack": "50710", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000076d3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:77:b7:00:26:15:dc", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812180407, TSecr 2495964": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812180407", + "tcp.options.timestamp.tsecr": "2495964" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:7a:d4:ce:d7:b1:2a:8a:a2:05:01:ff:13:19:06:86:48:38:f8:62:ed:21:1d:92:b2:2c:22:91:e5:5f:6e:99:e7:f3:7a:1c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.260427000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.260427000", + "frame.time_delta": "0.000430000", + "frame.time_delta_displayed": "0.000430000", + "frame.time_relative": "913.799741000", + "frame.number": "3634", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000095f2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000778d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "50710", + "tcp.ack": "11739", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002613", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:15:e2:a7:9e:77:b7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2495970, TSecr 2812180407": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2495970", + "tcp.options.timestamp.tsecr": "2812180407" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3633", + "tcp.analysis.ack_rtt": "0.000430000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.263819000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.263819000", + "frame.time_delta": "0.003392000", + "frame.time_delta_displayed": "0.003392000", + "frame.time_relative": "913.803133000", + "frame.number": "3635", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x000095f3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000775d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "50710", + "tcp.nxtseq": "50757", + "tcp.ack": "11739", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d1b7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:15:e3:a7:9e:77:b7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2495971, TSecr 2812180407": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2495971", + "tcp.options.timestamp.tsecr": "2812180407" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:b1:40:b2:6e:23:26:53:63:83:fa:2b:69:0f:25:55:e0:20:08:d9:2b:2f:4d:da:94:36:73:62:60:4a:08:d3:a9:f2:c4:b9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.295540000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.295540000", + "frame.time_delta": "0.031721000", + "frame.time_delta_displayed": "0.031721000", + "frame.time_relative": "913.834854000", + "frame.number": "3636", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004db0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006a9c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36175", + "tcp.dstport": "49154", + "tcp.port": "36175", + "tcp.port": "49154", + "tcp.stream": "145", + "tcp.len": "0", + "tcp.seq": "504", + "tcp.ack": "614", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x000003bc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.297240000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.297240000", + "frame.time_delta": "0.001700000", + "frame.time_delta_displayed": "0.001700000", + "frame.time_relative": "913.836554000", + "frame.number": "3637", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b84c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36175", + "tcp.port": "49154", + "tcp.port": "36175", + "tcp.stream": "145", + "tcp.len": "0", + "tcp.seq": "614", + "tcp.ack": "505", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000f741", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3636", + "tcp.analysis.ack_rtt": "0.001700000", + "tcp.analysis.initial_rtt": "0.003442000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.362773000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.362773000", + "frame.time_delta": "0.065533000", + "frame.time_delta_displayed": "0.065533000", + "frame.time_relative": "913.902087000", + "frame.number": "3638", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cfb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003884", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "11739", + "tcp.ack": "50757", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000026b8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:77:d1:00:26:15:e3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812180433, TSecr 2495971": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812180433", + "tcp.options.timestamp.tsecr": "2495971" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3635", + "tcp.analysis.ack_rtt": "0.098954000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.363270000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.363270000", + "frame.time_delta": "0.000497000", + "frame.time_delta_displayed": "0.000497000", + "frame.time_relative": "913.902584000", + "frame.number": "3639", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000095f4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007755", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "50757", + "tcp.nxtseq": "50811", + "tcp.ack": "11739", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007f2b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:15:ed:a7:9e:77:d1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2495981, TSecr 2812180433": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2495981", + "tcp.options.timestamp.tsecr": "2812180433" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:b2:cc:61:82:de:b2:ef:a8:f4:52:43:d5:ad:e2:6e:6d:02:fc:a2:a1:a7:27:34:da:fe:f9:29:e4:4c:10:ce:13:ae:2c:6f:ca:39:02:e7:0a:65:6c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:45.423954000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494505.423954000", + "frame.time_delta": "0.060684000", + "frame.time_delta_displayed": "0.060684000", + "frame.time_relative": "913.963268000", + "frame.number": "3640", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cfc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003883", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "11739", + "tcp.ack": "50811", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002669", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:77:e0:00:26:15:ed", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812180448, TSecr 2495981": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812180448", + "tcp.options.timestamp.tsecr": "2495981" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3639", + "tcp.analysis.ack_rtt": "0.060684000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:47.365982000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494507.365982000", + "frame.time_delta": "1.942028000", + "frame.time_delta_displayed": "1.942028000", + "frame.time_relative": "915.905296000", + "frame.number": "3641", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000bfbf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f880", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4882", + "tcp.dstport": "39500", + "tcp.port": "4882", + "tcp.port": "39500", + "tcp.stream": "146", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 39500", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5840", + "tcp.window_size": "5840", + "tcp.checksum": "0x00007873", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 1 (multiply by 2)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "1", + "tcp.options.wscale.multiplier": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:47.366470000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494507.366470000", + "frame.time_delta": "0.000488000", + "frame.time_delta_displayed": "0.000488000", + "frame.time_relative": "915.905784000", + "frame.number": "3642", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b840", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4882", + "tcp.port": "39500", + "tcp.port": "4882", + "tcp.stream": "146", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 39500", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x00007e1d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3641", + "tcp.analysis.ack_rtt": "0.000488000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:47.368944000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494507.368944000", + "frame.time_delta": "0.002474000", + "frame.time_delta_displayed": "0.002474000", + "frame.time_relative": "915.908258000", + "frame.number": "3643", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000bfc0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f88b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4882", + "tcp.dstport": "39500", + "tcp.port": "4882", + "tcp.port": "39500", + "tcp.stream": "146", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000ec8e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3642", + "tcp.analysis.ack_rtt": "0.002474000", + "tcp.analysis.initial_rtt": "0.002962000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:47.369806000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494507.369806000", + "frame.time_delta": "0.000862000", + "frame.time_delta_displayed": "0.000862000", + "frame.time_relative": "915.909120000", + "frame.number": "3644", + "frame.len": "258", + "frame.cap_len": "258", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "244", + "ip.id": "0x0000bfc1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f7be", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4882", + "tcp.dstport": "39500", + "tcp.port": "4882", + "tcp.port": "39500", + "tcp.stream": "146", + "tcp.len": "204", + "tcp.seq": "1", + "tcp.nxtseq": "205", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000612c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002962000", + "tcp.analysis.bytes_in_flight": "204", + "tcp.analysis.push_bytes_sent": "204" + }, + "tcp.segment_data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:37:36:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:38:36:65:65:36:38:36:34:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:33:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:47.370261000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494507.370261000", + "frame.time_delta": "0.000455000", + "frame.time_delta_displayed": "0.000455000", + "frame.time_relative": "915.909575000", + "frame.number": "3645", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000531c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006530", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4882", + "tcp.port": "39500", + "tcp.port": "4882", + "tcp.stream": "146", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "205", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000f635", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3644", + "tcp.analysis.ack_rtt": "0.000455000", + "tcp.analysis.initial_rtt": "0.002962000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:47.373425000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494507.373425000", + "frame.time_delta": "0.003164000", + "frame.time_delta_displayed": "0.003164000", + "frame.time_relative": "915.912739000", + "frame.number": "3646", + "frame.len": "231", + "frame.cap_len": "231", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml:http:data" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "217", + "ip.id": "0x0000bfc2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f7d8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4882", + "tcp.dstport": "39500", + "tcp.port": "4882", + "tcp.port": "39500", + "tcp.stream": "146", + "tcp.len": "177", + "tcp.seq": "205", + "tcp.nxtseq": "382", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000b66a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002962000", + "tcp.analysis.bytes_in_flight": "177", + "tcp.analysis.push_bytes_sent": "177" + }, + "tcp.segment_data": "3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:38:7c:31:35:30:39:34:39:34:35:30:36:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" + }, + "tcp.segments": { + "tcp.segment": "3644", + "tcp.segment": "3646", + "tcp.segment.count": "2", + "tcp.reassembled.length": "380", + "tcp.reassembled.data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:37:36:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:38:36:65:65:36:38:36:34:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:33:0d:0a:0d:0a:3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:38:7c:31:35:30:39:34:39:34:35:30:36:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" + }, + "http": { + "NOTIFY \/ HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY \/ HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "\/", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.242:39500", + "http.content_type": "text\/xml; charset=\"utf-8\"", + "http.content_length_header": "176", + "http.content_length_header_tree": { + "http.content_length": "176" + }, + "http.unknown_header": "NT: upnp:event\\r\\n", + "http.unknown_header": "NTS: upnp:propchange\\r\\n", + "http.unknown_header": "SID: uuid:86ee6864-1dd2-11b2-be5b-b0ef260068aa\\r\\n", + "http.unknown_header": "SEQ: 3\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.242:39500\/", + "http.notification": "1", + "http.file_data": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">\n<e:property>\n<BinaryState>8|1509494506|0|0|14320|1209600|15|0|0|4860051<\/BinaryState>\n<\/e:property>\n<\/e:propertyset>\n\n\r" + }, + "xml": { + "xml.tag": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:e=\"urn:schemas-upnp-org:event-1-0\"", + "xml.tag": "<e:property>", + "xml.tag_tree": { + "xml.tag": "<BinaryState>", + "xml.tag_tree": { + "xml.cdata": "8|1509494506|0|0|14320|1209600|15|0|0|4860051", + "<\/BinaryState>": "" + }, + "<\/e:property>": "" + }, + "<\/e:propertyset>": "" + } + }, + "http": { + "data": { + "data.data": "0a", + "data.len": "1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:47.373887000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494507.373887000", + "frame.time_delta": "0.000462000", + "frame.time_delta_displayed": "0.000462000", + "frame.time_relative": "915.913201000", + "frame.number": "3647", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000531d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000652f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4882", + "tcp.port": "39500", + "tcp.port": "4882", + "tcp.stream": "146", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "382", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000f573", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3646", + "tcp.analysis.ack_rtt": "0.000462000", + "tcp.analysis.initial_rtt": "0.002962000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:47.385323000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494507.385323000", + "frame.time_delta": "0.011436000", + "frame.time_delta_displayed": "0.011436000", + "frame.time_relative": "915.924637000", + "frame.number": "3648", + "frame.len": "531", + "frame.cap_len": "531", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "517", + "ip.id": "0x000095f5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075b9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "465", + "tcp.seq": "50811", + "tcp.nxtseq": "51276", + "tcp.ack": "11739", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ece1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:16:b7:a7:9e:77:e0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2496183, TSecr 2812180448": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2496183", + "tcp.options.timestamp.tsecr": "2812180448" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "465", + "tcp.analysis.push_bytes_sent": "465" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "460", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:b3:ca:d9:2f:b7:3a:22:5b:27:5b:4f:77:f5:ad:ba:26:70:07:eb:07:94:6e:a1:7d:60:04:78:73:9a:ca:28:28:c9:90:6e:6b:af:d7:64:ac:1f:08:3f:3f:32:de:33:f2:94:e4:88:66:bf:14:fd:3c:f6:d7:be:3e:0e:df:09:70:80:d4:9d:48:f2:87:56:73:89:f0:30:58:01:08:94:6c:86:e1:a8:c9:37:0a:eb:ec:61:65:5c:9c:a2:eb:7d:eb:18:8b:ee:ae:78:d1:b5:de:14:07:d0:99:85:aa:d7:1b:3d:86:30:25:8a:6e:35:86:1f:a3:8a:3d:9b:b0:ea:71:ab:5a:98:88:db:b4:69:6a:1d:6b:52:be:59:69:4d:9d:8d:84:69:98:45:87:8d:a1:2c:e5:7a:dc:e6:e8:27:f1:35:5c:79:1b:8d:3f:89:c0:6f:c9:38:01:cf:0c:d4:f3:d8:9e:cf:47:44:09:f1:d6:e9:47:94:eb:56:01:0e:e0:68:8d:54:6b:4e:6d:0f:13:cb:fc:02:90:87:5a:b5:5f:1f:09:50:ba:ae:e9:c8:1f:01:da:e2:b2:06:3a:84:61:93:e6:de:81:40:41:72:9d:ba:78:9c:02:a9:14:d9:ea:9f:fb:7f:27:4f:62:d8:83:68:ff:e5:1c:9c:8c:78:47:cb:15:ba:1b:94:89:ab:f1:98:bc:17:8e:5e:ef:81:5f:f7:a8:71:8d:50:ed:8d:3a:24:62:a3:94:a8:48:1c:86:c3:e4:29:5c:69:e1:99:12:b3:59:53:a9:17:44:8d:6c:29:86:e8:35:06:9a:f8:72:6a:46:fa:f4:b5:be:4f:55:1f:ec:b5:40:0d:64:15:c8:f9:ec:6b:ea:1a:8c:a4:98:52:9f:16:d1:22:88:25:81:a9:35:86:83:55:a4:15:5c:23:b6:4a:58:ad:97:77:2c:1d:83:44:3e:c2:46:b3:7c:e6:f2:66:b2:4d:6b:a5:a7:21:53:60:d9:c9:1c:4f:fe:62:1a:12:4f:bf:f9:90:3c:00:35:95:09:ff:ea:16:28:31:90:10:5b:7b:fe:05:0b:52:69:00:40:71:9c:a4:b7:8a:64:b6:e3:b8:ed:33:e2:2d:c5:90:ca:37:1f:90:9d:7d:0b:6a:95:b2:c7:ae:22:43:c3:7e:56:45:c9:b2:5d:3b:5b:fa:f5:d2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:47.445772000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494507.445772000", + "frame.time_delta": "0.060449000", + "frame.time_delta_displayed": "0.060449000", + "frame.time_relative": "915.985086000", + "frame.number": "3649", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cfd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003882", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "11739", + "tcp.ack": "51276", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000021d5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:79:d9:00:26:16:b7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812180953, TSecr 2496183": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812180953", + "tcp.options.timestamp.tsecr": "2496183" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3648", + "tcp.analysis.ack_rtt": "0.060449000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:47.447005000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494507.447005000", + "frame.time_delta": "0.001233000", + "frame.time_delta_displayed": "0.001233000", + "frame.time_relative": "915.986319000", + "frame.number": "3650", + "frame.len": "151", + "frame.cap_len": "151", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "137", + "ip.id": "0x00002cfe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000382c", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "85", + "tcp.seq": "11739", + "tcp.nxtseq": "11824", + "tcp.ack": "51276", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000046f2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:79:da:00:26:16:b7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812180954, TSecr 2496183": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812180954", + "tcp.options.timestamp.tsecr": "2496183" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "85", + "tcp.analysis.push_bytes_sent": "85" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "80", + "ssl.app_data": "34:cd:34:17:47:48:0e:7b:90:c6:5f:56:1e:95:e4:db:f1:ad:97:5a:1e:f2:7b:a7:76:43:4c:45:53:43:69:5b:80:9e:9c:0f:dc:d8:39:fa:23:07:c5:2a:2c:18:8f:b5:4c:91:e0:59:81:7f:b3:92:ea:af:fe:c5:ee:5d:4e:04:70:cc:42:db:0e:b1:fd:4c:2f:9d:8f:ef:be:36:8f:b1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:47.450950000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494507.450950000", + "frame.time_delta": "0.003945000", + "frame.time_delta_displayed": "0.003945000", + "frame.time_relative": "915.990264000", + "frame.number": "3651", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x000095f6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000775a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "51276", + "tcp.nxtseq": "51323", + "tcp.ack": "11824", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000528c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:16:be:a7:9e:79:da", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2496190, TSecr 2812180954": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2496190", + "tcp.options.timestamp.tsecr": "2812180954" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3650", + "tcp.analysis.ack_rtt": "0.003945000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:b4:71:3f:39:f9:09:5c:b5:ed:6a:af:29:c5:36:f6:bd:48:92:7e:53:16:a9:bd:b4:9f:b6:5a:d7:12:6d:be:f3:7e:7f:46" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:47.461800000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494507.461800000", + "frame.time_delta": "0.010850000", + "frame.time_delta_displayed": "0.010850000", + "frame.time_relative": "916.001114000", + "frame.number": "3652", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x0000531e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006508", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4882", + "tcp.port": "39500", + "tcp.port": "4882", + "tcp.stream": "146", + "tcp.len": "38", + "tcp.seq": "1", + "tcp.nxtseq": "39", + "tcp.ack": "382", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x000001ff", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002962000", + "tcp.analysis.bytes_in_flight": "38", + "tcp.analysis.push_bytes_sent": "38" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:47.463612000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494507.463612000", + "frame.time_delta": "0.001812000", + "frame.time_delta_displayed": "0.001812000", + "frame.time_relative": "916.002926000", + "frame.number": "3653", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000bfc3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f888", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4882", + "tcp.dstport": "39500", + "tcp.port": "4882", + "tcp.port": "39500", + "tcp.stream": "146", + "tcp.len": "0", + "tcp.seq": "382", + "tcp.ack": "39", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000eaeb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3652", + "tcp.analysis.ack_rtt": "0.001812000", + "tcp.analysis.initial_rtt": "0.002962000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:47.467102000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494507.467102000", + "frame.time_delta": "0.003490000", + "frame.time_delta_displayed": "0.003490000", + "frame.time_relative": "916.006416000", + "frame.number": "3654", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000bfc4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f887", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4882", + "tcp.dstport": "39500", + "tcp.port": "4882", + "tcp.port": "39500", + "tcp.stream": "146", + "tcp.len": "0", + "tcp.seq": "382", + "tcp.ack": "39", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000eaea", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:47.467775000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494507.467775000", + "frame.time_delta": "0.000673000", + "frame.time_delta_displayed": "0.000673000", + "frame.time_relative": "916.007089000", + "frame.number": "3655", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000531f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000652d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4882", + "tcp.port": "39500", + "tcp.port": "4882", + "tcp.stream": "146", + "tcp.len": "0", + "tcp.seq": "39", + "tcp.ack": "383", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000f54b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3654", + "tcp.analysis.ack_rtt": "0.000673000", + "tcp.analysis.initial_rtt": "0.002962000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:47.469998000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494507.469998000", + "frame.time_delta": "0.002223000", + "frame.time_delta_displayed": "0.002223000", + "frame.time_relative": "916.009312000", + "frame.number": "3656", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000bfc5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f886", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4882", + "tcp.dstport": "39500", + "tcp.port": "4882", + "tcp.port": "39500", + "tcp.stream": "146", + "tcp.len": "0", + "tcp.seq": "383", + "tcp.ack": "40", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000eae9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3655", + "tcp.analysis.ack_rtt": "0.002223000", + "tcp.analysis.initial_rtt": "0.002962000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:47.511939000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494507.511939000", + "frame.time_delta": "0.041941000", + "frame.time_delta_displayed": "0.041941000", + "frame.time_relative": "916.051253000", + "frame.number": "3657", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002cff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003851", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "11824", + "tcp.nxtseq": "11871", + "tcp.ack": "51323", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003b24", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:79:ea:00:26:16:be", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812180970, TSecr 2496190": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812180970", + "tcp.options.timestamp.tsecr": "2496190" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3651", + "tcp.analysis.ack_rtt": "0.060989000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:7c:a8:9e:72:83:2f:c9:28:f3:4c:54:19:09:be:d5:70:e8:06:99:ba:59:5c:be:d3:22:c5:dd:72:fd:bb:4b:19:37:14:cd" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:47.512437000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494507.512437000", + "frame.time_delta": "0.000498000", + "frame.time_delta_displayed": "0.000498000", + "frame.time_relative": "916.051751000", + "frame.number": "3658", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "160", + "ip.id": "0x000095f7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000771c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "108", + "tcp.seq": "51323", + "tcp.nxtseq": "51431", + "tcp.ack": "11871", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a3de", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:16:c4:a7:9e:79:ea", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2496196, TSecr 2812180970": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2496196", + "tcp.options.timestamp.tsecr": "2812180970" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3657", + "tcp.analysis.ack_rtt": "0.000498000", + "tcp.analysis.bytes_in_flight": "108", + "tcp.analysis.push_bytes_sent": "108" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:b5:61:25:e9:e7:ca:72:51:e5:52:a7:74:25:7f:cd:21:22:72:8c:f4:70:56:26:cd:8f:16:d4:5a:c0:8f:0f:86:9e:26:85:f1:ab:50:fb:40:47:78" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:b6:c8:ce:97:27:09:d7:dd:9d:a2:fc:38:ca:92:7f:4e:35:f3:eb:3b:0e:10:03:fb:19:02:29:26:77:32:47:93:0a:11:17:8c:ea:73:21:1b:63:26" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:47.669230000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494507.669230000", + "frame.time_delta": "0.156793000", + "frame.time_delta_displayed": "0.156793000", + "frame.time_relative": "916.208544000", + "frame.number": "3659", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d00", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000387f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "11871", + "tcp.ack": "51431", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000207f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:7a:03:00:26:16:c4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812180995, TSecr 2496196": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812180995", + "tcp.options.timestamp.tsecr": "2496196" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3658", + "tcp.analysis.ack_rtt": "0.156793000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:47.669690000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494507.669690000", + "frame.time_delta": "0.000460000", + "frame.time_delta_displayed": "0.000460000", + "frame.time_relative": "916.209004000", + "frame.number": "3660", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x000095f8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007756", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "51431", + "tcp.nxtseq": "51480", + "tcp.ack": "11871", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009595", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:16:d3:a7:9e:7a:03", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2496211, TSecr 2812180995": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2496211", + "tcp.options.timestamp.tsecr": "2812180995" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:b7:aa:75:ae:cd:44:9c:c7:c9:0c:95:e8:23:5b:fc:9a:20:c8:7c:80:1d:09:f8:10:64:c4:88:d1:15:b3:0b:b8:1a:11:e0:cb:b5" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:47.729881000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494507.729881000", + "frame.time_delta": "0.060191000", + "frame.time_delta_displayed": "0.060191000", + "frame.time_relative": "916.269195000", + "frame.number": "3661", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d01", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000387e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "11871", + "tcp.ack": "51480", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002022", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:7a:20:00:26:16:d3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812181024, TSecr 2496211": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812181024", + "tcp.options.timestamp.tsecr": "2496211" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3660", + "tcp.analysis.ack_rtt": "0.060191000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:48.511035000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494508.511035000", + "frame.time_delta": "0.781154000", + "frame.time_delta_displayed": "0.781154000", + "frame.time_relative": "917.050349000", + "frame.number": "3662", + "frame.len": "1323", + "frame.cap_len": "1323", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1309", + "ip.id": "0x000095f9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000729d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1257", + "tcp.seq": "51480", + "tcp.nxtseq": "52737", + "tcp.ack": "11871", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f652", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:17:28:a7:9e:7a:20", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2496296, TSecr 2812181024": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2496296", + "tcp.options.timestamp.tsecr": "2812181024" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1257", + "tcp.analysis.push_bytes_sent": "1257" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1252", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:b8:aa:61:b7:33:b2:0e:e8:54:ea:cf:27:f4:b3:e0:5b:57:ff:7a:68:dc:77:bc:1b:65:e4:2e:46:76:b2:70:e8:7b:6f:43:cc:2d:2e:31:02:80:29:7a:79:27:c8:94:95:ae:78:6e:94:a6:7b:69:ea:ef:0c:c7:78:9e:a8:e8:41:00:9c:ef:a9:b1:31:12:f2:79:9e:4d:0c:f5:97:0a:c9:8d:55:ac:c3:a9:17:28:b2:fb:39:59:ff:45:f2:29:38:bd:0c:7d:3f:87:ee:9a:d8:75:d0:93:7c:24:62:74:74:1d:98:3e:da:15:07:7f:d7:80:e3:c5:19:43:cf:f9:06:ec:cf:e5:3a:a5:4c:c8:fd:6d:fc:94:0c:f1:3d:26:ac:b3:29:ec:44:2a:6b:33:53:ea:ee:03:72:97:7c:b2:04:9a:50:a3:49:5c:a6:f7:10:31:03:d7:13:bb:27:a8:f8:85:e9:23:4b:da:1f:ea:47:ff:5a:bb:f1:c3:12:c6:69:cc:c0:2b:7f:c3:85:f9:30:94:1e:b9:31:99:8b:da:ec:36:8d:b2:1b:6c:d9:9d:f6:33:fe:90:df:2e:9d:77:db:c5:a8:ee:bf:c7:7e:64:c5:8a:e3:e7:63:56:5f:8b:af:4a:79:aa:4d:d8:5d:e3:3d:58:d2:8d:b1:ba:0b:3b:df:f5:c0:b3:cd:99:2c:4a:da:01:82:53:70:8b:f0:b7:d6:dc:f1:0a:f4:f4:0e:16:10:f1:23:e9:4c:2a:c3:f4:65:75:ce:b7:d4:62:11:8e:7d:bb:9d:4a:85:1f:5b:2b:3e:33:b9:2e:68:d1:2d:7a:cf:83:7f:1b:ad:d4:89:8a:f3:64:d6:24:8a:82:48:b1:f7:83:92:b5:31:c8:57:0c:02:1b:e6:81:bc:10:7e:36:e8:f1:c4:14:2b:15:3d:8f:5b:71:bc:e8:57:12:56:43:a1:92:98:66:4e:82:00:17:88:85:3f:cc:b7:12:7f:0f:00:0e:a7:19:54:c2:a3:9c:7e:fc:f0:fe:48:00:ae:6c:d2:ee:82:d0:0f:04:e3:c2:9c:b9:7d:b4:ad:1b:c4:3d:0d:03:27:3d:79:30:e1:78:97:fa:3e:a0:cd:d0:9a:e3:2a:7a:1a:27:f2:7f:cc:5b:cc:af:2c:4d:6b:b9:e3:5f:b4:68:17:38:03:b2:53:23:0f:c6:aa:61:12:02:4e:e0:62:e6:98:17:1c:92:aa:c5:3c:a8:19:82:5e:cd:ab:54:48:d5:ec:7e:93:5d:37:0e:81:39:14:a5:6a:6c:1f:99:17:94:bc:cf:21:59:ef:0a:28:f7:ab:65:b8:76:42:be:13:ef:8c:ce:b6:7b:bf:18:61:13:5c:5a:1c:83:05:11:b0:e0:5b:31:16:2a:59:10:61:9f:b1:20:21:ad:88:3e:c2:5e:b8:87:58:83:5e:b8:8a:9c:47:c9:01:39:71:e5:1f:a1:2b:17:65:cd:56:1c:d7:e4:70:ff:d9:83:8c:85:83:cc:d8:4c:be:64:84:a2:a5:8a:f9:d6:f4:08:e1:00:a0:e5:44:58:30:18:f7:b8:ae:13:db:30:e3:9f:7c:95:00:83:7f:6d:66:97:2d:40:79:8b:4c:c4:69:5b:b5:80:46:a2:d3:56:58:2b:42:68:80:7d:4e:0a:ab:07:0a:6f:ad:ab:f9:99:aa:f3:76:19:85:49:6a:38:70:1e:1a:bf:5d:45:f5:74:0d:4b:22:c5:0f:e7:be:b6:59:8b:22:2e:73:c3:e7:e3:32:e2:65:ab:55:2a:72:3e:ad:61:13:67:89:d6:0d:84:0c:42:87:4c:60:84:82:c0:18:e7:98:b4:78:e5:26:d9:fe:20:05:f6:6e:69:4c:06:fd:e3:94:8b:96:3a:e7:8a:05:e4:79:0e:c5:2e:34:83:af:f9:89:1f:d3:e0:d0:81:89:8c:cb:87:34:c4:07:05:de:e2:24:6c:fe:11:11:75:bb:6d:c7:2d:f9:dc:56:9e:e8:25:42:45:63:2c:f2:b9:8a:b1:d1:ce:f3:54:e0:1e:73:84:02:e8:d4:a6:93:9c:f7:b1:7e:52:36:91:98:f0:8a:8e:a4:6f:6d:4a:87:ce:f1:59:1a:e0:68:d5:70:28:03:d4:a7:f2:df:1f:3e:9a:31:7e:33:85:45:88:6a:d9:45:3f:dd:c2:01:14:3e:3a:98:43:88:e7:13:a3:0a:7f:20:fd:6a:c9:8d:68:6c:a4:94:64:a3:8d:b7:ae:9d:4f:cf:d3:50:c0:ce:53:6a:82:4c:a7:6a:2a:29:70:78:e2:9b:e9:3a:9b:4b:b7:ee:3f:6f:0b:4b:15:23:a8:38:1a:4b:f7:9a:8f:9f:fa:98:4f:df:33:f7:ae:9c:a9:55:54:bb:d1:ba:c3:a9:ed:c9:97:d5:02:a5:c4:8e:cd:f5:94:dd:d1:4c:dc:96:21:7a:15:8e:a4:d4:a3:c0:ff:50:6b:04:67:e0:5c:94:02:4f:98:cf:b9:46:7b:43:3a:56:33:d4:6d:a2:f5:48:be:ac:70:61:ff:76:c8:0f:34:ba:50:f8:9a:57:ae:fa:86:c6:6f:63:37:08:91:18:50:34:ba:b5:1c:0a:f8:62:34:22:71:77:fe:84:27:fc:ae:a9:ec:7d:10:2d:79:e6:36:47:24:93:d3:8d:ca:f5:de:67:2c:d5:59:72:f8:90:20:e3:78:b0:94:07:c1:c7:e3:c2:46:56:e1:e3:29:98:e6:08:9e:60:57:6c:08:c3:a8:70:e3:2b:b6:78:2e:70:33:3a:3e:8d:47:aa:f2:26:6b:76:93:37:cf:d8:73:3a:39:b7:90:8d:81:9b:ef:38:c2:28:fb:a9:3d:40:d9:9c:bc:3e:10:a0:7e:44:7c:e6:f3:7e:e4:f2:37:7d:df:a3:15:3a:e8:c2:d3:f4:74:c8:4e:75:7a:b4:1d:65:68:b8:c4:81:3b:88:4b:6f:62:92:0c:a6:9d:8b:11:76:5d:21:df:e8:1b:bc:6b:d4:98:20:ed:ba:9c:0b:27:62:36:38:11:1e:71:a8:d5:6d:19:c9:2e:5b:5e:27:f5:e8:3d:bb:ae:4f:be:a8:20:6a:ae:28:c8:6e:57:bb:c8:3d:13:8f:e3:97:33:af:82:1c:1a:8f:d2:c3:2d:62:a1:cd:4e:d3:3e:aa:42:06:97:60:69:e8:4d:83:37:4f:0e:ed:bc:9c:79:85:8f:a9:63:6e:f5:ee:22:b6:c7:21:6c:d5:d2:db:8f:c8:3a:2f:dd:7d:55:a8:bb:2b:57:4b:49:a6:34:d3:0f:dc:9b:c7:77" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:48.571245000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494508.571245000", + "frame.time_delta": "0.060210000", + "frame.time_delta_displayed": "0.060210000", + "frame.time_relative": "917.110559000", + "frame.number": "3663", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d02", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000387d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "11871", + "tcp.ack": "52737", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001a11", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:7a:f3:00:26:17:28", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812181235, TSecr 2496296": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812181235", + "tcp.options.timestamp.tsecr": "2496296" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3662", + "tcp.analysis.ack_rtt": "0.060210000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:48.802813000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494508.802813000", + "frame.time_delta": "0.231568000", + "frame.time_delta_displayed": "0.231568000", + "frame.time_relative": "917.342127000", + "frame.number": "3664", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.120" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:48.808830000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494508.808830000", + "frame.time_delta": "0.006017000", + "frame.time_delta_displayed": "0.006017000", + "frame.time_relative": "917.348144000", + "frame.number": "3665", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "e4:95:6e:b0:20:39", + "arp.src.proto_ipv4": "192.168.0.120", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:55.597890000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494515.597890000", + "frame.time_delta": "6.789060000", + "frame.time_delta_displayed": "6.789060000", + "frame.time_relative": "924.137204000", + "frame.number": "3666", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001db1", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba3f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000c91", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000271", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=625", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:55.598443000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494515.598443000", + "frame.time_delta": "0.000553000", + "frame.time_delta_displayed": "0.000553000", + "frame.time_relative": "924.137757000", + "frame.number": "3667", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001db2", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b3a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ed8c", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000271", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=625", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:55.599027000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494515.599027000", + "frame.time_delta": "0.000584000", + "frame.time_delta_displayed": "0.000584000", + "frame.time_relative": "924.138341000", + "frame.number": "3668", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007b52", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000271", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=625", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:01:58.733910000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494518.733910000", + "frame.time_delta": "3.134883000", + "frame.time_delta_displayed": "3.134883000", + "frame.time_relative": "927.273224000", + "frame.number": "3669", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000a4b2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000034a7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:00.598200000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494520.598200000", + "frame.time_delta": "1.864290000", + "frame.time_delta_displayed": "1.864290000", + "frame.time_relative": "929.137514000", + "frame.number": "3670", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001db3", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba3d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000c91", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000271", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=625", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:00.600614000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494520.600614000", + "frame.time_delta": "0.002414000", + "frame.time_delta_displayed": "0.002414000", + "frame.time_relative": "929.139928000", + "frame.number": "3671", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001db4", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b38", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ed8c", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000271", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=625", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:00.601012000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494520.601012000", + "frame.time_delta": "0.000398000", + "frame.time_delta_displayed": "0.000398000", + "frame.time_relative": "929.140326000", + "frame.number": "3672", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007b52", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000271", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=625", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:04.048415000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494524.048415000", + "frame.time_delta": "3.447403000", + "frame.time_delta_displayed": "3.447403000", + "frame.time_relative": "932.587729000", + "frame.number": "3673", + "frame.len": "94", + "frame.cap_len": "94", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "80", + "ip.id": "0x000057f4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a675", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "40", + "tcp.seq": "282", + "tcp.nxtseq": "322", + "tcp.ack": "253", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f070", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "40", + "tcp.analysis.push_bytes_sent": "40" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "35", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:e3:d0:68:56:59:24:6a:8c:62:38:41:fa:61:f5:40:d3:e9:9d:94:f2:2e:43:5d:5e:5c:60:0f:18" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:04.191955000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494524.191955000", + "frame.time_delta": "0.143540000", + "frame.time_delta_displayed": "0.143540000", + "frame.time_relative": "932.731269000", + "frame.number": "3674", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00000fe2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd8b", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "36", + "tcp.seq": "253", + "tcp.nxtseq": "289", + "tcp.ack": "322", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e4fe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3673", + "tcp.analysis.ack_rtt": "0.143540000", + "tcp.analysis.bytes_in_flight": "36", + "tcp.analysis.push_bytes_sent": "36" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "31", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:69:c6:6b:dd:b4:7d:55:96:77:2d:b4:1f:78:8b:f9:05:98:14:23:62:dc:ec:1c:ea" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:04.192495000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494524.192495000", + "frame.time_delta": "0.000540000", + "frame.time_delta_displayed": "0.000540000", + "frame.time_relative": "932.731809000", + "frame.number": "3675", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057f5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a69c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "322", + "tcp.ack": "289", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000045e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3674", + "tcp.analysis.ack_rtt": "0.000540000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:04.946442000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494524.946442000", + "frame.time_delta": "0.753947000", + "frame.time_delta_displayed": "0.753947000", + "frame.time_relative": "933.485756000", + "frame.number": "3676", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000b6f8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000125f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:04.999349000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494524.999349000", + "frame.time_delta": "0.052907000", + "frame.time_delta_displayed": "0.052907000", + "frame.time_relative": "933.538663000", + "frame.number": "3677", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000b6fb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000125c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:05.052379000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494525.052379000", + "frame.time_delta": "0.053030000", + "frame.time_delta_displayed": "0.053030000", + "frame.time_relative": "933.591693000", + "frame.number": "3678", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000b701", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000124d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:05.105203000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494525.105203000", + "frame.time_delta": "0.052824000", + "frame.time_delta_displayed": "0.052824000", + "frame.time_relative": "933.644517000", + "frame.number": "3679", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000b706", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001248", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:05.158121000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494525.158121000", + "frame.time_delta": "0.052918000", + "frame.time_delta_displayed": "0.052918000", + "frame.time_relative": "933.697435000", + "frame.number": "3680", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000b708", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000124c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:05.211018000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494525.211018000", + "frame.time_delta": "0.052897000", + "frame.time_delta_displayed": "0.052897000", + "frame.time_relative": "933.750332000", + "frame.number": "3681", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000b709", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000124b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:05.598433000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494525.598433000", + "frame.time_delta": "0.387415000", + "frame.time_delta_displayed": "0.387415000", + "frame.time_relative": "934.137747000", + "frame.number": "3682", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001db8", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba38", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000c91", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000271", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=625", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:05.599011000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494525.599011000", + "frame.time_delta": "0.000578000", + "frame.time_delta_displayed": "0.000578000", + "frame.time_relative": "934.138325000", + "frame.number": "3683", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001db9", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b33", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ed8c", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000271", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=625", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:05.599579000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494525.599579000", + "frame.time_delta": "0.000568000", + "frame.time_delta_displayed": "0.000568000", + "frame.time_relative": "934.138893000", + "frame.number": "3684", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007b52", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000271", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=625", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:06.483051000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494526.483051000", + "frame.time_delta": "0.883472000", + "frame.time_delta_displayed": "0.883472000", + "frame.time_relative": "935.022365000", + "frame.number": "3685", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005c91", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005b58", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:07.508385000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494527.508385000", + "frame.time_delta": "1.025334000", + "frame.time_delta_displayed": "1.025334000", + "frame.time_relative": "936.047699000", + "frame.number": "3686", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000ac6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edca", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x000007d3", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2a:c4:98:32:40:46:cd:f2:14:6b:00:00:00:52:a0:21:21:33:33:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:13.750549000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494533.750549000", + "frame.time_delta": "6.242164000", + "frame.time_delta_displayed": "6.242164000", + "frame.time_relative": "942.289863000", + "frame.number": "3687", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:14.010120000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494534.010120000", + "frame.time_delta": "0.259571000", + "frame.time_delta_displayed": "0.259571000", + "frame.time_relative": "942.549434000", + "frame.number": "3688", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:14.057439000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494534.057439000", + "frame.time_delta": "0.047319000", + "frame.time_delta_displayed": "0.047319000", + "frame.time_relative": "942.596753000", + "frame.number": "3689", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:14.087552000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494534.087552000", + "frame.time_delta": "0.030113000", + "frame.time_delta_displayed": "0.030113000", + "frame.time_relative": "942.626866000", + "frame.number": "3690", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:14.486579000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494534.486579000", + "frame.time_delta": "0.399027000", + "frame.time_delta_displayed": "0.399027000", + "frame.time_relative": "943.025893000", + "frame.number": "3691", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:18.525369000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494538.525369000", + "frame.time_delta": "4.038790000", + "frame.time_delta_displayed": "4.038790000", + "frame.time_relative": "947.064683000", + "frame.number": "3692", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x000095fa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007754", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "52737", + "tcp.nxtseq": "52786", + "tcp.ack": "11871", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000015b0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:22:e1:a7:9e:7a:f3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2499297, TSecr 2812181235": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2499297", + "tcp.options.timestamp.tsecr": "2812181235" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:b9:96:b3:c1:43:d0:81:02:bc:56:b9:ed:04:65:03:5b:d3:2b:77:26:1d:aa:c1:81:42:e8:50:75:0b:6a:98:2f:26:db:12:df:ab" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:18.585669000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494538.585669000", + "frame.time_delta": "0.060300000", + "frame.time_delta_displayed": "0.060300000", + "frame.time_relative": "947.124983000", + "frame.number": "3693", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d03", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000387c", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "11871", + "tcp.ack": "52786", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f0d7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:98:42:00:26:22:e1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812188738, TSecr 2499297": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812188738", + "tcp.options.timestamp.tsecr": "2499297" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3692", + "tcp.analysis.ack_rtt": "0.060300000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:18.586118000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494538.586118000", + "frame.time_delta": "0.000449000", + "frame.time_delta_displayed": "0.000449000", + "frame.time_relative": "947.125432000", + "frame.number": "3694", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002d04", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003844", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "11871", + "tcp.nxtseq": "11926", + "tcp.ack": "52786", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006908", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:98:42:00:26:22:e1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812188738, TSecr 2499297": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812188738", + "tcp.options.timestamp.tsecr": "2499297" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:7d:13:ed:eb:13:5e:91:ac:e8:0c:25:dd:fc:0c:ac:30:c8:c7:d8:b1:66:20:8d:81:6d:51:11:e0:df:45:08:90:79:4a:26:10:fa:ad:2a:84:74:ed:13" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:18.619536000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494538.619536000", + "frame.time_delta": "0.033418000", + "frame.time_delta_displayed": "0.033418000", + "frame.time_relative": "947.158850000", + "frame.number": "3695", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000095fb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007784", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "52786", + "tcp.ack": "11926", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000efa7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:22:eb:a7:9e:98:42", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2499307, TSecr 2812188738": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2499307", + "tcp.options.timestamp.tsecr": "2812188738" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3694", + "tcp.analysis.ack_rtt": "0.033418000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:18.762766000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494538.762766000", + "frame.time_delta": "0.143230000", + "frame.time_delta_displayed": "0.143230000", + "frame.time_relative": "947.302080000", + "frame.number": "3696", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000ba4a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001f0f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:19.190574000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494539.190574000", + "frame.time_delta": "0.427808000", + "frame.time_delta_displayed": "0.427808000", + "frame.time_relative": "947.729888000", + "frame.number": "3697", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:23.590936000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494543.590936000", + "frame.time_delta": "4.400362000", + "frame.time_delta_displayed": "4.400362000", + "frame.time_relative": "952.130250000", + "frame.number": "3698", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:23.591385000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494543.591385000", + "frame.time_delta": "0.000449000", + "frame.time_delta_displayed": "0.000449000", + "frame.time_relative": "952.130699000", + "frame.number": "3699", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:25.208443000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494545.208443000", + "frame.time_delta": "1.617058000", + "frame.time_delta_displayed": "1.617058000", + "frame.time_relative": "953.747757000", + "frame.number": "3700", + "frame.len": "134", + "frame.cap_len": "134", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:adwin_config" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "120", + "ip.id": "0x00000ac8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edc4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "100", + "udp.checksum": "0x0000c105", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "adwin_config": { + "adwin_config.pattern": "0x5c000054", + "adwin_config.version": "1112689490", + "adwin_config.scan_id": "0xd073d502", + "adwin_config.status": "0x41da0000", + "adwin_config.timeout": "1279870552", + "adwin_config.filename": "V2", + "adwin_config.mac": "9f:36:19:4e:7a:42", + "adwin_config.unused": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:26.092370000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494546.092370000", + "frame.time_delta": "0.883927000", + "frame.time_delta_displayed": "0.883927000", + "frame.time_relative": "954.631684000", + "frame.number": "3701", + "frame.len": "264", + "frame.cap_len": "264", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "250", + "ip.id": "0x00002d05", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037b4", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "198", + "tcp.seq": "11926", + "tcp.nxtseq": "12124", + "tcp.ack": "52786", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000561c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:9f:97:00:26:22:eb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812190615, TSecr 2499307": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812190615", + "tcp.options.timestamp.tsecr": "2499307" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "198", + "tcp.analysis.push_bytes_sent": "198" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "193", + "ssl.app_data": "34:cd:34:17:47:48:0e:7e:1f:6b:5d:ac:9d:be:7b:d3:0f:e5:04:15:78:e4:61:0f:71:9d:8e:73:57:fb:7c:9b:8c:58:54:0c:c4:a5:99:30:74:59:df:30:80:25:c0:31:e3:6c:8c:fe:ce:75:9a:2a:2e:d1:a5:11:ee:c6:ee:87:d2:b5:75:31:7c:df:bb:13:68:9e:3b:9b:6d:45:b3:69:85:8d:44:68:2e:c5:16:4e:bf:c2:d2:4c:93:0c:04:f3:25:66:63:1a:a0:ce:71:8b:17:c4:94:f5:77:1f:4e:8f:f2:4f:be:0b:77:e1:5b:1d:1e:96:32:b1:3e:d8:af:d7:ba:e2:ba:ed:61:b0:ca:3f:b7:bc:c5:38:8a:05:b3:a8:e0:ac:ec:92:56:5b:40:bf:60:46:fc:2f:f6:64:a3:35:0d:21:ed:f9:f7:cc:af:86:a2:79:ef:d0:55:e9:6c:81:a1:06:a8:73:77:13:df:82:68:f3:7b:35:d0:e0:a6:f3:e7" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:26.092861000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494546.092861000", + "frame.time_delta": "0.000491000", + "frame.time_delta_displayed": "0.000491000", + "frame.time_relative": "954.632175000", + "frame.number": "3702", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000095fc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007783", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "52786", + "tcp.ack": "12124", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e4a1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:25:d6:a7:9e:9f:97", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2500054, TSecr 2812190615": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2500054", + "tcp.options.timestamp.tsecr": "2812190615" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3701", + "tcp.analysis.ack_rtt": "0.000491000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:26.099537000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494546.099537000", + "frame.time_delta": "0.006676000", + "frame.time_delta_displayed": "0.006676000", + "frame.time_relative": "954.638851000", + "frame.number": "3703", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x000095fd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000774d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "52786", + "tcp.nxtseq": "52839", + "tcp.ack": "12124", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009459", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:25:d7:a7:9e:9f:97", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2500055, TSecr 2812190615": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2500055", + "tcp.options.timestamp.tsecr": "2812190615" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:ba:e8:de:bc:d0:24:bf:64:4a:66:5f:f3:33:a5:36:de:11:44:4e:81:7c:74:b2:c5:d7:50:90:20:b9:b9:31:3e:b5:b5:ae:9b:fa:f0:54:32:77" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:26.198444000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494546.198444000", + "frame.time_delta": "0.098907000", + "frame.time_delta_displayed": "0.098907000", + "frame.time_relative": "954.737758000", + "frame.number": "3704", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d06", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003879", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "12124", + "tcp.ack": "52839", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e53f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:9f:b2:00:26:25:d7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812190642, TSecr 2500055": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812190642", + "tcp.options.timestamp.tsecr": "2500055" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3703", + "tcp.analysis.ack_rtt": "0.098907000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:26.199160000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494546.199160000", + "frame.time_delta": "0.000716000", + "frame.time_delta_displayed": "0.000716000", + "frame.time_relative": "954.738474000", + "frame.number": "3705", + "frame.len": "1440", + "frame.cap_len": "1440", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1426", + "ip.id": "0x000095fe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007223", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1374", + "tcp.seq": "52839", + "tcp.nxtseq": "54213", + "tcp.ack": "12124", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001969", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:25:e0:a7:9e:9f:b2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2500064, TSecr 2812190642": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2500064", + "tcp.options.timestamp.tsecr": "2812190642" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1374", + "tcp.analysis.push_bytes_sent": "1374" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:bb:0e:2b:c4:90:4d:15:fe:af:e2:43:cd:b7:bc:cf:ff:32:39:4b:98:65:a5:81:2c:1d:e6:af:5e:7a:82:03:a4:87:80:b9:f0:13:e7:a8:ea:70:d3" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:bc:78:45:5f:93:90:36:09:fe:7e:d3:bb:4a:cd:4e:07:31:0b:29:61:50:11:f5:1a:e6:a5:b5:53:f4:dd:d2:5b:e1:fd:69:26:80:d5:84:f6:70:71:6e:a0:8b:2b:50:1f:7b:3e:5a:0a:51:87:28:3f:3a:94:5f:d5:91:dc:cf:68:2d:d8:97:49:b9:80:76:5f:86:6c:80:88:4e:c5:02:15:22:3f:92:5e:4c:18:29:21:82" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1078", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:bd:4f:80:ea:08:ce:6b:c2:0c:6c:8b:25:b4:07:be:05:f5:7e:70:ea:9e:5f:1b:f7:cb:36:d5:af:76:4c:ae:0a:f8:cf:74:96:dc:c3:a1:41:f1:a9:d4:3d:fe:b5:b2:7c:72:54:6d:a5:57:ec:9c:4d:04:c1:47:09:f0:b9:df:a5:f1:c6:0a:fd:32:ae:54:c6:88:11:bb:ac:05:de:d8:8a:b5:19:be:66:da:86:26:49:de:33:0f:10:50:bc:e7:5c:c0:b7:78:19:d8:67:11:76:6e:5f:07:96:c9:42:42:28:59:9e:cc:c1:27:30:d5:e0:27:60:28:27:09:3c:b7:5f:9c:7e:ad:45:42:39:bf:c9:99:91:d5:e1:e4:7c:53:ee:45:1f:20:e3:57:4b:57:12:da:fb:6c:34:a0:83:af:da:00:c2:61:24:b5:90:3b:66:52:aa:dd:bc:43:94:f2:80:ca:fe:16:68:fe:cd:ed:4f:b5:ea:f8:3f:cd:ae:57:88:fe:1e:4f:9e:fa:cf:64:28:70:9d:6a:5e:af:d5:2c:8b:55:c7:49:61:eb:23:af:90:aa:e2:d8:1b:2c:c4:d7:9c:00:6c:59:c5:77:6d:9d:9d:3d:1e:5f:3b:41:d6:a7:3f:82:f1:fa:0e:3d:4f:0a:15:61:9a:5d:0e:22:a6:d4:49:0b:34:d8:d0:52:59:44:78:66:7d:2d:f3:7d:dd:59:37:a2:8d:b8:9e:17:02:94:ca:f8:b7:c6:9d:c2:20:b0:48:e6:55:8f:1d:59:2b:bb:24:ad:37:72:9e:5d:41:f4:48:87:97:82:1f:ef:6b:d5:a5:53:fa:7b:50:3f:19:ce:c9:16:50:3b:da:9b:e8:0b:ab:cd:2f:b4:56:88:43:9f:0b:2c:34:65:12:7a:ba:4d:3d:ad:24:5b:76:05:ac:9a:55:15:8f:a8:fe:c4:85:7f:6e:d6:d3:c8:01:d5:24:61:b7:28:a5:47:8b:a6:d5:e5:11:5d:59:24:31:f6:04:07:53:2e:89:83:c6:df:22:75:1d:fe:59:8b:65:5b:fa:da:05:d8:e4:41:25:d7:03:25:a7:85:c5:0e:04:1e:32:de:c1:e8:c0:4f:b4:fd:b2:4c:db:ae:dd:65:7f:e9:c6:6d:dd:e7:c5:ca:94:69:d5:a8:58:e3:1a:52:80:91:36:3a:ac:42:4a:22:d4:27:05:00:ab:b0:f4:1e:4e:c6:d6:a8:f5:04:ea:5a:5a:89:16:7b:75:aa:85:5c:33:11:45:97:02:3b:5d:d0:8e:52:58:eb:8d:5a:6e:e1:73:98:97:ed:36:f1:0a:d3:cd:38:fd:de:70:a4:a6:3b:e7:37:b1:84:de:bd:12:54:03:38:29:ed:5e:ba:0e:72:9a:77:ab:87:d5:b2:ea:83:51:7a:2e:8a:47:41:ef:5c:42:7e:c0:a8:f9:c9:72:05:d2:a5:3b:43:cf:bb:6f:12:f5:0c:7b:a8:7b:9a:25:65:57:97:4e:8e:b3:4a:4f:fe:b4:7a:b5:a5:0f:53:5e:3e:d4:56:52:8a:2e:9f:a3:95:81:9d:fd:95:0a:12:38:02:38:b8:32:fe:27:d3:35:00:ab:81:08:2d:cd:44:6b:6f:7d:37:bc:ae:37:53:2d:5e:0d:52:5c:e5:81:59:48:1f:1f:f0:13:69:69:32:af:35:58:d5:56:9f:2f:84:db:ac:c5:3d:57:b7:68:5f:5f:92:0c:2f:ab:bf:99:7c:33:51:ef:e1:ae:ae:a8:1d:2d:1b:07:13:cf:74:51:bf:a1:72:a5:1a:3c:40:a2:f7:3f:df:9f:7f:d9:72:b8:c8:6b:27:71:7c:aa:86:3d:08:5a:14:34:f7:e3:e1:c9:c1:30:84:f8:99:51:27:0b:ba:cd:6b:6f:5d:3c:de:91:0a:9d:90:01:a2:e1:01:15:cf:8b:a4:28:07:4a:14:da:ef:35:80:dc:24:ef:83:99:af:33:86:a4:46:de:7c:4a:2b:db:32:5c:3c:9d:29:cc:63:02:54:9f:2e:c8:94:5e:b3:3b:f5:68:f1:67:5c:13:c7:65:c9:6e:40:b9:b5:fc:7b:52:f0:36:03:6c:1f:a6:3b:03:90:24:4e:8b:b7:d3:2a:9d:80:47:4e:44:e7:0e:aa:51:ec:1e:0c:c0:5d:d2:76:3d:20:cd:7c:98:92:47:68:52:74:0d:e1:53:5c:7e:4e:9b:c2:11:19:19:b1:d2:83:9e:e3:a7:06:45:eb:6f:ba:cc:69:aa:06:a0:e4:2a:4b:c2:cb:b8:f0:ac:0c:6d:0c:39:e1:88:06:17:e0:21:8c:c4:f4:cd:c7:80:26:03:b5:7c:79:5c:3a:5a:da:ce:8e:d6:4b:e7:a1:73:5f:21:ab:c4:f5:7b:0e:f5:9f:44:29:58:f5:c2:16:d4:6f:a9:3d:ae:e4:d6:fd:57:78:0e:1b:ac:d8:75:22:88:0b:46:29:c3:f9:91:72:c6:4a:a3:e4:14:7e:5d:bb:3b:41:13:3c:2b:3e:9a:4e:25:9f:7a:be:f3:f2:46:80:7d:e7:21:27:08:01:c0:8a:1b:9c:ed:df:31:2c:40:c6:6d:1f:a1:90:19:83:36:ff:a2:d5:1d:dd:56:9a:51:bb:5e:e2:29:6f:6a:c7:e9:06:d6:5d:2b:6d:a0:d5:b7:56:4c:7e:ec:98:a2:9d:85:2a:a2:98:37:09:f0:e0:5e:22:46:26:85:20:99:1d:98:46:fe:79:e3:00:03:4d:3e:1c:c3:cc:c4:2f:dd:be:aa:50:00:41:59:b7:c6:43:ec:25:54:8a:17:0a:89:cf:1e:f8:5f:59:11:7a:be:46:a8:78:b5:db" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "131", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:be:30:2e:3d:53:e1:05:bb:45:1f:15:7d:b9:9d:85:ff:f8:8a:80:30:27:05:7a:e2:ba:84:f2:3a:68:b7:19:02:80:10:c2:47:c9:16:da:63:a0:9d:63:14:08:d5:dc:f7:89:77:a3:2b:1e:f5:a9:a6:db:c4:d4:55:2f:b9:53:94:c8:b3:9a:39:a4:6a:51:a9:0a:d1:17:c4:da:18:62:d5:f0:3d:59:2b:05:6f:08:24:af:53:1d:75:da:2e:37:8c:0d:74:2e:83:23:4f:49:91:ea:7d:a2:21:83:08:a0:3f:fe:ea:c6:8f:34:5a:ce:f9:8a:f8:b3:b8" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:26.259501000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494546.259501000", + "frame.time_delta": "0.060341000", + "frame.time_delta_displayed": "0.060341000", + "frame.time_relative": "954.798815000", + "frame.number": "3706", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d07", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003878", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "12124", + "tcp.ack": "54213", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000dfc9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:9f:c1:00:26:25:e0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812190657, TSecr 2500064": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812190657", + "tcp.options.timestamp.tsecr": "2500064" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3705", + "tcp.analysis.ack_rtt": "0.060341000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:26.518886000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494546.518886000", + "frame.time_delta": "0.259385000", + "frame.time_delta_displayed": "0.259385000", + "frame.time_relative": "955.058200000", + "frame.number": "3707", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000095ff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000774a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "54213", + "tcp.nxtseq": "54267", + "tcp.ack": "12124", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d5f1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:26:00:a7:9e:9f:c1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2500096, TSecr 2812190657": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2500096", + "tcp.options.timestamp.tsecr": "2812190657" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:bf:4e:2f:9d:32:34:a0:d2:dc:37:d6:62:8c:af:ed:fb:22:75:42:3a:ea:74:fc:09:12:e0:ec:6e:f0:49:8c:2e:aa:5b:97:16:bf:2c:9f:a0:aa:fc" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:26.579752000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494546.579752000", + "frame.time_delta": "0.060866000", + "frame.time_delta_displayed": "0.060866000", + "frame.time_relative": "955.119066000", + "frame.number": "3708", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d08", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003877", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "12124", + "tcp.ack": "54267", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000df23", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:a0:11:00:26:26:00", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812190737, TSecr 2500096": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812190737", + "tcp.options.timestamp.tsecr": "2500096" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3707", + "tcp.analysis.ack_rtt": "0.060866000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:28.852700000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494548.852700000", + "frame.time_delta": "2.272948000", + "frame.time_delta_displayed": "2.272948000", + "frame.time_relative": "957.392014000", + "frame.number": "3709", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:30.322156000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494550.322156000", + "frame.time_delta": "1.469456000", + "frame.time_delta_displayed": "1.469456000", + "frame.time_relative": "958.861470000", + "frame.number": "3710", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:57:18:8e:aa:94", + "arp.src.proto_ipv4": "192.168.0.108", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:32.831553000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494552.831553000", + "frame.time_delta": "2.509397000", + "frame.time_delta_displayed": "2.509397000", + "frame.time_relative": "961.370867000", + "frame.number": "3711", + "frame.len": "326", + "frame.cap_len": "326", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "312", + "ip.id": "0x00000c20", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x000086a4", + "ip.checksum.status": "2", + "ip.src": "54.241.191.234", + "ip.addr": "54.241.191.234", + "ip.src_host": "54.241.191.234", + "ip.host": "54.241.191.234", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49769", + "tcp.port": "80", + "tcp.port": "49769", + "tcp.stream": "144", + "tcp.len": "272", + "tcp.seq": "1", + "tcp.nxtseq": "273", + "tcp.ack": "258", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30016", + "tcp.window_size": "30016", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000089c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018096000", + "tcp.analysis.bytes_in_flight": "272", + "tcp.analysis.push_bytes_sent": "272" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.date": "Wed, 01 Nov 2017 00:02:32 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:02:32 GMT\r\n", + "http.content_type": "text\/javascript; charset=\"UTF-8\"", + "http.response.line": "Content-Type: text\/javascript; charset=\"UTF-8\"\r\n", + "http.content_length_header": "32", + "http.content_length_header_tree": { + "http.content_length": "32" + }, + "http.response.line": "Content-Length: 32\r\n", + "http.connection": "keep-alive", + "http.response.line": "Connection: keep-alive\r\n", + "http.cache_control": "no-cache", + "http.response.line": "Cache-Control: no-cache\r\n", + "http.response.line": "Access-Control-Allow-Origin: *\r\n", + "http.response.line": "Access-Control-Allow-Methods: GET\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "47.936907000", + "http.request_in": "3614", + "http.file_data": "[[15453857],\"15094945528362978\"]" + }, + "data-text-lines": { + "[[15453857],\"15094945528362978\"]": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:32.865202000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494552.865202000", + "frame.time_delta": "0.033649000", + "frame.time_delta_displayed": "0.033649000", + "frame.time_relative": "961.404516000", + "frame.number": "3712", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001026", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f3ad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.234", + "ip.addr": "54.241.191.234", + "ip.dst_host": "54.241.191.234", + "ip.host": "54.241.191.234", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49769", + "tcp.dstport": "80", + "tcp.port": "49769", + "tcp.port": "80", + "tcp.stream": "144", + "tcp.len": "0", + "tcp.seq": "258", + "tcp.ack": "273", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5328", + "tcp.window_size": "5328", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000025f9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3711", + "tcp.analysis.ack_rtt": "0.033649000", + "tcp.analysis.initial_rtt": "0.018096000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:32.876699000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494552.876699000", + "frame.time_delta": "0.011497000", + "frame.time_delta_displayed": "0.011497000", + "frame.time_relative": "961.416013000", + "frame.number": "3713", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000c21", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x000087b3", + "ip.checksum.status": "2", + "ip.src": "54.241.191.234", + "ip.addr": "54.241.191.234", + "ip.src_host": "54.241.191.234", + "ip.host": "54.241.191.234", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49769", + "tcp.port": "80", + "tcp.port": "49769", + "tcp.stream": "144", + "tcp.len": "0", + "tcp.seq": "273", + "tcp.ack": "259", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30016", + "tcp.window_size": "30016", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000c587", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3712", + "tcp.analysis.ack_rtt": "0.011497000", + "tcp.analysis.initial_rtt": "0.018096000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:32.882012000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494552.882012000", + "frame.time_delta": "0.005313000", + "frame.time_delta_displayed": "0.005313000", + "frame.time_relative": "961.421326000", + "frame.number": "3714", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001027", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f3ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.234", + "ip.addr": "54.241.191.234", + "ip.dst_host": "54.241.191.234", + "ip.host": "54.241.191.234", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49769", + "tcp.dstport": "80", + "tcp.port": "49769", + "tcp.port": "80", + "tcp.stream": "144", + "tcp.len": "0", + "tcp.seq": "259", + "tcp.ack": "274", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5327", + "tcp.window_size": "5327", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000025f9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3713", + "tcp.analysis.ack_rtt": "0.005313000", + "tcp.analysis.initial_rtt": "0.018096000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:33.438853000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494553.438853000", + "frame.time_delta": "0.556841000", + "frame.time_delta_displayed": "0.556841000", + "frame.time_relative": "961.978167000", + "frame.number": "3715", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00001028", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000029bb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49153", + "udp.dstport": "53", + "udp.port": "49153", + "udp.port": "53", + "udp.length": "44", + "udp.checksum": "0x0000f377", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "home.myblossom.com: type A, class IN": { + "dns.qry.name": "home.myblossom.com", + "dns.qry.name.len": "18", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:33.440438000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494553.440438000", + "frame.time_delta": "0.001585000", + "frame.time_delta_displayed": "0.001585000", + "frame.time_relative": "961.979752000", + "frame.number": "3716", + "frame.len": "423", + "frame.cap_len": "423", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "409", + "ip.id": "0x00008a9d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002ced", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49153", + "udp.port": "53", + "udp.port": "49153", + "udp.length": "389", + "udp.checksum": "0x00008360", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.response_to": "3715", + "dns.time": "0.001585000", + "dns.id": "0x00000000", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "2", + "dns.count.auth_rr": "4", + "dns.count.add_rr": "8", + "Queries": { + "home.myblossom.com: type A, class IN": { + "dns.qry.name": "home.myblossom.com", + "dns.qry.name.len": "18", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "home.myblossom.com: type A, class IN, addr 54.153.31.0": { + "dns.resp.name": "home.myblossom.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "10", + "dns.resp.len": "4", + "dns.a": "54.153.31.0" + }, + "home.myblossom.com: type A, class IN, addr 54.219.161.163": { + "dns.resp.name": "home.myblossom.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "10", + "dns.resp.len": "4", + "dns.a": "54.219.161.163" + } + }, + "Authoritative nameservers": { + "myblossom.com: type NS, class IN, ns ns-1743.awsdns-25.co.uk": { + "dns.resp.name": "myblossom.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58030", + "dns.resp.len": "25", + "dns.ns": "ns-1743.awsdns-25.co.uk" + }, + "myblossom.com: type NS, class IN, ns ns-540.awsdns-03.net": { + "dns.resp.name": "myblossom.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58030", + "dns.resp.len": "22", + "dns.ns": "ns-540.awsdns-03.net" + }, + "myblossom.com: type NS, class IN, ns ns-477.awsdns-59.com": { + "dns.resp.name": "myblossom.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58030", + "dns.resp.len": "19", + "dns.ns": "ns-477.awsdns-59.com" + }, + "myblossom.com: type NS, class IN, ns ns-1324.awsdns-37.org": { + "dns.resp.name": "myblossom.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58030", + "dns.resp.len": "23", + "dns.ns": "ns-1324.awsdns-37.org" + } + }, + "Additional records": { + "ns-477.awsdns-59.com: type A, class IN, addr 205.251.193.221": { + "dns.resp.name": "ns-477.awsdns-59.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "101577", + "dns.resp.len": "4", + "dns.a": "205.251.193.221" + }, + "ns-540.awsdns-03.net: type A, class IN, addr 205.251.194.28": { + "dns.resp.name": "ns-540.awsdns-03.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57564", + "dns.resp.len": "4", + "dns.a": "205.251.194.28" + }, + "ns-1324.awsdns-37.org: type A, class IN, addr 205.251.197.44": { + "dns.resp.name": "ns-1324.awsdns-37.org", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57648", + "dns.resp.len": "4", + "dns.a": "205.251.197.44" + }, + "ns-1743.awsdns-25.co.uk: type A, class IN, addr 205.251.198.207": { + "dns.resp.name": "ns-1743.awsdns-25.co.uk", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57974", + "dns.resp.len": "4", + "dns.a": "205.251.198.207" + }, + "ns-477.awsdns-59.com: type AAAA, class IN, addr 2600:9000:5301:dd00::1": { + "dns.resp.name": "ns-477.awsdns-59.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "101577", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5301:dd00::1" + }, + "ns-540.awsdns-03.net: type AAAA, class IN, addr 2600:9000:5302:1c00::1": { + "dns.resp.name": "ns-540.awsdns-03.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57564", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5302:1c00::1" + }, + "ns-1324.awsdns-37.org: type AAAA, class IN, addr 2600:9000:5305:2c00::1": { + "dns.resp.name": "ns-1324.awsdns-37.org", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57648", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5305:2c00::1" + }, + "ns-1743.awsdns-25.co.uk: type AAAA, class IN, addr 2600:9000:5306:cf00::1": { + "dns.resp.name": "ns-1743.awsdns-25.co.uk", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57974", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5306:cf00::1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:33.449988000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494553.449988000", + "frame.time_delta": "0.009550000", + "frame.time_delta_displayed": "0.009550000", + "frame.time_relative": "961.989302000", + "frame.number": "3717", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00001029", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000094e9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49770", + "tcp.dstport": "80", + "tcp.port": "49770", + "tcp.port": "80", + "tcp.stream": "147", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.checksum": "0x00006c9e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:78", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1400" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:33.462671000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494553.462671000", + "frame.time_delta": "0.012683000", + "frame.time_delta_displayed": "0.012683000", + "frame.time_relative": "962.001985000", + "frame.number": "3718", + "frame.len": "58", + "frame.cap_len": "58", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "238", + "ip.proto": "6", + "ip.checksum": "0x00007612", + "ip.checksum.status": "2", + "ip.src": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.src_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49770", + "tcp.port": "80", + "tcp.port": "49770", + "tcp.stream": "147", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "26883", + "tcp.window_size": "26883", + "tcp.checksum": "0x00009ee0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3717", + "tcp.analysis.ack_rtt": "0.012683000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:33.467959000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494553.467959000", + "frame.time_delta": "0.005288000", + "frame.time_delta_displayed": "0.005288000", + "frame.time_relative": "962.007273000", + "frame.number": "3719", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000102a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000094ec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49770", + "tcp.dstport": "80", + "tcp.port": "49770", + "tcp.port": "80", + "tcp.stream": "147", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000009c1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3718", + "tcp.analysis.ack_rtt": "0.005288000", + "tcp.analysis.initial_rtt": "0.017971000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:33.899600000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494553.899600000", + "frame.time_delta": "0.431641000", + "frame.time_delta_displayed": "0.431641000", + "frame.time_relative": "962.438914000", + "frame.number": "3720", + "frame.len": "77", + "frame.cap_len": "77", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "63", + "ip.id": "0x0000102b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000029b9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49153", + "udp.dstport": "53", + "udp.port": "49153", + "udp.port": "53", + "udp.length": "43", + "udp.checksum": "0x0000ae30", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.id": "0x00000001", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "pubsub.pubnub.com: type A, class IN": { + "dns.qry.name": "pubsub.pubnub.com", + "dns.qry.name.len": "17", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:33.901569000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494553.901569000", + "frame.time_delta": "0.001969000", + "frame.time_delta_displayed": "0.001969000", + "frame.time_relative": "962.440883000", + "frame.number": "3721", + "frame.len": "540", + "frame.cap_len": "540", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "526", + "ip.id": "0x00008ac5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002c50", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49153", + "udp.port": "53", + "udp.port": "49153", + "udp.length": "506", + "udp.checksum": "0x000083d5", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.response_to": "3720", + "dns.time": "0.001969000", + "dns.id": "0x00000001", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "2", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "11", + "Queries": { + "pubsub.pubnub.com: type A, class IN": { + "dns.qry.name": "pubsub.pubnub.com", + "dns.qry.name.len": "17", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "pubsub.pubnub.com: type A, class IN, addr 54.241.191.237": { + "dns.resp.name": "pubsub.pubnub.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "298", + "dns.resp.len": "4", + "dns.a": "54.241.191.237" + }, + "pubsub.pubnub.com: type A, class IN, addr 54.241.191.239": { + "dns.resp.name": "pubsub.pubnub.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "298", + "dns.resp.len": "4", + "dns.a": "54.241.191.239" + } + }, + "Authoritative nameservers": { + "pubnub.com: type NS, class IN, ns ns-1979.awsdns-55.co.uk": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53006", + "dns.resp.len": "25", + "dns.ns": "ns-1979.awsdns-55.co.uk" + }, + "pubnub.com: type NS, class IN, ns ns4.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53006", + "dns.resp.len": "20", + "dns.ns": "ns4.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns3.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53006", + "dns.resp.len": "6", + "dns.ns": "ns3.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns-1127.awsdns-12.org": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53006", + "dns.resp.len": "23", + "dns.ns": "ns-1127.awsdns-12.org" + }, + "pubnub.com: type NS, class IN, ns ns-22.awsdns-02.com": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53006", + "dns.resp.len": "18", + "dns.ns": "ns-22.awsdns-02.com" + }, + "pubnub.com: type NS, class IN, ns ns2.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53006", + "dns.resp.len": "6", + "dns.ns": "ns2.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns1.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53006", + "dns.resp.len": "6", + "dns.ns": "ns1.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns-907.awsdns-49.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "53006", + "dns.resp.len": "19", + "dns.ns": "ns-907.awsdns-49.net" + } + }, + "Additional records": { + "ns1.p19.dynect.net: type A, class IN, addr 208.78.70.19": { + "dns.resp.name": "ns1.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5297", + "dns.resp.len": "4", + "dns.a": "208.78.70.19" + }, + "ns2.p19.dynect.net: type A, class IN, addr 204.13.250.19": { + "dns.resp.name": "ns2.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57257", + "dns.resp.len": "4", + "dns.a": "204.13.250.19" + }, + "ns3.p19.dynect.net: type A, class IN, addr 208.78.71.19": { + "dns.resp.name": "ns3.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3567", + "dns.resp.len": "4", + "dns.a": "208.78.71.19" + }, + "ns4.p19.dynect.net: type A, class IN, addr 204.13.251.19": { + "dns.resp.name": "ns4.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57258", + "dns.resp.len": "4", + "dns.a": "204.13.251.19" + }, + "ns-22.awsdns-02.com: type A, class IN, addr 205.251.192.22": { + "dns.resp.name": "ns-22.awsdns-02.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57999", + "dns.resp.len": "4", + "dns.a": "205.251.192.22" + }, + "ns-907.awsdns-49.net: type A, class IN, addr 205.251.195.139": { + "dns.resp.name": "ns-907.awsdns-49.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58107", + "dns.resp.len": "4", + "dns.a": "205.251.195.139" + }, + "ns-1127.awsdns-12.org: type A, class IN, addr 205.251.196.103": { + "dns.resp.name": "ns-1127.awsdns-12.org", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57649", + "dns.resp.len": "4", + "dns.a": "205.251.196.103" + }, + "ns-1979.awsdns-55.co.uk: type A, class IN, addr 205.251.199.187": { + "dns.resp.name": "ns-1979.awsdns-55.co.uk", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57450", + "dns.resp.len": "4", + "dns.a": "205.251.199.187" + }, + "ns-22.awsdns-02.com: type AAAA, class IN, addr 2600:9000:5300:1600::1": { + "dns.resp.name": "ns-22.awsdns-02.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57999", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5300:1600::1" + }, + "ns-907.awsdns-49.net: type AAAA, class IN, addr 2600:9000:5303:8b00::1": { + "dns.resp.name": "ns-907.awsdns-49.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58107", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5303:8b00::1" + }, + "ns-1127.awsdns-12.org: type AAAA, class IN, addr 2600:9000:5304:6700::1": { + "dns.resp.name": "ns-1127.awsdns-12.org", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57649", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5304:6700::1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:33.908291000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494553.908291000", + "frame.time_delta": "0.006722000", + "frame.time_delta_displayed": "0.006722000", + "frame.time_relative": "962.447605000", + "frame.number": "3722", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x0000102c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f3a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.dst_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49771", + "tcp.dstport": "80", + "tcp.port": "49771", + "tcp.port": "80", + "tcp.stream": "148", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.checksum": "0x00006cce", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:78", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1400" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:33.919912000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494553.919912000", + "frame.time_delta": "0.011621000", + "frame.time_delta_displayed": "0.011621000", + "frame.time_relative": "962.459226000", + "frame.number": "3723", + "frame.len": "58", + "frame.cap_len": "58", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x000093cd", + "ip.checksum.status": "2", + "ip.src": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.src_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49771", + "tcp.port": "80", + "tcp.port": "49771", + "tcp.stream": "148", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000d200", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3722", + "tcp.analysis.ack_rtt": "0.011621000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:33.925439000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494553.925439000", + "frame.time_delta": "0.005527000", + "frame.time_delta_displayed": "0.005527000", + "frame.time_relative": "962.464753000", + "frame.number": "3724", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000102d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f3a3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.dst_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49771", + "tcp.dstport": "80", + "tcp.port": "49771", + "tcp.port": "80", + "tcp.stream": "148", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000045ee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3723", + "tcp.analysis.ack_rtt": "0.005527000", + "tcp.analysis.initial_rtt": "0.017148000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:33.944618000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494553.944618000", + "frame.time_delta": "0.019179000", + "frame.time_delta_displayed": "0.019179000", + "frame.time_relative": "962.483932000", + "frame.number": "3725", + "frame.len": "69", + "frame.cap_len": "69", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "55", + "ip.id": "0x0000102e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f393", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.dst_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49771", + "tcp.dstport": "80", + "tcp.port": "49771", + "tcp.port": "80", + "tcp.stream": "148", + "tcp.len": "15", + "tcp.seq": "1", + "tcp.nxtseq": "16", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008e69", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.017148000", + "tcp.analysis.bytes_in_flight": "15", + "tcp.analysis.push_bytes_sent": "15" + }, + "tcp.segment_data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:33.949896000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494553.949896000", + "frame.time_delta": "0.005278000", + "frame.time_delta_displayed": "0.005278000", + "frame.time_relative": "962.489210000", + "frame.number": "3726", + "frame.len": "177", + "frame.cap_len": "177", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "163", + "ip.id": "0x0000102f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000946c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49770", + "tcp.dstport": "80", + "tcp.port": "49770", + "tcp.port": "80", + "tcp.stream": "147", + "tcp.len": "123", + "tcp.seq": "1", + "tcp.nxtseq": "124", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000496f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.017971000", + "tcp.analysis.bytes_in_flight": "123", + "tcp.analysis.push_bytes_sent": "123" + } + }, + "http": { + "GET \/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/realtime\/ HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/realtime\/ HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/realtime\/", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "home.myblossom.com", + "http.request.line": "Host: home.myblossom.com\r\n", + "http.user_agent": "WMSDK", + "http.request.line": "User-Agent: WMSDK\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/home.myblossom.com\/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/realtime\/", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:33.956020000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494553.956020000", + "frame.time_delta": "0.006124000", + "frame.time_delta_displayed": "0.006124000", + "frame.time_relative": "962.495334000", + "frame.number": "3727", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004548", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x00004e89", + "ip.checksum.status": "2", + "ip.src": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.src_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49771", + "tcp.port": "80", + "tcp.port": "49771", + "tcp.stream": "148", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "16", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000e9ae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3725", + "tcp.analysis.ack_rtt": "0.011402000", + "tcp.analysis.initial_rtt": "0.017148000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:33.961176000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494553.961176000", + "frame.time_delta": "0.005156000", + "frame.time_delta_displayed": "0.005156000", + "frame.time_relative": "962.500490000", + "frame.number": "3728", + "frame.len": "296", + "frame.cap_len": "296", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "282", + "ip.id": "0x00001030", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f2ae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.dst_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49771", + "tcp.dstport": "80", + "tcp.port": "49771", + "tcp.port": "80", + "tcp.stream": "148", + "tcp.len": "242", + "tcp.seq": "16", + "tcp.nxtseq": "258", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000c4fc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.017148000", + "tcp.analysis.bytes_in_flight": "242", + "tcp.analysis.push_bytes_sent": "242" + }, + "tcp.segment_data": "73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" + }, + "tcp.segments": { + "tcp.segment": "3725", + "tcp.segment": "3728", + "tcp.segment.count": "2", + "tcp.reassembled.length": "257", + "tcp.reassembled.data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f:73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" + }, + "http": { + "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "pubsub.pubnub.com", + "http.request.line": "Host: pubsub.pubnub.com\r\n", + "http.user_agent": "lwsockets\/0.1", + "http.request.line": "User-Agent: lwsockets\/0.1\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.cache_control": "no-cache, no-store, max-age=0", + "http.request.line": "Cache-Control: no-cache, no-store, max-age=0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/pubsub.pubnub.com\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:33.962766000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494553.962766000", + "frame.time_delta": "0.001590000", + "frame.time_delta_displayed": "0.001590000", + "frame.time_relative": "962.502080000", + "frame.number": "3729", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000476e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "238", + "ip.proto": "6", + "ip.checksum": "0x00002ea8", + "ip.checksum.status": "2", + "ip.src": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.src_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49770", + "tcp.port": "80", + "tcp.port": "49770", + "tcp.stream": "147", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "124", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "26883", + "tcp.window_size": "26883", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000b622", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3726", + "tcp.analysis.ack_rtt": "0.012870000", + "tcp.analysis.initial_rtt": "0.017971000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:33.973603000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494553.973603000", + "frame.time_delta": "0.010837000", + "frame.time_delta_displayed": "0.010837000", + "frame.time_relative": "962.512917000", + "frame.number": "3730", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004549", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x00004e88", + "ip.checksum.status": "2", + "ip.src": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.src_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49771", + "tcp.port": "80", + "tcp.port": "49771", + "tcp.stream": "148", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "258", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30016", + "tcp.window_size": "30016", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000e58c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3728", + "tcp.analysis.ack_rtt": "0.012427000", + "tcp.analysis.initial_rtt": "0.017148000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:33.989629000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494553.989629000", + "frame.time_delta": "0.016026000", + "frame.time_delta_displayed": "0.016026000", + "frame.time_relative": "962.528943000", + "frame.number": "3731", + "frame.len": "457", + "frame.cap_len": "457", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:json" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "443", + "ip.id": "0x0000476f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "238", + "ip.proto": "6", + "ip.checksum": "0x00002d14", + "ip.checksum.status": "2", + "ip.src": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.src_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49770", + "tcp.port": "80", + "tcp.port": "49770", + "tcp.stream": "147", + "tcp.len": "403", + "tcp.seq": "1", + "tcp.nxtseq": "404", + "tcp.ack": "124", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "26883", + "tcp.window_size": "26883", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000014c9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.017971000", + "tcp.analysis.bytes_in_flight": "403", + "tcp.analysis.push_bytes_sent": "403" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.response.line": "Allow: GET, HEAD, OPTIONS\r\n", + "http.content_type": "application\/json", + "http.response.line": "Content-Type: application\/json\r\n", + "http.date": "Wed, 01 Nov 2017 00:02:33 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:02:33 GMT\r\n", + "http.server": "nginx\/1.4.6 (Ubuntu)", + "http.response.line": "Server: nginx\/1.4.6 (Ubuntu)\r\n", + "http.response.line": "Vary: Accept, Cookie\r\n", + "http.content_length_header": "191", + "http.content_length_header_tree": { + "http.content_length": "191" + }, + "http.response.line": "Content-Length: 191\r\n", + "http.connection": "keep-alive", + "http.response.line": "Connection: keep-alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.039733000", + "http.request_in": "3726", + "http.file_data": "{\"status\":\"pending\",\"operation_timeout_seconds\":30,\"current_time\":\"2017-10-31T17:02:33.991776-07:00\",\"psr\":0,\"timestamp\":\"1a604d\",\"message\":{},\"age\":3,\"message_type\":\"schedule\",\"id\":15453857}" + }, + "json": { + "json.object": { + "json.member": { + "json.value.string": "pending", + "json.key": "status" + }, + "json.member": { + "json.value.number": "30", + "json.key": "operation_timeout_seconds" + }, + "json.member": { + "json.value.string": "2017-10-31T17:02:33.991776-07:00", + "json.key": "current_time" + }, + "json.member": { + "json.value.number": "0", + "json.key": "psr" + }, + "json.member": { + "json.value.string": "1a604d", + "json.key": "timestamp" + }, + "json.member": { + "json.object": "", + "json.key": "message" + }, + "json.member": { + "json.value.number": "3", + "json.key": "age" + }, + "json.member": { + "json.value.string": "schedule", + "json.key": "message_type" + }, + "json.member": { + "json.value.number": "15453857", + "json.key": "id" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:33.999464000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494553.999464000", + "frame.time_delta": "0.009835000", + "frame.time_delta_displayed": "0.009835000", + "frame.time_relative": "962.538778000", + "frame.number": "3732", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001031", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000094e5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49770", + "tcp.dstport": "80", + "tcp.port": "49770", + "tcp.port": "80", + "tcp.stream": "147", + "tcp.len": "0", + "tcp.seq": "124", + "tcp.ack": "404", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5197", + "tcp.window_size": "5197", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00000945", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3731", + "tcp.analysis.ack_rtt": "0.009835000", + "tcp.analysis.initial_rtt": "0.017971000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:34.011844000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494554.011844000", + "frame.time_delta": "0.012380000", + "frame.time_delta_displayed": "0.012380000", + "frame.time_relative": "962.551158000", + "frame.number": "3733", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004770", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "238", + "ip.proto": "6", + "ip.checksum": "0x00002ea6", + "ip.checksum.status": "2", + "ip.src": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.src_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49770", + "tcp.port": "80", + "tcp.port": "49770", + "tcp.stream": "147", + "tcp.len": "0", + "tcp.seq": "404", + "tcp.ack": "125", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "26883", + "tcp.window_size": "26883", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000b48d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3732", + "tcp.analysis.ack_rtt": "0.012380000", + "tcp.analysis.initial_rtt": "0.017971000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:34.017424000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494554.017424000", + "frame.time_delta": "0.005580000", + "frame.time_delta_displayed": "0.005580000", + "frame.time_relative": "962.556738000", + "frame.number": "3734", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001032", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000094e4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49770", + "tcp.dstport": "80", + "tcp.port": "49770", + "tcp.port": "80", + "tcp.stream": "147", + "tcp.len": "0", + "tcp.seq": "125", + "tcp.ack": "405", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5196", + "tcp.window_size": "5196", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00000945", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3733", + "tcp.analysis.ack_rtt": "0.005580000", + "tcp.analysis.initial_rtt": "0.017971000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:34.259957000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494554.259957000", + "frame.time_delta": "0.242533000", + "frame.time_delta_displayed": "0.242533000", + "frame.time_relative": "962.799271000", + "frame.number": "3735", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057f6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a69b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "321", + "tcp.ack": "289", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000045f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:34.403154000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494554.403154000", + "frame.time_delta": "0.143197000", + "frame.time_delta_displayed": "0.143197000", + "frame.time_relative": "962.942468000", + "frame.number": "3736", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fe3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdae", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "289", + "tcp.ack": "322", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000ed4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:34.619899000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494554.619899000", + "frame.time_delta": "0.216745000", + "frame.time_delta_displayed": "0.216745000", + "frame.time_relative": "963.159213000", + "frame.number": "3737", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00001033", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000094df", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49772", + "tcp.dstport": "80", + "tcp.port": "49772", + "tcp.port": "80", + "tcp.stream": "149", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.checksum": "0x0000af85", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:78", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1400" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:34.633702000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494554.633702000", + "frame.time_delta": "0.013803000", + "frame.time_delta_displayed": "0.013803000", + "frame.time_relative": "963.173016000", + "frame.number": "3738", + "frame.len": "58", + "frame.cap_len": "58", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "237", + "ip.proto": "6", + "ip.checksum": "0x00007712", + "ip.checksum.status": "2", + "ip.src": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.src_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49772", + "tcp.port": "80", + "tcp.port": "49772", + "tcp.stream": "149", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "26883", + "tcp.window_size": "26883", + "tcp.checksum": "0x0000a201", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3737", + "tcp.analysis.ack_rtt": "0.013803000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:34.638901000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494554.638901000", + "frame.time_delta": "0.005199000", + "frame.time_delta_displayed": "0.005199000", + "frame.time_relative": "963.178215000", + "frame.number": "3739", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001034", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000094e2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49772", + "tcp.dstport": "80", + "tcp.port": "49772", + "tcp.port": "80", + "tcp.stream": "149", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00000ce2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3738", + "tcp.analysis.ack_rtt": "0.005199000", + "tcp.analysis.initial_rtt": "0.019002000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:35.119829000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494555.119829000", + "frame.time_delta": "0.480928000", + "frame.time_delta_displayed": "0.480928000", + "frame.time_relative": "963.659143000", + "frame.number": "3740", + "frame.len": "186", + "frame.cap_len": "186", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "172", + "ip.id": "0x00001035", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000945d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49772", + "tcp.dstport": "80", + "tcp.port": "49772", + "tcp.port": "80", + "tcp.stream": "149", + "tcp.len": "132", + "tcp.seq": "1", + "tcp.nxtseq": "133", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003025", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.019002000", + "tcp.analysis.bytes_in_flight": "132", + "tcp.analysis.push_bytes_sent": "132" + } + }, + "http": { + "GET \/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/activeschedule\/ HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/activeschedule\/ HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/activeschedule\/", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "home.myblossom.com", + "http.request.line": "Host: home.myblossom.com\r\n", + "http.user_agent": "WMSDK", + "http.request.line": "User-Agent: WMSDK\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/home.myblossom.com\/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/activeschedule\/", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:35.133609000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494555.133609000", + "frame.time_delta": "0.013780000", + "frame.time_delta_displayed": "0.013780000", + "frame.time_relative": "963.672923000", + "frame.number": "3741", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000047c8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "237", + "ip.proto": "6", + "ip.checksum": "0x00002f4e", + "ip.checksum.status": "2", + "ip.src": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.src_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49772", + "tcp.port": "80", + "tcp.port": "49772", + "tcp.stream": "149", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "133", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "27872", + "tcp.window_size": "27872", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000b55d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3740", + "tcp.analysis.ack_rtt": "0.013780000", + "tcp.analysis.initial_rtt": "0.019002000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:35.173311000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494555.173311000", + "frame.time_delta": "0.039702000", + "frame.time_delta_displayed": "0.039702000", + "frame.time_relative": "963.712625000", + "frame.number": "3742", + "frame.len": "457", + "frame.cap_len": "457", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:json" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "443", + "ip.id": "0x000047c9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "237", + "ip.proto": "6", + "ip.checksum": "0x00002dba", + "ip.checksum.status": "2", + "ip.src": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.src_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49772", + "tcp.port": "80", + "tcp.port": "49772", + "tcp.stream": "149", + "tcp.len": "403", + "tcp.seq": "1", + "tcp.nxtseq": "404", + "tcp.ack": "133", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "27872", + "tcp.window_size": "27872", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003972", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.019002000", + "tcp.analysis.bytes_in_flight": "403", + "tcp.analysis.push_bytes_sent": "403" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.response.line": "Allow: GET, HEAD, OPTIONS\r\n", + "http.content_type": "application\/json", + "http.response.line": "Content-Type: application\/json\r\n", + "http.date": "Wed, 01 Nov 2017 00:02:35 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:02:35 GMT\r\n", + "http.server": "nginx\/1.4.6 (Ubuntu)", + "http.response.line": "Server: nginx\/1.4.6 (Ubuntu)\r\n", + "http.response.line": "Vary: Accept, Cookie\r\n", + "http.content_length_header": "191", + "http.content_length_header_tree": { + "http.content_length": "191" + }, + "http.response.line": "Content-Length: 191\r\n", + "http.connection": "keep-alive", + "http.response.line": "Connection: keep-alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.053482000", + "http.request_in": "3740", + "http.file_data": "{\"current_time\":\"2017-10-31T17:02:35.170563-07:00\",\"ts_utc\":1509523355.0,\"online_cycles\":1,\"psr\":0,\"online_id\":\"2b-hJd43S5--9wBtk-VN2A\",\"offline_cycles\":0,\"offline_id\":null,\"ts\":1509494555.0}" + }, + "json": { + "json.object": { + "json.member": { + "json.value.string": "2017-10-31T17:02:35.170563-07:00", + "json.key": "current_time" + }, + "json.member": { + "json.value.number": "1509523355.0", + "json.key": "ts_utc" + }, + "json.member": { + "json.value.number": "1", + "json.key": "online_cycles" + }, + "json.member": { + "json.value.number": "0", + "json.key": "psr" + }, + "json.member": { + "json.value.string": "2b-hJd43S5--9wBtk-VN2A", + "json.key": "online_id" + }, + "json.member": { + "json.value.number": "0", + "json.key": "offline_cycles" + }, + "json.member": { + "json.value.null": "", + "json.key": "offline_id" + }, + "json.member": { + "json.value.number": "1509494555.0", + "json.key": "ts" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:35.183288000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494555.183288000", + "frame.time_delta": "0.009977000", + "frame.time_delta_displayed": "0.009977000", + "frame.time_relative": "963.722602000", + "frame.number": "3743", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001036", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000094e0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49772", + "tcp.dstport": "80", + "tcp.port": "49772", + "tcp.port": "80", + "tcp.stream": "149", + "tcp.len": "0", + "tcp.seq": "133", + "tcp.ack": "404", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5197", + "tcp.window_size": "5197", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00000c5d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3742", + "tcp.analysis.ack_rtt": "0.009977000", + "tcp.analysis.initial_rtt": "0.019002000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:35.196935000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494555.196935000", + "frame.time_delta": "0.013647000", + "frame.time_delta_displayed": "0.013647000", + "frame.time_relative": "963.736249000", + "frame.number": "3744", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000047ca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "237", + "ip.proto": "6", + "ip.checksum": "0x00002f4c", + "ip.checksum.status": "2", + "ip.src": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.src_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49772", + "tcp.port": "80", + "tcp.port": "49772", + "tcp.stream": "149", + "tcp.len": "0", + "tcp.seq": "404", + "tcp.ack": "134", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "27872", + "tcp.window_size": "27872", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000b3c8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3743", + "tcp.analysis.ack_rtt": "0.013647000", + "tcp.analysis.initial_rtt": "0.019002000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:35.202322000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494555.202322000", + "frame.time_delta": "0.005387000", + "frame.time_delta_displayed": "0.005387000", + "frame.time_relative": "963.741636000", + "frame.number": "3745", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001037", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000094df", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49772", + "tcp.dstport": "80", + "tcp.port": "49772", + "tcp.port": "80", + "tcp.stream": "149", + "tcp.len": "0", + "tcp.seq": "134", + "tcp.ack": "405", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5196", + "tcp.window_size": "5196", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00000c5d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3744", + "tcp.analysis.ack_rtt": "0.005387000", + "tcp.analysis.initial_rtt": "0.019002000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:35.793513000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494555.793513000", + "frame.time_delta": "0.591191000", + "frame.time_delta_displayed": "0.591191000", + "frame.time_relative": "964.332827000", + "frame.number": "3746", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00001038", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000094da", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49773", + "tcp.dstport": "80", + "tcp.port": "49773", + "tcp.port": "80", + "tcp.stream": "150", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.checksum": "0x000050f3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:78", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1400" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:35.807274000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494555.807274000", + "frame.time_delta": "0.013761000", + "frame.time_delta_displayed": "0.013761000", + "frame.time_relative": "964.346588000", + "frame.number": "3747", + "frame.len": "58", + "frame.cap_len": "58", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "237", + "ip.proto": "6", + "ip.checksum": "0x00007712", + "ip.checksum.status": "2", + "ip.src": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.src_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49773", + "tcp.port": "80", + "tcp.port": "49773", + "tcp.stream": "150", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "26883", + "tcp.window_size": "26883", + "tcp.checksum": "0x0000b9d7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3746", + "tcp.analysis.ack_rtt": "0.013761000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:35.813263000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494555.813263000", + "frame.time_delta": "0.005989000", + "frame.time_delta_displayed": "0.005989000", + "frame.time_relative": "964.352577000", + "frame.number": "3748", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001039", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000094dd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49773", + "tcp.dstport": "80", + "tcp.port": "49773", + "tcp.port": "80", + "tcp.stream": "150", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000024b8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3747", + "tcp.analysis.ack_rtt": "0.005989000", + "tcp.analysis.initial_rtt": "0.019750000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:36.293333000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494556.293333000", + "frame.time_delta": "0.480070000", + "frame.time_delta_displayed": "0.480070000", + "frame.time_relative": "964.832647000", + "frame.number": "3749", + "frame.len": "206", + "frame.cap_len": "206", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "192", + "ip.id": "0x0000103a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x00009444", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49773", + "tcp.dstport": "80", + "tcp.port": "49773", + "tcp.port": "80", + "tcp.stream": "150", + "tcp.len": "152", + "tcp.seq": "1", + "tcp.nxtseq": "153", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000085da", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.019750000", + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "http": { + "GET \/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/cyclepnum\/2b-hJd43S5--9wBtk-VN2A\/0\/ HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/cyclepnum\/2b-hJd43S5--9wBtk-VN2A\/0\/ HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/cyclepnum\/2b-hJd43S5--9wBtk-VN2A\/0\/", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "home.myblossom.com", + "http.request.line": "Host: home.myblossom.com\r\n", + "http.user_agent": "WMSDK", + "http.request.line": "User-Agent: WMSDK\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/home.myblossom.com\/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/cyclepnum\/2b-hJd43S5--9wBtk-VN2A\/0\/", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:36.307091000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494556.307091000", + "frame.time_delta": "0.013758000", + "frame.time_delta_displayed": "0.013758000", + "frame.time_relative": "964.846405000", + "frame.number": "3750", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004a04", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "237", + "ip.proto": "6", + "ip.checksum": "0x00002d12", + "ip.checksum.status": "2", + "ip.src": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.src_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49773", + "tcp.port": "80", + "tcp.port": "49773", + "tcp.stream": "150", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "153", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "27872", + "tcp.window_size": "27872", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000cd1f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3749", + "tcp.analysis.ack_rtt": "0.013758000", + "tcp.analysis.initial_rtt": "0.019750000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:36.354038000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494556.354038000", + "frame.time_delta": "0.046947000", + "frame.time_delta_displayed": "0.046947000", + "frame.time_relative": "964.893352000", + "frame.number": "3751", + "frame.len": "432", + "frame.cap_len": "432", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:json" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "418", + "ip.id": "0x00004a05", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "237", + "ip.proto": "6", + "ip.checksum": "0x00002b97", + "ip.checksum.status": "2", + "ip.src": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.src_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49773", + "tcp.port": "80", + "tcp.port": "49773", + "tcp.stream": "150", + "tcp.len": "378", + "tcp.seq": "1", + "tcp.nxtseq": "379", + "tcp.ack": "153", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "27872", + "tcp.window_size": "27872", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00001818", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.019750000", + "tcp.analysis.bytes_in_flight": "378", + "tcp.analysis.push_bytes_sent": "378" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.response.line": "Allow: GET, HEAD, OPTIONS\r\n", + "http.content_type": "application\/json", + "http.response.line": "Content-Type: application\/json\r\n", + "http.date": "Wed, 01 Nov 2017 00:02:36 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:02:36 GMT\r\n", + "http.server": "nginx\/1.4.6 (Ubuntu)", + "http.response.line": "Server: nginx\/1.4.6 (Ubuntu)\r\n", + "http.response.line": "Vary: Accept, Cookie\r\n", + "http.content_length_header": "166", + "http.content_length_header_tree": { + "http.content_length": "166" + }, + "http.response.line": "Content-Length: 166\r\n", + "http.connection": "keep-alive", + "http.response.line": "Connection: keep-alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.060705000", + "http.request_in": "3749", + "http.file_data": "{\"mm\":[120,120,120,120,120,0,0,0,0,0,0,0],\"start_ts\":1509501619,\"ts\":1509494556,\"rate\":[1651,1651,1651,1651,1651,100,100,100,100,100,100,100],\"r\":7063,\"id\":\"h49pw1V\"}" + }, + "json": { + "json.object": { + "json.member": { + "json.array": { + "json.value.number": "120", + "json.value.number": "120", + "json.value.number": "120", + "json.value.number": "120", + "json.value.number": "120", + "json.value.number": "0", + "json.value.number": "0", + "json.value.number": "0", + "json.value.number": "0", + "json.value.number": "0", + "json.value.number": "0", + "json.value.number": "0" + }, + "json.key": "mm" + }, + "json.member": { + "json.value.number": "1509501619", + "json.key": "start_ts" + }, + "json.member": { + "json.value.number": "1509494556", + "json.key": "ts" + }, + "json.member": { + "json.array": { + "json.value.number": "1651", + "json.value.number": "1651", + "json.value.number": "1651", + "json.value.number": "1651", + "json.value.number": "1651", + "json.value.number": "100", + "json.value.number": "100", + "json.value.number": "100", + "json.value.number": "100", + "json.value.number": "100", + "json.value.number": "100", + "json.value.number": "100" + }, + "json.key": "rate" + }, + "json.member": { + "json.value.number": "7063", + "json.key": "r" + }, + "json.member": { + "json.value.string": "h49pw1V", + "json.key": "id" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:36.363704000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494556.363704000", + "frame.time_delta": "0.009666000", + "frame.time_delta_displayed": "0.009666000", + "frame.time_relative": "964.903018000", + "frame.number": "3752", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000103b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000094db", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49773", + "tcp.dstport": "80", + "tcp.port": "49773", + "tcp.port": "80", + "tcp.stream": "150", + "tcp.len": "0", + "tcp.seq": "153", + "tcp.ack": "379", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5222", + "tcp.window_size": "5222", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000241f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3751", + "tcp.analysis.ack_rtt": "0.009666000", + "tcp.analysis.initial_rtt": "0.019750000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:36.377054000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494556.377054000", + "frame.time_delta": "0.013350000", + "frame.time_delta_displayed": "0.013350000", + "frame.time_relative": "964.916368000", + "frame.number": "3753", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004a06", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "237", + "ip.proto": "6", + "ip.checksum": "0x00002d10", + "ip.checksum.status": "2", + "ip.src": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.src_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49773", + "tcp.port": "80", + "tcp.port": "49773", + "tcp.stream": "150", + "tcp.len": "0", + "tcp.seq": "379", + "tcp.ack": "154", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "27872", + "tcp.window_size": "27872", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000cba3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3752", + "tcp.analysis.ack_rtt": "0.013350000", + "tcp.analysis.initial_rtt": "0.019750000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:36.382587000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494556.382587000", + "frame.time_delta": "0.005533000", + "frame.time_delta_displayed": "0.005533000", + "frame.time_relative": "964.921901000", + "frame.number": "3754", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000103c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000094da", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49773", + "tcp.dstport": "80", + "tcp.port": "49773", + "tcp.port": "80", + "tcp.stream": "150", + "tcp.len": "0", + "tcp.seq": "154", + "tcp.ack": "380", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5221", + "tcp.window_size": "5221", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000241f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3753", + "tcp.analysis.ack_rtt": "0.005533000", + "tcp.analysis.initial_rtt": "0.019750000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:36.486467000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494556.486467000", + "frame.time_delta": "0.103880000", + "frame.time_delta_displayed": "0.103880000", + "frame.time_relative": "965.025781000", + "frame.number": "3755", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005c98", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005b51", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:37.008531000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494557.008531000", + "frame.time_delta": "0.522064000", + "frame.time_delta_displayed": "0.522064000", + "frame.time_relative": "965.547845000", + "frame.number": "3756", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000bd49", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001c45", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:37.018523000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494557.018523000", + "frame.time_delta": "0.009992000", + "frame.time_delta_displayed": "0.009992000", + "frame.time_relative": "965.557837000", + "frame.number": "3757", + "frame.len": "211", + "frame.cap_len": "211", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "197", + "ip.id": "0x000040dd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000097b4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "177", + "udp.checksum": "0x00009320", + "udp.checksum.status": "2", + "udp.stream": "45" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "4", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { + "dns.resp.name": "_smartthings._tcp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "19", + "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { + "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "4500", + "dns.resp.len": "38", + "dns.txt.length": "6", + "dns.txt": "path=\/", + "dns.txt.length": "19", + "dns.txt": "id=D052A8A1D7EE0001", + "dns.txt.length": "10", + "dns.txt": "type=hubv2" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { + "dns.srv.service": "D052A8A1D7EE0001", + "dns.srv.proto": "_smartthings", + "dns.srv.name": "_tcp.local", + "dns.resp.type": "33", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "25", + "dns.srv.priority": "0", + "dns.srv.weight": "0", + "dns.srv.port": "8081", + "dns.srv.target": "D052A8A1D7EE0001.local" + }, + "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { + "dns.resp.name": "D052A8A1D7EE0001.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "4", + "dns.a": "192.168.0.242" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:37.235633000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494557.235633000", + "frame.time_delta": "0.217110000", + "frame.time_delta_displayed": "0.217110000", + "frame.time_relative": "965.774947000", + "frame.number": "3758", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000bd6c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001c22", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:37.411829000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494557.411829000", + "frame.time_delta": "0.176196000", + "frame.time_delta_displayed": "0.176196000", + "frame.time_relative": "965.951143000", + "frame.number": "3759", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x0000103d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000094d5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49774", + "tcp.dstport": "80", + "tcp.port": "49774", + "tcp.port": "80", + "tcp.stream": "151", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.checksum": "0x0000f25a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:78", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1400" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:37.424921000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494557.424921000", + "frame.time_delta": "0.013092000", + "frame.time_delta_displayed": "0.013092000", + "frame.time_relative": "965.964235000", + "frame.number": "3760", + "frame.len": "58", + "frame.cap_len": "58", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "238", + "ip.proto": "6", + "ip.checksum": "0x00007612", + "ip.checksum.status": "2", + "ip.src": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.src_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49774", + "tcp.port": "80", + "tcp.port": "49774", + "tcp.stream": "151", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "26883", + "tcp.window_size": "26883", + "tcp.checksum": "0x000072cc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3759", + "tcp.analysis.ack_rtt": "0.013092000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:37.430533000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494557.430533000", + "frame.time_delta": "0.005612000", + "frame.time_delta_displayed": "0.005612000", + "frame.time_relative": "965.969847000", + "frame.number": "3761", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000103e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000094d8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49774", + "tcp.dstport": "80", + "tcp.port": "49774", + "tcp.port": "80", + "tcp.stream": "151", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000ddac", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3760", + "tcp.analysis.ack_rtt": "0.005612000", + "tcp.analysis.initial_rtt": "0.018704000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:37.459180000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494557.459180000", + "frame.time_delta": "0.028647000", + "frame.time_delta_displayed": "0.028647000", + "frame.time_relative": "965.998494000", + "frame.number": "3762", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000bd7e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001c10", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:37.751758000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494557.751758000", + "frame.time_delta": "0.292578000", + "frame.time_delta_displayed": "0.292578000", + "frame.time_relative": "966.291072000", + "frame.number": "3763", + "frame.len": "410", + "frame.cap_len": "410", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "396", + "ip.id": "0x00009600", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007627", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "344", + "tcp.seq": "54267", + "tcp.nxtseq": "54611", + "tcp.ack": "12124", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d3a1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:2a:64:a7:9e:a0:11", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2501220, TSecr 2812190737": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2501220", + "tcp.options.timestamp.tsecr": "2812190737" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "344", + "tcp.analysis.push_bytes_sent": "344" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "339", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:c0:28:c0:e3:31:f2:54:22:51:43:90:a6:00:63:c2:da:f9:e7:0f:88:c2:e9:83:78:78:58:68:c1:d4:b3:bf:c5:72:1a:27:8b:ca:ac:5a:d5:c6:c1:7e:2f:63:cb:04:2b:b3:3c:da:77:eb:be:e5:3a:e6:2d:97:3a:05:2f:61:8a:62:cd:cc:3f:e8:ed:4b:ac:36:37:da:38:27:ac:13:a6:44:b7:31:4d:2b:19:97:bf:71:f7:9b:fd:5d:8f:e3:1d:aa:c3:8a:c9:b5:4d:92:fa:ba:d5:de:a5:15:8d:e3:1f:f1:05:7c:13:0f:49:9c:41:08:f4:81:b4:3b:32:22:54:b1:cf:23:a6:46:1c:fc:3b:3c:c4:9d:0c:8c:b0:a8:2e:2c:c5:05:38:12:54:0d:d7:f6:3b:8b:c9:e4:e2:7b:79:a5:8d:b6:c2:04:b3:09:49:2b:ab:a8:68:03:5b:cd:82:e6:89:d5:34:17:63:c3:75:4a:10:e5:59:28:48:42:02:fc:79:c7:58:21:42:dd:b9:a8:07:f7:be:c4:df:76:62:10:dd:c5:dc:b7:03:e8:41:44:9e:be:47:27:41:fb:fb:54:38:c8:e2:87:80:86:6b:05:bb:42:37:ab:31:4a:f6:13:d3:01:70:08:e1:4c:89:af:8e:f5:76:41:da:3e:2d:56:9d:e5:fa:03:4f:0d:cd:f5:68:2a:27:b7:7b:52:58:5c:74:d1:bf:c7:6c:1c:87:b6:d9:86:ed:d4:69:32:a6:93:71:42:79:14:0b:11:ff:fd:f7:33:e4:7e:5b:b1:63:c6:03:ac:87:a9:52:f8:6a:90:45:f3:f7:7b:70:b0:69:60:ad:16:f5:95:5a:1e:2d:6e:2a:1c:9f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:37.811970000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494557.811970000", + "frame.time_delta": "0.060212000", + "frame.time_delta_displayed": "0.060212000", + "frame.time_relative": "966.351284000", + "frame.number": "3764", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d09", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003876", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "12124", + "tcp.ack": "54611", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ce6f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:ab:09:00:26:2a:64", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812193545, TSecr 2501220": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812193545", + "tcp.options.timestamp.tsecr": "2501220" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3763", + "tcp.analysis.ack_rtt": "0.060212000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:37.812552000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494557.812552000", + "frame.time_delta": "0.000582000", + "frame.time_delta_displayed": "0.000582000", + "frame.time_relative": "966.351866000", + "frame.number": "3765", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d0a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003846", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "12124", + "tcp.nxtseq": "12171", + "tcp.ack": "54611", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f757", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:ab:09:00:26:2a:64", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812193545, TSecr 2501220": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812193545", + "tcp.options.timestamp.tsecr": "2501220" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:7f:bf:34:e4:9c:d3:11:f0:3f:19:c7:d8:9a:10:2f:62:7c:61:cd:fb:7f:50:4d:c8:b3:e8:76:ba:27:36:cb:85:ac:7d:51" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:37.848690000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494557.848690000", + "frame.time_delta": "0.036138000", + "frame.time_delta_displayed": "0.036138000", + "frame.time_relative": "966.388004000", + "frame.number": "3766", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009601", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000777e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "54611", + "tcp.ack": "12171", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cd47", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:2a:6e:a7:9e:ab:09", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2501230, TSecr 2812193545": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2501230", + "tcp.options.timestamp.tsecr": "2812193545" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3765", + "tcp.analysis.ack_rtt": "0.036138000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:37.911967000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494557.911967000", + "frame.time_delta": "0.063277000", + "frame.time_delta_displayed": "0.063277000", + "frame.time_relative": "966.451281000", + "frame.number": "3767", + "frame.len": "254", + "frame.cap_len": "254", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "240", + "ip.id": "0x0000103f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000940f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49774", + "tcp.dstport": "80", + "tcp.port": "49774", + "tcp.port": "80", + "tcp.stream": "151", + "tcp.len": "200", + "tcp.seq": "1", + "tcp.nxtseq": "201", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000033fe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018704000", + "tcp.analysis.bytes_in_flight": "200", + "tcp.analysis.push_bytes_sent": "200" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:61:70:69:2f:64:65:76:69:63:65:2f:76:31:2f:73:63:2f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:63:79:63:6c:65:73:2f:32:62:2d:68:4a:64:34:33:53:35:2d:2d:39:77:42:74:6b:2d:56:4e:32:41:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:68:6f:6d:65:2e:6d:79:62:6c:6f:73:73:6f:6d:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:57:4d:53:44:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6a:73:6f:6e:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:37:37:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:37.925042000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494557.925042000", + "frame.time_delta": "0.013075000", + "frame.time_delta_displayed": "0.013075000", + "frame.time_relative": "966.464356000", + "frame.number": "3768", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d82e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "238", + "ip.proto": "6", + "ip.checksum": "0x00009de7", + "ip.checksum.status": "2", + "ip.src": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.src_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49774", + "tcp.port": "80", + "tcp.port": "49774", + "tcp.stream": "151", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "201", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "27872", + "tcp.window_size": "27872", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000085e4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3767", + "tcp.analysis.ack_rtt": "0.013075000", + "tcp.analysis.initial_rtt": "0.018704000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:37.929572000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494557.929572000", + "frame.time_delta": "0.004530000", + "frame.time_delta_displayed": "0.004530000", + "frame.time_relative": "966.468886000", + "frame.number": "3769", + "frame.len": "131", + "frame.cap_len": "131", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:json" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "117", + "ip.id": "0x00001040", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x00009489", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49774", + "tcp.dstport": "80", + "tcp.port": "49774", + "tcp.port": "80", + "tcp.stream": "151", + "tcp.len": "77", + "tcp.seq": "201", + "tcp.nxtseq": "278", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000031da", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018704000", + "tcp.analysis.bytes_in_flight": "77", + "tcp.analysis.push_bytes_sent": "77" + }, + "tcp.segment_data": "5b:7b:22:69:64:22:3a:22:68:34:39:70:77:31:56:22:2c:22:64:75:72:61:74:69:6f:6e:73:22:3a:5b:32:36:31:20:2c:32:36:31:20:2c:32:36:31:20:2c:32:36:31:20:2c:32:36:31:20:2c:30:20:2c:30:20:2c:30:20:2c:30:20:2c:30:20:2c:30:20:2c:30:5d:7d:5d" + }, + "tcp.segments": { + "tcp.segment": "3767", + "tcp.segment": "3769", + "tcp.segment.count": "2", + "tcp.reassembled.length": "277", + "tcp.reassembled.data": "50:4f:53:54:20:2f:61:70:69:2f:64:65:76:69:63:65:2f:76:31:2f:73:63:2f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:63:79:63:6c:65:73:2f:32:62:2d:68:4a:64:34:33:53:35:2d:2d:39:77:42:74:6b:2d:56:4e:32:41:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:68:6f:6d:65:2e:6d:79:62:6c:6f:73:73:6f:6d:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:57:4d:53:44:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6a:73:6f:6e:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:37:37:0d:0a:0d:0a:5b:7b:22:69:64:22:3a:22:68:34:39:70:77:31:56:22:2c:22:64:75:72:61:74:69:6f:6e:73:22:3a:5b:32:36:31:20:2c:32:36:31:20:2c:32:36:31:20:2c:32:36:31:20:2c:32:36:31:20:2c:30:20:2c:30:20:2c:30:20:2c:30:20:2c:30:20:2c:30:20:2c:30:5d:7d:5d" + }, + "http": { + "POST \/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/cycles\/2b-hJd43S5--9wBtk-VN2A\/ HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/cycles\/2b-hJd43S5--9wBtk-VN2A\/ HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/cycles\/2b-hJd43S5--9wBtk-VN2A\/", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "home.myblossom.com", + "http.request.line": "Host: home.myblossom.com\r\n", + "http.user_agent": "WMSDK", + "http.request.line": "User-Agent: WMSDK\r\n", + "http.content_type": "application\/json", + "http.request.line": "Content-Type: application\/json\r\n", + "http.content_length_header": "77", + "http.content_length_header_tree": { + "http.content_length": "77" + }, + "http.request.line": "Content-Length: 77\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/home.myblossom.com\/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/cycles\/2b-hJd43S5--9wBtk-VN2A\/", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "[{\"id\":\"h49pw1V\",\"durations\":[261 ,261 ,261 ,261 ,261 ,0 ,0 ,0 ,0 ,0 ,0 ,0]}]" + }, + "json": { + "json.array": { + "json.object": { + "json.member": { + "json.value.string": "h49pw1V", + "json.key": "id" + }, + "json.member": { + "json.array": { + "json.value.number": "261", + "json.value.number": "261", + "json.value.number": "261", + "json.value.number": "261", + "json.value.number": "261", + "json.value.number": "0", + "json.value.number": "0", + "json.value.number": "0", + "json.value.number": "0", + "json.value.number": "0", + "json.value.number": "0", + "json.value.number": "0" + }, + "json.key": "durations" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:37.941997000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494557.941997000", + "frame.time_delta": "0.012425000", + "frame.time_delta_displayed": "0.012425000", + "frame.time_relative": "966.481311000", + "frame.number": "3770", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d82f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "238", + "ip.proto": "6", + "ip.checksum": "0x00009de6", + "ip.checksum.status": "2", + "ip.src": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.src_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49774", + "tcp.port": "80", + "tcp.port": "49774", + "tcp.stream": "151", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "278", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "27872", + "tcp.window_size": "27872", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008597", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3769", + "tcp.analysis.ack_rtt": "0.012425000", + "tcp.analysis.initial_rtt": "0.018704000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:38.086866000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494558.086866000", + "frame.time_delta": "0.144869000", + "frame.time_delta_displayed": "0.144869000", + "frame.time_relative": "966.626180000", + "frame.number": "3771", + "frame.len": "232", + "frame.cap_len": "232", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "218", + "ip.id": "0x0000d830", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "238", + "ip.proto": "6", + "ip.checksum": "0x00009d33", + "ip.checksum.status": "2", + "ip.src": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.src_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49774", + "tcp.port": "80", + "tcp.port": "49774", + "tcp.stream": "151", + "tcp.len": "178", + "tcp.seq": "1", + "tcp.nxtseq": "179", + "tcp.ack": "278", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "27872", + "tcp.window_size": "27872", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000fdea", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018704000", + "tcp.analysis.bytes_in_flight": "178", + "tcp.analysis.push_bytes_sent": "178" + } + }, + "http": { + "HTTP\/1.1 201 Created\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 201 Created\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "201", + "http.response.phrase": "Created" + }, + "http.response.line": "Allow: POST, OPTIONS\r\n", + "http.date": "Wed, 01 Nov 2017 00:02:38 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:02:38 GMT\r\n", + "http.server": "nginx\/1.4.6 (Ubuntu)", + "http.response.line": "Server: nginx\/1.4.6 (Ubuntu)\r\n", + "http.response.line": "Vary: Accept, Cookie\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.response.line": "Content-Length: 0\r\n", + "http.connection": "keep-alive", + "http.response.line": "Connection: keep-alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.157294000", + "http.request_in": "3769" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:38.095318000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494558.095318000", + "frame.time_delta": "0.008452000", + "frame.time_delta_displayed": "0.008452000", + "frame.time_relative": "966.634632000", + "frame.number": "3772", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001041", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000094d5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49774", + "tcp.dstport": "80", + "tcp.port": "49774", + "tcp.port": "80", + "tcp.stream": "151", + "tcp.len": "0", + "tcp.seq": "278", + "tcp.ack": "179", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5422", + "tcp.window_size": "5422", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000dc96", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3771", + "tcp.analysis.ack_rtt": "0.008452000", + "tcp.analysis.initial_rtt": "0.018704000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:38.107596000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494558.107596000", + "frame.time_delta": "0.012278000", + "frame.time_delta_displayed": "0.012278000", + "frame.time_relative": "966.646910000", + "frame.number": "3773", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d831", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "238", + "ip.proto": "6", + "ip.checksum": "0x00009de4", + "ip.checksum.status": "2", + "ip.src": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.src_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49774", + "tcp.port": "80", + "tcp.port": "49774", + "tcp.stream": "151", + "tcp.len": "0", + "tcp.seq": "179", + "tcp.ack": "279", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "27872", + "tcp.window_size": "27872", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000084e3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3772", + "tcp.analysis.ack_rtt": "0.012278000", + "tcp.analysis.initial_rtt": "0.018704000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:38.113676000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494558.113676000", + "frame.time_delta": "0.006080000", + "frame.time_delta_displayed": "0.006080000", + "frame.time_relative": "966.652990000", + "frame.number": "3774", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001042", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000094d4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49774", + "tcp.dstport": "80", + "tcp.port": "49774", + "tcp.port": "80", + "tcp.stream": "151", + "tcp.len": "0", + "tcp.seq": "279", + "tcp.ack": "180", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5421", + "tcp.window_size": "5421", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000dc96", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3773", + "tcp.analysis.ack_rtt": "0.006080000", + "tcp.analysis.initial_rtt": "0.018704000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:38.450752000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494558.450752000", + "frame.time_delta": "0.337076000", + "frame.time_delta_displayed": "0.337076000", + "frame.time_relative": "966.990066000", + "frame.number": "3775", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.120" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:38.456757000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494558.456757000", + "frame.time_delta": "0.006005000", + "frame.time_delta_displayed": "0.006005000", + "frame.time_relative": "966.996071000", + "frame.number": "3776", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "e4:95:6e:b0:20:39", + "arp.src.proto_ipv4": "192.168.0.120", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:38.693863000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494558.693863000", + "frame.time_delta": "0.237106000", + "frame.time_delta_displayed": "0.237106000", + "frame.time_relative": "967.233177000", + "frame.number": "3777", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000bdbd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001b9c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:39.269882000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494559.269882000", + "frame.time_delta": "0.576019000", + "frame.time_delta_displayed": "0.576019000", + "frame.time_relative": "967.809196000", + "frame.number": "3778", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:39.270070000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494559.270070000", + "frame.time_delta": "0.000188000", + "frame.time_delta_displayed": "0.000188000", + "frame.time_relative": "967.809384000", + "frame.number": "3779", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:46.893920000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494566.893920000", + "frame.time_delta": "7.623850000", + "frame.time_delta_displayed": "7.623850000", + "frame.time_relative": "975.433234000", + "frame.number": "3780", + "frame.len": "1323", + "frame.cap_len": "1323", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1309", + "ip.id": "0x00009602", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007294", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1257", + "tcp.seq": "54611", + "tcp.nxtseq": "55868", + "tcp.ack": "12171", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000035e5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:2d:f6:a7:9e:ab:09", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2502134, TSecr 2812193545": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2502134", + "tcp.options.timestamp.tsecr": "2812193545" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1257", + "tcp.analysis.push_bytes_sent": "1257" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1252", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:c1:a2:33:d5:69:d5:ab:4c:3c:fe:1e:ee:f7:01:c3:b0:21:7e:e1:7e:43:83:21:13:7e:99:9d:70:2e:40:29:65:74:e4:f8:0b:e6:48:e5:a6:7b:20:e3:0d:9b:7f:87:fe:52:f3:96:98:1c:4d:fd:72:32:87:ea:c4:9c:05:a5:61:f2:f3:72:43:1b:0f:6e:43:c1:cd:fd:44:87:ec:60:71:98:b8:66:74:c8:24:eb:68:1d:f5:e2:4d:e3:67:f7:f3:0d:5d:76:b5:82:e7:87:88:8d:35:d7:0c:7b:90:d3:01:99:bc:6d:28:01:27:96:28:67:ba:ef:ac:1d:5c:d1:cd:a6:74:35:3a:a6:4a:64:8f:24:c2:23:37:d2:f3:81:c4:34:c3:ce:c2:1a:0a:a9:b0:da:73:e6:7a:e1:e6:a1:a1:64:09:23:d4:42:a3:b9:3f:e0:d2:60:9c:84:e0:4c:fa:2c:38:bb:29:a2:18:5c:c2:ad:2b:7e:9d:37:25:1d:95:3b:53:6e:c3:bb:fc:47:14:01:79:be:4d:ed:7d:90:80:cd:7e:f4:c5:7b:39:41:b6:af:46:b8:49:da:87:fb:be:b0:4f:54:3b:df:cc:46:8f:fc:94:84:61:cc:87:5e:15:09:6b:7e:93:1b:ae:11:d3:f2:de:bb:3a:83:d7:de:89:ff:ec:cd:5d:ad:54:cc:0a:06:dd:3b:87:c0:39:28:a2:1f:fd:ee:21:23:e5:29:e5:3e:64:1c:a9:14:5a:44:ca:d4:2c:02:6f:3b:19:b6:ff:e5:5a:7d:7c:70:6d:c2:f4:b5:31:fd:f2:98:76:d5:e4:36:a1:d6:0f:82:9a:88:bb:c3:0f:ce:6f:2a:bf:3d:7a:5f:87:77:9d:eb:6c:50:bb:b4:4c:0b:ff:bc:df:79:ce:48:d5:32:78:01:70:bb:14:e6:fb:6d:23:59:df:e8:96:bd:9f:4b:b1:be:a2:6e:6a:78:2a:58:df:d2:48:c0:6a:7b:04:22:d8:53:41:83:dd:b5:98:b1:70:b4:80:10:78:db:af:ab:9a:6e:3a:51:60:5f:e5:a0:a4:20:d1:6a:53:32:30:f2:13:bc:47:ea:e8:35:96:97:bf:d7:a4:75:47:18:62:0b:7b:0d:fd:ed:a6:ce:43:d4:16:97:7f:eb:24:d5:81:6c:dc:a7:c1:ed:0d:b7:67:38:de:39:e4:f8:61:56:e9:61:92:40:fc:69:dd:eb:c2:a3:a0:6b:4d:43:1e:93:df:51:8d:aa:87:4d:31:d3:fc:6c:eb:cb:2d:2d:db:37:f5:61:d6:cf:4d:03:52:a2:ad:cd:a9:fa:da:ea:e5:67:82:54:3f:1f:82:06:79:f4:45:5b:44:3e:6e:d9:35:1c:5a:5b:97:e2:9a:e5:7d:07:3b:b1:ed:0f:a4:7a:c4:c8:9d:8e:62:8d:81:04:c4:2a:0b:76:af:46:67:59:68:76:ed:d0:50:d2:88:d5:b6:ef:4a:bb:28:55:2a:87:71:f8:0f:6a:c5:b4:d8:63:ee:f8:e8:19:d8:94:13:a6:1e:2b:b6:6c:97:fa:a6:1b:e8:75:83:80:45:fa:e5:17:ab:eb:dc:2b:0c:2a:59:16:7a:9b:dd:d8:33:fe:a0:aa:53:6a:cc:23:8d:72:42:6c:ef:9c:ae:40:37:9c:1e:c7:79:34:41:d4:ed:21:5c:39:41:bc:70:ad:3e:a1:b5:83:fa:03:9b:59:ca:b4:78:41:ad:dd:78:54:ee:c3:f8:bd:1e:9c:f4:b6:65:c2:3b:fc:50:57:3a:0b:dc:78:b4:99:dc:be:43:3a:3c:a7:d7:3b:31:f7:75:8c:80:ad:9b:04:23:f7:03:32:97:a6:72:df:67:39:d5:84:b0:01:7b:a8:5a:34:ad:c0:e5:2c:7f:06:48:67:bc:57:4e:c7:92:39:1a:02:a2:b3:a5:b3:0c:9d:d2:6f:55:2b:46:bf:09:13:45:0f:b8:12:12:1b:2b:b9:65:c8:5c:a0:cf:e6:f4:52:6f:14:0b:cd:2e:b0:5c:5d:8b:6e:e1:a2:43:69:4e:8d:29:35:86:79:f1:03:e3:54:95:e7:9d:dc:3d:ae:8f:cf:a8:eb:67:47:c0:c1:5c:53:18:83:3d:7d:cc:cc:aa:5c:8b:80:7a:4c:51:f0:fe:49:eb:4f:db:65:6b:ab:80:17:ba:df:8e:2a:af:ce:64:eb:d1:f4:b3:46:e7:d2:59:05:c0:8c:fd:ed:dc:e7:7d:c1:a8:b2:0e:52:0c:94:43:9c:6c:33:21:5c:e7:40:57:52:8b:6a:39:4d:18:37:27:ec:a3:b7:4f:5b:e3:d2:12:18:4a:39:43:89:fe:55:7e:a6:1c:ad:ce:cc:21:e0:a1:6b:38:da:d4:4e:32:a7:17:19:7e:59:69:11:0d:36:ec:c6:d6:b2:d2:4a:44:de:87:10:75:66:c1:fd:d7:75:ff:d9:81:b6:e8:cc:47:79:1a:3e:63:b4:f3:16:a9:1c:1a:52:45:81:81:02:a6:fa:79:26:2d:6f:9a:33:52:d1:38:9a:51:21:57:be:61:2d:73:33:c6:3a:83:86:d7:a9:c2:de:d3:f3:c0:3d:d1:59:00:0c:a5:ca:a9:76:70:0c:25:7b:fe:fb:1e:28:a6:ce:d3:2a:fe:31:d9:a9:de:e8:7b:45:d7:d4:77:ba:d8:97:0e:c4:0d:6c:41:c9:93:92:50:cc:bb:da:a0:02:38:93:2e:ba:80:6e:d9:4a:37:10:51:be:73:90:07:4a:fc:5f:28:ac:c7:5c:ad:8e:2a:3f:5b:b9:59:ec:15:0a:6d:28:0f:2c:87:69:21:de:a9:6d:3f:8e:80:25:01:7f:77:29:5c:46:2d:97:66:34:c2:b9:b1:30:34:6a:ae:cf:17:7c:36:5a:6a:e5:cd:1d:83:de:2b:ee:c6:7d:49:73:3c:43:53:f4:5f:cd:8f:b6:28:cf:b1:a7:e2:5e:5c:ac:3d:52:32:bc:52:94:34:d5:0c:dc:2b:a0:32:10:0d:7a:d9:ca:44:7b:1a:b4:fd:4e:77:3c:d8:ea:c6:71:bb:64:3e:ae:d8:90:d2:f7:35:30:d4:af:e1:b8:9e:86:35:a3:6b:fe:eb:62:9c:79:c6:48:22:f3:97:8c:e3:95:3d:32:89:02:57:20:91:4f:b5:98:94:d5:87:a0:93:55:33:d9:72:30:2e:a2:5a:bb:3e:4b:36:32:2d:bb:38:45:d0:03:8b:6f:b0:ef:d1:2f:00:39:9f:17:33:07:76:30:b4:1c:a6:f1:58:52:f0:bc:b8:99:fc:29" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:46.990685000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494566.990685000", + "frame.time_delta": "0.096765000", + "frame.time_delta_displayed": "0.096765000", + "frame.time_relative": "975.529999000", + "frame.number": "3781", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d0b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003874", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "12171", + "tcp.ack": "55868", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bcce", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:b4:00:00:26:2d:f6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812195840, TSecr 2502134": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812195840", + "tcp.options.timestamp.tsecr": "2502134" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3780", + "tcp.analysis.ack_rtt": "0.096765000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:47.100865000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494567.100865000", + "frame.time_delta": "0.110180000", + "frame.time_delta_displayed": "0.110180000", + "frame.time_relative": "975.640179000", + "frame.number": "3782", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000c5ae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000013e0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:47.102579000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494567.102579000", + "frame.time_delta": "0.001714000", + "frame.time_delta_displayed": "0.001714000", + "frame.time_relative": "975.641893000", + "frame.number": "3783", + "frame.len": "211", + "frame.cap_len": "211", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "197", + "ip.id": "0x0000424c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00009645", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "177", + "udp.checksum": "0x00009320", + "udp.checksum.status": "2", + "udp.stream": "45" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "4", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { + "dns.resp.name": "_smartthings._tcp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "19", + "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { + "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "4500", + "dns.resp.len": "38", + "dns.txt.length": "6", + "dns.txt": "path=\/", + "dns.txt.length": "19", + "dns.txt": "id=D052A8A1D7EE0001", + "dns.txt.length": "10", + "dns.txt": "type=hubv2" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { + "dns.srv.service": "D052A8A1D7EE0001", + "dns.srv.proto": "_smartthings", + "dns.srv.name": "_tcp.local", + "dns.resp.type": "33", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "25", + "dns.srv.priority": "0", + "dns.srv.weight": "0", + "dns.srv.port": "8081", + "dns.srv.target": "D052A8A1D7EE0001.local" + }, + "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { + "dns.resp.name": "D052A8A1D7EE0001.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "4", + "dns.a": "192.168.0.242" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:47.234393000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494567.234393000", + "frame.time_delta": "0.131814000", + "frame.time_delta_displayed": "0.131814000", + "frame.time_relative": "975.773707000", + "frame.number": "3784", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000c5b7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000013d7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:47.459038000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494567.459038000", + "frame.time_delta": "0.224645000", + "frame.time_delta_displayed": "0.224645000", + "frame.time_relative": "975.998352000", + "frame.number": "3785", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000c5df", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000013af", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:50.600947000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494570.600947000", + "frame.time_delta": "3.141909000", + "frame.time_delta_displayed": "3.141909000", + "frame.time_relative": "979.140261000", + "frame.number": "3786", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001dc2", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba2e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000b90", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000272", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=626", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:50.601510000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494570.601510000", + "frame.time_delta": "0.000563000", + "frame.time_delta_displayed": "0.000563000", + "frame.time_relative": "979.140824000", + "frame.number": "3787", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001dc3", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b29", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ec8b", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000272", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=626", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:50.602086000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494570.602086000", + "frame.time_delta": "0.000576000", + "frame.time_delta_displayed": "0.000576000", + "frame.time_relative": "979.141400000", + "frame.number": "3788", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007a51", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000272", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=626", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:54.741408000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494574.741408000", + "frame.time_delta": "4.139322000", + "frame.time_delta_displayed": "4.139322000", + "frame.time_relative": "983.280722000", + "frame.number": "3789", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x00009603", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000761c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "55868", + "tcp.nxtseq": "56220", + "tcp.ack": "12171", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004e83", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:31:07:a7:9e:b4:00", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2502919, TSecr 2812195840": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2502919", + "tcp.options.timestamp.tsecr": "2812195840" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "352", + "tcp.analysis.push_bytes_sent": "352" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "347", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:c2:fb:aa:be:8a:df:f4:ed:3a:92:05:57:e8:79:5c:2a:8e:9d:a7:0a:dc:35:24:45:b7:16:ef:33:27:82:d0:bf:d4:cd:95:41:76:90:c3:34:a0:a7:90:e3:17:0c:6e:c2:3b:0e:c3:6a:d8:d0:66:5a:63:5a:d0:59:d5:54:e9:22:35:3e:50:84:02:68:88:b6:e9:92:c6:e2:41:02:7f:b9:a0:0b:71:2e:67:94:61:b0:82:9e:3b:60:6a:bc:92:83:e0:c4:d6:f5:c6:a7:d0:59:e8:2b:61:42:41:86:e6:e2:f0:ed:68:7c:49:99:8f:3f:b1:96:c5:cd:7c:45:47:13:9a:e2:36:6f:a5:98:35:3c:4c:f7:7c:47:07:7e:b1:59:82:9b:59:1d:c1:c1:68:70:4f:ea:c8:0e:3e:88:12:b9:30:48:22:ed:ee:ae:44:1e:70:f2:0b:db:eb:2a:23:1a:fa:74:f6:e9:6b:69:57:c9:6b:46:7a:3c:ea:bf:b8:28:e3:6a:99:ff:21:1d:bf:67:5d:37:c8:df:3a:c7:0f:55:29:bc:86:a5:43:9c:a3:92:ed:6a:88:55:33:10:11:5e:13:9e:91:13:d1:c6:a1:e6:88:40:d1:dc:27:99:57:7f:00:cd:f1:f4:91:56:76:51:29:62:a5:e3:0a:51:e1:16:51:c6:46:96:f7:bd:c4:d8:37:6f:b4:d0:9e:e9:b3:31:f2:41:de:d4:0c:7a:e6:30:8c:ea:d9:43:cc:d6:19:9e:b6:64:d1:06:08:ef:61:73:57:38:b9:aa:2f:51:5a:bc:ce:11:26:01:41:1c:1e:c0:18:bf:cb:39:8d:cd:51:15:3d:05:e4:53:7e:ae:37:ab:ce:c0:83:c5:6d:c1:c8:59:7d:80:49:84" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:54.801585000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494574.801585000", + "frame.time_delta": "0.060177000", + "frame.time_delta_displayed": "0.060177000", + "frame.time_relative": "983.340899000", + "frame.number": "3790", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d0c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003873", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "12171", + "tcp.ack": "56220", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b0bd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:bb:a0:00:26:31:07", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812197792, TSecr 2502919": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812197792", + "tcp.options.timestamp.tsecr": "2502919" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3789", + "tcp.analysis.ack_rtt": "0.060177000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:54.802161000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494574.802161000", + "frame.time_delta": "0.000576000", + "frame.time_delta_displayed": "0.000576000", + "frame.time_relative": "983.341475000", + "frame.number": "3791", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d0d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003843", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "12171", + "tcp.nxtseq": "12218", + "tcp.ack": "56220", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a47c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:bb:a0:00:26:31:07", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812197792, TSecr 2502919": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812197792", + "tcp.options.timestamp.tsecr": "2502919" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:80:46:de:60:aa:f4:90:df:7b:6a:87:a7:2a:f6:34:c2:a8:b9:34:1c:79:72:df:68:04:7b:1f:f6:ff:85:1f:bd:73:9c:b1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:54.802551000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494574.802551000", + "frame.time_delta": "0.000390000", + "frame.time_delta_displayed": "0.000390000", + "frame.time_relative": "983.341865000", + "frame.number": "3792", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009604", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000777b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "56220", + "tcp.ack": "12218", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000af99", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:31:0d:a7:9e:bb:a0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2502925, TSecr 2812197792": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2502925", + "tcp.options.timestamp.tsecr": "2812197792" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3791", + "tcp.analysis.ack_rtt": "0.000390000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:55.601219000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494575.601219000", + "frame.time_delta": "0.798668000", + "frame.time_delta_displayed": "0.798668000", + "frame.time_relative": "984.140533000", + "frame.number": "3793", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001dc4", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba2c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000b90", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000272", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=626", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:55.602143000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494575.602143000", + "frame.time_delta": "0.000924000", + "frame.time_delta_displayed": "0.000924000", + "frame.time_relative": "984.141457000", + "frame.number": "3794", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001dc5", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b27", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ec8b", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000272", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=626", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:55.602820000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494575.602820000", + "frame.time_delta": "0.000677000", + "frame.time_delta_displayed": "0.000677000", + "frame.time_relative": "984.142134000", + "frame.number": "3795", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007a51", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000272", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=626", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:58.037545000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494578.037545000", + "frame.time_delta": "2.434725000", + "frame.time_delta_displayed": "2.434725000", + "frame.time_relative": "986.576859000", + "frame.number": "3796", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000c275", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000006e2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:58.090358000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494578.090358000", + "frame.time_delta": "0.052813000", + "frame.time_delta_displayed": "0.052813000", + "frame.time_relative": "986.629672000", + "frame.number": "3797", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000c277", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000006e0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:58.143225000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494578.143225000", + "frame.time_delta": "0.052867000", + "frame.time_delta_displayed": "0.052867000", + "frame.time_relative": "986.682539000", + "frame.number": "3798", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000c27a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000006d4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:58.196092000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494578.196092000", + "frame.time_delta": "0.052867000", + "frame.time_delta_displayed": "0.052867000", + "frame.time_relative": "986.735406000", + "frame.number": "3799", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000c27c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000006d2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:58.249033000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494578.249033000", + "frame.time_delta": "0.052941000", + "frame.time_delta_displayed": "0.052941000", + "frame.time_relative": "986.788347000", + "frame.number": "3800", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000c281", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000006d3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:58.301877000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494578.301877000", + "frame.time_delta": "0.052844000", + "frame.time_delta_displayed": "0.052844000", + "frame.time_relative": "986.841191000", + "frame.number": "3801", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000c286", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000006ce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:02:58.700882000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494578.700882000", + "frame.time_delta": "0.399005000", + "frame.time_delta_displayed": "0.399005000", + "frame.time_relative": "987.240196000", + "frame.number": "3802", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000d078", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000008e1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:00.601524000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494580.601524000", + "frame.time_delta": "1.900642000", + "frame.time_delta_displayed": "1.900642000", + "frame.time_relative": "989.140838000", + "frame.number": "3803", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001dc6", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba2a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000b90", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000272", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=626", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:00.602075000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494580.602075000", + "frame.time_delta": "0.000551000", + "frame.time_delta_displayed": "0.000551000", + "frame.time_relative": "989.141389000", + "frame.number": "3804", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001dc7", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b25", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ec8b", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000272", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=626", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:00.602643000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494580.602643000", + "frame.time_delta": "0.000568000", + "frame.time_delta_displayed": "0.000568000", + "frame.time_relative": "989.141957000", + "frame.number": "3805", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007a51", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000272", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=626", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:04.399913000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494584.399913000", + "frame.time_delta": "3.797270000", + "frame.time_delta_displayed": "3.797270000", + "frame.time_relative": "992.939227000", + "frame.number": "3806", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057f7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a69a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "321", + "tcp.ack": "289", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000045f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:04.543326000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494584.543326000", + "frame.time_delta": "0.143413000", + "frame.time_delta_displayed": "0.143413000", + "frame.time_relative": "993.082640000", + "frame.number": "3807", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fe4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdad", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "289", + "tcp.ack": "322", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000ed4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:06.488578000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494586.488578000", + "frame.time_delta": "1.945252000", + "frame.time_delta_displayed": "1.945252000", + "frame.time_relative": "995.027892000", + "frame.number": "3808", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005c9f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005b4a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:09.409838000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494589.409838000", + "frame.time_delta": "2.921260000", + "frame.time_delta_displayed": "2.921260000", + "frame.time_relative": "997.949152000", + "frame.number": "3809", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:09.410015000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494589.410015000", + "frame.time_delta": "0.000177000", + "frame.time_delta_displayed": "0.000177000", + "frame.time_relative": "997.949329000", + "frame.number": "3810", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:10.207647000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494590.207647000", + "frame.time_delta": "0.797632000", + "frame.time_delta_displayed": "0.797632000", + "frame.time_relative": "998.746961000", + "frame.number": "3811", + "frame.len": "98", + "frame.cap_len": "98", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "84", + "ip.id": "0x00000acb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ede5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "64", + "udp.checksum": "0x00008af5", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "38:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:84:69:59:d9:54:cd:f2:14:0f:00:00:00:00:a6:d4:73:1a:21:e0:13:ff:c9:9a:3b:00:00:00:00:01:00:02:00", + "data.len": "56" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:11.925020000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494591.925020000", + "frame.time_delta": "1.717373000", + "frame.time_delta_displayed": "1.717373000", + "frame.time_relative": "1000.464334000", + "frame.number": "3812", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "50:c7:bf:59:d5:84", + "eth.src_tree": { + "eth.src_resolved": "Tp-LinkT_59:d5:84", + "eth.addr": "50:c7:bf:59:d5:84", + "eth.addr_resolved": "Tp-LinkT_59:d5:84", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "50:c7:bf:59:d5:84", + "arp.src.proto_ipv4": "192.168.0.221", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:18.702577000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494598.702577000", + "frame.time_delta": "6.777557000", + "frame.time_delta_displayed": "6.777557000", + "frame.time_relative": "1007.241891000", + "frame.number": "3813", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000e5fd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000f35b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:25.811662000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494605.811662000", + "frame.time_delta": "7.109085000", + "frame.time_delta_displayed": "7.109085000", + "frame.time_relative": "1014.350976000", + "frame.number": "3814", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009605", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007749", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "56220", + "tcp.nxtseq": "56269", + "tcp.ack": "12218", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007959", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:3d:2a:a7:9e:bb:a0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2506026, TSecr 2812197792": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2506026", + "tcp.options.timestamp.tsecr": "2812197792" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:c3:7d:3a:f7:da:01:45:24:0a:f9:0d:fb:f9:00:de:9f:9b:d1:06:7f:e8:df:8d:d3:58:5c:4d:27:1f:5e:81:2c:bd:a5:f2:e1:0a" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:25.872433000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494605.872433000", + "frame.time_delta": "0.060771000", + "frame.time_delta_displayed": "0.060771000", + "frame.time_relative": "1014.411747000", + "frame.number": "3815", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002d0e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000383a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "12218", + "tcp.nxtseq": "12273", + "tcp.ack": "56269", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000b4f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:d9:f8:00:26:3d:2a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812205560, TSecr 2506026": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812205560", + "tcp.options.timestamp.tsecr": "2506026" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3814", + "tcp.analysis.ack_rtt": "0.060771000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:81:92:5a:3a:a0:ef:85:61:e5:0d:1b:40:69:74:a8:a8:af:7d:44:3a:6b:72:56:ab:8a:50:66:ab:b4:85:55:59:96:d7:39:1b:12:ac:67:70:eb:49:07" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:25.872936000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494605.872936000", + "frame.time_delta": "0.000503000", + "frame.time_delta_displayed": "0.000503000", + "frame.time_relative": "1014.412250000", + "frame.number": "3816", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009606", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007779", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "56269", + "tcp.ack": "12273", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000084b6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:3d:30:a7:9e:d9:f8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2506032, TSecr 2812205560": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2506032", + "tcp.options.timestamp.tsecr": "2812205560" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3815", + "tcp.analysis.ack_rtt": "0.000503000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:28.850674000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494608.850674000", + "frame.time_delta": "2.977738000", + "frame.time_delta_displayed": "2.977738000", + "frame.time_relative": "1017.389988000", + "frame.number": "3817", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:29.058068000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494609.058068000", + "frame.time_delta": "0.207394000", + "frame.time_delta_displayed": "0.207394000", + "frame.time_relative": "1017.597382000", + "frame.number": "3818", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000acd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edc3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x000001dd", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:26:04:96:e5:3c:59:cd:f2:14:6b:00:00:00:52:a0:21:21:33:33:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:29.156581000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494609.156581000", + "frame.time_delta": "0.098513000", + "frame.time_delta_displayed": "0.098513000", + "frame.time_relative": "1017.695895000", + "frame.number": "3819", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000acf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edf5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x0000d0dd", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:27:04:77:db:42:59:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:29.261074000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494609.261074000", + "frame.time_delta": "0.104493000", + "frame.time_delta_displayed": "0.104493000", + "frame.time_relative": "1017.800388000", + "frame.number": "3820", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000ad1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edbf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x00006d66", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:28:44:9a:e0:48:59:cd:f2:14:6b:00:00:00:52:a0:21:21:33:33:34:21:00:00:59:64:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.437547000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.437547000", + "frame.time_delta": "1.176473000", + "frame.time_delta_displayed": "1.176473000", + "frame.time_relative": "1018.976861000", + "frame.number": "3821", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x000020f6", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e74e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52117", + "udp.dstport": "1900", + "udp.port": "52117", + "udp.port": "1900", + "udp.length": "134", + "udp.checksum": "0x00004d48", + "udp.checksum.status": "2", + "udp.stream": "10" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "9", + "http.prev_request_in": "3441" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.831902000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.831902000", + "frame.time_delta": "0.394355000", + "frame.time_delta_displayed": "0.394355000", + "frame.time_relative": "1019.371216000", + "frame.number": "3822", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a4e8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001263", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "49", + "http.prev_response_in": "3511" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.834950000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.834950000", + "frame.time_delta": "0.003048000", + "frame.time_delta_displayed": "0.003048000", + "frame.time_relative": "1019.374264000", + "frame.number": "3823", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001a36", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e31", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54615", + "tcp.dstport": "80", + "tcp.port": "54615", + "tcp.port": "80", + "tcp.stream": "152", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00008af8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.835488000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.835488000", + "frame.time_delta": "0.000538000", + "frame.time_delta_displayed": "0.000538000", + "frame.time_relative": "1019.374802000", + "frame.number": "3824", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54615", + "tcp.port": "80", + "tcp.port": "54615", + "tcp.stream": "152", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00005006", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3823", + "tcp.analysis.ack_rtt": "0.000538000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.842939000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.842939000", + "frame.time_delta": "0.007451000", + "frame.time_delta_displayed": "0.007451000", + "frame.time_relative": "1019.382253000", + "frame.number": "3825", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a37", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e3c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54615", + "tcp.dstport": "80", + "tcp.port": "54615", + "tcp.port": "80", + "tcp.stream": "152", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000001e5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3824", + "tcp.analysis.ack_rtt": "0.007451000", + "tcp.analysis.initial_rtt": "0.007989000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.843513000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.843513000", + "frame.time_delta": "0.000574000", + "frame.time_delta_displayed": "0.000574000", + "frame.time_relative": "1019.382827000", + "frame.number": "3826", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001a38", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d94", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54615", + "tcp.dstport": "80", + "tcp.port": "54615", + "tcp.port": "80", + "tcp.stream": "152", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000175e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007989000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.843990000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.843990000", + "frame.time_delta": "0.000477000", + "frame.time_delta_displayed": "0.000477000", + "frame.time_relative": "1019.383304000", + "frame.number": "3827", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000368b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000081e8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54615", + "tcp.port": "80", + "tcp.port": "54615", + "tcp.stream": "152", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f375", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3826", + "tcp.analysis.ack_rtt": "0.000477000", + "tcp.analysis.initial_rtt": "0.007989000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.844639000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.844639000", + "frame.time_delta": "0.000649000", + "frame.time_delta_displayed": "0.000649000", + "frame.time_relative": "1019.383953000", + "frame.number": "3828", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000368c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000081d6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54615", + "tcp.port": "80", + "tcp.port": "54615", + "tcp.stream": "152", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003397", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007989000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.844986000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.844986000", + "frame.time_delta": "0.000347000", + "frame.time_delta_displayed": "0.000347000", + "frame.time_relative": "1019.384300000", + "frame.number": "3829", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000368d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007e03", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54615", + "tcp.port": "80", + "tcp.port": "54615", + "tcp.stream": "152", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008600", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007989000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "3828", + "tcp.segment": "3829", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001473000", + "http.request_in": "3826", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.848156000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.848156000", + "frame.time_delta": "0.003170000", + "frame.time_delta_displayed": "0.003170000", + "frame.time_relative": "1019.387470000", + "frame.number": "3830", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a39", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e3a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54615", + "tcp.dstport": "80", + "tcp.port": "54615", + "tcp.port": "80", + "tcp.stream": "152", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000fd4c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3829", + "tcp.analysis.ack_rtt": "0.003170000", + "tcp.analysis.initial_rtt": "0.007989000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.848780000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.848780000", + "frame.time_delta": "0.000624000", + "frame.time_delta_displayed": "0.000624000", + "frame.time_relative": "1019.388094000", + "frame.number": "3831", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a3a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e39", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54615", + "tcp.dstport": "80", + "tcp.port": "54615", + "tcp.port": "80", + "tcp.stream": "152", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000fd4b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.849228000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.849228000", + "frame.time_delta": "0.000448000", + "frame.time_delta_displayed": "0.000448000", + "frame.time_relative": "1019.388542000", + "frame.number": "3832", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005c95", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005bde", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54615", + "tcp.port": "80", + "tcp.port": "54615", + "tcp.stream": "152", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ef7f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3831", + "tcp.analysis.ack_rtt": "0.000448000", + "tcp.analysis.initial_rtt": "0.007989000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.880210000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.880210000", + "frame.time_delta": "0.030982000", + "frame.time_delta_displayed": "0.030982000", + "frame.time_relative": "1019.419524000", + "frame.number": "3833", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.880653000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.880653000", + "frame.time_delta": "0.000443000", + "frame.time_delta_displayed": "0.000443000", + "frame.time_relative": "1019.419967000", + "frame.number": "3834", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.884791000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.884791000", + "frame.time_delta": "0.004138000", + "frame.time_delta_displayed": "0.004138000", + "frame.time_relative": "1019.424105000", + "frame.number": "3835", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a4ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001256", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "50", + "http.prev_response_in": "3822" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.901281000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.901281000", + "frame.time_delta": "0.016490000", + "frame.time_delta_displayed": "0.016490000", + "frame.time_relative": "1019.440595000", + "frame.number": "3836", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001a3b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e2c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54616", + "tcp.dstport": "80", + "tcp.port": "54616", + "tcp.port": "80", + "tcp.stream": "153", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000bdda", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.901826000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.901826000", + "frame.time_delta": "0.000545000", + "frame.time_delta_displayed": "0.000545000", + "frame.time_relative": "1019.441140000", + "frame.number": "3837", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54616", + "tcp.port": "80", + "tcp.port": "54616", + "tcp.stream": "153", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000608e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3836", + "tcp.analysis.ack_rtt": "0.000545000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.904743000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.904743000", + "frame.time_delta": "0.002917000", + "frame.time_delta_displayed": "0.002917000", + "frame.time_relative": "1019.444057000", + "frame.number": "3838", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a3c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e37", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54616", + "tcp.dstport": "80", + "tcp.port": "54616", + "tcp.port": "80", + "tcp.stream": "153", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000126d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3837", + "tcp.analysis.ack_rtt": "0.002917000", + "tcp.analysis.initial_rtt": "0.003462000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.905353000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.905353000", + "frame.time_delta": "0.000610000", + "frame.time_delta_displayed": "0.000610000", + "frame.time_relative": "1019.444667000", + "frame.number": "3839", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001a3d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d8f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54616", + "tcp.dstport": "80", + "tcp.port": "54616", + "tcp.port": "80", + "tcp.stream": "153", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000027e6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003462000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.906118000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.906118000", + "frame.time_delta": "0.000765000", + "frame.time_delta_displayed": "0.000765000", + "frame.time_relative": "1019.445432000", + "frame.number": "3840", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d6eb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e187", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54616", + "tcp.port": "80", + "tcp.port": "54616", + "tcp.stream": "153", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000003fe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3839", + "tcp.analysis.ack_rtt": "0.000765000", + "tcp.analysis.initial_rtt": "0.003462000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.906737000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.906737000", + "frame.time_delta": "0.000619000", + "frame.time_delta_displayed": "0.000619000", + "frame.time_relative": "1019.446051000", + "frame.number": "3841", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000d6ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e175", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54616", + "tcp.port": "80", + "tcp.port": "54616", + "tcp.stream": "153", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000441f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003462000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.907092000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.907092000", + "frame.time_delta": "0.000355000", + "frame.time_delta_displayed": "0.000355000", + "frame.time_relative": "1019.446406000", + "frame.number": "3842", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000d6ed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dda2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54616", + "tcp.port": "80", + "tcp.port": "54616", + "tcp.stream": "153", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009688", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003462000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "3841", + "tcp.segment": "3842", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001739000", + "http.request_in": "3839", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.909970000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.909970000", + "frame.time_delta": "0.002878000", + "frame.time_delta_displayed": "0.002878000", + "frame.time_relative": "1019.449284000", + "frame.number": "3843", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a3e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e35", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54616", + "tcp.dstport": "80", + "tcp.port": "54616", + "tcp.port": "80", + "tcp.stream": "153", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000dd5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3842", + "tcp.analysis.ack_rtt": "0.002878000", + "tcp.analysis.initial_rtt": "0.003462000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.909944000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.909944000", + "frame.time_delta": "-0.000026000", + "frame.time_delta_displayed": "-0.000026000", + "frame.time_relative": "1019.449258000", + "frame.number": "3844", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000d6ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dda1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54616", + "tcp.port": "80", + "tcp.port": "54616", + "tcp.stream": "153", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009688", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003462000", + "tcp.analysis.bytes_in_flight": "996", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.910566000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.910566000", + "frame.time_delta": "0.000622000", + "frame.time_delta_displayed": "0.000622000", + "frame.time_relative": "1019.449880000", + "frame.number": "3845", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a3f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e34", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54616", + "tcp.dstport": "80", + "tcp.port": "54616", + "tcp.port": "80", + "tcp.stream": "153", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000dd4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3844", + "tcp.analysis.ack_rtt": "0.000622000", + "tcp.analysis.initial_rtt": "0.003462000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.910992000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.910992000", + "frame.time_delta": "0.000426000", + "frame.time_delta_displayed": "0.000426000", + "frame.time_relative": "1019.450306000", + "frame.number": "3846", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005c9b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005bd8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54616", + "tcp.port": "80", + "tcp.port": "54616", + "tcp.stream": "153", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000008", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3845", + "tcp.analysis.ack_rtt": "0.000426000", + "tcp.analysis.initial_rtt": "0.003462000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.913180000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.913180000", + "frame.time_delta": "0.002188000", + "frame.time_delta_displayed": "0.002188000", + "frame.time_relative": "1019.452494000", + "frame.number": "3847", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001a40", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e27", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54616", + "tcp.dstport": "80", + "tcp.port": "54616", + "tcp.port": "80", + "tcp.stream": "153", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000774", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:10:1e:d6:14:10:1e:d9:f7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003462000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "3843", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.938839000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.938839000", + "frame.time_delta": "0.025659000", + "frame.time_delta_displayed": "0.025659000", + "frame.time_relative": "1019.478153000", + "frame.number": "3848", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a4ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000125a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "51", + "http.prev_response_in": "3835" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.945876000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.945876000", + "frame.time_delta": "0.007037000", + "frame.time_delta_displayed": "0.007037000", + "frame.time_relative": "1019.485190000", + "frame.number": "3849", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001a41", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e26", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54617", + "tcp.dstport": "80", + "tcp.port": "54617", + "tcp.port": "80", + "tcp.stream": "154", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000b096", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.946425000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.946425000", + "frame.time_delta": "0.000549000", + "frame.time_delta_displayed": "0.000549000", + "frame.time_relative": "1019.485739000", + "frame.number": "3850", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54617", + "tcp.port": "80", + "tcp.port": "54617", + "tcp.stream": "154", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000071a8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3849", + "tcp.analysis.ack_rtt": "0.000549000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.948884000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.948884000", + "frame.time_delta": "0.002459000", + "frame.time_delta_displayed": "0.002459000", + "frame.time_relative": "1019.488198000", + "frame.number": "3851", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a42", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e31", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54617", + "tcp.dstport": "80", + "tcp.port": "54617", + "tcp.port": "80", + "tcp.stream": "154", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002387", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3850", + "tcp.analysis.ack_rtt": "0.002459000", + "tcp.analysis.initial_rtt": "0.003008000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.949463000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.949463000", + "frame.time_delta": "0.000579000", + "frame.time_delta_displayed": "0.000579000", + "frame.time_relative": "1019.488777000", + "frame.number": "3852", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001a43", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d89", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54617", + "tcp.dstport": "80", + "tcp.port": "54617", + "tcp.port": "80", + "tcp.stream": "154", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003900", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003008000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.949950000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.949950000", + "frame.time_delta": "0.000487000", + "frame.time_delta_displayed": "0.000487000", + "frame.time_relative": "1019.489264000", + "frame.number": "3853", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006c8c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004be7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54617", + "tcp.port": "80", + "tcp.port": "54617", + "tcp.stream": "154", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001518", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3852", + "tcp.analysis.ack_rtt": "0.000487000", + "tcp.analysis.initial_rtt": "0.003008000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.950690000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.950690000", + "frame.time_delta": "0.000740000", + "frame.time_delta_displayed": "0.000740000", + "frame.time_relative": "1019.490004000", + "frame.number": "3854", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00006c8d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004bd5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54617", + "tcp.port": "80", + "tcp.port": "54617", + "tcp.stream": "154", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005539", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003008000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.951050000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.951050000", + "frame.time_delta": "0.000360000", + "frame.time_delta_displayed": "0.000360000", + "frame.time_relative": "1019.490364000", + "frame.number": "3855", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00006c8e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004802", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54617", + "tcp.port": "80", + "tcp.port": "54617", + "tcp.stream": "154", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a7a2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003008000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "3854", + "tcp.segment": "3855", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001587000", + "http.request_in": "3852", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.953585000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.953585000", + "frame.time_delta": "0.002535000", + "frame.time_delta_displayed": "0.002535000", + "frame.time_relative": "1019.492899000", + "frame.number": "3856", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a44", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e2f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54617", + "tcp.dstport": "80", + "tcp.port": "54617", + "tcp.port": "80", + "tcp.stream": "154", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001eef", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3855", + "tcp.analysis.ack_rtt": "0.002535000", + "tcp.analysis.initial_rtt": "0.003008000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.954281000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.954281000", + "frame.time_delta": "0.000696000", + "frame.time_delta_displayed": "0.000696000", + "frame.time_relative": "1019.493595000", + "frame.number": "3857", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a45", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e2e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54617", + "tcp.dstport": "80", + "tcp.port": "54617", + "tcp.port": "80", + "tcp.stream": "154", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001eee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:30.954789000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494610.954789000", + "frame.time_delta": "0.000508000", + "frame.time_delta_displayed": "0.000508000", + "frame.time_relative": "1019.494103000", + "frame.number": "3858", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005c9d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005bd6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54617", + "tcp.port": "80", + "tcp.port": "54617", + "tcp.stream": "154", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001122", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3857", + "tcp.analysis.ack_rtt": "0.000508000", + "tcp.analysis.initial_rtt": "0.003008000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.887383000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.887383000", + "frame.time_delta": "0.932594000", + "frame.time_delta_displayed": "0.932594000", + "frame.time_relative": "1020.426697000", + "frame.number": "3859", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a54d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000011fe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "52", + "http.prev_response_in": "3848" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.890539000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.890539000", + "frame.time_delta": "0.003156000", + "frame.time_delta_displayed": "0.003156000", + "frame.time_relative": "1020.429853000", + "frame.number": "3860", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001a46", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e21", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54618", + "tcp.dstport": "80", + "tcp.port": "54618", + "tcp.port": "80", + "tcp.stream": "155", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00009d96", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.891094000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.891094000", + "frame.time_delta": "0.000555000", + "frame.time_delta_displayed": "0.000555000", + "frame.time_relative": "1020.430408000", + "frame.number": "3861", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54618", + "tcp.port": "80", + "tcp.port": "54618", + "tcp.stream": "155", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008505", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3860", + "tcp.analysis.ack_rtt": "0.000555000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.894334000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.894334000", + "frame.time_delta": "0.003240000", + "frame.time_delta_displayed": "0.003240000", + "frame.time_relative": "1020.433648000", + "frame.number": "3862", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a47", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e2c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54618", + "tcp.dstport": "80", + "tcp.port": "54618", + "tcp.port": "80", + "tcp.stream": "155", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000036e4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3861", + "tcp.analysis.ack_rtt": "0.003240000", + "tcp.analysis.initial_rtt": "0.003795000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.895377000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.895377000", + "frame.time_delta": "0.001043000", + "frame.time_delta_displayed": "0.001043000", + "frame.time_relative": "1020.434691000", + "frame.number": "3863", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001a48", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d84", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54618", + "tcp.dstport": "80", + "tcp.port": "54618", + "tcp.port": "80", + "tcp.stream": "155", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004c5d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003795000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.895856000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.895856000", + "frame.time_delta": "0.000479000", + "frame.time_delta_displayed": "0.000479000", + "frame.time_relative": "1020.435170000", + "frame.number": "3864", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cc41", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ec31", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54618", + "tcp.port": "80", + "tcp.port": "54618", + "tcp.stream": "155", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002875", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3863", + "tcp.analysis.ack_rtt": "0.000479000", + "tcp.analysis.initial_rtt": "0.003795000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.896495000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.896495000", + "frame.time_delta": "0.000639000", + "frame.time_delta_displayed": "0.000639000", + "frame.time_relative": "1020.435809000", + "frame.number": "3865", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000cc42", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ec1f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54618", + "tcp.port": "80", + "tcp.port": "54618", + "tcp.stream": "155", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006896", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003795000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.896850000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.896850000", + "frame.time_delta": "0.000355000", + "frame.time_delta_displayed": "0.000355000", + "frame.time_relative": "1020.436164000", + "frame.number": "3866", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000cc43", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e84c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54618", + "tcp.port": "80", + "tcp.port": "54618", + "tcp.stream": "155", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000baff", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003795000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "3865", + "tcp.segment": "3866", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001473000", + "http.request_in": "3863", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.899958000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.899958000", + "frame.time_delta": "0.003108000", + "frame.time_delta_displayed": "0.003108000", + "frame.time_relative": "1020.439272000", + "frame.number": "3867", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000cc44", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e84b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54618", + "tcp.port": "80", + "tcp.port": "54618", + "tcp.stream": "155", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000baff", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003795000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.900225000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.900225000", + "frame.time_delta": "0.000267000", + "frame.time_delta_displayed": "0.000267000", + "frame.time_relative": "1020.439539000", + "frame.number": "3868", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a49", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e2a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54618", + "tcp.dstport": "80", + "tcp.port": "54618", + "tcp.port": "80", + "tcp.stream": "155", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000324c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3866", + "tcp.analysis.ack_rtt": "0.003375000", + "tcp.analysis.initial_rtt": "0.003795000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.900678000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.900678000", + "frame.time_delta": "0.000453000", + "frame.time_delta_displayed": "0.000453000", + "frame.time_relative": "1020.439992000", + "frame.number": "3869", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a4a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e29", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54618", + "tcp.dstport": "80", + "tcp.port": "54618", + "tcp.port": "80", + "tcp.stream": "155", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000324b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.901102000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.901102000", + "frame.time_delta": "0.000424000", + "frame.time_delta_displayed": "0.000424000", + "frame.time_relative": "1020.440416000", + "frame.number": "3870", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005ce0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005b93", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54618", + "tcp.port": "80", + "tcp.port": "54618", + "tcp.stream": "155", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000247f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3869", + "tcp.analysis.ack_rtt": "0.000424000", + "tcp.analysis.initial_rtt": "0.003795000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.902433000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.902433000", + "frame.time_delta": "0.001331000", + "frame.time_delta_displayed": "0.001331000", + "frame.time_relative": "1020.441747000", + "frame.number": "3871", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001a4b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e1c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54618", + "tcp.dstport": "80", + "tcp.port": "54618", + "tcp.port": "80", + "tcp.stream": "155", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b561", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:d4:5b:cd:1b:d4:5b:d0:fe", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003795000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "3868", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.940332000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.940332000", + "frame.time_delta": "0.037899000", + "frame.time_delta_displayed": "0.037899000", + "frame.time_relative": "1020.479646000", + "frame.number": "3872", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a54e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000011f4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "53", + "http.prev_response_in": "3859" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.951171000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.951171000", + "frame.time_delta": "0.010839000", + "frame.time_delta_displayed": "0.010839000", + "frame.time_relative": "1020.490485000", + "frame.number": "3873", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001a4c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e1b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54619", + "tcp.dstport": "80", + "tcp.port": "54619", + "tcp.port": "80", + "tcp.stream": "156", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00007d94", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.951717000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.951717000", + "frame.time_delta": "0.000546000", + "frame.time_delta_displayed": "0.000546000", + "frame.time_relative": "1020.491031000", + "frame.number": "3874", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54619", + "tcp.port": "80", + "tcp.port": "54619", + "tcp.stream": "156", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000c4cd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3873", + "tcp.analysis.ack_rtt": "0.000546000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.954348000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.954348000", + "frame.time_delta": "0.002631000", + "frame.time_delta_displayed": "0.002631000", + "frame.time_relative": "1020.493662000", + "frame.number": "3875", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a4d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e26", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54619", + "tcp.dstport": "80", + "tcp.port": "54619", + "tcp.port": "80", + "tcp.stream": "156", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000076ac", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3874", + "tcp.analysis.ack_rtt": "0.002631000", + "tcp.analysis.initial_rtt": "0.003177000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.954967000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.954967000", + "frame.time_delta": "0.000619000", + "frame.time_delta_displayed": "0.000619000", + "frame.time_relative": "1020.494281000", + "frame.number": "3876", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001a4e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d7e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54619", + "tcp.dstport": "80", + "tcp.port": "54619", + "tcp.port": "80", + "tcp.stream": "156", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008c25", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003177000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.955447000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.955447000", + "frame.time_delta": "0.000480000", + "frame.time_delta_displayed": "0.000480000", + "frame.time_relative": "1020.494761000", + "frame.number": "3877", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fa7c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bdf6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54619", + "tcp.port": "80", + "tcp.port": "54619", + "tcp.stream": "156", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000683d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3876", + "tcp.analysis.ack_rtt": "0.000480000", + "tcp.analysis.initial_rtt": "0.003177000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.956042000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.956042000", + "frame.time_delta": "0.000595000", + "frame.time_delta_displayed": "0.000595000", + "frame.time_relative": "1020.495356000", + "frame.number": "3878", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000fa7d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bde4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54619", + "tcp.port": "80", + "tcp.port": "54619", + "tcp.stream": "156", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a85e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003177000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.956391000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.956391000", + "frame.time_delta": "0.000349000", + "frame.time_delta_displayed": "0.000349000", + "frame.time_relative": "1020.495705000", + "frame.number": "3879", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000fa7e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ba11", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54619", + "tcp.port": "80", + "tcp.port": "54619", + "tcp.stream": "156", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000fac7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003177000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "3878", + "tcp.segment": "3879", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001424000", + "http.request_in": "3876", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.958439000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.958439000", + "frame.time_delta": "0.002048000", + "frame.time_delta_displayed": "0.002048000", + "frame.time_relative": "1020.497753000", + "frame.number": "3880", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a4f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e24", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54619", + "tcp.dstport": "80", + "tcp.port": "54619", + "tcp.port": "80", + "tcp.stream": "156", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007214", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3879", + "tcp.analysis.ack_rtt": "0.002048000", + "tcp.analysis.initial_rtt": "0.003177000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.959009000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.959009000", + "frame.time_delta": "0.000570000", + "frame.time_delta_displayed": "0.000570000", + "frame.time_relative": "1020.498323000", + "frame.number": "3881", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a50", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e23", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54619", + "tcp.dstport": "80", + "tcp.port": "54619", + "tcp.port": "80", + "tcp.stream": "156", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007213", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.959465000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.959465000", + "frame.time_delta": "0.000456000", + "frame.time_delta_displayed": "0.000456000", + "frame.time_relative": "1020.498779000", + "frame.number": "3882", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005ce3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005b90", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54619", + "tcp.port": "80", + "tcp.port": "54619", + "tcp.stream": "156", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006447", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3881", + "tcp.analysis.ack_rtt": "0.000456000", + "tcp.analysis.initial_rtt": "0.003177000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.993157000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.993157000", + "frame.time_delta": "0.033692000", + "frame.time_delta_displayed": "0.033692000", + "frame.time_relative": "1020.532471000", + "frame.number": "3883", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a551", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000011f7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "54", + "http.prev_response_in": "3872" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.997514000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.997514000", + "frame.time_delta": "0.004357000", + "frame.time_delta_displayed": "0.004357000", + "frame.time_relative": "1020.536828000", + "frame.number": "3884", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001a51", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e16", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54620", + "tcp.dstport": "80", + "tcp.port": "54620", + "tcp.port": "80", + "tcp.stream": "157", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000090da", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:31.998073000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494611.998073000", + "frame.time_delta": "0.000559000", + "frame.time_delta_displayed": "0.000559000", + "frame.time_relative": "1020.537387000", + "frame.number": "3885", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54620", + "tcp.port": "80", + "tcp.port": "54620", + "tcp.stream": "157", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00003854", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3884", + "tcp.analysis.ack_rtt": "0.000559000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:32.001642000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494612.001642000", + "frame.time_delta": "0.003569000", + "frame.time_delta_displayed": "0.003569000", + "frame.time_relative": "1020.540956000", + "frame.number": "3886", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a52", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e21", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54620", + "tcp.dstport": "80", + "tcp.port": "54620", + "tcp.port": "80", + "tcp.stream": "157", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ea32", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3885", + "tcp.analysis.ack_rtt": "0.003569000", + "tcp.analysis.initial_rtt": "0.004128000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:32.002225000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494612.002225000", + "frame.time_delta": "0.000583000", + "frame.time_delta_displayed": "0.000583000", + "frame.time_relative": "1020.541539000", + "frame.number": "3887", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001a53", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d79", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54620", + "tcp.dstport": "80", + "tcp.port": "54620", + "tcp.port": "80", + "tcp.stream": "157", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ffab", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004128000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:32.002702000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494612.002702000", + "frame.time_delta": "0.000477000", + "frame.time_delta_displayed": "0.000477000", + "frame.time_relative": "1020.542016000", + "frame.number": "3888", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fdef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ba83", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54620", + "tcp.port": "80", + "tcp.port": "54620", + "tcp.stream": "157", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000dbc3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3887", + "tcp.analysis.ack_rtt": "0.000477000", + "tcp.analysis.initial_rtt": "0.004128000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:32.003277000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494612.003277000", + "frame.time_delta": "0.000575000", + "frame.time_delta_displayed": "0.000575000", + "frame.time_relative": "1020.542591000", + "frame.number": "3889", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000fdf0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ba71", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54620", + "tcp.port": "80", + "tcp.port": "54620", + "tcp.stream": "157", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001be5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004128000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:32.003648000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494612.003648000", + "frame.time_delta": "0.000371000", + "frame.time_delta_displayed": "0.000371000", + "frame.time_relative": "1020.542962000", + "frame.number": "3890", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000fdf1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b69e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54620", + "tcp.port": "80", + "tcp.port": "54620", + "tcp.stream": "157", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006e4e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004128000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "3889", + "tcp.segment": "3890", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001423000", + "http.request_in": "3887", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:32.006322000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494612.006322000", + "frame.time_delta": "0.002674000", + "frame.time_delta_displayed": "0.002674000", + "frame.time_relative": "1020.545636000", + "frame.number": "3891", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a54", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e1f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54620", + "tcp.dstport": "80", + "tcp.port": "54620", + "tcp.port": "80", + "tcp.stream": "157", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e59a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3890", + "tcp.analysis.ack_rtt": "0.002674000", + "tcp.analysis.initial_rtt": "0.004128000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:32.006946000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494612.006946000", + "frame.time_delta": "0.000624000", + "frame.time_delta_displayed": "0.000624000", + "frame.time_relative": "1020.546260000", + "frame.number": "3892", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a55", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e1e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54620", + "tcp.dstport": "80", + "tcp.port": "54620", + "tcp.port": "80", + "tcp.stream": "157", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e599", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:32.007376000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494612.007376000", + "frame.time_delta": "0.000430000", + "frame.time_delta_displayed": "0.000430000", + "frame.time_relative": "1020.546690000", + "frame.number": "3893", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005ce8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005b8b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54620", + "tcp.port": "80", + "tcp.port": "54620", + "tcp.stream": "157", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d7cd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3892", + "tcp.analysis.ack_rtt": "0.000430000", + "tcp.analysis.initial_rtt": "0.004128000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:34.539869000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494614.539869000", + "frame.time_delta": "2.532493000", + "frame.time_delta_displayed": "2.532493000", + "frame.time_relative": "1023.079183000", + "frame.number": "3894", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057f8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a699", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "321", + "tcp.ack": "289", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000045f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:34.683169000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494614.683169000", + "frame.time_delta": "0.143300000", + "frame.time_delta_displayed": "0.143300000", + "frame.time_relative": "1023.222483000", + "frame.number": "3895", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fe5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdac", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "289", + "tcp.ack": "322", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000ed4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:36.522648000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494616.522648000", + "frame.time_delta": "1.839479000", + "frame.time_delta_displayed": "1.839479000", + "frame.time_relative": "1025.061962000", + "frame.number": "3896", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005cc6", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005b23", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:36.682097000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494616.682097000", + "frame.time_delta": "0.159449000", + "frame.time_delta_displayed": "0.159449000", + "frame.time_relative": "1025.221411000", + "frame.number": "3897", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020f7", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e71d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50789", + "udp.dstport": "1900", + "udp.port": "50789", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x000083f8", + "udp.checksum.status": "2", + "udp.stream": "96" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:37.263541000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494617.263541000", + "frame.time_delta": "0.581444000", + "frame.time_delta_displayed": "0.581444000", + "frame.time_relative": "1025.802855000", + "frame.number": "3898", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a659", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000010f2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "305", + "udp.checksum": "0x0000feb5", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:37.316555000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494617.316555000", + "frame.time_delta": "0.053014000", + "frame.time_delta_displayed": "0.053014000", + "frame.time_relative": "1025.855869000", + "frame.number": "3899", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a65d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000010e5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "314", + "udp.checksum": "0x00000ca1", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "3898" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:37.369366000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494617.369366000", + "frame.time_delta": "0.052811000", + "frame.time_delta_displayed": "0.052811000", + "frame.time_relative": "1025.908680000", + "frame.number": "3900", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a662", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000010e6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "308", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "3899" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:37.682749000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494617.682749000", + "frame.time_delta": "0.313383000", + "frame.time_delta_displayed": "0.313383000", + "frame.time_relative": "1026.222063000", + "frame.number": "3901", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020f8", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e71c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50789", + "udp.dstport": "1900", + "udp.port": "50789", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x000083f8", + "udp.checksum.status": "2", + "udp.stream": "96" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "3897" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:38.320782000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494618.320782000", + "frame.time_delta": "0.638033000", + "frame.time_delta_displayed": "0.638033000", + "frame.time_relative": "1026.860096000", + "frame.number": "3902", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a6a3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000010a8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "305", + "udp.checksum": "0x0000feb5", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "3900" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:38.373672000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494618.373672000", + "frame.time_delta": "0.052890000", + "frame.time_delta_displayed": "0.052890000", + "frame.time_relative": "1026.912986000", + "frame.number": "3903", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a6a4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000109e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "314", + "udp.checksum": "0x00000ca1", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "3902" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:38.426428000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494618.426428000", + "frame.time_delta": "0.052756000", + "frame.time_delta_displayed": "0.052756000", + "frame.time_relative": "1026.965742000", + "frame.number": "3904", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a6a9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000109f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "308", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "3903" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:38.683490000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494618.683490000", + "frame.time_delta": "0.257062000", + "frame.time_delta_displayed": "0.257062000", + "frame.time_relative": "1027.222804000", + "frame.number": "3905", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020f9", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e71b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50789", + "udp.dstport": "1900", + "udp.port": "50789", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x000083f8", + "udp.checksum.status": "2", + "udp.stream": "96" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "3901" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:38.799286000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494618.799286000", + "frame.time_delta": "0.115796000", + "frame.time_delta_displayed": "0.115796000", + "frame.time_relative": "1027.338600000", + "frame.number": "3906", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000eb4b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ee0d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:38.847957000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494618.847957000", + "frame.time_delta": "0.048671000", + "frame.time_delta_displayed": "0.048671000", + "frame.time_relative": "1027.387271000", + "frame.number": "3907", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a6b4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001097", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "305", + "udp.checksum": "0x0000feb5", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "3904" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:38.900746000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494618.900746000", + "frame.time_delta": "0.052789000", + "frame.time_delta_displayed": "0.052789000", + "frame.time_relative": "1027.440060000", + "frame.number": "3908", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a6b9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001089", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "314", + "udp.checksum": "0x00000ca1", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "3907" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:38.953585000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494618.953585000", + "frame.time_delta": "0.052839000", + "frame.time_delta_displayed": "0.052839000", + "frame.time_relative": "1027.492899000", + "frame.number": "3909", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a6be", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000108a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "308", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "3908" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:39.549773000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494619.549773000", + "frame.time_delta": "0.596188000", + "frame.time_delta_displayed": "0.596188000", + "frame.time_relative": "1028.089087000", + "frame.number": "3910", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:39.549967000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494619.549967000", + "frame.time_delta": "0.000194000", + "frame.time_delta_displayed": "0.000194000", + "frame.time_relative": "1028.089281000", + "frame.number": "3911", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:39.684333000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494619.684333000", + "frame.time_delta": "0.134366000", + "frame.time_delta_displayed": "0.134366000", + "frame.time_relative": "1028.223647000", + "frame.number": "3912", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020fa", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e71a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50789", + "udp.dstport": "1900", + "udp.port": "50789", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x000083f8", + "udp.checksum.status": "2", + "udp.stream": "96" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "3905" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:39.900513000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494619.900513000", + "frame.time_delta": "0.216180000", + "frame.time_delta_displayed": "0.216180000", + "frame.time_relative": "1028.439827000", + "frame.number": "3913", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a71b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001030", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "305", + "udp.checksum": "0x0000feb5", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "3909" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:39.953342000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494619.953342000", + "frame.time_delta": "0.052829000", + "frame.time_delta_displayed": "0.052829000", + "frame.time_relative": "1028.492656000", + "frame.number": "3914", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a71d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001025", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "314", + "udp.checksum": "0x00000ca1", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "3913" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:40.018431000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494620.018431000", + "frame.time_delta": "0.065089000", + "frame.time_delta_displayed": "0.065089000", + "frame.time_relative": "1028.557745000", + "frame.number": "3915", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a721", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001027", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "308", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "3914" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:41.057443000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494621.057443000", + "frame.time_delta": "1.039012000", + "frame.time_delta_displayed": "1.039012000", + "frame.time_relative": "1029.596757000", + "frame.number": "3916", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a74a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001001", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "305", + "udp.checksum": "0x0000feb5", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "3915" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:41.110682000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494621.110682000", + "frame.time_delta": "0.053239000", + "frame.time_delta_displayed": "0.053239000", + "frame.time_relative": "1029.649996000", + "frame.number": "3917", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a74f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000ff3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "314", + "udp.checksum": "0x00000ca1", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "3916" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:41.163331000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494621.163331000", + "frame.time_delta": "0.052649000", + "frame.time_delta_displayed": "0.052649000", + "frame.time_relative": "1029.702645000", + "frame.number": "3918", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a753", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000ff5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "308", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "3917" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:42.114876000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494622.114876000", + "frame.time_delta": "0.951545000", + "frame.time_delta_displayed": "0.951545000", + "frame.time_relative": "1030.654190000", + "frame.number": "3919", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a7a5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000fa6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "305", + "udp.checksum": "0x0000feb5", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "3918" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:42.167643000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494622.167643000", + "frame.time_delta": "0.052767000", + "frame.time_delta_displayed": "0.052767000", + "frame.time_relative": "1030.706957000", + "frame.number": "3920", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a7aa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000f98", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "314", + "udp.checksum": "0x00000ca1", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "3919" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:42.220428000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494622.220428000", + "frame.time_delta": "0.052785000", + "frame.time_delta_displayed": "0.052785000", + "frame.time_relative": "1030.759742000", + "frame.number": "3921", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a7af", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000f99", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "308", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "3920" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:42.483705000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494622.483705000", + "frame.time_delta": "0.263277000", + "frame.time_delta_displayed": "0.263277000", + "frame.time_relative": "1031.023019000", + "frame.number": "3922", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a7c5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000f86", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "305", + "udp.checksum": "0x0000feb5", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "3921" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:42.536784000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494622.536784000", + "frame.time_delta": "0.053079000", + "frame.time_delta_displayed": "0.053079000", + "frame.time_relative": "1031.076098000", + "frame.number": "3923", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a7ca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000f78", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "314", + "udp.checksum": "0x00000ca1", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "3922" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:42.589465000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494622.589465000", + "frame.time_delta": "0.052681000", + "frame.time_delta_displayed": "0.052681000", + "frame.time_relative": "1031.128779000", + "frame.number": "3924", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a7cd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000f7b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "308", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "3923" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:43.536341000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494623.536341000", + "frame.time_delta": "0.946876000", + "frame.time_delta_displayed": "0.946876000", + "frame.time_relative": "1032.075655000", + "frame.number": "3925", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a7ff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000f4c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "305", + "udp.checksum": "0x0000feb5", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "3924" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:43.589123000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494623.589123000", + "frame.time_delta": "0.052782000", + "frame.time_delta_displayed": "0.052782000", + "frame.time_relative": "1032.128437000", + "frame.number": "3926", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a804", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000f3e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "314", + "udp.checksum": "0x00000ca1", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "3925" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:43.642339000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494623.642339000", + "frame.time_delta": "0.053216000", + "frame.time_delta_displayed": "0.053216000", + "frame.time_relative": "1032.181653000", + "frame.number": "3927", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a809", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000f3f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50789", + "udp.port": "1900", + "udp.port": "50789", + "udp.length": "308", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "3926" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:45.604026000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494625.604026000", + "frame.time_delta": "1.961687000", + "frame.time_delta_displayed": "1.961687000", + "frame.time_relative": "1034.143340000", + "frame.number": "3928", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001dd5", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba1b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000a8f", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000273", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=627", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:45.604595000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494625.604595000", + "frame.time_delta": "0.000569000", + "frame.time_delta_displayed": "0.000569000", + "frame.time_relative": "1034.143909000", + "frame.number": "3929", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001dd6", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b16", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000eb8a", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000273", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=627", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:45.605155000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494625.605155000", + "frame.time_delta": "0.000560000", + "frame.time_delta_displayed": "0.000560000", + "frame.time_relative": "1034.144469000", + "frame.number": "3930", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007950", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000273", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=627", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:50.604861000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494630.604861000", + "frame.time_delta": "4.999706000", + "frame.time_delta_displayed": "4.999706000", + "frame.time_relative": "1039.144175000", + "frame.number": "3931", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001dd7", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba19", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000a8f", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000273", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=627", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:50.605355000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494630.605355000", + "frame.time_delta": "0.000494000", + "frame.time_delta_displayed": "0.000494000", + "frame.time_relative": "1039.144669000", + "frame.number": "3932", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001dd8", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b14", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000eb8a", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000273", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=627", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:50.605828000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494630.605828000", + "frame.time_delta": "0.000473000", + "frame.time_delta_displayed": "0.000473000", + "frame.time_relative": "1039.145142000", + "frame.number": "3933", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007950", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000273", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=627", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:55.357828000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494635.357828000", + "frame.time_delta": "4.752000000", + "frame.time_delta_displayed": "4.752000000", + "frame.time_relative": "1043.897142000", + "frame.number": "3934", + "frame.len": "98", + "frame.cap_len": "98", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "84", + "ip.id": "0x00000ad7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edd9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "64", + "udp.checksum": "0x00008c9e", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "38:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:c4:56:7c:5b:5f:cd:f2:14:13:00:00:00:00:70:a6:c7:74:f0:da:13:00:00:00:00:00:00:00:00:01:00:02:00", + "data.len": "56" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:55.605527000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494635.605527000", + "frame.time_delta": "0.247699000", + "frame.time_delta_displayed": "0.247699000", + "frame.time_relative": "1044.144841000", + "frame.number": "3935", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001dd9", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba17", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00000a8f", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000273", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=627", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:55.606029000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494635.606029000", + "frame.time_delta": "0.000502000", + "frame.time_delta_displayed": "0.000502000", + "frame.time_relative": "1044.145343000", + "frame.number": "3936", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001dda", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b12", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000eb8a", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000273", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=627", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:55.606481000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494635.606481000", + "frame.time_delta": "0.000452000", + "frame.time_delta_displayed": "0.000452000", + "frame.time_relative": "1044.145795000", + "frame.number": "3937", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007950", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000273", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=627", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:55.705664000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494635.705664000", + "frame.time_delta": "0.099183000", + "frame.time_delta_displayed": "0.099183000", + "frame.time_relative": "1044.244978000", + "frame.number": "3938", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:55.957427000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494635.957427000", + "frame.time_delta": "0.251763000", + "frame.time_delta_displayed": "0.251763000", + "frame.time_relative": "1044.496741000", + "frame.number": "3939", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:55.974396000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494635.974396000", + "frame.time_delta": "0.016969000", + "frame.time_delta_displayed": "0.016969000", + "frame.time_relative": "1044.513710000", + "frame.number": "3940", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:56.005845000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494636.005845000", + "frame.time_delta": "0.031449000", + "frame.time_delta_displayed": "0.031449000", + "frame.time_relative": "1044.545159000", + "frame.number": "3941", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:56.095366000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494636.095366000", + "frame.time_delta": "0.089521000", + "frame.time_delta_displayed": "0.089521000", + "frame.time_relative": "1044.634680000", + "frame.number": "3942", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:56.886210000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494636.886210000", + "frame.time_delta": "0.790844000", + "frame.time_delta_displayed": "0.790844000", + "frame.time_relative": "1045.425524000", + "frame.number": "3943", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009607", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007747", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "56269", + "tcp.nxtseq": "56318", + "tcp.ack": "12273", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c98d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:49:4e:a7:9e:d9:f8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2509134, TSecr 2812205560": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2509134", + "tcp.options.timestamp.tsecr": "2812205560" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:c4:4c:05:bb:78:45:c8:de:1c:c8:21:bd:32:ba:5b:d6:02:fc:aa:78:9d:60:fe:67:68:cb:24:90:25:1d:b9:47:70:81:0d:f0:a1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:56.946937000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494636.946937000", + "frame.time_delta": "0.060727000", + "frame.time_delta_displayed": "0.060727000", + "frame.time_relative": "1045.486251000", + "frame.number": "3944", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002d0f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003839", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "12273", + "tcp.nxtseq": "12328", + "tcp.ack": "56318", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f41b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9e:f8:51:00:26:49:4e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812213329, TSecr 2509134": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812213329", + "tcp.options.timestamp.tsecr": "2509134" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3943", + "tcp.analysis.ack_rtt": "0.060727000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:82:2f:70:3d:ea:ac:47:b7:ce:ce:5b:43:a7:a5:80:5b:c3:7f:0f:9e:fa:d7:92:d5:b9:65:ea:d4:28:c8:cc:c1:07:77:ed:0d:cb:26:79:c4:0d:fc:35" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:56.947425000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494636.947425000", + "frame.time_delta": "0.000488000", + "frame.time_delta_displayed": "0.000488000", + "frame.time_relative": "1045.486739000", + "frame.number": "3945", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009608", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007777", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "56318", + "tcp.ack": "12328", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000059d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:49:54:a7:9e:f8:51", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2509140, TSecr 2812213329": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2509140", + "tcp.options.timestamp.tsecr": "2812213329" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3944", + "tcp.analysis.ack_rtt": "0.000488000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:57.019555000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494637.019555000", + "frame.time_delta": "0.072130000", + "frame.time_delta_displayed": "0.072130000", + "frame.time_relative": "1045.558869000", + "frame.number": "3946", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000f037", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e956", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:57.025055000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494637.025055000", + "frame.time_delta": "0.005500000", + "frame.time_delta_displayed": "0.005500000", + "frame.time_relative": "1045.564369000", + "frame.number": "3947", + "frame.len": "211", + "frame.cap_len": "211", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "197", + "ip.id": "0x000044d7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000093ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "177", + "udp.checksum": "0x00009320", + "udp.checksum.status": "2", + "udp.stream": "45" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "4", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { + "dns.resp.name": "_smartthings._tcp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "19", + "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { + "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "4500", + "dns.resp.len": "38", + "dns.txt.length": "6", + "dns.txt": "path=\/", + "dns.txt.length": "19", + "dns.txt": "id=D052A8A1D7EE0001", + "dns.txt.length": "10", + "dns.txt": "type=hubv2" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { + "dns.srv.service": "D052A8A1D7EE0001", + "dns.srv.proto": "_smartthings", + "dns.srv.name": "_tcp.local", + "dns.resp.type": "33", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "25", + "dns.srv.priority": "0", + "dns.srv.weight": "0", + "dns.srv.port": "8081", + "dns.srv.target": "D052A8A1D7EE0001.local" + }, + "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { + "dns.resp.name": "D052A8A1D7EE0001.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "4", + "dns.a": "192.168.0.242" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:57.246798000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494637.246798000", + "frame.time_delta": "0.221743000", + "frame.time_delta_displayed": "0.221743000", + "frame.time_relative": "1045.786112000", + "frame.number": "3948", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000f039", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e954", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:57.471773000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494637.471773000", + "frame.time_delta": "0.224975000", + "frame.time_delta_displayed": "0.224975000", + "frame.time_relative": "1046.011087000", + "frame.number": "3949", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000f06b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e922", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:58.785655000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494638.785655000", + "frame.time_delta": "1.313882000", + "frame.time_delta_displayed": "1.313882000", + "frame.time_relative": "1047.324969000", + "frame.number": "3950", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000f086", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e8d2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:59.464410000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494639.464410000", + "frame.time_delta": "0.678755000", + "frame.time_delta_displayed": "0.678755000", + "frame.time_relative": "1048.003724000", + "frame.number": "3951", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000c352", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00000605", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:59.517232000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494639.517232000", + "frame.time_delta": "0.052822000", + "frame.time_delta_displayed": "0.052822000", + "frame.time_relative": "1048.056546000", + "frame.number": "3952", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000c357", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00000600", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:59.570183000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494639.570183000", + "frame.time_delta": "0.052951000", + "frame.time_delta_displayed": "0.052951000", + "frame.time_relative": "1048.109497000", + "frame.number": "3953", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000c35a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000005f4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:59.623164000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494639.623164000", + "frame.time_delta": "0.052981000", + "frame.time_delta_displayed": "0.052981000", + "frame.time_relative": "1048.162478000", + "frame.number": "3954", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000c35b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000005f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:59.676022000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494639.676022000", + "frame.time_delta": "0.052858000", + "frame.time_delta_displayed": "0.052858000", + "frame.time_relative": "1048.215336000", + "frame.number": "3955", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000c360", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000005f4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:03:59.728880000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494639.728880000", + "frame.time_delta": "0.052858000", + "frame.time_delta_displayed": "0.052858000", + "frame.time_relative": "1048.268194000", + "frame.number": "3956", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000c363", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000005f1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:01.180822000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494641.180822000", + "frame.time_delta": "1.451942000", + "frame.time_delta_displayed": "1.451942000", + "frame.time_relative": "1049.720136000", + "frame.number": "3957", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:01.950203000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494641.950203000", + "frame.time_delta": "0.769381000", + "frame.time_delta_displayed": "0.769381000", + "frame.time_relative": "1050.489517000", + "frame.number": "3958", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:01.950632000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494641.950632000", + "frame.time_delta": "0.000429000", + "frame.time_delta_displayed": "0.000429000", + "frame.time_relative": "1050.489946000", + "frame.number": "3959", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:04.007425000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494644.007425000", + "frame.time_delta": "2.056793000", + "frame.time_delta_displayed": "2.056793000", + "frame.time_relative": "1052.546739000", + "frame.number": "3960", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000ad9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edb7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x00008e70", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:29:44:dd:10:5f:61:cd:f2:14:6b:00:00:00:52:a0:21:21:33:33:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:04.106883000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494644.106883000", + "frame.time_delta": "0.099458000", + "frame.time_delta_displayed": "0.099458000", + "frame.time_relative": "1052.646197000", + "frame.number": "3961", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000adb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ede9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x00005d71", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2a:44:be:06:65:61:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:04.207540000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494644.207540000", + "frame.time_delta": "0.100657000", + "frame.time_delta_displayed": "0.100657000", + "frame.time_relative": "1052.746854000", + "frame.number": "3962", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000add", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ede7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x00001847", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2b:84:e1:0b:6b:61:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:04.314996000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494644.314996000", + "frame.time_delta": "0.107456000", + "frame.time_delta_displayed": "0.107456000", + "frame.time_relative": "1052.854310000", + "frame.number": "3963", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000adf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edb1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x00004023", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2c:c4:04:11:71:61:cd:f2:14:6b:00:00:00:52:a0:21:21:01:44:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:04.372375000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494644.372375000", + "frame.time_delta": "0.057379000", + "frame.time_delta_displayed": "0.057379000", + "frame.time_relative": "1052.911689000", + "frame.number": "3964", + "frame.len": "94", + "frame.cap_len": "94", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "80", + "ip.id": "0x000057f9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a670", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "40", + "tcp.seq": "322", + "tcp.nxtseq": "362", + "tcp.ack": "289", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000107f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "40", + "tcp.analysis.push_bytes_sent": "40" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "35", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:e4:53:ad:df:af:ce:e5:c3:fd:0d:2d:99:ab:41:94:66:6b:36:d9:46:83:88:7a:20:8a:71:4d:76" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:04.515680000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494644.515680000", + "frame.time_delta": "0.143305000", + "frame.time_delta_displayed": "0.143305000", + "frame.time_relative": "1053.054994000", + "frame.number": "3965", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00000fe6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd87", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "36", + "tcp.seq": "289", + "tcp.nxtseq": "325", + "tcp.ack": "362", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000508b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3964", + "tcp.analysis.ack_rtt": "0.143305000", + "tcp.analysis.bytes_in_flight": "36", + "tcp.analysis.push_bytes_sent": "36" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "31", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:6a:02:9c:cf:13:72:ec:28:b2:11:ba:45:cd:82:ec:58:28:ac:a5:27:ec:a0:de:f6" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:04.516193000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494644.516193000", + "frame.time_delta": "0.000513000", + "frame.time_delta_displayed": "0.000513000", + "frame.time_relative": "1053.055507000", + "frame.number": "3966", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057fa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a697", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "362", + "tcp.ack": "325", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000412", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "3965", + "tcp.analysis.ack_rtt": "0.000513000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:06.571983000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494646.571983000", + "frame.time_delta": "2.055790000", + "frame.time_delta_displayed": "2.055790000", + "frame.time_relative": "1055.111297000", + "frame.number": "3967", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005ccd", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005b1c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:07.307535000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494647.307535000", + "frame.time_delta": "0.735552000", + "frame.time_delta_displayed": "0.735552000", + "frame.time_relative": "1055.846849000", + "frame.number": "3968", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000ae1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edaf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x000056fe", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2a:44:de:c2:23:62:cd:f2:14:6b:00:00:00:52:a0:21:21:b7:de:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:07.457571000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494647.457571000", + "frame.time_delta": "0.150036000", + "frame.time_delta_displayed": "0.150036000", + "frame.time_relative": "1055.996885000", + "frame.number": "3969", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000ae3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ede1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x00002fb7", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2b:c4:af:b3:2c:62:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:07.556933000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494647.556933000", + "frame.time_delta": "0.099362000", + "frame.time_delta_displayed": "0.099362000", + "frame.time_relative": "1056.096247000", + "frame.number": "3970", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000ae5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000eddf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x0000ea8c", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2c:04:d3:b8:32:62:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:07.660429000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494647.660429000", + "frame.time_delta": "0.103496000", + "frame.time_delta_displayed": "0.103496000", + "frame.time_relative": "1056.199743000", + "frame.number": "3971", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000ae7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000eda9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x0000690d", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2d:04:b4:ae:38:62:cd:f2:14:6b:00:00:00:52:a0:21:21:f9:e1:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:09.520454000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494649.520454000", + "frame.time_delta": "1.860025000", + "frame.time_delta_displayed": "1.860025000", + "frame.time_relative": "1058.059768000", + "frame.number": "3972", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:09.521063000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494649.521063000", + "frame.time_delta": "0.000609000", + "frame.time_delta_displayed": "0.000609000", + "frame.time_relative": "1058.060377000", + "frame.number": "3973", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:11.258340000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494651.258340000", + "frame.time_delta": "1.737277000", + "frame.time_delta_displayed": "1.737277000", + "frame.time_relative": "1059.797654000", + "frame.number": "3974", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000ae9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000eda7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x00001db9", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2b:c4:15:33:0f:63:cd:f2:14:6b:00:00:00:52:a0:21:21:ff:ff:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:11.407179000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494651.407179000", + "frame.time_delta": "0.148839000", + "frame.time_delta_displayed": "0.148839000", + "frame.time_relative": "1059.946493000", + "frame.number": "3975", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000aeb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edd9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x00003e93", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2c:44:e7:23:18:63:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:11.560297000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494651.560297000", + "frame.time_delta": "0.153118000", + "frame.time_delta_displayed": "0.153118000", + "frame.time_relative": "1060.099611000", + "frame.number": "3976", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000aed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edd7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x00007e75", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2d:04:fb:23:21:63:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:11.712461000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494651.712461000", + "frame.time_delta": "0.152164000", + "frame.time_delta_displayed": "0.152164000", + "frame.time_relative": "1060.251775000", + "frame.number": "3977", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000aef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000eda1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x0000fa45", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2e:44:8a:05:2a:63:cd:f2:14:6b:00:00:00:52:a0:21:21:d0:e0:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:18.799912000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494658.799912000", + "frame.time_delta": "7.087451000", + "frame.time_delta_displayed": "7.087451000", + "frame.time_relative": "1067.339226000", + "frame.number": "3978", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000f121", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e837", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:25.857616000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494665.857616000", + "frame.time_delta": "7.057704000", + "frame.time_delta_displayed": "7.057704000", + "frame.time_relative": "1074.396930000", + "frame.number": "3979", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000af1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed9f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x0000d89b", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2e:04:a1:3f:75:66:cd:f2:14:6b:00:00:00:52:a0:21:21:f5:28:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:25.956097000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494665.956097000", + "frame.time_delta": "0.098481000", + "frame.time_delta_displayed": "0.098481000", + "frame.time_relative": "1074.495411000", + "frame.number": "3980", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000af3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edd1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x00006992", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2f:04:82:35:7b:66:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:26.057079000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494666.057079000", + "frame.time_delta": "0.100982000", + "frame.time_delta_displayed": "0.100982000", + "frame.time_relative": "1074.596393000", + "frame.number": "3981", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000af5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edcf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x000073aa", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:30:04:63:2b:81:66:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:26.160590000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494666.160590000", + "frame.time_delta": "0.103511000", + "frame.time_delta_displayed": "0.103511000", + "frame.time_relative": "1074.699904000", + "frame.number": "3982", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000af7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed99", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x0000d991", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:31:44:86:30:87:66:cd:f2:14:6b:00:00:00:52:a0:21:21:c3:38:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:27.968500000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494667.968500000", + "frame.time_delta": "1.807910000", + "frame.time_delta_displayed": "1.807910000", + "frame.time_relative": "1076.507814000", + "frame.number": "3983", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009609", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007745", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "56318", + "tcp.nxtseq": "56367", + "tcp.ack": "12328", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ff04", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:55:72:a7:9e:f8:51", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2512242, TSecr 2812213329": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2512242", + "tcp.options.timestamp.tsecr": "2812213329" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:c5:41:cc:47:3e:d5:64:ca:b0:86:55:72:a8:fe:3b:4b:a4:6a:a9:20:2f:74:35:d6:66:4e:e5:aa:17:26:b2:1a:52:3b:3c:9d:d6" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:28.029144000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494668.029144000", + "frame.time_delta": "0.060644000", + "frame.time_delta_displayed": "0.060644000", + "frame.time_relative": "1076.568458000", + "frame.number": "3984", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002d10", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003838", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "12328", + "tcp.nxtseq": "12383", + "tcp.ack": "56367", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002ed3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9f:16:ab:00:26:55:72", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812221099, TSecr 2512242": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812221099", + "tcp.options.timestamp.tsecr": "2512242" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3983", + "tcp.analysis.ack_rtt": "0.060644000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:83:b2:ce:1b:c9:49:2f:59:79:72:7a:d2:75:de:30:fe:f5:33:f2:a1:8b:c3:25:7c:e1:21:4b:95:ed:c6:b5:f0:95:aa:f2:a5:d6:50:34:c1:79:c9:2c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:28.029653000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494668.029653000", + "frame.time_delta": "0.000509000", + "frame.time_delta_displayed": "0.000509000", + "frame.time_relative": "1076.568967000", + "frame.number": "3985", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000960a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007775", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "56367", + "tcp.ack": "12383", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002eeb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:55:78:a7:9f:16:ab", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2512248, TSecr 2812221099": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2512248", + "tcp.options.timestamp.tsecr": "2812221099" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3984", + "tcp.analysis.ack_rtt": "0.000509000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:28.851094000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494668.851094000", + "frame.time_delta": "0.821441000", + "frame.time_delta_displayed": "0.821441000", + "frame.time_relative": "1077.390408000", + "frame.number": "3986", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:29.560760000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494669.560760000", + "frame.time_delta": "0.709666000", + "frame.time_delta_displayed": "0.709666000", + "frame.time_relative": "1078.100074000", + "frame.number": "3987", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:30.407648000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494670.407648000", + "frame.time_delta": "0.846888000", + "frame.time_delta_displayed": "0.846888000", + "frame.time_relative": "1078.946962000", + "frame.number": "3988", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000af9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed97", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x0000dc70", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2b:84:1e:73:84:67:cd:f2:14:6b:00:00:00:52:a0:21:21:3c:ca:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:30.506618000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494670.506618000", + "frame.time_delta": "0.098970000", + "frame.time_delta_displayed": "0.098970000", + "frame.time_relative": "1079.045932000", + "frame.number": "3989", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000afb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edc9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x0000b508", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2c:84:ff:68:8a:67:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:30.609345000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494670.609345000", + "frame.time_delta": "0.102727000", + "frame.time_delta_displayed": "0.102727000", + "frame.time_relative": "1079.148659000", + "frame.number": "3990", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000afd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edc7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x0000ace7", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2d:c4:19:31:90:67:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:30.711696000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494670.711696000", + "frame.time_delta": "0.102351000", + "frame.time_delta_displayed": "0.102351000", + "frame.time_relative": "1079.251010000", + "frame.number": "3991", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000aff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed91", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x0000c00a", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2e:44:7f:45:96:67:cd:f2:14:6b:00:00:00:52:a0:21:21:c6:ba:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:31.557026000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494671.557026000", + "frame.time_delta": "0.845330000", + "frame.time_delta_displayed": "0.845330000", + "frame.time_relative": "1080.096340000", + "frame.number": "3992", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x0000960b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007614", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "56367", + "tcp.nxtseq": "56719", + "tcp.ack": "12383", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000066ea", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:56:d9:a7:9f:16:ab", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2512601, TSecr 2812221099": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2512601", + "tcp.options.timestamp.tsecr": "2812221099" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "352", + "tcp.analysis.push_bytes_sent": "352" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "347", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:c6:cc:07:1a:bb:27:b3:29:42:72:b0:ab:b0:43:9e:60:05:22:83:a9:0d:09:47:a3:a6:9e:7f:38:0c:eb:9d:71:40:09:97:8e:49:05:31:1e:37:a4:da:40:47:f7:dd:eb:d7:8e:38:d8:1f:17:ca:36:72:6f:6a:a3:b5:d0:b2:bc:d0:df:ad:05:38:25:1e:33:d8:94:07:c5:62:13:0c:c1:12:64:a4:6b:80:3f:74:8d:89:44:52:8a:fd:75:8f:03:57:7e:61:4e:a1:44:fa:7b:bf:7a:d7:41:6c:1a:99:01:58:e6:36:1a:32:db:a3:0e:c1:ea:71:32:ae:86:95:d7:76:16:d2:81:0d:0e:0d:ea:4b:f4:42:ef:e2:8d:a4:fa:4c:22:d5:90:ee:38:0a:bb:3b:dd:1e:cb:a0:33:7d:a3:3f:e4:e4:e0:86:e3:d2:af:c0:1a:57:55:71:6e:fc:d9:f7:1b:c9:09:a8:9e:ec:e6:ca:e7:26:a3:d9:88:99:2b:68:2f:c0:1b:ff:1d:5b:fb:c4:d7:87:c7:17:4c:d6:d9:24:f4:db:34:b7:59:71:96:53:23:96:fd:15:7f:80:a9:8b:d1:f1:15:40:a5:87:60:95:db:3a:05:09:b0:eb:88:4d:af:af:59:99:5b:68:69:b7:bc:cb:1f:0c:38:3d:57:69:87:e6:15:2f:14:5d:1d:3c:cb:bf:f3:ca:22:1b:06:93:3a:df:a0:23:d3:b3:98:56:97:b0:28:ab:82:ad:53:0f:25:f8:fe:de:ba:52:45:0d:c6:8c:45:91:fd:b8:d6:16:89:be:c5:86:19:7a:b0:78:6a:d1:2b:41:af:15:e1:e2:70:9d:cf:08:d7:ad:b1:46:4f:33:90:a8:37:a0:2c:56:66:47:43" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:31.617797000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494671.617797000", + "frame.time_delta": "0.060771000", + "frame.time_delta_displayed": "0.060771000", + "frame.time_relative": "1080.157111000", + "frame.number": "3993", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d11", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000383f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "12383", + "tcp.nxtseq": "12430", + "tcp.ack": "56719", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000028f3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9f:1a:2c:00:26:56:d9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812221996, TSecr 2512601": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812221996", + "tcp.options.timestamp.tsecr": "2512601" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3992", + "tcp.analysis.ack_rtt": "0.060771000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:84:fb:47:db:d0:89:39:7e:2f:0b:37:72:d5:e0:54:4a:d6:4b:85:02:92:a3:47:29:40:06:21:03:3e:78:7d:79:c9:0e:0d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:31.618246000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494671.618246000", + "frame.time_delta": "0.000449000", + "frame.time_delta_displayed": "0.000449000", + "frame.time_relative": "1080.157560000", + "frame.number": "3994", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000960c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007773", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "56719", + "tcp.ack": "12430", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002874", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:56:df:a7:9f:1a:2c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2512607, TSecr 2812221996": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2512607", + "tcp.options.timestamp.tsecr": "2812221996" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "3993", + "tcp.analysis.ack_rtt": "0.000449000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:33.030195000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494673.030195000", + "frame.time_delta": "1.411949000", + "frame.time_delta_displayed": "1.411949000", + "frame.time_relative": "1081.569509000", + "frame.number": "3995", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:33.030634000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494673.030634000", + "frame.time_delta": "0.000439000", + "frame.time_delta_displayed": "0.000439000", + "frame.time_relative": "1081.569948000", + "frame.number": "3996", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:34.579774000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494674.579774000", + "frame.time_delta": "1.549140000", + "frame.time_delta_displayed": "1.549140000", + "frame.time_relative": "1083.119088000", + "frame.number": "3997", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057fb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a696", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "361", + "tcp.ack": "325", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000413", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:34.722765000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494674.722765000", + "frame.time_delta": "0.142991000", + "frame.time_delta_displayed": "0.142991000", + "frame.time_relative": "1083.262079000", + "frame.number": "3998", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fe7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fdaa", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "325", + "tcp.ack": "362", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000e88", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:36.590008000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494676.590008000", + "frame.time_delta": "1.867243000", + "frame.time_delta_displayed": "1.867243000", + "frame.time_relative": "1085.129322000", + "frame.number": "3999", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005cd4", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005b15", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:38.826381000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494678.826381000", + "frame.time_delta": "2.236373000", + "frame.time_delta_displayed": "2.236373000", + "frame.time_relative": "1087.365695000", + "frame.number": "4000", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00000172", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000d7e7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:39.740060000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494679.740060000", + "frame.time_delta": "0.913679000", + "frame.time_delta_displayed": "0.913679000", + "frame.time_relative": "1088.279374000", + "frame.number": "4001", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:39.740459000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494679.740459000", + "frame.time_delta": "0.000399000", + "frame.time_delta_displayed": "0.000399000", + "frame.time_relative": "1088.279773000", + "frame.number": "4002", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:40.206376000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494680.206376000", + "frame.time_delta": "0.465917000", + "frame.time_delta_displayed": "0.465917000", + "frame.time_relative": "1088.745690000", + "frame.number": "4003", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00000b02", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edb6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "56", + "udp.checksum": "0x0000c15f", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "30:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:c4:70:28:cc:69:cd:f2:14:21:00:00:00:01:00:00:00:01:00:00:00:06:00:00:00", + "data.len": "48" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:40.607087000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494680.607087000", + "frame.time_delta": "0.400711000", + "frame.time_delta_displayed": "0.400711000", + "frame.time_relative": "1089.146401000", + "frame.number": "4004", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001de0", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba10", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000098e", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000274", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=628", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:40.607633000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494680.607633000", + "frame.time_delta": "0.000546000", + "frame.time_delta_displayed": "0.000546000", + "frame.time_relative": "1089.146947000", + "frame.number": "4005", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001de1", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b0b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ea89", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000274", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=628", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:40.608706000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494680.608706000", + "frame.time_delta": "0.001073000", + "frame.time_delta_displayed": "0.001073000", + "frame.time_relative": "1089.148020000", + "frame.number": "4006", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000784f", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000274", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=628", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:40.956765000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494680.956765000", + "frame.time_delta": "0.348059000", + "frame.time_delta_displayed": "0.348059000", + "frame.time_relative": "1089.496079000", + "frame.number": "4007", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b04", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed8c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x0000d92a", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2f:44:88:dc:f8:69:cd:f2:14:6b:00:00:00:52:a0:21:21:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:41.056874000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494681.056874000", + "frame.time_delta": "0.100109000", + "frame.time_delta_displayed": "0.100109000", + "frame.time_relative": "1089.596188000", + "frame.number": "4008", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b06", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edbe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x000039e4", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:30:84:ab:e1:fe:69:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:41.157219000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494681.157219000", + "frame.time_delta": "0.100345000", + "frame.time_delta_displayed": "0.100345000", + "frame.time_relative": "1089.696533000", + "frame.number": "4009", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b08", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edbc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x000043fc", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:31:84:8c:d7:04:6a:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:41.267886000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494681.267886000", + "frame.time_delta": "0.110667000", + "frame.time_delta_displayed": "0.110667000", + "frame.time_relative": "1089.807200000", + "frame.number": "4010", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b0a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed86", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x000071e6", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:32:c4:af:dc:0a:6a:cd:f2:14:6b:00:00:00:73:94:e7:34:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:43.207266000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494683.207266000", + "frame.time_delta": "1.939380000", + "frame.time_delta_displayed": "1.939380000", + "frame.time_relative": "1091.746580000", + "frame.number": "4011", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b0c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed84", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x000042c3", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:37:04:11:08:7f:6a:cd:f2:14:6b:00:00:00:33:27:ea:ea:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:43.306762000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494683.306762000", + "frame.time_delta": "0.099496000", + "frame.time_delta_displayed": "0.099496000", + "frame.time_relative": "1091.846076000", + "frame.number": "4012", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b0e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edb6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x0000ec51", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:38:c4:af:ee:84:6a:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:43.406252000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494683.406252000", + "frame.time_delta": "0.099490000", + "frame.time_delta_displayed": "0.099490000", + "frame.time_relative": "1091.945566000", + "frame.number": "4013", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b10", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edb4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x0000a727", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:39:04:d3:f3:8a:6a:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:43.511584000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494683.511584000", + "frame.time_delta": "0.105332000", + "frame.time_delta_displayed": "0.105332000", + "frame.time_relative": "1092.050898000", + "frame.number": "4014", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b12", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed7e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x00001fd2", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3a:44:f6:f8:90:6a:cd:f2:14:6b:00:00:00:8b:24:84:e4:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:45.607380000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494685.607380000", + "frame.time_delta": "2.095796000", + "frame.time_delta_displayed": "2.095796000", + "frame.time_relative": "1094.146694000", + "frame.number": "4015", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001de2", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba0e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000098e", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000274", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=628", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:45.607930000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494685.607930000", + "frame.time_delta": "0.000550000", + "frame.time_delta_displayed": "0.000550000", + "frame.time_relative": "1094.147244000", + "frame.number": "4016", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001de3", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b09", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ea89", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000274", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=628", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:45.608499000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494685.608499000", + "frame.time_delta": "0.000569000", + "frame.time_delta_displayed": "0.000569000", + "frame.time_relative": "1094.147813000", + "frame.number": "4017", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000784f", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000274", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=628", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:46.208542000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494686.208542000", + "frame.time_delta": "0.600043000", + "frame.time_delta_displayed": "0.600043000", + "frame.time_relative": "1094.747856000", + "frame.number": "4018", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b14", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed7c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x0000b6da", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:32:44:a8:aa:31:6b:cd:f2:14:6b:00:00:00:1d:0c:a9:a9:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:46.306284000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494686.306284000", + "frame.time_delta": "0.097742000", + "frame.time_delta_displayed": "0.097742000", + "frame.time_relative": "1094.845598000", + "frame.number": "4019", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b16", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x0000090d", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:33:04:47:91:37:6b:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:46.456286000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494686.456286000", + "frame.time_delta": "0.150002000", + "frame.time_delta_displayed": "0.150002000", + "frame.time_relative": "1094.995600000", + "frame.number": "4020", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b18", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000edac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x000048ef", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:34:c4:5a:91:40:6b:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:46.608704000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494686.608704000", + "frame.time_delta": "0.152418000", + "frame.time_delta_displayed": "0.152418000", + "frame.time_relative": "1095.148018000", + "frame.number": "4021", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b1a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed76", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x00004e86", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:35:04:ea:72:49:6b:cd:f2:14:6b:00:00:00:74:0d:32:a0:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:48.648637000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494688.648637000", + "frame.time_delta": "2.039933000", + "frame.time_delta_displayed": "2.039933000", + "frame.time_relative": "1097.187951000", + "frame.number": "4022", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b1c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed74", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x000002ad", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:33:04:7e:a8:c0:6b:cd:f2:14:6b:00:00:00:55:15:67:68:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:48.756300000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494688.756300000", + "frame.time_delta": "0.107663000", + "frame.time_delta_displayed": "0.107663000", + "frame.time_relative": "1097.295614000", + "frame.number": "4023", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b1e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000eda6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x00006e38", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:34:c4:88:6b:c9:6b:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:48.856499000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494688.856499000", + "frame.time_delta": "0.100199000", + "frame.time_delta_displayed": "0.100199000", + "frame.time_relative": "1097.395813000", + "frame.number": "4024", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b20", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000eda4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x0000290e", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:35:04:ac:70:cf:6b:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:49.011828000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494689.011828000", + "frame.time_delta": "0.155329000", + "frame.time_delta_displayed": "0.155329000", + "frame.time_relative": "1097.551142000", + "frame.number": "4025", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b22", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed6e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x00002f04", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:36:04:02:80:d8:6b:cd:f2:14:6b:00:00:00:c5:0c:f3:7a:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:50.613756000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494690.613756000", + "frame.time_delta": "1.601928000", + "frame.time_delta_displayed": "1.601928000", + "frame.time_relative": "1099.153070000", + "frame.number": "4026", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001de4", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba0c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000098e", + "udp.checksum.status": "2", + "udp.stream": "16" + }, + "mdns": { + "dns.id": "0x00000274", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=628", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:50.614174000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494690.614174000", + "frame.time_delta": "0.000418000", + "frame.time_delta_displayed": "0.000418000", + "frame.time_relative": "1099.153488000", + "frame.number": "4027", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001de5", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b07", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1318", + "udp.dstport": "5353", + "udp.port": "1318", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000ea89", + "udp.checksum.status": "2", + "udp.stream": "17" + }, + "mdns": { + "dns.id": "0x00000274", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=628", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:50.614600000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494690.614600000", + "frame.time_delta": "0.000426000", + "frame.time_delta_displayed": "0.000426000", + "frame.time_relative": "1099.153914000", + "frame.number": "4028", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1319", + "udp.dstport": "5353", + "udp.port": "1319", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000784f", + "udp.checksum.status": "2", + "udp.stream": "18" + }, + "mdns": { + "dns.id": "0x00000274", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=628", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=60559" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:51.507667000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494691.507667000", + "frame.time_delta": "0.893067000", + "frame.time_delta_displayed": "0.893067000", + "frame.time_relative": "1100.046981000", + "frame.number": "4029", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b24", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed6c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x00000aff", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3b:44:34:55:6d:6c:cd:f2:14:6b:00:00:00:e1:db:e4:e4:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:51.609742000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494691.609742000", + "frame.time_delta": "0.102075000", + "frame.time_delta_displayed": "0.102075000", + "frame.time_relative": "1100.149056000", + "frame.number": "4030", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b26", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed9e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x00000dfa", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3c:44:15:4b:73:6c:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:51.707325000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494691.707325000", + "frame.time_delta": "0.097583000", + "frame.time_delta_displayed": "0.097583000", + "frame.time_relative": "1100.246639000", + "frame.number": "4031", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b28", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed9c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x0000b696", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3d:c4:71:22:79:6c:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:51.809823000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494691.809823000", + "frame.time_delta": "0.102498000", + "frame.time_delta_displayed": "0.102498000", + "frame.time_relative": "1100.349137000", + "frame.number": "4032", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b2a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed66", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x00004c83", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3e:04:95:27:7f:6c:cd:f2:14:6b:00:00:00:f4:e1:fd:e4:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:52.158853000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494692.158853000", + "frame.time_delta": "0.349030000", + "frame.time_delta_displayed": "0.349030000", + "frame.time_relative": "1100.698167000", + "frame.number": "4033", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b2c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed64", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x0000a050", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:37:04:a4:e5:93:6c:cd:f2:14:6b:00:00:00:89:f7:56:e5:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:52.310337000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494692.310337000", + "frame.time_delta": "0.151484000", + "frame.time_delta_displayed": "0.151484000", + "frame.time_relative": "1100.849651000", + "frame.number": "4034", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b2e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed96", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x0000a3ef", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:38:04:fa:f4:9c:6c:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:52.456895000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494692.456895000", + "frame.time_delta": "0.146558000", + "frame.time_delta_displayed": "0.146558000", + "frame.time_relative": "1100.996209000", + "frame.number": "4035", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b30", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed94", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x00008256", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:39:44:89:d6:a5:6c:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:52.560094000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494692.560094000", + "frame.time_delta": "0.103199000", + "frame.time_delta_displayed": "0.103199000", + "frame.time_relative": "1101.099408000", + "frame.number": "4036", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b32", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed5e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x00004a56", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3a:44:6a:cc:ab:6c:cd:f2:14:6b:00:00:00:0f:0e:00:e8:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:52.594071000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494692.594071000", + "frame.time_delta": "0.033977000", + "frame.time_delta_displayed": "0.033977000", + "frame.time_relative": "1101.133385000", + "frame.number": "4037", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000d22d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000f729", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:52.646956000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494692.646956000", + "frame.time_delta": "0.052885000", + "frame.time_delta_displayed": "0.052885000", + "frame.time_relative": "1101.186270000", + "frame.number": "4038", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000d231", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000f725", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:52.699797000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494692.699797000", + "frame.time_delta": "0.052841000", + "frame.time_delta_displayed": "0.052841000", + "frame.time_relative": "1101.239111000", + "frame.number": "4039", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000d232", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000f71b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:52.808110000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494692.808110000", + "frame.time_delta": "0.108313000", + "frame.time_delta_displayed": "0.108313000", + "frame.time_relative": "1101.347424000", + "frame.number": "4040", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000d234", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000f719", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:52.808122000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494692.808122000", + "frame.time_delta": "0.000012000", + "frame.time_delta_displayed": "0.000012000", + "frame.time_relative": "1101.347436000", + "frame.number": "4041", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000d237", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000f71c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:52.858751000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494692.858751000", + "frame.time_delta": "0.050629000", + "frame.time_delta_displayed": "0.050629000", + "frame.time_relative": "1101.398065000", + "frame.number": "4042", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000d23a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000f719", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:53.707284000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494693.707284000", + "frame.time_delta": "0.848533000", + "frame.time_delta_displayed": "0.848533000", + "frame.time_relative": "1102.246598000", + "frame.number": "4043", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b34", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed5c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x00008881", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:36:84:c3:48:f0:6c:cd:f2:14:6b:00:00:00:18:33:fc:fd:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:53.857051000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494693.857051000", + "frame.time_delta": "0.149767000", + "frame.time_delta_displayed": "0.149767000", + "frame.time_relative": "1102.396365000", + "frame.number": "4044", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b36", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed8e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x00005ef9", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:37:04:95:39:f9:6c:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:53.956465000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494693.956465000", + "frame.time_delta": "0.099414000", + "frame.time_delta_displayed": "0.099414000", + "frame.time_relative": "1102.495779000", + "frame.number": "4045", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b38", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed8c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x000019cf", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:38:44:b8:3e:ff:6c:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:54.061623000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494694.061623000", + "frame.time_delta": "0.105158000", + "frame.time_delta_displayed": "0.105158000", + "frame.time_relative": "1102.600937000", + "frame.number": "4046", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b3a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed56", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x0000a05a", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:39:84:db:43:05:6d:cd:f2:14:6b:00:00:00:13:33:ee:f4:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:54.609884000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494694.609884000", + "frame.time_delta": "0.548261000", + "frame.time_delta_displayed": "0.548261000", + "frame.time_relative": "1103.149198000", + "frame.number": "4047", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b3c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed54", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x00007a53", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3f:c4:ee:fc:25:6d:cd:f2:14:6b:00:00:00:f4:32:3a:c2:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:54.710369000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494694.710369000", + "frame.time_delta": "0.100485000", + "frame.time_delta_displayed": "0.100485000", + "frame.time_relative": "1103.249683000", + "frame.number": "4048", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b3e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed86", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x00009640", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:40:04:12:02:2c:6d:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:54.889853000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494694.889853000", + "frame.time_delta": "0.179484000", + "frame.time_delta_displayed": "0.179484000", + "frame.time_relative": "1103.429167000", + "frame.number": "4049", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b40", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed84", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x00005116", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:41:44:35:07:32:6d:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:54.958863000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494694.958863000", + "frame.time_delta": "0.069010000", + "frame.time_delta_displayed": "0.069010000", + "frame.time_relative": "1103.498177000", + "frame.number": "4050", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b42", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed4e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x00003cf7", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:42:04:40:ca:3a:6d:cd:f2:14:6b:00:00:00:43:31:1b:b7:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:57.457088000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494697.457088000", + "frame.time_delta": "2.498225000", + "frame.time_delta_displayed": "2.498225000", + "frame.time_relative": "1105.996402000", + "frame.number": "4051", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b44", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed4c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x00003c45", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:43:04:39:cd:cf:6d:cd:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:57.556374000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494697.556374000", + "frame.time_delta": "0.099286000", + "frame.time_delta_displayed": "0.099286000", + "frame.time_relative": "1106.095688000", + "frame.number": "4052", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b46", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed7e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x0000d48a", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:44:04:1a:c3:d5:6d:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:57.657978000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494697.657978000", + "frame.time_delta": "0.101604000", + "frame.time_delta_displayed": "0.101604000", + "frame.time_relative": "1106.197292000", + "frame.number": "4053", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b48", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed7c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x00008f60", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:45:44:3d:c8:db:6d:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:57.759893000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494697.759893000", + "frame.time_delta": "0.101915000", + "frame.time_delta_displayed": "0.101915000", + "frame.time_relative": "1106.299207000", + "frame.number": "4054", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b4a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed46", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x0000114d", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:46:44:1e:be:e1:6d:cd:f2:14:6b:00:00:00:3a:26:1b:e3:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:58.365165000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494698.365165000", + "frame.time_delta": "0.605272000", + "frame.time_delta_displayed": "0.605272000", + "frame.time_relative": "1106.904479000", + "frame.number": "4055", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b4c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed44", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x000080b9", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3a:84:a6:90:05:6e:cd:f2:14:6b:00:00:00:8c:1e:47:de:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:58.462160000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494698.462160000", + "frame.time_delta": "0.096995000", + "frame.time_delta_displayed": "0.096995000", + "frame.time_relative": "1107.001474000", + "frame.number": "4056", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b4e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed76", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x00002f75", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3b:04:03:68:0b:6e:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:58.561396000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494698.561396000", + "frame.time_delta": "0.099236000", + "frame.time_delta_displayed": "0.099236000", + "frame.time_relative": "1107.100710000", + "frame.number": "4057", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b50", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed74", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x0000ea4a", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3c:44:26:6d:11:6e:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:58.658753000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494698.658753000", + "frame.time_delta": "0.097357000", + "frame.time_delta_displayed": "0.097357000", + "frame.time_relative": "1107.198067000", + "frame.number": "4058", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b52", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed3e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x00006791", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3d:04:c5:53:17:6e:cd:f2:14:6b:00:00:00:6c:13:3d:de:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:04:58.754256000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494698.754256000", + "frame.time_delta": "0.095503000", + "frame.time_delta_displayed": "0.095503000", + "frame.time_relative": "1107.293570000", + "frame.number": "4059", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00000f5c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c9fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:00.109020000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494700.109020000", + "frame.time_delta": "1.354764000", + "frame.time_delta_displayed": "1.354764000", + "frame.time_relative": "1108.648334000", + "frame.number": "4060", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b54", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed3c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x0000c54d", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2f:84:03:c1:6d:6e:cd:f2:14:6b:00:00:00:71:c1:ec:ec:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:00.206849000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494700.206849000", + "frame.time_delta": "0.097829000", + "frame.time_delta_displayed": "0.097829000", + "frame.time_relative": "1108.746163000", + "frame.number": "4061", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b56", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed6e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x00006036", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:30:84:e4:b6:73:6e:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:00.306405000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494700.306405000", + "frame.time_delta": "0.099556000", + "frame.time_delta_displayed": "0.099556000", + "frame.time_relative": "1108.845719000", + "frame.number": "4062", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b58", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed6c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x00001b0c", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:31:c4:07:bc:79:6e:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:00.409178000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494700.409178000", + "frame.time_delta": "0.102773000", + "frame.time_delta_displayed": "0.102773000", + "frame.time_relative": "1108.948492000", + "frame.number": "4063", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b5a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed36", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x0000784a", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:32:c4:e8:b1:7f:6e:cd:f2:14:6b:00:00:00:70:cb:09:ec:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:02.634062000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494702.634062000", + "frame.time_delta": "2.224884000", + "frame.time_delta_displayed": "2.224884000", + "frame.time_relative": "1111.173376000", + "frame.number": "4064", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x0000960d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007741", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "56719", + "tcp.nxtseq": "56768", + "tcp.ack": "12430", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000076ed", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:62:fd:a7:9f:1a:2c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2515709, TSecr 2812221996": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2515709", + "tcp.options.timestamp.tsecr": "2812221996" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:c7:b0:23:c2:33:7b:1a:cd:fd:97:23:ff:99:c6:9b:59:c6:cf:8f:b3:17:ea:8e:63:c1:bd:c3:11:14:c9:3e:ce:32:8e:99:d6:71" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:02.694906000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494702.694906000", + "frame.time_delta": "0.060844000", + "frame.time_delta_displayed": "0.060844000", + "frame.time_relative": "1111.234220000", + "frame.number": "4065", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002d12", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003836", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "12430", + "tcp.nxtseq": "12485", + "tcp.ack": "56768", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bcec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9f:38:86:00:26:62:fd", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812229766, TSecr 2515709": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812229766", + "tcp.options.timestamp.tsecr": "2515709" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4064", + "tcp.analysis.ack_rtt": "0.060844000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:85:4e:69:ab:05:73:e1:96:b5:a7:73:cc:5f:bf:70:4e:2d:a8:39:c2:1f:15:18:18:7b:06:da:da:87:9e:e6:9c:82:a0:67:28:04:f4:b3:8f:8a:45:6a" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:02.695392000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494702.695392000", + "frame.time_delta": "0.000486000", + "frame.time_delta_displayed": "0.000486000", + "frame.time_relative": "1111.234706000", + "frame.number": "4066", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000960e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007771", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "56768", + "tcp.ack": "12485", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fd8d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:63:03:a7:9f:38:86", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2515715, TSecr 2812229766": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2515715", + "tcp.options.timestamp.tsecr": "2812229766" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4065", + "tcp.analysis.ack_rtt": "0.000486000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:04.719745000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494704.719745000", + "frame.time_delta": "2.024353000", + "frame.time_delta_displayed": "2.024353000", + "frame.time_relative": "1113.259059000", + "frame.number": "4067", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057fc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a695", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "361", + "tcp.ack": "325", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000413", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:04.899389000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494704.899389000", + "frame.time_delta": "0.179644000", + "frame.time_delta_displayed": "0.179644000", + "frame.time_relative": "1113.438703000", + "frame.number": "4068", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fe8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fda9", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "325", + "tcp.ack": "362", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000e88", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:06.588758000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494706.588758000", + "frame.time_delta": "1.689369000", + "frame.time_delta_displayed": "1.689369000", + "frame.time_relative": "1115.128072000", + "frame.number": "4069", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005cdb", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005b0e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:07.023088000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494707.023088000", + "frame.time_delta": "0.434330000", + "frame.time_delta_displayed": "0.434330000", + "frame.time_relative": "1115.562402000", + "frame.number": "4070", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x00001836", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c158", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:07.036777000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494707.036777000", + "frame.time_delta": "0.013689000", + "frame.time_delta_displayed": "0.013689000", + "frame.time_relative": "1115.576091000", + "frame.number": "4071", + "frame.len": "211", + "frame.cap_len": "211", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "197", + "ip.id": "0x000046ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000091e4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "177", + "udp.checksum": "0x00009320", + "udp.checksum.status": "2", + "udp.stream": "45" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "4", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { + "dns.resp.name": "_smartthings._tcp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "19", + "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { + "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "4500", + "dns.resp.len": "38", + "dns.txt.length": "6", + "dns.txt": "path=\/", + "dns.txt.length": "19", + "dns.txt": "id=D052A8A1D7EE0001", + "dns.txt.length": "10", + "dns.txt": "type=hubv2" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { + "dns.srv.service": "D052A8A1D7EE0001", + "dns.srv.proto": "_smartthings", + "dns.srv.name": "_tcp.local", + "dns.resp.type": "33", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "25", + "dns.srv.priority": "0", + "dns.srv.weight": "0", + "dns.srv.port": "8081", + "dns.srv.target": "D052A8A1D7EE0001.local" + }, + "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { + "dns.resp.name": "D052A8A1D7EE0001.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "4", + "dns.a": "192.168.0.242" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:07.248911000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494707.248911000", + "frame.time_delta": "0.212134000", + "frame.time_delta_displayed": "0.212134000", + "frame.time_relative": "1115.788225000", + "frame.number": "4072", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x00001855", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c139", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:07.474838000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494707.474838000", + "frame.time_delta": "0.225927000", + "frame.time_delta_displayed": "0.225927000", + "frame.time_relative": "1116.014152000", + "frame.number": "4073", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000188e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c100", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:07.700190000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494707.700190000", + "frame.time_delta": "0.225352000", + "frame.time_delta_displayed": "0.225352000", + "frame.time_relative": "1116.239504000", + "frame.number": "4074", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:07.700580000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494707.700580000", + "frame.time_delta": "0.000390000", + "frame.time_delta_displayed": "0.000390000", + "frame.time_relative": "1116.239894000", + "frame.number": "4075", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:09.729658000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494709.729658000", + "frame.time_delta": "2.029078000", + "frame.time_delta_displayed": "2.029078000", + "frame.time_relative": "1118.268972000", + "frame.number": "4076", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:09.729849000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494709.729849000", + "frame.time_delta": "0.000191000", + "frame.time_delta_displayed": "0.000191000", + "frame.time_relative": "1118.269163000", + "frame.number": "4077", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:18.763484000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494718.763484000", + "frame.time_delta": "9.033635000", + "frame.time_delta_displayed": "9.033635000", + "frame.time_relative": "1127.302798000", + "frame.number": "4078", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00002096", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000b8c3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:27.629748000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494727.629748000", + "frame.time_delta": "8.866264000", + "frame.time_delta_displayed": "8.866264000", + "frame.time_relative": "1136.169062000", + "frame.number": "4079", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001deb", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba05", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001082", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000275", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=629", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:27.630388000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494727.630388000", + "frame.time_delta": "0.000640000", + "frame.time_delta_displayed": "0.000640000", + "frame.time_relative": "1136.169702000", + "frame.number": "4080", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001dec", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009b00", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f17d", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000275", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=629", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:27.630894000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494727.630894000", + "frame.time_delta": "0.000506000", + "frame.time_delta_displayed": "0.000506000", + "frame.time_relative": "1136.170208000", + "frame.number": "4081", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007f43", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000275", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=629", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:28.852684000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494728.852684000", + "frame.time_delta": "1.221790000", + "frame.time_delta_displayed": "1.221790000", + "frame.time_relative": "1137.391998000", + "frame.number": "4082", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.437785000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.437785000", + "frame.time_delta": "1.585101000", + "frame.time_delta_displayed": "1.585101000", + "frame.time_relative": "1138.977099000", + "frame.number": "4083", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x000020fb", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e749", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52117", + "udp.dstport": "1900", + "udp.port": "52117", + "udp.port": "1900", + "udp.length": "134", + "udp.checksum": "0x00004d48", + "udp.checksum.status": "2", + "udp.stream": "10" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "10", + "http.prev_request_in": "3821" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.820902000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.820902000", + "frame.time_delta": "0.383117000", + "frame.time_delta_displayed": "0.383117000", + "frame.time_relative": "1139.360216000", + "frame.number": "4084", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000c491", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f2b9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "55", + "http.prev_response_in": "3883" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.826107000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.826107000", + "frame.time_delta": "0.005205000", + "frame.time_delta_displayed": "0.005205000", + "frame.time_relative": "1139.365421000", + "frame.number": "4085", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001a72", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005df5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54624", + "tcp.dstport": "80", + "tcp.port": "54624", + "tcp.port": "80", + "tcp.stream": "158", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00000c36", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.826769000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.826769000", + "frame.time_delta": "0.000662000", + "frame.time_delta_displayed": "0.000662000", + "frame.time_relative": "1139.366083000", + "frame.number": "4086", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54624", + "tcp.port": "80", + "tcp.port": "54624", + "tcp.stream": "158", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00000c45", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4085", + "tcp.analysis.ack_rtt": "0.000662000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.829876000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.829876000", + "frame.time_delta": "0.003107000", + "frame.time_delta_displayed": "0.003107000", + "frame.time_relative": "1139.369190000", + "frame.number": "4087", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a73", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005e00", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54624", + "tcp.dstport": "80", + "tcp.port": "54624", + "tcp.port": "80", + "tcp.stream": "158", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000be23", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4086", + "tcp.analysis.ack_rtt": "0.003107000", + "tcp.analysis.initial_rtt": "0.003769000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.830480000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.830480000", + "frame.time_delta": "0.000604000", + "frame.time_delta_displayed": "0.000604000", + "frame.time_relative": "1139.369794000", + "frame.number": "4088", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001a74", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d58", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54624", + "tcp.dstport": "80", + "tcp.port": "54624", + "tcp.port": "80", + "tcp.stream": "158", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d39c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003769000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.830981000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.830981000", + "frame.time_delta": "0.000501000", + "frame.time_delta_displayed": "0.000501000", + "frame.time_relative": "1139.370295000", + "frame.number": "4089", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000dbc6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dcac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54624", + "tcp.port": "80", + "tcp.port": "54624", + "tcp.stream": "158", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000afb4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4088", + "tcp.analysis.ack_rtt": "0.000501000", + "tcp.analysis.initial_rtt": "0.003769000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.831540000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.831540000", + "frame.time_delta": "0.000559000", + "frame.time_delta_displayed": "0.000559000", + "frame.time_relative": "1139.370854000", + "frame.number": "4090", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000dbc7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dc9a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54624", + "tcp.port": "80", + "tcp.port": "54624", + "tcp.stream": "158", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000efd5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003769000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.831915000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.831915000", + "frame.time_delta": "0.000375000", + "frame.time_delta_displayed": "0.000375000", + "frame.time_relative": "1139.371229000", + "frame.number": "4091", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000dbc8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d8c7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54624", + "tcp.port": "80", + "tcp.port": "54624", + "tcp.stream": "158", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000423f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003769000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "4090", + "tcp.segment": "4091", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001435000", + "http.request_in": "4088", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.837540000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.837540000", + "frame.time_delta": "0.005625000", + "frame.time_delta_displayed": "0.005625000", + "frame.time_relative": "1139.376854000", + "frame.number": "4092", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a75", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dfe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54624", + "tcp.dstport": "80", + "tcp.port": "54624", + "tcp.port": "80", + "tcp.stream": "158", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b98b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4091", + "tcp.analysis.ack_rtt": "0.005625000", + "tcp.analysis.initial_rtt": "0.003769000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.838163000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.838163000", + "frame.time_delta": "0.000623000", + "frame.time_delta_displayed": "0.000623000", + "frame.time_relative": "1139.377477000", + "frame.number": "4093", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a76", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dfd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54624", + "tcp.dstport": "80", + "tcp.port": "54624", + "tcp.port": "80", + "tcp.stream": "158", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b98a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.838595000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.838595000", + "frame.time_delta": "0.000432000", + "frame.time_delta_displayed": "0.000432000", + "frame.time_relative": "1139.377909000", + "frame.number": "4094", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008ab1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002dc2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54624", + "tcp.port": "80", + "tcp.port": "54624", + "tcp.stream": "158", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000abbe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4093", + "tcp.analysis.ack_rtt": "0.000432000", + "tcp.analysis.initial_rtt": "0.003769000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.874296000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.874296000", + "frame.time_delta": "0.035701000", + "frame.time_delta_displayed": "0.035701000", + "frame.time_relative": "1139.413610000", + "frame.number": "4095", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000c493", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f2ae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "56", + "http.prev_response_in": "4084" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.888525000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.888525000", + "frame.time_delta": "0.014229000", + "frame.time_delta_displayed": "0.014229000", + "frame.time_relative": "1139.427839000", + "frame.number": "4096", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001a77", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005df0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54625", + "tcp.dstport": "80", + "tcp.port": "54625", + "tcp.port": "80", + "tcp.stream": "159", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000ae1c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.889082000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.889082000", + "frame.time_delta": "0.000557000", + "frame.time_delta_displayed": "0.000557000", + "frame.time_relative": "1139.428396000", + "frame.number": "4097", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54625", + "tcp.port": "80", + "tcp.port": "54625", + "tcp.stream": "159", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000cf53", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4096", + "tcp.analysis.ack_rtt": "0.000557000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.891610000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.891610000", + "frame.time_delta": "0.002528000", + "frame.time_delta_displayed": "0.002528000", + "frame.time_relative": "1139.430924000", + "frame.number": "4098", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a78", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dfb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54625", + "tcp.dstport": "80", + "tcp.port": "54625", + "tcp.port": "80", + "tcp.stream": "159", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008132", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4097", + "tcp.analysis.ack_rtt": "0.002528000", + "tcp.analysis.initial_rtt": "0.003085000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.892316000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.892316000", + "frame.time_delta": "0.000706000", + "frame.time_delta_displayed": "0.000706000", + "frame.time_relative": "1139.431630000", + "frame.number": "4099", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001a79", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d53", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54625", + "tcp.dstport": "80", + "tcp.port": "54625", + "tcp.port": "80", + "tcp.stream": "159", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000096ab", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003085000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.892794000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.892794000", + "frame.time_delta": "0.000478000", + "frame.time_delta_displayed": "0.000478000", + "frame.time_relative": "1139.432108000", + "frame.number": "4100", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000077b9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000040ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54625", + "tcp.port": "80", + "tcp.port": "54625", + "tcp.stream": "159", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000072c3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4099", + "tcp.analysis.ack_rtt": "0.000478000", + "tcp.analysis.initial_rtt": "0.003085000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.893360000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.893360000", + "frame.time_delta": "0.000566000", + "frame.time_delta_displayed": "0.000566000", + "frame.time_relative": "1139.432674000", + "frame.number": "4101", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000077ba", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000040a8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54625", + "tcp.port": "80", + "tcp.port": "54625", + "tcp.stream": "159", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b2e4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003085000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.893856000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.893856000", + "frame.time_delta": "0.000496000", + "frame.time_delta_displayed": "0.000496000", + "frame.time_relative": "1139.433170000", + "frame.number": "4102", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000077bb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003cd5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54625", + "tcp.port": "80", + "tcp.port": "54625", + "tcp.stream": "159", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000054e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003085000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "4101", + "tcp.segment": "4102", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001540000", + "http.request_in": "4099", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.896975000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.896975000", + "frame.time_delta": "0.003119000", + "frame.time_delta_displayed": "0.003119000", + "frame.time_relative": "1139.436289000", + "frame.number": "4103", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a7a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005df9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54625", + "tcp.dstport": "80", + "tcp.port": "54625", + "tcp.port": "80", + "tcp.stream": "159", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007c9a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4102", + "tcp.analysis.ack_rtt": "0.003119000", + "tcp.analysis.initial_rtt": "0.003085000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.897612000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.897612000", + "frame.time_delta": "0.000637000", + "frame.time_delta_displayed": "0.000637000", + "frame.time_relative": "1139.436926000", + "frame.number": "4104", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a7b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005df8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54625", + "tcp.dstport": "80", + "tcp.port": "54625", + "tcp.port": "80", + "tcp.stream": "159", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007c99", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.898057000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.898057000", + "frame.time_delta": "0.000445000", + "frame.time_delta_displayed": "0.000445000", + "frame.time_relative": "1139.437371000", + "frame.number": "4105", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008ab6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002dbd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54625", + "tcp.port": "80", + "tcp.port": "54625", + "tcp.stream": "159", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006ecd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4104", + "tcp.analysis.ack_rtt": "0.000445000", + "tcp.analysis.initial_rtt": "0.003085000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.927142000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.927142000", + "frame.time_delta": "0.029085000", + "frame.time_delta_displayed": "0.029085000", + "frame.time_relative": "1139.466456000", + "frame.number": "4106", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000c497", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f2b0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "57", + "http.prev_response_in": "4095" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.947745000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.947745000", + "frame.time_delta": "0.020603000", + "frame.time_delta_displayed": "0.020603000", + "frame.time_relative": "1139.487059000", + "frame.number": "4107", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001a7c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005deb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54626", + "tcp.dstport": "80", + "tcp.port": "54626", + "tcp.port": "80", + "tcp.stream": "160", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00007385", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.948327000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.948327000", + "frame.time_delta": "0.000582000", + "frame.time_delta_displayed": "0.000582000", + "frame.time_relative": "1139.487641000", + "frame.number": "4108", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54626", + "tcp.port": "80", + "tcp.port": "54626", + "tcp.stream": "160", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000032aa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4107", + "tcp.analysis.ack_rtt": "0.000582000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.961850000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.961850000", + "frame.time_delta": "0.013523000", + "frame.time_delta_displayed": "0.013523000", + "frame.time_relative": "1139.501164000", + "frame.number": "4109", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a7d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005df6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54626", + "tcp.dstport": "80", + "tcp.port": "54626", + "tcp.port": "80", + "tcp.stream": "160", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e488", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4108", + "tcp.analysis.ack_rtt": "0.013523000", + "tcp.analysis.initial_rtt": "0.014105000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.963112000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.963112000", + "frame.time_delta": "0.001262000", + "frame.time_delta_displayed": "0.001262000", + "frame.time_relative": "1139.502426000", + "frame.number": "4110", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001a7e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d4e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54626", + "tcp.dstport": "80", + "tcp.port": "54626", + "tcp.port": "80", + "tcp.stream": "160", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000fa01", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.014105000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.963599000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.963599000", + "frame.time_delta": "0.000487000", + "frame.time_delta_displayed": "0.000487000", + "frame.time_relative": "1139.502913000", + "frame.number": "4111", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d7aa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e0c8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54626", + "tcp.port": "80", + "tcp.port": "54626", + "tcp.stream": "160", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d619", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4110", + "tcp.analysis.ack_rtt": "0.000487000", + "tcp.analysis.initial_rtt": "0.014105000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.964254000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.964254000", + "frame.time_delta": "0.000655000", + "frame.time_delta_displayed": "0.000655000", + "frame.time_relative": "1139.503568000", + "frame.number": "4112", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000d7ab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e0b6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54626", + "tcp.port": "80", + "tcp.port": "54626", + "tcp.stream": "160", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000163b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.014105000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.964606000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.964606000", + "frame.time_delta": "0.000352000", + "frame.time_delta_displayed": "0.000352000", + "frame.time_relative": "1139.503920000", + "frame.number": "4113", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000d7ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dce3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54626", + "tcp.port": "80", + "tcp.port": "54626", + "tcp.stream": "160", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000068a4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.014105000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "4112", + "tcp.segment": "4113", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001494000", + "http.request_in": "4110", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.969354000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.969354000", + "frame.time_delta": "0.004748000", + "frame.time_delta_displayed": "0.004748000", + "frame.time_relative": "1139.508668000", + "frame.number": "4114", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a7f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005df4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54626", + "tcp.dstport": "80", + "tcp.port": "54626", + "tcp.port": "80", + "tcp.stream": "160", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000dff0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4113", + "tcp.analysis.ack_rtt": "0.004748000", + "tcp.analysis.initial_rtt": "0.014105000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.971546000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.971546000", + "frame.time_delta": "0.002192000", + "frame.time_delta_displayed": "0.002192000", + "frame.time_relative": "1139.510860000", + "frame.number": "4115", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a80", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005df3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54626", + "tcp.dstport": "80", + "tcp.port": "54626", + "tcp.port": "80", + "tcp.stream": "160", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000dfef", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:30.972010000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494730.972010000", + "frame.time_delta": "0.000464000", + "frame.time_delta_displayed": "0.000464000", + "frame.time_relative": "1139.511324000", + "frame.number": "4116", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008ab8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002dbb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54626", + "tcp.port": "80", + "tcp.port": "54626", + "tcp.stream": "160", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d223", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4115", + "tcp.analysis.ack_rtt": "0.000464000", + "tcp.analysis.initial_rtt": "0.014105000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.874849000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.874849000", + "frame.time_delta": "0.902839000", + "frame.time_delta_displayed": "0.902839000", + "frame.time_relative": "1140.414163000", + "frame.number": "4117", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000c4e6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f264", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "58", + "http.prev_response_in": "4106" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.877883000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.877883000", + "frame.time_delta": "0.003034000", + "frame.time_delta_displayed": "0.003034000", + "frame.time_relative": "1140.417197000", + "frame.number": "4118", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001a81", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005de6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54627", + "tcp.dstport": "80", + "tcp.port": "54627", + "tcp.port": "80", + "tcp.stream": "161", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000573c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.878420000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.878420000", + "frame.time_delta": "0.000537000", + "frame.time_delta_displayed": "0.000537000", + "frame.time_relative": "1140.417734000", + "frame.number": "4119", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54627", + "tcp.port": "80", + "tcp.port": "54627", + "tcp.stream": "161", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008915", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4118", + "tcp.analysis.ack_rtt": "0.000537000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.881754000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.881754000", + "frame.time_delta": "0.003334000", + "frame.time_delta_displayed": "0.003334000", + "frame.time_relative": "1140.421068000", + "frame.number": "4120", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a82", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005df1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54627", + "tcp.dstport": "80", + "tcp.port": "54627", + "tcp.port": "80", + "tcp.stream": "161", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003af4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4119", + "tcp.analysis.ack_rtt": "0.003334000", + "tcp.analysis.initial_rtt": "0.003871000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.883313000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.883313000", + "frame.time_delta": "0.001559000", + "frame.time_delta_displayed": "0.001559000", + "frame.time_relative": "1140.422627000", + "frame.number": "4121", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001a83", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d49", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54627", + "tcp.dstport": "80", + "tcp.port": "54627", + "tcp.port": "80", + "tcp.stream": "161", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000506d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003871000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.883789000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.883789000", + "frame.time_delta": "0.000476000", + "frame.time_delta_displayed": "0.000476000", + "frame.time_relative": "1140.423103000", + "frame.number": "4122", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000206e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009805", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54627", + "tcp.port": "80", + "tcp.port": "54627", + "tcp.stream": "161", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002c85", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4121", + "tcp.analysis.ack_rtt": "0.000476000", + "tcp.analysis.initial_rtt": "0.003871000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.884426000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.884426000", + "frame.time_delta": "0.000637000", + "frame.time_delta_displayed": "0.000637000", + "frame.time_relative": "1140.423740000", + "frame.number": "4123", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000206f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000097f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54627", + "tcp.port": "80", + "tcp.port": "54627", + "tcp.stream": "161", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006ca6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003871000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.884799000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.884799000", + "frame.time_delta": "0.000373000", + "frame.time_delta_displayed": "0.000373000", + "frame.time_relative": "1140.424113000", + "frame.number": "4124", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00002070", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009420", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54627", + "tcp.port": "80", + "tcp.port": "54627", + "tcp.stream": "161", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bf0f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003871000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "4123", + "tcp.segment": "4124", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001486000", + "http.request_in": "4121", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.889621000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.889621000", + "frame.time_delta": "0.004822000", + "frame.time_delta_displayed": "0.004822000", + "frame.time_relative": "1140.428935000", + "frame.number": "4125", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a84", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005def", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54627", + "tcp.dstport": "80", + "tcp.port": "54627", + "tcp.port": "80", + "tcp.stream": "161", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000365c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4124", + "tcp.analysis.ack_rtt": "0.004822000", + "tcp.analysis.initial_rtt": "0.003871000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.890301000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.890301000", + "frame.time_delta": "0.000680000", + "frame.time_delta_displayed": "0.000680000", + "frame.time_relative": "1140.429615000", + "frame.number": "4126", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a85", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54627", + "tcp.dstport": "80", + "tcp.port": "54627", + "tcp.port": "80", + "tcp.stream": "161", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000365b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.890756000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.890756000", + "frame.time_delta": "0.000455000", + "frame.time_delta_displayed": "0.000455000", + "frame.time_relative": "1140.430070000", + "frame.number": "4127", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008ae1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002d92", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54627", + "tcp.port": "80", + "tcp.port": "54627", + "tcp.stream": "161", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000288f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4126", + "tcp.analysis.ack_rtt": "0.000455000", + "tcp.analysis.initial_rtt": "0.003871000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.927971000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.927971000", + "frame.time_delta": "0.037215000", + "frame.time_delta_displayed": "0.037215000", + "frame.time_relative": "1140.467285000", + "frame.number": "4128", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000c4e7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f25a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "59", + "http.prev_response_in": "4117" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.939921000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.939921000", + "frame.time_delta": "0.011950000", + "frame.time_delta_displayed": "0.011950000", + "frame.time_relative": "1140.479235000", + "frame.number": "4129", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001a86", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005de1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54628", + "tcp.dstport": "80", + "tcp.port": "54628", + "tcp.port": "80", + "tcp.stream": "162", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000029bc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.940461000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.940461000", + "frame.time_delta": "0.000540000", + "frame.time_delta_displayed": "0.000540000", + "frame.time_relative": "1140.479775000", + "frame.number": "4130", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54628", + "tcp.port": "80", + "tcp.port": "54628", + "tcp.stream": "162", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00009c08", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4129", + "tcp.analysis.ack_rtt": "0.000540000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.943534000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.943534000", + "frame.time_delta": "0.003073000", + "frame.time_delta_displayed": "0.003073000", + "frame.time_relative": "1140.482848000", + "frame.number": "4131", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a87", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54628", + "tcp.dstport": "80", + "tcp.port": "54628", + "tcp.port": "80", + "tcp.stream": "162", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004de7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4130", + "tcp.analysis.ack_rtt": "0.003073000", + "tcp.analysis.initial_rtt": "0.003613000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.944110000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.944110000", + "frame.time_delta": "0.000576000", + "frame.time_delta_displayed": "0.000576000", + "frame.time_relative": "1140.483424000", + "frame.number": "4132", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001a88", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d44", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54628", + "tcp.dstport": "80", + "tcp.port": "54628", + "tcp.port": "80", + "tcp.stream": "162", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006360", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003613000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.944588000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.944588000", + "frame.time_delta": "0.000478000", + "frame.time_delta_displayed": "0.000478000", + "frame.time_relative": "1140.483902000", + "frame.number": "4133", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000354b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008328", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54628", + "tcp.port": "80", + "tcp.port": "54628", + "tcp.stream": "162", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003f78", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4132", + "tcp.analysis.ack_rtt": "0.000478000", + "tcp.analysis.initial_rtt": "0.003613000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.945249000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.945249000", + "frame.time_delta": "0.000661000", + "frame.time_delta_displayed": "0.000661000", + "frame.time_relative": "1140.484563000", + "frame.number": "4134", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000354c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008316", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54628", + "tcp.port": "80", + "tcp.port": "54628", + "tcp.stream": "162", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007f99", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003613000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.945605000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.945605000", + "frame.time_delta": "0.000356000", + "frame.time_delta_displayed": "0.000356000", + "frame.time_relative": "1140.484919000", + "frame.number": "4135", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000354d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007f43", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54628", + "tcp.port": "80", + "tcp.port": "54628", + "tcp.stream": "162", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d202", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003613000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "4134", + "tcp.segment": "4135", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001495000", + "http.request_in": "4132", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.947928000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.947928000", + "frame.time_delta": "0.002323000", + "frame.time_delta_displayed": "0.002323000", + "frame.time_relative": "1140.487242000", + "frame.number": "4136", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a89", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54628", + "tcp.dstport": "80", + "tcp.port": "54628", + "tcp.port": "80", + "tcp.stream": "162", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000494f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4135", + "tcp.analysis.ack_rtt": "0.002323000", + "tcp.analysis.initial_rtt": "0.003613000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.949355000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.949355000", + "frame.time_delta": "0.001427000", + "frame.time_delta_displayed": "0.001427000", + "frame.time_relative": "1140.488669000", + "frame.number": "4137", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a8a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005de9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54628", + "tcp.dstport": "80", + "tcp.port": "54628", + "tcp.port": "80", + "tcp.stream": "162", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000494e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.949816000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.949816000", + "frame.time_delta": "0.000461000", + "frame.time_delta_displayed": "0.000461000", + "frame.time_relative": "1140.489130000", + "frame.number": "4138", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008ae5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002d8e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54628", + "tcp.port": "80", + "tcp.port": "54628", + "tcp.stream": "162", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003b82", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4137", + "tcp.analysis.ack_rtt": "0.000461000", + "tcp.analysis.initial_rtt": "0.003613000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.980952000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.980952000", + "frame.time_delta": "0.031136000", + "frame.time_delta_displayed": "0.031136000", + "frame.time_relative": "1140.520266000", + "frame.number": "4139", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000c4ed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f25a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "60", + "http.prev_response_in": "4128" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.984525000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.984525000", + "frame.time_delta": "0.003573000", + "frame.time_delta_displayed": "0.003573000", + "frame.time_relative": "1140.523839000", + "frame.number": "4140", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001a8b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ddc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54629", + "tcp.dstport": "80", + "tcp.port": "54629", + "tcp.port": "80", + "tcp.stream": "163", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000115c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.985052000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.985052000", + "frame.time_delta": "0.000527000", + "frame.time_delta_displayed": "0.000527000", + "frame.time_relative": "1140.524366000", + "frame.number": "4141", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54629", + "tcp.port": "80", + "tcp.port": "54629", + "tcp.stream": "163", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000970a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4140", + "tcp.analysis.ack_rtt": "0.000527000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.988642000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.988642000", + "frame.time_delta": "0.003590000", + "frame.time_delta_displayed": "0.003590000", + "frame.time_relative": "1140.527956000", + "frame.number": "4142", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a8c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005de7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54629", + "tcp.dstport": "80", + "tcp.port": "54629", + "tcp.port": "80", + "tcp.stream": "163", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000048e9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4141", + "tcp.analysis.ack_rtt": "0.003590000", + "tcp.analysis.initial_rtt": "0.004117000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.989333000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.989333000", + "frame.time_delta": "0.000691000", + "frame.time_delta_displayed": "0.000691000", + "frame.time_relative": "1140.528647000", + "frame.number": "4143", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001a8d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d3f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54629", + "tcp.dstport": "80", + "tcp.port": "54629", + "tcp.port": "80", + "tcp.stream": "163", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005e62", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004117000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.989827000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.989827000", + "frame.time_delta": "0.000494000", + "frame.time_delta_displayed": "0.000494000", + "frame.time_relative": "1140.529141000", + "frame.number": "4144", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fd73", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000baff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54629", + "tcp.port": "80", + "tcp.port": "54629", + "tcp.stream": "163", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003a7a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4143", + "tcp.analysis.ack_rtt": "0.000494000", + "tcp.analysis.initial_rtt": "0.004117000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.990399000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.990399000", + "frame.time_delta": "0.000572000", + "frame.time_delta_displayed": "0.000572000", + "frame.time_relative": "1140.529713000", + "frame.number": "4145", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000fd74", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000baed", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54629", + "tcp.port": "80", + "tcp.port": "54629", + "tcp.stream": "163", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007a9b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004117000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.990754000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.990754000", + "frame.time_delta": "0.000355000", + "frame.time_delta_displayed": "0.000355000", + "frame.time_relative": "1140.530068000", + "frame.number": "4146", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000fd75", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b71a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54629", + "tcp.port": "80", + "tcp.port": "54629", + "tcp.stream": "163", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000cd04", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004117000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "4145", + "tcp.segment": "4146", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001421000", + "http.request_in": "4143", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.993077000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.993077000", + "frame.time_delta": "0.002323000", + "frame.time_delta_displayed": "0.002323000", + "frame.time_relative": "1140.532391000", + "frame.number": "4147", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a8e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005de5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54629", + "tcp.dstport": "80", + "tcp.port": "54629", + "tcp.port": "80", + "tcp.stream": "163", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004451", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4146", + "tcp.analysis.ack_rtt": "0.002323000", + "tcp.analysis.initial_rtt": "0.004117000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.993775000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.993775000", + "frame.time_delta": "0.000698000", + "frame.time_delta_displayed": "0.000698000", + "frame.time_relative": "1140.533089000", + "frame.number": "4148", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001a8f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005de4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54629", + "tcp.dstport": "80", + "tcp.port": "54629", + "tcp.port": "80", + "tcp.stream": "163", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004450", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:31.994232000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494731.994232000", + "frame.time_delta": "0.000457000", + "frame.time_delta_displayed": "0.000457000", + "frame.time_relative": "1140.533546000", + "frame.number": "4149", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008ae9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002d8a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54629", + "tcp.port": "80", + "tcp.port": "54629", + "tcp.stream": "163", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003684", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4148", + "tcp.analysis.ack_rtt": "0.000457000", + "tcp.analysis.initial_rtt": "0.004117000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:32.630406000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494732.630406000", + "frame.time_delta": "0.636174000", + "frame.time_delta_displayed": "0.636174000", + "frame.time_relative": "1141.169720000", + "frame.number": "4150", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ded", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba03", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001082", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000275", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=629", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:32.630756000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494732.630756000", + "frame.time_delta": "0.000350000", + "frame.time_delta_displayed": "0.000350000", + "frame.time_relative": "1141.170070000", + "frame.number": "4151", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001dee", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009afe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f17d", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000275", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=629", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:32.631218000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494732.631218000", + "frame.time_delta": "0.000462000", + "frame.time_delta_displayed": "0.000462000", + "frame.time_relative": "1141.170532000", + "frame.number": "4152", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007f43", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000275", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=629", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:33.712544000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494733.712544000", + "frame.time_delta": "1.081326000", + "frame.time_delta_displayed": "1.081326000", + "frame.time_relative": "1142.251858000", + "frame.number": "4153", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x0000960f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000773f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "56768", + "tcp.nxtseq": "56817", + "tcp.ack": "12485", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002013", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:6f:21:a7:9f:38:86", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2518817, TSecr 2812229766": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2518817", + "tcp.options.timestamp.tsecr": "2812229766" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:c8:68:e8:dd:bc:9c:ca:c7:d8:ce:68:30:af:13:02:08:86:5b:59:16:a6:af:d3:55:c7:9c:23:bf:bc:4f:d4:04:21:e1:2d:34:80" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:33.773245000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494733.773245000", + "frame.time_delta": "0.060701000", + "frame.time_delta_displayed": "0.060701000", + "frame.time_relative": "1142.312559000", + "frame.number": "4154", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002d13", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003835", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "12485", + "tcp.nxtseq": "12540", + "tcp.ack": "56817", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005fb2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9f:56:df:00:26:6f:21", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812237535, TSecr 2518817": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812237535", + "tcp.options.timestamp.tsecr": "2518817" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4153", + "tcp.analysis.ack_rtt": "0.060701000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:86:74:b2:b3:be:57:e7:ef:81:46:f9:20:d5:5c:d0:80:a7:ae:22:1e:97:83:90:9e:a1:e2:ea:09:c9:61:a7:59:34:34:aa:74:3d:8d:25:72:10:2d:bb" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:33.773733000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494733.773733000", + "frame.time_delta": "0.000488000", + "frame.time_delta_displayed": "0.000488000", + "frame.time_relative": "1142.313047000", + "frame.number": "4155", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009610", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000776f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "56817", + "tcp.ack": "12540", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d2a8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:6f:27:a7:9f:56:df", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2518823, TSecr 2812237535": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2518823", + "tcp.options.timestamp.tsecr": "2812237535" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4154", + "tcp.analysis.ack_rtt": "0.000488000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:34.899695000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494734.899695000", + "frame.time_delta": "1.125962000", + "frame.time_delta_displayed": "1.125962000", + "frame.time_relative": "1143.439009000", + "frame.number": "4156", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057fd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a694", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "361", + "tcp.ack": "325", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000413", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:35.042897000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494735.042897000", + "frame.time_delta": "0.143202000", + "frame.time_delta_displayed": "0.143202000", + "frame.time_relative": "1143.582211000", + "frame.number": "4157", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fe9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fda8", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "325", + "tcp.ack": "362", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000e88", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:36.583898000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494736.583898000", + "frame.time_delta": "1.541001000", + "frame.time_delta_displayed": "1.541001000", + "frame.time_relative": "1145.123212000", + "frame.number": "4158", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005d00", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005ae9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:36.681695000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494736.681695000", + "frame.time_delta": "0.097797000", + "frame.time_delta_displayed": "0.097797000", + "frame.time_relative": "1145.221009000", + "frame.number": "4159", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020fc", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e718", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56551", + "udp.dstport": "1900", + "udp.port": "56551", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00006d76", + "udp.checksum.status": "2", + "udp.stream": "101" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:37.356394000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494737.356394000", + "frame.time_delta": "0.674699000", + "frame.time_delta_displayed": "0.674699000", + "frame.time_relative": "1145.895708000", + "frame.number": "4160", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000c702", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f048", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "305", + "udp.checksum": "0x0000e833", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:37.409252000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494737.409252000", + "frame.time_delta": "0.052858000", + "frame.time_delta_displayed": "0.052858000", + "frame.time_relative": "1145.948566000", + "frame.number": "4161", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000c706", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f03b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "314", + "udp.checksum": "0x0000f61e", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "4160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:37.462434000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494737.462434000", + "frame.time_delta": "0.053182000", + "frame.time_delta_displayed": "0.053182000", + "frame.time_relative": "1146.001748000", + "frame.number": "4162", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000c70c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f03b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "308", + "udp.checksum": "0x000019a9", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "4161" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:37.630313000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494737.630313000", + "frame.time_delta": "0.167879000", + "frame.time_delta_displayed": "0.167879000", + "frame.time_relative": "1146.169627000", + "frame.number": "4163", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001def", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000ba01", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001082", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000275", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=629", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:37.630849000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494737.630849000", + "frame.time_delta": "0.000536000", + "frame.time_delta_displayed": "0.000536000", + "frame.time_relative": "1146.170163000", + "frame.number": "4164", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001df0", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009afc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f17d", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000275", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=629", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:37.631454000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494737.631454000", + "frame.time_delta": "0.000605000", + "frame.time_delta_displayed": "0.000605000", + "frame.time_relative": "1146.170768000", + "frame.number": "4165", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007f43", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000275", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=629", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:37.667425000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494737.667425000", + "frame.time_delta": "0.035971000", + "frame.time_delta_displayed": "0.035971000", + "frame.time_relative": "1146.206739000", + "frame.number": "4166", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:37.682197000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494737.682197000", + "frame.time_delta": "0.014772000", + "frame.time_delta_displayed": "0.014772000", + "frame.time_relative": "1146.221511000", + "frame.number": "4167", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020fd", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e717", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56551", + "udp.dstport": "1900", + "udp.port": "56551", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00006d76", + "udp.checksum.status": "2", + "udp.stream": "101" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "4159" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:37.927377000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494737.927377000", + "frame.time_delta": "0.245180000", + "frame.time_delta_displayed": "0.245180000", + "frame.time_relative": "1146.466691000", + "frame.number": "4168", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:37.951526000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494737.951526000", + "frame.time_delta": "0.024149000", + "frame.time_delta_displayed": "0.024149000", + "frame.time_relative": "1146.490840000", + "frame.number": "4169", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:37.981140000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494737.981140000", + "frame.time_delta": "0.029614000", + "frame.time_delta_displayed": "0.029614000", + "frame.time_relative": "1146.520454000", + "frame.number": "4170", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:38.057086000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494738.057086000", + "frame.time_delta": "0.075946000", + "frame.time_delta_displayed": "0.075946000", + "frame.time_relative": "1146.596400000", + "frame.number": "4171", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:38.409156000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494738.409156000", + "frame.time_delta": "0.352070000", + "frame.time_delta_displayed": "0.352070000", + "frame.time_relative": "1146.948470000", + "frame.number": "4172", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000c735", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f015", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "305", + "udp.checksum": "0x0000e833", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "4162" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:38.461906000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494738.461906000", + "frame.time_delta": "0.052750000", + "frame.time_delta_displayed": "0.052750000", + "frame.time_relative": "1147.001220000", + "frame.number": "4173", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000c73a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f007", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "314", + "udp.checksum": "0x0000f61e", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "4172" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:38.514971000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494738.514971000", + "frame.time_delta": "0.053065000", + "frame.time_delta_displayed": "0.053065000", + "frame.time_relative": "1147.054285000", + "frame.number": "4174", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000c73c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f00b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "308", + "udp.checksum": "0x000019a9", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "4173" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:38.682273000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494738.682273000", + "frame.time_delta": "0.167302000", + "frame.time_delta_displayed": "0.167302000", + "frame.time_relative": "1147.221587000", + "frame.number": "4175", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020fe", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e716", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56551", + "udp.dstport": "1900", + "udp.port": "56551", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00006d76", + "udp.checksum.status": "2", + "udp.stream": "101" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "4167" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:38.768520000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494738.768520000", + "frame.time_delta": "0.086247000", + "frame.time_delta_displayed": "0.086247000", + "frame.time_relative": "1147.307834000", + "frame.number": "4176", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00002175", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000b7e4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:38.780194000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494738.780194000", + "frame.time_delta": "0.011674000", + "frame.time_delta_displayed": "0.011674000", + "frame.time_relative": "1147.319508000", + "frame.number": "4177", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:38.780642000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494738.780642000", + "frame.time_delta": "0.000448000", + "frame.time_delta_displayed": "0.000448000", + "frame.time_relative": "1147.319956000", + "frame.number": "4178", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:39.041483000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494739.041483000", + "frame.time_delta": "0.260841000", + "frame.time_delta_displayed": "0.260841000", + "frame.time_relative": "1147.580797000", + "frame.number": "4179", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000c752", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000eff8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "305", + "udp.checksum": "0x0000e833", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "4174" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:39.094255000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494739.094255000", + "frame.time_delta": "0.052772000", + "frame.time_delta_displayed": "0.052772000", + "frame.time_relative": "1147.633569000", + "frame.number": "4180", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000c756", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000efeb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "314", + "udp.checksum": "0x0000f61e", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "4179" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:39.147083000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494739.147083000", + "frame.time_delta": "0.052828000", + "frame.time_delta_displayed": "0.052828000", + "frame.time_relative": "1147.686397000", + "frame.number": "4181", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000c75b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000efec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "308", + "udp.checksum": "0x000019a9", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "4180" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:39.683542000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494739.683542000", + "frame.time_delta": "0.536459000", + "frame.time_delta_displayed": "0.536459000", + "frame.time_relative": "1148.222856000", + "frame.number": "4182", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x000020ff", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e715", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56551", + "udp.dstport": "1900", + "udp.port": "56551", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00006d76", + "udp.checksum.status": "2", + "udp.stream": "101" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "4175" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:40.050192000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494740.050192000", + "frame.time_delta": "0.366650000", + "frame.time_delta_displayed": "0.366650000", + "frame.time_relative": "1148.589506000", + "frame.number": "4183", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:40.050590000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494740.050590000", + "frame.time_delta": "0.000398000", + "frame.time_delta_displayed": "0.000398000", + "frame.time_relative": "1148.589904000", + "frame.number": "4184", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:40.094030000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494740.094030000", + "frame.time_delta": "0.043440000", + "frame.time_delta_displayed": "0.043440000", + "frame.time_relative": "1148.633344000", + "frame.number": "4185", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000c78f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000efbb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "305", + "udp.checksum": "0x0000e833", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "4181" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:40.146801000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494740.146801000", + "frame.time_delta": "0.052771000", + "frame.time_delta_displayed": "0.052771000", + "frame.time_relative": "1148.686115000", + "frame.number": "4186", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000c794", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000efad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "314", + "udp.checksum": "0x0000f61e", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "4185" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:40.199600000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494740.199600000", + "frame.time_delta": "0.052799000", + "frame.time_delta_displayed": "0.052799000", + "frame.time_relative": "1148.738914000", + "frame.number": "4187", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000c799", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000efae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "308", + "udp.checksum": "0x000019a9", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "4186" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:40.409736000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494740.409736000", + "frame.time_delta": "0.210136000", + "frame.time_delta_displayed": "0.210136000", + "frame.time_relative": "1148.949050000", + "frame.number": "4188", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000c7ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ef9e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "305", + "udp.checksum": "0x0000e833", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "4187" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:40.462528000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494740.462528000", + "frame.time_delta": "0.052792000", + "frame.time_delta_displayed": "0.052792000", + "frame.time_relative": "1149.001842000", + "frame.number": "4189", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000c7b1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ef90", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "314", + "udp.checksum": "0x0000f61e", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "4188" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:40.515344000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494740.515344000", + "frame.time_delta": "0.052816000", + "frame.time_delta_displayed": "0.052816000", + "frame.time_relative": "1149.054658000", + "frame.number": "4190", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000c7b6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ef91", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "308", + "udp.checksum": "0x000019a9", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "4189" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:41.462266000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494741.462266000", + "frame.time_delta": "0.946922000", + "frame.time_delta_displayed": "0.946922000", + "frame.time_relative": "1150.001580000", + "frame.number": "4191", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000c7d6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ef74", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "305", + "udp.checksum": "0x0000e833", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "4190" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:41.515113000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494741.515113000", + "frame.time_delta": "0.052847000", + "frame.time_delta_displayed": "0.052847000", + "frame.time_relative": "1150.054427000", + "frame.number": "4192", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000c7d7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ef6a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "314", + "udp.checksum": "0x0000f61e", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "4191" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:41.567916000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494741.567916000", + "frame.time_delta": "0.052803000", + "frame.time_delta_displayed": "0.052803000", + "frame.time_relative": "1150.107230000", + "frame.number": "4193", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000c7dc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ef6b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "308", + "udp.checksum": "0x000019a9", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "4192" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:42.147007000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494742.147007000", + "frame.time_delta": "0.579091000", + "frame.time_delta_displayed": "0.579091000", + "frame.time_relative": "1150.686321000", + "frame.number": "4194", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000c802", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ef48", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "305", + "udp.checksum": "0x0000e833", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "4193" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:42.199911000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494742.199911000", + "frame.time_delta": "0.052904000", + "frame.time_delta_displayed": "0.052904000", + "frame.time_relative": "1150.739225000", + "frame.number": "4195", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000c808", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ef39", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "314", + "udp.checksum": "0x0000f61e", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "4194" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:42.252195000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494742.252195000", + "frame.time_delta": "0.052284000", + "frame.time_delta_displayed": "0.052284000", + "frame.time_relative": "1150.791509000", + "frame.number": "4196", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000c80b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ef3c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "308", + "udp.checksum": "0x000019a9", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "4195" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:43.184488000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494743.184488000", + "frame.time_delta": "0.932293000", + "frame.time_delta_displayed": "0.932293000", + "frame.time_relative": "1151.723802000", + "frame.number": "4197", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:43.198658000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494743.198658000", + "frame.time_delta": "0.014170000", + "frame.time_delta_displayed": "0.014170000", + "frame.time_relative": "1151.737972000", + "frame.number": "4198", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000c810", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ef3a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "305", + "udp.checksum": "0x0000e833", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "4196" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:43.251434000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494743.251434000", + "frame.time_delta": "0.052776000", + "frame.time_delta_displayed": "0.052776000", + "frame.time_relative": "1151.790748000", + "frame.number": "4199", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000c812", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ef2f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "314", + "udp.checksum": "0x0000f61e", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "4198" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:43.304218000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494743.304218000", + "frame.time_delta": "0.052784000", + "frame.time_delta_displayed": "0.052784000", + "frame.time_relative": "1151.843532000", + "frame.number": "4200", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000c815", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ef32", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56551", + "udp.port": "1900", + "udp.port": "56551", + "udp.length": "308", + "udp.checksum": "0x000019a9", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "4199" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:47.631203000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494747.631203000", + "frame.time_delta": "4.326985000", + "frame.time_delta_displayed": "4.326985000", + "frame.time_relative": "1156.170517000", + "frame.number": "4201", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001df1", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b9ff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001980", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000276", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=630", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:47.631545000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494747.631545000", + "frame.time_delta": "0.000342000", + "frame.time_delta_displayed": "0.000342000", + "frame.time_relative": "1156.170859000", + "frame.number": "4202", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001df2", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009afa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000fa7b", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000276", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=630", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:47.632492000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494747.632492000", + "frame.time_delta": "0.000947000", + "frame.time_delta_displayed": "0.000947000", + "frame.time_relative": "1156.171806000", + "frame.number": "4203", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008841", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000276", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=630", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:49.466062000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494749.466062000", + "frame.time_delta": "1.833570000", + "frame.time_delta_displayed": "1.833570000", + "frame.time_relative": "1158.005376000", + "frame.number": "4204", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x00009611", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000760e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "56817", + "tcp.nxtseq": "57169", + "tcp.ack": "12540", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008a52", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:75:48:a7:9f:56:df", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2520392, TSecr 2812237535": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2520392", + "tcp.options.timestamp.tsecr": "2812237535" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "352", + "tcp.analysis.push_bytes_sent": "352" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "347", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:c9:9e:60:5c:03:14:a2:e2:58:e2:57:71:91:69:ff:cb:b6:86:20:35:f5:4f:5c:1e:f6:44:1e:c4:2d:59:11:74:2b:b3:f1:74:0e:4d:a1:45:cb:ac:44:6a:8c:dc:d0:cb:50:36:c3:d3:e8:fd:26:fb:f9:59:06:fc:76:e6:0b:76:e5:29:8a:56:1e:e2:a4:e0:db:5d:94:1a:f3:27:e4:f5:ad:d1:da:90:0a:e8:18:29:ab:f2:62:49:78:39:d8:56:2a:26:ca:84:2e:6d:50:f8:da:67:7c:86:17:5b:e4:66:81:c3:45:c1:05:0a:bd:b3:2b:58:87:1b:8c:54:b4:f1:97:f2:4a:7d:7f:5b:51:8e:2c:d2:08:1e:74:d1:56:80:aa:9f:17:ae:f1:d1:0f:ef:3a:64:8b:d2:20:2e:f2:9e:67:35:a7:f5:4d:42:34:b5:8f:fa:69:ff:86:e2:9f:64:5d:72:0a:cf:fe:24:99:a5:fa:92:a5:85:a9:ab:10:c9:17:3b:a1:7e:9f:55:7d:e9:36:ff:47:c4:29:57:94:b0:97:c6:5c:39:78:52:cd:1b:ea:b7:74:2e:f1:8b:c0:a8:4c:41:0a:9d:15:eb:ab:4a:da:96:47:5a:a3:0d:51:18:93:ba:cc:d9:b7:36:d3:6f:66:54:63:d1:9f:a7:c6:78:45:95:f8:49:e7:08:48:c4:5e:63:e7:51:46:b2:bf:74:24:f1:a0:68:5a:8e:40:d6:48:37:e7:37:b7:2b:84:f5:a9:be:49:8f:64:33:f9:32:4d:38:26:6a:22:e0:79:e8:80:2b:75:0e:16:92:41:10:78:c6:64:44:2f:76:84:d7:ff:d9:2d:1e:54:b6:76:1a:85:ab:aa:e9:64:3c:cc:0a:75:d4:3f:df" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:49.526981000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494749.526981000", + "frame.time_delta": "0.060919000", + "frame.time_delta_displayed": "0.060919000", + "frame.time_relative": "1158.066295000", + "frame.number": "4205", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d14", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000383c", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "12540", + "tcp.nxtseq": "12587", + "tcp.ack": "57169", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d701", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9f:66:42:00:26:75:48", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812241474, TSecr 2520392": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812241474", + "tcp.options.timestamp.tsecr": "2520392" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4204", + "tcp.analysis.ack_rtt": "0.060919000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:87:1e:f8:82:45:46:3c:43:3d:76:da:a2:a2:c7:ea:23:c7:2c:29:72:c7:20:b5:a7:65:02:56:3f:1b:f6:9b:09:f0:df:fe" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:49.527414000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494749.527414000", + "frame.time_delta": "0.000433000", + "frame.time_delta_displayed": "0.000433000", + "frame.time_relative": "1158.066728000", + "frame.number": "4206", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009612", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000776d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "57169", + "tcp.ack": "12587", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bb8f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:75:4e:a7:9f:66:42", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2520398, TSecr 2812241474": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2520398", + "tcp.options.timestamp.tsecr": "2812241474" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4205", + "tcp.analysis.ack_rtt": "0.000433000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:52.635150000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494752.635150000", + "frame.time_delta": "3.107736000", + "frame.time_delta_displayed": "3.107736000", + "frame.time_relative": "1161.174464000", + "frame.number": "4207", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001df6", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b9fa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001980", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000276", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=630", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:52.635938000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494752.635938000", + "frame.time_delta": "0.000788000", + "frame.time_delta_displayed": "0.000788000", + "frame.time_relative": "1161.175252000", + "frame.number": "4208", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001df7", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009af5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000fa7b", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000276", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=630", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:52.636824000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494752.636824000", + "frame.time_delta": "0.000886000", + "frame.time_delta_displayed": "0.000886000", + "frame.time_relative": "1161.176138000", + "frame.number": "4209", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008841", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000276", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=630", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:53.640338000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494753.640338000", + "frame.time_delta": "1.003514000", + "frame.time_delta_displayed": "1.003514000", + "frame.time_relative": "1162.179652000", + "frame.number": "4210", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000d2a8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000f6ae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:53.657795000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494753.657795000", + "frame.time_delta": "0.017457000", + "frame.time_delta_displayed": "0.017457000", + "frame.time_relative": "1162.197109000", + "frame.number": "4211", + "frame.len": "213", + "frame.cap_len": "213", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "199", + "ip.id": "0x00009613", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076d9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "147", + "tcp.seq": "57169", + "tcp.nxtseq": "57316", + "tcp.ack": "12587", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c421", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:76:eb:a7:9f:66:42", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2520811, TSecr 2812241474": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2520811", + "tcp.options.timestamp.tsecr": "2812241474" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "147", + "tcp.analysis.push_bytes_sent": "147" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "142", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:ca:b8:d9:f6:07:7b:16:98:77:99:92:8d:56:5f:5d:73:5f:61:23:2f:59:0e:46:88:d7:b4:84:f8:fe:f2:7b:67:25:28:84:50:62:8f:4f:21:ab:58:5b:6d:32:61:a7:40:8f:03:b5:72:36:79:fe:e5:13:e7:e1:1e:54:b7:19:33:56:00:9a:e1:b3:44:7f:4c:2d:b2:17:38:e1:41:e3:fb:e7:3f:70:7a:09:83:68:43:4c:ba:11:a1:b5:73:23:08:13:59:ca:47:70:6e:36:4b:cb:a4:5f:ad:d2:4f:1f:77:1d:53:4d:30:b0:20:0b:3d:a0:26:e8:56:c2:9d:ef:dc:8b:2f:ef:55:2c:0d:28" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:53.693053000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494753.693053000", + "frame.time_delta": "0.035258000", + "frame.time_delta_displayed": "0.035258000", + "frame.time_relative": "1162.232367000", + "frame.number": "4212", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000d2ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000f6a9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:53.746266000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494753.746266000", + "frame.time_delta": "0.053213000", + "frame.time_delta_displayed": "0.053213000", + "frame.time_relative": "1162.285580000", + "frame.number": "4213", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000d2b2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000f69b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:53.754454000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494753.754454000", + "frame.time_delta": "0.008188000", + "frame.time_delta_displayed": "0.008188000", + "frame.time_relative": "1162.293768000", + "frame.number": "4214", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d15", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000386a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "12587", + "tcp.ack": "57316", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b62d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9f:6a:63:00:26:76:eb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812242531, TSecr 2520811": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812242531", + "tcp.options.timestamp.tsecr": "2520811" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4211", + "tcp.analysis.ack_rtt": "0.096659000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:53.764794000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494753.764794000", + "frame.time_delta": "0.010340000", + "frame.time_delta_displayed": "0.010340000", + "frame.time_relative": "1162.304108000", + "frame.number": "4215", + "frame.len": "196", + "frame.cap_len": "196", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "182", + "ip.id": "0x00009614", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076e9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "130", + "tcp.seq": "57316", + "tcp.nxtseq": "57446", + "tcp.ack": "12587", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000001d9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:76:f6:a7:9f:6a:63", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2520822, TSecr 2812242531": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2520822", + "tcp.options.timestamp.tsecr": "2812242531" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "130", + "tcp.analysis.push_bytes_sent": "130" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "125", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:cb:52:a6:f4:7e:a3:82:e1:56:ac:8e:c5:90:8e:da:af:72:36:82:f9:b7:b0:42:39:8b:79:30:5a:28:7c:68:85:3e:7e:4d:35:7f:33:1f:ac:2f:96:19:8e:cf:7f:29:23:a3:b4:de:22:de:14:6a:54:24:13:a3:ea:b4:32:bb:69:ce:f8:dc:9b:96:09:c7:f1:82:aa:d6:28:11:70:e2:fe:8e:c4:b2:f5:58:8d:32:5a:dd:70:9e:3e:c8:ad:72:0a:00:82:a7:d3:e1:20:8b:51:7c:89:3a:a3:12:82:a6:85:8c:fa:f0:85:14:b6" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:53.799104000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494753.799104000", + "frame.time_delta": "0.034310000", + "frame.time_delta_displayed": "0.034310000", + "frame.time_relative": "1162.338418000", + "frame.number": "4216", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000d2b7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000f696", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:53.824943000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494753.824943000", + "frame.time_delta": "0.025839000", + "frame.time_delta_displayed": "0.025839000", + "frame.time_relative": "1162.364257000", + "frame.number": "4217", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d16", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003869", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "12587", + "tcp.ack": "57446", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b58f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9f:6a:74:00:26:76:f6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812242548, TSecr 2520822": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812242548", + "tcp.options.timestamp.tsecr": "2520822" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4215", + "tcp.analysis.ack_rtt": "0.060149000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:53.852063000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494753.852063000", + "frame.time_delta": "0.027120000", + "frame.time_delta_displayed": "0.027120000", + "frame.time_relative": "1162.391377000", + "frame.number": "4218", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000d2b9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000f69a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:53.905027000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494753.905027000", + "frame.time_delta": "0.052964000", + "frame.time_delta_displayed": "0.052964000", + "frame.time_relative": "1162.444341000", + "frame.number": "4219", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000d2bb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000f698", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:57.631418000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494757.631418000", + "frame.time_delta": "3.726391000", + "frame.time_delta_displayed": "3.726391000", + "frame.time_relative": "1166.170732000", + "frame.number": "4220", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001df8", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b9f8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001980", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000276", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=630", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:57.631941000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494757.631941000", + "frame.time_delta": "0.000523000", + "frame.time_delta_displayed": "0.000523000", + "frame.time_relative": "1166.171255000", + "frame.number": "4221", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001df9", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009af3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000fa7b", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000276", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=630", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:57.632553000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494757.632553000", + "frame.time_delta": "0.000612000", + "frame.time_delta_displayed": "0.000612000", + "frame.time_relative": "1166.171867000", + "frame.number": "4222", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008841", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000276", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=630", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:05:58.814693000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494758.814693000", + "frame.time_delta": "1.182140000", + "frame.time_delta_displayed": "1.182140000", + "frame.time_relative": "1167.354007000", + "frame.number": "4223", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x000033f8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000a561", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:04.195429000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494764.195429000", + "frame.time_delta": "5.380736000", + "frame.time_delta_displayed": "5.380736000", + "frame.time_relative": "1172.734743000", + "frame.number": "4224", + "frame.len": "94", + "frame.cap_len": "94", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "80", + "ip.id": "0x000057fe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a66b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "40", + "tcp.seq": "362", + "tcp.nxtseq": "402", + "tcp.ack": "325", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000038a6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "40", + "tcp.analysis.push_bytes_sent": "40" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "35", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:e5:5b:cd:c4:d5:f7:f0:e5:de:32:2e:35:6a:e2:dc:bf:48:78:71:4c:8b:4c:96:ae:51:7e:88:69" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:04.339162000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494764.339162000", + "frame.time_delta": "0.143733000", + "frame.time_delta_displayed": "0.143733000", + "frame.time_relative": "1172.878476000", + "frame.number": "4225", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00000fea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd83", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "36", + "tcp.seq": "325", + "tcp.nxtseq": "361", + "tcp.ack": "402", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fb8b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4224", + "tcp.analysis.ack_rtt": "0.143733000", + "tcp.analysis.bytes_in_flight": "36", + "tcp.analysis.push_bytes_sent": "36" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "31", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:6b:52:90:30:78:58:d0:87:55:b5:9b:63:e6:4c:d7:02:8c:6c:80:1e:6a:f1:b0:76" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:04.339705000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494764.339705000", + "frame.time_delta": "0.000543000", + "frame.time_delta_displayed": "0.000543000", + "frame.time_relative": "1172.879019000", + "frame.number": "4226", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057ff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a692", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "402", + "tcp.ack": "361", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000003c6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4225", + "tcp.analysis.ack_rtt": "0.000543000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:06.586567000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494766.586567000", + "frame.time_delta": "2.246862000", + "frame.time_delta_displayed": "2.246862000", + "frame.time_relative": "1175.125881000", + "frame.number": "4227", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005d07", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005ae2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:07.631983000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494767.631983000", + "frame.time_delta": "1.045416000", + "frame.time_delta_displayed": "1.045416000", + "frame.time_relative": "1176.171297000", + "frame.number": "4228", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001dfa", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b9f6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000187f", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000277", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=631", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:07.632497000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494767.632497000", + "frame.time_delta": "0.000514000", + "frame.time_delta_displayed": "0.000514000", + "frame.time_relative": "1176.171811000", + "frame.number": "4229", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001dfb", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009af1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f97a", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000277", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=631", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:07.633206000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494767.633206000", + "frame.time_delta": "0.000709000", + "frame.time_delta_displayed": "0.000709000", + "frame.time_relative": "1176.172520000", + "frame.number": "4230", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008740", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000277", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=631", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:09.340425000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494769.340425000", + "frame.time_delta": "1.707219000", + "frame.time_delta_displayed": "1.707219000", + "frame.time_relative": "1177.879739000", + "frame.number": "4231", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:09.340822000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494769.340822000", + "frame.time_delta": "0.000397000", + "frame.time_delta_displayed": "0.000397000", + "frame.time_relative": "1177.880136000", + "frame.number": "4232", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:09.815620000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494769.815620000", + "frame.time_delta": "0.474798000", + "frame.time_delta_displayed": "0.474798000", + "frame.time_relative": "1178.354934000", + "frame.number": "4233", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x0000100a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000a857", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "45267", + "udp.dstport": "53", + "udp.port": "45267", + "udp.port": "53", + "udp.length": "52", + "udp.checksum": "0x000061fb", + "udp.checksum.status": "2", + "udp.stream": "103" + }, + "dns": { + "dns.id": "0x000003cd", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type A, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:09.815635000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494769.815635000", + "frame.time_delta": "0.000015000", + "frame.time_delta_displayed": "0.000015000", + "frame.time_relative": "1178.354949000", + "frame.number": "4234", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x0000100b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000a856", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "45267", + "udp.dstport": "53", + "udp.port": "45267", + "udp.port": "53", + "udp.length": "52", + "udp.checksum": "0x0000e97a", + "udp.checksum.status": "2", + "udp.stream": "103" + }, + "dns": { + "dns.id": "0x00007c32", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type AAAA, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:09.841805000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494769.841805000", + "frame.time_delta": "0.026170000", + "frame.time_delta_displayed": "0.026170000", + "frame.time_relative": "1178.381119000", + "frame.number": "4235", + "frame.len": "447", + "frame.cap_len": "447", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "433", + "ip.id": "0x0000a5ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000110a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "45267", + "udp.port": "53", + "udp.port": "45267", + "udp.length": "413", + "udp.checksum": "0x000083f2", + "udp.checksum.status": "2", + "udp.stream": "103" + }, + "dns": { + "dns.response_to": "4233", + "dns.time": "0.026185000", + "dns.id": "0x000003cd", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "3", + "dns.count.auth_rr": "4", + "dns.count.add_rr": "8", + "Queries": { + "fw-update2.smartthings.com: type A, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "fw-update2.smartthings.com: type A, class IN, addr 52.4.156.100": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60", + "dns.resp.len": "4", + "dns.a": "52.4.156.100" + }, + "fw-update2.smartthings.com: type A, class IN, addr 52.70.238.171": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60", + "dns.resp.len": "4", + "dns.a": "52.70.238.171" + }, + "fw-update2.smartthings.com: type A, class IN, addr 34.231.50.247": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60", + "dns.resp.len": "4", + "dns.a": "34.231.50.247" + } + }, + "Authoritative nameservers": { + "smartthings.com: type NS, class IN, ns ns-442.awsdns-55.com": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "10093", + "dns.resp.len": "19", + "dns.ns": "ns-442.awsdns-55.com" + }, + "smartthings.com: type NS, class IN, ns ns-779.awsdns-33.net": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "10093", + "dns.resp.len": "22", + "dns.ns": "ns-779.awsdns-33.net" + }, + "smartthings.com: type NS, class IN, ns ns-1610.awsdns-09.co.uk": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "10093", + "dns.resp.len": "25", + "dns.ns": "ns-1610.awsdns-09.co.uk" + }, + "smartthings.com: type NS, class IN, ns ns-1275.awsdns-31.org": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "10093", + "dns.resp.len": "23", + "dns.ns": "ns-1275.awsdns-31.org" + } + }, + "Additional records": { + "ns-442.awsdns-55.com: type A, class IN, addr 205.251.193.186": { + "dns.resp.name": "ns-442.awsdns-55.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "139159", + "dns.resp.len": "4", + "dns.a": "205.251.193.186" + }, + "ns-779.awsdns-33.net: type A, class IN, addr 205.251.195.11": { + "dns.resp.name": "ns-779.awsdns-33.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "10779", + "dns.resp.len": "4", + "dns.a": "205.251.195.11" + }, + "ns-1275.awsdns-31.org: type A, class IN, addr 205.251.196.251": { + "dns.resp.name": "ns-1275.awsdns-31.org", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7072", + "dns.resp.len": "4", + "dns.a": "205.251.196.251" + }, + "ns-1610.awsdns-09.co.uk: type A, class IN, addr 205.251.198.74": { + "dns.resp.name": "ns-1610.awsdns-09.co.uk", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "15674", + "dns.resp.len": "4", + "dns.a": "205.251.198.74" + }, + "ns-442.awsdns-55.com: type AAAA, class IN, addr 2600:9000:5301:ba00::1": { + "dns.resp.name": "ns-442.awsdns-55.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "139159", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5301:ba00::1" + }, + "ns-779.awsdns-33.net: type AAAA, class IN, addr 2600:9000:5303:b00::1": { + "dns.resp.name": "ns-779.awsdns-33.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "10779", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5303:b00::1" + }, + "ns-1275.awsdns-31.org: type AAAA, class IN, addr 2600:9000:5304:fb00::1": { + "dns.resp.name": "ns-1275.awsdns-31.org", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7072", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5304:fb00::1" + }, + "ns-1610.awsdns-09.co.uk: type AAAA, class IN, addr 2600:9000:5306:4a00::1": { + "dns.resp.name": "ns-1610.awsdns-09.co.uk", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "15674", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5306:4a00::1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:09.841985000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494769.841985000", + "frame.time_delta": "0.000180000", + "frame.time_delta_displayed": "0.000180000", + "frame.time_relative": "1178.381299000", + "frame.number": "4236", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x0000a5ef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001220", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "45267", + "udp.port": "53", + "udp.port": "45267", + "udp.length": "134", + "udp.checksum": "0x000082db", + "udp.checksum.status": "2", + "udp.stream": "103" + }, + "dns": { + "dns.response_to": "4234", + "dns.time": "0.026350000", + "dns.id": "0x00007c32", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type AAAA, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "smartthings.com: type SOA, class IN, mname ns-1275.awsdns-31.org": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "900", + "dns.resp.len": "70", + "dns.soa.mname": "ns-1275.awsdns-31.org", + "dns.soa.rname": "awsdns-hostmaster.amazon.com", + "dns.soa.serial_number": "1", + "dns.soa.refresh_interval": "7200", + "dns.soa.retry_interval": "900", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "86400" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:09.842985000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494769.842985000", + "frame.time_delta": "0.001000000", + "frame.time_delta_displayed": "0.001000000", + "frame.time_relative": "1178.382299000", + "frame.number": "4237", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000d960", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cf58", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58212", + "tcp.dstport": "443", + "tcp.port": "58212", + "tcp.port": "443", + "tcp.stream": "164", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x0000bfbb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:26:7d:3e:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 2522430, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2522430", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:09.920451000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494769.920451000", + "frame.time_delta": "0.077466000", + "frame.time_delta_displayed": "0.077466000", + "frame.time_relative": "1178.459765000", + "frame.number": "4238", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "230", + "ip.proto": "6", + "ip.checksum": "0x000002b9", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58212", + "tcp.port": "443", + "tcp.port": "58212", + "tcp.stream": "164", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "26847", + "tcp.window_size": "26847", + "tcp.checksum": "0x0000b8b8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:4b:46:b9:55:00:26:7d:3e:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 1262926165, TSecr 2522430": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262926165", + "tcp.options.timestamp.tsecr": "2522430" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4237", + "tcp.analysis.ack_rtt": "0.077466000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:09.920943000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494769.920943000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "1178.460257000", + "frame.number": "4239", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000d961", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cf5f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58212", + "tcp.dstport": "443", + "tcp.port": "58212", + "tcp.port": "443", + "tcp.stream": "164", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00004f78", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:7d:46:4b:46:b9:55", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2522438, TSecr 1262926165": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2522438", + "tcp.options.timestamp.tsecr": "1262926165" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4238", + "tcp.analysis.ack_rtt": "0.000492000", + "tcp.analysis.initial_rtt": "0.077958000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:09.923128000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494769.923128000", + "frame.time_delta": "0.002185000", + "frame.time_delta_displayed": "0.002185000", + "frame.time_relative": "1178.462442000", + "frame.number": "4240", + "frame.len": "373", + "frame.cap_len": "373", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "359", + "ip.id": "0x0000d962", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ce2b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58212", + "tcp.dstport": "443", + "tcp.port": "58212", + "tcp.port": "443", + "tcp.stream": "164", + "tcp.len": "307", + "tcp.seq": "1", + "tcp.nxtseq": "308", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00001504", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:7d:46:4b:46:b9:55", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2522438, TSecr 1262926165": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2522438", + "tcp.options.timestamp.tsecr": "1262926165" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.077958000", + "tcp.analysis.bytes_in_flight": "307", + "tcp.analysis.push_bytes_sent": "307" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000301", + "ssl.record.length": "302", + "ssl.handshake": { + "ssl.handshake.type": "1", + "ssl.handshake.length": "298", + "ssl.handshake.version": "0x00000303", + "Random": { + "ssl.handshake.random_time": "Aug 20, 2068 20:01:30.000000000 PDT", + "ssl.handshake.random": "ba:b5:8f:26:77:de:77:2d:47:27:fd:20:34:db:56:6b:8c:f6:fa:fd:88:45:ab:96:d8:39:9b:5c" + }, + "ssl.handshake.session_id_length": "0", + "ssl.handshake.cipher_suites_length": "148", + "ssl.handshake.ciphersuites": { + "ssl.handshake.ciphersuite": "49200", + "ssl.handshake.ciphersuite": "49196", + "ssl.handshake.ciphersuite": "49192", + "ssl.handshake.ciphersuite": "49188", + "ssl.handshake.ciphersuite": "49172", + "ssl.handshake.ciphersuite": "49162", + "ssl.handshake.ciphersuite": "163", + "ssl.handshake.ciphersuite": "159", + "ssl.handshake.ciphersuite": "107", + "ssl.handshake.ciphersuite": "106", + "ssl.handshake.ciphersuite": "57", + "ssl.handshake.ciphersuite": "56", + "ssl.handshake.ciphersuite": "136", + "ssl.handshake.ciphersuite": "135", + "ssl.handshake.ciphersuite": "49202", + "ssl.handshake.ciphersuite": "49198", + "ssl.handshake.ciphersuite": "49194", + "ssl.handshake.ciphersuite": "49190", + "ssl.handshake.ciphersuite": "49167", + "ssl.handshake.ciphersuite": "49157", + "ssl.handshake.ciphersuite": "157", + "ssl.handshake.ciphersuite": "61", + "ssl.handshake.ciphersuite": "53", + "ssl.handshake.ciphersuite": "132", + "ssl.handshake.ciphersuite": "49199", + "ssl.handshake.ciphersuite": "49195", + "ssl.handshake.ciphersuite": "49191", + "ssl.handshake.ciphersuite": "49187", + "ssl.handshake.ciphersuite": "49171", + "ssl.handshake.ciphersuite": "49161", + "ssl.handshake.ciphersuite": "162", + "ssl.handshake.ciphersuite": "158", + "ssl.handshake.ciphersuite": "103", + "ssl.handshake.ciphersuite": "64", + "ssl.handshake.ciphersuite": "51", + "ssl.handshake.ciphersuite": "50", + "ssl.handshake.ciphersuite": "154", + "ssl.handshake.ciphersuite": "153", + "ssl.handshake.ciphersuite": "69", + "ssl.handshake.ciphersuite": "68", + "ssl.handshake.ciphersuite": "49201", + "ssl.handshake.ciphersuite": "49197", + "ssl.handshake.ciphersuite": "49193", + "ssl.handshake.ciphersuite": "49189", + "ssl.handshake.ciphersuite": "49166", + "ssl.handshake.ciphersuite": "49156", + "ssl.handshake.ciphersuite": "156", + "ssl.handshake.ciphersuite": "60", + "ssl.handshake.ciphersuite": "47", + "ssl.handshake.ciphersuite": "150", + "ssl.handshake.ciphersuite": "65", + "ssl.handshake.ciphersuite": "7", + "ssl.handshake.ciphersuite": "49169", + "ssl.handshake.ciphersuite": "49159", + "ssl.handshake.ciphersuite": "49164", + "ssl.handshake.ciphersuite": "49154", + "ssl.handshake.ciphersuite": "5", + "ssl.handshake.ciphersuite": "4", + "ssl.handshake.ciphersuite": "49170", + "ssl.handshake.ciphersuite": "49160", + "ssl.handshake.ciphersuite": "22", + "ssl.handshake.ciphersuite": "19", + "ssl.handshake.ciphersuite": "49165", + "ssl.handshake.ciphersuite": "49155", + "ssl.handshake.ciphersuite": "10", + "ssl.handshake.ciphersuite": "21", + "ssl.handshake.ciphersuite": "18", + "ssl.handshake.ciphersuite": "9", + "ssl.handshake.ciphersuite": "20", + "ssl.handshake.ciphersuite": "17", + "ssl.handshake.ciphersuite": "8", + "ssl.handshake.ciphersuite": "6", + "ssl.handshake.ciphersuite": "3", + "ssl.handshake.ciphersuite": "255" + }, + "ssl.handshake.comp_methods_length": "1", + "ssl.handshake.comp_methods": { + "ssl.handshake.comp_method": "0" + }, + "ssl.handshake.extensions_length": "109", + "Extension: ec_point_formats": { + "ssl.handshake.extension.type": "0x0000000b", + "ssl.handshake.extension.len": "4", + "ssl.handshake.extensions_ec_point_formats_length": "3", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_ec_point_format": "0", + "ssl.handshake.extensions_ec_point_format": "1", + "ssl.handshake.extensions_ec_point_format": "2" + } + }, + "Extension: elliptic_curves": { + "ssl.handshake.extension.type": "0x0000000a", + "ssl.handshake.extension.len": "52", + "ssl.handshake.extensions_elliptic_curves_length": "50", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_elliptic_curve": "0x0000000e", + "ssl.handshake.extensions_elliptic_curve": "0x0000000d", + "ssl.handshake.extensions_elliptic_curve": "0x00000019", + "ssl.handshake.extensions_elliptic_curve": "0x0000000b", + "ssl.handshake.extensions_elliptic_curve": "0x0000000c", + "ssl.handshake.extensions_elliptic_curve": "0x00000018", + "ssl.handshake.extensions_elliptic_curve": "0x00000009", + "ssl.handshake.extensions_elliptic_curve": "0x0000000a", + "ssl.handshake.extensions_elliptic_curve": "0x00000016", + "ssl.handshake.extensions_elliptic_curve": "0x00000017", + "ssl.handshake.extensions_elliptic_curve": "0x00000008", + "ssl.handshake.extensions_elliptic_curve": "0x00000006", + "ssl.handshake.extensions_elliptic_curve": "0x00000007", + "ssl.handshake.extensions_elliptic_curve": "0x00000014", + "ssl.handshake.extensions_elliptic_curve": "0x00000015", + "ssl.handshake.extensions_elliptic_curve": "0x00000004", + "ssl.handshake.extensions_elliptic_curve": "0x00000005", + "ssl.handshake.extensions_elliptic_curve": "0x00000012", + "ssl.handshake.extensions_elliptic_curve": "0x00000013", + "ssl.handshake.extensions_elliptic_curve": "0x00000001", + "ssl.handshake.extensions_elliptic_curve": "0x00000002", + "ssl.handshake.extensions_elliptic_curve": "0x00000003", + "ssl.handshake.extensions_elliptic_curve": "0x0000000f", + "ssl.handshake.extensions_elliptic_curve": "0x00000010", + "ssl.handshake.extensions_elliptic_curve": "0x00000011" + } + }, + "Extension: SessionTicket TLS": { + "ssl.handshake.extension.type": "0x00000023", + "ssl.handshake.extension.len": "0", + "ssl.handshake.extension.data": "" + }, + "Extension: signature_algorithms": { + "ssl.handshake.extension.type": "0x0000000d", + "ssl.handshake.extension.len": "32", + "ssl.handshake.sig_hash_alg_len": "30", + "ssl.handshake.sig_hash_algs": { + "ssl.handshake.sig_hash_alg": "0x00000601", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000602", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000603", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000501", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000502", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000503", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000401", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000402", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000403", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000301", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000302", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000303", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000201", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000202", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000203", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "3" + } + } + }, + "Extension: Heartbeat": { + "ssl.handshake.extension.type": "0x0000000f", + "ssl.handshake.extension.len": "1", + "ssl.handshake.extension.heartbeat.mode": "1" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:10.000876000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494770.000876000", + "frame.time_delta": "0.077748000", + "frame.time_delta_displayed": "0.077748000", + "frame.time_relative": "1178.540190000", + "frame.number": "4241", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000052c2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "230", + "ip.proto": "6", + "ip.checksum": "0x0000affe", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58212", + "tcp.port": "443", + "tcp.port": "58212", + "tcp.stream": "164", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004ea8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:46:b9:69:00:26:7d:46", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262926185, TSecr 2522438": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262926185", + "tcp.options.timestamp.tsecr": "2522438" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4240", + "tcp.analysis.ack_rtt": "0.077748000", + "tcp.analysis.initial_rtt": "0.077958000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:10.001931000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494770.001931000", + "frame.time_delta": "0.001055000", + "frame.time_delta_displayed": "0.001055000", + "frame.time_relative": "1178.541245000", + "frame.number": "4242", + "frame.len": "1514", + "frame.cap_len": "1514", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1500", + "ip.id": "0x000052c3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "230", + "ip.proto": "6", + "ip.checksum": "0x0000aa55", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58212", + "tcp.port": "443", + "tcp.port": "58212", + "tcp.stream": "164", + "tcp.len": "1448", + "tcp.seq": "1", + "tcp.nxtseq": "1449", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000097d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:46:b9:69:00:26:7d:46", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262926185, TSecr 2522438": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262926185", + "tcp.options.timestamp.tsecr": "2522438" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.077958000", + "tcp.analysis.bytes_in_flight": "1448", + "tcp.analysis.push_bytes_sent": "1448" + }, + "tcp.segment_data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e" + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "89", + "ssl.handshake": { + "ssl.handshake.type": "2", + "ssl.handshake.length": "85", + "ssl.handshake.version": "0x00000303", + "Random": { + "ssl.handshake.random_time": "Aug 4, 2011 19:21:40.000000000 PDT", + "ssl.handshake.random": "67:91:a7:75:70:05:f1:f6:a4:8a:92:5b:6a:79:f5:cb:0d:f1:e8:d0:71:32:50:47:21:b3:89:6f" + }, + "ssl.handshake.session_id_length": "32", + "ssl.handshake.session_id": "db:a8:5b:1d:19:71:51:d1:ff:da:ae:4e:67:c9:7b:c1:21:90:98:af:17:5d:5e:fb:87:bb:7b:9b:e7:88:05:56", + "ssl.handshake.ciphersuite": "49199", + "ssl.handshake.comp_method": "0", + "ssl.handshake.extensions_length": "13", + "Extension: renegotiation_info": { + "ssl.handshake.extension.type": "0x0000ff01", + "ssl.handshake.extension.len": "1", + "Renegotiation Info extension": { + "ssl.handshake.extensions_reneg_info_len": "0" + } + }, + "Extension: ec_point_formats": { + "ssl.handshake.extension.type": "0x0000000b", + "ssl.handshake.extension.len": "4", + "ssl.handshake.extensions_ec_point_formats_length": "3", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_ec_point_format": "0", + "ssl.handshake.extensions_ec_point_format": "1", + "ssl.handshake.extensions_ec_point_format": "2" + } + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:10.001952000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494770.001952000", + "frame.time_delta": "0.000021000", + "frame.time_delta_displayed": "0.000021000", + "frame.time_relative": "1178.541266000", + "frame.number": "4243", + "frame.len": "289", + "frame.cap_len": "289", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:x509ce:ns_cert_exts:x509ce:x509ce:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "275", + "ip.id": "0x000052c4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "230", + "ip.proto": "6", + "ip.checksum": "0x0000af1d", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58212", + "tcp.port": "443", + "tcp.port": "58212", + "tcp.stream": "164", + "tcp.len": "223", + "tcp.seq": "1449", + "tcp.nxtseq": "1672", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009308", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:46:b9:69:00:26:7d:46", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262926185, TSecr 2522438": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262926185", + "tcp.options.timestamp.tsecr": "2522438" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.077958000", + "tcp.analysis.bytes_in_flight": "1671", + "tcp.analysis.push_bytes_sent": "1671" + }, + "tcp.segment_data": "3a:cd:63:9f" + }, + "tcp.segments": { + "tcp.segment": "4242", + "tcp.segment": "4243", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1358", + "tcp.reassembled.data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1353", + "ssl.handshake": { + "ssl.handshake.type": "11", + "ssl.handshake.length": "1349", + "ssl.handshake.certificates_length": "1346", + "ssl.handshake.certificates": { + "ssl.handshake.certificate_length": "777", + "ssl.handshake.certificate": "30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79", + "ssl.handshake.certificate_tree": { + "x509af.signedCertificate_element": { + "x509af.version": "2", + "x509af.serialNumber": "0", + "x509af.signature_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "x509af.issuer": "0", + "x509af.issuer_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.validity_element": { + "x509af.notBefore": "0", + "x509af.notBefore_tree": { + "x509af.utcTime": "15-03-05 21:25:44 (UTC)" + }, + "x509af.notAfter": "0", + "x509af.notAfter_tree": { + "x509af.utcTime": "25-03-02 21:25:44 (UTC)" + } + }, + "x509af.subject": "0", + "x509af.subject_tree": { + "x509af.rdnSequence": "5", + "x509af.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STFWSRV" + } + } + } + } + }, + "x509af.subjectPublicKeyInfo_element": { + "x509af.algorithm_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.1" + }, + "x509af.subjectPublicKey": "30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01", + "x509af.subjectPublicKey_tree": { + "pkcs1.modulus": "00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b", + "pkcs1.publicExponent": "65537" + } + }, + "x509af.extensions": "4", + "x509af.extensions_tree": { + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.19", + "x509ce.BasicConstraintsSyntax_element": "" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.16.840.1.113730.1.13", + "ns_cert_exts.Comment": "OpenSSL Generated Certificate" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.14", + "x509ce.SubjectKeyIdentifier": "01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.35", + "x509ce.AuthorityKeyIdentifier_element": { + "x509ce.authorityCertIssuer": "1", + "x509ce.authorityCertIssuer_tree": { + "x509ce.GeneralName": "4", + "x509ce.GeneralName_tree": { + "x509ce.directoryName": "0", + "x509ce.directoryName_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + } + } + }, + "x509ce.authorityCertSerialNumber": "-2877719464742176835" + } + } + } + }, + "x509af.algorithmIdentifier_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "ber.bitstring.padding": "0", + "x509af.encrypted": "0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79" + }, + "ssl.handshake.certificate_length": "563", + "ssl.handshake.certificate": "30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f", + "ssl.handshake.certificate_tree": { + "x509af.signedCertificate_element": { + "x509af.serialNumber": "-2877719464742176835", + "x509af.signature_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "x509af.issuer": "0", + "x509af.issuer_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.validity_element": { + "x509af.notBefore": "0", + "x509af.notBefore_tree": { + "x509af.utcTime": "15-03-05 21:25:34 (UTC)" + }, + "x509af.notAfter": "0", + "x509af.notAfter_tree": { + "x509af.utcTime": "25-03-02 21:25:34 (UTC)" + } + }, + "x509af.subject": "0", + "x509af.subject_tree": { + "x509af.rdnSequence": "5", + "x509af.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.subjectPublicKeyInfo_element": { + "x509af.algorithm_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.1" + }, + "x509af.subjectPublicKey": "30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01", + "x509af.subjectPublicKey_tree": { + "pkcs1.modulus": "00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f", + "pkcs1.publicExponent": "65537" + } + } + }, + "x509af.algorithmIdentifier_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "ber.bitstring.padding": "0", + "x509af.encrypted": "48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" + } + } + } + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "205", + "ssl.handshake": { + "ssl.handshake.type": "12", + "ssl.handshake.length": "201", + "EC Diffie-Hellman Server Params": { + "ssl.handshake.server_curve_type": "0x00000003", + "ssl.handshake.server_named_curve": "0x00000017", + "ssl.handshake.server_point_len": "65", + "ssl.handshake.server_point": "04:ca:c7:f7:9f:6c:1c:57:b7:f3:18:a7:d9:6f:b4:80:ff:ab:92:b3:c6:97:85:51:4a:09:36:82:ec:14:78:c6:6b:f5:20:14:36:34:31:6d:3e:81:6b:9b:b2:92:fd:da:1f:f6:5c:44:4d:72:02:7f:ec:0c:ff:35:b0:43:76:70:57", + "ssl.handshake.sig_hash_alg": "0x00000601", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_len": "128", + "ssl.handshake.sig": "65:92:be:87:ca:e9:e8:f0:43:4b:2c:e7:64:e7:3b:f4:a5:41:5e:e8:2a:60:24:02:0e:9e:53:f9:de:d6:a4:14:ff:9f:9f:91:f2:54:f9:da:9c:a5:c6:83:8f:d7:86:ab:3a:ab:44:95:6e:ab:27:07:b9:00:7a:5f:84:e8:2f:65:9b:c6:40:b5:72:72:c0:a0:3a:b7:59:8e:8a:13:2a:b8:2c:c7:58:cd:e2:59:97:ec:d2:aa:98:02:c3:b6:45:e3:96:8b:8a:42:60:61:ad:1b:b4:43:81:3e:c4:88:9d:f0:55:a4:a3:de:89:1f:e1:48:16:54:65:8f:a4:0f:e6:d8" + } + } + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "4", + "ssl.handshake": { + "ssl.handshake.type": "14", + "ssl.handshake.length": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:10.002624000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494770.002624000", + "frame.time_delta": "0.000672000", + "frame.time_delta_displayed": "0.000672000", + "frame.time_relative": "1178.541938000", + "frame.number": "4244", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000d963", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cf5d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58212", + "tcp.dstport": "443", + "tcp.port": "58212", + "tcp.port": "443", + "tcp.stream": "164", + "tcp.len": "0", + "tcp.seq": "308", + "tcp.ack": "1672", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000476e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:7d:4e:4b:46:b9:69", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2522446, TSecr 1262926185": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2522446", + "tcp.options.timestamp.tsecr": "1262926185" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4243", + "tcp.analysis.ack_rtt": "0.000672000", + "tcp.analysis.initial_rtt": "0.077958000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:10.027979000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494770.027979000", + "frame.time_delta": "0.025355000", + "frame.time_delta_displayed": "0.025355000", + "frame.time_relative": "1178.567293000", + "frame.number": "4245", + "frame.len": "192", + "frame.cap_len": "192", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "178", + "ip.id": "0x0000d964", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cede", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58212", + "tcp.dstport": "443", + "tcp.port": "58212", + "tcp.port": "443", + "tcp.stream": "164", + "tcp.len": "126", + "tcp.seq": "308", + "tcp.nxtseq": "434", + "tcp.ack": "1672", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00004882", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:7d:50:4b:46:b9:69", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2522448, TSecr 1262926185": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2522448", + "tcp.options.timestamp.tsecr": "1262926185" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.077958000", + "tcp.analysis.bytes_in_flight": "126", + "tcp.analysis.push_bytes_sent": "126" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "70", + "ssl.handshake": { + "ssl.handshake.type": "16", + "ssl.handshake.length": "66", + "EC Diffie-Hellman Client Params": { + "ssl.handshake.client_point_len": "65", + "ssl.handshake.client_point": "04:a5:bd:40:10:30:db:74:02:5b:da:93:5d:61:3a:ba:c7:87:8d:95:06:82:6b:68:65:18:cb:f5:9c:7a:fa:dc:ae:60:83:58:cf:20:f1:98:35:54:7e:da:ec:ab:90:76:1e:f7:b1:cc:12:6d:5f:df:c7:d6:e4:e7:ed:32:ad:93:3f" + } + } + }, + "ssl.record": { + "ssl.record.content_type": "20", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1", + "ssl.change_cipher_spec": "" + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "40", + "ssl.handshake": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:10.105993000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494770.105993000", + "frame.time_delta": "0.078014000", + "frame.time_delta_displayed": "0.078014000", + "frame.time_relative": "1178.645307000", + "frame.number": "4246", + "frame.len": "117", + "frame.cap_len": "117", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "103", + "ip.id": "0x000052c5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "230", + "ip.proto": "6", + "ip.checksum": "0x0000afc8", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58212", + "tcp.port": "443", + "tcp.port": "58212", + "tcp.stream": "164", + "tcp.len": "51", + "tcp.seq": "1672", + "tcp.nxtseq": "1723", + "tcp.ack": "434", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001050", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:46:b9:83:00:26:7d:50", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262926211, TSecr 2522448": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262926211", + "tcp.options.timestamp.tsecr": "2522448" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4245", + "tcp.analysis.ack_rtt": "0.078014000", + "tcp.analysis.initial_rtt": "0.077958000", + "tcp.analysis.bytes_in_flight": "51", + "tcp.analysis.push_bytes_sent": "51" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "20", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1", + "ssl.change_cipher_spec": "" + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "40", + "ssl.handshake": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:10.107589000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494770.107589000", + "frame.time_delta": "0.001596000", + "frame.time_delta_displayed": "0.001596000", + "frame.time_relative": "1178.646903000", + "frame.number": "4247", + "frame.len": "135", + "frame.cap_len": "135", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "121", + "ip.id": "0x0000d965", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cf16", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58212", + "tcp.dstport": "443", + "tcp.port": "58212", + "tcp.port": "443", + "tcp.stream": "164", + "tcp.len": "69", + "tcp.seq": "434", + "tcp.nxtseq": "503", + "tcp.ack": "1723", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00006c57", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:7d:58:4b:46:b9:83", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2522456, TSecr 1262926211": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2522456", + "tcp.options.timestamp.tsecr": "1262926211" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4246", + "tcp.analysis.ack_rtt": "0.001596000", + "tcp.analysis.initial_rtt": "0.077958000", + "tcp.analysis.bytes_in_flight": "69", + "tcp.analysis.push_bytes_sent": "69" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "64", + "ssl.app_data": "2f:63:9c:0b:41:37:ce:75:95:de:0b:6a:ad:d0:52:de:6f:09:d9:48:12:f9:51:7d:05:78:81:a6:7b:a4:d4:da:1b:09:b5:67:f8:41:46:4c:d6:0c:51:05:4f:ff:1b:6f:dc:81:3d:2b:f9:2b:0d:aa:80:9c:f4:16:97:fc:21:53" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:10.185677000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494770.185677000", + "frame.time_delta": "0.078088000", + "frame.time_delta_displayed": "0.078088000", + "frame.time_relative": "1178.724991000", + "frame.number": "4248", + "frame.len": "135", + "frame.cap_len": "135", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "121", + "ip.id": "0x000052c6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "230", + "ip.proto": "6", + "ip.checksum": "0x0000afb5", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58212", + "tcp.port": "443", + "tcp.port": "58212", + "tcp.stream": "164", + "tcp.len": "69", + "tcp.seq": "1723", + "tcp.nxtseq": "1792", + "tcp.ack": "503", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f3a9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:46:b9:97:00:26:7d:58", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262926231, TSecr 2522456": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262926231", + "tcp.options.timestamp.tsecr": "2522456" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4247", + "tcp.analysis.ack_rtt": "0.078088000", + "tcp.analysis.initial_rtt": "0.077958000", + "tcp.analysis.bytes_in_flight": "69", + "tcp.analysis.push_bytes_sent": "69" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "64", + "ssl.app_data": "cd:29:b1:ef:4f:b6:e5:8e:a3:53:b0:5e:63:9b:a8:a6:27:70:9e:39:9a:9c:21:75:c0:e5:cf:f6:65:32:f0:48:6a:8e:74:93:87:80:21:bc:85:63:3b:ea:bf:2e:75:00:1e:9d:2a:2c:a0:90:61:55:be:c1:c1:c3:a1:89:89:f8" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:10.186612000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494770.186612000", + "frame.time_delta": "0.000935000", + "frame.time_delta_displayed": "0.000935000", + "frame.time_relative": "1178.725926000", + "frame.number": "4249", + "frame.len": "555", + "frame.cap_len": "555", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "541", + "ip.id": "0x0000d966", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cd71", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58212", + "tcp.dstport": "443", + "tcp.port": "58212", + "tcp.port": "443", + "tcp.stream": "164", + "tcp.len": "489", + "tcp.seq": "503", + "tcp.nxtseq": "992", + "tcp.ack": "1792", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00002c59", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:7d:60:4b:46:b9:97", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2522464, TSecr 1262926231": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2522464", + "tcp.options.timestamp.tsecr": "1262926231" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4248", + "tcp.analysis.ack_rtt": "0.000935000", + "tcp.analysis.initial_rtt": "0.077958000", + "tcp.analysis.bytes_in_flight": "489", + "tcp.analysis.push_bytes_sent": "489" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "484", + "ssl.app_data": "2f:63:9c:0b:41:37:ce:76:29:41:5c:d8:6f:a7:02:40:19:3a:0e:f6:83:91:d0:84:d8:a4:97:e1:f2:e8:6f:36:5a:c1:3f:59:6c:82:e7:70:1a:25:19:48:20:00:3f:38:39:99:b1:e4:05:2e:7d:74:32:60:2e:81:74:4c:f4:5e:64:95:32:8b:03:25:d6:50:e7:a3:80:a4:6b:29:a6:ec:0b:7b:ba:5e:e5:23:94:b1:77:36:3e:a8:4d:89:28:97:41:27:37:3c:cb:0c:cf:45:ee:c8:69:b7:43:3c:02:71:c8:c2:ea:ea:c8:ad:60:21:67:59:44:0b:c0:85:95:29:2c:b9:10:c5:93:79:fe:56:f1:da:70:98:a0:bf:f1:db:b0:2a:80:ff:f3:a5:3e:1d:c3:f7:19:2a:a0:b0:ae:4e:73:c7:64:d5:3a:dd:f8:07:b1:cc:75:cb:e3:63:e7:e1:4f:89:70:4b:46:77:35:f1:52:cf:60:f2:c1:ca:12:2b:a5:f9:16:ad:0f:6f:02:d8:8a:8a:16:28:bc:33:4d:24:34:a4:43:34:e3:76:d1:75:03:21:53:42:41:f2:0e:68:94:4c:53:4d:de:16:2d:a4:78:51:2d:e1:ae:a0:b6:8c:64:8e:2a:07:e1:e2:73:f7:bd:ec:7e:59:da:c9:5c:f1:75:21:19:ff:c7:00:bd:d9:57:76:83:7b:8c:1a:09:12:c6:59:12:35:83:27:14:d2:68:5d:af:3b:12:b7:f3:06:87:e6:09:79:4c:1e:0f:38:f7:7b:53:82:53:f5:c2:63:93:54:c1:04:cf:e2:cf:62:4e:65:0d:a2:24:61:72:da:cc:ba:6c:4c:11:36:98:de:a8:16:a4:9f:0b:48:92:4a:d8:7c:f0:3a:a5:35:57:aa:6b:1d:e9:fc:a1:b0:62:f9:26:c2:70:c4:bb:eb:a2:41:40:01:f8:5d:48:e1:e4:f3:0c:a2:c6:9d:e7:97:f8:f0:45:a8:01:91:38:c9:0e:34:86:82:08:25:e6:18:47:3f:6b:0d:e3:99:d7:fc:8d:99:58:9f:0b:ab:d2:d2:71:e2:6c:f3:7c:e8:80:36:95:5f:a5:a9:3a:cf:90:dd:5d:57:12:d2:18:cd:e3:c4:97:9f:e4:16:94:96:fe:a7:74:c0:a9:57:d6:a8:40:b6:a2:ec:e4:81:4c:b5:1c:c8:43:f0:1e:a9:5f:3a:95:2c:a2:04:8e:66:8f:be:65:7b:23:f3:e5:ec:ad:b2:88:8d:71:7a:6f:13:90:36" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:10.206589000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494770.206589000", + "frame.time_delta": "0.019977000", + "frame.time_delta_displayed": "0.019977000", + "frame.time_relative": "1178.745903000", + "frame.number": "4250", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b5f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed31", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x0000c1af", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:84:17:cd:bf:7e:cd:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:10.264434000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494770.264434000", + "frame.time_delta": "0.057845000", + "frame.time_delta_displayed": "0.057845000", + "frame.time_relative": "1178.803748000", + "frame.number": "4251", + "frame.len": "141", + "frame.cap_len": "141", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "127", + "ip.id": "0x000052c7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "230", + "ip.proto": "6", + "ip.checksum": "0x0000afae", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58212", + "tcp.port": "443", + "tcp.port": "58212", + "tcp.stream": "164", + "tcp.len": "75", + "tcp.seq": "1792", + "tcp.nxtseq": "1867", + "tcp.ack": "992", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000002eb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:46:b9:aa:00:26:7d:60", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262926250, TSecr 2522464": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262926250", + "tcp.options.timestamp.tsecr": "2522464" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4249", + "tcp.analysis.ack_rtt": "0.077822000", + "tcp.analysis.initial_rtt": "0.077958000", + "tcp.analysis.bytes_in_flight": "75", + "tcp.analysis.push_bytes_sent": "75" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "70", + "ssl.app_data": "cd:29:b1:ef:4f:b6:e5:8f:9e:18:0a:95:71:f4:88:65:bf:5f:00:a5:7c:a1:00:f0:c4:49:72:14:4b:a6:63:08:ad:a0:a4:61:b4:dd:a7:53:a2:bb:86:24:a9:30:58:24:3d:5f:c5:c2:85:bf:ce:21:77:2c:af:90:b9:3b:e4:1e:4f:2b:9a:da:05:4d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:10.265024000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494770.265024000", + "frame.time_delta": "0.000590000", + "frame.time_delta_displayed": "0.000590000", + "frame.time_relative": "1178.804338000", + "frame.number": "4252", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000d967", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cf59", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58212", + "tcp.dstport": "443", + "tcp.port": "58212", + "tcp.port": "443", + "tcp.stream": "164", + "tcp.len": "0", + "tcp.seq": "992", + "tcp.ack": "1867", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x000043a3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:7d:68:4b:46:b9:aa", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2522472, TSecr 1262926250": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2522472", + "tcp.options.timestamp.tsecr": "1262926250" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4251", + "tcp.analysis.ack_rtt": "0.000590000", + "tcp.analysis.initial_rtt": "0.077958000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:10.342684000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494770.342684000", + "frame.time_delta": "0.077660000", + "frame.time_delta_displayed": "0.077660000", + "frame.time_relative": "1178.881998000", + "frame.number": "4253", + "frame.len": "97", + "frame.cap_len": "97", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "83", + "ip.id": "0x000052c8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "230", + "ip.proto": "6", + "ip.checksum": "0x0000afd9", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58212", + "tcp.port": "443", + "tcp.port": "58212", + "tcp.stream": "164", + "tcp.len": "31", + "tcp.seq": "1867", + "tcp.nxtseq": "1898", + "tcp.ack": "993", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b7cb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:46:b9:be:00:26:7d:68", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262926270, TSecr 2522472": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262926270", + "tcp.options.timestamp.tsecr": "2522472" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4252", + "tcp.analysis.ack_rtt": "0.077660000", + "tcp.analysis.initial_rtt": "0.077958000", + "tcp.analysis.bytes_in_flight": "31", + "tcp.analysis.push_bytes_sent": "31" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "21", + "ssl.record.version": "0x00000303", + "ssl.record.length": "26", + "ssl.alert_message": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:10.342770000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494770.342770000", + "frame.time_delta": "0.000086000", + "frame.time_delta_displayed": "0.000086000", + "frame.time_relative": "1178.882084000", + "frame.number": "4254", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000052c9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "230", + "ip.proto": "6", + "ip.checksum": "0x0000aff7", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58212", + "tcp.port": "443", + "tcp.port": "58212", + "tcp.stream": "164", + "tcp.len": "0", + "tcp.seq": "1898", + "tcp.ack": "993", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004416", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:46:b9:be:00:26:7d:68", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1262926270, TSecr 2522472": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1262926270", + "tcp.options.timestamp.tsecr": "2522472" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:10.343196000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494770.343196000", + "frame.time_delta": "0.000426000", + "frame.time_delta_displayed": "0.000426000", + "frame.time_relative": "1178.882510000", + "frame.number": "4255", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007041", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000388c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58212", + "tcp.dstport": "443", + "tcp.port": "58212", + "tcp.port": "443", + "tcp.stream": "164", + "tcp.len": "0", + "tcp.seq": "993", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000da26", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:10.343207000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494770.343207000", + "frame.time_delta": "0.000011000", + "frame.time_delta_displayed": "0.000011000", + "frame.time_relative": "1178.882521000", + "frame.number": "4256", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007042", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000388b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58212", + "tcp.dstport": "443", + "tcp.port": "58212", + "tcp.port": "443", + "tcp.stream": "164", + "tcp.len": "0", + "tcp.seq": "993", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000da26", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:12.636056000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494772.636056000", + "frame.time_delta": "2.292849000", + "frame.time_delta_displayed": "2.292849000", + "frame.time_relative": "1181.175370000", + "frame.number": "4257", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001dfc", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b9f4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000187f", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000277", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=631", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:12.636489000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494772.636489000", + "frame.time_delta": "0.000433000", + "frame.time_delta_displayed": "0.000433000", + "frame.time_relative": "1181.175803000", + "frame.number": "4258", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001dfd", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009aef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f97a", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000277", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=631", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:12.636955000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494772.636955000", + "frame.time_delta": "0.000466000", + "frame.time_delta_displayed": "0.000466000", + "frame.time_relative": "1181.176269000", + "frame.number": "4259", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008740", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000277", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=631", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:13.856627000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494773.856627000", + "frame.time_delta": "1.219672000", + "frame.time_delta_displayed": "1.219672000", + "frame.time_relative": "1182.395941000", + "frame.number": "4260", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b61", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed2f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x00009c3a", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:11:04:ac:5b:99:7f:cd:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:14.470426000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494774.470426000", + "frame.time_delta": "0.613799000", + "frame.time_delta_displayed": "0.613799000", + "frame.time_relative": "1183.009740000", + "frame.number": "4261", + "frame.len": "162", + "frame.cap_len": "162", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "148", + "ip.id": "0x00000feb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd3a", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "108", + "tcp.seq": "361", + "tcp.nxtseq": "469", + "tcp.ack": "402", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000959b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "108", + "tcp.analysis.push_bytes_sent": "108" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "103", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:6c:28:9c:fb:80:53:b5:aa:c8:66:5b:92:31:3c:48:d3:b5:72:50:d3:82:f1:e9:32:d0:a2:7f:00:1a:34:d0:ca:6b:92:0d:b3:dc:7c:e1:84:fc:60:38:ab:e5:7f:7e:fc:fd:80:49:36:e4:93:0e:b5:62:77:12:90:03:c9:ae:15:57:72:59:ad:69:91:5d:55:29:81:ce:23:e4:68:12:00:6d:22:ff:a9:47:8c:a8:76:59:cf:4a:89:40:39:d4:df" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:14.470916000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494774.470916000", + "frame.time_delta": "0.000490000", + "frame.time_delta_displayed": "0.000490000", + "frame.time_relative": "1183.010230000", + "frame.number": "4262", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005800", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a691", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "402", + "tcp.ack": "469", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000035a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4261", + "tcp.analysis.ack_rtt": "0.000490000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:14.488458000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494774.488458000", + "frame.time_delta": "0.017542000", + "frame.time_delta_displayed": "0.017542000", + "frame.time_relative": "1183.027772000", + "frame.number": "4263", + "frame.len": "4522", + "frame.cap_len": "4522", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "4508", + "ip.id": "0x00005801", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000951c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "4468", + "tcp.seq": "402", + "tcp.nxtseq": "4870", + "tcp.ack": "469", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004dcd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "4468", + "tcp.analysis.push_bytes_sent": "4468" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "4463", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:e6:6d:07:2f:82:44:0f:35:f6:18:2b:36:73:a9:1e:b0:c1:06:c6:1a:13:b0:fe:8d:b9:f4:23:5d:b2:19:81:a5:77:c7:a5:b0:cb:53:e2:23:91:b6:d7:60:c6:e7:bd:41:f2:af:1f:b1:0e:83:c1:f7:fa:2f:e7:4f:5d:56:ad:a1:5e:2a:5b:80:be:f1:70:2e:ab:98:94:9f:be:25:dc:34:a9:d4:41:28:47:68:38:9a:2e:30:57:82:69:5d:5a:fe:90:42:67:4e:ee:6d:d7:1c:35:ce:20:38:44:58:af:61:ec:e3:9e:ab:20:17:36:35:d3:0e:61:96:b5:4e:c6:60:a3:13:82:85:f1:75:35:be:97:a7:59:5b:8e:b9:f4:e6:4a:3d:2e:7f:05:2f:36:61:54:5d:c2:61:7d:91:e2:a5:b7:da:9d:ea:3a:61:2d:fb:3f:34:7c:5d:db:31:be:da:d9:8b:a6:9f:2c:ab:37:1c:1a:9f:74:ea:78:8e:d9:ee:16:c3:af:86:d6:ca:ba:84:d9:65:fb:1b:71:8e:b8:e1:cf:06:33:11:e3:62:21:8d:30:8f:a2:25:97:d4:10:68:d7:18:a5:a3:b2:ef:8a:4b:68:fe:bb:4f:5a:e6:62:34:d4:d7:10:b8:ef:26:0a:03:6e:0a:e1:e6:5d:ea:b9:da:a9:1f:a5:b3:50:98:c4:fc:5a:35:16:5a:ae:d1:d5:20:40:2f:b6:5c:85:05:c9:af:61:78:9b:1c:54:56:18:b7:4a:57:8f:a0:e8:ee:80:2a:cb:b1:c8:a4:cf:a9:b7:26:8e:a6:af:86:0a:f6:56:c7:49:55:44:98:dc:eb:2f:af:19:de:32:6d:f0:a1:0d:b9:70:29:d9:c9:da:c1:55:9f:66:cd:27:a8:f7:a6:4e:9c:57:4d:da:a4:d9:07:b6:de:d9:35:40:ad:a3:87:45:45:72:a4:ce:03:68:45:27:75:01:29:9b:af:48:4b:4b:9f:09:7c:34:8a:1e:bb:7e:09:6e:71:bd:ed:53:e4:69:72:37:81:9b:25:11:8b:52:28:f8:5a:32:da:3e:5f:a5:dc:a0:30:0a:b7:8d:07:91:51:68:c3:d3:7c:94:6e:47:af:16:dc:73:a6:bd:33:24:f9:4a:cf:64:14:aa:fe:1f:88:d2:e1:7c:5d:29:55:61:84:d7:3f:3d:21:b7:3a:92:85:f1:81:cf:a5:d6:9b:a8:27:59:1e:65:84:10:89:2f:52:d1:28:c4:d3:4c:18:fd:cc:79:2b:e4:90:e8:4a:70:e3:f9:8a:3a:b2:b6:00:1b:3a:ba:b1:eb:68:d2:02:f4:45:28:4e:7a:30:60:9c:73:93:55:e2:32:d0:08:4a:6f:97:a4:c4:57:7c:c3:3b:4b:59:9f:b4:37:8e:83:cd:52:e0:ec:0a:5b:6c:bf:17:77:84:93:16:85:b4:b1:a2:73:03:a5:1a:b5:6c:b2:a6:96:ee:8f:25:01:ec:5b:1f:0a:65:54:95:b2:3e:8c:25:c3:fe:bf:0e:ea:aa:37:79:e7:05:54:94:c2:d4:6e:ee:e8:29:83:3e:d4:d1:ae:da:a9:67:cc:a4:2a:c6:df:df:0f:b5:6b:2c:c6:be:43:f9:94:93:ea:d6:03:1d:70:45:ae:99:35:35:d5:2f:ed:c5:d4:95:63:d0:8c:b3:7b:1e:2f:58:18:56:23:30:63:24:ce:20:8d:21:fa:82:f0:84:9b:db:a9:0c:b5:f1:f1:63:8d:b3:cb:1f:24:62:84:69:fe:8e:74:b7:13:33:05:38:a1:50:8d:23:a6:72:2e:34:a9:30:ed:fb:2c:0b:4c:25:1e:03:23:16:96:e6:53:21:12:e0:dc:0d:30:25:88:bb:a2:54:fb:47:7c:56:29:2c:70:4e:a1:ed:3b:88:10:fb:c5:df:d4:d5:b4:4b:a2:69:d1:9b:6a:92:37:ff:f2:5c:09:7e:23:a5:bd:d0:0d:d0:39:d0:ca:6b:99:21:a8:61:d9:7c:5c:b4:f8:84:4f:f6:28:b1:a7:80:63:fe:6e:0f:31:b4:e9:b8:f9:41:fa:65:3e:ac:1b:3a:4c:af:30:11:49:7e:71:a0:43:37:a8:34:ca:c1:6e:62:c4:cd:84:a3:82:74:62:0d:d4:7c:4a:e7:57:24:da:7d:ac:1e:89:fb:a8:a5:71:50:21:96:4c:70:c9:83:b1:42:d7:9c:30:3b:5e:2f:18:6b:24:1b:d0:ab:d8:8e:a9:0e:69:6c:ee:ec:e4:23:56:58:8b:08:e8:55:15:94:b1:9a:17:a4:ce:b7:b4:42:ab:12:da:d9:3e:59:62:c9:ad:3f:7b:ed:6f:f4:54:59:15:35:77:01:3d:69:59:a7:00:4c:78:0d:6b:d8:92:6a:e8:66:ef:60:97:43:c7:c6:59:5a:e6:21:bf:63:86:50:20:00:0a:b3:49:c5:4d:2e:ef:7b:64:29:d7:2b:bf:44:5c:c6:04:99:4f:72:b0:44:04:02:59:95:2b:e4:23:fa:39:2c:46:5d:89:1b:9f:a4:92:96:9e:53:70:f6:4d:a9:30:90:4e:2f:97:93:3f:99:59:89:4a:76:50:fd:41:11:6a:d3:d8:71:20:18:3c:98:45:70:5b:d8:b7:aa:be:41:2a:55:70:c5:7e:1f:cd:f0:b1:20:c4:3c:f4:5b:81:71:5f:1f:dd:ee:fc:98:80:46:2f:2c:19:a7:55:ae:ec:a4:d6:e1:f2:6b:f8:4b:b2:f5:3b:d7:0a:94:39:c5:e5:e2:48:cb:a2:ac:bd:fc:fd:b4:6d:65:cc:97:85:f4:99:5d:f1:3f:75:f2:81:f3:72:dc:b2:cd:89:7e:51:19:d7:7e:56:b3:c0:73:e7:1b:eb:72:8c:ef:24:8c:4d:a1:81:95:b0:ea:07:47:12:ff:e2:ef:d8:33:67:d6:82:b4:34:ee:92:96:f3:77:ce:ab:ca:69:fa:49:f3:b1:df:6a:a6:4e:fb:88:2d:06:7a:7f:58:be:73:78:d4:a7:bb:9d:33:53:e6:a4:55:39:b1:12:54:93:f0:ae:f7:cd:a1:cc:4f:84:bb:58:5b:27:71:c0:aa:0b:df:db:db:7e:e2:7a:c3:2e:47:f7:cd:5d:56:48:bc:85:e5:99:3f:95:ac:6d:45:38:a9:28:39:25:ee:2b:ae:e2:37:81:23:a5:d3:22:4e:ee:2e:a0:4c:89:4d:7a:e7:ef:69:45:70:64:14:07:6f:02:78:82:50:a8:17:37:36:f3:2b:86:73:94:47:75:d9:4e:c6:bc:1d:1b:25:d3:78:37:83:7b:01:82:6a:6f:96:d7:40:44:f3:b7:48:98:be:dd:e0:fe:4d:a4:da:75:4a:cf:36:09:a5:27:d4:cb:a7:ca:28:cd:ad:d1:a3:46:89:dd:6a:e6:c0:1e:ad:9a:fc:25:0f:39:cc:59:c4:ba:c9:64:0e:3d:c5:b2:0d:fc:4c:94:f4:e0:0f:3a:bd:f7:60:32:06:86:1e:27:4c:22:4d:cf:a6:19:f2:19:3c:c6:58:d6:fc:e4:e4:25:19:2f:b7:1d:8d:c7:09:08:53:6c:12:e5:81:6b:01:dc:09:39:b3:24:91:9b:b5:4f:9b:16:cc:dd:f3:3a:21:17:64:e7:31:5f:8b:4b:06:61:fd:8d:73:3b:a4:cc:c4:92:fd:44:bc:d4:c6:70:56:a3:36:96:1b:00:9f:40:9e:c5:dc:47:9f:76:f7:75:5a:2b:90:e7:5f:1e:f9:dc:e6:aa:cf:b1:cc:d5:af:9a:91:59:eb:06:d6:da:9d:d3:54:c7:92:bc:a1:e3:90:31:2b:ec:cc:05:7e:e7:dc:88:9d:6d:18:df:5f:e2:59:66:09:4d:3b:a0:04:a3:5d:9c:28:89:17:c6:70:85:df:54:85:18:3d:97:95:ca:90:25:45:3f:da:28:78:b8:d6:33:20:f6:cb:db:de:c6:ef:7a:26:4c:b8:80:5c:4b:f8:38:98:3d:2c:95:55:be:60:12:2c:98:9e:a3:0f:5a:e7:22:8a:42:7e:44:f2:31:fd:f2:9a:67:93:8e:88:ec:e1:cb:c2:0d:96:5c:fe:d3:58:a4:c3:a6:84:83:85:ed:40:8a:4b:47:72:ef:02:8f:44:61:7a:7f:0f:39:4f:72:59:5f:3a:7a:7b:5b:91:4f:29:6a:05:c2:67:42:96:62:45:4c:c3:56:01:9b:ac:08:a2:43:8b:53:10:35:02:5e:17:fa:15:2b:88:eb:84:52:90:8e:d2:88:aa:47:89:da:5e:e1:0f:99:03:9b:6e:9d:51:68:9a:40:48:2a:ca:16:31:24:6f:0f:1e:7a:fc:7e:12:9a:64:d6:81:81:b1:08:7e:e4:e4:ce:ac:77:2a:54:78:ce:16:4f:94:25:96:33:5d:44:4a:01:aa:f7:c1:7a:86:2f:35:fa:3d:73:a2:cb:87:6b:52:5a:0a:a7:0e:32:0e:51:70:9f:bd:1c:e7:03:bf:72:7f:6e:5b:22:14:4b:70:88:64:f2:c9:6c:e3:bf:ef:ec:32:6e:51:5a:8f:de:8b:c8:6c:36:60:25:9f:2f:e2:68:19:64:78:f9:0b:e9:c6:93:c1:82:03:84:59:7e:52:57:f1:a8:14:ab:28:35:29:5d:53:b7:17:85:81:bc:ad:8d:45:6f:4c:79:c0:7b:21:c0:0e:11:2e:4d:bb:55:f6:1d:ac:b2:b9:6b:6f:c5:ea:ad:be:0b:5b:c2:f3:59:1a:25:09:df:6c:4b:7f:3a:4a:8b:3f:eb:11:15:83:ae:b3:bf:bc:15:8e:c3:02:0a:17:17:a3:84:ac:3b:5f:81:c5:f6:7c:d2:cd:36:a1:ed:92:db:24:15:c1:fc:57:54:a7:b6:4f:74:72:2e:b1:78:13:d3:02:68:13:72:90:f8:b4:f8:ba:9b:e6:09:28:88:d6:e2:71:c2:87:11:e3:2a:d4:08:f1:92:85:ed:af:73:3f:43:5f:18:09:cf:c7:9d:7d:2b:97:1c:e5:b0:67:31:ee:80:47:84:50:3f:5d:e7:f0:32:9e:43:a3:98:38:5d:8b:a8:cb:b0:af:95:e3:61:62:1b:85:45:93:2f:fc:07:f8:66:30:94:bc:fd:dc:f6:ab:3b:70:ee:b7:61:23:65:f0:8a:bd:3d:53:64:16:5c:81:a9:d6:53:2a:8f:92:a8:61:c2:a9:24:78:c5:61:d3:7c:6f:70:60:61:6f:cd:03:44:c9:e1:1e:46:e6:47:db:c4:22:9e:c7:42:33:14:11:ed:83:d3:4d:f7:51:ca:7c:b7:6d:e7:42:47:07:76:98:c1:9f:d5:1b:62:29:e4:dc:87:3d:b3:46:eb:75:eb:f1:31:67:4d:b7:ed:de:d7:e0:4a:ad:dd:7a:f4:09:2c:69:49:47:fa:cb:39:02:7a:4e:45:1e:65:47:e9:6e:7d:6c:e0:96:ec:d0:3c:53:97:56:50:7b:2e:8d:42:58:50:42:89:4d:82:23:fd:48:3c:12:49:b2:a7:ad:84:4f:92:14:17:06:d9:c6:36:89:11:a5:e7:37:2c:e7:68:e8:88:81:0a:24:64:1c:45:46:57:46:be:e0:9f:19:ed:9f:52:05:fd:e5:40:7f:56:9e:50:b6:38:38:06:74:b7:3f:46:50:78:38:31:a9:7a:05:3d:f0:cc:55:49:29:80:1d:67:40:43:8b:1a:f7:49:32:8f:ca:e2:b4:7e:3b:c1:97:f9:77:13:90:29:5a:d6:28:f7:8d:7f:e7:fd:b8:2e:49:be:09:2b:83:72:cb:92:f2:4a:0c:64:1c:81:b3:cb:6c:92:9d:20:e3:76:48:51:72:c2:33:cb:45:0c:93:05:db:7b:67:58:25:cf:ec:c0:ea:79:fa:02:82:41:44:17:52:36:dc:7f:f3:13:c4:f7:c5:73:27:ef:60:05:02:fe:af:e2:a3:18:2e:28:b5:af:f9:d3:a5:08:63:69:cc:83:ae:76:94:10:3e:5b:e3:50:31:f4:8c:96:bb:f1:83:cc:2f:d1:4b:f6:82:b6:6a:21:d4:8c:74:4b:be:31:98:9e:09:73:31:75:04:34:dc:fa:90:01:a5:99:a3:b5:44:99:f6:1a:72:47:f5:e1:42:a1:9f:a8:8f:00:d5:15:1c:fd:57:9d:1f:50:f0:9a:0a:cf:31:1e:c2:d1:78:89:c0:ad:64:8f:c7:5d:39:dd:92:e8:25:c4:29:7c:f8:0a:2e:9b:87:f1:cb:20:6e:78:bd:c5:36:03:9e:7b:8b:33:94:59:5e:ac:46:71:03:ea:03:71:78:41:fa:19:25:cd:9f:f5:76:6f:6e:79:b8:cf:ef:63:1b:3e:bc:93:fd:d7:fc:85:e5:1b:aa:98:38:4f:75:19:6b:d8:91:f6:7f:57:5f:66:a8:14:90:70:de:e9:ef:bc:7b:bc:fd:3d:fc:ed:df:c3:7d:3f:fc:8a:9f:74:e0:6d:aa:2c:dc:8a:53:06:4a:73:85:7c:31:52:94:cb:81:7d:fd:45:92:25:2f:4a:70:78:30:27:43:74:8e:93:fa:60:62:41:3c:ff:e9:b1:a4:2d:7b:dd:1f:92:9a:30:3f:5a:32:f2:76:f4:46:91:f4:86:5b:b1:74:d9:f9:cb:5a:80:48:4c:6f:7a:f9:ed:e3:85:14:65:c5:08:f6:39:66:b1:ac:ff:a8:94:f9:0c:7e:6c:71:c9:e6:5a:1c:80:84:2b:57:66:5c:f1:a7:a1:52:92:16:8e:49:4e:07:58:5f:d8:ea:35:01:0d:d1:99:7e:92:87:42:65:c4:f4:7a:c3:48:2a:a5:73:88:6e:60:1a:0d:2f:6f:13:2d:de:cc:66:53:e7:c1:7f:9c:ea:89:11:5c:89:b8:55:17:da:d8:ec:d5:52:fa:b1:42:6f:bb:44:f8:75:fc:0a:6e:74:ba:fc:eb:66:cc:49:47:04:bd:ca:d5:df:98:25:be:df:8c:1f:43:0e:03:02:03:c6:71:fe:bb:f4:b3:ec:56:6c:2e:56:af:af:f1:ee:1e:e1:9c:a1:f2:03:38:1c:e3:a3:16:31:66:ea:13:fa:cc:d4:46:6e:0a:18:8b:4f:c2:76:b5:4d:24:30:da:82:e3:b1:38:aa:5a:82:78:0c:f5:f4:10:c5:62:e9:f0:ec:70:51:db:46:86:cf:01:2f:ae:35:55:2d:d5:f6:74:f7:9f:ae:d2:49:ba:e4:f3:ec:7f:6e:52:52:b0:5b:48:ae:7a:89:f1:61:b5:b2:c9:b9:37:b9:bd:c1:48:24:ae:08:74:62:7c:bb:78:08:67:44:77:a0:0b:a8:11:97:21:fb:a0:f7:3c:e6:18:48:f0:c7:81:51:f4:d5:ce:55:6f:b0:db:d2:1d:f0:93:ba:e1:9e:3a:f5:1d:cb:ab:86:be:5d:0e:1a:9c:62:16:2e:8f:ac:e6:f7:b4:7d:45:e1:22:18:29:21:72:f4:95:a3:73:e6:82:17:38:ef:c6:98:d0:ba:c0:12:4f:c9:fd:0f:2b:14:5f:d6:8c:a2:10:81:d7:05:b3:e8:f7:f1:5c:35:b4:db:a5:df:10:e0:b7:f4:14:e5:12:0c:2a:0f:c6:f5:37:30:37:c1:eb:f7:a4:87:74:35:33:65:b5:04:5e:fa:21:77:90:24:36:f1:bf:ef:90:18:0c:e9:ff:39:ce:51:f4:e2:88:66:c7:10:4e:7f:cb:41:7e:cb:bf:93:d9:fc:06:6e:7a:ce:4d:da:5f:18:da:52:61:e3:6b:52:00:33:b0:2e:21:1f:4e:cb:ed:27:98:29:d5:85:3e:0c:f5:8c:70:19:5b:12:3c:4b:39:7c:34:bf:a7:71:fd:f3:18:98:f2:ba:4c:fe:85:0c:be:43:48:99:37:ba:c8:e3:81:b7:cb:14:6e:67:49:9f:73:0d:b7:7f:33:51:3f:18:ba:8c:8d:26:61:1c:d8:91:88:25:92:0b:b3:f9:b9:c5:63:bf:80:77:bd:d9:ee:19:84:f1:9f:ca:d4:9a:e3:de:30:46:38:58:f9:5b:bc:a2:05:ff:89:82:2b:3f:a2:77:c7:ae:3f:fe:e5:68:6c:78:7f:40:57:74:ec:8a:c9:90:77:b9:9c:2c:30:42:57:de:32:c0:db:e2:b7:b0:31:82:e9:64:60:19:e8:ac:e8:e5:f1:65:83:aa:bd:37:d9:d4:3a:99:a2:b1:4a:5e:f6:f6:9a:91:da:18:43:ba:e0:ea:e2:6d:f9:92:e4:0e:76:c9:1a:8e:e0:10:da:b1:6e:ee:59:c3:f1:ce:09:d8:41:74:0d:b8:87:b5:66:62:52:fc:59:3f:13:c7:e1:0f:ac:86:80:0d:99:b4:f2:04:15:6d:ab:43:96:73:f5:f6:f2:7e:ad:eb:0d:f8:de:6a:13:ed:0c:f7:1f:07:72:90:dd:27:2d:32:53:c8:74:b1:d0:d1:9b:96:6c:80:cd:ac:3b:d7:91:68:b4:47:ee:05:5d:48:f1:f6:92:14:22:2e:a7:67:13:e7:56:92:c8:0e:37:e6:c1:18:b8:ee:4b:26:7c:6a:86:22:5e:2b:60:42:44:10:68:22:1b:14:b0:3f:19:06:61:59:7f:0a:5d:a5:10:20:0d:e7:e5:cc:17:78:f9:c3:3c:32:a2:c0:e7:ea:40:02:66:5f:91:bf:ae:8c:96:14:d0:95:30:5b:c1:ee:19:3b:ab:fc:29:88:36:05:f7:ea:71:a6:e3:70:98:a0:96:14:97:16:8a:9c:4a:26:9a:d2:21:80:68:e2:0a:40:7a:da:78:23:c5:70:9d:46:04:f7:fa:ee:95:f1:e5:e1:96:4d:2d:ef:90:2f:3b:cb:87:64:34:c2:2c:9f:ad:56:41:d3:5e:56:77:bd:73:a2:94:2f:8b:fe:f8:0d:b3:14:19:f1:15:f1:6e:11:e5:f1:05:33:50:3c:d2:28:87:75:13:f7:c0:d3:29:de:a2:31:b1:2c:b3:30:37:f3:8c:8d:45:ec:5c:16:bb:5b:ab:d5:7e:fb:48:a0:ba:87:b6:2b:4e:04:c5:e0:f8:e6:a6:98:05:73:5a:1e:0c:e8:1c:33:83:f4:ea:c3:68:8b:66:a0:c5:b1:45:4f:6f:5e:35:aa:a7:86:1e:ad:28:a0:72:7a:23:29:c0:f2:e9:1d:f4:d8:60:d1:d2:8d:a8:f5:b5:2e:d6:b9:66:a4:f2:ae:c2:71:1b:57:1d:cf:4e:ee:ec:e0:cf:41:3f:25:e9:65:ee:d5:a8:82:48:27:79:83:a5:19:9f:be:86:f3:97:ec:47:96:8e:16:80:47:91:49:f1:a5:d5:9f:fd:2b:93:b3:46:fd:d7:11:f5:83:15:a5:4b:0e:4d:65:9f:f3:e9:7c:6a:b6:61:d0:53:2f:76:fc:78:29:14:b0:86:1b:25:9d:7c:cc:63:ce:37:44:46:16:e4:08:e5:d1:e0:16:2e:12:d8:cd:58:17:9d:9e:d1:7e:55:13:34:5b:12:e5:64:f5:e0:74:e2:fa:15:3b:f8:67:d8:1d:61:38:da:58:cc:8d:44:98:bb:15:03:ee:ae:17:63:fb:64:5a:de:06:37:6c:42:8d:08:ef:16:1c:2b:78:c8:fa:ef:34:24:e8:ba:e6:c2:00:ef:13:b1:38:59:dd:e2:02:34:cd:da:14:08:47:aa:8c:6a:ce:95:ab:5e:18:fc:4a:2c:d9:63:f6:ec:5f:b8:3e:64:2d:3c:c5:75:f6:4e:cb:dd:c0:ec:9b:91:63:b8:83:c1:cf:a8:1b:3c:08:59:10:94:03:da:77:4e:22:f5:0f:d3:e5:00:ac:08:73:31:bb:59:3d:4c:a9:9a:b8:0d:b5:d7:55:84:11:82:68:f2:25:64:8b:df:dd:17:ea:02:82:08:6e:46:cb:c4:3e:7a:b5:b7:84:f7:78:5c:98:1b:df:e4:02:78:30:76:b8:d0:a3:f9:d6:0b:81:2a:0d:e0:83:81:ea:57:0c:92:74:9c:f5:47:21:a4:69:94:a6:ed:ba:8e:a2:c7:3c:73:e3:4b:9d:4a:ef:15:91:03:b3:be:f5:5d:00:66:86:0e:63:7b:6b:23:19:6f:bf:82:cf:4b:1a:ed:e7:9b:c0:ff:56:ca:a9:b0:1b:b8:d2:c7:7c:96:c3:5d:02:f5:c8:0d:a3:c6:23:bc:c2:3a:79:ce:c7:c5:ce:67:32:15:d7:05:4f:ee:2e:14:2e:8c:71:00:26:8f:2b:57:81:b6:c2:3b:e3:24:c5:d6:41:22:66:f2:04:a1:e7:cc:25:bb:33:94:76:e4:e4:31:cc:85:db:9b:b7:22:b7:fb:b2:2d:e8:2a:13:17:f8:d7:b0:9f:e3:40:81:38:09:d6:31:ee:54:62:84:40:d0:5e:66:5f:3e:92:0a:0a:72:f3:97:8e:80:25:4a:31:7b:c0:78:83:6f:91:74:50:90:12:c9:6e:76:5c:8f:be:75:de:5b:be:e9:1e:52:26:56:61:51:32:ae:28:50:dc:33:81:fb:d8:40:5e:e5:89:17:9f:26:18:a7:43:6f:18:7d:6f:fc:cf:75:71:23:27:a4:da:69:82:e0:df:78:ea:1f:17:e1:ca:0f:38:30:7c:11:2f:0f:b1:c6:1f:02:69:37:c9:78:6a:69:a3:2e:fc:b0:9b:3d:48:8a:05:46:40:00:48:8a:9d:e7:76:f1:d6:a5:2d:59:61:c7:c2:ec:41:22:eb:46:bb:ad:c4:43:8a:29:3d:7f:a1:45:96:a5:b0:23:c7:48:77:93:15:13:97:02:a2:64:ff:81:63:4c:35:49:fd:39:cd:79:37:76:7b:5b:ec:48:63:94:a8:c1:3e:de:3c:6f:98:63:69:33:50:3c:c8:b8:88:a7:92:2d:77:80:98:45:35:ed:31:7e:64:db:e0:e0:cf:5f:e7:9d:d5:8e:84:f5:59:44:62:0d:d7:dd:a7:38:39:33:15:c4:c1:d3:d4:18:4f:7d:28:20:8f:4f:fa:1b:04:4f:80:e3:9c:62:68:11:31:dc:b5:1f:3d:76:3a:aa:2c:dc:f7:5d:e1:ff:3b:39:45:39:45:f1:cb:bb:41:22:bc:66:23:47:44:8c:6a:3d:3b:f4:d2:07:7a:a0:45:af:2a:96:b3:8b:27:64:04:a5:29:a9:71:7d:a8:7d:8a:70:44:dc:d7:0f:66:03:61:c3:0c:56:8e:d6:3b:07:38:16:88:7e:90:20:0c:53:5b:cc:d3:af:32:3a:12:40:b7:5e:74:6b:46:ab:bd:dd:17:99:59:e4:72:80:c8:5d:2c:6b:b6:20:d9:a3:89:5b:86:2d:70:74:28:08:15:51:c7:ab:f3:6a:3e:a2:4f:a3:59:66:cd:b5:40:5d:8d:e7:2d:2a:66:47:52:d4:d4:aa:7f:8f:48:3b:86:55:ff:4f:a7:ec:ed:fd:5d:12:f2:bb:11:1f:cb:82:40:01:18:e9:c2:24:7a:4b:66:25:24:83:d2:83:10:44:81:4f:ce:f8:ad:88:ab:e7:0a:32:12:ff:35:0c:c0:7e:b7:ad:98:c1:3c:f9:7c:2a:8c:08:06:8f:47:40:db:44:a1:2a:94:d5:e0:aa:44:c7:16:10:0e:50:42:f4:5c:1f:e1:a8:ec:49:42:38:f9:b8:e1:08:5e:6b:93:51:d2:de:5a:6f:01:66:d0:1a:45:0a:36:33:83:c3:47:d1:40:12:e7:78:24:11:c5:6a:7f:bf:85:71:6e:ab:dc:f0:2b:80:4f:d4:12:92:f2:74:97:19:58:cf:8f:82:cb:bd:51:53:aa:1c:0a:5a:fb:ca:d9:62:e8:71" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:14.488469000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494774.488469000", + "frame.time_delta": "0.000011000", + "frame.time_delta_displayed": "0.000011000", + "frame.time_relative": "1183.027783000", + "frame.number": "4264", + "frame.len": "102", + "frame.cap_len": "102", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "88", + "ip.id": "0x00005805", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a65c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "48", + "tcp.seq": "4870", + "tcp.nxtseq": "4918", + "tcp.ack": "469", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e54e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "4516", + "tcp.analysis.push_bytes_sent": "48" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "43", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:e7:b6:70:51:62:fb:65:6d:f6:63:86:e7:35:b7:c0:11:36:64:b0:e9:52:a4:6c:5f:a6:2a:e9:9e:5f:40:7c:ba:11:ba:05:7e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:14.631377000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494774.631377000", + "frame.time_delta": "0.142908000", + "frame.time_delta_displayed": "0.142908000", + "frame.time_relative": "1183.170691000", + "frame.number": "4265", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000fec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd99", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "469", + "tcp.ack": "402", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000415a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:7c:25:cb:db:7c:25:d2:37", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 3242-4870": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "3242", + "tcp.options.sack_re": "4870", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "4225", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:14.631464000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494774.631464000", + "frame.time_delta": "0.000087000", + "frame.time_delta_displayed": "0.000087000", + "frame.time_relative": "1183.170778000", + "frame.number": "4266", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000fed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd98", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "469", + "tcp.ack": "1822", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1329", + "tcp.window_size": "1329", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003bd6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:7c:25:cb:db:7c:25:d2:37", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 3242-4870": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "3242", + "tcp.options.sack_re": "4870", + "tcp.options.sack.count": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:14.631538000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494774.631538000", + "frame.time_delta": "0.000074000", + "frame.time_delta_displayed": "0.000074000", + "frame.time_relative": "1183.170852000", + "frame.number": "4267", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fda3", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "469", + "tcp.ack": "4870", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1322", + "tcp.window_size": "1322", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fc6a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4263", + "tcp.analysis.ack_rtt": "0.143080000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:14.631608000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494774.631608000", + "frame.time_delta": "0.000070000", + "frame.time_delta_displayed": "0.000070000", + "frame.time_relative": "1183.170922000", + "frame.number": "4268", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fda2", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "469", + "tcp.ack": "4918", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1322", + "tcp.window_size": "1322", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fc3a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4264", + "tcp.analysis.ack_rtt": "0.143139000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:14.632077000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494774.632077000", + "frame.time_delta": "0.000469000", + "frame.time_delta_displayed": "0.000469000", + "frame.time_relative": "1183.171391000", + "frame.number": "4269", + "frame.len": "2894", + "frame.cap_len": "2894", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "2880", + "ip.id": "0x00005806", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009b73", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "2840", + "tcp.seq": "402", + "tcp.nxtseq": "3242", + "tcp.ack": "469", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004771", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "2840", + "tcp.analysis.push_bytes_sent": "2840", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.spurious_retransmission": "", + "_ws.expert.message": "This frame is a (suspected) spurious retransmission", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + }, + "_ws.expert": { + "tcp.analysis.retransmission": "", + "_ws.expert.message": "This frame is a (suspected) retransmission", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + }, + "tcp.segment_data": "17:03:03:11:6f:c1:4c:bc:6e:d4:4e:36:e6:6d:07:2f:82:44:0f:35:f6:18:2b:36:73:a9:1e:b0:c1:06:c6:1a:13:b0:fe:8d:b9:f4:23:5d:b2:19:81:a5:77:c7:a5:b0:cb:53:e2:23:91:b6:d7:60:c6:e7:bd:41:f2:af:1f:b1:0e:83:c1:f7:fa:2f:e7:4f:5d:56:ad:a1:5e:2a:5b:80:be:f1:70:2e:ab:98:94:9f:be:25:dc:34:a9:d4:41:28:47:68:38:9a:2e:30:57:82:69:5d:5a:fe:90:42:67:4e:ee:6d:d7:1c:35:ce:20:38:44:58:af:61:ec:e3:9e:ab:20:17:36:35:d3:0e:61:96:b5:4e:c6:60:a3:13:82:85:f1:75:35:be:97:a7:59:5b:8e:b9:f4:e6:4a:3d:2e:7f:05:2f:36:61:54:5d:c2:61:7d:91:e2:a5:b7:da:9d:ea:3a:61:2d:fb:3f:34:7c:5d:db:31:be:da:d9:8b:a6:9f:2c:ab:37:1c:1a:9f:74:ea:78:8e:d9:ee:16:c3:af:86:d6:ca:ba:84:d9:65:fb:1b:71:8e:b8:e1:cf:06:33:11:e3:62:21:8d:30:8f:a2:25:97:d4:10:68:d7:18:a5:a3:b2:ef:8a:4b:68:fe:bb:4f:5a:e6:62:34:d4:d7:10:b8:ef:26:0a:03:6e:0a:e1:e6:5d:ea:b9:da:a9:1f:a5:b3:50:98:c4:fc:5a:35:16:5a:ae:d1:d5:20:40:2f:b6:5c:85:05:c9:af:61:78:9b:1c:54:56:18:b7:4a:57:8f:a0:e8:ee:80:2a:cb:b1:c8:a4:cf:a9:b7:26:8e:a6:af:86:0a:f6:56:c7:49:55:44:98:dc:eb:2f:af:19:de:32:6d:f0:a1:0d:b9:70:29:d9:c9:da:c1:55:9f:66:cd:27:a8:f7:a6:4e:9c:57:4d:da:a4:d9:07:b6:de:d9:35:40:ad:a3:87:45:45:72:a4:ce:03:68:45:27:75:01:29:9b:af:48:4b:4b:9f:09:7c:34:8a:1e:bb:7e:09:6e:71:bd:ed:53:e4:69:72:37:81:9b:25:11:8b:52:28:f8:5a:32:da:3e:5f:a5:dc:a0:30:0a:b7:8d:07:91:51:68:c3:d3:7c:94:6e:47:af:16:dc:73:a6:bd:33:24:f9:4a:cf:64:14:aa:fe:1f:88:d2:e1:7c:5d:29:55:61:84:d7:3f:3d:21:b7:3a:92:85:f1:81:cf:a5:d6:9b:a8:27:59:1e:65:84:10:89:2f:52:d1:28:c4:d3:4c:18:fd:cc:79:2b:e4:90:e8:4a:70:e3:f9:8a:3a:b2:b6:00:1b:3a:ba:b1:eb:68:d2:02:f4:45:28:4e:7a:30:60:9c:73:93:55:e2:32:d0:08:4a:6f:97:a4:c4:57:7c:c3:3b:4b:59:9f:b4:37:8e:83:cd:52:e0:ec:0a:5b:6c:bf:17:77:84:93:16:85:b4:b1:a2:73:03:a5:1a:b5:6c:b2:a6:96:ee:8f:25:01:ec:5b:1f:0a:65:54:95:b2:3e:8c:25:c3:fe:bf:0e:ea:aa:37:79:e7:05:54:94:c2:d4:6e:ee:e8:29:83:3e:d4:d1:ae:da:a9:67:cc:a4:2a:c6:df:df:0f:b5:6b:2c:c6:be:43:f9:94:93:ea:d6:03:1d:70:45:ae:99:35:35:d5:2f:ed:c5:d4:95:63:d0:8c:b3:7b:1e:2f:58:18:56:23:30:63:24:ce:20:8d:21:fa:82:f0:84:9b:db:a9:0c:b5:f1:f1:63:8d:b3:cb:1f:24:62:84:69:fe:8e:74:b7:13:33:05:38:a1:50:8d:23:a6:72:2e:34:a9:30:ed:fb:2c:0b:4c:25:1e:03:23:16:96:e6:53:21:12:e0:dc:0d:30:25:88:bb:a2:54:fb:47:7c:56:29:2c:70:4e:a1:ed:3b:88:10:fb:c5:df:d4:d5:b4:4b:a2:69:d1:9b:6a:92:37:ff:f2:5c:09:7e:23:a5:bd:d0:0d:d0:39:d0:ca:6b:99:21:a8:61:d9:7c:5c:b4:f8:84:4f:f6:28:b1:a7:80:63:fe:6e:0f:31:b4:e9:b8:f9:41:fa:65:3e:ac:1b:3a:4c:af:30:11:49:7e:71:a0:43:37:a8:34:ca:c1:6e:62:c4:cd:84:a3:82:74:62:0d:d4:7c:4a:e7:57:24:da:7d:ac:1e:89:fb:a8:a5:71:50:21:96:4c:70:c9:83:b1:42:d7:9c:30:3b:5e:2f:18:6b:24:1b:d0:ab:d8:8e:a9:0e:69:6c:ee:ec:e4:23:56:58:8b:08:e8:55:15:94:b1:9a:17:a4:ce:b7:b4:42:ab:12:da:d9:3e:59:62:c9:ad:3f:7b:ed:6f:f4:54:59:15:35:77:01:3d:69:59:a7:00:4c:78:0d:6b:d8:92:6a:e8:66:ef:60:97:43:c7:c6:59:5a:e6:21:bf:63:86:50:20:00:0a:b3:49:c5:4d:2e:ef:7b:64:29:d7:2b:bf:44:5c:c6:04:99:4f:72:b0:44:04:02:59:95:2b:e4:23:fa:39:2c:46:5d:89:1b:9f:a4:92:96:9e:53:70:f6:4d:a9:30:90:4e:2f:97:93:3f:99:59:89:4a:76:50:fd:41:11:6a:d3:d8:71:20:18:3c:98:45:70:5b:d8:b7:aa:be:41:2a:55:70:c5:7e:1f:cd:f0:b1:20:c4:3c:f4:5b:81:71:5f:1f:dd:ee:fc:98:80:46:2f:2c:19:a7:55:ae:ec:a4:d6:e1:f2:6b:f8:4b:b2:f5:3b:d7:0a:94:39:c5:e5:e2:48:cb:a2:ac:bd:fc:fd:b4:6d:65:cc:97:85:f4:99:5d:f1:3f:75:f2:81:f3:72:dc:b2:cd:89:7e:51:19:d7:7e:56:b3:c0:73:e7:1b:eb:72:8c:ef:24:8c:4d:a1:81:95:b0:ea:07:47:12:ff:e2:ef:d8:33:67:d6:82:b4:34:ee:92:96:f3:77:ce:ab:ca:69:fa:49:f3:b1:df:6a:a6:4e:fb:88:2d:06:7a:7f:58:be:73:78:d4:a7:bb:9d:33:53:e6:a4:55:39:b1:12:54:93:f0:ae:f7:cd:a1:cc:4f:84:bb:58:5b:27:71:c0:aa:0b:df:db:db:7e:e2:7a:c3:2e:47:f7:cd:5d:56:48:bc:85:e5:99:3f:95:ac:6d:45:38:a9:28:39:25:ee:2b:ae:e2:37:81:23:a5:d3:22:4e:ee:2e:a0:4c:89:4d:7a:e7:ef:69:45:70:64:14:07:6f:02:78:82:50:a8:17:37:36:f3:2b:86:73:94:47:75:d9:4e:c6:bc:1d:1b:25:d3:78:37:83:7b:01:82:6a:6f:96:d7:40:44:f3:b7:48:98:be:dd:e0:fe:4d:a4:da:75:4a:cf:36:09:a5:27:d4:cb:a7:ca:28:cd:ad:d1:a3:46:89:dd:6a:e6:c0:1e:ad:9a:fc:25:0f:39:cc:59:c4:ba:c9:64:0e:3d:c5:b2:0d:fc:4c:94:f4:e0:0f:3a:bd:f7:60:32:06:86:1e:27:4c:22:4d:cf:a6:19:f2:19:3c:c6:58:d6:fc:e4:e4:25:19:2f:b7:1d:8d:c7:09:08:53:6c:12:e5:81:6b:01:dc:09:39:b3:24:91:9b:b5:4f:9b:16:cc:dd:f3:3a:21:17:64:e7:31:5f:8b:4b:06:61:fd:8d:73:3b:a4:cc:c4:92:fd:44:bc:d4:c6:70:56:a3:36:96:1b:00:9f:40:9e:c5:dc:47:9f:76:f7:75:5a:2b:90:e7:5f:1e:f9:dc:e6:aa:cf:b1:cc:d5:af:9a:91:59:eb:06:d6:da:9d:d3:54:c7:92:bc:a1:e3:90:31:2b:ec:cc:05:7e:e7:dc:88:9d:6d:18:df:5f:e2:59:66:09:4d:3b:a0:04:a3:5d:9c:28:89:17:c6:70:85:df:54:85:18:3d:97:95:ca:90:25:45:3f:da:28:78:b8:d6:33:20:f6:cb:db:de:c6:ef:7a:26:4c:b8:80:5c:4b:f8:38:98:3d:2c:95:55:be:60:12:2c:98:9e:a3:0f:5a:e7:22:8a:42:7e:44:f2:31:fd:f2:9a:67:93:8e:88:ec:e1:cb:c2:0d:96:5c:fe:d3:58:a4:c3:a6:84:83:85:ed:40:8a:4b:47:72:ef:02:8f:44:61:7a:7f:0f:39:4f:72:59:5f:3a:7a:7b:5b:91:4f:29:6a:05:c2:67:42:96:62:45:4c:c3:56:01:9b:ac:08:a2:43:8b:53:10:35:02:5e:17:fa:15:2b:88:eb:84:52:90:8e:d2:88:aa:47:89:da:5e:e1:0f:99:03:9b:6e:9d:51:68:9a:40:48:2a:ca:16:31:24:6f:0f:1e:7a:fc:7e:12:9a:64:d6:81:81:b1:08:7e:e4:e4:ce:ac:77:2a:54:78:ce:16:4f:94:25:96:33:5d:44:4a:01:aa:f7:c1:7a:86:2f:35:fa:3d:73:a2:cb:87:6b:52:5a:0a:a7:0e:32:0e:51:70:9f:bd:1c:e7:03:bf:72:7f:6e:5b:22:14:4b:70:88:64:f2:c9:6c:e3:bf:ef:ec:32:6e:51:5a:8f:de:8b:c8:6c:36:60:25:9f:2f:e2:68:19:64:78:f9:0b:e9:c6:93:c1:82:03:84:59:7e:52:57:f1:a8:14:ab:28:35:29:5d:53:b7:17:85:81:bc:ad:8d:45:6f:4c:79:c0:7b:21:c0:0e:11:2e:4d:bb:55:f6:1d:ac:b2:b9:6b:6f:c5:ea:ad:be:0b:5b:c2:f3:59:1a:25:09:df:6c:4b:7f:3a:4a:8b:3f:eb:11:15:83:ae:b3:bf:bc:15:8e:c3:02:0a:17:17:a3:84:ac:3b:5f:81:c5:f6:7c:d2:cd:36:a1:ed:92:db:24:15:c1:fc:57:54:a7:b6:4f:74:72:2e:b1:78:13:d3:02:68:13:72:90:f8:b4:f8:ba:9b:e6:09:28:88:d6:e2:71:c2:87:11:e3:2a:d4:08:f1:92:85:ed:af:73:3f:43:5f:18:09:cf:c7:9d:7d:2b:97:1c:e5:b0:67:31:ee:80:47:84:50:3f:5d:e7:f0:32:9e:43:a3:98:38:5d:8b:a8:cb:b0:af:95:e3:61:62:1b:85:45:93:2f:fc:07:f8:66:30:94:bc:fd:dc:f6:ab:3b:70:ee:b7:61:23:65:f0:8a:bd:3d:53:64:16:5c:81:a9:d6:53:2a:8f:92:a8:61:c2:a9:24:78:c5:61:d3:7c:6f:70:60:61:6f:cd:03:44:c9:e1:1e:46:e6:47:db:c4:22:9e:c7:42:33:14:11:ed:83:d3:4d:f7:51:ca:7c:b7:6d:e7:42:47:07:76:98:c1:9f:d5:1b:62:29:e4:dc:87:3d:b3:46:eb:75:eb:f1:31:67:4d:b7:ed:de:d7:e0:4a:ad:dd:7a:f4:09:2c:69:49:47:fa:cb:39:02:7a:4e:45:1e:65:47:e9:6e:7d:6c:e0:96:ec:d0:3c:53:97:56:50:7b:2e:8d:42:58:50:42:89:4d:82:23:fd:48:3c:12:49:b2:a7:ad:84:4f:92:14:17:06:d9:c6:36:89:11:a5:e7:37:2c:e7:68:e8:88:81:0a:24:64:1c:45:46:57:46:be:e0:9f:19:ed:9f:52:05:fd:e5:40:7f:56:9e:50:b6:38:38:06:74:b7:3f:46:50:78:38:31:a9:7a:05:3d:f0:cc:55:49:29:80:1d:67:40:43:8b:1a:f7:49:32:8f:ca:e2:b4:7e:3b:c1:97:f9:77:13:90:29:5a:d6:28:f7:8d:7f:e7:fd:b8:2e:49:be:09:2b:83:72:cb:92:f2:4a:0c:64:1c:81:b3:cb:6c:92:9d:20:e3:76:48:51:72:c2:33:cb:45:0c:93:05:db:7b:67:58:25:cf:ec:c0:ea:79:fa:02:82:41:44:17:52:36:dc:7f:f3:13:c4:f7:c5:73:27:ef:60:05:02:fe:af:e2:a3:18:2e:28:b5:af:f9:d3:a5:08:63:69:cc:83:ae:76:94:10:3e:5b:e3:50:31:f4:8c:96:bb:f1:83:cc:2f:d1:4b:f6:82:b6:6a:21:d4:8c:74:4b:be:31:98:9e:09:73:31:75:04:34:dc:fa:90:01:a5:99:a3:b5:44:99:f6:1a:72:47:f5:e1:42:a1:9f:a8:8f:00:d5:15:1c:fd:57:9d:1f:50:f0:9a:0a:cf:31:1e:c2:d1:78:89:c0:ad:64:8f:c7:5d:39:dd:92:e8:25:c4:29:7c:f8:0a:2e:9b:87:f1:cb:20:6e:78:bd:c5:36:03:9e:7b:8b:33:94:59:5e:ac:46:71:03:ea:03:71:78:41:fa:19:25:cd:9f:f5:76:6f:6e:79:b8:cf:ef:63:1b:3e:bc:93:fd:d7:fc:85:e5:1b:aa:98:38:4f:75:19:6b:d8:91:f6:7f:57:5f:66:a8:14:90:70:de:e9:ef:bc:7b:bc:fd:3d:fc:ed:df:c3:7d:3f:fc:8a:9f:74:e0:6d:aa:2c:dc:8a:53:06:4a:73:85:7c:31:52:94:cb:81:7d:fd:45:92:25:2f:4a:70:78:30:27:43:74:8e:93:fa:60:62:41:3c:ff:e9:b1:a4:2d:7b:dd:1f:92:9a:30:3f:5a:32:f2:76:f4:46:91:f4:86:5b:b1:74:d9:f9:cb:5a:80:48:4c:6f:7a:f9:ed:e3:85:14:65:c5:08:f6:39:66:b1:ac:ff:a8:94:f9:0c:7e:6c:71:c9:e6:5a:1c:80:84:2b:57:66:5c:f1:a7:a1:52:92:16:8e:49:4e:07:58:5f:d8:ea:35:01:0d:d1:99:7e:92:87:42:65:c4:f4:7a:c3:48:2a:a5:73:88:6e:60:1a:0d:2f:6f:13:2d:de:cc:66:53:e7:c1:7f:9c:ea:89:11:5c:89:b8:55:17:da:d8:ec:d5:52:fa:b1:42:6f:bb:44:f8:75:fc:0a:6e:74:ba:fc:eb:66:cc:49:47:04:bd:ca:d5:df:98:25:be:df:8c:1f:43:0e:03:02:03:c6:71:fe:bb:f4:b3:ec:56:6c:2e:56:af:af:f1:ee:1e:e1:9c:a1:f2:03:38:1c:e3:a3:16:31:66:ea:13:fa:cc:d4:46:6e:0a:18:8b:4f:c2:76:b5:4d:24:30:da:82:e3:b1:38:aa:5a:82:78:0c:f5:f4:10:c5:62:e9:f0:ec:70:51:db:46:86:cf:01:2f:ae:35:55:2d:d5:f6:74:f7:9f:ae:d2:49:ba:e4:f3:ec:7f:6e:52:52:b0:5b:48:ae:7a:89:f1:61:b5:b2:c9:b9:37:b9:bd:c1:48:24:ae:08:74:62:7c:bb:78:08:67:44:77:a0:0b:a8:11:97:21:fb:a0:f7:3c:e6:18:48:f0:c7:81:51:f4:d5:ce:55:6f:b0:db:d2:1d:f0:93:ba:e1:9e:3a:f5:1d:cb:ab:86:be:5d:0e:1a:9c:62:16:2e:8f:ac:e6:f7:b4:7d:45:e1:22:18:29:21:72:f4:95:a3:73:e6:82:17:38:ef" + }, + "ssl": "Secure Sockets Layer" + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:14.775255000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494774.775255000", + "frame.time_delta": "0.143178000", + "frame.time_delta_displayed": "0.143178000", + "frame.time_relative": "1183.314569000", + "frame.number": "4270", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000ff0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd95", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "469", + "tcp.ack": "4918", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000412a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:7c:25:c0:c3:7c:25:cb:db", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 402-3242": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "402", + "tcp.options.sack_re": "3242", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.window_update": "", + "_ws.expert.message": "TCP window update", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:14.850462000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494774.850462000", + "frame.time_delta": "0.075207000", + "frame.time_delta_displayed": "0.075207000", + "frame.time_relative": "1183.389776000", + "frame.number": "4271", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:14.850889000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494774.850889000", + "frame.time_delta": "0.000427000", + "frame.time_delta_displayed": "0.000427000", + "frame.time_relative": "1183.390203000", + "frame.number": "4272", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:14.983476000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494774.983476000", + "frame.time_delta": "0.132587000", + "frame.time_delta_displayed": "0.132587000", + "frame.time_relative": "1183.522790000", + "frame.number": "4273", + "frame.len": "163", + "frame.cap_len": "163", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "149", + "ip.id": "0x0000c90f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "4", + "ip.proto": "17", + "ip.checksum": "0x0000fbc2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50000", + "udp.dstport": "1900", + "udp.port": "50000", + "udp.port": "1900", + "udp.length": "129", + "udp.checksum": "0x0000bf6c", + "udp.checksum.status": "2", + "udp.stream": "104" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 3\r\n", + "http.request.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:15.087180000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494775.087180000", + "frame.time_delta": "0.103704000", + "frame.time_delta_displayed": "0.103704000", + "frame.time_relative": "1183.626494000", + "frame.number": "4274", + "frame.len": "163", + "frame.cap_len": "163", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "149", + "ip.id": "0x0000c918", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "4", + "ip.proto": "17", + "ip.checksum": "0x0000fbb9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50000", + "udp.dstport": "1900", + "udp.port": "50000", + "udp.port": "1900", + "udp.length": "129", + "udp.checksum": "0x0000bf6c", + "udp.checksum.status": "2", + "udp.stream": "104" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 3\r\n", + "http.request.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "4273" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:15.184991000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494775.184991000", + "frame.time_delta": "0.097811000", + "frame.time_delta_displayed": "0.097811000", + "frame.time_relative": "1183.724305000", + "frame.number": "4275", + "frame.len": "148", + "frame.cap_len": "148", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "134", + "ip.id": "0x0000c91a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "4", + "ip.proto": "17", + "ip.checksum": "0x0000fbc6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50000", + "udp.dstport": "1900", + "udp.port": "50000", + "udp.port": "1900", + "udp.length": "114", + "udp.checksum": "0x0000213c", + "udp.checksum.status": "2", + "udp.stream": "104" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 3\r\n", + "http.request.line": "ST: urn:Belkin:device:**\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "4274" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:15.287124000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494775.287124000", + "frame.time_delta": "0.102133000", + "frame.time_delta_displayed": "0.102133000", + "frame.time_relative": "1183.826438000", + "frame.number": "4276", + "frame.len": "148", + "frame.cap_len": "148", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "134", + "ip.id": "0x0000c91b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "4", + "ip.proto": "17", + "ip.checksum": "0x0000fbc5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50000", + "udp.dstport": "1900", + "udp.port": "50000", + "udp.port": "1900", + "udp.length": "114", + "udp.checksum": "0x0000213c", + "udp.checksum.status": "2", + "udp.stream": "104" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 3\r\n", + "http.request.line": "ST: urn:Belkin:device:**\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "4275" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:15.292515000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494775.292515000", + "frame.time_delta": "0.005391000", + "frame.time_delta_displayed": "0.005391000", + "frame.time_relative": "1183.831829000", + "frame.number": "4277", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "14:91:82:25:10:77", + "arp.src.proto_ipv4": "192.168.0.65", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.227" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:15.499591000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494775.499591000", + "frame.time_delta": "0.207076000", + "frame.time_delta_displayed": "0.207076000", + "frame.time_relative": "1184.038905000", + "frame.number": "4278", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "94:10:3e:36:60:09", + "arp.src.proto_ipv4": "192.168.0.225", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.227" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:15.883637000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494775.883637000", + "frame.time_delta": "0.384046000", + "frame.time_delta_displayed": "0.384046000", + "frame.time_relative": "1184.422951000", + "frame.number": "4279", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000079ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003ce8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "305", + "udp.checksum": "0x00000154", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:15.936740000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494775.936740000", + "frame.time_delta": "0.053103000", + "frame.time_delta_displayed": "0.053103000", + "frame.time_relative": "1184.476054000", + "frame.number": "4280", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000079ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003cdd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "314", + "udp.checksum": "0x00000f3f", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "4279" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.058510000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.058510000", + "frame.time_delta": "0.121770000", + "frame.time_delta_displayed": "0.121770000", + "frame.time_relative": "1184.597824000", + "frame.number": "4281", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000079f0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003ce1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "308", + "udp.checksum": "0x000032c9", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "4280" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.069538000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.069538000", + "frame.time_delta": "0.011028000", + "frame.time_delta_displayed": "0.011028000", + "frame.time_relative": "1184.608852000", + "frame.number": "4282", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000057de", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000600a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56888", + "tcp.dstport": "80", + "tcp.port": "56888", + "tcp.port": "80", + "tcp.stream": "165", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00009c48", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:03:c1:b9:56:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 63027542, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "63027542", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.070143000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.070143000", + "frame.time_delta": "0.000605000", + "frame.time_delta_displayed": "0.000605000", + "frame.time_relative": "1184.609457000", + "frame.number": "4283", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b7f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56888", + "tcp.port": "80", + "tcp.port": "56888", + "tcp.stream": "165", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000260b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4282", + "tcp.analysis.ack_rtt": "0.000605000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.071851000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.071851000", + "frame.time_delta": "0.001708000", + "frame.time_delta_displayed": "0.001708000", + "frame.time_relative": "1184.611165000", + "frame.number": "4284", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057df", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000601d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56888", + "tcp.dstport": "80", + "tcp.port": "56888", + "tcp.port": "80", + "tcp.stream": "165", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1369", + "tcp.window_size": "87616", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000d390", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4283", + "tcp.analysis.ack_rtt": "0.001708000", + "tcp.analysis.initial_rtt": "0.002313000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.072091000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.072091000", + "frame.time_delta": "0.000240000", + "frame.time_delta_displayed": "0.000240000", + "frame.time_relative": "1184.611405000", + "frame.number": "4285", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x000057e0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005fd9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56888", + "tcp.dstport": "80", + "tcp.port": "56888", + "tcp.port": "80", + "tcp.stream": "165", + "tcp.len": "67", + "tcp.seq": "1", + "tcp.nxtseq": "68", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1369", + "tcp.window_size": "87616", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00002c5d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002313000", + "tcp.analysis.bytes_in_flight": "67", + "tcp.analysis.push_bytes_sent": "67" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.accept": "*\/*", + "http.request.line": "Accept: *\/*\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.072530000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.072530000", + "frame.time_delta": "0.000439000", + "frame.time_delta_displayed": "0.000439000", + "frame.time_relative": "1184.611844000", + "frame.number": "4286", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e50c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d2ef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56888", + "tcp.port": "80", + "tcp.port": "56888", + "tcp.stream": "165", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "68", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ca64", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4285", + "tcp.analysis.ack_rtt": "0.000439000", + "tcp.analysis.initial_rtt": "0.002313000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.072960000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.072960000", + "frame.time_delta": "0.000430000", + "frame.time_delta_displayed": "0.000430000", + "frame.time_relative": "1184.612274000", + "frame.number": "4287", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000e50d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d2dd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56888", + "tcp.port": "80", + "tcp.port": "56888", + "tcp.stream": "165", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "68", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000a86", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002313000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.073405000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.073405000", + "frame.time_delta": "0.000445000", + "frame.time_delta_displayed": "0.000445000", + "frame.time_relative": "1184.612719000", + "frame.number": "4288", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000e50e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cf0a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56888", + "tcp.port": "80", + "tcp.port": "56888", + "tcp.stream": "165", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "68", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005cef", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002313000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "4287", + "tcp.segment": "4288", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001314000", + "http.request_in": "4285", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.074510000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.074510000", + "frame.time_delta": "0.001105000", + "frame.time_delta_displayed": "0.001105000", + "frame.time_relative": "1184.613824000", + "frame.number": "4289", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057e1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000601b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56888", + "tcp.dstport": "80", + "tcp.port": "56888", + "tcp.port": "80", + "tcp.stream": "165", + "tcp.len": "0", + "tcp.seq": "68", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1369", + "tcp.window_size": "87616", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000d33c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4287", + "tcp.analysis.ack_rtt": "0.001550000", + "tcp.analysis.initial_rtt": "0.002313000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.074743000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.074743000", + "frame.time_delta": "0.000233000", + "frame.time_delta_displayed": "0.000233000", + "frame.time_relative": "1184.614057000", + "frame.number": "4290", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057e2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000601a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56888", + "tcp.dstport": "80", + "tcp.port": "56888", + "tcp.port": "80", + "tcp.stream": "165", + "tcp.len": "0", + "tcp.seq": "68", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1400", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000cf39", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4288", + "tcp.analysis.ack_rtt": "0.001338000", + "tcp.analysis.initial_rtt": "0.002313000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.104664000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.104664000", + "frame.time_delta": "0.029921000", + "frame.time_delta_displayed": "0.029921000", + "frame.time_relative": "1184.643978000", + "frame.number": "4291", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057e3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006019", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56888", + "tcp.dstport": "80", + "tcp.port": "56888", + "tcp.port": "80", + "tcp.stream": "165", + "tcp.len": "0", + "tcp.seq": "68", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "1400", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000cf38", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.105141000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.105141000", + "frame.time_delta": "0.000477000", + "frame.time_delta_displayed": "0.000477000", + "frame.time_relative": "1184.644455000", + "frame.number": "4292", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ffbd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b83e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56888", + "tcp.port": "80", + "tcp.port": "56888", + "tcp.stream": "165", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "69", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c66e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4291", + "tcp.analysis.ack_rtt": "0.000477000", + "tcp.analysis.initial_rtt": "0.002313000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.315452000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.315452000", + "frame.time_delta": "0.210311000", + "frame.time_delta_displayed": "0.210311000", + "frame.time_relative": "1184.854766000", + "frame.number": "4293", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000603d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000057ab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56889", + "tcp.dstport": "80", + "tcp.port": "56889", + "tcp.port": "80", + "tcp.stream": "166", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000a8af", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:03:c1:b9:6e:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 63027566, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "63027566", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.316020000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.316020000", + "frame.time_delta": "0.000568000", + "frame.time_delta_displayed": "0.000568000", + "frame.time_relative": "1184.855334000", + "frame.number": "4294", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b7f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56889", + "tcp.port": "80", + "tcp.port": "56889", + "tcp.stream": "166", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000c309", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4293", + "tcp.analysis.ack_rtt": "0.000568000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.342847000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.342847000", + "frame.time_delta": "0.026827000", + "frame.time_delta_displayed": "0.026827000", + "frame.time_relative": "1184.882161000", + "frame.number": "4295", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000109d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a74b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56890", + "tcp.dstport": "80", + "tcp.port": "56890", + "tcp.port": "80", + "tcp.stream": "167", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000e745", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:03:c1:b9:6e:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 63027566, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "63027566", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.343193000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.343193000", + "frame.time_delta": "0.000346000", + "frame.time_delta_displayed": "0.000346000", + "frame.time_relative": "1184.882507000", + "frame.number": "4296", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000603e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000057be", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56889", + "tcp.dstport": "80", + "tcp.port": "56889", + "tcp.port": "80", + "tcp.stream": "166", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1369", + "tcp.window_size": "87616", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000708f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4294", + "tcp.analysis.ack_rtt": "0.027173000", + "tcp.analysis.initial_rtt": "0.027741000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.343236000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.343236000", + "frame.time_delta": "0.000043000", + "frame.time_delta_displayed": "0.000043000", + "frame.time_relative": "1184.882550000", + "frame.number": "4297", + "frame.len": "157", + "frame.cap_len": "157", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "143", + "ip.id": "0x0000603f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005756", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56889", + "tcp.dstport": "80", + "tcp.port": "56889", + "tcp.port": "80", + "tcp.stream": "166", + "tcp.len": "103", + "tcp.seq": "1", + "tcp.nxtseq": "104", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1369", + "tcp.window_size": "87616", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000f5b4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.027741000", + "tcp.analysis.bytes_in_flight": "103", + "tcp.analysis.push_bytes_sent": "103" + } + }, + "http": { + "GET \/api\/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j\/lights HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/api\/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j\/lights HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/api\/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j\/lights", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.accept": "*\/*", + "http.request.line": "Accept: *\/*\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/api\/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j\/lights", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.343397000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.343397000", + "frame.time_delta": "0.000161000", + "frame.time_delta_displayed": "0.000161000", + "frame.time_relative": "1184.882711000", + "frame.number": "4298", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b7f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56890", + "tcp.port": "80", + "tcp.port": "56890", + "tcp.stream": "167", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00001535", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4295", + "tcp.analysis.ack_rtt": "0.000550000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.343687000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.343687000", + "frame.time_delta": "0.000290000", + "frame.time_delta_displayed": "0.000290000", + "frame.time_relative": "1184.883001000", + "frame.number": "4299", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b12e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000006ce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56889", + "tcp.port": "80", + "tcp.port": "56889", + "tcp.stream": "166", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "104", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000673f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4297", + "tcp.analysis.ack_rtt": "0.000451000", + "tcp.analysis.initial_rtt": "0.027741000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.344296000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.344296000", + "frame.time_delta": "0.000609000", + "frame.time_delta_displayed": "0.000609000", + "frame.time_relative": "1184.883610000", + "frame.number": "4300", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000b12f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000006bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56889", + "tcp.port": "80", + "tcp.port": "56889", + "tcp.stream": "166", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "104", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a760", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.027741000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.345857000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.345857000", + "frame.time_delta": "0.001561000", + "frame.time_delta_displayed": "0.001561000", + "frame.time_relative": "1184.885171000", + "frame.number": "4301", + "frame.len": "1155", + "frame.cap_len": "1155", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:json" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1141", + "ip.id": "0x0000b130", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000027f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56889", + "tcp.port": "80", + "tcp.port": "56889", + "tcp.stream": "166", + "tcp.len": "1101", + "tcp.seq": "18", + "tcp.nxtseq": "1120", + "tcp.ack": "104", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e0f6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.027741000", + "tcp.analysis.bytes_in_flight": "1119", + "tcp.analysis.push_bytes_sent": "1101" + }, + "tcp.segment_data": "43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:73:74:6f:72:65:2c:20:6e:6f:2d:63:61:63:68:65:2c:20:6d:75:73:74:2d:72:65:76:61:6c:69:64:61:74:65:2c:20:70:6f:73:74:2d:63:68:65:63:6b:3d:30:2c:20:70:72:65:2d:63:68:65:63:6b:3d:30:0d:0a:50:72:61:67:6d:61:3a:20:6e:6f:2d:63:61:63:68:65:0d:0a:45:78:70:69:72:65:73:3a:20:4d:6f:6e:2c:20:31:20:41:75:67:20:32:30:31:31:20:30:39:3a:30:30:3a:30:30:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:4d:61:78:2d:41:67:65:3a:20:33:36:30:30:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:4f:72:69:67:69:6e:3a:20:2a:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:43:72:65:64:65:6e:74:69:61:6c:73:3a:20:74:72:75:65:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:4d:65:74:68:6f:64:73:3a:20:50:4f:53:54:2c:20:47:45:54:2c:20:4f:50:54:49:4f:4e:53:2c:20:50:55:54:2c:20:44:45:4c:45:54:45:2c:20:48:45:41:44:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:48:65:61:64:65:72:73:3a:20:43:6f:6e:74:65:6e:74:2d:54:79:70:65:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6a:73:6f:6e:0d:0a:0d:0a:7b:22:31:22:3a:7b:22:73:74:61:74:65:22:3a:7b:22:6f:6e:22:3a:74:72:75:65:2c:22:62:72:69:22:3a:32:35:2c:22:61:6c:65:72:74:22:3a:22:6e:6f:6e:65:22:2c:22:72:65:61:63:68:61:62:6c:65:22:3a:74:72:75:65:7d:2c:22:73:77:75:70:64:61:74:65:22:3a:7b:22:73:74:61:74:65:22:3a:22:6e:6f:75:70:64:61:74:65:73:22:2c:22:6c:61:73:74:69:6e:73:74:61:6c:6c:22:3a:6e:75:6c:6c:7d:2c:22:74:79:70:65:22:3a:22:44:69:6d:6d:61:62:6c:65:20:6c:69:67:68:74:22:2c:22:6e:61:6d:65:22:3a:22:48:75:65:20:77:68:69:74:65:20:6c:61:6d:70:20:31:22:2c:22:6d:6f:64:65:6c:69:64:22:3a:22:4c:57:42:30:31:34:22:2c:22:6d:61:6e:75:66:61:63:74:75:72:65:72:6e:61:6d:65:22:3a:22:50:68:69:6c:69:70:73:22:2c:22:75:6e:69:71:75:65:69:64:22:3a:22:30:30:3a:31:37:3a:38:38:3a:30:31:3a:30:32:3a:38:33:3a:63:62:3a:38:63:2d:30:62:22:2c:22:73:77:76:65:72:73:69:6f:6e:22:3a:22:31:2e:31:35:2e:32:5f:72:31:39:31:38:31:22:2c:22:73:77:63:6f:6e:66:69:67:69:64:22:3a:22:44:31:44:32:30:35:35:46:22:2c:22:70:72:6f:64:75:63:74:69:64:22:3a:22:50:68:69:6c:69:70:73:2d:4c:57:42:30:31:34:2d:31:2d:41:31:39:44:4c:76:33:22:7d:2c:22:32:22:3a:7b:22:73:74:61:74:65:22:3a:7b:22:6f:6e:22:3a:74:72:75:65:2c:22:62:72:69:22:3a:33:30:2c:22:61:6c:65:72:74:22:3a:22:6e:6f:6e:65:22:2c:22:72:65:61:63:68:61:62:6c:65:22:3a:74:72:75:65:7d:2c:22:73:77:75:70:64:61:74:65:22:3a:7b:22:73:74:61:74:65:22:3a:22:6e:6f:75:70:64:61:74:65:73:22:2c:22:6c:61:73:74:69:6e:73:74:61:6c:6c:22:3a:6e:75:6c:6c:7d:2c:22:74:79:70:65:22:3a:22:44:69:6d:6d:61:62:6c:65:20:6c:69:67:68:74:22:2c:22:6e:61:6d:65:22:3a:22:48:75:65:20:77:68:69:74:65:20:6c:61:6d:70:20:32:22:2c:22:6d:6f:64:65:6c:69:64:22:3a:22:4c:57:42:30:31:34:22:2c:22:6d:61:6e:75:66:61:63:74:75:72:65:72:6e:61:6d:65:22:3a:22:50:68:69:6c:69:70:73:22:2c:22:75:6e:69:71:75:65:69:64:22:3a:22:30:30:3a:31:37:3a:38:38:3a:30:31:3a:30:32:3a:38:30:3a:66:32:3a:38:61:2d:30:62:22:2c:22:73:77:76:65:72:73:69:6f:6e:22:3a:22:31:2e:31:35:2e:32:5f:72:31:39:31:38:31:22:2c:22:73:77:63:6f:6e:66:69:67:69:64:22:3a:22:44:31:44:32:30:35:35:46:22:2c:22:70:72:6f:64:75:63:74:69:64:22:3a:22:50:68:69:6c:69:70:73:2d:4c:57:42:30:31:34:2d:31:2d:41:31:39:44:4c:76:33:22:7d:7d" + }, + "tcp.segments": { + "tcp.segment": "4300", + "tcp.segment": "4301", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1118", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:73:74:6f:72:65:2c:20:6e:6f:2d:63:61:63:68:65:2c:20:6d:75:73:74:2d:72:65:76:61:6c:69:64:61:74:65:2c:20:70:6f:73:74:2d:63:68:65:63:6b:3d:30:2c:20:70:72:65:2d:63:68:65:63:6b:3d:30:0d:0a:50:72:61:67:6d:61:3a:20:6e:6f:2d:63:61:63:68:65:0d:0a:45:78:70:69:72:65:73:3a:20:4d:6f:6e:2c:20:31:20:41:75:67:20:32:30:31:31:20:30:39:3a:30:30:3a:30:30:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:4d:61:78:2d:41:67:65:3a:20:33:36:30:30:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:4f:72:69:67:69:6e:3a:20:2a:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:43:72:65:64:65:6e:74:69:61:6c:73:3a:20:74:72:75:65:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:4d:65:74:68:6f:64:73:3a:20:50:4f:53:54:2c:20:47:45:54:2c:20:4f:50:54:49:4f:4e:53:2c:20:50:55:54:2c:20:44:45:4c:45:54:45:2c:20:48:45:41:44:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:48:65:61:64:65:72:73:3a:20:43:6f:6e:74:65:6e:74:2d:54:79:70:65:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6a:73:6f:6e:0d:0a:0d:0a:7b:22:31:22:3a:7b:22:73:74:61:74:65:22:3a:7b:22:6f:6e:22:3a:74:72:75:65:2c:22:62:72:69:22:3a:32:35:2c:22:61:6c:65:72:74:22:3a:22:6e:6f:6e:65:22:2c:22:72:65:61:63:68:61:62:6c:65:22:3a:74:72:75:65:7d:2c:22:73:77:75:70:64:61:74:65:22:3a:7b:22:73:74:61:74:65:22:3a:22:6e:6f:75:70:64:61:74:65:73:22:2c:22:6c:61:73:74:69:6e:73:74:61:6c:6c:22:3a:6e:75:6c:6c:7d:2c:22:74:79:70:65:22:3a:22:44:69:6d:6d:61:62:6c:65:20:6c:69:67:68:74:22:2c:22:6e:61:6d:65:22:3a:22:48:75:65:20:77:68:69:74:65:20:6c:61:6d:70:20:31:22:2c:22:6d:6f:64:65:6c:69:64:22:3a:22:4c:57:42:30:31:34:22:2c:22:6d:61:6e:75:66:61:63:74:75:72:65:72:6e:61:6d:65:22:3a:22:50:68:69:6c:69:70:73:22:2c:22:75:6e:69:71:75:65:69:64:22:3a:22:30:30:3a:31:37:3a:38:38:3a:30:31:3a:30:32:3a:38:33:3a:63:62:3a:38:63:2d:30:62:22:2c:22:73:77:76:65:72:73:69:6f:6e:22:3a:22:31:2e:31:35:2e:32:5f:72:31:39:31:38:31:22:2c:22:73:77:63:6f:6e:66:69:67:69:64:22:3a:22:44:31:44:32:30:35:35:46:22:2c:22:70:72:6f:64:75:63:74:69:64:22:3a:22:50:68:69:6c:69:70:73:2d:4c:57:42:30:31:34:2d:31:2d:41:31:39:44:4c:76:33:22:7d:2c:22:32:22:3a:7b:22:73:74:61:74:65:22:3a:7b:22:6f:6e:22:3a:74:72:75:65:2c:22:62:72:69:22:3a:33:30:2c:22:61:6c:65:72:74:22:3a:22:6e:6f:6e:65:22:2c:22:72:65:61:63:68:61:62:6c:65:22:3a:74:72:75:65:7d:2c:22:73:77:75:70:64:61:74:65:22:3a:7b:22:73:74:61:74:65:22:3a:22:6e:6f:75:70:64:61:74:65:73:22:2c:22:6c:61:73:74:69:6e:73:74:61:6c:6c:22:3a:6e:75:6c:6c:7d:2c:22:74:79:70:65:22:3a:22:44:69:6d:6d:61:62:6c:65:20:6c:69:67:68:74:22:2c:22:6e:61:6d:65:22:3a:22:48:75:65:20:77:68:69:74:65:20:6c:61:6d:70:20:32:22:2c:22:6d:6f:64:65:6c:69:64:22:3a:22:4c:57:42:30:31:34:22:2c:22:6d:61:6e:75:66:61:63:74:75:72:65:72:6e:61:6d:65:22:3a:22:50:68:69:6c:69:70:73:22:2c:22:75:6e:69:71:75:65:69:64:22:3a:22:30:30:3a:31:37:3a:38:38:3a:30:31:3a:30:32:3a:38:30:3a:66:32:3a:38:61:2d:30:62:22:2c:22:73:77:76:65:72:73:69:6f:6e:22:3a:22:31:2e:31:35:2e:32:5f:72:31:39:31:38:31:22:2c:22:73:77:63:6f:6e:66:69:67:69:64:22:3a:22:44:31:44:32:30:35:35:46:22:2c:22:70:72:6f:64:75:63:74:69:64:22:3a:22:50:68:69:6c:69:70:73:2d:4c:57:42:30:31:34:2d:31:2d:41:31:39:44:4c:76:33:22:7d:7d" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "no-store, no-cache, must-revalidate, post-check=0, pre-check=0", + "http.response.line": "Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\n", + "http.response.line": "Pragma: no-cache\r\n", + "http.response.line": "Expires: Mon, 1 Aug 2011 09:00:00 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "http.response.line": "Access-Control-Max-Age: 3600\r\n", + "http.response.line": "Access-Control-Allow-Origin: *\r\n", + "http.response.line": "Access-Control-Allow-Credentials: true\r\n", + "http.response.line": "Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE, HEAD\r\n", + "http.response.line": "Access-Control-Allow-Headers: Content-Type\r\n", + "http.content_type": "application\/json", + "http.response.line": "Content-type: application\/json\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.002621000", + "http.request_in": "4297", + "http.file_data": "{\"1\":{\"state\":{\"on\":true,\"bri\":25,\"alert\":\"none\",\"reachable\":true},\"swupdate\":{\"state\":\"noupdates\",\"lastinstall\":null},\"type\":\"Dimmable light\",\"name\":\"Hue white lamp 1\",\"modelid\":\"LWB014\",\"manufacturername\":\"Philips\",\"uniqueid\":\"00:17:88:01:02:83:cb:8c-0b\",\"swversion\":\"1.15.2_r19181\",\"swconfigid\":\"D1D2055F\",\"productid\":\"Philips-LWB014-1-A19DLv3\"},\"2\":{\"state\":{\"on\":true,\"bri\":30,\"alert\":\"none\",\"reachable\":true},\"swupdate\":{\"state\":\"noupdates\",\"lastinstall\":null},\"type\":\"Dimmable light\",\"name\":\"Hue white lamp 2\",\"modelid\":\"LWB014\",\"manufacturername\":\"Philips\",\"uniqueid\":\"00:17:88:01:02:80:f2:8a-0b\",\"swversion\":\"1.15.2_r19181\",\"swconfigid\":\"D1D2055F\",\"productid\":\"Philips-LWB014-1-A19DLv3\"}}" + }, + "json": { + "json.object": { + "json.member": { + "json.object": { + "json.member": { + "json.object": { + "json.member": { + "json.value.true": "", + "json.key": "on" + }, + "json.member": { + "json.value.number": "25", + "json.key": "bri" + }, + "json.member": { + "json.value.string": "none", + "json.key": "alert" + }, + "json.member": { + "json.value.true": "", + "json.key": "reachable" + } + }, + "json.key": "state" + }, + "json.member": { + "json.object": { + "json.member": { + "json.value.string": "noupdates", + "json.key": "state" + }, + "json.member": { + "json.value.null": "", + "json.key": "lastinstall" + } + }, + "json.key": "swupdate" + }, + "json.member": { + "json.value.string": "Dimmable light", + "json.key": "type" + }, + "json.member": { + "json.value.string": "Hue white lamp 1", + "json.key": "name" + }, + "json.member": { + "json.value.string": "LWB014", + "json.key": "modelid" + }, + "json.member": { + "json.value.string": "Philips", + "json.key": "manufacturername" + }, + "json.member": { + "json.value.string": "00:17:88:01:02:83:cb:8c-0b", + "json.key": "uniqueid" + }, + "json.member": { + "json.value.string": "1.15.2_r19181", + "json.key": "swversion" + }, + "json.member": { + "json.value.string": "D1D2055F", + "json.key": "swconfigid" + }, + "json.member": { + "json.value.string": "Philips-LWB014-1-A19DLv3", + "json.key": "productid" + } + }, + "json.key": "1" + }, + "json.member": { + "json.object": { + "json.member": { + "json.object": { + "json.member": { + "json.value.true": "", + "json.key": "on" + }, + "json.member": { + "json.value.number": "30", + "json.key": "bri" + }, + "json.member": { + "json.value.string": "none", + "json.key": "alert" + }, + "json.member": { + "json.value.true": "", + "json.key": "reachable" + } + }, + "json.key": "state" + }, + "json.member": { + "json.object": { + "json.member": { + "json.value.string": "noupdates", + "json.key": "state" + }, + "json.member": { + "json.value.null": "", + "json.key": "lastinstall" + } + }, + "json.key": "swupdate" + }, + "json.member": { + "json.value.string": "Dimmable light", + "json.key": "type" + }, + "json.member": { + "json.value.string": "Hue white lamp 2", + "json.key": "name" + }, + "json.member": { + "json.value.string": "LWB014", + "json.key": "modelid" + }, + "json.member": { + "json.value.string": "Philips", + "json.key": "manufacturername" + }, + "json.member": { + "json.value.string": "00:17:88:01:02:80:f2:8a-0b", + "json.key": "uniqueid" + }, + "json.member": { + "json.value.string": "1.15.2_r19181", + "json.key": "swversion" + }, + "json.member": { + "json.value.string": "D1D2055F", + "json.key": "swconfigid" + }, + "json.member": { + "json.value.string": "Philips-LWB014-1-A19DLv3", + "json.key": "productid" + } + }, + "json.key": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.353605000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.353605000", + "frame.time_delta": "0.007748000", + "frame.time_delta_displayed": "0.007748000", + "frame.time_relative": "1184.892919000", + "frame.number": "4302", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006040", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000057bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56889", + "tcp.dstport": "80", + "tcp.port": "56889", + "tcp.port": "80", + "tcp.stream": "166", + "tcp.len": "0", + "tcp.seq": "104", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1369", + "tcp.window_size": "87616", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00007017", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4300", + "tcp.analysis.ack_rtt": "0.009309000", + "tcp.analysis.initial_rtt": "0.027741000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.353638000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.353638000", + "frame.time_delta": "0.000033000", + "frame.time_delta_displayed": "0.000033000", + "frame.time_relative": "1184.892952000", + "frame.number": "4303", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000109e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a75e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56890", + "tcp.dstport": "80", + "tcp.port": "56890", + "tcp.port": "80", + "tcp.stream": "167", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1369", + "tcp.window_size": "87616", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000c2ba", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4298", + "tcp.analysis.ack_rtt": "0.010241000", + "tcp.analysis.initial_rtt": "0.010791000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.353658000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.353658000", + "frame.time_delta": "0.000020000", + "frame.time_delta_displayed": "0.000020000", + "frame.time_relative": "1184.892972000", + "frame.number": "4304", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x0000109f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a71a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56890", + "tcp.dstport": "80", + "tcp.port": "56890", + "tcp.port": "80", + "tcp.stream": "167", + "tcp.len": "67", + "tcp.seq": "1", + "tcp.nxtseq": "68", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1369", + "tcp.window_size": "87616", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00001b87", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.010791000", + "tcp.analysis.bytes_in_flight": "67", + "tcp.analysis.push_bytes_sent": "67" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.accept": "*\/*", + "http.request.line": "Accept: *\/*\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.353698000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.353698000", + "frame.time_delta": "0.000040000", + "frame.time_delta_displayed": "0.000040000", + "frame.time_relative": "1184.893012000", + "frame.number": "4305", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006041", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000057bb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56889", + "tcp.dstport": "80", + "tcp.port": "56889", + "tcp.port": "80", + "tcp.stream": "166", + "tcp.len": "0", + "tcp.seq": "104", + "tcp.ack": "1120", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1404", + "tcp.window_size": "89856", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00006ba6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4301", + "tcp.analysis.ack_rtt": "0.007841000", + "tcp.analysis.initial_rtt": "0.027741000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.354266000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.354266000", + "frame.time_delta": "0.000568000", + "frame.time_delta_displayed": "0.000568000", + "frame.time_relative": "1184.893580000", + "frame.number": "4306", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000041c9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007633", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56890", + "tcp.port": "80", + "tcp.port": "56890", + "tcp.stream": "167", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "68", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b98e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4304", + "tcp.analysis.ack_rtt": "0.000608000", + "tcp.analysis.initial_rtt": "0.010791000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.354835000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.354835000", + "frame.time_delta": "0.000569000", + "frame.time_delta_displayed": "0.000569000", + "frame.time_relative": "1184.894149000", + "frame.number": "4307", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006042", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000057ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56889", + "tcp.dstport": "80", + "tcp.port": "56889", + "tcp.port": "80", + "tcp.stream": "166", + "tcp.len": "0", + "tcp.seq": "104", + "tcp.ack": "1120", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "1404", + "tcp.window_size": "89856", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00006ba5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.355276000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.355276000", + "frame.time_delta": "0.000441000", + "frame.time_delta_displayed": "0.000441000", + "frame.time_relative": "1184.894590000", + "frame.number": "4308", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ffc6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b835", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56889", + "tcp.port": "80", + "tcp.port": "56889", + "tcp.stream": "166", + "tcp.len": "0", + "tcp.seq": "1120", + "tcp.ack": "105", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000062df", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4307", + "tcp.analysis.ack_rtt": "0.000441000", + "tcp.analysis.initial_rtt": "0.027741000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.356388000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.356388000", + "frame.time_delta": "0.001112000", + "frame.time_delta_displayed": "0.001112000", + "frame.time_relative": "1184.895702000", + "frame.number": "4309", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000041ca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007621", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56890", + "tcp.port": "80", + "tcp.port": "56890", + "tcp.stream": "167", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "68", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f9af", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.010791000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.356778000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.356778000", + "frame.time_delta": "0.000390000", + "frame.time_delta_displayed": "0.000390000", + "frame.time_relative": "1184.896092000", + "frame.number": "4310", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000041cb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000724e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56890", + "tcp.port": "80", + "tcp.port": "56890", + "tcp.stream": "167", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "68", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004c19", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.010791000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "4309", + "tcp.segment": "4310", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.003120000", + "http.request_in": "4304", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.358019000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.358019000", + "frame.time_delta": "0.001241000", + "frame.time_delta_displayed": "0.001241000", + "frame.time_relative": "1184.897333000", + "frame.number": "4311", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000010a0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a75c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56890", + "tcp.dstport": "80", + "tcp.port": "56890", + "tcp.port": "80", + "tcp.stream": "167", + "tcp.len": "0", + "tcp.seq": "68", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1369", + "tcp.window_size": "87616", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000c266", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4309", + "tcp.analysis.ack_rtt": "0.001631000", + "tcp.analysis.initial_rtt": "0.010791000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.358244000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.358244000", + "frame.time_delta": "0.000225000", + "frame.time_delta_displayed": "0.000225000", + "frame.time_relative": "1184.897558000", + "frame.number": "4312", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000010a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a75b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56890", + "tcp.dstport": "80", + "tcp.port": "56890", + "tcp.port": "80", + "tcp.stream": "167", + "tcp.len": "0", + "tcp.seq": "68", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1400", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000be63", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4310", + "tcp.analysis.ack_rtt": "0.001466000", + "tcp.analysis.initial_rtt": "0.010791000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.382316000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.382316000", + "frame.time_delta": "0.024072000", + "frame.time_delta_displayed": "0.024072000", + "frame.time_relative": "1184.921630000", + "frame.number": "4313", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000010a2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a75a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56890", + "tcp.dstport": "80", + "tcp.port": "56890", + "tcp.port": "80", + "tcp.stream": "167", + "tcp.len": "0", + "tcp.seq": "68", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "1400", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000be62", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.382823000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.382823000", + "frame.time_delta": "0.000507000", + "frame.time_delta_displayed": "0.000507000", + "frame.time_relative": "1184.922137000", + "frame.number": "4314", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ffc8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b833", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56890", + "tcp.port": "80", + "tcp.port": "56890", + "tcp.stream": "167", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "69", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b598", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4313", + "tcp.analysis.ack_rtt": "0.000507000", + "tcp.analysis.initial_rtt": "0.010791000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.940729000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.940729000", + "frame.time_delta": "0.557906000", + "frame.time_delta_displayed": "0.557906000", + "frame.time_relative": "1185.480043000", + "frame.number": "4315", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00007a3d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003c97", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "305", + "udp.checksum": "0x00000154", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "4281" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:16.993573000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494776.993573000", + "frame.time_delta": "0.052844000", + "frame.time_delta_displayed": "0.052844000", + "frame.time_relative": "1185.532887000", + "frame.number": "4316", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00007a42", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003c89", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "314", + "udp.checksum": "0x00000f3f", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "4315" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.025519000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.025519000", + "frame.time_delta": "0.031946000", + "frame.time_delta_displayed": "0.031946000", + "frame.time_relative": "1185.564833000", + "frame.number": "4317", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000438f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000095ff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.033196000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.033196000", + "frame.time_delta": "0.007677000", + "frame.time_delta_displayed": "0.007677000", + "frame.time_relative": "1185.572510000", + "frame.number": "4318", + "frame.len": "211", + "frame.cap_len": "211", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "197", + "ip.id": "0x00005727", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000816a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "177", + "udp.checksum": "0x00009320", + "udp.checksum.status": "2", + "udp.stream": "45" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "4", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { + "dns.resp.name": "_smartthings._tcp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "19", + "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { + "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "4500", + "dns.resp.len": "38", + "dns.txt.length": "6", + "dns.txt": "path=\/", + "dns.txt.length": "19", + "dns.txt": "id=D052A8A1D7EE0001", + "dns.txt.length": "10", + "dns.txt": "type=hubv2" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { + "dns.srv.service": "D052A8A1D7EE0001", + "dns.srv.proto": "_smartthings", + "dns.srv.name": "_tcp.local", + "dns.resp.type": "33", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "25", + "dns.srv.priority": "0", + "dns.srv.weight": "0", + "dns.srv.port": "8081", + "dns.srv.target": "D052A8A1D7EE0001.local" + }, + "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { + "dns.resp.name": "D052A8A1D7EE0001.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "4", + "dns.a": "192.168.0.242" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.046448000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.046448000", + "frame.time_delta": "0.013252000", + "frame.time_delta_displayed": "0.013252000", + "frame.time_relative": "1185.585762000", + "frame.number": "4319", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00007a45", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003c8c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "308", + "udp.checksum": "0x000032c9", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "4316" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.053045000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.053045000", + "frame.time_delta": "0.006597000", + "frame.time_delta_displayed": "0.006597000", + "frame.time_relative": "1185.592359000", + "frame.number": "4320", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000014c2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a326", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56891", + "tcp.dstport": "80", + "tcp.port": "56891", + "tcp.port": "80", + "tcp.stream": "168", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000f490", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:03:c1:b9:b8:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 63027640, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "63027640", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.053611000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.053611000", + "frame.time_delta": "0.000566000", + "frame.time_delta_displayed": "0.000566000", + "frame.time_relative": "1185.592925000", + "frame.number": "4321", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b7f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56891", + "tcp.port": "80", + "tcp.port": "56891", + "tcp.stream": "168", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000ae4a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4320", + "tcp.analysis.ack_rtt": "0.000566000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.055865000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.055865000", + "frame.time_delta": "0.002254000", + "frame.time_delta_displayed": "0.002254000", + "frame.time_relative": "1185.595179000", + "frame.number": "4322", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000014c3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a339", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56891", + "tcp.dstport": "80", + "tcp.port": "56891", + "tcp.port": "80", + "tcp.stream": "168", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1369", + "tcp.window_size": "87616", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00005bd0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4321", + "tcp.analysis.ack_rtt": "0.002254000", + "tcp.analysis.initial_rtt": "0.002820000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.056189000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.056189000", + "frame.time_delta": "0.000324000", + "frame.time_delta_displayed": "0.000324000", + "frame.time_relative": "1185.595503000", + "frame.number": "4323", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x000014c4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a2f5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56891", + "tcp.dstport": "80", + "tcp.port": "56891", + "tcp.port": "80", + "tcp.stream": "168", + "tcp.len": "67", + "tcp.seq": "1", + "tcp.nxtseq": "68", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1369", + "tcp.window_size": "87616", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000b49c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002820000", + "tcp.analysis.bytes_in_flight": "67", + "tcp.analysis.push_bytes_sent": "67" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.accept": "*\/*", + "http.request.line": "Accept: *\/*\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.056668000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.056668000", + "frame.time_delta": "0.000479000", + "frame.time_delta_displayed": "0.000479000", + "frame.time_relative": "1185.595982000", + "frame.number": "4324", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000075cb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004231", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56891", + "tcp.port": "80", + "tcp.port": "56891", + "tcp.stream": "168", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "68", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000052a4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4323", + "tcp.analysis.ack_rtt": "0.000479000", + "tcp.analysis.initial_rtt": "0.002820000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.057079000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.057079000", + "frame.time_delta": "0.000411000", + "frame.time_delta_displayed": "0.000411000", + "frame.time_relative": "1185.596393000", + "frame.number": "4325", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000075cc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000421f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56891", + "tcp.port": "80", + "tcp.port": "56891", + "tcp.stream": "168", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "68", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000092c5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002820000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.057438000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.057438000", + "frame.time_delta": "0.000359000", + "frame.time_delta_displayed": "0.000359000", + "frame.time_relative": "1185.596752000", + "frame.number": "4326", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000075cd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003e4c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56891", + "tcp.port": "80", + "tcp.port": "56891", + "tcp.stream": "168", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "68", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e52e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002820000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "4325", + "tcp.segment": "4326", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001249000", + "http.request_in": "4323", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.058797000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.058797000", + "frame.time_delta": "0.001359000", + "frame.time_delta_displayed": "0.001359000", + "frame.time_relative": "1185.598111000", + "frame.number": "4327", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000014c5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a337", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56891", + "tcp.dstport": "80", + "tcp.port": "56891", + "tcp.port": "80", + "tcp.stream": "168", + "tcp.len": "0", + "tcp.seq": "68", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1369", + "tcp.window_size": "87616", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00005b7c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4325", + "tcp.analysis.ack_rtt": "0.001718000", + "tcp.analysis.initial_rtt": "0.002820000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.059101000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.059101000", + "frame.time_delta": "0.000304000", + "frame.time_delta_displayed": "0.000304000", + "frame.time_relative": "1185.598415000", + "frame.number": "4328", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000014c6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a336", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56891", + "tcp.dstport": "80", + "tcp.port": "56891", + "tcp.port": "80", + "tcp.stream": "168", + "tcp.len": "0", + "tcp.seq": "68", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1400", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00005779", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4326", + "tcp.analysis.ack_rtt": "0.001663000", + "tcp.analysis.initial_rtt": "0.002820000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.065526000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.065526000", + "frame.time_delta": "0.006425000", + "frame.time_delta_displayed": "0.006425000", + "frame.time_relative": "1185.604840000", + "frame.number": "4329", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000014c7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a335", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56891", + "tcp.dstport": "80", + "tcp.port": "56891", + "tcp.port": "80", + "tcp.stream": "168", + "tcp.len": "0", + "tcp.seq": "68", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "1400", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00005778", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.066004000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.066004000", + "frame.time_delta": "0.000478000", + "frame.time_delta_displayed": "0.000478000", + "frame.time_relative": "1185.605318000", + "frame.number": "4330", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ffe9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b812", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56891", + "tcp.port": "80", + "tcp.port": "56891", + "tcp.stream": "168", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "69", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004eae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4329", + "tcp.analysis.ack_rtt": "0.000478000", + "tcp.analysis.initial_rtt": "0.002820000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.201776000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.201776000", + "frame.time_delta": "0.135772000", + "frame.time_delta_displayed": "0.135772000", + "frame.time_relative": "1185.741090000", + "frame.number": "4331", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000827f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003569", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56892", + "tcp.dstport": "80", + "tcp.port": "56892", + "tcp.port": "80", + "tcp.stream": "169", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000fd19", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:03:c1:b9:c7:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 63027655, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "63027655", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.202345000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.202345000", + "frame.time_delta": "0.000569000", + "frame.time_delta_displayed": "0.000569000", + "frame.time_relative": "1185.741659000", + "frame.number": "4332", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b7f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56892", + "tcp.port": "80", + "tcp.port": "56892", + "tcp.stream": "169", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000024f5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4331", + "tcp.analysis.ack_rtt": "0.000569000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.203696000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.203696000", + "frame.time_delta": "0.001351000", + "frame.time_delta_displayed": "0.001351000", + "frame.time_relative": "1185.743010000", + "frame.number": "4333", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008280", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000357c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56892", + "tcp.dstport": "80", + "tcp.port": "56892", + "tcp.port": "80", + "tcp.stream": "169", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1369", + "tcp.window_size": "87616", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000d27a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4332", + "tcp.analysis.ack_rtt": "0.001351000", + "tcp.analysis.initial_rtt": "0.001920000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.203945000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.203945000", + "frame.time_delta": "0.000249000", + "frame.time_delta_displayed": "0.000249000", + "frame.time_relative": "1185.743259000", + "frame.number": "4334", + "frame.len": "157", + "frame.cap_len": "157", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "143", + "ip.id": "0x00008281", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003514", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56892", + "tcp.dstport": "80", + "tcp.port": "56892", + "tcp.port": "80", + "tcp.stream": "169", + "tcp.len": "103", + "tcp.seq": "1", + "tcp.nxtseq": "104", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1369", + "tcp.window_size": "87616", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x000057a0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.001920000", + "tcp.analysis.bytes_in_flight": "103", + "tcp.analysis.push_bytes_sent": "103" + } + }, + "http": { + "GET \/api\/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j\/lights HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/api\/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j\/lights HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/api\/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j\/lights", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.accept": "*\/*", + "http.request.line": "Accept: *\/*\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/api\/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j\/lights", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.204402000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.204402000", + "frame.time_delta": "0.000457000", + "frame.time_delta_displayed": "0.000457000", + "frame.time_relative": "1185.743716000", + "frame.number": "4335", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f905", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bef6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56892", + "tcp.port": "80", + "tcp.port": "56892", + "tcp.stream": "169", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "104", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c92a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4334", + "tcp.analysis.ack_rtt": "0.000457000", + "tcp.analysis.initial_rtt": "0.001920000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.204878000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.204878000", + "frame.time_delta": "0.000476000", + "frame.time_delta_displayed": "0.000476000", + "frame.time_relative": "1185.744192000", + "frame.number": "4336", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000f906", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bee4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56892", + "tcp.port": "80", + "tcp.port": "56892", + "tcp.stream": "169", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "104", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000094c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.001920000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.206444000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.206444000", + "frame.time_delta": "0.001566000", + "frame.time_delta_displayed": "0.001566000", + "frame.time_relative": "1185.745758000", + "frame.number": "4337", + "frame.len": "1155", + "frame.cap_len": "1155", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:json" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1141", + "ip.id": "0x0000f907", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000baa7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56892", + "tcp.port": "80", + "tcp.port": "56892", + "tcp.stream": "169", + "tcp.len": "1101", + "tcp.seq": "18", + "tcp.nxtseq": "1120", + "tcp.ack": "104", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000042e2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.001920000", + "tcp.analysis.bytes_in_flight": "1119", + "tcp.analysis.push_bytes_sent": "1101" + }, + "tcp.segment_data": "43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:73:74:6f:72:65:2c:20:6e:6f:2d:63:61:63:68:65:2c:20:6d:75:73:74:2d:72:65:76:61:6c:69:64:61:74:65:2c:20:70:6f:73:74:2d:63:68:65:63:6b:3d:30:2c:20:70:72:65:2d:63:68:65:63:6b:3d:30:0d:0a:50:72:61:67:6d:61:3a:20:6e:6f:2d:63:61:63:68:65:0d:0a:45:78:70:69:72:65:73:3a:20:4d:6f:6e:2c:20:31:20:41:75:67:20:32:30:31:31:20:30:39:3a:30:30:3a:30:30:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:4d:61:78:2d:41:67:65:3a:20:33:36:30:30:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:4f:72:69:67:69:6e:3a:20:2a:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:43:72:65:64:65:6e:74:69:61:6c:73:3a:20:74:72:75:65:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:4d:65:74:68:6f:64:73:3a:20:50:4f:53:54:2c:20:47:45:54:2c:20:4f:50:54:49:4f:4e:53:2c:20:50:55:54:2c:20:44:45:4c:45:54:45:2c:20:48:45:41:44:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:48:65:61:64:65:72:73:3a:20:43:6f:6e:74:65:6e:74:2d:54:79:70:65:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6a:73:6f:6e:0d:0a:0d:0a:7b:22:31:22:3a:7b:22:73:74:61:74:65:22:3a:7b:22:6f:6e:22:3a:74:72:75:65:2c:22:62:72:69:22:3a:32:35:2c:22:61:6c:65:72:74:22:3a:22:6e:6f:6e:65:22:2c:22:72:65:61:63:68:61:62:6c:65:22:3a:74:72:75:65:7d:2c:22:73:77:75:70:64:61:74:65:22:3a:7b:22:73:74:61:74:65:22:3a:22:6e:6f:75:70:64:61:74:65:73:22:2c:22:6c:61:73:74:69:6e:73:74:61:6c:6c:22:3a:6e:75:6c:6c:7d:2c:22:74:79:70:65:22:3a:22:44:69:6d:6d:61:62:6c:65:20:6c:69:67:68:74:22:2c:22:6e:61:6d:65:22:3a:22:48:75:65:20:77:68:69:74:65:20:6c:61:6d:70:20:31:22:2c:22:6d:6f:64:65:6c:69:64:22:3a:22:4c:57:42:30:31:34:22:2c:22:6d:61:6e:75:66:61:63:74:75:72:65:72:6e:61:6d:65:22:3a:22:50:68:69:6c:69:70:73:22:2c:22:75:6e:69:71:75:65:69:64:22:3a:22:30:30:3a:31:37:3a:38:38:3a:30:31:3a:30:32:3a:38:33:3a:63:62:3a:38:63:2d:30:62:22:2c:22:73:77:76:65:72:73:69:6f:6e:22:3a:22:31:2e:31:35:2e:32:5f:72:31:39:31:38:31:22:2c:22:73:77:63:6f:6e:66:69:67:69:64:22:3a:22:44:31:44:32:30:35:35:46:22:2c:22:70:72:6f:64:75:63:74:69:64:22:3a:22:50:68:69:6c:69:70:73:2d:4c:57:42:30:31:34:2d:31:2d:41:31:39:44:4c:76:33:22:7d:2c:22:32:22:3a:7b:22:73:74:61:74:65:22:3a:7b:22:6f:6e:22:3a:74:72:75:65:2c:22:62:72:69:22:3a:33:30:2c:22:61:6c:65:72:74:22:3a:22:6e:6f:6e:65:22:2c:22:72:65:61:63:68:61:62:6c:65:22:3a:74:72:75:65:7d:2c:22:73:77:75:70:64:61:74:65:22:3a:7b:22:73:74:61:74:65:22:3a:22:6e:6f:75:70:64:61:74:65:73:22:2c:22:6c:61:73:74:69:6e:73:74:61:6c:6c:22:3a:6e:75:6c:6c:7d:2c:22:74:79:70:65:22:3a:22:44:69:6d:6d:61:62:6c:65:20:6c:69:67:68:74:22:2c:22:6e:61:6d:65:22:3a:22:48:75:65:20:77:68:69:74:65:20:6c:61:6d:70:20:32:22:2c:22:6d:6f:64:65:6c:69:64:22:3a:22:4c:57:42:30:31:34:22:2c:22:6d:61:6e:75:66:61:63:74:75:72:65:72:6e:61:6d:65:22:3a:22:50:68:69:6c:69:70:73:22:2c:22:75:6e:69:71:75:65:69:64:22:3a:22:30:30:3a:31:37:3a:38:38:3a:30:31:3a:30:32:3a:38:30:3a:66:32:3a:38:61:2d:30:62:22:2c:22:73:77:76:65:72:73:69:6f:6e:22:3a:22:31:2e:31:35:2e:32:5f:72:31:39:31:38:31:22:2c:22:73:77:63:6f:6e:66:69:67:69:64:22:3a:22:44:31:44:32:30:35:35:46:22:2c:22:70:72:6f:64:75:63:74:69:64:22:3a:22:50:68:69:6c:69:70:73:2d:4c:57:42:30:31:34:2d:31:2d:41:31:39:44:4c:76:33:22:7d:7d" + }, + "tcp.segments": { + "tcp.segment": "4336", + "tcp.segment": "4337", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1118", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:73:74:6f:72:65:2c:20:6e:6f:2d:63:61:63:68:65:2c:20:6d:75:73:74:2d:72:65:76:61:6c:69:64:61:74:65:2c:20:70:6f:73:74:2d:63:68:65:63:6b:3d:30:2c:20:70:72:65:2d:63:68:65:63:6b:3d:30:0d:0a:50:72:61:67:6d:61:3a:20:6e:6f:2d:63:61:63:68:65:0d:0a:45:78:70:69:72:65:73:3a:20:4d:6f:6e:2c:20:31:20:41:75:67:20:32:30:31:31:20:30:39:3a:30:30:3a:30:30:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:4d:61:78:2d:41:67:65:3a:20:33:36:30:30:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:4f:72:69:67:69:6e:3a:20:2a:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:43:72:65:64:65:6e:74:69:61:6c:73:3a:20:74:72:75:65:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:4d:65:74:68:6f:64:73:3a:20:50:4f:53:54:2c:20:47:45:54:2c:20:4f:50:54:49:4f:4e:53:2c:20:50:55:54:2c:20:44:45:4c:45:54:45:2c:20:48:45:41:44:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:48:65:61:64:65:72:73:3a:20:43:6f:6e:74:65:6e:74:2d:54:79:70:65:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6a:73:6f:6e:0d:0a:0d:0a:7b:22:31:22:3a:7b:22:73:74:61:74:65:22:3a:7b:22:6f:6e:22:3a:74:72:75:65:2c:22:62:72:69:22:3a:32:35:2c:22:61:6c:65:72:74:22:3a:22:6e:6f:6e:65:22:2c:22:72:65:61:63:68:61:62:6c:65:22:3a:74:72:75:65:7d:2c:22:73:77:75:70:64:61:74:65:22:3a:7b:22:73:74:61:74:65:22:3a:22:6e:6f:75:70:64:61:74:65:73:22:2c:22:6c:61:73:74:69:6e:73:74:61:6c:6c:22:3a:6e:75:6c:6c:7d:2c:22:74:79:70:65:22:3a:22:44:69:6d:6d:61:62:6c:65:20:6c:69:67:68:74:22:2c:22:6e:61:6d:65:22:3a:22:48:75:65:20:77:68:69:74:65:20:6c:61:6d:70:20:31:22:2c:22:6d:6f:64:65:6c:69:64:22:3a:22:4c:57:42:30:31:34:22:2c:22:6d:61:6e:75:66:61:63:74:75:72:65:72:6e:61:6d:65:22:3a:22:50:68:69:6c:69:70:73:22:2c:22:75:6e:69:71:75:65:69:64:22:3a:22:30:30:3a:31:37:3a:38:38:3a:30:31:3a:30:32:3a:38:33:3a:63:62:3a:38:63:2d:30:62:22:2c:22:73:77:76:65:72:73:69:6f:6e:22:3a:22:31:2e:31:35:2e:32:5f:72:31:39:31:38:31:22:2c:22:73:77:63:6f:6e:66:69:67:69:64:22:3a:22:44:31:44:32:30:35:35:46:22:2c:22:70:72:6f:64:75:63:74:69:64:22:3a:22:50:68:69:6c:69:70:73:2d:4c:57:42:30:31:34:2d:31:2d:41:31:39:44:4c:76:33:22:7d:2c:22:32:22:3a:7b:22:73:74:61:74:65:22:3a:7b:22:6f:6e:22:3a:74:72:75:65:2c:22:62:72:69:22:3a:33:30:2c:22:61:6c:65:72:74:22:3a:22:6e:6f:6e:65:22:2c:22:72:65:61:63:68:61:62:6c:65:22:3a:74:72:75:65:7d:2c:22:73:77:75:70:64:61:74:65:22:3a:7b:22:73:74:61:74:65:22:3a:22:6e:6f:75:70:64:61:74:65:73:22:2c:22:6c:61:73:74:69:6e:73:74:61:6c:6c:22:3a:6e:75:6c:6c:7d:2c:22:74:79:70:65:22:3a:22:44:69:6d:6d:61:62:6c:65:20:6c:69:67:68:74:22:2c:22:6e:61:6d:65:22:3a:22:48:75:65:20:77:68:69:74:65:20:6c:61:6d:70:20:32:22:2c:22:6d:6f:64:65:6c:69:64:22:3a:22:4c:57:42:30:31:34:22:2c:22:6d:61:6e:75:66:61:63:74:75:72:65:72:6e:61:6d:65:22:3a:22:50:68:69:6c:69:70:73:22:2c:22:75:6e:69:71:75:65:69:64:22:3a:22:30:30:3a:31:37:3a:38:38:3a:30:31:3a:30:32:3a:38:30:3a:66:32:3a:38:61:2d:30:62:22:2c:22:73:77:76:65:72:73:69:6f:6e:22:3a:22:31:2e:31:35:2e:32:5f:72:31:39:31:38:31:22:2c:22:73:77:63:6f:6e:66:69:67:69:64:22:3a:22:44:31:44:32:30:35:35:46:22:2c:22:70:72:6f:64:75:63:74:69:64:22:3a:22:50:68:69:6c:69:70:73:2d:4c:57:42:30:31:34:2d:31:2d:41:31:39:44:4c:76:33:22:7d:7d" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "no-store, no-cache, must-revalidate, post-check=0, pre-check=0", + "http.response.line": "Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\n", + "http.response.line": "Pragma: no-cache\r\n", + "http.response.line": "Expires: Mon, 1 Aug 2011 09:00:00 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "http.response.line": "Access-Control-Max-Age: 3600\r\n", + "http.response.line": "Access-Control-Allow-Origin: *\r\n", + "http.response.line": "Access-Control-Allow-Credentials: true\r\n", + "http.response.line": "Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE, HEAD\r\n", + "http.response.line": "Access-Control-Allow-Headers: Content-Type\r\n", + "http.content_type": "application\/json", + "http.response.line": "Content-type: application\/json\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.002499000", + "http.request_in": "4334", + "http.file_data": "{\"1\":{\"state\":{\"on\":true,\"bri\":25,\"alert\":\"none\",\"reachable\":true},\"swupdate\":{\"state\":\"noupdates\",\"lastinstall\":null},\"type\":\"Dimmable light\",\"name\":\"Hue white lamp 1\",\"modelid\":\"LWB014\",\"manufacturername\":\"Philips\",\"uniqueid\":\"00:17:88:01:02:83:cb:8c-0b\",\"swversion\":\"1.15.2_r19181\",\"swconfigid\":\"D1D2055F\",\"productid\":\"Philips-LWB014-1-A19DLv3\"},\"2\":{\"state\":{\"on\":true,\"bri\":30,\"alert\":\"none\",\"reachable\":true},\"swupdate\":{\"state\":\"noupdates\",\"lastinstall\":null},\"type\":\"Dimmable light\",\"name\":\"Hue white lamp 2\",\"modelid\":\"LWB014\",\"manufacturername\":\"Philips\",\"uniqueid\":\"00:17:88:01:02:80:f2:8a-0b\",\"swversion\":\"1.15.2_r19181\",\"swconfigid\":\"D1D2055F\",\"productid\":\"Philips-LWB014-1-A19DLv3\"}}" + }, + "json": { + "json.object": { + "json.member": { + "json.object": { + "json.member": { + "json.object": { + "json.member": { + "json.value.true": "", + "json.key": "on" + }, + "json.member": { + "json.value.number": "25", + "json.key": "bri" + }, + "json.member": { + "json.value.string": "none", + "json.key": "alert" + }, + "json.member": { + "json.value.true": "", + "json.key": "reachable" + } + }, + "json.key": "state" + }, + "json.member": { + "json.object": { + "json.member": { + "json.value.string": "noupdates", + "json.key": "state" + }, + "json.member": { + "json.value.null": "", + "json.key": "lastinstall" + } + }, + "json.key": "swupdate" + }, + "json.member": { + "json.value.string": "Dimmable light", + "json.key": "type" + }, + "json.member": { + "json.value.string": "Hue white lamp 1", + "json.key": "name" + }, + "json.member": { + "json.value.string": "LWB014", + "json.key": "modelid" + }, + "json.member": { + "json.value.string": "Philips", + "json.key": "manufacturername" + }, + "json.member": { + "json.value.string": "00:17:88:01:02:83:cb:8c-0b", + "json.key": "uniqueid" + }, + "json.member": { + "json.value.string": "1.15.2_r19181", + "json.key": "swversion" + }, + "json.member": { + "json.value.string": "D1D2055F", + "json.key": "swconfigid" + }, + "json.member": { + "json.value.string": "Philips-LWB014-1-A19DLv3", + "json.key": "productid" + } + }, + "json.key": "1" + }, + "json.member": { + "json.object": { + "json.member": { + "json.object": { + "json.member": { + "json.value.true": "", + "json.key": "on" + }, + "json.member": { + "json.value.number": "30", + "json.key": "bri" + }, + "json.member": { + "json.value.string": "none", + "json.key": "alert" + }, + "json.member": { + "json.value.true": "", + "json.key": "reachable" + } + }, + "json.key": "state" + }, + "json.member": { + "json.object": { + "json.member": { + "json.value.string": "noupdates", + "json.key": "state" + }, + "json.member": { + "json.value.null": "", + "json.key": "lastinstall" + } + }, + "json.key": "swupdate" + }, + "json.member": { + "json.value.string": "Dimmable light", + "json.key": "type" + }, + "json.member": { + "json.value.string": "Hue white lamp 2", + "json.key": "name" + }, + "json.member": { + "json.value.string": "LWB014", + "json.key": "modelid" + }, + "json.member": { + "json.value.string": "Philips", + "json.key": "manufacturername" + }, + "json.member": { + "json.value.string": "00:17:88:01:02:80:f2:8a-0b", + "json.key": "uniqueid" + }, + "json.member": { + "json.value.string": "1.15.2_r19181", + "json.key": "swversion" + }, + "json.member": { + "json.value.string": "D1D2055F", + "json.key": "swconfigid" + }, + "json.member": { + "json.value.string": "Philips-LWB014-1-A19DLv3", + "json.key": "productid" + } + }, + "json.key": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.207785000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.207785000", + "frame.time_delta": "0.001341000", + "frame.time_delta_displayed": "0.001341000", + "frame.time_relative": "1185.747099000", + "frame.number": "4338", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008282", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000357a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56892", + "tcp.dstport": "80", + "tcp.port": "56892", + "tcp.port": "80", + "tcp.stream": "169", + "tcp.len": "0", + "tcp.seq": "104", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1369", + "tcp.window_size": "87616", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000d202", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4336", + "tcp.analysis.ack_rtt": "0.002907000", + "tcp.analysis.initial_rtt": "0.001920000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.208070000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.208070000", + "frame.time_delta": "0.000285000", + "frame.time_delta_displayed": "0.000285000", + "frame.time_relative": "1185.747384000", + "frame.number": "4339", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008283", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003579", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56892", + "tcp.dstport": "80", + "tcp.port": "56892", + "tcp.port": "80", + "tcp.stream": "169", + "tcp.len": "0", + "tcp.seq": "104", + "tcp.ack": "1120", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1404", + "tcp.window_size": "89856", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000cd91", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4337", + "tcp.analysis.ack_rtt": "0.001626000", + "tcp.analysis.initial_rtt": "0.001920000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.210509000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.210509000", + "frame.time_delta": "0.002439000", + "frame.time_delta_displayed": "0.002439000", + "frame.time_relative": "1185.749823000", + "frame.number": "4340", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "68:37:e9:d2:26:0d", + "eth.src_tree": { + "eth.src_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008284", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003578", + "ip.checksum.status": "2", + "ip.src": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.src_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "56892", + "tcp.dstport": "80", + "tcp.port": "56892", + "tcp.port": "80", + "tcp.stream": "169", + "tcp.len": "0", + "tcp.seq": "104", + "tcp.ack": "1120", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "1404", + "tcp.window_size": "89856", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000cd90", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.210984000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.210984000", + "frame.time_delta": "0.000475000", + "frame.time_delta_displayed": "0.000475000", + "frame.time_relative": "1185.750298000", + "frame.number": "4341", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fff1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b80a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "56892", + "tcp.port": "80", + "tcp.port": "56892", + "tcp.stream": "169", + "tcp.len": "0", + "tcp.seq": "1120", + "tcp.ack": "105", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c4ca", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4340", + "tcp.analysis.ack_rtt": "0.000475000", + "tcp.analysis.initial_rtt": "0.001920000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.251995000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.251995000", + "frame.time_delta": "0.041011000", + "frame.time_delta_displayed": "0.041011000", + "frame.time_relative": "1185.791309000", + "frame.number": "4342", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x000043a2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000095ec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.476968000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.476968000", + "frame.time_delta": "0.224973000", + "frame.time_delta_displayed": "0.224973000", + "frame.time_relative": "1186.016282000", + "frame.number": "4343", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x000043b0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000095de", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.634393000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.634393000", + "frame.time_delta": "0.157425000", + "frame.time_delta_displayed": "0.157425000", + "frame.time_relative": "1186.173707000", + "frame.number": "4344", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001e0e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b9e2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000187f", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000277", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=631", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.634762000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.634762000", + "frame.time_delta": "0.000369000", + "frame.time_delta_displayed": "0.000369000", + "frame.time_relative": "1186.174076000", + "frame.number": "4345", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001e0f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009add", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f97a", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000277", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=631", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:17.635264000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494777.635264000", + "frame.time_delta": "0.000502000", + "frame.time_delta_displayed": "0.000502000", + "frame.time_relative": "1186.174578000", + "frame.number": "4346", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008740", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000277", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=631", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:18.138661000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494778.138661000", + "frame.time_delta": "0.503397000", + "frame.time_delta_displayed": "0.503397000", + "frame.time_relative": "1186.677975000", + "frame.number": "4347", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00007a89", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003c4b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "305", + "udp.checksum": "0x00000154", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "4319" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:18.153523000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494778.153523000", + "frame.time_delta": "0.014862000", + "frame.time_delta_displayed": "0.014862000", + "frame.time_relative": "1186.692837000", + "frame.number": "4348", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00007a8b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003c40", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "314", + "udp.checksum": "0x00000f3f", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "4347" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:18.206288000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494778.206288000", + "frame.time_delta": "0.052765000", + "frame.time_delta_displayed": "0.052765000", + "frame.time_relative": "1186.745602000", + "frame.number": "4349", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00007a90", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003c41", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "308", + "udp.checksum": "0x000032c9", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "4348" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:18.920978000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494778.920978000", + "frame.time_delta": "0.714690000", + "frame.time_delta_displayed": "0.714690000", + "frame.time_relative": "1187.460292000", + "frame.number": "4350", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00004467", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000094f2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:19.153008000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494779.153008000", + "frame.time_delta": "0.232030000", + "frame.time_delta_displayed": "0.232030000", + "frame.time_relative": "1187.692322000", + "frame.number": "4351", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00007a9e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003c36", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "305", + "udp.checksum": "0x00000154", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "4349" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:19.205750000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494779.205750000", + "frame.time_delta": "0.052742000", + "frame.time_delta_displayed": "0.052742000", + "frame.time_relative": "1187.745064000", + "frame.number": "4352", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00007aa1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003c2a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "314", + "udp.checksum": "0x00000f3f", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "4351" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:19.258552000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494779.258552000", + "frame.time_delta": "0.052802000", + "frame.time_delta_displayed": "0.052802000", + "frame.time_relative": "1187.797866000", + "frame.number": "4353", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00007aa4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003c2d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "308", + "udp.checksum": "0x000032c9", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "4352" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:19.521735000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494779.521735000", + "frame.time_delta": "0.263183000", + "frame.time_delta_displayed": "0.263183000", + "frame.time_relative": "1188.061049000", + "frame.number": "4354", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00007aaf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003c25", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "305", + "udp.checksum": "0x00000154", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "4353" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:19.574612000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494779.574612000", + "frame.time_delta": "0.052877000", + "frame.time_delta_displayed": "0.052877000", + "frame.time_relative": "1188.113926000", + "frame.number": "4355", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00007ab1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003c1a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "314", + "udp.checksum": "0x00000f3f", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "4354" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:19.627372000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494779.627372000", + "frame.time_delta": "0.052760000", + "frame.time_delta_displayed": "0.052760000", + "frame.time_relative": "1188.166686000", + "frame.number": "4356", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00007ab4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003c1d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "308", + "udp.checksum": "0x000032c9", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "4355" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:20.534801000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494780.534801000", + "frame.time_delta": "0.907429000", + "frame.time_delta_displayed": "0.907429000", + "frame.time_relative": "1189.074115000", + "frame.number": "4357", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009615", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007739", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "57446", + "tcp.nxtseq": "57495", + "tcp.ack": "12587", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e0fc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:81:6b:a7:9f:6a:74", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2523499, TSecr 2812242548": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2523499", + "tcp.options.timestamp.tsecr": "2812242548" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:cc:47:81:3d:c8:95:48:fc:a6:cd:bd:7d:2d:8c:9e:dd:5b:60:de:ef:ec:c4:91:0f:40:dc:ab:9a:e0:93:97:9b:39:cd:12:70:ce" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:20.579237000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494780.579237000", + "frame.time_delta": "0.044436000", + "frame.time_delta_displayed": "0.044436000", + "frame.time_relative": "1189.118551000", + "frame.number": "4358", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00007aef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003be5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "305", + "udp.checksum": "0x00000154", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "4356" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:20.594888000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494780.594888000", + "frame.time_delta": "0.015651000", + "frame.time_delta_displayed": "0.015651000", + "frame.time_relative": "1189.134202000", + "frame.number": "4359", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d17", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003868", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "12587", + "tcp.ack": "57495", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000090c4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9f:84:99:00:26:81:6b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812249241, TSecr 2523499": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812249241", + "tcp.options.timestamp.tsecr": "2523499" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4357", + "tcp.analysis.ack_rtt": "0.060087000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:20.595383000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494780.595383000", + "frame.time_delta": "0.000495000", + "frame.time_delta_displayed": "0.000495000", + "frame.time_relative": "1189.134697000", + "frame.number": "4360", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002d18", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003830", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "12587", + "tcp.nxtseq": "12642", + "tcp.ack": "57495", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c254", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9f:84:99:00:26:81:6b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812249241, TSecr 2523499": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812249241", + "tcp.options.timestamp.tsecr": "2523499" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:88:96:ac:7f:85:97:4f:37:23:2e:46:57:87:6e:42:12:56:72:fe:ce:65:c7:ac:12:e7:5a:5a:3d:1b:76:5a:4c:fb:27:3d:32:a4:1b:8d:a7:79:f0:16" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:20.595808000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494780.595808000", + "frame.time_delta": "0.000425000", + "frame.time_delta_displayed": "0.000425000", + "frame.time_relative": "1189.135122000", + "frame.number": "4361", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009616", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007769", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "57495", + "tcp.ack": "12642", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008f98", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:81:71:a7:9f:84:99", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2523505, TSecr 2812249241": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2523505", + "tcp.options.timestamp.tsecr": "2812249241" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4360", + "tcp.analysis.ack_rtt": "0.000425000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:20.632119000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494780.632119000", + "frame.time_delta": "0.036311000", + "frame.time_delta_displayed": "0.036311000", + "frame.time_relative": "1189.171433000", + "frame.number": "4362", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00007af0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003bdb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "314", + "udp.checksum": "0x00000f3f", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "4358" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:20.684981000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494780.684981000", + "frame.time_delta": "0.052862000", + "frame.time_delta_displayed": "0.052862000", + "frame.time_relative": "1189.224295000", + "frame.number": "4363", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00007af5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003bdc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "308", + "udp.checksum": "0x000032c9", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "4362" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:21.369400000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494781.369400000", + "frame.time_delta": "0.684419000", + "frame.time_delta_displayed": "0.684419000", + "frame.time_relative": "1189.908714000", + "frame.number": "4364", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00007b11", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003bc3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "305", + "udp.checksum": "0x00000154", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "4363" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:21.422169000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494781.422169000", + "frame.time_delta": "0.052769000", + "frame.time_delta_displayed": "0.052769000", + "frame.time_relative": "1189.961483000", + "frame.number": "4365", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00007b17", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003bb4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "314", + "udp.checksum": "0x00000f3f", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "4364" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:21.474931000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494781.474931000", + "frame.time_delta": "0.052762000", + "frame.time_delta_displayed": "0.052762000", + "frame.time_relative": "1190.014245000", + "frame.number": "4366", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00007b19", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003bb8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "308", + "udp.checksum": "0x000032c9", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "4365" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:22.421454000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494782.421454000", + "frame.time_delta": "0.946523000", + "frame.time_delta_displayed": "0.946523000", + "frame.time_relative": "1190.960768000", + "frame.number": "4367", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00007b4c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003b88", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "305", + "udp.checksum": "0x00000154", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "4366" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:22.474276000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494782.474276000", + "frame.time_delta": "0.052822000", + "frame.time_delta_displayed": "0.052822000", + "frame.time_relative": "1191.013590000", + "frame.number": "4368", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00007b4d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003b7e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "314", + "udp.checksum": "0x00000f3f", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "4367" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:22.527130000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494782.527130000", + "frame.time_delta": "0.052854000", + "frame.time_delta_displayed": "0.052854000", + "frame.time_relative": "1191.066444000", + "frame.number": "4369", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "68:37:e9:d2:26:0d", + "eth.dst_tree": { + "eth.dst_resolved": "AmazonTe_d2:26:0d", + "eth.addr": "68:37:e9:d2:26:0d", + "eth.addr_resolved": "AmazonTe_d2:26:0d", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00007b4e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003b83", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.227", + "ip.addr": "192.168.0.227", + "ip.dst_host": "192.168.0.227", + "ip.host": "192.168.0.227", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50000", + "udp.port": "1900", + "udp.port": "50000", + "udp.length": "308", + "udp.checksum": "0x000032c9", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "4368" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:24.909553000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494784.909553000", + "frame.time_delta": "2.382423000", + "frame.time_delta_displayed": "2.382423000", + "frame.time_relative": "1193.448867000", + "frame.number": "4370", + "frame.len": "318", + "frame.cap_len": "318", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "304", + "ip.id": "0x0000454a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x00004d7f", + "ip.checksum.status": "2", + "ip.src": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.src_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49771", + "tcp.port": "80", + "tcp.port": "49771", + "tcp.stream": "148", + "tcp.len": "264", + "tcp.seq": "1", + "tcp.nxtseq": "265", + "tcp.ack": "258", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30016", + "tcp.window_size": "30016", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000f36c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.017148000", + "tcp.analysis.bytes_in_flight": "264", + "tcp.analysis.push_bytes_sent": "264" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.date": "Wed, 01 Nov 2017 00:06:24 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:06:24 GMT\r\n", + "http.content_type": "text\/javascript; charset=\"UTF-8\"", + "http.response.line": "Content-Type: text\/javascript; charset=\"UTF-8\"\r\n", + "http.content_length_header": "24", + "http.content_length_header_tree": { + "http.content_length": "24" + }, + "http.response.line": "Content-Length: 24\r\n", + "http.connection": "keep-alive", + "http.response.line": "Connection: keep-alive\r\n", + "http.cache_control": "no-cache", + "http.response.line": "Cache-Control: no-cache\r\n", + "http.response.line": "Access-Control-Allow-Origin: *\r\n", + "http.response.line": "Access-Control-Allow-Methods: GET\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "230.948377000", + "http.request_in": "3728", + "http.file_data": "[[],\"15094945528362978\"]" + }, + "data-text-lines": { + "[[],\"15094945528362978\"]": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:24.915487000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494784.915487000", + "frame.time_delta": "0.005934000", + "frame.time_delta_displayed": "0.005934000", + "frame.time_relative": "1193.454801000", + "frame.number": "4371", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001043", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f38d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.dst_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49771", + "tcp.dstport": "80", + "tcp.port": "49771", + "tcp.port": "80", + "tcp.stream": "148", + "tcp.len": "0", + "tcp.seq": "258", + "tcp.ack": "265", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5336", + "tcp.window_size": "5336", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000044ed", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4370", + "tcp.analysis.ack_rtt": "0.005934000", + "tcp.analysis.initial_rtt": "0.017148000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:24.943446000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494784.943446000", + "frame.time_delta": "0.027959000", + "frame.time_delta_displayed": "0.027959000", + "frame.time_relative": "1193.482760000", + "frame.number": "4372", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001044", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f38c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.dst_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49771", + "tcp.dstport": "80", + "tcp.port": "49771", + "tcp.port": "80", + "tcp.stream": "148", + "tcp.len": "0", + "tcp.seq": "258", + "tcp.ack": "265", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5336", + "tcp.window_size": "5336", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000044ec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:24.955264000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494784.955264000", + "frame.time_delta": "0.011818000", + "frame.time_delta_displayed": "0.011818000", + "frame.time_relative": "1193.494578000", + "frame.number": "4373", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000454b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x00004e86", + "ip.checksum.status": "2", + "ip.src": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.src_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49771", + "tcp.port": "80", + "tcp.port": "49771", + "tcp.stream": "148", + "tcp.len": "0", + "tcp.seq": "265", + "tcp.ack": "259", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30016", + "tcp.window_size": "30016", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000e482", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4372", + "tcp.analysis.ack_rtt": "0.011818000", + "tcp.analysis.initial_rtt": "0.017148000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:24.962531000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494784.962531000", + "frame.time_delta": "0.007267000", + "frame.time_delta_displayed": "0.007267000", + "frame.time_relative": "1193.501845000", + "frame.number": "4374", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001045", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f38b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.dst_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49771", + "tcp.dstport": "80", + "tcp.port": "49771", + "tcp.port": "80", + "tcp.stream": "148", + "tcp.len": "0", + "tcp.seq": "259", + "tcp.ack": "266", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5335", + "tcp.window_size": "5335", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000044ec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4373", + "tcp.analysis.ack_rtt": "0.007267000", + "tcp.analysis.initial_rtt": "0.017148000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:25.950205000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494785.950205000", + "frame.time_delta": "0.987674000", + "frame.time_delta_displayed": "0.987674000", + "frame.time_relative": "1194.489519000", + "frame.number": "4375", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00001046", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f386", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.dst_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49775", + "tcp.dstport": "80", + "tcp.port": "49775", + "tcp.port": "80", + "tcp.stream": "170", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.checksum": "0x0000eeea", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:78", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1400" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:25.962824000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494785.962824000", + "frame.time_delta": "0.012619000", + "frame.time_delta_displayed": "0.012619000", + "frame.time_relative": "1194.502138000", + "frame.number": "4376", + "frame.len": "58", + "frame.cap_len": "58", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "46", + "ip.proto": "6", + "ip.checksum": "0x000094cd", + "ip.checksum.status": "2", + "ip.src": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.src_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49775", + "tcp.port": "80", + "tcp.port": "49775", + "tcp.stream": "170", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00006d54", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4375", + "tcp.analysis.ack_rtt": "0.012619000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:25.968834000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494785.968834000", + "frame.time_delta": "0.006010000", + "frame.time_delta_displayed": "0.006010000", + "frame.time_relative": "1194.508148000", + "frame.number": "4377", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001047", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f389", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.dst_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49775", + "tcp.dstport": "80", + "tcp.port": "49775", + "tcp.port": "80", + "tcp.stream": "170", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000e141", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4376", + "tcp.analysis.ack_rtt": "0.006010000", + "tcp.analysis.initial_rtt": "0.018629000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:25.987365000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494785.987365000", + "frame.time_delta": "0.018531000", + "frame.time_delta_displayed": "0.018531000", + "frame.time_relative": "1194.526679000", + "frame.number": "4378", + "frame.len": "69", + "frame.cap_len": "69", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "55", + "ip.id": "0x00001048", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f379", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.dst_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49775", + "tcp.dstport": "80", + "tcp.port": "49775", + "tcp.port": "80", + "tcp.stream": "170", + "tcp.len": "15", + "tcp.seq": "1", + "tcp.nxtseq": "16", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000029bd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018629000", + "tcp.analysis.bytes_in_flight": "15", + "tcp.analysis.push_bytes_sent": "15" + }, + "tcp.segment_data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:26.000044000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494786.000044000", + "frame.time_delta": "0.012679000", + "frame.time_delta_displayed": "0.012679000", + "frame.time_relative": "1194.539358000", + "frame.number": "4379", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003b07", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "46", + "ip.proto": "6", + "ip.checksum": "0x000059ca", + "ip.checksum.status": "2", + "ip.src": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.src_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49775", + "tcp.port": "80", + "tcp.port": "49775", + "tcp.stream": "170", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "16", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008502", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4378", + "tcp.analysis.ack_rtt": "0.012679000", + "tcp.analysis.initial_rtt": "0.018629000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:26.005858000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494786.005858000", + "frame.time_delta": "0.005814000", + "frame.time_delta_displayed": "0.005814000", + "frame.time_relative": "1194.545172000", + "frame.number": "4380", + "frame.len": "296", + "frame.cap_len": "296", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "282", + "ip.id": "0x00001049", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f295", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.dst_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49775", + "tcp.dstport": "80", + "tcp.port": "49775", + "tcp.port": "80", + "tcp.stream": "170", + "tcp.len": "242", + "tcp.seq": "16", + "tcp.nxtseq": "258", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00006050", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018629000", + "tcp.analysis.bytes_in_flight": "242", + "tcp.analysis.push_bytes_sent": "242" + }, + "tcp.segment_data": "73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" + }, + "tcp.segments": { + "tcp.segment": "4378", + "tcp.segment": "4380", + "tcp.segment.count": "2", + "tcp.reassembled.length": "257", + "tcp.reassembled.data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f:73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" + }, + "http": { + "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "pubsub.pubnub.com", + "http.request.line": "Host: pubsub.pubnub.com\r\n", + "http.user_agent": "lwsockets\/0.1", + "http.request.line": "User-Agent: lwsockets\/0.1\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.cache_control": "no-cache, no-store, max-age=0", + "http.request.line": "Cache-Control: no-cache, no-store, max-age=0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/pubsub.pubnub.com\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:26.019819000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494786.019819000", + "frame.time_delta": "0.013961000", + "frame.time_delta_displayed": "0.013961000", + "frame.time_relative": "1194.559133000", + "frame.number": "4381", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003b08", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "46", + "ip.proto": "6", + "ip.checksum": "0x000059c9", + "ip.checksum.status": "2", + "ip.src": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.src_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49775", + "tcp.port": "80", + "tcp.port": "49775", + "tcp.stream": "170", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "258", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30016", + "tcp.window_size": "30016", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000080e0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4380", + "tcp.analysis.ack_rtt": "0.013961000", + "tcp.analysis.initial_rtt": "0.018629000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:27.026427000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494787.026427000", + "frame.time_delta": "1.006608000", + "frame.time_delta_displayed": "1.006608000", + "frame.time_relative": "1195.565741000", + "frame.number": "4382", + "frame.len": "412", + "frame.cap_len": "412", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "398", + "ip.id": "0x00009617", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000760e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "346", + "tcp.seq": "57495", + "tcp.nxtseq": "57841", + "tcp.ack": "12642", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000035b6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:83:f4:a7:9f:84:99", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2524148, TSecr 2812249241": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2524148", + "tcp.options.timestamp.tsecr": "2812249241" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "346", + "tcp.analysis.push_bytes_sent": "346" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "341", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:cd:68:19:de:fb:5d:34:5f:b9:92:2a:d1:dd:8a:40:99:c1:9b:65:30:43:a5:4d:be:f4:ae:41:f1:c6:10:4d:2a:f6:3a:ce:e3:8c:cd:50:cf:9c:e9:b6:f4:b9:ad:93:2f:1e:e6:a0:12:ad:5c:1a:fe:10:7d:83:0d:6e:97:12:56:48:45:17:11:fb:65:b0:13:fd:33:a0:18:5b:1c:a7:08:4f:11:81:e6:40:f8:c3:b9:20:d6:1b:96:4b:d9:86:6a:18:5c:03:1a:06:e3:c5:bb:43:4b:2e:16:61:79:0e:91:76:73:35:36:85:a4:e7:ce:11:4d:2e:a9:e5:1a:24:71:6a:b4:01:a1:09:f4:4e:13:7d:a8:d8:0d:16:23:65:50:c9:92:b0:08:9a:9b:0d:da:ee:eb:06:5a:f9:ee:1b:53:6b:aa:cb:22:e6:f4:62:1a:00:99:1c:d4:8f:ed:80:0d:ab:ad:d9:21:1b:d4:cb:f2:32:36:bf:3b:02:e4:39:c2:a4:ba:76:b3:d0:fa:61:3a:b4:66:b9:23:de:c5:39:f8:e1:7f:d5:ab:17:5f:9a:e9:06:34:ce:fb:42:b4:11:d0:c2:4f:07:25:ff:d0:39:b8:eb:70:3b:aa:41:b5:6e:1e:a6:12:4b:12:d1:72:bd:fe:bc:9e:e0:31:f4:d9:0f:d2:4f:49:a8:68:47:6d:87:ab:e6:44:d3:4f:4c:aa:62:03:d9:46:5e:8c:1a:1a:3e:12:58:c9:47:66:25:b5:62:a9:e0:db:38:7c:0c:00:70:70:18:4d:25:7f:e3:d2:a2:12:dc:2e:93:60:2b:84:ad:73:99:ae:2d:81:5f:85:d0:0f:31:29:ae:2f:e8:6b:c0:cd:0b:a1:d0:dc:22:ad" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:27.087419000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494787.087419000", + "frame.time_delta": "0.060992000", + "frame.time_delta_displayed": "0.060992000", + "frame.time_relative": "1195.626733000", + "frame.number": "4383", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d19", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003837", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "12642", + "tcp.nxtseq": "12689", + "tcp.ack": "57841", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001e58", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9f:8a:f0:00:26:83:f4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812250864, TSecr 2524148": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812250864", + "tcp.options.timestamp.tsecr": "2524148" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4382", + "tcp.analysis.ack_rtt": "0.060992000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:89:4f:2e:1f:5b:b5:5d:eb:99:2c:52:19:71:d1:8b:59:4c:22:ae:56:6c:b4:c4:37:55:ed:29:8d:74:ee:6f:ba:bc:f9:51" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:27.087841000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494787.087841000", + "frame.time_delta": "0.000422000", + "frame.time_delta_displayed": "0.000422000", + "frame.time_relative": "1195.627155000", + "frame.number": "4384", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009618", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007767", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "57841", + "tcp.ack": "12689", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000852f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:83:fa:a7:9f:8a:f0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2524154, TSecr 2812250864": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2524154", + "tcp.options.timestamp.tsecr": "2812250864" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4383", + "tcp.analysis.ack_rtt": "0.000422000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:27.571933000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494787.571933000", + "frame.time_delta": "0.484092000", + "frame.time_delta_displayed": "0.484092000", + "frame.time_relative": "1196.111247000", + "frame.number": "4385", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "50:c7:bf:59:d5:84", + "eth.src_tree": { + "eth.src_resolved": "Tp-LinkT_59:d5:84", + "eth.addr": "50:c7:bf:59:d5:84", + "eth.addr_resolved": "Tp-LinkT_59:d5:84", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "50:c7:bf:59:d5:84", + "arp.src.proto_ipv4": "192.168.0.221", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:27.633070000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494787.633070000", + "frame.time_delta": "0.061137000", + "frame.time_delta_displayed": "0.061137000", + "frame.time_relative": "1196.172384000", + "frame.number": "4386", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001e22", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b9ce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000177e", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000278", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=632", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:27.633613000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494787.633613000", + "frame.time_delta": "0.000543000", + "frame.time_delta_displayed": "0.000543000", + "frame.time_relative": "1196.172927000", + "frame.number": "4387", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001e23", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009ac9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f879", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000278", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=632", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:27.634699000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494787.634699000", + "frame.time_delta": "0.001086000", + "frame.time_delta_displayed": "0.001086000", + "frame.time_relative": "1196.174013000", + "frame.number": "4388", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000863f", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000278", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=632", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:28.852537000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494788.852537000", + "frame.time_delta": "1.217838000", + "frame.time_delta_displayed": "1.217838000", + "frame.time_relative": "1197.391851000", + "frame.number": "4389", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:29.910698000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494789.910698000", + "frame.time_delta": "1.058161000", + "frame.time_delta_displayed": "1.058161000", + "frame.time_relative": "1198.450012000", + "frame.number": "4390", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.120" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:29.916405000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494789.916405000", + "frame.time_delta": "0.005707000", + "frame.time_delta_displayed": "0.005707000", + "frame.time_relative": "1198.455719000", + "frame.number": "4391", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "e4:95:6e:b0:20:39", + "arp.src.proto_ipv4": "192.168.0.120", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:32.635573000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494792.635573000", + "frame.time_delta": "2.719168000", + "frame.time_delta_displayed": "2.719168000", + "frame.time_relative": "1201.174887000", + "frame.number": "4392", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001e29", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b9c7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000177e", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000278", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=632", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:32.709209000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494792.709209000", + "frame.time_delta": "0.073636000", + "frame.time_delta_displayed": "0.073636000", + "frame.time_relative": "1201.248523000", + "frame.number": "4393", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000863f", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000278", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=632", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:32.710028000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494792.710028000", + "frame.time_delta": "0.000819000", + "frame.time_delta_displayed": "0.000819000", + "frame.time_relative": "1201.249342000", + "frame.number": "4394", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001e2a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009ac2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f879", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000278", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=632", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:36.588432000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494796.588432000", + "frame.time_delta": "3.878404000", + "frame.time_delta_displayed": "3.878404000", + "frame.time_relative": "1205.127746000", + "frame.number": "4395", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005d0e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005adb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:37.635674000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494797.635674000", + "frame.time_delta": "1.047242000", + "frame.time_delta_displayed": "1.047242000", + "frame.time_relative": "1206.174988000", + "frame.number": "4396", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001e42", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b9ae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000177e", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000278", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=632", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:37.636228000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494797.636228000", + "frame.time_delta": "0.000554000", + "frame.time_delta_displayed": "0.000554000", + "frame.time_relative": "1206.175542000", + "frame.number": "4397", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001e43", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009aa9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f879", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000278", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=632", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:37.636925000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494797.636925000", + "frame.time_delta": "0.000697000", + "frame.time_delta_displayed": "0.000697000", + "frame.time_relative": "1206.176239000", + "frame.number": "4398", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000863f", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000278", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=632", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:38.872401000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494798.872401000", + "frame.time_delta": "1.235476000", + "frame.time_delta_displayed": "1.235476000", + "frame.time_relative": "1207.411715000", + "frame.number": "4399", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00005742", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008217", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:44.779625000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494804.779625000", + "frame.time_delta": "5.907224000", + "frame.time_delta_displayed": "5.907224000", + "frame.time_relative": "1213.318939000", + "frame.number": "4400", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005808", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a689", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "4917", + "tcp.ack": "469", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f1b6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:44.922983000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494804.922983000", + "frame.time_delta": "0.143358000", + "frame.time_delta_displayed": "0.143358000", + "frame.time_relative": "1213.462297000", + "frame.number": "4401", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000ff1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fda0", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "469", + "tcp.ack": "4918", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fc2b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:47.636212000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494807.636212000", + "frame.time_delta": "2.713229000", + "frame.time_delta_displayed": "2.713229000", + "frame.time_relative": "1216.175526000", + "frame.number": "4402", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001e44", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b9ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000167d", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000279", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=633", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:47.636740000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494807.636740000", + "frame.time_delta": "0.000528000", + "frame.time_delta_displayed": "0.000528000", + "frame.time_relative": "1216.176054000", + "frame.number": "4403", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001e45", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009aa7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f778", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000279", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=633", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:47.637343000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494807.637343000", + "frame.time_delta": "0.000603000", + "frame.time_delta_displayed": "0.000603000", + "frame.time_relative": "1216.176657000", + "frame.number": "4404", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000853e", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000279", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=633", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:49.930719000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494809.930719000", + "frame.time_delta": "2.293376000", + "frame.time_delta_displayed": "2.293376000", + "frame.time_relative": "1218.470033000", + "frame.number": "4405", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:49.931116000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494809.931116000", + "frame.time_delta": "0.000397000", + "frame.time_delta_displayed": "0.000397000", + "frame.time_relative": "1218.470430000", + "frame.number": "4406", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:52.637068000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494812.637068000", + "frame.time_delta": "2.705952000", + "frame.time_delta_displayed": "2.705952000", + "frame.time_relative": "1221.176382000", + "frame.number": "4407", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001e4a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b9a6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000167d", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000279", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=633", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:52.637943000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494812.637943000", + "frame.time_delta": "0.000875000", + "frame.time_delta_displayed": "0.000875000", + "frame.time_relative": "1221.177257000", + "frame.number": "4408", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001e4b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009aa1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f778", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000279", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=633", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:52.638418000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494812.638418000", + "frame.time_delta": "0.000475000", + "frame.time_delta_displayed": "0.000475000", + "frame.time_relative": "1221.177732000", + "frame.number": "4409", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000853e", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000279", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=633", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:54.110351000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494814.110351000", + "frame.time_delta": "1.471933000", + "frame.time_delta_displayed": "1.471933000", + "frame.time_relative": "1222.649665000", + "frame.number": "4410", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000dac1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ee95", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:54.163193000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494814.163193000", + "frame.time_delta": "0.052842000", + "frame.time_delta_displayed": "0.052842000", + "frame.time_relative": "1222.702507000", + "frame.number": "4411", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000dac4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ee92", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:54.216133000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494814.216133000", + "frame.time_delta": "0.052940000", + "frame.time_delta_displayed": "0.052940000", + "frame.time_relative": "1222.755447000", + "frame.number": "4412", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000dac6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ee87", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:54.269017000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494814.269017000", + "frame.time_delta": "0.052884000", + "frame.time_delta_displayed": "0.052884000", + "frame.time_relative": "1222.808331000", + "frame.number": "4413", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000dac7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ee86", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:54.321837000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494814.321837000", + "frame.time_delta": "0.052820000", + "frame.time_delta_displayed": "0.052820000", + "frame.time_relative": "1222.861151000", + "frame.number": "4414", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000dacc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ee87", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:54.374478000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494814.374478000", + "frame.time_delta": "0.052641000", + "frame.time_delta_displayed": "0.052641000", + "frame.time_relative": "1222.913792000", + "frame.number": "4415", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000dacf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ee84", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:55.354537000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494815.354537000", + "frame.time_delta": "0.980059000", + "frame.time_delta_displayed": "0.980059000", + "frame.time_relative": "1223.893851000", + "frame.number": "4416", + "frame.len": "80", + "frame.cap_len": "80", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "66", + "ip.id": "0x00000b64", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed5e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "46", + "udp.checksum": "0x00006438", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "26:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:c4:28:e4:42:89:cd:f2:14:6f:00:00:00:46:0c", + "data.len": "38" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:57.678875000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494817.678875000", + "frame.time_delta": "2.324338000", + "frame.time_delta_displayed": "2.324338000", + "frame.time_relative": "1226.218189000", + "frame.number": "4417", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001e53", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009a99", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f778", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000279", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=633", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:57.679052000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494817.679052000", + "frame.time_delta": "0.000177000", + "frame.time_delta_displayed": "0.000177000", + "frame.time_relative": "1226.218366000", + "frame.number": "4418", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001e52", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b99e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000167d", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000279", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=633", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:57.679202000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494817.679202000", + "frame.time_delta": "0.000150000", + "frame.time_delta_displayed": "0.000150000", + "frame.time_relative": "1226.218516000", + "frame.number": "4419", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000853e", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000279", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=633", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:58.093497000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494818.093497000", + "frame.time_delta": "0.414295000", + "frame.time_delta_displayed": "0.414295000", + "frame.time_relative": "1226.632811000", + "frame.number": "4420", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009619", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007735", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "57841", + "tcp.nxtseq": "57890", + "tcp.ack": "12689", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000018b4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:90:17:a7:9f:8a:f0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2527255, TSecr 2812250864": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2527255", + "tcp.options.timestamp.tsecr": "2812250864" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:ce:7a:3e:29:55:aa:52:ef:a0:5a:2b:89:dc:9e:43:07:fd:e5:fa:51:76:ff:df:18:84:fc:c6:ae:7a:6d:44:b5:40:d1:fe:4d:25" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:58.154263000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494818.154263000", + "frame.time_delta": "0.060766000", + "frame.time_delta_displayed": "0.060766000", + "frame.time_relative": "1226.693577000", + "frame.number": "4421", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002d1a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000382e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "12689", + "tcp.nxtseq": "12744", + "tcp.ack": "57890", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000237d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9f:a9:46:00:26:90:17", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812258630, TSecr 2527255": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812258630", + "tcp.options.timestamp.tsecr": "2527255" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4420", + "tcp.analysis.ack_rtt": "0.060766000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:8a:f6:ff:46:43:ea:ee:fe:f6:22:1d:35:41:65:e8:6c:39:a2:38:1f:42:67:a5:31:3d:ef:51:38:3a:7e:4c:47:c2:b6:5f:af:07:25:c8:d4:78:03:eb" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:58.154770000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494818.154770000", + "frame.time_delta": "0.000507000", + "frame.time_delta_displayed": "0.000507000", + "frame.time_relative": "1226.694084000", + "frame.number": "4422", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000961a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007765", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "57890", + "tcp.ack": "12744", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005a4e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:90:1d:a7:9f:a9:46", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2527261, TSecr 2812258630": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2527261", + "tcp.options.timestamp.tsecr": "2812258630" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4421", + "tcp.analysis.ack_rtt": "0.000507000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:06:58.962482000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494818.962482000", + "frame.time_delta": "0.807712000", + "frame.time_delta_displayed": "0.807712000", + "frame.time_relative": "1227.501796000", + "frame.number": "4423", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00005aa1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007eb8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:03.160205000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494823.160205000", + "frame.time_delta": "4.197723000", + "frame.time_delta_displayed": "4.197723000", + "frame.time_relative": "1231.699519000", + "frame.number": "4424", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:03.160650000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494823.160650000", + "frame.time_delta": "0.000445000", + "frame.time_delta_displayed": "0.000445000", + "frame.time_relative": "1231.699964000", + "frame.number": "4425", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:06.590856000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494826.590856000", + "frame.time_delta": "3.430206000", + "frame.time_delta_displayed": "3.430206000", + "frame.time_relative": "1235.130170000", + "frame.number": "4426", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005d15", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005ad4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:07.406047000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494827.406047000", + "frame.time_delta": "0.815191000", + "frame.time_delta_displayed": "0.815191000", + "frame.time_relative": "1235.945361000", + "frame.number": "4427", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b66", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed2a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x00008ac1", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2d:44:91:20:11:8c:cd:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:07.637341000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494827.637341000", + "frame.time_delta": "0.231294000", + "frame.time_delta_displayed": "0.231294000", + "frame.time_relative": "1236.176655000", + "frame.number": "4428", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001e6b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b985", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000157c", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000027a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=634", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:07.637877000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494827.637877000", + "frame.time_delta": "0.000536000", + "frame.time_delta_displayed": "0.000536000", + "frame.time_relative": "1236.177191000", + "frame.number": "4429", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001e6c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009a80", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f677", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000027a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=634", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:07.638502000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494827.638502000", + "frame.time_delta": "0.000625000", + "frame.time_delta_displayed": "0.000625000", + "frame.time_relative": "1236.177816000", + "frame.number": "4430", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000843d", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000027a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=634", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:12.643891000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494832.643891000", + "frame.time_delta": "5.005389000", + "frame.time_delta_displayed": "5.005389000", + "frame.time_relative": "1241.183205000", + "frame.number": "4431", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001e81", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b96f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000157c", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000027a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=634", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:12.644277000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494832.644277000", + "frame.time_delta": "0.000386000", + "frame.time_delta_displayed": "0.000386000", + "frame.time_relative": "1241.183591000", + "frame.number": "4432", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001e82", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009a6a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f677", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000027a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=634", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:12.644685000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494832.644685000", + "frame.time_delta": "0.000408000", + "frame.time_delta_displayed": "0.000408000", + "frame.time_relative": "1241.183999000", + "frame.number": "4433", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000843d", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000027a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=634", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:14.919566000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494834.919566000", + "frame.time_delta": "2.274881000", + "frame.time_delta_displayed": "2.274881000", + "frame.time_relative": "1243.458880000", + "frame.number": "4434", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005809", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a688", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "4917", + "tcp.ack": "469", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f1b6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:15.062948000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494835.062948000", + "frame.time_delta": "0.143382000", + "frame.time_delta_displayed": "0.143382000", + "frame.time_relative": "1243.602262000", + "frame.number": "4435", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000ff2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd9f", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "469", + "tcp.ack": "4918", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fc2b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:17.638057000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494837.638057000", + "frame.time_delta": "2.575109000", + "frame.time_delta_displayed": "2.575109000", + "frame.time_relative": "1246.177371000", + "frame.number": "4436", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001e83", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b96d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000157c", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000027a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=634", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:17.638469000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494837.638469000", + "frame.time_delta": "0.000412000", + "frame.time_delta_displayed": "0.000412000", + "frame.time_relative": "1246.177783000", + "frame.number": "4437", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001e84", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009a68", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f677", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000027a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=634", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:17.639049000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494837.639049000", + "frame.time_delta": "0.000580000", + "frame.time_delta_displayed": "0.000580000", + "frame.time_relative": "1246.178363000", + "frame.number": "4438", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000843d", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000027a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=634", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:18.917677000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494838.917677000", + "frame.time_delta": "1.278628000", + "frame.time_delta_displayed": "1.278628000", + "frame.time_relative": "1247.456991000", + "frame.number": "4439", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00005e64", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007af5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:19.790976000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494839.790976000", + "frame.time_delta": "0.873299000", + "frame.time_delta_displayed": "0.873299000", + "frame.time_relative": "1248.330290000", + "frame.number": "4440", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:20.043359000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494840.043359000", + "frame.time_delta": "0.252383000", + "frame.time_delta_displayed": "0.252383000", + "frame.time_relative": "1248.582673000", + "frame.number": "4441", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:20.070170000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494840.070170000", + "frame.time_delta": "0.026811000", + "frame.time_delta_displayed": "0.026811000", + "frame.time_relative": "1248.609484000", + "frame.number": "4442", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:20.070571000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494840.070571000", + "frame.time_delta": "0.000401000", + "frame.time_delta_displayed": "0.000401000", + "frame.time_relative": "1248.609885000", + "frame.number": "4443", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:20.082953000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494840.082953000", + "frame.time_delta": "0.012382000", + "frame.time_delta_displayed": "0.012382000", + "frame.time_relative": "1248.622267000", + "frame.number": "4444", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:20.097710000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494840.097710000", + "frame.time_delta": "0.014757000", + "frame.time_delta_displayed": "0.014757000", + "frame.time_relative": "1248.637024000", + "frame.number": "4445", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:20.458693000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494840.458693000", + "frame.time_delta": "0.360983000", + "frame.time_delta_displayed": "0.360983000", + "frame.time_relative": "1248.998007000", + "frame.number": "4446", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:25.174638000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494845.174638000", + "frame.time_delta": "4.715945000", + "frame.time_delta_displayed": "4.715945000", + "frame.time_relative": "1253.713952000", + "frame.number": "4447", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:26.131853000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494846.131853000", + "frame.time_delta": "0.957215000", + "frame.time_delta_displayed": "0.957215000", + "frame.time_relative": "1254.671167000", + "frame.number": "4448", + "frame.len": "264", + "frame.cap_len": "264", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "250", + "ip.id": "0x00002d1b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000379e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "198", + "tcp.seq": "12744", + "tcp.nxtseq": "12942", + "tcp.ack": "57890", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009e9d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9f:c4:99:00:26:90:1d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812265625, TSecr 2527261": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812265625", + "tcp.options.timestamp.tsecr": "2527261" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "198", + "tcp.analysis.push_bytes_sent": "198" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "193", + "ssl.app_data": "34:cd:34:17:47:48:0e:8b:c5:ce:37:49:44:e1:fa:ec:ee:c7:79:8d:38:c4:bd:b4:dc:98:fe:28:96:0b:3a:b4:95:e8:b0:34:53:8c:58:2d:13:2d:76:e4:9a:bc:b9:b5:5e:66:7b:a1:d5:b5:7b:7c:b9:7a:cb:43:05:e3:e8:ca:3d:2d:a6:54:2b:07:fd:88:6e:7c:2f:36:31:44:15:28:95:8a:3c:fa:f9:ab:9e:fc:52:c3:77:e0:32:12:d7:e8:91:b5:b7:fc:29:8e:d4:ea:6a:a3:eb:8c:67:b2:27:e6:3c:23:8d:4b:07:80:76:e6:38:04:fe:85:3d:f3:ed:14:56:81:f6:93:3a:3c:b7:b2:a6:80:ae:e4:67:ee:3d:b1:68:df:06:93:bc:d9:3b:0e:ce:09:56:a3:c6:66:5c:57:63:08:37:ad:37:71:9d:99:a5:a1:2f:c3:97:48:6e:74:cf:1e:95:28:6f:cf:25:b7:73:5f:9d:f2:9e:05:4f:a5:d2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:26.132338000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494846.132338000", + "frame.time_delta": "0.000485000", + "frame.time_delta_displayed": "0.000485000", + "frame.time_relative": "1254.671652000", + "frame.number": "4449", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000961b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007764", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "57890", + "tcp.ack": "12942", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003347", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:9b:0b:a7:9f:c4:99", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2530059, TSecr 2812265625": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2530059", + "tcp.options.timestamp.tsecr": "2812265625" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4448", + "tcp.analysis.ack_rtt": "0.000485000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:26.140612000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494846.140612000", + "frame.time_delta": "0.008274000", + "frame.time_delta_displayed": "0.008274000", + "frame.time_relative": "1254.679926000", + "frame.number": "4450", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x0000961c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000772e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "57890", + "tcp.nxtseq": "57943", + "tcp.ack": "12942", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000039b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:9b:0c:a7:9f:c4:99", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2530060, TSecr 2812265625": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2530060", + "tcp.options.timestamp.tsecr": "2812265625" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:cf:bc:a3:a8:49:a7:3c:c5:1e:94:d4:17:65:c1:17:98:4b:80:e2:6c:de:75:29:3c:7d:6a:dd:8a:55:ae:21:e7:c0:de:08:d5:46:c9:1d:b5:53" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:26.238302000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494846.238302000", + "frame.time_delta": "0.097690000", + "frame.time_delta_displayed": "0.097690000", + "frame.time_relative": "1254.777616000", + "frame.number": "4451", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d1c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003863", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "12942", + "tcp.ack": "57943", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000033e5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9f:c4:b4:00:26:9b:0c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812265652, TSecr 2530060": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812265652", + "tcp.options.timestamp.tsecr": "2530060" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4450", + "tcp.analysis.ack_rtt": "0.097690000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:26.238909000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494846.238909000", + "frame.time_delta": "0.000607000", + "frame.time_delta_displayed": "0.000607000", + "frame.time_relative": "1254.778223000", + "frame.number": "4452", + "frame.len": "1440", + "frame.cap_len": "1440", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1426", + "ip.id": "0x0000961d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007204", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1374", + "tcp.seq": "57943", + "tcp.nxtseq": "59317", + "tcp.ack": "12942", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002286", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:9b:16:a7:9f:c4:b4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2530070, TSecr 2812265652": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2530070", + "tcp.options.timestamp.tsecr": "2812265652" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1374", + "tcp.analysis.push_bytes_sent": "1374" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:d0:21:9f:45:5e:67:02:f1:e1:a1:b6:b4:c3:d0:19:99:6a:d0:6b:6e:0f:67:91:53:16:40:57:5b:2c:c6:80:34:2e:35:aa:b9:38:98:48:19:2a:7f" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:d1:16:af:2d:6c:b0:a9:ba:a0:ca:48:95:7f:06:3f:ba:e8:b8:71:75:6a:e3:fd:3c:01:ff:30:aa:6b:e8:ba:f4:d5:f4:6f:90:f6:20:07:e1:84:d0:3c:03:7b:85:b3:d8:69:34:6d:18:7c:e3:ae:24:56:02:6c:7d:7d:2e:56:ac:7f:52:cc:47:de:62:75:2c:6e:dd:e3:2c:f0:11:c5:cf:9d:ba:f9:3a:85:37:12:a3:e7" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1078", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:d2:d1:00:5d:cb:52:9d:6e:28:cd:cd:a6:4d:9f:35:be:0a:02:e2:b0:eb:7d:3e:79:c1:22:79:bf:01:e1:3e:7f:b0:e9:d8:26:7f:b5:bd:43:90:58:49:7e:3f:28:7e:86:de:ab:72:f4:89:06:3d:22:34:a4:89:c5:90:5f:86:b1:60:6c:a9:0e:f9:60:af:04:3c:53:42:ba:52:41:ae:af:a0:b1:11:54:d7:b2:ca:3e:f6:f8:14:d9:50:97:d4:1a:c5:5f:15:f0:66:bf:6a:2d:bb:01:2a:28:21:a7:89:04:6a:fa:b7:12:7e:34:97:e8:96:4e:6d:5b:bf:6e:b1:58:b6:59:6c:04:65:74:3f:79:ed:aa:2e:63:5f:93:af:1f:e2:de:b2:68:84:b8:01:e8:7b:ed:d6:f4:92:bc:29:fd:a4:d8:fd:c7:06:4e:12:80:b7:b1:76:f3:3c:0d:da:9e:ca:6d:de:1b:a2:36:2b:b4:f5:d5:66:ca:46:8b:ed:38:11:8d:fb:c4:42:89:8f:84:09:3d:72:5d:e3:65:dc:8d:a3:7f:2f:ed:bd:0e:f6:10:1f:80:46:e2:f9:99:b1:c0:5c:60:6f:72:02:31:87:28:0b:90:86:3a:1a:9b:65:44:e7:1f:d9:8c:73:eb:ba:eb:f3:fc:9b:27:f2:5e:51:78:83:5e:ad:56:ac:6b:1c:98:6a:f8:1c:95:31:79:3d:c6:9c:39:16:ce:31:88:66:b7:a1:af:c4:22:b1:df:5e:77:4f:fc:d7:79:d5:cf:c6:8a:1f:cd:31:ef:df:d0:dc:78:f2:44:43:5c:dc:56:90:3a:42:1e:31:a9:29:91:8d:80:f9:f4:21:23:10:2f:bc:9e:0c:b9:8f:9b:11:4e:fe:02:a7:06:9c:2b:55:98:fb:eb:29:28:d9:d1:5e:6e:5e:e6:d6:48:da:a3:88:a3:b6:07:9f:cc:28:3b:bc:f9:1d:23:90:8f:3c:37:5d:fe:d9:3e:89:33:76:21:18:f8:bb:31:21:48:3f:b9:29:51:4c:62:8d:4c:c1:5f:03:4c:d4:42:bc:6a:25:cf:16:9d:95:e6:13:f3:fe:80:c1:47:89:ed:a2:de:c5:54:cb:dd:d8:93:41:70:8d:fc:1c:09:8e:8e:82:fe:55:11:14:64:0a:17:a2:68:c9:d9:fb:ae:77:d5:33:5e:d3:91:df:ce:8b:10:6b:9f:d5:fc:21:d4:3d:a5:8c:b0:18:24:52:5f:74:da:28:23:46:95:f9:1c:89:f8:be:b6:af:d3:09:1e:53:b1:dc:52:c3:dc:83:9f:06:45:35:29:bc:bd:76:4f:c9:c1:3f:9e:bd:e1:76:4f:96:d1:03:16:38:6d:b2:ab:73:7a:30:b5:6f:a7:29:22:7b:95:47:ae:cd:00:68:aa:85:3d:d5:66:25:0d:02:ae:97:15:0b:55:f0:cc:fe:03:01:b3:c0:73:70:3b:f1:a0:10:a3:d8:18:ff:41:79:3d:8e:58:d7:e8:d5:e4:f2:f8:9e:78:ee:93:f1:c5:2b:8e:a1:c6:3c:f2:ac:1b:26:a0:a8:dc:f1:4f:a7:16:62:ae:a0:18:12:f2:e3:06:d8:80:25:7f:67:e8:65:cb:de:fb:11:71:04:d5:c7:dd:b5:eb:26:fe:d0:03:84:ca:30:04:4f:08:ec:06:c4:4f:07:c3:57:49:e0:39:8f:c1:61:c4:91:cc:40:f0:b6:5b:27:08:37:02:4b:7e:32:06:b1:f0:8d:b5:1a:cd:f7:77:c1:19:e8:4a:c1:4a:ea:2a:98:a0:39:12:8d:10:12:7c:e8:c1:12:f9:77:9c:a4:d8:e6:00:13:df:a6:24:10:b0:a9:28:6a:cc:ff:0e:8f:92:a9:32:e6:2f:a2:e0:f0:e5:e9:b1:42:19:c9:bc:6f:59:bd:21:7f:d3:c6:b2:04:01:a6:c3:e9:f3:ed:42:bb:f0:59:9b:95:30:78:b9:a6:2a:4a:cf:1b:44:2b:69:9e:5e:60:e1:f5:4e:2c:6c:6d:39:29:d4:85:06:74:be:2b:84:c3:e0:7e:cc:79:88:cb:bc:30:ee:6a:f7:df:8e:58:96:b8:2b:7d:be:f4:99:62:49:e4:28:20:2a:34:96:a5:90:70:5c:1b:4d:97:0f:f7:d3:ba:7e:19:2f:97:7f:a7:47:0f:ec:f8:d3:77:fe:2f:9f:5b:90:67:5e:cf:06:05:f1:39:bf:bc:3d:a2:cb:91:e1:5b:22:2a:ce:72:dc:09:b5:78:17:32:34:f1:77:04:54:bb:04:b5:98:0c:5b:36:3a:4c:1d:bd:21:9b:53:6b:b5:00:da:73:23:ad:be:af:64:ef:f5:6f:4e:bc:fb:a5:f6:8a:61:e0:f7:b5:8e:9d:d1:7d:57:85:94:41:bf:59:75:b6:52:85:e2:bc:21:51:07:c6:d1:3d:10:2f:29:05:75:bb:9a:bb:43:66:74:d3:22:0a:01:ce:db:07:be:64:e8:54:1e:c3:8b:e2:a5:4a:2b:8a:10:92:c3:a9:10:59:48:4f:0e:7d:38:9b:28:c4:9e:34:a1:25:8e:43:58:6f:2f:ae:f2:8d:43:e8:e0:d5:92:1c:ce:4e:ae:ce:03:6e:85:bd:ab:67:11:43:41:dd:19:6f:77:4b:88:61:c1:79:c1:17:25:46:2d:11:0f:9d:33:e6:b3:a9:4e:0b:9a:9a:56:01:42:8e:97:c9:f3:ed:7b:78:6f:47:a4:d4:b8:5d:65:15:6e:45:66:ff:eb:81:c8:56:fe:aa:e1:c7:49:d1:cb:40:2b:65:fe:04:4c:66:55:80:e4:a4:44:d8:cc:3e:c0:90:fd:e9" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "131", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:d3:1b:2d:75:89:fa:9d:71:4b:bc:a5:94:51:08:28:9f:97:4c:08:e7:05:98:1b:81:32:80:cc:8a:02:1d:82:4a:ff:b5:4e:1e:36:67:7b:43:a7:ff:57:2c:b3:70:31:6e:34:4e:65:ea:fa:66:92:7d:19:1d:47:b8:39:b3:fb:31:a1:3a:7c:3a:5f:05:64:f3:4c:87:19:22:7a:3a:81:4c:1a:52:78:20:45:47:1c:33:80:4d:01:a0:64:59:ed:dc:11:ed:66:c9:97:d3:28:9a:5a:6a:48:ab:7c:a1:07:79:9d:00:20:be:a2:05:9f:07:3f:42:f3:b2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:26.299408000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494846.299408000", + "frame.time_delta": "0.060499000", + "frame.time_delta_displayed": "0.060499000", + "frame.time_relative": "1254.838722000", + "frame.number": "4453", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d1d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003862", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "12942", + "tcp.ack": "59317", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002e6e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9f:c4:c3:00:26:9b:16", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812265667, TSecr 2530070": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812265667", + "tcp.options.timestamp.tsecr": "2530070" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4452", + "tcp.analysis.ack_rtt": "0.060499000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:26.565534000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494846.565534000", + "frame.time_delta": "0.266126000", + "frame.time_delta_displayed": "0.266126000", + "frame.time_relative": "1255.104848000", + "frame.number": "4454", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x0000961e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000772b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "59317", + "tcp.nxtseq": "59371", + "tcp.ack": "12942", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e535", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:9b:36:a7:9f:c4:c3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2530102, TSecr 2812265667": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2530102", + "tcp.options.timestamp.tsecr": "2812265667" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:d4:56:6b:96:3c:48:70:57:f9:2e:c0:d2:be:0b:4f:29:a2:8b:58:d2:ea:18:b9:4d:88:ef:74:91:de:4e:51:6c:b0:da:ac:2c:25:4c:83:e1:ba:d1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:26.625685000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494846.625685000", + "frame.time_delta": "0.060151000", + "frame.time_delta_displayed": "0.060151000", + "frame.time_relative": "1255.164999000", + "frame.number": "4455", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d1e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003861", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "12942", + "tcp.ack": "59371", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002dc7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9f:c5:14:00:26:9b:36", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812265748, TSecr 2530102": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812265748", + "tcp.options.timestamp.tsecr": "2530102" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4454", + "tcp.analysis.ack_rtt": "0.060151000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:27.028573000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494847.028573000", + "frame.time_delta": "0.402888000", + "frame.time_delta_displayed": "0.402888000", + "frame.time_relative": "1255.567887000", + "frame.number": "4456", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x00006279", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007715", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:27.035410000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494847.035410000", + "frame.time_delta": "0.006837000", + "frame.time_delta_displayed": "0.006837000", + "frame.time_relative": "1255.574724000", + "frame.number": "4457", + "frame.len": "211", + "frame.cap_len": "211", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "197", + "ip.id": "0x0000604d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007844", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "177", + "udp.checksum": "0x00009320", + "udp.checksum.status": "2", + "udp.stream": "45" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "4", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { + "dns.resp.name": "_smartthings._tcp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "19", + "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { + "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "4500", + "dns.resp.len": "38", + "dns.txt.length": "6", + "dns.txt": "path=\/", + "dns.txt.length": "19", + "dns.txt": "id=D052A8A1D7EE0001", + "dns.txt.length": "10", + "dns.txt": "type=hubv2" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { + "dns.srv.service": "D052A8A1D7EE0001", + "dns.srv.proto": "_smartthings", + "dns.srv.name": "_tcp.local", + "dns.resp.type": "33", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "25", + "dns.srv.priority": "0", + "dns.srv.weight": "0", + "dns.srv.port": "8081", + "dns.srv.target": "D052A8A1D7EE0001.local" + }, + "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { + "dns.resp.name": "D052A8A1D7EE0001.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "4", + "dns.a": "192.168.0.242" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:27.255621000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494847.255621000", + "frame.time_delta": "0.220211000", + "frame.time_delta_displayed": "0.220211000", + "frame.time_relative": "1255.794935000", + "frame.number": "4458", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x000062b8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000076d6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:27.475677000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494847.475677000", + "frame.time_delta": "0.220056000", + "frame.time_delta_displayed": "0.220056000", + "frame.time_relative": "1256.014991000", + "frame.number": "4459", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x000062c3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000076cb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:27.638452000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494847.638452000", + "frame.time_delta": "0.162775000", + "frame.time_delta_displayed": "0.162775000", + "frame.time_relative": "1256.177766000", + "frame.number": "4460", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ee2", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b90e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000147b", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000027b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=635", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:27.638984000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494847.638984000", + "frame.time_delta": "0.000532000", + "frame.time_delta_displayed": "0.000532000", + "frame.time_relative": "1256.178298000", + "frame.number": "4461", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ee3", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009a09", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f576", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000027b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=635", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:27.639606000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494847.639606000", + "frame.time_delta": "0.000622000", + "frame.time_delta_displayed": "0.000622000", + "frame.time_relative": "1256.178920000", + "frame.number": "4462", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000833c", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000027b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=635", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:28.898551000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494848.898551000", + "frame.time_delta": "1.258945000", + "frame.time_delta_displayed": "1.258945000", + "frame.time_relative": "1257.437865000", + "frame.number": "4463", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.435687000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.435687000", + "frame.time_delta": "1.537136000", + "frame.time_delta_displayed": "1.537136000", + "frame.time_relative": "1258.975001000", + "frame.number": "4464", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x00002100", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e744", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52117", + "udp.dstport": "1900", + "udp.port": "52117", + "udp.port": "1900", + "udp.length": "134", + "udp.checksum": "0x00004d48", + "udp.checksum.status": "2", + "udp.stream": "10" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "11", + "http.prev_request_in": "4083" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.813175000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.813175000", + "frame.time_delta": "0.377488000", + "frame.time_delta_displayed": "0.377488000", + "frame.time_relative": "1259.352489000", + "frame.number": "4465", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000eeb7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c893", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "61", + "http.prev_response_in": "4139" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.816964000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.816964000", + "frame.time_delta": "0.003789000", + "frame.time_delta_displayed": "0.003789000", + "frame.time_relative": "1259.356278000", + "frame.number": "4466", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001aac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dbb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54640", + "tcp.dstport": "80", + "tcp.port": "54640", + "tcp.port": "80", + "tcp.stream": "171", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00000090", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.817494000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.817494000", + "frame.time_delta": "0.000530000", + "frame.time_delta_displayed": "0.000530000", + "frame.time_relative": "1259.356808000", + "frame.number": "4467", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54640", + "tcp.port": "80", + "tcp.port": "54640", + "tcp.stream": "171", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000ee2f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4466", + "tcp.analysis.ack_rtt": "0.000530000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.820745000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.820745000", + "frame.time_delta": "0.003251000", + "frame.time_delta_displayed": "0.003251000", + "frame.time_relative": "1259.360059000", + "frame.number": "4468", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001aad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dc6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54640", + "tcp.dstport": "80", + "tcp.port": "54640", + "tcp.port": "80", + "tcp.stream": "171", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a00e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4467", + "tcp.analysis.ack_rtt": "0.003251000", + "tcp.analysis.initial_rtt": "0.003781000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.821405000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.821405000", + "frame.time_delta": "0.000660000", + "frame.time_delta_displayed": "0.000660000", + "frame.time_relative": "1259.360719000", + "frame.number": "4469", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001aae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d1e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54640", + "tcp.dstport": "80", + "tcp.port": "54640", + "tcp.port": "80", + "tcp.stream": "171", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b587", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003781000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.821887000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.821887000", + "frame.time_delta": "0.000482000", + "frame.time_delta_displayed": "0.000482000", + "frame.time_relative": "1259.361201000", + "frame.number": "4470", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000281e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009055", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54640", + "tcp.port": "80", + "tcp.port": "54640", + "tcp.stream": "171", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000919f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4469", + "tcp.analysis.ack_rtt": "0.000482000", + "tcp.analysis.initial_rtt": "0.003781000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.822475000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.822475000", + "frame.time_delta": "0.000588000", + "frame.time_delta_displayed": "0.000588000", + "frame.time_relative": "1259.361789000", + "frame.number": "4471", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000281f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009043", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54640", + "tcp.port": "80", + "tcp.port": "54640", + "tcp.stream": "171", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d1c0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003781000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.822979000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.822979000", + "frame.time_delta": "0.000504000", + "frame.time_delta_displayed": "0.000504000", + "frame.time_relative": "1259.362293000", + "frame.number": "4472", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00002820", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008c70", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54640", + "tcp.port": "80", + "tcp.port": "54640", + "tcp.stream": "171", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000242a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003781000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "4471", + "tcp.segment": "4472", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001574000", + "http.request_in": "4469", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.826803000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.826803000", + "frame.time_delta": "0.003824000", + "frame.time_delta_displayed": "0.003824000", + "frame.time_relative": "1259.366117000", + "frame.number": "4473", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001aaf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dc4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54640", + "tcp.dstport": "80", + "tcp.port": "54640", + "tcp.port": "80", + "tcp.stream": "171", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009b76", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4472", + "tcp.analysis.ack_rtt": "0.003824000", + "tcp.analysis.initial_rtt": "0.003781000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.827483000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.827483000", + "frame.time_delta": "0.000680000", + "frame.time_delta_displayed": "0.000680000", + "frame.time_relative": "1259.366797000", + "frame.number": "4474", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001ab0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dc3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54640", + "tcp.dstport": "80", + "tcp.port": "54640", + "tcp.port": "80", + "tcp.stream": "171", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009b75", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.827917000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.827917000", + "frame.time_delta": "0.000434000", + "frame.time_delta_displayed": "0.000434000", + "frame.time_relative": "1259.367231000", + "frame.number": "4475", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b203", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000670", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54640", + "tcp.port": "80", + "tcp.port": "54640", + "tcp.stream": "171", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008da9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4474", + "tcp.analysis.ack_rtt": "0.000434000", + "tcp.analysis.initial_rtt": "0.003781000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.866083000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.866083000", + "frame.time_delta": "0.038166000", + "frame.time_delta_displayed": "0.038166000", + "frame.time_relative": "1259.405397000", + "frame.number": "4476", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000eeb9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c888", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "62", + "http.prev_response_in": "4465" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.878777000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.878777000", + "frame.time_delta": "0.012694000", + "frame.time_delta_displayed": "0.012694000", + "frame.time_relative": "1259.418091000", + "frame.number": "4477", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001ab1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005db6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54641", + "tcp.dstport": "80", + "tcp.port": "54641", + "tcp.port": "80", + "tcp.stream": "172", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000a322", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.879320000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.879320000", + "frame.time_delta": "0.000543000", + "frame.time_delta_displayed": "0.000543000", + "frame.time_relative": "1259.418634000", + "frame.number": "4478", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54641", + "tcp.port": "80", + "tcp.port": "54641", + "tcp.stream": "172", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000dd2b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4477", + "tcp.analysis.ack_rtt": "0.000543000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.882347000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.882347000", + "frame.time_delta": "0.003027000", + "frame.time_delta_displayed": "0.003027000", + "frame.time_relative": "1259.421661000", + "frame.number": "4479", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001ab2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dc1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54641", + "tcp.dstport": "80", + "tcp.port": "54641", + "tcp.port": "80", + "tcp.stream": "172", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008f0a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4478", + "tcp.analysis.ack_rtt": "0.003027000", + "tcp.analysis.initial_rtt": "0.003570000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.882977000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.882977000", + "frame.time_delta": "0.000630000", + "frame.time_delta_displayed": "0.000630000", + "frame.time_relative": "1259.422291000", + "frame.number": "4480", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001ab3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d19", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54641", + "tcp.dstport": "80", + "tcp.port": "54641", + "tcp.port": "80", + "tcp.stream": "172", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a483", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003570000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.883471000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.883471000", + "frame.time_delta": "0.000494000", + "frame.time_delta_displayed": "0.000494000", + "frame.time_relative": "1259.422785000", + "frame.number": "4481", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f5b7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c2bb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54641", + "tcp.port": "80", + "tcp.port": "54641", + "tcp.stream": "172", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000809b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4480", + "tcp.analysis.ack_rtt": "0.000494000", + "tcp.analysis.initial_rtt": "0.003570000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.884117000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.884117000", + "frame.time_delta": "0.000646000", + "frame.time_delta_displayed": "0.000646000", + "frame.time_relative": "1259.423431000", + "frame.number": "4482", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000f5b8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c2a9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54641", + "tcp.port": "80", + "tcp.port": "54641", + "tcp.stream": "172", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c0bc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003570000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.884519000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.884519000", + "frame.time_delta": "0.000402000", + "frame.time_delta_displayed": "0.000402000", + "frame.time_relative": "1259.423833000", + "frame.number": "4483", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000f5b9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bed6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54641", + "tcp.port": "80", + "tcp.port": "54641", + "tcp.stream": "172", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001326", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003570000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "4482", + "tcp.segment": "4483", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001542000", + "http.request_in": "4480", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.887351000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.887351000", + "frame.time_delta": "0.002832000", + "frame.time_delta_displayed": "0.002832000", + "frame.time_relative": "1259.426665000", + "frame.number": "4484", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001ab4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dbf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54641", + "tcp.dstport": "80", + "tcp.port": "54641", + "tcp.port": "80", + "tcp.stream": "172", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008a72", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4483", + "tcp.analysis.ack_rtt": "0.002832000", + "tcp.analysis.initial_rtt": "0.003570000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.887952000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.887952000", + "frame.time_delta": "0.000601000", + "frame.time_delta_displayed": "0.000601000", + "frame.time_relative": "1259.427266000", + "frame.number": "4485", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001ab5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dbe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54641", + "tcp.dstport": "80", + "tcp.port": "54641", + "tcp.port": "80", + "tcp.stream": "172", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008a71", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.888400000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.888400000", + "frame.time_delta": "0.000448000", + "frame.time_delta_displayed": "0.000448000", + "frame.time_relative": "1259.427714000", + "frame.number": "4486", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b209", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000066a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54641", + "tcp.port": "80", + "tcp.port": "54641", + "tcp.stream": "172", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007ca5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4485", + "tcp.analysis.ack_rtt": "0.000448000", + "tcp.analysis.initial_rtt": "0.003570000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.918952000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.918952000", + "frame.time_delta": "0.030552000", + "frame.time_delta_displayed": "0.030552000", + "frame.time_relative": "1259.458266000", + "frame.number": "4487", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000eebb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c88c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "63", + "http.prev_response_in": "4476" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.982655000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.982655000", + "frame.time_delta": "0.063703000", + "frame.time_delta_displayed": "0.063703000", + "frame.time_relative": "1259.521969000", + "frame.number": "4488", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001ab6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005db1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54643", + "tcp.dstport": "80", + "tcp.port": "54643", + "tcp.port": "80", + "tcp.stream": "173", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000070b1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.983191000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.983191000", + "frame.time_delta": "0.000536000", + "frame.time_delta_displayed": "0.000536000", + "frame.time_relative": "1259.522505000", + "frame.number": "4489", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54643", + "tcp.port": "80", + "tcp.port": "54643", + "tcp.stream": "173", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000e40a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4488", + "tcp.analysis.ack_rtt": "0.000536000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.986039000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.986039000", + "frame.time_delta": "0.002848000", + "frame.time_delta_displayed": "0.002848000", + "frame.time_relative": "1259.525353000", + "frame.number": "4490", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001ab7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dbc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54643", + "tcp.dstport": "80", + "tcp.port": "54643", + "tcp.port": "80", + "tcp.stream": "173", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000095e9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4489", + "tcp.analysis.ack_rtt": "0.002848000", + "tcp.analysis.initial_rtt": "0.003384000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.986639000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.986639000", + "frame.time_delta": "0.000600000", + "frame.time_delta_displayed": "0.000600000", + "frame.time_relative": "1259.525953000", + "frame.number": "4491", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001ab8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d14", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54643", + "tcp.dstport": "80", + "tcp.port": "54643", + "tcp.port": "80", + "tcp.stream": "173", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ab62", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003384000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.987099000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.987099000", + "frame.time_delta": "0.000460000", + "frame.time_delta_displayed": "0.000460000", + "frame.time_relative": "1259.526413000", + "frame.number": "4492", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000952d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002346", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54643", + "tcp.port": "80", + "tcp.port": "54643", + "tcp.stream": "173", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000877a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4491", + "tcp.analysis.ack_rtt": "0.000460000", + "tcp.analysis.initial_rtt": "0.003384000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.987770000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.987770000", + "frame.time_delta": "0.000671000", + "frame.time_delta_displayed": "0.000671000", + "frame.time_relative": "1259.527084000", + "frame.number": "4493", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000952e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002334", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54643", + "tcp.port": "80", + "tcp.port": "54643", + "tcp.stream": "173", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c79b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003384000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.988129000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.988129000", + "frame.time_delta": "0.000359000", + "frame.time_delta_displayed": "0.000359000", + "frame.time_relative": "1259.527443000", + "frame.number": "4494", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000952f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001f61", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54643", + "tcp.port": "80", + "tcp.port": "54643", + "tcp.stream": "173", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001a05", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003384000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "4493", + "tcp.segment": "4494", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001490000", + "http.request_in": "4491", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.989614000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.989614000", + "frame.time_delta": "0.001485000", + "frame.time_delta_displayed": "0.001485000", + "frame.time_relative": "1259.528928000", + "frame.number": "4495", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00009530", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001f60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54643", + "tcp.port": "80", + "tcp.port": "54643", + "tcp.stream": "173", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001a05", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003384000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.990184000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.990184000", + "frame.time_delta": "0.000570000", + "frame.time_delta_displayed": "0.000570000", + "frame.time_relative": "1259.529498000", + "frame.number": "4496", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001ab9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54643", + "tcp.dstport": "80", + "tcp.port": "54643", + "tcp.port": "80", + "tcp.stream": "173", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009151", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4494", + "tcp.analysis.ack_rtt": "0.002055000", + "tcp.analysis.initial_rtt": "0.003384000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.990845000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.990845000", + "frame.time_delta": "0.000661000", + "frame.time_delta_displayed": "0.000661000", + "frame.time_relative": "1259.530159000", + "frame.number": "4497", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001aba", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005db9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54643", + "tcp.dstport": "80", + "tcp.port": "54643", + "tcp.port": "80", + "tcp.stream": "173", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009150", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.991238000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.991238000", + "frame.time_delta": "0.000393000", + "frame.time_delta_displayed": "0.000393000", + "frame.time_relative": "1259.530552000", + "frame.number": "4498", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b20d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000666", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54643", + "tcp.port": "80", + "tcp.port": "54643", + "tcp.stream": "173", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008384", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4497", + "tcp.analysis.ack_rtt": "0.000393000", + "tcp.analysis.initial_rtt": "0.003384000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:30.993020000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494850.993020000", + "frame.time_delta": "0.001782000", + "frame.time_delta_displayed": "0.001782000", + "frame.time_relative": "1259.532334000", + "frame.number": "4499", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001abb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54643", + "tcp.dstport": "80", + "tcp.port": "54643", + "tcp.port": "80", + "tcp.stream": "173", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002c3c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:49:de:cb:ae:49:de:cf:91", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003384000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "4496", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.140454000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.140454000", + "frame.time_delta": "0.147434000", + "frame.time_delta_displayed": "0.147434000", + "frame.time_relative": "1259.679768000", + "frame.number": "4500", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.140844000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.140844000", + "frame.time_delta": "0.000390000", + "frame.time_delta_displayed": "0.000390000", + "frame.time_relative": "1259.680158000", + "frame.number": "4501", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.866478000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.866478000", + "frame.time_delta": "0.725634000", + "frame.time_delta_displayed": "0.725634000", + "frame.time_relative": "1260.405792000", + "frame.number": "4502", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000eecf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c87b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "64", + "http.prev_response_in": "4487" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.883281000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.883281000", + "frame.time_delta": "0.016803000", + "frame.time_delta_displayed": "0.016803000", + "frame.time_relative": "1260.422595000", + "frame.number": "4503", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001abc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54645", + "tcp.dstport": "80", + "tcp.port": "54645", + "tcp.port": "80", + "tcp.stream": "174", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00000f2c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.883846000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.883846000", + "frame.time_delta": "0.000565000", + "frame.time_delta_displayed": "0.000565000", + "frame.time_relative": "1260.423160000", + "frame.number": "4504", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54645", + "tcp.port": "80", + "tcp.port": "54645", + "tcp.stream": "174", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008a0c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4503", + "tcp.analysis.ack_rtt": "0.000565000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.886163000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.886163000", + "frame.time_delta": "0.002317000", + "frame.time_delta_displayed": "0.002317000", + "frame.time_relative": "1260.425477000", + "frame.number": "4505", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001abd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005db6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54645", + "tcp.dstport": "80", + "tcp.port": "54645", + "tcp.port": "80", + "tcp.stream": "174", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003beb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4504", + "tcp.analysis.ack_rtt": "0.002317000", + "tcp.analysis.initial_rtt": "0.002882000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.886739000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.886739000", + "frame.time_delta": "0.000576000", + "frame.time_delta_displayed": "0.000576000", + "frame.time_relative": "1260.426053000", + "frame.number": "4506", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001abe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d0e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54645", + "tcp.dstport": "80", + "tcp.port": "54645", + "tcp.port": "80", + "tcp.stream": "174", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005164", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002882000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.887209000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.887209000", + "frame.time_delta": "0.000470000", + "frame.time_delta_displayed": "0.000470000", + "frame.time_relative": "1260.426523000", + "frame.number": "4507", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001e41", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009a32", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54645", + "tcp.port": "80", + "tcp.port": "54645", + "tcp.stream": "174", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002d7c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4506", + "tcp.analysis.ack_rtt": "0.000470000", + "tcp.analysis.initial_rtt": "0.002882000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.887807000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.887807000", + "frame.time_delta": "0.000598000", + "frame.time_delta_displayed": "0.000598000", + "frame.time_relative": "1260.427121000", + "frame.number": "4508", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00001e42", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009a20", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54645", + "tcp.port": "80", + "tcp.port": "54645", + "tcp.stream": "174", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006d9d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002882000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.888245000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.888245000", + "frame.time_delta": "0.000438000", + "frame.time_delta_displayed": "0.000438000", + "frame.time_relative": "1260.427559000", + "frame.number": "4509", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00001e43", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000964d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54645", + "tcp.port": "80", + "tcp.port": "54645", + "tcp.stream": "174", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c006", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002882000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "4508", + "tcp.segment": "4509", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001506000", + "http.request_in": "4506", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.889635000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.889635000", + "frame.time_delta": "0.001390000", + "frame.time_delta_displayed": "0.001390000", + "frame.time_relative": "1260.428949000", + "frame.number": "4510", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00001e44", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000964c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54645", + "tcp.port": "80", + "tcp.port": "54645", + "tcp.stream": "174", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c006", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002882000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.890409000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.890409000", + "frame.time_delta": "0.000774000", + "frame.time_delta_displayed": "0.000774000", + "frame.time_relative": "1260.429723000", + "frame.number": "4511", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001abf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005db4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54645", + "tcp.dstport": "80", + "tcp.port": "54645", + "tcp.port": "80", + "tcp.stream": "174", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003753", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4509", + "tcp.analysis.ack_rtt": "0.002164000", + "tcp.analysis.initial_rtt": "0.002882000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.891046000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.891046000", + "frame.time_delta": "0.000637000", + "frame.time_delta_displayed": "0.000637000", + "frame.time_relative": "1260.430360000", + "frame.number": "4512", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001ac0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005db3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54645", + "tcp.dstport": "80", + "tcp.port": "54645", + "tcp.port": "80", + "tcp.stream": "174", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003752", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.891481000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.891481000", + "frame.time_delta": "0.000435000", + "frame.time_delta_displayed": "0.000435000", + "frame.time_relative": "1260.430795000", + "frame.number": "4513", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b245", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000062e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54645", + "tcp.port": "80", + "tcp.port": "54645", + "tcp.stream": "174", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002986", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4512", + "tcp.analysis.ack_rtt": "0.000435000", + "tcp.analysis.initial_rtt": "0.002882000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.892770000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.892770000", + "frame.time_delta": "0.001289000", + "frame.time_delta_displayed": "0.001289000", + "frame.time_relative": "1260.432084000", + "frame.number": "4514", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001ac1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005da6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54645", + "tcp.dstport": "80", + "tcp.port": "54645", + "tcp.port": "80", + "tcp.stream": "174", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e14b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:cc:a9:41:5c:cc:a9:45:3f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002882000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "4511", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.920285000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.920285000", + "frame.time_delta": "0.027515000", + "frame.time_delta_displayed": "0.027515000", + "frame.time_relative": "1260.459599000", + "frame.number": "4515", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000eed2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c86f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "65", + "http.prev_response_in": "4502" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.941715000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.941715000", + "frame.time_delta": "0.021430000", + "frame.time_delta_displayed": "0.021430000", + "frame.time_relative": "1260.481029000", + "frame.number": "4516", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001ac2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005da5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54646", + "tcp.dstport": "80", + "tcp.port": "54646", + "tcp.port": "80", + "tcp.stream": "175", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000125a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.942279000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.942279000", + "frame.time_delta": "0.000564000", + "frame.time_delta_displayed": "0.000564000", + "frame.time_relative": "1260.481593000", + "frame.number": "4517", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54646", + "tcp.port": "80", + "tcp.port": "54646", + "tcp.stream": "175", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000099cb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4516", + "tcp.analysis.ack_rtt": "0.000564000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.945943000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.945943000", + "frame.time_delta": "0.003664000", + "frame.time_delta_displayed": "0.003664000", + "frame.time_relative": "1260.485257000", + "frame.number": "4518", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001ac3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005db0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54646", + "tcp.dstport": "80", + "tcp.port": "54646", + "tcp.port": "80", + "tcp.stream": "175", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004baa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4517", + "tcp.analysis.ack_rtt": "0.003664000", + "tcp.analysis.initial_rtt": "0.004228000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.946640000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.946640000", + "frame.time_delta": "0.000697000", + "frame.time_delta_displayed": "0.000697000", + "frame.time_relative": "1260.485954000", + "frame.number": "4519", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001ac4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d08", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54646", + "tcp.dstport": "80", + "tcp.port": "54646", + "tcp.port": "80", + "tcp.stream": "175", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006123", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004228000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.947161000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.947161000", + "frame.time_delta": "0.000521000", + "frame.time_delta_displayed": "0.000521000", + "frame.time_relative": "1260.486475000", + "frame.number": "4520", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002e6a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008a09", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54646", + "tcp.port": "80", + "tcp.port": "54646", + "tcp.stream": "175", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003d3b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4519", + "tcp.analysis.ack_rtt": "0.000521000", + "tcp.analysis.initial_rtt": "0.004228000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.947734000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.947734000", + "frame.time_delta": "0.000573000", + "frame.time_delta_displayed": "0.000573000", + "frame.time_relative": "1260.487048000", + "frame.number": "4521", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00002e6b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000089f7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54646", + "tcp.port": "80", + "tcp.port": "54646", + "tcp.stream": "175", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007d5c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004228000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.948159000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.948159000", + "frame.time_delta": "0.000425000", + "frame.time_delta_displayed": "0.000425000", + "frame.time_relative": "1260.487473000", + "frame.number": "4522", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00002e6c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008624", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54646", + "tcp.port": "80", + "tcp.port": "54646", + "tcp.stream": "175", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000cfc5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004228000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "4521", + "tcp.segment": "4522", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001519000", + "http.request_in": "4519", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.949643000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.949643000", + "frame.time_delta": "0.001484000", + "frame.time_delta_displayed": "0.001484000", + "frame.time_relative": "1260.488957000", + "frame.number": "4523", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00002e6d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008623", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54646", + "tcp.port": "80", + "tcp.port": "54646", + "tcp.stream": "175", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000cfc5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004228000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.955396000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.955396000", + "frame.time_delta": "0.005753000", + "frame.time_delta_displayed": "0.005753000", + "frame.time_relative": "1260.494710000", + "frame.number": "4524", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001ac5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005da2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54646", + "tcp.dstport": "80", + "tcp.port": "54646", + "tcp.port": "80", + "tcp.stream": "175", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000a2e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:8f:e9:71:8b:8f:e9:75:6e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4522", + "tcp.analysis.ack_rtt": "0.007237000", + "tcp.analysis.initial_rtt": "0.004228000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.956042000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.956042000", + "frame.time_delta": "0.000646000", + "frame.time_delta_displayed": "0.000646000", + "frame.time_relative": "1260.495356000", + "frame.number": "4525", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001ac6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54646", + "tcp.dstport": "80", + "tcp.port": "54646", + "tcp.port": "80", + "tcp.stream": "175", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004711", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.956484000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.956484000", + "frame.time_delta": "0.000442000", + "frame.time_delta_displayed": "0.000442000", + "frame.time_relative": "1260.495798000", + "frame.number": "4526", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b246", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000062d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54646", + "tcp.port": "80", + "tcp.port": "54646", + "tcp.stream": "175", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003945", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4525", + "tcp.analysis.ack_rtt": "0.000442000", + "tcp.analysis.initial_rtt": "0.004228000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.973489000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.973489000", + "frame.time_delta": "0.017005000", + "frame.time_delta_displayed": "0.017005000", + "frame.time_relative": "1260.512803000", + "frame.number": "4527", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000eed5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c872", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "66", + "http.prev_response_in": "4515" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.976736000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.976736000", + "frame.time_delta": "0.003247000", + "frame.time_delta_displayed": "0.003247000", + "frame.time_relative": "1260.516050000", + "frame.number": "4528", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001ac7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005da0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54647", + "tcp.dstport": "80", + "tcp.port": "54647", + "tcp.port": "80", + "tcp.stream": "176", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00006a5e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.977275000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.977275000", + "frame.time_delta": "0.000539000", + "frame.time_delta_displayed": "0.000539000", + "frame.time_relative": "1260.516589000", + "frame.number": "4529", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54647", + "tcp.port": "80", + "tcp.port": "54647", + "tcp.stream": "176", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008ec0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4528", + "tcp.analysis.ack_rtt": "0.000539000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.980341000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.980341000", + "frame.time_delta": "0.003066000", + "frame.time_delta_displayed": "0.003066000", + "frame.time_relative": "1260.519655000", + "frame.number": "4530", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001ac8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005dab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54647", + "tcp.dstport": "80", + "tcp.port": "54647", + "tcp.port": "80", + "tcp.stream": "176", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000409f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4529", + "tcp.analysis.ack_rtt": "0.003066000", + "tcp.analysis.initial_rtt": "0.003605000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.980878000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.980878000", + "frame.time_delta": "0.000537000", + "frame.time_delta_displayed": "0.000537000", + "frame.time_relative": "1260.520192000", + "frame.number": "4531", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001ac9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d03", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54647", + "tcp.dstport": "80", + "tcp.port": "54647", + "tcp.port": "80", + "tcp.stream": "176", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005618", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003605000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.981355000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.981355000", + "frame.time_delta": "0.000477000", + "frame.time_delta_displayed": "0.000477000", + "frame.time_relative": "1260.520669000", + "frame.number": "4532", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000065e1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005292", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54647", + "tcp.port": "80", + "tcp.port": "54647", + "tcp.stream": "176", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003230", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4531", + "tcp.analysis.ack_rtt": "0.000477000", + "tcp.analysis.initial_rtt": "0.003605000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.982010000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.982010000", + "frame.time_delta": "0.000655000", + "frame.time_delta_displayed": "0.000655000", + "frame.time_relative": "1260.521324000", + "frame.number": "4533", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000065e2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005280", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54647", + "tcp.port": "80", + "tcp.port": "54647", + "tcp.stream": "176", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007251", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003605000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.982367000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.982367000", + "frame.time_delta": "0.000357000", + "frame.time_delta_displayed": "0.000357000", + "frame.time_relative": "1260.521681000", + "frame.number": "4534", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000065e3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004ead", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54647", + "tcp.port": "80", + "tcp.port": "54647", + "tcp.stream": "176", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c4ba", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003605000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "4533", + "tcp.segment": "4534", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001489000", + "http.request_in": "4531", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.984468000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.984468000", + "frame.time_delta": "0.002101000", + "frame.time_delta_displayed": "0.002101000", + "frame.time_relative": "1260.523782000", + "frame.number": "4535", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001aca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005da9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54647", + "tcp.dstport": "80", + "tcp.port": "54647", + "tcp.port": "80", + "tcp.stream": "176", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003c07", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4534", + "tcp.analysis.ack_rtt": "0.002101000", + "tcp.analysis.initial_rtt": "0.003605000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.985076000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.985076000", + "frame.time_delta": "0.000608000", + "frame.time_delta_displayed": "0.000608000", + "frame.time_relative": "1260.524390000", + "frame.number": "4536", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001acb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005da8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54647", + "tcp.dstport": "80", + "tcp.port": "54647", + "tcp.port": "80", + "tcp.stream": "176", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003c06", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:31.985504000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494851.985504000", + "frame.time_delta": "0.000428000", + "frame.time_delta_displayed": "0.000428000", + "frame.time_relative": "1260.524818000", + "frame.number": "4537", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b247", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000062c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54647", + "tcp.port": "80", + "tcp.port": "54647", + "tcp.stream": "176", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002e3a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4536", + "tcp.analysis.ack_rtt": "0.000428000", + "tcp.analysis.initial_rtt": "0.003605000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:32.641163000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494852.641163000", + "frame.time_delta": "0.655659000", + "frame.time_delta_displayed": "0.655659000", + "frame.time_relative": "1261.180477000", + "frame.number": "4538", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f02", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b8ee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000147b", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000027b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=635", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:32.641558000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494852.641558000", + "frame.time_delta": "0.000395000", + "frame.time_delta_displayed": "0.000395000", + "frame.time_relative": "1261.180872000", + "frame.number": "4539", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f03", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000099e9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f576", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000027b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=635", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:32.642045000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494852.642045000", + "frame.time_delta": "0.000487000", + "frame.time_delta_displayed": "0.000487000", + "frame.time_relative": "1261.181359000", + "frame.number": "4540", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000833c", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000027b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=635", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:36.593233000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494856.593233000", + "frame.time_delta": "3.951188000", + "frame.time_delta_displayed": "3.951188000", + "frame.time_relative": "1265.132547000", + "frame.number": "4541", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005d3c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005aad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:36.680082000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494856.680082000", + "frame.time_delta": "0.086849000", + "frame.time_delta_displayed": "0.086849000", + "frame.time_relative": "1265.219396000", + "frame.number": "4542", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002101", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e713", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51761", + "udp.dstport": "1900", + "udp.port": "51761", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x0000802c", + "udp.checksum.status": "2", + "udp.stream": "106" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:37.348991000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494857.348991000", + "frame.time_delta": "0.668909000", + "frame.time_delta_displayed": "0.668909000", + "frame.time_relative": "1265.888305000", + "frame.number": "4543", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000ef35", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c815", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "305", + "udp.checksum": "0x0000fae9", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:37.401845000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494857.401845000", + "frame.time_delta": "0.052854000", + "frame.time_delta_displayed": "0.052854000", + "frame.time_relative": "1265.941159000", + "frame.number": "4544", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000ef39", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c808", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "314", + "udp.checksum": "0x000008d5", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "4543" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:37.454636000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494857.454636000", + "frame.time_delta": "0.052791000", + "frame.time_delta_displayed": "0.052791000", + "frame.time_relative": "1265.993950000", + "frame.number": "4545", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000ef3e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c809", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "308", + "udp.checksum": "0x00002c5f", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "4544" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:37.641420000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494857.641420000", + "frame.time_delta": "0.186784000", + "frame.time_delta_displayed": "0.186784000", + "frame.time_relative": "1266.180734000", + "frame.number": "4546", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f0f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b8e1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000147b", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000027b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=635", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:37.641924000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494857.641924000", + "frame.time_delta": "0.000504000", + "frame.time_delta_displayed": "0.000504000", + "frame.time_relative": "1266.181238000", + "frame.number": "4547", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f10", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000099dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f576", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000027b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=635", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:37.642431000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494857.642431000", + "frame.time_delta": "0.000507000", + "frame.time_delta_displayed": "0.000507000", + "frame.time_relative": "1266.181745000", + "frame.number": "4548", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000833c", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000027b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=635", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:37.680775000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494857.680775000", + "frame.time_delta": "0.038344000", + "frame.time_delta_displayed": "0.038344000", + "frame.time_relative": "1266.220089000", + "frame.number": "4549", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002102", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e712", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51761", + "udp.dstport": "1900", + "udp.port": "51761", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x0000802c", + "udp.checksum.status": "2", + "udp.stream": "106" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "4542" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:38.401437000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494858.401437000", + "frame.time_delta": "0.720662000", + "frame.time_delta_displayed": "0.720662000", + "frame.time_relative": "1266.940751000", + "frame.number": "4550", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000ef93", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c7b7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "305", + "udp.checksum": "0x0000fae9", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "4545" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:38.459252000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494858.459252000", + "frame.time_delta": "0.057815000", + "frame.time_delta_displayed": "0.057815000", + "frame.time_relative": "1266.998566000", + "frame.number": "4551", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000ef96", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c7ab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "314", + "udp.checksum": "0x000008d5", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "4550" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:38.512040000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494858.512040000", + "frame.time_delta": "0.052788000", + "frame.time_delta_displayed": "0.052788000", + "frame.time_relative": "1267.051354000", + "frame.number": "4552", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000ef97", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c7b0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "308", + "udp.checksum": "0x00002c5f", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "4551" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:38.681959000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494858.681959000", + "frame.time_delta": "0.169919000", + "frame.time_delta_displayed": "0.169919000", + "frame.time_relative": "1267.221273000", + "frame.number": "4553", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002103", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e711", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51761", + "udp.dstport": "1900", + "udp.port": "51761", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x0000802c", + "udp.checksum.status": "2", + "udp.stream": "106" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "4549" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:38.691247000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494858.691247000", + "frame.time_delta": "0.009288000", + "frame.time_delta_displayed": "0.009288000", + "frame.time_relative": "1267.230561000", + "frame.number": "4554", + "frame.len": "411", + "frame.cap_len": "411", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "397", + "ip.id": "0x0000961f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007607", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "345", + "tcp.seq": "59371", + "tcp.nxtseq": "59716", + "tcp.ack": "12942", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007f96", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:9f:f3:a7:9f:c5:14", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2531315, TSecr 2812265748": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2531315", + "tcp.options.timestamp.tsecr": "2812265748" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "345", + "tcp.analysis.push_bytes_sent": "345" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "340", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:d5:e7:96:13:26:86:fe:53:42:5d:35:ef:eb:8a:7f:0c:d9:04:a3:53:7b:2e:80:e0:60:e2:b9:a5:ce:20:83:1d:16:ae:9e:db:8b:a8:8a:9b:8f:4c:31:13:20:6f:96:88:43:96:c4:35:e8:d2:77:26:34:e6:a3:58:d8:8a:ea:6b:97:04:97:a8:ab:2c:56:93:83:c3:f0:dd:ad:9d:92:55:7a:45:fa:ef:8e:f6:ec:be:f4:e4:fe:86:4d:19:9d:a0:27:0f:1b:ef:54:ae:61:e8:8a:60:72:29:54:48:c7:0c:8a:41:c5:6a:4a:c5:71:37:ff:e3:b4:ca:ef:62:f6:73:76:81:4d:ac:3e:ec:4d:73:df:2e:81:7e:b6:ca:2a:79:ef:8f:c8:68:b7:6d:7d:3e:3e:10:0c:61:14:8f:54:40:65:c1:1d:9b:0b:5d:3d:c5:b7:45:8f:cf:70:97:5d:89:1a:6c:f8:9b:bd:48:54:2c:b9:d1:fc:aa:c4:14:a9:42:80:35:98:eb:35:4a:9f:8f:0c:0d:58:47:8e:17:d6:8a:a0:88:60:95:9e:35:43:84:43:88:5f:53:e7:39:37:88:f9:5a:b1:1e:dd:56:b3:a2:6a:51:df:04:95:38:65:11:02:89:b7:85:4c:5f:41:e1:70:bc:c4:08:ca:9b:8f:51:09:75:74:f6:19:bd:88:e4:6e:21:04:61:1f:28:1d:fb:ab:75:c7:63:9a:39:19:e6:57:bd:57:e8:0c:fa:b7:5a:ff:40:bc:c2:79:ca:b3:74:86:22:87:ea:8f:fa:89:cd:14:25:b4:29:fb:ec:46:03:80:5d:19:e4:3e:e6:90:fa:6e:a4:2d:03:ac:10:76:f7:7d:cf:bb:be:7c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:38.751720000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494858.751720000", + "frame.time_delta": "0.060473000", + "frame.time_delta_displayed": "0.060473000", + "frame.time_relative": "1267.291034000", + "frame.number": "4555", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d1f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003860", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "12942", + "tcp.ack": "59716", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001bd9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9f:d0:ec:00:26:9f:f3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812268780, TSecr 2531315": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812268780", + "tcp.options.timestamp.tsecr": "2531315" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4554", + "tcp.analysis.ack_rtt": "0.060473000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:38.752454000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494858.752454000", + "frame.time_delta": "0.000734000", + "frame.time_delta_displayed": "0.000734000", + "frame.time_relative": "1267.291768000", + "frame.number": "4556", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d20", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003830", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "12942", + "tcp.nxtseq": "12989", + "tcp.ack": "59716", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000177f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9f:d0:ec:00:26:9f:f3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812268780, TSecr 2531315": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812268780", + "tcp.options.timestamp.tsecr": "2531315" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:8c:6a:61:f2:d2:3b:9d:ea:49:12:3c:2b:57:bb:fa:84:3d:31:33:11:9c:2c:22:6a:7e:20:70:35:3a:8e:51:18:1d:8a:97" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:38.786090000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494858.786090000", + "frame.time_delta": "0.033636000", + "frame.time_delta_displayed": "0.033636000", + "frame.time_relative": "1267.325404000", + "frame.number": "4557", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009620", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000775f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "59716", + "tcp.ack": "12989", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001ab1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:9f:fd:a7:9f:d0:ec", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2531325, TSecr 2812268780": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2531325", + "tcp.options.timestamp.tsecr": "2812268780" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4556", + "tcp.analysis.ack_rtt": "0.033636000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:38.941275000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494858.941275000", + "frame.time_delta": "0.155185000", + "frame.time_delta_displayed": "0.155185000", + "frame.time_relative": "1267.480589000", + "frame.number": "4558", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00006a47", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00006f12", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:39.038161000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494859.038161000", + "frame.time_delta": "0.096886000", + "frame.time_delta_displayed": "0.096886000", + "frame.time_relative": "1267.577475000", + "frame.number": "4559", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000efbd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c78d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "305", + "udp.checksum": "0x0000fae9", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "4552" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:39.090938000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494859.090938000", + "frame.time_delta": "0.052777000", + "frame.time_delta_displayed": "0.052777000", + "frame.time_relative": "1267.630252000", + "frame.number": "4560", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000efbe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c783", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "314", + "udp.checksum": "0x000008d5", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "4559" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:39.143653000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494859.143653000", + "frame.time_delta": "0.052715000", + "frame.time_delta_displayed": "0.052715000", + "frame.time_relative": "1267.682967000", + "frame.number": "4561", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000efc0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c787", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "308", + "udp.checksum": "0x00002c5f", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "4560" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:39.682425000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494859.682425000", + "frame.time_delta": "0.538772000", + "frame.time_delta_displayed": "0.538772000", + "frame.time_relative": "1268.221739000", + "frame.number": "4562", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002104", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e710", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51761", + "udp.dstport": "1900", + "udp.port": "51761", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x0000802c", + "udp.checksum.status": "2", + "udp.stream": "106" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "4553" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:40.091049000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494860.091049000", + "frame.time_delta": "0.408624000", + "frame.time_delta_displayed": "0.408624000", + "frame.time_relative": "1268.630363000", + "frame.number": "4563", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000eff2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c758", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "305", + "udp.checksum": "0x0000fae9", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "4561" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:40.143891000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494860.143891000", + "frame.time_delta": "0.052842000", + "frame.time_delta_displayed": "0.052842000", + "frame.time_relative": "1268.683205000", + "frame.number": "4564", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000eff7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c74a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "314", + "udp.checksum": "0x000008d5", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "4563" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:40.196600000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494860.196600000", + "frame.time_delta": "0.052709000", + "frame.time_delta_displayed": "0.052709000", + "frame.time_relative": "1268.735914000", + "frame.number": "4565", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000effb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c74c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "308", + "udp.checksum": "0x00002c5f", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "4564" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:40.205062000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494860.205062000", + "frame.time_delta": "0.008462000", + "frame.time_delta_displayed": "0.008462000", + "frame.time_relative": "1268.744376000", + "frame.number": "4566", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00000b69", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed4d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "58", + "udp.checksum": "0x00005c3b", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "32:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:04:97:19:b4:93:cd:f2:14:0d:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:24:12", + "data.len": "50" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:40.401531000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494860.401531000", + "frame.time_delta": "0.196469000", + "frame.time_delta_displayed": "0.196469000", + "frame.time_relative": "1268.940845000", + "frame.number": "4567", + "frame.len": "1323", + "frame.cap_len": "1323", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1309", + "ip.id": "0x00009621", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007275", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1257", + "tcp.seq": "59716", + "tcp.nxtseq": "60973", + "tcp.ack": "12989", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003019", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:a0:9e:a7:9f:d0:ec", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2531486, TSecr 2812268780": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2531486", + "tcp.options.timestamp.tsecr": "2812268780" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1257", + "tcp.analysis.push_bytes_sent": "1257" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1252", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:d6:a0:66:cc:5e:f1:ec:72:67:cf:e4:f0:0c:ab:19:bc:2a:79:97:06:80:1c:46:7b:b8:93:fb:ce:3c:45:e3:c8:e3:a5:b8:5d:0a:93:46:3a:45:0e:de:ea:e5:95:25:e4:58:25:40:8b:8e:7b:f9:b3:c6:90:a4:d4:95:1a:dd:9b:d0:1a:f4:87:b3:94:16:f6:3b:86:a0:1c:08:d4:7f:fc:b4:70:1c:b2:9e:11:5d:c1:ff:cf:f0:31:61:c1:08:f2:e3:c8:3f:95:02:aa:4f:92:7d:f5:6f:c3:dc:a7:b7:a5:8f:e6:3d:76:09:93:19:b5:5a:99:a1:13:6f:b4:cf:5e:8e:40:13:cf:69:82:5f:85:cf:a1:8f:39:2a:80:76:f3:6d:cc:02:4a:b5:11:8f:6a:42:ec:a7:5b:42:59:14:27:86:63:e4:7b:eb:8f:ee:f7:97:19:d0:1e:21:b6:98:87:dd:be:29:ef:dd:7b:13:6d:27:fc:ec:9f:56:36:2d:2d:83:4c:4e:ec:ef:24:86:6c:99:ea:b1:b7:b6:f7:f0:a9:35:fc:cf:7b:0c:71:21:fa:64:a1:74:8d:5c:35:68:cd:59:bc:1e:0a:e5:3a:67:f4:a2:cd:63:34:ef:ab:d9:f2:78:65:10:e7:2d:12:1d:a2:78:ba:33:52:7f:db:f9:6f:41:5c:15:58:1b:6e:a3:08:f6:db:58:b7:2d:76:91:1d:ae:a7:83:0f:f1:02:b6:68:60:91:99:28:1c:d6:fd:0d:f3:d2:9a:e2:7c:00:dc:f5:43:ec:07:e6:5f:14:a6:7f:f9:7e:f6:15:f7:38:d2:05:53:a1:8c:83:34:24:4e:a3:3c:dd:2b:e5:e3:3f:97:27:bc:e2:8e:52:30:2f:29:5c:62:df:62:a1:03:05:e7:ea:6d:bc:b6:f2:af:80:5e:5e:59:a3:76:96:1b:26:1e:9f:fd:52:20:62:d6:bf:8c:e0:d5:21:b7:81:95:af:82:75:70:dd:5e:4e:b7:03:bb:05:13:38:fc:cb:37:4d:42:38:e6:a7:47:9b:67:87:96:e8:ae:c0:fe:d6:a1:8d:fd:46:b8:4c:ed:0e:91:2e:c7:5d:69:fa:00:10:d2:21:42:ce:03:4b:ec:4c:3f:b5:93:33:bb:59:c0:76:0d:c1:47:11:14:e3:f9:c5:31:9e:f4:13:09:51:05:2d:57:56:da:96:f6:72:c1:82:34:30:51:88:df:39:13:55:b6:14:32:2f:0f:d6:52:a1:10:4d:ff:be:be:6d:0c:2b:fe:ed:f5:00:d5:7f:10:d1:c3:ff:14:26:47:fe:00:b4:67:50:89:58:04:9c:40:54:c6:01:6f:ce:b0:03:a1:83:96:cc:3d:3e:e3:37:ee:e4:30:69:41:c2:89:ad:20:84:14:47:3d:61:47:83:9c:15:2a:c8:76:0d:c4:bc:ba:4c:aa:1c:41:5a:66:51:b2:38:cc:10:50:68:2a:05:f1:47:96:0c:35:ab:db:63:9e:0d:1b:03:d2:43:16:38:98:1f:66:c1:be:aa:5c:fd:34:03:14:1f:b6:82:17:e1:d1:04:fe:3c:aa:4f:4e:50:d3:70:da:e4:90:72:f0:70:50:38:9f:51:52:a2:ee:02:39:e8:3c:4c:79:e6:7c:ea:2a:61:3b:e6:01:2d:af:95:78:4a:2a:f6:22:04:b4:84:e6:60:d5:e6:b9:c6:4d:79:8a:08:fb:02:9c:80:af:2c:37:f9:5f:55:dc:e8:95:a8:7d:56:54:9e:18:41:91:5f:cf:95:d6:2f:dd:c1:57:c3:56:b0:b0:8e:7b:46:8c:99:fc:9d:fa:08:e6:0a:43:5a:22:23:79:cb:c6:80:61:05:ad:1a:20:e9:31:6c:38:87:89:99:83:1e:8b:b7:e5:93:2d:02:19:64:84:7d:74:0c:c9:3e:36:40:e8:bb:54:5e:96:d2:8d:f0:09:7b:d1:91:4a:96:a0:34:b2:bc:17:22:e9:af:71:61:bc:96:75:5c:85:be:90:b6:8d:82:07:bc:c0:93:16:e9:1c:da:0f:a3:ee:75:89:2d:c6:20:6a:6e:10:48:0a:e6:c5:45:6a:b4:24:73:8b:4d:71:fa:76:5c:25:65:eb:a8:29:59:78:ef:9f:72:bc:e0:d5:fa:9b:54:31:57:55:5d:4b:26:4d:68:6f:e9:9c:e5:49:c6:41:eb:4b:85:bb:8b:07:1b:9d:00:04:65:5c:3a:04:6f:a1:a1:2e:63:25:ba:dc:ce:aa:22:d4:13:50:bf:eb:77:cc:47:ca:8d:23:65:ab:e7:03:61:11:10:d1:4c:7d:48:35:aa:8e:6e:6a:e0:eb:fa:b7:6c:16:8f:2e:b5:75:54:46:a5:ba:1d:4f:ee:9b:f3:85:f4:50:77:1f:55:54:ce:9c:b4:cd:3f:fe:a4:74:c7:4b:da:09:6d:97:c3:b9:b8:c2:4f:91:2c:77:13:f6:5b:91:5d:1b:0f:0a:54:79:57:7a:6b:5b:5e:fc:c9:a7:1f:d4:14:42:d6:fd:fb:0d:31:41:d2:98:17:80:48:bc:34:c7:a4:00:aa:77:e2:d5:8e:02:df:71:b7:e8:51:ec:71:6a:cf:3b:cc:f5:b6:68:e0:2b:7c:cc:b5:89:72:a3:fb:4c:38:f2:84:ad:f2:5a:79:ff:49:e3:b8:a6:3b:f0:69:5d:42:a1:42:49:9c:5a:2b:5d:89:a1:55:1b:29:a0:4f:1e:64:98:0b:d3:ee:81:54:66:a6:8a:5d:93:a2:54:0e:b4:31:c1:81:33:36:40:ec:fc:bd:99:42:9e:26:0e:27:93:d2:7f:b1:a0:24:0c:c4:cc:57:04:a3:d6:50:ae:79:6c:8b:47:22:9e:5d:d2:1e:86:a1:22:6a:f7:cf:0a:a0:61:37:a6:aa:35:c1:8a:e5:cc:2a:9f:46:40:be:9d:0d:1a:93:5b:c6:89:69:ab:44:c0:6e:0c:05:c5:85:3f:ca:b1:d3:39:1f:9d:4c:16:48:2a:27:8d:0e:d6:7c:d3:11:0e:ba:ec:2b:dc:17:f1:68:dc:d6:0d:0d:16:20:32:03:a0:47:d2:ee:e2:42:59:f6:53:d7:c0:ec:6b:e8:8c:cf:14:e6:89:8e:71:b1:34:a8:a4:ed:b4:91:16:32:a0:b4:a6:aa:7e:85:14:2b:f7:41:d8:d6:29:ef:87:9b:fe:c3:50:24:09:5e:22:af:ab:7a:70:fc:7b:1e:e0:40:ec:31:d5:1b:7e:16:4f:ba:69:cf:b0:57:2e:3e:61:8a:b9:e3:fd:e3:88:c4:3d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:40.407118000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494860.407118000", + "frame.time_delta": "0.005587000", + "frame.time_delta_displayed": "0.005587000", + "frame.time_relative": "1268.946432000", + "frame.number": "4568", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000f009", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c741", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "305", + "udp.checksum": "0x0000fae9", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "4565" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:40.459529000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494860.459529000", + "frame.time_delta": "0.052411000", + "frame.time_delta_displayed": "0.052411000", + "frame.time_relative": "1268.998843000", + "frame.number": "4569", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000f00b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c736", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "314", + "udp.checksum": "0x000008d5", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "4568" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:40.498272000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494860.498272000", + "frame.time_delta": "0.038743000", + "frame.time_delta_displayed": "0.038743000", + "frame.time_relative": "1269.037586000", + "frame.number": "4570", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d21", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000385e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "12989", + "tcp.ack": "60973", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001461", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9f:d2:a1:00:26:a0:9e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812269217, TSecr 2531486": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812269217", + "tcp.options.timestamp.tsecr": "2531486" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4567", + "tcp.analysis.ack_rtt": "0.096741000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:40.512275000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494860.512275000", + "frame.time_delta": "0.014003000", + "frame.time_delta_displayed": "0.014003000", + "frame.time_relative": "1269.051589000", + "frame.number": "4571", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000f011", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c736", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "308", + "udp.checksum": "0x00002c5f", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "4569" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:41.459014000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494861.459014000", + "frame.time_delta": "0.946739000", + "frame.time_delta_displayed": "0.946739000", + "frame.time_relative": "1269.998328000", + "frame.number": "4572", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000f064", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c6e6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "305", + "udp.checksum": "0x0000fae9", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "4571" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:41.511834000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494861.511834000", + "frame.time_delta": "0.052820000", + "frame.time_delta_displayed": "0.052820000", + "frame.time_relative": "1270.051148000", + "frame.number": "4573", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000f068", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c6d9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "314", + "udp.checksum": "0x000008d5", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "4572" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:41.564636000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494861.564636000", + "frame.time_delta": "0.052802000", + "frame.time_delta_displayed": "0.052802000", + "frame.time_relative": "1270.103950000", + "frame.number": "4574", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000f069", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c6de", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "308", + "udp.checksum": "0x00002c5f", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "4573" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:42.143734000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494862.143734000", + "frame.time_delta": "0.579098000", + "frame.time_delta_displayed": "0.579098000", + "frame.time_relative": "1270.683048000", + "frame.number": "4575", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000f07a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c6d0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "305", + "udp.checksum": "0x0000fae9", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "4574" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:42.196519000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494862.196519000", + "frame.time_delta": "0.052785000", + "frame.time_delta_displayed": "0.052785000", + "frame.time_relative": "1270.735833000", + "frame.number": "4576", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000f07d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c6c4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "314", + "udp.checksum": "0x000008d5", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "4575" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:42.249395000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494862.249395000", + "frame.time_delta": "0.052876000", + "frame.time_delta_displayed": "0.052876000", + "frame.time_relative": "1270.788709000", + "frame.number": "4577", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000f07f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c6c8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "308", + "udp.checksum": "0x00002c5f", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "4576" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:43.196068000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494863.196068000", + "frame.time_delta": "0.946673000", + "frame.time_delta_displayed": "0.946673000", + "frame.time_relative": "1271.735382000", + "frame.number": "4578", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000f0aa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c6a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "305", + "udp.checksum": "0x0000fae9", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "4577" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:43.248808000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494863.248808000", + "frame.time_delta": "0.052740000", + "frame.time_delta_displayed": "0.052740000", + "frame.time_relative": "1271.788122000", + "frame.number": "4579", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000f0ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c695", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "314", + "udp.checksum": "0x000008d5", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "4578" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:43.301612000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494863.301612000", + "frame.time_delta": "0.052804000", + "frame.time_delta_displayed": "0.052804000", + "frame.time_relative": "1271.840926000", + "frame.number": "4580", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000f0ae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c699", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "51761", + "udp.port": "1900", + "udp.port": "51761", + "udp.length": "308", + "udp.checksum": "0x00002c5f", + "udp.checksum.status": "2", + "udp.stream": "107" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "4579" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:45.059535000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494865.059535000", + "frame.time_delta": "1.757923000", + "frame.time_delta_displayed": "1.757923000", + "frame.time_relative": "1273.598849000", + "frame.number": "4581", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000580a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a687", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "4917", + "tcp.ack": "469", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f1b6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:45.203053000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494865.203053000", + "frame.time_delta": "0.143518000", + "frame.time_delta_displayed": "0.143518000", + "frame.time_relative": "1273.742367000", + "frame.number": "4582", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000ff3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd9e", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "469", + "tcp.ack": "4918", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fc2b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:47.406841000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494867.406841000", + "frame.time_delta": "2.203788000", + "frame.time_delta_displayed": "2.203788000", + "frame.time_relative": "1275.946155000", + "frame.number": "4583", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:47.409234000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494867.409234000", + "frame.time_delta": "0.002393000", + "frame.time_delta_displayed": "0.002393000", + "frame.time_relative": "1275.948548000", + "frame.number": "4584", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:47.413880000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494867.413880000", + "frame.time_delta": "0.004646000", + "frame.time_delta_displayed": "0.004646000", + "frame.time_relative": "1275.953194000", + "frame.number": "4585", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:47.463887000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494867.463887000", + "frame.time_delta": "0.050007000", + "frame.time_delta_displayed": "0.050007000", + "frame.time_relative": "1276.003201000", + "frame.number": "4586", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:47.483287000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494867.483287000", + "frame.time_delta": "0.019400000", + "frame.time_delta_displayed": "0.019400000", + "frame.time_relative": "1276.022601000", + "frame.number": "4587", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x00005b08", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x0077c15d", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:47.484368000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494867.484368000", + "frame.time_delta": "0.001081000", + "frame.time_delta_displayed": "0.001081000", + "frame.time_relative": "1276.023682000", + "frame.number": "4588", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:bf:34:7e", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:bf:34:7e", + "eth.addr": "33:33:ff:bf:34:7e", + "eth.addr_resolved": "IPv6mcast_ff:bf:34:7e", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "32", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1:ffbf:347e", + "ipv6.addr": "ff02::1:ffbf:347e", + "ipv6.dst_host": "ff02::1:ffbf:347e", + "ipv6.host": "ff02::1:ffbf:347e", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007df7", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fe80::1ab4:30ff:febf:347e", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:47.642691000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494867.642691000", + "frame.time_delta": "0.158323000", + "frame.time_delta_displayed": "0.158323000", + "frame.time_relative": "1276.182005000", + "frame.number": "4589", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f24", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b8cc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000137a", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000027c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=636", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:47.643047000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494867.643047000", + "frame.time_delta": "0.000356000", + "frame.time_delta_displayed": "0.000356000", + "frame.time_relative": "1276.182361000", + "frame.number": "4590", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f25", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000099c7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f475", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000027c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=636", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:47.645295000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494867.645295000", + "frame.time_delta": "0.002248000", + "frame.time_delta_displayed": "0.002248000", + "frame.time_relative": "1276.184609000", + "frame.number": "4591", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000823b", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000027c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=636", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:47.683949000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494867.683949000", + "frame.time_delta": "0.038654000", + "frame.time_delta_displayed": "0.038654000", + "frame.time_relative": "1276.223263000", + "frame.number": "4592", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x00003356", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x0036de88", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:47.704160000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494867.704160000", + "frame.time_delta": "0.020211000", + "frame.time_delta_displayed": "0.020211000", + "frame.time_relative": "1276.243474000", + "frame.number": "4593", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:47.721372000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494867.721372000", + "frame.time_delta": "0.017212000", + "frame.time_delta_displayed": "0.017212000", + "frame.time_relative": "1276.260686000", + "frame.number": "4594", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:48.725506000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494868.725506000", + "frame.time_delta": "1.004134000", + "frame.time_delta_displayed": "1.004134000", + "frame.time_relative": "1277.264820000", + "frame.number": "4595", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:48.727880000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494868.727880000", + "frame.time_delta": "0.002374000", + "frame.time_delta_displayed": "0.002374000", + "frame.time_relative": "1277.267194000", + "frame.number": "4596", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:48.731568000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494868.731568000", + "frame.time_delta": "0.003688000", + "frame.time_delta_displayed": "0.003688000", + "frame.time_relative": "1277.270882000", + "frame.number": "4597", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:48.775903000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494868.775903000", + "frame.time_delta": "0.044335000", + "frame.time_delta_displayed": "0.044335000", + "frame.time_relative": "1277.315217000", + "frame.number": "4598", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:48.902265000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494868.902265000", + "frame.time_delta": "0.126362000", + "frame.time_delta_displayed": "0.126362000", + "frame.time_relative": "1277.441579000", + "frame.number": "4599", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "36", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f315", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "1", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:49.410737000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494869.410737000", + "frame.time_delta": "0.508472000", + "frame.time_delta_displayed": "0.508472000", + "frame.time_relative": "1277.950051000", + "frame.number": "4600", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x000052c3", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x00d1c948", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:49.428319000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494869.428319000", + "frame.time_delta": "0.017582000", + "frame.time_delta_displayed": "0.017582000", + "frame.time_relative": "1277.967633000", + "frame.number": "4601", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x00009bd5", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x008775b8", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:49.475642000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494869.475642000", + "frame.time_delta": "0.047323000", + "frame.time_delta_displayed": "0.047323000", + "frame.time_relative": "1278.014956000", + "frame.number": "4602", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:49.490768000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494869.490768000", + "frame.time_delta": "0.015126000", + "frame.time_delta_displayed": "0.015126000", + "frame.time_relative": "1278.030082000", + "frame.number": "4603", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:50.069461000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494870.069461000", + "frame.time_delta": "0.578693000", + "frame.time_delta_displayed": "0.578693000", + "frame.time_relative": "1278.608775000", + "frame.number": "4604", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:50.069632000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494870.069632000", + "frame.time_delta": "0.000171000", + "frame.time_delta_displayed": "0.000171000", + "frame.time_relative": "1278.608946000", + "frame.number": "4605", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:52.641879000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494872.641879000", + "frame.time_delta": "2.572247000", + "frame.time_delta_displayed": "2.572247000", + "frame.time_relative": "1281.181193000", + "frame.number": "4606", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f26", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b8ca", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000137a", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000027c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=636", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:52.642494000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494872.642494000", + "frame.time_delta": "0.000615000", + "frame.time_delta_displayed": "0.000615000", + "frame.time_relative": "1281.181808000", + "frame.number": "4607", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f27", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000099c5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f475", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000027c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=636", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:52.643032000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494872.643032000", + "frame.time_delta": "0.000538000", + "frame.time_delta_displayed": "0.000538000", + "frame.time_relative": "1281.182346000", + "frame.number": "4608", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000823b", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000027c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=636", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:55.162631000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494875.162631000", + "frame.time_delta": "2.519599000", + "frame.time_delta_displayed": "2.519599000", + "frame.time_relative": "1283.701945000", + "frame.number": "4609", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000e24b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e70b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:55.215493000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494875.215493000", + "frame.time_delta": "0.052862000", + "frame.time_delta_displayed": "0.052862000", + "frame.time_relative": "1283.754807000", + "frame.number": "4610", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000e24f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e707", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:55.268400000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494875.268400000", + "frame.time_delta": "0.052907000", + "frame.time_delta_displayed": "0.052907000", + "frame.time_relative": "1283.807714000", + "frame.number": "4611", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000e253", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e6fa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:55.321235000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494875.321235000", + "frame.time_delta": "0.052835000", + "frame.time_delta_displayed": "0.052835000", + "frame.time_relative": "1283.860549000", + "frame.number": "4612", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000e256", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e6f7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:55.374109000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494875.374109000", + "frame.time_delta": "0.052874000", + "frame.time_delta_displayed": "0.052874000", + "frame.time_relative": "1283.913423000", + "frame.number": "4613", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000e257", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e6fc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:55.426915000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494875.426915000", + "frame.time_delta": "0.052806000", + "frame.time_delta_displayed": "0.052806000", + "frame.time_relative": "1283.966229000", + "frame.number": "4614", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000e25a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e6f9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:56.868288000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494876.868288000", + "frame.time_delta": "1.441373000", + "frame.time_delta_displayed": "1.441373000", + "frame.time_relative": "1285.407602000", + "frame.number": "4615", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x00009622", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "60973", + "tcp.nxtseq": "61325", + "tcp.ack": "12989", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008c31", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:a7:0d:a7:9f:d2:a1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2533133, TSecr 2812269217": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2533133", + "tcp.options.timestamp.tsecr": "2812269217" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "352", + "tcp.analysis.push_bytes_sent": "352" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "347", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:d7:ce:81:9e:f1:6c:fa:a4:52:b9:9f:14:47:b3:9d:e5:4c:f7:d5:b7:a0:bd:c8:76:8d:cd:42:51:c8:e3:3d:ec:46:81:53:c2:10:87:cf:2c:31:58:84:f7:bf:0f:54:a9:be:28:0a:d2:6d:fc:15:1a:55:ba:26:09:3a:1d:7d:49:34:44:ed:e2:0a:68:b2:c0:de:9e:83:78:f9:12:26:3d:09:27:58:80:c2:8f:70:4f:a7:c2:18:cf:f8:37:a0:a4:2b:3c:94:de:ae:92:7c:7d:7e:7f:46:a1:25:d2:88:cc:14:54:0e:f7:b1:52:4a:30:9c:44:31:63:15:b3:b9:05:f9:39:5e:4f:7f:f2:2e:6b:85:c0:63:06:ef:d7:63:f7:bc:2a:8d:6f:c4:76:a1:db:03:61:23:e3:c3:29:ce:a0:f8:9b:0b:00:17:25:46:f4:62:d3:b7:d1:b5:d3:0f:01:46:fb:46:07:24:74:0a:d7:4e:4a:cb:0c:bb:f7:0e:cf:5a:93:58:e1:c6:f1:fe:9c:ff:e9:91:62:73:b5:15:e2:cf:de:55:e5:e4:65:e4:e9:4d:45:77:15:08:7a:4e:67:4c:e7:a0:d1:a8:c5:52:80:0d:bd:b8:bf:f3:7a:c9:af:a9:04:4c:86:d6:ac:54:b6:3f:3e:37:8e:f4:88:fd:71:45:93:67:bd:ee:62:15:b7:18:81:f0:a8:31:65:31:d8:92:d3:57:4e:b5:8f:9e:5c:f1:9e:61:64:88:e0:b4:54:a5:54:5a:40:21:c2:8e:44:6d:f1:6d:8d:a2:68:d4:a7:b7:24:e4:e5:35:dd:d6:92:c5:7c:d4:ca:02:ba:75:1a:f4:16:6d:1c:77:fb:0d:4f:16:c1:0d:e7:7e:a5:e6:bc:03:38:64:4c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:56.928546000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494876.928546000", + "frame.time_delta": "0.060258000", + "frame.time_delta_displayed": "0.060258000", + "frame.time_relative": "1285.467860000", + "frame.number": "4616", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d22", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000385d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "12989", + "tcp.ack": "61325", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fc86", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9f:e2:ac:00:26:a7:0d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812273324, TSecr 2533133": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812273324", + "tcp.options.timestamp.tsecr": "2533133" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4615", + "tcp.analysis.ack_rtt": "0.060258000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:56.929202000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494876.929202000", + "frame.time_delta": "0.000656000", + "frame.time_delta_displayed": "0.000656000", + "frame.time_relative": "1285.468516000", + "frame.number": "4617", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d23", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000382d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "12989", + "tcp.nxtseq": "13036", + "tcp.ack": "61325", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000020ab", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:9f:e2:ac:00:26:a7:0d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812273324, TSecr 2533133": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812273324", + "tcp.options.timestamp.tsecr": "2533133" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:8d:70:9d:bb:f2:0a:8e:64:a2:b5:cb:95:23:94:3f:60:46:68:10:8a:6b:08:65:a6:d1:cb:23:81:0e:94:cf:b8:6e:cc:84" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:56.929604000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494876.929604000", + "frame.time_delta": "0.000402000", + "frame.time_delta_displayed": "0.000402000", + "frame.time_relative": "1285.468918000", + "frame.number": "4618", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009623", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000775c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "61325", + "tcp.ack": "13036", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fb62", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:a7:13:a7:9f:e2:ac", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2533139, TSecr 2812273324": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2533139", + "tcp.options.timestamp.tsecr": "2812273324" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4617", + "tcp.analysis.ack_rtt": "0.000402000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:57.642145000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494877.642145000", + "frame.time_delta": "0.712541000", + "frame.time_delta_displayed": "0.712541000", + "frame.time_relative": "1286.181459000", + "frame.number": "4619", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f28", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b8c8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000137a", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000027c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=636", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:57.642682000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494877.642682000", + "frame.time_delta": "0.000537000", + "frame.time_delta_displayed": "0.000537000", + "frame.time_relative": "1286.181996000", + "frame.number": "4620", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f29", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000099c3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f475", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000027c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=636", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:57.643291000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494877.643291000", + "frame.time_delta": "0.000609000", + "frame.time_delta_displayed": "0.000609000", + "frame.time_relative": "1286.182605000", + "frame.number": "4621", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000823b", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000027c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=636", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:07:58.975905000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494878.975905000", + "frame.time_delta": "1.332614000", + "frame.time_delta_displayed": "1.332614000", + "frame.time_relative": "1287.515219000", + "frame.number": "4622", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000786c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000060ed", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:01.930724000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494881.930724000", + "frame.time_delta": "2.954819000", + "frame.time_delta_displayed": "2.954819000", + "frame.time_relative": "1290.470038000", + "frame.number": "4623", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:01.931109000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494881.931109000", + "frame.time_delta": "0.000385000", + "frame.time_delta_displayed": "0.000385000", + "frame.time_relative": "1290.470423000", + "frame.number": "4624", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:04.153621000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494884.153621000", + "frame.time_delta": "2.222512000", + "frame.time_delta_displayed": "2.222512000", + "frame.time_relative": "1292.692935000", + "frame.number": "4625", + "frame.len": "94", + "frame.cap_len": "94", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "80", + "ip.id": "0x0000580b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a65e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "40", + "tcp.seq": "4918", + "tcp.nxtseq": "4958", + "tcp.ack": "469", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004936", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "40", + "tcp.analysis.push_bytes_sent": "2880" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "35", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:e8:10:e9:dc:06:3d:b8:f8:7f:85:ee:d8:1f:66:b3:9a:20:51:6d:82:61:5f:d6:b5:40:d2:87:86" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:04.299480000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494884.299480000", + "frame.time_delta": "0.145859000", + "frame.time_delta_displayed": "0.145859000", + "frame.time_relative": "1292.838794000", + "frame.number": "4626", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000ff4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd9d", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "469", + "tcp.ack": "4958", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fc03", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4625", + "tcp.analysis.ack_rtt": "0.145859000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:04.299567000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494884.299567000", + "frame.time_delta": "0.000087000", + "frame.time_delta_displayed": "0.000087000", + "frame.time_relative": "1292.838881000", + "frame.number": "4627", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00000ff5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd78", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "36", + "tcp.seq": "469", + "tcp.nxtseq": "505", + "tcp.ack": "4958", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a327", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "36", + "tcp.analysis.push_bytes_sent": "36" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "31", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:6d:3b:45:e6:c3:fb:74:16:70:ba:03:0d:d4:84:96:53:d9:50:01:f8:ef:d2:cb:d7" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:04.339496000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494884.339496000", + "frame.time_delta": "0.039929000", + "frame.time_delta_displayed": "0.039929000", + "frame.time_relative": "1292.878810000", + "frame.number": "4628", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000580c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a685", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "4958", + "tcp.ack": "505", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f169", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4627", + "tcp.analysis.ack_rtt": "0.039929000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:04.912275000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494884.912275000", + "frame.time_delta": "0.572779000", + "frame.time_delta_displayed": "0.572779000", + "frame.time_relative": "1293.451589000", + "frame.number": "4629", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:06.595866000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494886.595866000", + "frame.time_delta": "1.683591000", + "frame.time_delta_displayed": "1.683591000", + "frame.time_relative": "1295.135180000", + "frame.number": "4630", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005d43", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005aa6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:07.642747000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494887.642747000", + "frame.time_delta": "1.046881000", + "frame.time_delta_displayed": "1.046881000", + "frame.time_relative": "1296.182061000", + "frame.number": "4631", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f2d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b8c3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001279", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000027d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=637", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:07.643277000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494887.643277000", + "frame.time_delta": "0.000530000", + "frame.time_delta_displayed": "0.000530000", + "frame.time_relative": "1296.182591000", + "frame.number": "4632", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f2e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000099be", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f374", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000027d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=637", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:07.643878000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494887.643878000", + "frame.time_delta": "0.000601000", + "frame.time_delta_displayed": "0.000601000", + "frame.time_relative": "1296.183192000", + "frame.number": "4633", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000813a", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000027d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=637", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:09.300195000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494889.300195000", + "frame.time_delta": "1.656317000", + "frame.time_delta_displayed": "1.656317000", + "frame.time_relative": "1297.839509000", + "frame.number": "4634", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:09.300651000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494889.300651000", + "frame.time_delta": "0.000456000", + "frame.time_delta_displayed": "0.000456000", + "frame.time_relative": "1297.839965000", + "frame.number": "4635", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:12.643357000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494892.643357000", + "frame.time_delta": "3.342706000", + "frame.time_delta_displayed": "3.342706000", + "frame.time_relative": "1301.182671000", + "frame.number": "4636", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f32", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b8be", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001279", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000027d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=637", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:12.643674000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494892.643674000", + "frame.time_delta": "0.000317000", + "frame.time_delta_displayed": "0.000317000", + "frame.time_relative": "1301.182988000", + "frame.number": "4637", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f33", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000099b9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f374", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000027d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=637", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:12.644252000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494892.644252000", + "frame.time_delta": "0.000578000", + "frame.time_delta_displayed": "0.000578000", + "frame.time_relative": "1301.183566000", + "frame.number": "4638", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000813a", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000027d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=637", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:15.037538000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494895.037538000", + "frame.time_delta": "2.393286000", + "frame.time_delta_displayed": "2.393286000", + "frame.time_relative": "1303.576852000", + "frame.number": "4639", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000fa02", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Include Mode": { + "igmp.record_type": "3", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:17.644220000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494897.644220000", + "frame.time_delta": "2.606682000", + "frame.time_delta_displayed": "2.606682000", + "frame.time_relative": "1306.183534000", + "frame.number": "4640", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f34", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b8bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001279", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000027d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=637", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:17.644578000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494897.644578000", + "frame.time_delta": "0.000358000", + "frame.time_delta_displayed": "0.000358000", + "frame.time_relative": "1306.183892000", + "frame.number": "4641", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f35", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000099b7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f374", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000027d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=637", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:17.644991000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494897.644991000", + "frame.time_delta": "0.000413000", + "frame.time_delta_displayed": "0.000413000", + "frame.time_relative": "1306.184305000", + "frame.number": "4642", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000813a", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000027d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=637", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:25.354827000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494905.354827000", + "frame.time_delta": "7.709836000", + "frame.time_delta_displayed": "7.709836000", + "frame.time_relative": "1313.894141000", + "frame.number": "4643", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00000b6b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed4b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "58", + "udp.checksum": "0x0000851f", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "32:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:44:a8:30:37:9e:cd:f2:14:11:00:00:00:e2:86:01:3d:28:35:02:00:86:a0:01:00:00:00", + "data.len": "50" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:27.644050000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494907.644050000", + "frame.time_delta": "2.289223000", + "frame.time_delta_displayed": "2.289223000", + "frame.time_relative": "1316.183364000", + "frame.number": "4644", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f38", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b8b8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001178", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000027e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=638", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:27.644499000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494907.644499000", + "frame.time_delta": "0.000449000", + "frame.time_delta_displayed": "0.000449000", + "frame.time_relative": "1316.183813000", + "frame.number": "4645", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f39", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000099b3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f273", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000027e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=638", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:27.645031000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494907.645031000", + "frame.time_delta": "0.000532000", + "frame.time_delta_displayed": "0.000532000", + "frame.time_relative": "1316.184345000", + "frame.number": "4646", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008039", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000027e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=638", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:27.955714000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494907.955714000", + "frame.time_delta": "0.310683000", + "frame.time_delta_displayed": "0.310683000", + "frame.time_relative": "1316.495028000", + "frame.number": "4647", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009624", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000772a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "61325", + "tcp.nxtseq": "61374", + "tcp.ack": "13036", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007d2d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:b3:32:a7:9f:e2:ac", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2536242, TSecr 2812273324": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2536242", + "tcp.options.timestamp.tsecr": "2812273324" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:d8:fb:d8:20:97:12:b3:0e:3b:69:d5:1b:40:53:f4:d6:23:e2:5b:13:86:39:f6:7d:56:0b:c2:8e:1e:3f:33:10:e9:ca:fd:6d:e2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:28.016395000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494908.016395000", + "frame.time_delta": "0.060681000", + "frame.time_delta_displayed": "0.060681000", + "frame.time_relative": "1316.555709000", + "frame.number": "4648", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002d24", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003824", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "13036", + "tcp.nxtseq": "13091", + "tcp.ack": "61374", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c018", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:01:08:00:26:b3:32", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812281096, TSecr 2536242": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812281096", + "tcp.options.timestamp.tsecr": "2536242" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4647", + "tcp.analysis.ack_rtt": "0.060681000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:8e:7d:4f:3c:b9:d1:7c:2f:8c:15:7a:be:3d:84:15:00:d9:6c:24:76:21:a2:5d:ab:83:16:b4:c7:a1:5a:ef:d2:60:0d:80:a7:0f:43:d7:e4:5a:5f:c3" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:28.016898000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494908.016898000", + "frame.time_delta": "0.000503000", + "frame.time_delta_displayed": "0.000503000", + "frame.time_relative": "1316.556212000", + "frame.number": "4649", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009625", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000775a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "61374", + "tcp.ack": "13091", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d079", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:b3:38:a7:a0:01:08", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2536248, TSecr 2812281096": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2536248", + "tcp.options.timestamp.tsecr": "2812281096" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4648", + "tcp.analysis.ack_rtt": "0.000503000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:28.852238000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494908.852238000", + "frame.time_delta": "0.835340000", + "frame.time_delta_displayed": "0.835340000", + "frame.time_relative": "1317.391552000", + "frame.number": "4650", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:32.644146000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494912.644146000", + "frame.time_delta": "3.791908000", + "frame.time_delta_displayed": "3.791908000", + "frame.time_relative": "1321.183460000", + "frame.number": "4651", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f3a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b8b6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001178", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000027e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=638", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:32.644662000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494912.644662000", + "frame.time_delta": "0.000516000", + "frame.time_delta_displayed": "0.000516000", + "frame.time_relative": "1321.183976000", + "frame.number": "4652", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f3b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000099b1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f273", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000027e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=638", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:32.645294000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494912.645294000", + "frame.time_delta": "0.000632000", + "frame.time_delta_displayed": "0.000632000", + "frame.time_relative": "1321.184608000", + "frame.number": "4653", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008039", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000027e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=638", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:34.339466000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494914.339466000", + "frame.time_delta": "1.694172000", + "frame.time_delta_displayed": "1.694172000", + "frame.time_relative": "1322.878780000", + "frame.number": "4654", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000580d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a684", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "4957", + "tcp.ack": "505", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f16a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:34.482715000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494914.482715000", + "frame.time_delta": "0.143249000", + "frame.time_delta_displayed": "0.143249000", + "frame.time_relative": "1323.022029000", + "frame.number": "4655", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000ff6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd9b", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "505", + "tcp.ack": "4958", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fbdf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:36.616220000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494916.616220000", + "frame.time_delta": "2.133505000", + "frame.time_delta_displayed": "2.133505000", + "frame.time_relative": "1325.155534000", + "frame.number": "4656", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005d4a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005a9f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:37.644315000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494917.644315000", + "frame.time_delta": "1.028095000", + "frame.time_delta_displayed": "1.028095000", + "frame.time_relative": "1326.183629000", + "frame.number": "4657", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f3c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b8b4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001178", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000027e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=638", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:37.644765000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494917.644765000", + "frame.time_delta": "0.000450000", + "frame.time_delta_displayed": "0.000450000", + "frame.time_relative": "1326.184079000", + "frame.number": "4658", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f3d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000099af", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f273", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000027e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=638", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:37.645441000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494917.645441000", + "frame.time_delta": "0.000676000", + "frame.time_delta_displayed": "0.000676000", + "frame.time_relative": "1326.184755000", + "frame.number": "4659", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008039", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000027e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=638", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:43.625161000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494923.625161000", + "frame.time_delta": "5.979720000", + "frame.time_delta_displayed": "5.979720000", + "frame.time_relative": "1332.164475000", + "frame.number": "4660", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000fa02", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Include Mode": { + "igmp.record_type": "3", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:43.904564000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494923.904564000", + "frame.time_delta": "0.279403000", + "frame.time_delta_displayed": "0.279403000", + "frame.time_relative": "1332.443878000", + "frame.number": "4661", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00008f71", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000049e8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000001", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:43.904795000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494923.904795000", + "frame.time_delta": "0.000231000", + "frame.time_delta_displayed": "0.000231000", + "frame.time_relative": "1332.444109000", + "frame.number": "4662", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000f902", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Exclude Mode": { + "igmp.record_type": "4", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:43.919872000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494923.919872000", + "frame.time_delta": "0.015077000", + "frame.time_delta_displayed": "0.015077000", + "frame.time_relative": "1332.459186000", + "frame.number": "4663", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000f902", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Exclude Mode": { + "igmp.record_type": "4", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:43.919975000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494923.919975000", + "frame.time_delta": "0.000103000", + "frame.time_delta_displayed": "0.000103000", + "frame.time_relative": "1332.459289000", + "frame.number": "4664", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00008f73", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000049e6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000001", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:44.191329000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494924.191329000", + "frame.time_delta": "0.271354000", + "frame.time_delta_displayed": "0.271354000", + "frame.time_relative": "1332.730643000", + "frame.number": "4665", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:57:18:8e:aa:94", + "arp.src.proto_ipv4": "192.168.0.108", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:44.383876000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494924.383876000", + "frame.time_delta": "0.192547000", + "frame.time_delta_displayed": "0.192547000", + "frame.time_relative": "1332.923190000", + "frame.number": "4666", + "frame.len": "88", + "frame.cap_len": "88", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "74", + "ip.id": "0x00008fd8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000049b1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "54", + "udp.checksum": "0x0000fd7d", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_services._dns-sd._udp.local", + "dns.qry.name.len": "28", + "dns.count.labels": "4", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:44.384035000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494924.384035000", + "frame.time_delta": "0.000159000", + "frame.time_delta_displayed": "0.000159000", + "frame.time_relative": "1332.923349000", + "frame.number": "4667", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x00008fd9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000049b5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:44.384181000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494924.384181000", + "frame.time_delta": "0.000146000", + "frame.time_delta_displayed": "0.000146000", + "frame.time_relative": "1332.923495000", + "frame.number": "4668", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x00008fda", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000049b4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:44.402053000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494924.402053000", + "frame.time_delta": "0.017872000", + "frame.time_delta_displayed": "0.017872000", + "frame.time_relative": "1332.941367000", + "frame.number": "4669", + "frame.len": "211", + "frame.cap_len": "211", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "197", + "ip.id": "0x00006ab4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00006ddd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "177", + "udp.checksum": "0x00009320", + "udp.checksum.status": "2", + "udp.stream": "45" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "4", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { + "dns.resp.name": "_smartthings._tcp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "19", + "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { + "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "4500", + "dns.resp.len": "38", + "dns.txt.length": "6", + "dns.txt": "path=\/", + "dns.txt.length": "19", + "dns.txt": "id=D052A8A1D7EE0001", + "dns.txt.length": "10", + "dns.txt": "type=hubv2" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { + "dns.srv.service": "D052A8A1D7EE0001", + "dns.srv.proto": "_smartthings", + "dns.srv.name": "_tcp.local", + "dns.resp.type": "33", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "25", + "dns.srv.priority": "0", + "dns.srv.weight": "0", + "dns.srv.port": "8081", + "dns.srv.target": "D052A8A1D7EE0001.local" + }, + "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { + "dns.resp.name": "D052A8A1D7EE0001.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "4", + "dns.a": "192.168.0.242" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:44.577615000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494924.577615000", + "frame.time_delta": "0.175562000", + "frame.time_delta_displayed": "0.175562000", + "frame.time_relative": "1333.116929000", + "frame.number": "4670", + "frame.len": "107", + "frame.cap_len": "107", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "93", + "ip.id": "0x000066b7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000072ed", + "ip.checksum.status": "2", + "ip.src": "192.168.0.71", + "ip.addr": "192.168.0.71", + "ip.src_host": "192.168.0.71", + "ip.host": "192.168.0.71", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "73", + "udp.checksum": "0x0000791d", + "udp.checksum.status": "2", + "udp.stream": "46" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _http._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "13", + "dns.ptr.domain_name": "_http._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:44.634183000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494924.634183000", + "frame.time_delta": "0.056568000", + "frame.time_delta_displayed": "0.056568000", + "frame.time_relative": "1333.173497000", + "frame.number": "4671", + "frame.len": "114", + "frame.cap_len": "114", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "74:da:38:0d:05:55", + "eth.src_tree": { + "eth.src_resolved": "EdimaxTe_0d:05:55", + "eth.addr": "74:da:38:0d:05:55", + "eth.addr_resolved": "EdimaxTe_0d:05:55", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "100", + "ip.id": "0x0000caa6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00000ec7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.119", + "ip.addr": "192.168.0.119", + "ip.src_host": "192.168.0.119", + "ip.host": "192.168.0.119", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "80", + "udp.checksum": "0x00004200", + "udp.checksum.status": "2", + "udp.stream": "47" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _workstation._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "20", + "dns.ptr.domain_name": "_workstation._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:44.649804000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494924.649804000", + "frame.time_delta": "0.015621000", + "frame.time_delta_displayed": "0.015621000", + "frame.time_relative": "1333.189118000", + "frame.number": "4672", + "frame.len": "88", + "frame.cap_len": "88", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "74", + "ip.id": "0x00008fdf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000049aa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "54", + "udp.checksum": "0x0000fd7d", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_services._dns-sd._udp.local", + "dns.qry.name.len": "28", + "dns.count.labels": "4", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:44.650035000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494924.650035000", + "frame.time_delta": "0.000231000", + "frame.time_delta_displayed": "0.000231000", + "frame.time_relative": "1333.189349000", + "frame.number": "4673", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x00008fe0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000049ae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:44.650177000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494924.650177000", + "frame.time_delta": "0.000142000", + "frame.time_delta_displayed": "0.000142000", + "frame.time_relative": "1333.189491000", + "frame.number": "4674", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x00008fe1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000049ad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:44.650726000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494924.650726000", + "frame.time_delta": "0.000549000", + "frame.time_delta_displayed": "0.000549000", + "frame.time_relative": "1333.190040000", + "frame.number": "4675", + "frame.len": "108", + "frame.cap_len": "108", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "90:8d:78:e3:81:0c", + "eth.src_tree": { + "eth.src_resolved": "D-LinkIn_e3:81:0c", + "eth.addr": "90:8d:78:e3:81:0c", + "eth.addr_resolved": "D-LinkIn_e3:81:0c", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "94", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000d8fa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.240", + "ip.addr": "192.168.0.240", + "ip.src_host": "192.168.0.240", + "ip.host": "192.168.0.240", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "74", + "udp.checksum": "0x00009b02", + "udp.checksum.status": "2", + "udp.stream": "49" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "14", + "dns.ptr.domain_name": "_dhnap._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:44.655392000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494924.655392000", + "frame.time_delta": "0.004666000", + "frame.time_delta_displayed": "0.004666000", + "frame.time_relative": "1333.194706000", + "frame.number": "4676", + "frame.len": "108", + "frame.cap_len": "108", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "c4:12:f5:e3:dc:17", + "eth.src_tree": { + "eth.src_resolved": "D-LinkIn_e3:dc:17", + "eth.addr": "c4:12:f5:e3:dc:17", + "eth.addr_resolved": "D-LinkIn_e3:dc:17", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "94", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000d963", + "ip.checksum.status": "2", + "ip.src": "192.168.0.135", + "ip.addr": "192.168.0.135", + "ip.src_host": "192.168.0.135", + "ip.host": "192.168.0.135", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "74", + "udp.checksum": "0x00009b6b", + "udp.checksum.status": "2", + "udp.stream": "48" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "14", + "dns.ptr.domain_name": "_dhnap._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:44.683512000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494924.683512000", + "frame.time_delta": "0.028120000", + "frame.time_delta_displayed": "0.028120000", + "frame.time_relative": "1333.222826000", + "frame.number": "4677", + "frame.len": "108", + "frame.cap_len": "108", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "c4:12:f5:de:38:20", + "eth.src_tree": { + "eth.src_resolved": "D-LinkIn_de:38:20", + "eth.addr": "c4:12:f5:de:38:20", + "eth.addr_resolved": "D-LinkIn_de:38:20", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "94", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000d995", + "ip.checksum.status": "2", + "ip.src": "192.168.0.85", + "ip.addr": "192.168.0.85", + "ip.src_host": "192.168.0.85", + "ip.host": "192.168.0.85", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "74", + "udp.checksum": "0x00009b9d", + "udp.checksum.status": "2", + "udp.stream": "50" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "14", + "dns.ptr.domain_name": "_dhnap._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:44.837108000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494924.837108000", + "frame.time_delta": "0.153596000", + "frame.time_delta_displayed": "0.153596000", + "frame.time_relative": "1333.376422000", + "frame.number": "4678", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x00008feb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000049a3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:44.837265000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494924.837265000", + "frame.time_delta": "0.000157000", + "frame.time_delta_displayed": "0.000157000", + "frame.time_relative": "1333.376579000", + "frame.number": "4679", + "frame.len": "88", + "frame.cap_len": "88", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "74", + "ip.id": "0x00008fec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000499d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "54", + "udp.checksum": "0x0000fd7d", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_services._dns-sd._udp.local", + "dns.qry.name.len": "28", + "dns.count.labels": "4", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:44.838923000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494924.838923000", + "frame.time_delta": "0.001658000", + "frame.time_delta_displayed": "0.001658000", + "frame.time_relative": "1333.378237000", + "frame.number": "4680", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x00008fed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000049a1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:44.935518000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494924.935518000", + "frame.time_delta": "0.096595000", + "frame.time_delta_displayed": "0.096595000", + "frame.time_relative": "1333.474832000", + "frame.number": "4681", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00008ffe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000495b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000002", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:45.183538000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494925.183538000", + "frame.time_delta": "0.248020000", + "frame.time_delta_displayed": "0.248020000", + "frame.time_relative": "1333.722852000", + "frame.number": "4682", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00009010", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004972", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "61", + "udp.checksum": "0x0000e855", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "192-168-0-117.local: type ANY, class IN, \"QM\" question": { + "dns.qry.name": "192-168-0-117.local", + "dns.qry.name.len": "19", + "dns.count.labels": "2", + "dns.qry.type": "255", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + }, + "Authoritative nameservers": { + "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "3599", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:46.035268000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494926.035268000", + "frame.time_delta": "0.851730000", + "frame.time_delta_displayed": "0.851730000", + "frame.time_relative": "1334.574582000", + "frame.number": "4683", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00009038", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004921", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:46.220553000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494926.220553000", + "frame.time_delta": "0.185285000", + "frame.time_delta_displayed": "0.185285000", + "frame.time_relative": "1334.759867000", + "frame.number": "4684", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x0000907f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004903", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "61", + "udp.checksum": "0x0000e755", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "192-168-0-117.local: type ANY, class IN, \"QM\" question": { + "dns.qry.name": "192-168-0-117.local", + "dns.qry.name.len": "19", + "dns.count.labels": "2", + "dns.qry.type": "255", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + }, + "Authoritative nameservers": { + "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "3600", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:47.161021000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494927.161021000", + "frame.time_delta": "0.940468000", + "frame.time_delta_displayed": "0.940468000", + "frame.time_relative": "1335.700335000", + "frame.number": "4685", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x000090ae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000048d4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "61", + "udp.checksum": "0x0000e755", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "192-168-0-117.local: type ANY, class IN, \"QM\" question": { + "dns.qry.name": "192-168-0-117.local", + "dns.qry.name.len": "19", + "dns.count.labels": "2", + "dns.qry.type": "255", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + }, + "Authoritative nameservers": { + "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "3600", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:48.058349000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494928.058349000", + "frame.time_delta": "0.897328000", + "frame.time_delta_displayed": "0.897328000", + "frame.time_relative": "1336.597663000", + "frame.number": "4686", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000f902", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Exclude Mode": { + "igmp.record_type": "4", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:48.196358000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494928.196358000", + "frame.time_delta": "0.138009000", + "frame.time_delta_displayed": "0.138009000", + "frame.time_relative": "1336.735672000", + "frame.number": "4687", + "frame.len": "89", + "frame.cap_len": "89", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "75", + "ip.id": "0x000090cf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000048b9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "55", + "udp.checksum": "0x00006fa3", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.response_to": "4685", + "dns.time": "1.035337000", + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "192-168-0-117.local: type A, class IN, cache flush, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "3600", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:48.252447000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494928.252447000", + "frame.time_delta": "0.056089000", + "frame.time_delta_displayed": "0.056089000", + "frame.time_relative": "1336.791761000", + "frame.number": "4688", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000ec9f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000dcb7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:48.305332000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494928.305332000", + "frame.time_delta": "0.052885000", + "frame.time_delta_displayed": "0.052885000", + "frame.time_relative": "1336.844646000", + "frame.number": "4689", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000eca2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000dcb4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:48.358168000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494928.358168000", + "frame.time_delta": "0.052836000", + "frame.time_delta_displayed": "0.052836000", + "frame.time_relative": "1336.897482000", + "frame.number": "4690", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000eca4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000dca9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:48.411079000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494928.411079000", + "frame.time_delta": "0.052911000", + "frame.time_delta_displayed": "0.052911000", + "frame.time_relative": "1336.950393000", + "frame.number": "4691", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000eca7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000dca6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:48.463923000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494928.463923000", + "frame.time_delta": "0.052844000", + "frame.time_delta_displayed": "0.052844000", + "frame.time_relative": "1337.003237000", + "frame.number": "4692", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000ecaa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000dca9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:48.516782000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494928.516782000", + "frame.time_delta": "0.052859000", + "frame.time_delta_displayed": "0.052859000", + "frame.time_relative": "1337.056096000", + "frame.number": "4693", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000ecaf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000dca4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:49.163906000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494929.163906000", + "frame.time_delta": "0.647124000", + "frame.time_delta_displayed": "0.647124000", + "frame.time_relative": "1337.703220000", + "frame.number": "4694", + "frame.len": "89", + "frame.cap_len": "89", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "75", + "ip.id": "0x000090ff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004889", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "55", + "udp.checksum": "0x00006fa3", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.response_to": "4685", + "dns.time": "2.002885000", + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "192-168-0-117.local: type A, class IN, cache flush, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "3600", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:49.711472000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494929.711472000", + "frame.time_delta": "0.547566000", + "frame.time_delta_displayed": "0.547566000", + "frame.time_relative": "1338.250786000", + "frame.number": "4695", + "frame.len": "145", + "frame.cap_len": "145", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "131", + "ip.id": "0x00002d25", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000380b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "79", + "tcp.seq": "13091", + "tcp.nxtseq": "13170", + "tcp.ack": "61374", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000a6e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:16:38:00:26:b3:38", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812286520, TSecr 2536248": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812286520", + "tcp.options.timestamp.tsecr": "2536248" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "79", + "tcp.analysis.push_bytes_sent": "79" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "74", + "ssl.app_data": "34:cd:34:17:47:48:0e:8f:e5:72:b9:68:de:7c:0f:4e:51:e4:01:0c:9a:e8:99:3e:3a:8b:da:dd:45:8e:e5:a9:a0:b6:26:19:97:d0:b6:5e:11:34:59:41:9b:e7:17:d5:70:37:ef:5a:58:ea:e0:11:ba:54:c8:4f:e7:05:57:61:b8:1a:13:57:fe:2a:c2:f8:43:d1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:49.712036000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494929.712036000", + "frame.time_delta": "0.000564000", + "frame.time_delta_displayed": "0.000564000", + "frame.time_relative": "1338.251350000", + "frame.number": "4696", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009626", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007759", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "61374", + "tcp.ack": "13170", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b281", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:bb:b1:a7:a0:16:38", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2538417, TSecr 2812286520": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2538417", + "tcp.options.timestamp.tsecr": "2812286520" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4695", + "tcp.analysis.ack_rtt": "0.000564000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:49.715723000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494929.715723000", + "frame.time_delta": "0.003687000", + "frame.time_delta_displayed": "0.003687000", + "frame.time_relative": "1338.255037000", + "frame.number": "4697", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00009627", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007729", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "61374", + "tcp.nxtseq": "61421", + "tcp.ack": "13170", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e9df", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:bb:b2:a7:a0:16:38", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2538418, TSecr 2812286520": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2538418", + "tcp.options.timestamp.tsecr": "2812286520" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:d9:6d:dd:70:fc:8c:4b:a7:b3:54:6d:5e:95:22:71:21:fa:f1:b4:45:aa:ca:75:13:ea:90:f4:e9:eb:05:43:b7:52:f1:72" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:49.814356000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494929.814356000", + "frame.time_delta": "0.098633000", + "frame.time_delta_displayed": "0.098633000", + "frame.time_relative": "1338.353670000", + "frame.number": "4698", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d26", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003859", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "13170", + "tcp.ack": "61421", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b326", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:16:52:00:26:bb:b2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812286546, TSecr 2538418": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812286546", + "tcp.options.timestamp.tsecr": "2538418" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4697", + "tcp.analysis.ack_rtt": "0.098633000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:49.889370000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494929.889370000", + "frame.time_delta": "0.075014000", + "frame.time_delta_displayed": "0.075014000", + "frame.time_relative": "1338.428684000", + "frame.number": "4699", + "frame.len": "409", + "frame.cap_len": "409", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "395", + "ip.id": "0x00009628", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007600", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "343", + "tcp.seq": "61421", + "tcp.nxtseq": "61764", + "tcp.ack": "13170", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004b40", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:bb:c3:a7:a0:16:52", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2538435, TSecr 2812286546": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2538435", + "tcp.options.timestamp.tsecr": "2812286546" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "343", + "tcp.analysis.push_bytes_sent": "343" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "338", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:da:9d:64:e7:8e:1c:4f:85:f1:fc:8c:a8:b3:b8:68:4e:de:27:eb:fb:0a:d6:35:3d:2d:98:6e:46:a5:c5:ad:6c:b5:85:71:f6:00:1e:f9:58:bc:b9:1d:e6:41:a6:b0:62:12:09:7d:35:76:fd:af:7e:19:92:99:12:0c:48:97:e1:7e:2a:f5:ad:07:38:a9:f4:32:8f:7e:77:ba:c2:cf:1a:01:53:bb:ba:d4:0c:9c:eb:71:a9:c9:f2:b1:37:63:8d:7c:1e:dd:04:91:06:a5:4a:c5:b4:21:5d:28:5f:bf:ea:6b:cf:4c:9b:7f:c7:62:10:d1:5a:70:de:25:f7:cc:6c:46:b6:f1:26:b4:d3:1c:bf:57:a0:14:c8:72:2f:0d:e6:92:32:7f:48:a4:6e:ce:65:13:ff:e3:0b:ca:e9:74:e7:95:6a:33:00:b0:ff:2c:06:7e:44:dc:a1:31:27:41:92:2b:a2:1a:65:0b:fd:6a:a1:85:82:c9:1a:26:1f:30:6c:be:06:2a:a1:5a:2e:6d:6d:62:58:61:93:b2:01:e3:6c:22:d0:9e:88:6f:04:92:1c:10:be:18:f9:dd:e5:01:00:68:1f:18:23:23:04:8f:3a:c9:39:a6:49:0f:35:98:1c:59:26:00:2f:8a:95:dc:f6:51:fa:19:4c:b7:a1:e0:76:27:86:24:d2:34:00:72:c8:92:8b:27:61:4a:76:ef:1f:ff:39:21:cb:63:11:74:29:20:64:20:2e:b3:a0:83:13:e3:04:a3:06:bf:34:e6:be:09:4d:ce:6e:09:62:47:f7:be:2e:91:93:da:2c:6c:67:68:16:08:d5:0e:a4:44:c9:a5:23:9b:1b:49:38:62:d4:38:a5:f3" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:49.950297000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494929.950297000", + "frame.time_delta": "0.060927000", + "frame.time_delta_displayed": "0.060927000", + "frame.time_relative": "1338.489611000", + "frame.number": "4700", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d27", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003858", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "13170", + "tcp.ack": "61764", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b19d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:16:73:00:26:bb:c3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812286579, TSecr 2538435": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812286579", + "tcp.options.timestamp.tsecr": "2538435" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4699", + "tcp.analysis.ack_rtt": "0.060927000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:49.950820000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494929.950820000", + "frame.time_delta": "0.000523000", + "frame.time_delta_displayed": "0.000523000", + "frame.time_relative": "1338.490134000", + "frame.number": "4701", + "frame.len": "411", + "frame.cap_len": "411", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "397", + "ip.id": "0x00009629", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "345", + "tcp.seq": "61764", + "tcp.nxtseq": "62109", + "tcp.ack": "13170", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cc7c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:bb:c9:a7:a0:16:73", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2538441, TSecr 2812286579": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2538441", + "tcp.options.timestamp.tsecr": "2812286579" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "345", + "tcp.analysis.push_bytes_sent": "345" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "340", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:db:b9:b2:9f:60:9f:13:3b:25:02:ac:29:43:ec:a7:40:f2:2d:e9:84:b1:e9:14:bd:62:8b:97:a2:6b:cf:b0:65:cf:28:87:1b:38:6f:6b:01:c3:15:26:c6:06:13:5b:4c:2a:93:fd:49:89:01:17:a2:22:dd:00:5c:77:35:b9:82:78:60:2d:0c:6c:b3:60:63:24:d2:27:da:d3:5a:42:99:ac:ef:cd:14:1f:46:4f:8c:fd:52:f2:bf:f6:90:82:7c:27:f3:6d:57:68:8e:10:b3:72:49:3f:71:48:fb:26:86:b0:b1:1c:10:9c:1e:ea:84:20:32:5a:fd:26:6e:cd:9c:0c:ab:cf:07:96:0e:14:03:53:99:fa:75:0e:e2:fb:68:99:45:3a:69:54:e7:88:82:c9:07:e6:d5:e1:13:80:ca:f8:1d:9b:01:a2:93:96:45:80:bb:93:7b:5e:49:3c:4c:ce:07:ba:a5:26:79:54:b5:87:aa:cf:19:4d:17:96:9f:30:5d:5f:bb:68:e9:05:78:65:78:3b:4e:98:f7:08:f0:72:63:2d:74:0c:ab:24:9e:ec:c7:b3:5d:8e:08:1b:50:40:fd:ec:58:ca:0b:40:b0:de:00:af:45:24:d0:67:97:70:0b:3f:71:fa:23:b1:e0:37:b7:1c:97:6e:d2:e8:37:5e:23:0e:3c:11:2d:1e:08:02:46:0b:f0:29:23:ee:72:83:a3:58:bf:5e:40:ed:8a:3d:0b:0e:30:6f:e8:96:15:e5:05:1f:3b:29:bc:0d:a2:3a:5b:fc:ad:02:9c:14:a3:46:05:1c:23:53:a0:40:74:a6:f7:17:ee:52:00:35:88:1b:f8:60:95:38:39:e3:b7:c3:b2:37:7c:23" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:49.950950000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494929.950950000", + "frame.time_delta": "0.000130000", + "frame.time_delta_displayed": "0.000130000", + "frame.time_relative": "1338.490264000", + "frame.number": "4702", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d28", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003828", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "13170", + "tcp.nxtseq": "13217", + "tcp.ack": "61764", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004c1c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:16:74:00:26:bb:c3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812286580, TSecr 2538435": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812286580", + "tcp.options.timestamp.tsecr": "2538435" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:90:3d:a1:84:00:6e:e1:17:bf:1f:3b:5b:11:55:15:6d:7e:c6:2f:f4:4b:f8:a7:da:41:79:91:ac:5b:41:14:c4:1b:49:bf" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:49.983053000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494929.983053000", + "frame.time_delta": "0.032103000", + "frame.time_delta_displayed": "0.032103000", + "frame.time_relative": "1338.522367000", + "frame.number": "4703", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000962a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007755", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "62109", + "tcp.ack": "13217", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000af1b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:bb:cd:a7:a0:16:74", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2538445, TSecr 2812286580": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2538445", + "tcp.options.timestamp.tsecr": "2812286580" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4702", + "tcp.analysis.ack_rtt": "0.032103000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:50.011622000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494930.011622000", + "frame.time_delta": "0.028569000", + "frame.time_delta_displayed": "0.028569000", + "frame.time_relative": "1338.550936000", + "frame.number": "4704", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d29", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003827", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "13217", + "tcp.nxtseq": "13264", + "tcp.ack": "62109", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000010c4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:16:83:00:26:bb:c9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812286595, TSecr 2538441": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812286595", + "tcp.options.timestamp.tsecr": "2538441" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4701", + "tcp.analysis.ack_rtt": "0.060802000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:91:ce:b4:6c:03:f7:87:fc:89:50:8c:93:f2:b7:db:a0:55:9a:14:e4:19:99:a9:44:69:b0:fb:fa:45:fb:00:58:a9:7b:f5" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:50.012114000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494930.012114000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "1338.551428000", + "frame.number": "4705", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000962b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007754", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "62109", + "tcp.ack": "13264", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000aedb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:bb:cf:a7:a0:16:83", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2538447, TSecr 2812286595": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2538447", + "tcp.options.timestamp.tsecr": "2812286595" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4704", + "tcp.analysis.ack_rtt": "0.000492000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:52.645275000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494932.645275000", + "frame.time_delta": "2.633161000", + "frame.time_delta_displayed": "2.633161000", + "frame.time_relative": "1341.184589000", + "frame.number": "4706", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f41", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b8af", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001077", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000027f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=639", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:52.645807000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494932.645807000", + "frame.time_delta": "0.000532000", + "frame.time_delta_displayed": "0.000532000", + "frame.time_relative": "1341.185121000", + "frame.number": "4707", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f42", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000099aa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f172", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000027f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=639", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:52.646425000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494932.646425000", + "frame.time_delta": "0.000618000", + "frame.time_delta_displayed": "0.000618000", + "frame.time_relative": "1341.185739000", + "frame.number": "4708", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007f38", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000027f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=639", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:54.721156000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494934.721156000", + "frame.time_delta": "2.074731000", + "frame.time_delta_displayed": "2.074731000", + "frame.time_relative": "1343.260470000", + "frame.number": "4709", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:54.721692000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494934.721692000", + "frame.time_delta": "0.000536000", + "frame.time_delta_displayed": "0.000536000", + "frame.time_relative": "1343.261006000", + "frame.number": "4710", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:57.645550000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494937.645550000", + "frame.time_delta": "2.923858000", + "frame.time_delta_displayed": "2.923858000", + "frame.time_relative": "1346.184864000", + "frame.number": "4711", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f43", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b8ad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001077", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000027f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=639", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:57.646063000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494937.646063000", + "frame.time_delta": "0.000513000", + "frame.time_delta_displayed": "0.000513000", + "frame.time_relative": "1346.185377000", + "frame.number": "4712", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f44", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000099a8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f172", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000027f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=639", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:08:57.646671000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494937.646671000", + "frame.time_delta": "0.000608000", + "frame.time_delta_displayed": "0.000608000", + "frame.time_relative": "1346.185985000", + "frame.number": "4713", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007f38", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000027f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=639", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:01.707386000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494941.707386000", + "frame.time_delta": "4.060715000", + "frame.time_delta_displayed": "4.060715000", + "frame.time_relative": "1350.246700000", + "frame.number": "4714", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:01.929347000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494941.929347000", + "frame.time_delta": "0.221961000", + "frame.time_delta_displayed": "0.221961000", + "frame.time_relative": "1350.468661000", + "frame.number": "4715", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:01.969093000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494941.969093000", + "frame.time_delta": "0.039746000", + "frame.time_delta_displayed": "0.039746000", + "frame.time_relative": "1350.508407000", + "frame.number": "4716", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:01.990314000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494941.990314000", + "frame.time_delta": "0.021221000", + "frame.time_delta_displayed": "0.021221000", + "frame.time_relative": "1350.529628000", + "frame.number": "4717", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:02.075010000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494942.075010000", + "frame.time_delta": "0.084696000", + "frame.time_delta_displayed": "0.084696000", + "frame.time_relative": "1350.614324000", + "frame.number": "4718", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:02.645676000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494942.645676000", + "frame.time_delta": "0.570666000", + "frame.time_delta_displayed": "0.570666000", + "frame.time_relative": "1351.184990000", + "frame.number": "4719", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f45", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b8ab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001077", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000027f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=639", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:02.646175000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494942.646175000", + "frame.time_delta": "0.000499000", + "frame.time_delta_displayed": "0.000499000", + "frame.time_relative": "1351.185489000", + "frame.number": "4720", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f46", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000099a6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f172", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000027f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=639", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:02.647281000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494942.647281000", + "frame.time_delta": "0.001106000", + "frame.time_delta_displayed": "0.001106000", + "frame.time_relative": "1351.186595000", + "frame.number": "4721", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007f38", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000027f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=639", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:04.479427000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494944.479427000", + "frame.time_delta": "1.832146000", + "frame.time_delta_displayed": "1.832146000", + "frame.time_relative": "1353.018741000", + "frame.number": "4722", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000580e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a683", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "4957", + "tcp.ack": "505", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f16a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:04.629337000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494944.629337000", + "frame.time_delta": "0.149910000", + "frame.time_delta_displayed": "0.149910000", + "frame.time_relative": "1353.168651000", + "frame.number": "4723", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000ff7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd9a", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "505", + "tcp.ack": "4958", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fbdf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:05.927404000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494945.927404000", + "frame.time_delta": "1.298067000", + "frame.time_delta_displayed": "1.298067000", + "frame.time_relative": "1354.466718000", + "frame.number": "4724", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000a484", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000034d5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:06.626382000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494946.626382000", + "frame.time_delta": "0.698978000", + "frame.time_delta_displayed": "0.698978000", + "frame.time_relative": "1355.165696000", + "frame.number": "4725", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005d51", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005a98", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:07.174018000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494947.174018000", + "frame.time_delta": "0.547636000", + "frame.time_delta_displayed": "0.547636000", + "frame.time_relative": "1355.713332000", + "frame.number": "4726", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:09.489355000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494949.489355000", + "frame.time_delta": "2.315337000", + "frame.time_delta_displayed": "2.315337000", + "frame.time_relative": "1358.028669000", + "frame.number": "4727", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:09.489535000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494949.489535000", + "frame.time_delta": "0.000180000", + "frame.time_delta_displayed": "0.000180000", + "frame.time_relative": "1358.028849000", + "frame.number": "4728", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:10.203846000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494950.203846000", + "frame.time_delta": "0.714311000", + "frame.time_delta_displayed": "0.714311000", + "frame.time_relative": "1358.743160000", + "frame.number": "4729", + "frame.len": "82", + "frame.cap_len": "82", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "68", + "ip.id": "0x00000b75", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed4b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "48", + "udp.checksum": "0x00004e4f", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "28:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:44:a7:25:a7:a8:cd:f2:14:96:01:00:00:52:0d:00:00", + "data.len": "40" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:15.677795000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494955.677795000", + "frame.time_delta": "5.473949000", + "frame.time_delta_displayed": "5.473949000", + "frame.time_relative": "1364.217109000", + "frame.number": "4730", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:57:18:8e:aa:94", + "arp.src.proto_ipv4": "192.168.0.108", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:21.035981000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494961.035981000", + "frame.time_delta": "5.358186000", + "frame.time_delta_displayed": "5.358186000", + "frame.time_relative": "1369.575295000", + "frame.number": "4731", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x0000962c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007722", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "62109", + "tcp.nxtseq": "62158", + "tcp.ack": "13264", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e9dd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:c7:ee:a7:a0:16:83", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2541550, TSecr 2812286595": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2541550", + "tcp.options.timestamp.tsecr": "2812286595" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:dc:40:a5:bc:88:5d:d0:05:ca:92:7c:11:03:3a:fe:bc:12:68:29:e2:56:57:be:f7:2c:d9:c2:78:7b:5e:b9:c0:d7:a3:6d:da:d8" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:21.096705000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494961.096705000", + "frame.time_delta": "0.060724000", + "frame.time_delta_displayed": "0.060724000", + "frame.time_relative": "1369.636019000", + "frame.number": "4732", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002d2a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000381e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "13264", + "tcp.nxtseq": "13319", + "tcp.ack": "62158", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000054f7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:34:de:00:26:c7:ee", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812294366, TSecr 2541550": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812294366", + "tcp.options.timestamp.tsecr": "2541550" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4731", + "tcp.analysis.ack_rtt": "0.060724000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:92:2b:86:db:1e:4e:9f:5e:e7:36:f5:49:60:16:fb:29:e9:53:43:5d:5c:bc:d8:87:b9:2f:5d:8c:d5:e3:89:54:53:aa:bb:1f:bd:b4:c5:97:04:b2:3a" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:21.097240000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494961.097240000", + "frame.time_delta": "0.000535000", + "frame.time_delta_displayed": "0.000535000", + "frame.time_relative": "1369.636554000", + "frame.number": "4733", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000962d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007752", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "62158", + "tcp.ack": "13319", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000083f3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:c7:f4:a7:a0:34:de", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2541556, TSecr 2812294366": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2541556", + "tcp.options.timestamp.tsecr": "2812294366" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4732", + "tcp.analysis.ack_rtt": "0.000535000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:24.212281000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494964.212281000", + "frame.time_delta": "3.115041000", + "frame.time_delta_displayed": "3.115041000", + "frame.time_relative": "1372.751595000", + "frame.number": "4734", + "frame.len": "407", + "frame.cap_len": "407", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "393", + "ip.id": "0x0000962e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075fc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "341", + "tcp.seq": "62158", + "tcp.nxtseq": "62499", + "tcp.ack": "13319", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009db5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:c9:2c:a7:a0:34:de", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2541868, TSecr 2812294366": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2541868", + "tcp.options.timestamp.tsecr": "2812294366" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "341", + "tcp.analysis.push_bytes_sent": "341" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "336", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:dd:fa:0f:45:07:33:34:8e:a5:e6:d2:dc:fe:92:49:3d:a1:2d:00:67:a6:27:2a:72:38:8d:f2:02:ce:7b:8e:ff:25:91:c1:30:af:4c:74:ec:48:39:54:dc:92:fd:f7:47:d5:4b:94:76:5e:2c:25:12:9b:f6:77:47:c5:d3:eb:09:0c:16:f2:f9:31:f1:2a:d8:f7:68:02:64:e5:7e:76:d3:df:a0:81:03:90:eb:fe:e2:dd:d4:6a:d8:01:55:ee:ea:21:e3:c7:c2:90:dc:e2:4b:2b:88:ef:f7:e4:97:ed:f3:7d:1d:10:bc:61:5e:79:54:05:13:12:17:cf:6d:f3:14:ae:6a:1f:9e:67:cb:5b:34:60:15:4b:b8:1c:39:78:7f:c1:ea:d8:a8:47:54:f8:e4:24:53:05:a7:04:92:d7:b5:40:57:82:bb:84:4f:18:9b:6f:53:79:73:fa:e6:8c:c1:69:47:4f:3b:67:d9:fa:de:32:53:ba:c1:d4:e7:bb:66:e7:3c:e9:85:d3:ad:52:84:28:94:e1:fd:b3:19:30:1b:d0:4a:fc:c7:8d:b3:06:2d:27:dc:a2:bd:be:dd:3f:42:f2:6f:ed:7e:fb:7a:bd:3a:7d:6f:9d:1f:18:98:34:5b:8c:4d:bf:43:48:69:69:12:1a:ed:e2:3d:99:40:7d:bf:24:03:76:c2:cd:95:22:45:3a:62:22:ac:0e:ba:3c:0b:95:7d:36:d6:53:8b:a2:0e:26:72:2e:58:63:5e:df:4e:20:63:4b:25:a6:3e:56:26:3c:48:e1:57:1c:75:9e:43:eb:1f:09:b9:66:03:58:c8:bf:d5:b5:70:f8:fb:20:84:72:63:f0:28:94:f1:a5:5e:a7" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:24.275166000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494964.275166000", + "frame.time_delta": "0.062885000", + "frame.time_delta_displayed": "0.062885000", + "frame.time_relative": "1372.814480000", + "frame.number": "4735", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d2b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003825", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "13319", + "tcp.nxtseq": "13366", + "tcp.ack": "62499", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006a3f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:37:f8:00:26:c9:2c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812295160, TSecr 2541868": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812295160", + "tcp.options.timestamp.tsecr": "2541868" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4734", + "tcp.analysis.ack_rtt": "0.062885000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:93:68:61:8c:53:c7:6e:cd:33:91:e6:0e:5d:a3:57:eb:2a:c7:50:09:96:a3:0e:36:1a:a4:51:1b:f0:22:ea:e7:59:d6:5d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:24.275607000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494964.275607000", + "frame.time_delta": "0.000441000", + "frame.time_delta_displayed": "0.000441000", + "frame.time_relative": "1372.814921000", + "frame.number": "4736", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000962f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007750", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "62499", + "tcp.ack": "13366", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007e17", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:c9:32:a7:a0:37:f8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2541874, TSecr 2812295160": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2541874", + "tcp.options.timestamp.tsecr": "2812295160" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4735", + "tcp.analysis.ack_rtt": "0.000441000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:26.218290000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494966.218290000", + "frame.time_delta": "1.942683000", + "frame.time_delta_displayed": "1.942683000", + "frame.time_relative": "1374.757604000", + "frame.number": "4737", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000fa02", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Include Mode": { + "igmp.record_type": "3", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:26.702544000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494966.702544000", + "frame.time_delta": "0.484254000", + "frame.time_delta_displayed": "0.484254000", + "frame.time_relative": "1375.241858000", + "frame.number": "4738", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:27.007957000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494967.007957000", + "frame.time_delta": "0.305413000", + "frame.time_delta_displayed": "0.305413000", + "frame.time_relative": "1375.547271000", + "frame.number": "4739", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000f902", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Exclude Mode": { + "igmp.record_type": "4", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:27.014983000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494967.014983000", + "frame.time_delta": "0.007026000", + "frame.time_delta_displayed": "0.007026000", + "frame.time_relative": "1375.554297000", + "frame.number": "4740", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000ba85", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001ed4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000001", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:27.031559000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494967.031559000", + "frame.time_delta": "0.016576000", + "frame.time_delta_displayed": "0.016576000", + "frame.time_relative": "1375.570873000", + "frame.number": "4741", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000ba87", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001ed2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000001", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:27.237119000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494967.237119000", + "frame.time_delta": "0.205560000", + "frame.time_delta_displayed": "0.205560000", + "frame.time_relative": "1375.776433000", + "frame.number": "4742", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000ba9e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001ef0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:27.237285000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494967.237285000", + "frame.time_delta": "0.000166000", + "frame.time_delta_displayed": "0.000166000", + "frame.time_relative": "1375.776599000", + "frame.number": "4743", + "frame.len": "88", + "frame.cap_len": "88", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "74", + "ip.id": "0x0000ba9f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001eea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "54", + "udp.checksum": "0x0000fd7d", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_services._dns-sd._udp.local", + "dns.qry.name.len": "28", + "dns.count.labels": "4", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:27.237427000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494967.237427000", + "frame.time_delta": "0.000142000", + "frame.time_delta_displayed": "0.000142000", + "frame.time_relative": "1375.776741000", + "frame.number": "4744", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000baa0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001eee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:27.243112000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494967.243112000", + "frame.time_delta": "0.005685000", + "frame.time_delta_displayed": "0.005685000", + "frame.time_relative": "1375.782426000", + "frame.number": "4745", + "frame.len": "211", + "frame.cap_len": "211", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "197", + "ip.id": "0x0000755a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00006337", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "177", + "udp.checksum": "0x00009320", + "udp.checksum.status": "2", + "udp.stream": "45" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "4", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { + "dns.resp.name": "_smartthings._tcp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "19", + "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { + "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "4500", + "dns.resp.len": "38", + "dns.txt.length": "6", + "dns.txt": "path=\/", + "dns.txt.length": "19", + "dns.txt": "id=D052A8A1D7EE0001", + "dns.txt.length": "10", + "dns.txt": "type=hubv2" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { + "dns.srv.service": "D052A8A1D7EE0001", + "dns.srv.proto": "_smartthings", + "dns.srv.name": "_tcp.local", + "dns.resp.type": "33", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "25", + "dns.srv.priority": "0", + "dns.srv.weight": "0", + "dns.srv.port": "8081", + "dns.srv.target": "D052A8A1D7EE0001.local" + }, + "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { + "dns.resp.name": "D052A8A1D7EE0001.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "4", + "dns.a": "192.168.0.242" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:27.261271000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494967.261271000", + "frame.time_delta": "0.018159000", + "frame.time_delta_displayed": "0.018159000", + "frame.time_relative": "1375.800585000", + "frame.number": "4746", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000f902", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Exclude Mode": { + "igmp.record_type": "4", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:27.413237000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494967.413237000", + "frame.time_delta": "0.151966000", + "frame.time_delta_displayed": "0.151966000", + "frame.time_relative": "1375.952551000", + "frame.number": "4747", + "frame.len": "108", + "frame.cap_len": "108", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "90:8d:78:e3:81:0c", + "eth.src_tree": { + "eth.src_resolved": "D-LinkIn_e3:81:0c", + "eth.addr": "90:8d:78:e3:81:0c", + "eth.addr_resolved": "D-LinkIn_e3:81:0c", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "94", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000d8fa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.240", + "ip.addr": "192.168.0.240", + "ip.src_host": "192.168.0.240", + "ip.host": "192.168.0.240", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "74", + "udp.checksum": "0x00009b02", + "udp.checksum.status": "2", + "udp.stream": "49" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "14", + "dns.ptr.domain_name": "_dhnap._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:27.432783000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494967.432783000", + "frame.time_delta": "0.019546000", + "frame.time_delta_displayed": "0.019546000", + "frame.time_relative": "1375.972097000", + "frame.number": "4748", + "frame.len": "108", + "frame.cap_len": "108", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "c4:12:f5:de:38:20", + "eth.src_tree": { + "eth.src_resolved": "D-LinkIn_de:38:20", + "eth.addr": "c4:12:f5:de:38:20", + "eth.addr_resolved": "D-LinkIn_de:38:20", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "94", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000d995", + "ip.checksum.status": "2", + "ip.src": "192.168.0.85", + "ip.addr": "192.168.0.85", + "ip.src_host": "192.168.0.85", + "ip.host": "192.168.0.85", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "74", + "udp.checksum": "0x00009b9d", + "udp.checksum.status": "2", + "udp.stream": "50" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "14", + "dns.ptr.domain_name": "_dhnap._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:27.450807000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494967.450807000", + "frame.time_delta": "0.018024000", + "frame.time_delta_displayed": "0.018024000", + "frame.time_relative": "1375.990121000", + "frame.number": "4749", + "frame.len": "107", + "frame.cap_len": "107", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "93", + "ip.id": "0x00006960", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007044", + "ip.checksum.status": "2", + "ip.src": "192.168.0.71", + "ip.addr": "192.168.0.71", + "ip.src_host": "192.168.0.71", + "ip.host": "192.168.0.71", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "73", + "udp.checksum": "0x0000791d", + "udp.checksum.status": "2", + "udp.stream": "46" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _http._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "13", + "dns.ptr.domain_name": "_http._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:27.457107000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494967.457107000", + "frame.time_delta": "0.006300000", + "frame.time_delta_displayed": "0.006300000", + "frame.time_relative": "1375.996421000", + "frame.number": "4750", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000babc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001ed2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:27.457230000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494967.457230000", + "frame.time_delta": "0.000123000", + "frame.time_delta_displayed": "0.000123000", + "frame.time_relative": "1375.996544000", + "frame.number": "4751", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000babd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001ed1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:27.458331000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494967.458331000", + "frame.time_delta": "0.001101000", + "frame.time_delta_displayed": "0.001101000", + "frame.time_relative": "1375.997645000", + "frame.number": "4752", + "frame.len": "88", + "frame.cap_len": "88", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "74", + "ip.id": "0x0000babe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001ecb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "54", + "udp.checksum": "0x0000fd7d", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_services._dns-sd._udp.local", + "dns.qry.name.len": "28", + "dns.count.labels": "4", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:27.466658000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494967.466658000", + "frame.time_delta": "0.008327000", + "frame.time_delta_displayed": "0.008327000", + "frame.time_relative": "1376.005972000", + "frame.number": "4753", + "frame.len": "108", + "frame.cap_len": "108", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "c4:12:f5:e3:dc:17", + "eth.src_tree": { + "eth.src_resolved": "D-LinkIn_e3:dc:17", + "eth.addr": "c4:12:f5:e3:dc:17", + "eth.addr_resolved": "D-LinkIn_e3:dc:17", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "94", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000d963", + "ip.checksum.status": "2", + "ip.src": "192.168.0.135", + "ip.addr": "192.168.0.135", + "ip.src_host": "192.168.0.135", + "ip.host": "192.168.0.135", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "74", + "udp.checksum": "0x00009b6b", + "udp.checksum.status": "2", + "udp.stream": "48" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "14", + "dns.ptr.domain_name": "_dhnap._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:27.518830000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494967.518830000", + "frame.time_delta": "0.052172000", + "frame.time_delta_displayed": "0.052172000", + "frame.time_relative": "1376.058144000", + "frame.number": "4754", + "frame.len": "114", + "frame.cap_len": "114", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "74:da:38:0d:05:55", + "eth.src_tree": { + "eth.src_resolved": "EdimaxTe_0d:05:55", + "eth.addr": "74:da:38:0d:05:55", + "eth.addr_resolved": "EdimaxTe_0d:05:55", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "100", + "ip.id": "0x0000d2fb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00000672", + "ip.checksum.status": "2", + "ip.src": "192.168.0.119", + "ip.addr": "192.168.0.119", + "ip.src_host": "192.168.0.119", + "ip.host": "192.168.0.119", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "80", + "udp.checksum": "0x00004200", + "udp.checksum.status": "2", + "udp.stream": "47" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _workstation._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "20", + "dns.ptr.domain_name": "_workstation._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:27.647212000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494967.647212000", + "frame.time_delta": "0.128382000", + "frame.time_delta_displayed": "0.128382000", + "frame.time_relative": "1376.186526000", + "frame.number": "4755", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f49", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b8a7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001975", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000280", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=640", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:27.647755000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494967.647755000", + "frame.time_delta": "0.000543000", + "frame.time_delta_displayed": "0.000543000", + "frame.time_relative": "1376.187069000", + "frame.number": "4756", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f4a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000099a2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000fa70", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000280", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=640", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:27.648608000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494967.648608000", + "frame.time_delta": "0.000853000", + "frame.time_delta_displayed": "0.000853000", + "frame.time_relative": "1376.187922000", + "frame.number": "4757", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008836", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000280", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=640", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:27.686069000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494967.686069000", + "frame.time_delta": "0.037461000", + "frame.time_delta_displayed": "0.037461000", + "frame.time_relative": "1376.225383000", + "frame.number": "4758", + "frame.len": "88", + "frame.cap_len": "88", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "74", + "ip.id": "0x0000bae9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001ea0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "54", + "udp.checksum": "0x0000fd7d", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_services._dns-sd._udp.local", + "dns.qry.name.len": "28", + "dns.count.labels": "4", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:27.689259000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494967.689259000", + "frame.time_delta": "0.003190000", + "frame.time_delta_displayed": "0.003190000", + "frame.time_relative": "1376.228573000", + "frame.number": "4759", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000baea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001ea4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:27.689404000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494967.689404000", + "frame.time_delta": "0.000145000", + "frame.time_delta_displayed": "0.000145000", + "frame.time_relative": "1376.228718000", + "frame.number": "4760", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000baeb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001ea3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:28.011339000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494968.011339000", + "frame.time_delta": "0.321935000", + "frame.time_delta_displayed": "0.321935000", + "frame.time_relative": "1376.550653000", + "frame.number": "4761", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x0000bb45", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001e3d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "61", + "udp.checksum": "0x0000e755", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "192-168-0-117.local: type ANY, class IN, \"QM\" question": { + "dns.qry.name": "192-168-0-117.local", + "dns.qry.name.len": "19", + "dns.count.labels": "2", + "dns.qry.type": "255", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + }, + "Authoritative nameservers": { + "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "3600", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:28.033544000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494968.033544000", + "frame.time_delta": "0.022205000", + "frame.time_delta_displayed": "0.022205000", + "frame.time_relative": "1376.572858000", + "frame.number": "4762", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000bb47", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001e12", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000002", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:28.852173000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494968.852173000", + "frame.time_delta": "0.818629000", + "frame.time_delta_displayed": "0.818629000", + "frame.time_relative": "1377.391487000", + "frame.number": "4763", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:29.060866000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494969.060866000", + "frame.time_delta": "0.208693000", + "frame.time_delta_displayed": "0.208693000", + "frame.time_relative": "1377.600180000", + "frame.number": "4764", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x0000bbf7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001d8b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "61", + "udp.checksum": "0x0000e755", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "192-168-0-117.local: type ANY, class IN, \"QM\" question": { + "dns.qry.name": "192-168-0-117.local", + "dns.qry.name.len": "19", + "dns.count.labels": "2", + "dns.qry.type": "255", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + }, + "Authoritative nameservers": { + "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "3600", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:29.061030000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494969.061030000", + "frame.time_delta": "0.000164000", + "frame.time_delta_displayed": "0.000164000", + "frame.time_relative": "1377.600344000", + "frame.number": "4765", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000bbfc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001d5d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:29.598933000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494969.598933000", + "frame.time_delta": "0.537903000", + "frame.time_delta_displayed": "0.537903000", + "frame.time_relative": "1378.138247000", + "frame.number": "4766", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.066966000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.066966000", + "frame.time_delta": "0.468033000", + "frame.time_delta_displayed": "0.468033000", + "frame.time_relative": "1378.606280000", + "frame.number": "4767", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x0000bd09", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001c79", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "61", + "udp.checksum": "0x0000e855", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "192-168-0-117.local: type ANY, class IN, \"QM\" question": { + "dns.qry.name": "192-168-0-117.local", + "dns.qry.name.len": "19", + "dns.count.labels": "2", + "dns.qry.type": "255", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + }, + "Authoritative nameservers": { + "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "3599", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.434263000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.434263000", + "frame.time_delta": "0.367297000", + "frame.time_delta_displayed": "0.367297000", + "frame.time_relative": "1378.973577000", + "frame.number": "4768", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x00002105", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e73f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52117", + "udp.dstport": "1900", + "udp.port": "52117", + "udp.port": "1900", + "udp.length": "134", + "udp.checksum": "0x00004d48", + "udp.checksum.status": "2", + "udp.stream": "10" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "12", + "http.prev_request_in": "4464" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.852580000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.852580000", + "frame.time_delta": "0.418317000", + "frame.time_delta_displayed": "0.418317000", + "frame.time_relative": "1379.391894000", + "frame.number": "4769", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000f8e0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000be6a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "67", + "http.prev_response_in": "4527" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.856463000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.856463000", + "frame.time_delta": "0.003883000", + "frame.time_delta_displayed": "0.003883000", + "frame.time_relative": "1379.395777000", + "frame.number": "4770", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001ae4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d83", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54663", + "tcp.dstport": "80", + "tcp.port": "54663", + "tcp.port": "80", + "tcp.stream": "177", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000a749", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.856993000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.856993000", + "frame.time_delta": "0.000530000", + "frame.time_delta_displayed": "0.000530000", + "frame.time_relative": "1379.396307000", + "frame.number": "4771", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54663", + "tcp.port": "80", + "tcp.port": "54663", + "tcp.stream": "177", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000052a6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4770", + "tcp.analysis.ack_rtt": "0.000530000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.862189000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.862189000", + "frame.time_delta": "0.005196000", + "frame.time_delta_displayed": "0.005196000", + "frame.time_relative": "1379.401503000", + "frame.number": "4772", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001ae5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d8e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54663", + "tcp.dstport": "80", + "tcp.port": "54663", + "tcp.port": "80", + "tcp.stream": "177", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000485", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4771", + "tcp.analysis.ack_rtt": "0.005196000", + "tcp.analysis.initial_rtt": "0.005726000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.862758000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.862758000", + "frame.time_delta": "0.000569000", + "frame.time_delta_displayed": "0.000569000", + "frame.time_relative": "1379.402072000", + "frame.number": "4773", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001ae6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ce6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54663", + "tcp.dstport": "80", + "tcp.port": "54663", + "tcp.port": "80", + "tcp.stream": "177", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000019fe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005726000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.863519000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.863519000", + "frame.time_delta": "0.000761000", + "frame.time_delta_displayed": "0.000761000", + "frame.time_relative": "1379.402833000", + "frame.number": "4774", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000047a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000070d2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54663", + "tcp.port": "80", + "tcp.port": "54663", + "tcp.stream": "177", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f615", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4773", + "tcp.analysis.ack_rtt": "0.000761000", + "tcp.analysis.initial_rtt": "0.005726000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.864107000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.864107000", + "frame.time_delta": "0.000588000", + "frame.time_delta_displayed": "0.000588000", + "frame.time_relative": "1379.403421000", + "frame.number": "4775", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000047a2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000070c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54663", + "tcp.port": "80", + "tcp.port": "54663", + "tcp.stream": "177", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003637", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005726000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.864459000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.864459000", + "frame.time_delta": "0.000352000", + "frame.time_delta_displayed": "0.000352000", + "frame.time_relative": "1379.403773000", + "frame.number": "4776", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000047a3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006ced", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54663", + "tcp.port": "80", + "tcp.port": "54663", + "tcp.stream": "177", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000088a0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005726000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "4775", + "tcp.segment": "4776", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001701000", + "http.request_in": "4773", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.866796000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.866796000", + "frame.time_delta": "0.002337000", + "frame.time_delta_displayed": "0.002337000", + "frame.time_relative": "1379.406110000", + "frame.number": "4777", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001ae7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d8c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54663", + "tcp.dstport": "80", + "tcp.port": "54663", + "tcp.port": "80", + "tcp.stream": "177", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ffec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4776", + "tcp.analysis.ack_rtt": "0.002337000", + "tcp.analysis.initial_rtt": "0.005726000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.867395000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.867395000", + "frame.time_delta": "0.000599000", + "frame.time_delta_displayed": "0.000599000", + "frame.time_relative": "1379.406709000", + "frame.number": "4778", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001ae8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d8b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54663", + "tcp.dstport": "80", + "tcp.port": "54663", + "tcp.port": "80", + "tcp.stream": "177", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ffeb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.867840000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.867840000", + "frame.time_delta": "0.000445000", + "frame.time_delta_displayed": "0.000445000", + "frame.time_relative": "1379.407154000", + "frame.number": "4779", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000db12", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dd60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54663", + "tcp.port": "80", + "tcp.port": "54663", + "tcp.stream": "177", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f21f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4778", + "tcp.analysis.ack_rtt": "0.000445000", + "tcp.analysis.initial_rtt": "0.005726000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.906628000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.906628000", + "frame.time_delta": "0.038788000", + "frame.time_delta_displayed": "0.038788000", + "frame.time_relative": "1379.445942000", + "frame.number": "4780", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000f8e1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000be60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "68", + "http.prev_response_in": "4769" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.910025000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.910025000", + "frame.time_delta": "0.003397000", + "frame.time_delta_displayed": "0.003397000", + "frame.time_relative": "1379.449339000", + "frame.number": "4781", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001ae9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d7e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54664", + "tcp.dstport": "80", + "tcp.port": "54664", + "tcp.port": "80", + "tcp.stream": "178", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000835c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.910561000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.910561000", + "frame.time_delta": "0.000536000", + "frame.time_delta_displayed": "0.000536000", + "frame.time_relative": "1379.449875000", + "frame.number": "4782", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54664", + "tcp.port": "80", + "tcp.port": "54664", + "tcp.stream": "178", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000980d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4781", + "tcp.analysis.ack_rtt": "0.000536000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.913547000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.913547000", + "frame.time_delta": "0.002986000", + "frame.time_delta_displayed": "0.002986000", + "frame.time_relative": "1379.452861000", + "frame.number": "4783", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001aea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d89", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54664", + "tcp.dstport": "80", + "tcp.port": "54664", + "tcp.port": "80", + "tcp.stream": "178", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000049ec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4782", + "tcp.analysis.ack_rtt": "0.002986000", + "tcp.analysis.initial_rtt": "0.003522000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.914189000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.914189000", + "frame.time_delta": "0.000642000", + "frame.time_delta_displayed": "0.000642000", + "frame.time_relative": "1379.453503000", + "frame.number": "4784", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001aeb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ce1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54664", + "tcp.dstport": "80", + "tcp.port": "54664", + "tcp.port": "80", + "tcp.stream": "178", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005f65", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003522000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.914669000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.914669000", + "frame.time_delta": "0.000480000", + "frame.time_delta_displayed": "0.000480000", + "frame.time_relative": "1379.453983000", + "frame.number": "4785", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004978", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006efb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54664", + "tcp.port": "80", + "tcp.port": "54664", + "tcp.stream": "178", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003b7d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4784", + "tcp.analysis.ack_rtt": "0.000480000", + "tcp.analysis.initial_rtt": "0.003522000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.915263000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.915263000", + "frame.time_delta": "0.000594000", + "frame.time_delta_displayed": "0.000594000", + "frame.time_relative": "1379.454577000", + "frame.number": "4786", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00004979", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006ee9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54664", + "tcp.port": "80", + "tcp.port": "54664", + "tcp.stream": "178", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007b9e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003522000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.915618000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.915618000", + "frame.time_delta": "0.000355000", + "frame.time_delta_displayed": "0.000355000", + "frame.time_relative": "1379.454932000", + "frame.number": "4787", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000497a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006b16", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54664", + "tcp.port": "80", + "tcp.port": "54664", + "tcp.stream": "178", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ce07", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003522000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "4786", + "tcp.segment": "4787", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001429000", + "http.request_in": "4784", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.918278000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.918278000", + "frame.time_delta": "0.002660000", + "frame.time_delta_displayed": "0.002660000", + "frame.time_relative": "1379.457592000", + "frame.number": "4788", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001aec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d87", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54664", + "tcp.dstport": "80", + "tcp.port": "54664", + "tcp.port": "80", + "tcp.stream": "178", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004554", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4787", + "tcp.analysis.ack_rtt": "0.002660000", + "tcp.analysis.initial_rtt": "0.003522000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.918951000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.918951000", + "frame.time_delta": "0.000673000", + "frame.time_delta_displayed": "0.000673000", + "frame.time_relative": "1379.458265000", + "frame.number": "4789", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001aed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d86", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54664", + "tcp.dstport": "80", + "tcp.port": "54664", + "tcp.port": "80", + "tcp.stream": "178", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004553", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.919430000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.919430000", + "frame.time_delta": "0.000479000", + "frame.time_delta_displayed": "0.000479000", + "frame.time_relative": "1379.458744000", + "frame.number": "4790", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000db13", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dd5f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54664", + "tcp.port": "80", + "tcp.port": "54664", + "tcp.stream": "178", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003787", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4789", + "tcp.analysis.ack_rtt": "0.000479000", + "tcp.analysis.initial_rtt": "0.003522000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.959568000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.959568000", + "frame.time_delta": "0.040138000", + "frame.time_delta_displayed": "0.040138000", + "frame.time_relative": "1379.498882000", + "frame.number": "4791", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000f8e5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000be62", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "69", + "http.prev_response_in": "4780" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.969405000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.969405000", + "frame.time_delta": "0.009837000", + "frame.time_delta_displayed": "0.009837000", + "frame.time_relative": "1379.508719000", + "frame.number": "4792", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001aee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d79", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54665", + "tcp.dstport": "80", + "tcp.port": "54665", + "tcp.port": "80", + "tcp.stream": "179", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00007d4e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.969946000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.969946000", + "frame.time_delta": "0.000541000", + "frame.time_delta_displayed": "0.000541000", + "frame.time_relative": "1379.509260000", + "frame.number": "4793", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54665", + "tcp.port": "80", + "tcp.port": "54665", + "tcp.stream": "179", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000bf48", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4792", + "tcp.analysis.ack_rtt": "0.000541000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.972936000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.972936000", + "frame.time_delta": "0.002990000", + "frame.time_delta_displayed": "0.002990000", + "frame.time_relative": "1379.512250000", + "frame.number": "4794", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001aef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d84", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54665", + "tcp.dstport": "80", + "tcp.port": "54665", + "tcp.port": "80", + "tcp.stream": "179", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007127", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4793", + "tcp.analysis.ack_rtt": "0.002990000", + "tcp.analysis.initial_rtt": "0.003531000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.973537000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.973537000", + "frame.time_delta": "0.000601000", + "frame.time_delta_displayed": "0.000601000", + "frame.time_relative": "1379.512851000", + "frame.number": "4795", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001af0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cdc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54665", + "tcp.dstport": "80", + "tcp.port": "54665", + "tcp.port": "80", + "tcp.stream": "179", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000086a0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003531000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.974017000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.974017000", + "frame.time_delta": "0.000480000", + "frame.time_delta_displayed": "0.000480000", + "frame.time_relative": "1379.513331000", + "frame.number": "4796", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b523", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000350", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54665", + "tcp.port": "80", + "tcp.port": "54665", + "tcp.stream": "179", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000062b8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4795", + "tcp.analysis.ack_rtt": "0.000480000", + "tcp.analysis.initial_rtt": "0.003531000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.974586000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.974586000", + "frame.time_delta": "0.000569000", + "frame.time_delta_displayed": "0.000569000", + "frame.time_relative": "1379.513900000", + "frame.number": "4797", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000b524", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000033e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54665", + "tcp.port": "80", + "tcp.port": "54665", + "tcp.stream": "179", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a2d9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003531000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.974934000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.974934000", + "frame.time_delta": "0.000348000", + "frame.time_delta_displayed": "0.000348000", + "frame.time_relative": "1379.514248000", + "frame.number": "4798", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000b525", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ff6a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54665", + "tcp.port": "80", + "tcp.port": "54665", + "tcp.stream": "179", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f542", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003531000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "4797", + "tcp.segment": "4798", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001397000", + "http.request_in": "4795", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.977197000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.977197000", + "frame.time_delta": "0.002263000", + "frame.time_delta_displayed": "0.002263000", + "frame.time_relative": "1379.516511000", + "frame.number": "4799", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001af1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d82", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54665", + "tcp.dstport": "80", + "tcp.port": "54665", + "tcp.port": "80", + "tcp.stream": "179", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006c8f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4798", + "tcp.analysis.ack_rtt": "0.002263000", + "tcp.analysis.initial_rtt": "0.003531000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.977782000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.977782000", + "frame.time_delta": "0.000585000", + "frame.time_delta_displayed": "0.000585000", + "frame.time_relative": "1379.517096000", + "frame.number": "4800", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001af2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d81", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54665", + "tcp.dstport": "80", + "tcp.port": "54665", + "tcp.port": "80", + "tcp.stream": "179", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006c8e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:30.978214000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494970.978214000", + "frame.time_delta": "0.000432000", + "frame.time_delta_displayed": "0.000432000", + "frame.time_relative": "1379.517528000", + "frame.number": "4801", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000db18", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dd5a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54665", + "tcp.port": "80", + "tcp.port": "54665", + "tcp.stream": "179", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005ec2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4800", + "tcp.analysis.ack_rtt": "0.000432000", + "tcp.analysis.initial_rtt": "0.003531000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.086680000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.086680000", + "frame.time_delta": "0.108466000", + "frame.time_delta_displayed": "0.108466000", + "frame.time_relative": "1379.625994000", + "frame.number": "4802", + "frame.len": "89", + "frame.cap_len": "89", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "75", + "ip.id": "0x0000bd63", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001c25", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "55", + "udp.checksum": "0x000070a3", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.response_to": "4767", + "dns.time": "1.019714000", + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "192-168-0-117.local: type A, class IN, cache flush, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "3599", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.906207000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.906207000", + "frame.time_delta": "0.819527000", + "frame.time_delta_displayed": "0.819527000", + "frame.time_relative": "1380.445521000", + "frame.number": "4803", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000f928", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000be22", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "70", + "http.prev_response_in": "4791" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.930587000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.930587000", + "frame.time_delta": "0.024380000", + "frame.time_delta_displayed": "0.024380000", + "frame.time_relative": "1380.469901000", + "frame.number": "4804", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001af3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d74", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54666", + "tcp.dstport": "80", + "tcp.port": "54666", + "tcp.port": "80", + "tcp.stream": "180", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000d745", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.931154000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.931154000", + "frame.time_delta": "0.000567000", + "frame.time_delta_displayed": "0.000567000", + "frame.time_relative": "1380.470468000", + "frame.number": "4805", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54666", + "tcp.port": "80", + "tcp.port": "54666", + "tcp.stream": "180", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00003b19", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4804", + "tcp.analysis.ack_rtt": "0.000567000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.934073000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.934073000", + "frame.time_delta": "0.002919000", + "frame.time_delta_displayed": "0.002919000", + "frame.time_relative": "1380.473387000", + "frame.number": "4806", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001af4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d7f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54666", + "tcp.dstport": "80", + "tcp.port": "54666", + "tcp.port": "80", + "tcp.stream": "180", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ecf7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4805", + "tcp.analysis.ack_rtt": "0.002919000", + "tcp.analysis.initial_rtt": "0.003486000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.934747000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.934747000", + "frame.time_delta": "0.000674000", + "frame.time_delta_displayed": "0.000674000", + "frame.time_relative": "1380.474061000", + "frame.number": "4807", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001af5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cd7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54666", + "tcp.dstport": "80", + "tcp.port": "54666", + "tcp.port": "80", + "tcp.stream": "180", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000271", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003486000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.935240000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.935240000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "1380.474554000", + "frame.number": "4808", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000de4b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000da27", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54666", + "tcp.port": "80", + "tcp.port": "54666", + "tcp.stream": "180", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000de88", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4807", + "tcp.analysis.ack_rtt": "0.000493000", + "tcp.analysis.initial_rtt": "0.003486000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.935815000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.935815000", + "frame.time_delta": "0.000575000", + "frame.time_delta_displayed": "0.000575000", + "frame.time_relative": "1380.475129000", + "frame.number": "4809", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000de4c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000da15", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54666", + "tcp.port": "80", + "tcp.port": "54666", + "tcp.stream": "180", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001eaa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003486000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.936177000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.936177000", + "frame.time_delta": "0.000362000", + "frame.time_delta_displayed": "0.000362000", + "frame.time_relative": "1380.475491000", + "frame.number": "4810", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000de4d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d642", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54666", + "tcp.port": "80", + "tcp.port": "54666", + "tcp.stream": "180", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007113", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003486000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "4809", + "tcp.segment": "4810", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001430000", + "http.request_in": "4807", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.939173000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.939173000", + "frame.time_delta": "0.002996000", + "frame.time_delta_displayed": "0.002996000", + "frame.time_relative": "1380.478487000", + "frame.number": "4811", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001af6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d7d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54666", + "tcp.dstport": "80", + "tcp.port": "54666", + "tcp.port": "80", + "tcp.stream": "180", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e85f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4810", + "tcp.analysis.ack_rtt": "0.002996000", + "tcp.analysis.initial_rtt": "0.003486000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.939475000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.939475000", + "frame.time_delta": "0.000302000", + "frame.time_delta_displayed": "0.000302000", + "frame.time_relative": "1380.478789000", + "frame.number": "4812", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000de4e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d641", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54666", + "tcp.port": "80", + "tcp.port": "54666", + "tcp.stream": "180", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007113", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003486000", + "tcp.analysis.bytes_in_flight": "996", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.940382000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.940382000", + "frame.time_delta": "0.000907000", + "frame.time_delta_displayed": "0.000907000", + "frame.time_relative": "1380.479696000", + "frame.number": "4813", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001af7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d7c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54666", + "tcp.dstport": "80", + "tcp.port": "54666", + "tcp.port": "80", + "tcp.stream": "180", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e85e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4812", + "tcp.analysis.ack_rtt": "0.000907000", + "tcp.analysis.initial_rtt": "0.003486000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.940824000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.940824000", + "frame.time_delta": "0.000442000", + "frame.time_delta_displayed": "0.000442000", + "frame.time_relative": "1380.480138000", + "frame.number": "4814", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000db3b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dd37", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54666", + "tcp.port": "80", + "tcp.port": "54666", + "tcp.stream": "180", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000da92", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4813", + "tcp.analysis.ack_rtt": "0.000442000", + "tcp.analysis.initial_rtt": "0.003486000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.943095000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.943095000", + "frame.time_delta": "0.002271000", + "frame.time_delta_displayed": "0.002271000", + "frame.time_relative": "1380.482409000", + "frame.number": "4815", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001af8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d6f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54666", + "tcp.dstport": "80", + "tcp.port": "54666", + "tcp.port": "80", + "tcp.stream": "180", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000643e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:d1:5d:53:b5:d1:5d:57:98", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003486000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "4811", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.948089000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.948089000", + "frame.time_delta": "0.004994000", + "frame.time_delta_displayed": "0.004994000", + "frame.time_relative": "1380.487403000", + "frame.number": "4816", + "frame.len": "417", + "frame.cap_len": "417", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "403", + "ip.id": "0x00009630", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "351", + "tcp.seq": "62499", + "tcp.nxtseq": "62850", + "tcp.ack": "13366", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004cfb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:cc:31:a7:a0:37:f8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2542641, TSecr 2812295160": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2542641", + "tcp.options.timestamp.tsecr": "2812295160" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "351", + "tcp.analysis.push_bytes_sent": "351" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "346", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:de:38:b3:1a:c9:02:2a:98:8c:74:44:60:11:d5:1b:99:78:07:13:f0:37:67:15:fe:a5:df:6d:65:97:2d:5d:da:d3:2a:7f:2f:71:8e:65:6d:ce:75:07:ef:7b:cd:22:7f:db:da:14:26:85:d0:b5:48:0f:71:da:5d:cb:51:93:6b:45:9f:42:81:0e:1c:f8:71:72:25:78:a7:bd:a9:5f:1b:29:8a:a3:75:78:e1:bb:03:e4:67:8c:2a:89:2d:26:0d:d5:8b:03:ca:2f:e4:cd:ed:67:35:9b:39:0d:e1:0e:01:a5:06:83:23:e8:0b:d1:e7:f9:a5:4d:fc:ec:32:7f:83:64:c3:e4:62:69:48:0f:72:2d:14:ac:a9:3d:aa:83:25:bf:19:f2:a7:36:e2:a4:e8:82:c3:b4:16:16:b3:b3:ee:49:cc:76:74:20:af:13:21:42:3f:b2:dc:60:cd:7b:2b:e4:5e:d9:f8:7c:0e:a6:f9:6c:f2:19:bd:26:1a:87:6b:8a:19:77:ce:9c:0c:2f:86:b3:11:e2:8e:32:41:23:89:95:07:76:4a:0f:d8:58:07:7d:e5:f5:73:4f:ec:e9:2b:64:1b:a5:7f:d8:5e:df:f6:08:36:d6:d7:35:d9:db:98:c9:3e:dc:7b:34:eb:7d:0b:b2:8a:db:b1:8b:72:97:57:e0:5d:e8:27:92:c6:cb:52:d7:2b:69:01:d4:94:4c:a3:e3:69:b9:62:3b:79:86:0d:6b:96:1b:a6:a0:d8:55:c9:ba:1b:ad:ec:0f:a1:00:bf:4a:04:af:dc:a2:c8:fd:fa:d3:bc:8e:71:63:3f:c7:94:cf:0b:42:fc:67:ec:16:44:22:93:23:d1:57:ad:23:80:6e:bf:1c:07:43:9c:c8:80:cf:51:2e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.959092000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.959092000", + "frame.time_delta": "0.011003000", + "frame.time_delta_displayed": "0.011003000", + "frame.time_relative": "1380.498406000", + "frame.number": "4817", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000f92d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000be14", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "71", + "http.prev_response_in": "4803" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.989999000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.989999000", + "frame.time_delta": "0.030907000", + "frame.time_delta_displayed": "0.030907000", + "frame.time_relative": "1380.529313000", + "frame.number": "4818", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001af9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d6e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54667", + "tcp.dstport": "80", + "tcp.port": "54667", + "tcp.port": "80", + "tcp.stream": "181", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00000619", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.990551000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.990551000", + "frame.time_delta": "0.000552000", + "frame.time_delta_displayed": "0.000552000", + "frame.time_relative": "1380.529865000", + "frame.number": "4819", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54667", + "tcp.port": "80", + "tcp.port": "54667", + "tcp.stream": "181", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00007f0a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4818", + "tcp.analysis.ack_rtt": "0.000552000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.993517000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.993517000", + "frame.time_delta": "0.002966000", + "frame.time_delta_displayed": "0.002966000", + "frame.time_relative": "1380.532831000", + "frame.number": "4820", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001afa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d79", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54667", + "tcp.dstport": "80", + "tcp.port": "54667", + "tcp.port": "80", + "tcp.stream": "181", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000030e9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4819", + "tcp.analysis.ack_rtt": "0.002966000", + "tcp.analysis.initial_rtt": "0.003518000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.994084000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.994084000", + "frame.time_delta": "0.000567000", + "frame.time_delta_displayed": "0.000567000", + "frame.time_relative": "1380.533398000", + "frame.number": "4821", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001afb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cd1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54667", + "tcp.dstport": "80", + "tcp.port": "54667", + "tcp.port": "80", + "tcp.stream": "181", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004662", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003518000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.994562000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.994562000", + "frame.time_delta": "0.000478000", + "frame.time_delta_displayed": "0.000478000", + "frame.time_relative": "1380.533876000", + "frame.number": "4822", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c58d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f2e5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54667", + "tcp.port": "80", + "tcp.port": "54667", + "tcp.stream": "181", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000227a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4821", + "tcp.analysis.ack_rtt": "0.000478000", + "tcp.analysis.initial_rtt": "0.003518000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.995211000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.995211000", + "frame.time_delta": "0.000649000", + "frame.time_delta_displayed": "0.000649000", + "frame.time_relative": "1380.534525000", + "frame.number": "4823", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000c58e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f2d3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54667", + "tcp.port": "80", + "tcp.port": "54667", + "tcp.stream": "181", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000629b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003518000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.995659000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.995659000", + "frame.time_delta": "0.000448000", + "frame.time_delta_displayed": "0.000448000", + "frame.time_relative": "1380.534973000", + "frame.number": "4824", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000c58f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ef00", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54667", + "tcp.port": "80", + "tcp.port": "54667", + "tcp.stream": "181", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b504", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003518000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "4823", + "tcp.segment": "4824", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001575000", + "http.request_in": "4821", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.998864000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.998864000", + "frame.time_delta": "0.003205000", + "frame.time_delta_displayed": "0.003205000", + "frame.time_relative": "1380.538178000", + "frame.number": "4825", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001afc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d77", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54667", + "tcp.dstport": "80", + "tcp.port": "54667", + "tcp.port": "80", + "tcp.stream": "181", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002c51", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4824", + "tcp.analysis.ack_rtt": "0.003205000", + "tcp.analysis.initial_rtt": "0.003518000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.999429000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.999429000", + "frame.time_delta": "0.000565000", + "frame.time_delta_displayed": "0.000565000", + "frame.time_relative": "1380.538743000", + "frame.number": "4826", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001afd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d76", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54667", + "tcp.dstport": "80", + "tcp.port": "54667", + "tcp.port": "80", + "tcp.stream": "181", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002c50", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:31.999888000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494971.999888000", + "frame.time_delta": "0.000459000", + "frame.time_delta_displayed": "0.000459000", + "frame.time_relative": "1380.539202000", + "frame.number": "4827", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000db41", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dd31", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54667", + "tcp.port": "80", + "tcp.port": "54667", + "tcp.stream": "181", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001e84", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4826", + "tcp.analysis.ack_rtt": "0.000459000", + "tcp.analysis.initial_rtt": "0.003518000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:32.009068000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494972.009068000", + "frame.time_delta": "0.009180000", + "frame.time_delta_displayed": "0.009180000", + "frame.time_relative": "1380.548382000", + "frame.number": "4828", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d2c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003824", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "13366", + "tcp.nxtseq": "13413", + "tcp.ack": "62850", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002d42", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:3f:86:00:26:cc:31", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812297094, TSecr 2542641": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812297094", + "tcp.options.timestamp.tsecr": "2542641" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4816", + "tcp.analysis.ack_rtt": "0.060979000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:94:e8:2e:86:9f:7f:d4:bc:d4:e7:35:1f:3f:76:15:08:55:4e:5a:19:fe:b8:04:5f:d0:d0:f0:0b:23:c4:ee:5b:b5:32:04" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:32.009504000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494972.009504000", + "frame.time_delta": "0.000436000", + "frame.time_delta_displayed": "0.000436000", + "frame.time_relative": "1380.548818000", + "frame.number": "4829", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009631", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000774e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "62850", + "tcp.ack": "13413", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000071f6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:cc:37:a7:a0:3f:86", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2542647, TSecr 2812297094": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2542647", + "tcp.options.timestamp.tsecr": "2812297094" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4828", + "tcp.analysis.ack_rtt": "0.000436000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:32.012281000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494972.012281000", + "frame.time_delta": "0.002777000", + "frame.time_delta_displayed": "0.002777000", + "frame.time_relative": "1380.551595000", + "frame.number": "4830", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000f92f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000be18", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "72", + "http.prev_response_in": "4817" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:32.016203000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494972.016203000", + "frame.time_delta": "0.003922000", + "frame.time_delta_displayed": "0.003922000", + "frame.time_relative": "1380.555517000", + "frame.number": "4831", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001afe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d69", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54668", + "tcp.dstport": "80", + "tcp.port": "54668", + "tcp.port": "80", + "tcp.stream": "182", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000080ec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:32.016752000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494972.016752000", + "frame.time_delta": "0.000549000", + "frame.time_delta_displayed": "0.000549000", + "frame.time_relative": "1380.556066000", + "frame.number": "4832", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54668", + "tcp.port": "80", + "tcp.port": "54668", + "tcp.stream": "182", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00001100", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4831", + "tcp.analysis.ack_rtt": "0.000549000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:32.019279000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494972.019279000", + "frame.time_delta": "0.002527000", + "frame.time_delta_displayed": "0.002527000", + "frame.time_relative": "1380.558593000", + "frame.number": "4833", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001aff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d74", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54668", + "tcp.dstport": "80", + "tcp.port": "54668", + "tcp.port": "80", + "tcp.stream": "182", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c2de", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4832", + "tcp.analysis.ack_rtt": "0.002527000", + "tcp.analysis.initial_rtt": "0.003076000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:32.019888000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494972.019888000", + "frame.time_delta": "0.000609000", + "frame.time_delta_displayed": "0.000609000", + "frame.time_relative": "1380.559202000", + "frame.number": "4834", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001b00", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ccc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54668", + "tcp.dstport": "80", + "tcp.port": "54668", + "tcp.port": "80", + "tcp.stream": "182", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d857", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003076000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:32.020380000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494972.020380000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "1380.559694000", + "frame.number": "4835", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000001ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b6c7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54668", + "tcp.port": "80", + "tcp.port": "54668", + "tcp.stream": "182", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b46f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4834", + "tcp.analysis.ack_rtt": "0.000492000", + "tcp.analysis.initial_rtt": "0.003076000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:32.020952000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494972.020952000", + "frame.time_delta": "0.000572000", + "frame.time_delta_displayed": "0.000572000", + "frame.time_relative": "1380.560266000", + "frame.number": "4836", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000001ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b6b5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54668", + "tcp.port": "80", + "tcp.port": "54668", + "tcp.stream": "182", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f490", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003076000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:32.021306000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494972.021306000", + "frame.time_delta": "0.000354000", + "frame.time_delta_displayed": "0.000354000", + "frame.time_relative": "1380.560620000", + "frame.number": "4837", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000001ae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b2e2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54668", + "tcp.port": "80", + "tcp.port": "54668", + "tcp.stream": "182", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000046fa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003076000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "4836", + "tcp.segment": "4837", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001418000", + "http.request_in": "4834", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:32.024183000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494972.024183000", + "frame.time_delta": "0.002877000", + "frame.time_delta_displayed": "0.002877000", + "frame.time_relative": "1380.563497000", + "frame.number": "4838", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b01", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d72", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54668", + "tcp.dstport": "80", + "tcp.port": "54668", + "tcp.port": "80", + "tcp.stream": "182", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000be46", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4837", + "tcp.analysis.ack_rtt": "0.002877000", + "tcp.analysis.initial_rtt": "0.003076000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:32.024788000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494972.024788000", + "frame.time_delta": "0.000605000", + "frame.time_delta_displayed": "0.000605000", + "frame.time_relative": "1380.564102000", + "frame.number": "4839", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b02", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d71", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54668", + "tcp.dstport": "80", + "tcp.port": "54668", + "tcp.port": "80", + "tcp.stream": "182", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000be45", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:32.025232000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494972.025232000", + "frame.time_delta": "0.000444000", + "frame.time_delta_displayed": "0.000444000", + "frame.time_relative": "1380.564546000", + "frame.number": "4840", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000db42", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dd30", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54668", + "tcp.port": "80", + "tcp.port": "54668", + "tcp.stream": "182", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b079", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4839", + "tcp.analysis.ack_rtt": "0.000444000", + "tcp.analysis.initial_rtt": "0.003076000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:32.056774000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494972.056774000", + "frame.time_delta": "0.031542000", + "frame.time_delta_displayed": "0.031542000", + "frame.time_relative": "1380.596088000", + "frame.number": "4841", + "frame.len": "89", + "frame.cap_len": "89", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "75", + "ip.id": "0x0000bd8b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001bfd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "55", + "udp.checksum": "0x000070a3", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.response_to": "4767", + "dns.time": "1.989808000", + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "192-168-0-117.local: type A, class IN, cache flush, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "3599", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:32.647517000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494972.647517000", + "frame.time_delta": "0.590743000", + "frame.time_delta_displayed": "0.590743000", + "frame.time_relative": "1381.186831000", + "frame.number": "4842", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f4b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b8a5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001975", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000280", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=640", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:32.648034000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494972.648034000", + "frame.time_delta": "0.000517000", + "frame.time_delta_displayed": "0.000517000", + "frame.time_relative": "1381.187348000", + "frame.number": "4843", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f4c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000099a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000fa70", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000280", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=640", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:32.648650000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494972.648650000", + "frame.time_delta": "0.000616000", + "frame.time_delta_displayed": "0.000616000", + "frame.time_relative": "1381.187964000", + "frame.number": "4844", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008836", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000280", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=640", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:34.629377000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494974.629377000", + "frame.time_delta": "1.980727000", + "frame.time_delta_displayed": "1.980727000", + "frame.time_relative": "1383.168691000", + "frame.number": "4845", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000580f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a682", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "4957", + "tcp.ack": "505", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f16a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:34.772346000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494974.772346000", + "frame.time_delta": "0.142969000", + "frame.time_delta_displayed": "0.142969000", + "frame.time_relative": "1383.311660000", + "frame.number": "4846", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000ff8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd99", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "505", + "tcp.ack": "4958", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fbdf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:36.620404000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494976.620404000", + "frame.time_delta": "1.848058000", + "frame.time_delta_displayed": "1.848058000", + "frame.time_relative": "1385.159718000", + "frame.number": "4847", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005d72", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005a77", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:36.679514000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494976.679514000", + "frame.time_delta": "0.059110000", + "frame.time_delta_displayed": "0.059110000", + "frame.time_relative": "1385.218828000", + "frame.number": "4848", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002106", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e70e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57311", + "udp.dstport": "1900", + "udp.port": "57311", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00006a7e", + "udp.checksum.status": "2", + "udp.stream": "108" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:37.020225000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494977.020225000", + "frame.time_delta": "0.340711000", + "frame.time_delta_displayed": "0.340711000", + "frame.time_relative": "1385.559539000", + "frame.number": "4849", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:37.020666000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494977.020666000", + "frame.time_delta": "0.000441000", + "frame.time_delta_displayed": "0.000441000", + "frame.time_relative": "1385.559980000", + "frame.number": "4850", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:37.334689000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494977.334689000", + "frame.time_delta": "0.314023000", + "frame.time_delta_displayed": "0.314023000", + "frame.time_relative": "1385.874003000", + "frame.number": "4851", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000fa70", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bcda", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "305", + "udp.checksum": "0x0000e53b", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:37.387495000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494977.387495000", + "frame.time_delta": "0.052806000", + "frame.time_delta_displayed": "0.052806000", + "frame.time_relative": "1385.926809000", + "frame.number": "4852", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000fa75", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bccc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "314", + "udp.checksum": "0x0000f326", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "4851" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:37.440292000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494977.440292000", + "frame.time_delta": "0.052797000", + "frame.time_delta_displayed": "0.052797000", + "frame.time_relative": "1385.979606000", + "frame.number": "4853", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000fa76", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bcd1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "308", + "udp.checksum": "0x000016b1", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "4852" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:37.647801000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494977.647801000", + "frame.time_delta": "0.207509000", + "frame.time_delta_displayed": "0.207509000", + "frame.time_relative": "1386.187115000", + "frame.number": "4854", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f50", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b8a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001975", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000280", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=640", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:37.648316000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494977.648316000", + "frame.time_delta": "0.000515000", + "frame.time_delta_displayed": "0.000515000", + "frame.time_relative": "1386.187630000", + "frame.number": "4855", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f51", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000999b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000fa70", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000280", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=640", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:37.648935000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494977.648935000", + "frame.time_delta": "0.000619000", + "frame.time_delta_displayed": "0.000619000", + "frame.time_relative": "1386.188249000", + "frame.number": "4856", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008836", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000280", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=640", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:37.679886000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494977.679886000", + "frame.time_delta": "0.030951000", + "frame.time_delta_displayed": "0.030951000", + "frame.time_relative": "1386.219200000", + "frame.number": "4857", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002107", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e70d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57311", + "udp.dstport": "1900", + "udp.port": "57311", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00006a7e", + "udp.checksum.status": "2", + "udp.stream": "108" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "4848" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:38.387835000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494978.387835000", + "frame.time_delta": "0.707949000", + "frame.time_delta_displayed": "0.707949000", + "frame.time_relative": "1386.927149000", + "frame.number": "4858", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000fa8d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bcbd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "305", + "udp.checksum": "0x0000e53b", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "4853" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:38.440418000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494978.440418000", + "frame.time_delta": "0.052583000", + "frame.time_delta_displayed": "0.052583000", + "frame.time_relative": "1386.979732000", + "frame.number": "4859", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000fa93", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bcae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "314", + "udp.checksum": "0x0000f326", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "4858" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:38.493168000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494978.493168000", + "frame.time_delta": "0.052750000", + "frame.time_delta_displayed": "0.052750000", + "frame.time_relative": "1387.032482000", + "frame.number": "4860", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000fa98", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bcaf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "308", + "udp.checksum": "0x000016b1", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "4859" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:38.680918000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494978.680918000", + "frame.time_delta": "0.187750000", + "frame.time_delta_displayed": "0.187750000", + "frame.time_relative": "1387.220232000", + "frame.number": "4861", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002108", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e70c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57311", + "udp.dstport": "1900", + "udp.port": "57311", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00006a7e", + "udp.checksum.status": "2", + "udp.stream": "108" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "4857" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:39.018727000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494979.018727000", + "frame.time_delta": "0.337809000", + "frame.time_delta_displayed": "0.337809000", + "frame.time_relative": "1387.558041000", + "frame.number": "4862", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000fab2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bc98", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "305", + "udp.checksum": "0x0000e53b", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "4860" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:39.071465000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494979.071465000", + "frame.time_delta": "0.052738000", + "frame.time_delta_displayed": "0.052738000", + "frame.time_relative": "1387.610779000", + "frame.number": "4863", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000fab7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bc8a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "314", + "udp.checksum": "0x0000f326", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "4862" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:39.124135000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494979.124135000", + "frame.time_delta": "0.052670000", + "frame.time_delta_displayed": "0.052670000", + "frame.time_relative": "1387.663449000", + "frame.number": "4864", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000fabb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bc8c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "308", + "udp.checksum": "0x000016b1", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "4863" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:39.681967000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494979.681967000", + "frame.time_delta": "0.557832000", + "frame.time_delta_displayed": "0.557832000", + "frame.time_relative": "1388.221281000", + "frame.number": "4865", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002109", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e70b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57311", + "udp.dstport": "1900", + "udp.port": "57311", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00006a7e", + "udp.checksum.status": "2", + "udp.stream": "108" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "4861" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:39.780450000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494979.780450000", + "frame.time_delta": "0.098483000", + "frame.time_delta_displayed": "0.098483000", + "frame.time_relative": "1388.319764000", + "frame.number": "4866", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:39.780929000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494979.780929000", + "frame.time_delta": "0.000479000", + "frame.time_delta_displayed": "0.000479000", + "frame.time_relative": "1388.320243000", + "frame.number": "4867", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:40.070929000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494980.070929000", + "frame.time_delta": "0.290000000", + "frame.time_delta_displayed": "0.290000000", + "frame.time_relative": "1388.610243000", + "frame.number": "4868", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000fafa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bc50", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "305", + "udp.checksum": "0x0000e53b", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "4864" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:40.123785000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494980.123785000", + "frame.time_delta": "0.052856000", + "frame.time_delta_displayed": "0.052856000", + "frame.time_relative": "1388.663099000", + "frame.number": "4869", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000fafc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bc45", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "314", + "udp.checksum": "0x0000f326", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "4868" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:40.176618000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494980.176618000", + "frame.time_delta": "0.052833000", + "frame.time_delta_displayed": "0.052833000", + "frame.time_relative": "1388.715932000", + "frame.number": "4870", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000fb01", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bc46", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "308", + "udp.checksum": "0x000016b1", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "4869" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:40.387185000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494980.387185000", + "frame.time_delta": "0.210567000", + "frame.time_delta_displayed": "0.210567000", + "frame.time_relative": "1388.926499000", + "frame.number": "4871", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000fb05", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bc45", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "305", + "udp.checksum": "0x0000e53b", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "4870" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:40.439996000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494980.439996000", + "frame.time_delta": "0.052811000", + "frame.time_delta_displayed": "0.052811000", + "frame.time_relative": "1388.979310000", + "frame.number": "4872", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000fb08", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bc39", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "314", + "udp.checksum": "0x0000f326", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "4871" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:40.492798000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494980.492798000", + "frame.time_delta": "0.052802000", + "frame.time_delta_displayed": "0.052802000", + "frame.time_relative": "1389.032112000", + "frame.number": "4873", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000fb0d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bc3a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "308", + "udp.checksum": "0x000016b1", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "4872" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:41.439119000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494981.439119000", + "frame.time_delta": "0.946321000", + "frame.time_delta_displayed": "0.946321000", + "frame.time_relative": "1389.978433000", + "frame.number": "4874", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000fb5c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bbee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "305", + "udp.checksum": "0x0000e53b", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "4873" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:41.491963000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494981.491963000", + "frame.time_delta": "0.052844000", + "frame.time_delta_displayed": "0.052844000", + "frame.time_relative": "1390.031277000", + "frame.number": "4875", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000fb61", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bbe0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "314", + "udp.checksum": "0x0000f326", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "4874" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:41.544687000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494981.544687000", + "frame.time_delta": "0.052724000", + "frame.time_delta_displayed": "0.052724000", + "frame.time_relative": "1390.084001000", + "frame.number": "4876", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000fb64", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bbe3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "308", + "udp.checksum": "0x000016b1", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "4875" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:42.123452000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494982.123452000", + "frame.time_delta": "0.578765000", + "frame.time_delta_displayed": "0.578765000", + "frame.time_relative": "1390.662766000", + "frame.number": "4877", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000fb8d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bbbd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "305", + "udp.checksum": "0x0000e53b", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "4876" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:42.176313000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494982.176313000", + "frame.time_delta": "0.052861000", + "frame.time_delta_displayed": "0.052861000", + "frame.time_relative": "1390.715627000", + "frame.number": "4878", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000fb91", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bbb0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "314", + "udp.checksum": "0x0000f326", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "4877" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:42.229442000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494982.229442000", + "frame.time_delta": "0.053129000", + "frame.time_delta_displayed": "0.053129000", + "frame.time_relative": "1390.768756000", + "frame.number": "4879", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000fb97", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bbb0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "308", + "udp.checksum": "0x000016b1", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "4878" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:43.176247000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494983.176247000", + "frame.time_delta": "0.946805000", + "frame.time_delta_displayed": "0.946805000", + "frame.time_relative": "1391.715561000", + "frame.number": "4880", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000fbaa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bba0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "305", + "udp.checksum": "0x0000e53b", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "4879" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:43.229003000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494983.229003000", + "frame.time_delta": "0.052756000", + "frame.time_delta_displayed": "0.052756000", + "frame.time_relative": "1391.768317000", + "frame.number": "4881", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000fbae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bb93", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "314", + "udp.checksum": "0x0000f326", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "4880" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:43.231703000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494983.231703000", + "frame.time_delta": "0.002700000", + "frame.time_delta_displayed": "0.002700000", + "frame.time_relative": "1391.771017000", + "frame.number": "4882", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "50:c7:bf:59:d5:84", + "eth.src_tree": { + "eth.src_resolved": "Tp-LinkT_59:d5:84", + "eth.addr": "50:c7:bf:59:d5:84", + "eth.addr_resolved": "Tp-LinkT_59:d5:84", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "50:c7:bf:59:d5:84", + "arp.src.proto_ipv4": "192.168.0.221", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:43.281709000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494983.281709000", + "frame.time_delta": "0.050006000", + "frame.time_delta_displayed": "0.050006000", + "frame.time_relative": "1391.821023000", + "frame.number": "4883", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000fbb4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bb93", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57311", + "udp.port": "1900", + "udp.port": "57311", + "udp.length": "308", + "udp.checksum": "0x000016b1", + "udp.checksum.status": "2", + "udp.stream": "109" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "4881" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:49.137325000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494989.137325000", + "frame.time_delta": "5.855616000", + "frame.time_delta_displayed": "5.855616000", + "frame.time_relative": "1397.676639000", + "frame.number": "4884", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000c36a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000015ef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:49.293672000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494989.293672000", + "frame.time_delta": "0.156347000", + "frame.time_delta_displayed": "0.156347000", + "frame.time_relative": "1397.832986000", + "frame.number": "4885", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x000000d7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c880", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:49.346598000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494989.346598000", + "frame.time_delta": "0.052926000", + "frame.time_delta_displayed": "0.052926000", + "frame.time_relative": "1397.885912000", + "frame.number": "4886", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x000000d9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c87e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:49.399437000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494989.399437000", + "frame.time_delta": "0.052839000", + "frame.time_delta_displayed": "0.052839000", + "frame.time_relative": "1397.938751000", + "frame.number": "4887", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x000000dc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c872", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:49.452320000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494989.452320000", + "frame.time_delta": "0.052883000", + "frame.time_delta_displayed": "0.052883000", + "frame.time_relative": "1397.991634000", + "frame.number": "4888", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x000000e0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c86e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:49.505146000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494989.505146000", + "frame.time_delta": "0.052826000", + "frame.time_delta_displayed": "0.052826000", + "frame.time_relative": "1398.044460000", + "frame.number": "4889", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x000000e2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c872", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:49.558011000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494989.558011000", + "frame.time_delta": "0.052865000", + "frame.time_delta_displayed": "0.052865000", + "frame.time_relative": "1398.097325000", + "frame.number": "4890", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x000000e6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000c86e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:50.512202000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494990.512202000", + "frame.time_delta": "0.954191000", + "frame.time_delta_displayed": "0.954191000", + "frame.time_relative": "1399.051516000", + "frame.number": "4891", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:nbns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00005d73", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005a70", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "137", + "udp.dstport": "137", + "udp.port": "137", + "udp.port": "137", + "udp.length": "58", + "udp.checksum": "0x0000a424", + "udp.checksum.status": "2", + "udp.stream": "28" + }, + "nbns": { + "nbns.id": "0x00009619", + "nbns.flags": "0x00000110", + "nbns.flags_tree": { + "nbns.flags.response": "0", + "nbns.flags.opcode": "0", + "nbns.flags.truncated": "0", + "nbns.flags.recdesired": "1", + "nbns.flags.broadcast": "1" + }, + "nbns.count.queries": "1", + "nbns.count.answers": "0", + "nbns.count.auth_rr": "0", + "nbns.count.add_rr": "0", + "Queries": { + "WPAD<00>: type NB, class IN": { + "nbns.name": "WPAD<00>", + "nbns.type": "32", + "nbns.class": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:50.513204000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494990.513204000", + "frame.time_delta": "0.001002000", + "frame.time_delta_displayed": "0.001002000", + "frame.time_relative": "1399.052518000", + "frame.number": "4892", + "frame.len": "84", + "frame.cap_len": "84", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" + }, + "eth": { + "eth.dst": "33:33:00:01:00:03", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:03", + "eth.addr": "33:33:00:01:00:03", + "eth.addr_resolved": "IPv6mcast_01:00:03", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x000d917e", + "ipv6.plen": "30", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::790f:988f:49cf:68ba", + "ipv6.addr": "fe80::790f:988f:49cf:68ba", + "ipv6.src_host": "fe80::790f:988f:49cf:68ba", + "ipv6.host": "fe80::790f:988f:49cf:68ba", + "ipv6.dst": "ff02::1:3", + "ipv6.addr": "ff02::1:3", + "ipv6.dst_host": "ff02::1:3", + "ipv6.host": "ff02::1:3", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "64488", + "udp.dstport": "5355", + "udp.port": "64488", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000e6da", + "udp.checksum.status": "2", + "udp.stream": "110" + }, + "llmnr": { + "dns.id": "0x00006d77", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type A, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:50.513883000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494990.513883000", + "frame.time_delta": "0.000679000", + "frame.time_delta_displayed": "0.000679000", + "frame.time_relative": "1399.053197000", + "frame.number": "4893", + "frame.len": "64", + "frame.cap_len": "64", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:llmnr" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fc", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fc", + "eth.addr": "01:00:5e:00:00:fc", + "eth.addr_resolved": "IPv4mcast_fc", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "50", + "ip.id": "0x0000057a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00001231", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "224.0.0.252", + "ip.addr": "224.0.0.252", + "ip.dst_host": "224.0.0.252", + "ip.host": "224.0.0.252", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "64488", + "udp.dstport": "5355", + "udp.port": "64488", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000067a", + "udp.checksum.status": "2", + "udp.stream": "111" + }, + "llmnr": { + "dns.id": "0x00006d77", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type A, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:50.514507000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494990.514507000", + "frame.time_delta": "0.000624000", + "frame.time_delta_displayed": "0.000624000", + "frame.time_relative": "1399.053821000", + "frame.number": "4894", + "frame.len": "84", + "frame.cap_len": "84", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" + }, + "eth": { + "eth.dst": "33:33:00:01:00:03", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:03", + "eth.addr": "33:33:00:01:00:03", + "eth.addr_resolved": "IPv6mcast_01:00:03", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00049158", + "ipv6.plen": "30", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::790f:988f:49cf:68ba", + "ipv6.addr": "fe80::790f:988f:49cf:68ba", + "ipv6.src_host": "fe80::790f:988f:49cf:68ba", + "ipv6.host": "fe80::790f:988f:49cf:68ba", + "ipv6.dst": "ff02::1:3", + "ipv6.addr": "ff02::1:3", + "ipv6.dst_host": "ff02::1:3", + "ipv6.host": "ff02::1:3", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60720", + "udp.dstport": "5355", + "udp.port": "60720", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000b87f", + "udp.checksum.status": "2", + "udp.stream": "112" + }, + "llmnr": { + "dns.id": "0x0000aa6f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type AAAA, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:50.515080000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494990.515080000", + "frame.time_delta": "0.000573000", + "frame.time_delta_displayed": "0.000573000", + "frame.time_relative": "1399.054394000", + "frame.number": "4895", + "frame.len": "64", + "frame.cap_len": "64", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:llmnr" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fc", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fc", + "eth.addr": "01:00:5e:00:00:fc", + "eth.addr_resolved": "IPv4mcast_fc", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "50", + "ip.id": "0x0000057b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00001230", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "224.0.0.252", + "ip.addr": "224.0.0.252", + "ip.dst_host": "224.0.0.252", + "ip.host": "224.0.0.252", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60720", + "udp.dstport": "5355", + "udp.port": "60720", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000d81e", + "udp.checksum.status": "2", + "udp.stream": "113" + }, + "llmnr": { + "dns.id": "0x0000aa6f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type AAAA, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:50.924719000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494990.924719000", + "frame.time_delta": "0.409639000", + "frame.time_delta_displayed": "0.409639000", + "frame.time_relative": "1399.464033000", + "frame.number": "4896", + "frame.len": "84", + "frame.cap_len": "84", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" + }, + "eth": { + "eth.dst": "33:33:00:01:00:03", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:03", + "eth.addr": "33:33:00:01:00:03", + "eth.addr_resolved": "IPv6mcast_01:00:03", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x000d917e", + "ipv6.plen": "30", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::790f:988f:49cf:68ba", + "ipv6.addr": "fe80::790f:988f:49cf:68ba", + "ipv6.src_host": "fe80::790f:988f:49cf:68ba", + "ipv6.host": "fe80::790f:988f:49cf:68ba", + "ipv6.dst": "ff02::1:3", + "ipv6.addr": "ff02::1:3", + "ipv6.dst_host": "ff02::1:3", + "ipv6.host": "ff02::1:3", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "64488", + "udp.dstport": "5355", + "udp.port": "64488", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000e6da", + "udp.checksum.status": "2", + "udp.stream": "110" + }, + "llmnr": { + "dns.id": "0x00006d77", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type A, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:50.925344000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494990.925344000", + "frame.time_delta": "0.000625000", + "frame.time_delta_displayed": "0.000625000", + "frame.time_relative": "1399.464658000", + "frame.number": "4897", + "frame.len": "64", + "frame.cap_len": "64", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:llmnr" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fc", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fc", + "eth.addr": "01:00:5e:00:00:fc", + "eth.addr_resolved": "IPv4mcast_fc", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "50", + "ip.id": "0x0000057c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000122f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "224.0.0.252", + "ip.addr": "224.0.0.252", + "ip.dst_host": "224.0.0.252", + "ip.host": "224.0.0.252", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "64488", + "udp.dstport": "5355", + "udp.port": "64488", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000067a", + "udp.checksum.status": "2", + "udp.stream": "111" + }, + "llmnr": { + "dns.id": "0x00006d77", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type A, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:50.925940000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494990.925940000", + "frame.time_delta": "0.000596000", + "frame.time_delta_displayed": "0.000596000", + "frame.time_relative": "1399.465254000", + "frame.number": "4898", + "frame.len": "84", + "frame.cap_len": "84", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" + }, + "eth": { + "eth.dst": "33:33:00:01:00:03", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:03", + "eth.addr": "33:33:00:01:00:03", + "eth.addr_resolved": "IPv6mcast_01:00:03", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00049158", + "ipv6.plen": "30", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::790f:988f:49cf:68ba", + "ipv6.addr": "fe80::790f:988f:49cf:68ba", + "ipv6.src_host": "fe80::790f:988f:49cf:68ba", + "ipv6.host": "fe80::790f:988f:49cf:68ba", + "ipv6.dst": "ff02::1:3", + "ipv6.addr": "ff02::1:3", + "ipv6.dst_host": "ff02::1:3", + "ipv6.host": "ff02::1:3", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60720", + "udp.dstport": "5355", + "udp.port": "60720", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000b87f", + "udp.checksum.status": "2", + "udp.stream": "112" + }, + "llmnr": { + "dns.id": "0x0000aa6f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type AAAA, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:50.928466000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494990.928466000", + "frame.time_delta": "0.002526000", + "frame.time_delta_displayed": "0.002526000", + "frame.time_relative": "1399.467780000", + "frame.number": "4899", + "frame.len": "64", + "frame.cap_len": "64", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:llmnr" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fc", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fc", + "eth.addr": "01:00:5e:00:00:fc", + "eth.addr_resolved": "IPv4mcast_fc", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "50", + "ip.id": "0x0000057d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000122e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "224.0.0.252", + "ip.addr": "224.0.0.252", + "ip.dst_host": "224.0.0.252", + "ip.host": "224.0.0.252", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60720", + "udp.dstport": "5355", + "udp.port": "60720", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000d81e", + "udp.checksum.status": "2", + "udp.stream": "113" + }, + "llmnr": { + "dns.id": "0x0000aa6f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type AAAA, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:51.262401000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494991.262401000", + "frame.time_delta": "0.333935000", + "frame.time_delta_displayed": "0.333935000", + "frame.time_relative": "1399.801715000", + "frame.number": "4900", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:nbns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00005d74", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005a6f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "137", + "udp.dstport": "137", + "udp.port": "137", + "udp.port": "137", + "udp.length": "58", + "udp.checksum": "0x0000a424", + "udp.checksum.status": "2", + "udp.stream": "28" + }, + "nbns": { + "nbns.id": "0x00009619", + "nbns.flags": "0x00000110", + "nbns.flags_tree": { + "nbns.flags.response": "0", + "nbns.flags.opcode": "0", + "nbns.flags.truncated": "0", + "nbns.flags.recdesired": "1", + "nbns.flags.broadcast": "1" + }, + "nbns.count.queries": "1", + "nbns.count.answers": "0", + "nbns.count.auth_rr": "0", + "nbns.count.add_rr": "0", + "Queries": { + "WPAD<00>: type NB, class IN": { + "nbns.name": "WPAD<00>", + "nbns.type": "32", + "nbns.class": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:52.012910000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494992.012910000", + "frame.time_delta": "0.750509000", + "frame.time_delta_displayed": "0.750509000", + "frame.time_relative": "1400.552224000", + "frame.number": "4901", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:nbns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00005d82", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005a61", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "137", + "udp.dstport": "137", + "udp.port": "137", + "udp.port": "137", + "udp.length": "58", + "udp.checksum": "0x0000a424", + "udp.checksum.status": "2", + "udp.stream": "28" + }, + "nbns": { + "nbns.id": "0x00009619", + "nbns.flags": "0x00000110", + "nbns.flags_tree": { + "nbns.flags.response": "0", + "nbns.flags.opcode": "0", + "nbns.flags.truncated": "0", + "nbns.flags.recdesired": "1", + "nbns.flags.broadcast": "1" + }, + "nbns.count.queries": "1", + "nbns.count.answers": "0", + "nbns.count.auth_rr": "0", + "nbns.count.add_rr": "0", + "Queries": { + "WPAD<00>: type NB, class IN": { + "nbns.name": "WPAD<00>", + "nbns.type": "32", + "nbns.class": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:52.483895000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494992.483895000", + "frame.time_delta": "0.470985000", + "frame.time_delta_displayed": "0.470985000", + "frame.time_relative": "1401.023209000", + "frame.number": "4902", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:57:18:8e:aa:94", + "arp.src.proto_ipv4": "192.168.0.108", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:09:58.744745000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509494998.744745000", + "frame.time_delta": "6.260850000", + "frame.time_delta_displayed": "6.260850000", + "frame.time_relative": "1407.284059000", + "frame.number": "4903", + "frame.len": "142", + "frame.cap_len": "142", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:adwin_config" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "128", + "ip.id": "0x00000b79", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed0b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "108", + "udp.checksum": "0x000068d8", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "adwin_config": { + "adwin_config.command": "1409286244", + "adwin_config.version": "1380667970", + "adwin_config.mac": "d0:73:d5:02:41:da", + "adwin_config.unused": "", + "adwin_config.server_ip": "88.70.73.76", + "adwin_config.unused": "", + "adwin_config.netmask": "244.91.70.68", + "adwin_config.unused": "", + "adwin_config.gateway": "0.0.0.59", + "adwin_config.unused": "", + "adwin_config.dhcp": "1", + "adwin_config.port": "351456691", + "adwin_config.password": "", + "adwin_config.bootloader": "0", + "adwin_config.unused": "", + "adwin_config.description": "", + "adwin_config.date": "", + "adwin_config.revision": "", + "adwin_config.processor_type_raw": "", + "adwin_config.processor_type": "Unknown", + "adwin_config.system_type_raw": "", + "adwin_config.system_type": "Unknown" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:03.027425000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495003.027425000", + "frame.time_delta": "4.282680000", + "frame.time_delta_displayed": "4.282680000", + "frame.time_relative": "1411.566739000", + "frame.number": "4904", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009632", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000771c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "62850", + "tcp.nxtseq": "62899", + "tcp.ack": "13413", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005bde", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:d8:55:a7:a0:3f:86", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2545749, TSecr 2812297094": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2545749", + "tcp.options.timestamp.tsecr": "2812297094" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:df:7a:47:92:c6:27:f8:24:cd:ef:cc:5a:e8:5c:c4:74:93:3a:b7:e5:a1:36:1e:bb:8f:cd:1a:e3:0f:03:19:5d:30:26:e2:e0:ea" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:03.088310000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495003.088310000", + "frame.time_delta": "0.060885000", + "frame.time_delta_displayed": "0.060885000", + "frame.time_relative": "1411.627624000", + "frame.number": "4905", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002d2d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000381b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "13413", + "tcp.nxtseq": "13468", + "tcp.ack": "62899", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bb25", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:5d:e0:00:26:d8:55", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812304864, TSecr 2545749": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812304864", + "tcp.options.timestamp.tsecr": "2545749" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4904", + "tcp.analysis.ack_rtt": "0.060885000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:95:1e:30:a6:51:a5:b0:4a:68:28:bf:0c:f3:47:34:d0:d2:3c:9b:10:22:14:73:6e:8e:cf:6c:f0:cc:d3:78:28:fa:1b:ca:d4:03:ec:36:b9:03:f1:b6" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:03.088818000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495003.088818000", + "frame.time_delta": "0.000508000", + "frame.time_delta_displayed": "0.000508000", + "frame.time_relative": "1411.628132000", + "frame.number": "4906", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009633", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000774c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "62899", + "tcp.ack": "13468", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004710", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:d8:5b:a7:a0:5d:e0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2545755, TSecr 2812304864": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2545755", + "tcp.options.timestamp.tsecr": "2812304864" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4905", + "tcp.analysis.ack_rtt": "0.000508000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:03.648699000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495003.648699000", + "frame.time_delta": "0.559881000", + "frame.time_delta_displayed": "0.559881000", + "frame.time_relative": "1412.188013000", + "frame.number": "4907", + "frame.len": "722", + "frame.cap_len": "722", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "708", + "ip.id": "0x00009634", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000074bb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "656", + "tcp.seq": "62899", + "tcp.nxtseq": "63555", + "tcp.ack": "13468", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002346", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:d8:93:a7:a0:5d:e0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2545811, TSecr 2812304864": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2545811", + "tcp.options.timestamp.tsecr": "2812304864" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "656", + "tcp.analysis.push_bytes_sent": "656" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "651", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:e0:86:5e:f5:54:fe:d7:26:1b:24:a2:c4:d3:c9:d6:4d:c4:ce:11:fe:f6:75:15:f1:64:de:30:1f:38:83:2d:87:78:4d:81:04:0a:cd:94:b7:e9:e8:7d:06:8f:43:7f:42:89:38:de:eb:b7:73:37:d6:ed:e5:13:d2:00:52:aa:82:4a:1e:13:18:3b:b4:6c:aa:b8:f4:b2:b0:2d:c5:22:7c:55:0b:8f:3e:ea:e7:85:ec:33:a7:a8:1e:8b:43:51:7f:12:21:64:90:da:ad:f6:69:86:97:54:61:f2:3a:4a:01:8e:07:e7:ac:14:d5:58:53:e2:35:e3:2a:24:b7:56:fe:f0:b1:91:f7:d0:78:5c:14:1f:35:71:0c:aa:4c:93:fe:7b:1b:a5:d6:5c:4f:b2:01:b4:62:80:ba:1b:70:e3:20:f9:e7:d8:35:81:d0:f0:d5:35:32:43:19:ed:3a:c0:1b:39:1a:79:50:5b:72:85:ef:d4:79:02:37:8a:50:a9:15:d3:b6:81:66:76:90:58:1c:32:e6:7b:e6:2b:42:3b:84:9f:d9:ed:8a:62:b5:27:e3:34:d5:2e:b1:ea:15:d4:fc:15:95:b4:e9:d2:55:e2:42:51:45:87:68:5b:f7:9a:c2:15:8e:65:aa:21:96:6e:ae:55:33:f7:78:b4:b9:dc:18:0d:7f:d1:72:ce:9c:8b:e9:df:7e:13:d1:00:d8:30:9e:f3:74:49:73:37:fb:ea:cd:37:91:d1:4a:7a:cc:b4:58:35:52:71:ed:90:78:bf:a8:12:c2:e6:07:d2:b0:3b:96:cf:5b:eb:51:40:17:41:98:02:db:02:26:df:45:40:92:31:db:12:d0:86:64:3d:45:a4:89:80:ff:43:0a:2f:13:c6:eb:79:8d:da:35:7b:18:2e:05:03:5d:ee:0a:32:be:9f:63:5c:63:49:8d:5d:75:66:b9:94:a4:0e:f8:2f:53:12:d2:a0:63:21:ca:cd:85:6c:f4:3e:d1:63:2e:88:e5:e2:83:7f:fe:87:03:4e:fb:42:d2:aa:1e:73:46:b2:16:38:c5:66:a2:86:75:1f:c5:3d:43:8c:75:70:56:6b:67:f7:26:7c:47:f5:5b:48:d3:1a:81:5a:44:d5:65:41:ea:63:64:4a:ce:1a:28:55:57:94:5d:bf:a5:ab:2e:30:2b:26:eb:13:f3:40:b0:97:5c:93:12:47:e4:dd:7e:5e:ed:2e:a8:51:96:78:b5:cf:4e:30:db:d8:14:b0:39:65:9c:b5:75:8f:5c:37:39:19:a8:ec:5b:39:be:2d:ba:93:fd:6b:af:58:3d:d9:70:52:47:84:21:41:3b:54:9f:5a:26:00:9e:8d:99:3d:42:3d:30:05:90:88:ea:87:1d:92:a2:20:40:0a:f6:89:c1:4f:c9:b6:48:66:7a:dd:f0:51:68:1d:62:07:05:c4:aa:b0:09:1d:ba:36:ff:91:b4:65:dc:6d:29:b2:53:ba:bb:38:2c:54:28:94:1c:10:e7:8e:59:c7:f8:5d:c4:15:14:55:ea:e7:14:18:fe:b9:df:48:33:7f:b4:c3:71:c2:72:19:ba:44:44:94:d9:f8:e4:96:16:2f:e0:6d:5b:95:04:14:59:33:54:dc:6c:46:cc:6a:d1:fe:19:c2:87:fc:cc:c0:c0:57:e9:fb:16:e7:62:a7:aa:e0:7d:89:74" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:03.710038000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495003.710038000", + "frame.time_delta": "0.061339000", + "frame.time_delta_displayed": "0.061339000", + "frame.time_relative": "1412.249352000", + "frame.number": "4908", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d2e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003822", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "13468", + "tcp.nxtseq": "13515", + "tcp.ack": "63555", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009a37", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:5e:7b:00:26:d8:93", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812305019, TSecr 2545811": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812305019", + "tcp.options.timestamp.tsecr": "2545811" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4907", + "tcp.analysis.ack_rtt": "0.061339000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:96:73:c3:95:da:c0:58:5e:e2:1f:e7:87:f0:6c:ae:2f:1f:5e:41:a8:b3:97:16:43:3f:4c:84:ee:2b:f0:39:59:1d:99:d2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:03.710480000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495003.710480000", + "frame.time_delta": "0.000442000", + "frame.time_delta_displayed": "0.000442000", + "frame.time_relative": "1412.249794000", + "frame.number": "4909", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009635", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000774a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "63555", + "tcp.ack": "13515", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004377", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:d8:9a:a7:a0:5e:7b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2545818, TSecr 2812305019": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2545818", + "tcp.options.timestamp.tsecr": "2812305019" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4908", + "tcp.analysis.ack_rtt": "0.000442000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:03.710721000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495003.710721000", + "frame.time_delta": "0.000241000", + "frame.time_delta_displayed": "0.000241000", + "frame.time_relative": "1412.250035000", + "frame.number": "4910", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d2f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003821", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "13515", + "tcp.nxtseq": "13562", + "tcp.ack": "63555", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007ee6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:5e:7c:00:26:d8:93", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812305020, TSecr 2545811": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812305020", + "tcp.options.timestamp.tsecr": "2545811" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:97:21:ac:88:4e:f0:67:d9:0c:d7:f8:38:e7:19:52:64:d9:12:fa:90:b3:5b:6d:7a:45:17:97:16:09:4e:65:7c:af:18:2d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:03.711148000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495003.711148000", + "frame.time_delta": "0.000427000", + "frame.time_delta_displayed": "0.000427000", + "frame.time_relative": "1412.250462000", + "frame.number": "4911", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009636", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007749", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "63555", + "tcp.ack": "13562", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004347", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:d8:9a:a7:a0:5e:7c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2545818, TSecr 2812305020": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2545818", + "tcp.options.timestamp.tsecr": "2812305020" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4910", + "tcp.analysis.ack_rtt": "0.000427000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:04.482858000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495004.482858000", + "frame.time_delta": "0.771710000", + "frame.time_delta_displayed": "0.771710000", + "frame.time_relative": "1413.022172000", + "frame.number": "4912", + "frame.len": "94", + "frame.cap_len": "94", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "80", + "ip.id": "0x00005810", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a659", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "40", + "tcp.seq": "4958", + "tcp.nxtseq": "4998", + "tcp.ack": "505", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000071d0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "40", + "tcp.analysis.push_bytes_sent": "40" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "35", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:e9:fd:4d:45:47:ee:a0:69:2c:d4:68:68:9c:69:8c:fb:b5:b6:ab:da:82:d5:ab:21:1c:18:ae:00" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:04.626477000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495004.626477000", + "frame.time_delta": "0.143619000", + "frame.time_delta_displayed": "0.143619000", + "frame.time_relative": "1413.165791000", + "frame.number": "4913", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00000ff9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd74", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "36", + "tcp.seq": "505", + "tcp.nxtseq": "541", + "tcp.ack": "4998", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000046cc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4912", + "tcp.analysis.ack_rtt": "0.143619000", + "tcp.analysis.bytes_in_flight": "36", + "tcp.analysis.push_bytes_sent": "36" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "31", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:6e:9c:16:0e:9c:54:78:26:de:db:05:aa:7f:eb:c9:83:10:8e:f6:a7:cf:7e:1f:07" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:04.626998000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495004.626998000", + "frame.time_delta": "0.000521000", + "frame.time_delta_displayed": "0.000521000", + "frame.time_relative": "1413.166312000", + "frame.number": "4914", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005811", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a680", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "4998", + "tcp.ack": "541", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f11d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "4913", + "tcp.analysis.ack_rtt": "0.000521000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:06.621934000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495006.621934000", + "frame.time_delta": "1.994936000", + "frame.time_delta_displayed": "1.994936000", + "frame.time_relative": "1415.161248000", + "frame.number": "4915", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005d96", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005a53", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:09.128415000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495009.128415000", + "frame.time_delta": "2.506481000", + "frame.time_delta_displayed": "2.506481000", + "frame.time_relative": "1417.667729000", + "frame.number": "4916", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000cace", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00000e8b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:22.650463000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495022.650463000", + "frame.time_delta": "13.522048000", + "frame.time_delta_displayed": "13.522048000", + "frame.time_relative": "1431.189777000", + "frame.number": "4917", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f57", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b899", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001874", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000281", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=641", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:22.650872000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495022.650872000", + "frame.time_delta": "0.000409000", + "frame.time_delta_displayed": "0.000409000", + "frame.time_relative": "1431.190186000", + "frame.number": "4918", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f58", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009994", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f96f", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000281", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=641", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:22.651488000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495022.651488000", + "frame.time_delta": "0.000616000", + "frame.time_delta_displayed": "0.000616000", + "frame.time_relative": "1431.190802000", + "frame.number": "4919", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008735", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000281", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=641", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:27.650621000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495027.650621000", + "frame.time_delta": "4.999133000", + "frame.time_delta_displayed": "4.999133000", + "frame.time_relative": "1436.189935000", + "frame.number": "4920", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f59", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b897", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001874", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000281", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=641", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:27.651147000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495027.651147000", + "frame.time_delta": "0.000526000", + "frame.time_delta_displayed": "0.000526000", + "frame.time_relative": "1436.190461000", + "frame.number": "4921", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f5a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009992", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f96f", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000281", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=641", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:27.651769000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495027.651769000", + "frame.time_delta": "0.000622000", + "frame.time_delta_displayed": "0.000622000", + "frame.time_relative": "1436.191083000", + "frame.number": "4922", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008735", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000281", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=641", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:28.852920000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495028.852920000", + "frame.time_delta": "1.201151000", + "frame.time_delta_displayed": "1.201151000", + "frame.time_relative": "1437.392234000", + "frame.number": "4923", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:29.110923000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495029.110923000", + "frame.time_delta": "0.258003000", + "frame.time_delta_displayed": "0.258003000", + "frame.time_relative": "1437.650237000", + "frame.number": "4924", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000d026", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00000933", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:32.650909000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495032.650909000", + "frame.time_delta": "3.539986000", + "frame.time_delta_displayed": "3.539986000", + "frame.time_relative": "1441.190223000", + "frame.number": "4925", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f5b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b895", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001874", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000281", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=641", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:32.651427000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495032.651427000", + "frame.time_delta": "0.000518000", + "frame.time_delta_displayed": "0.000518000", + "frame.time_relative": "1441.190741000", + "frame.number": "4926", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f5c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009990", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f96f", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000281", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=641", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:32.652059000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495032.652059000", + "frame.time_delta": "0.000632000", + "frame.time_delta_displayed": "0.000632000", + "frame.time_relative": "1441.191373000", + "frame.number": "4927", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008735", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000281", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=641", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:34.659291000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495034.659291000", + "frame.time_delta": "2.007232000", + "frame.time_delta_displayed": "2.007232000", + "frame.time_relative": "1443.198605000", + "frame.number": "4928", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005812", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a67f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "4997", + "tcp.ack": "541", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f11e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:34.739212000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495034.739212000", + "frame.time_delta": "0.079921000", + "frame.time_delta_displayed": "0.079921000", + "frame.time_relative": "1443.278526000", + "frame.number": "4929", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009637", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007717", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "63555", + "tcp.nxtseq": "63604", + "tcp.ack": "13562", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007dd5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:e4:b9:a7:a0:5e:7c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2548921, TSecr 2812305020": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2548921", + "tcp.options.timestamp.tsecr": "2812305020" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:e1:d0:cf:8d:2a:b2:70:06:c4:b6:1b:7e:55:cd:15:c7:60:ea:48:75:48:11:68:7f:95:f6:96:14:49:b0:cc:a3:e5:0b:a8:bc:f5" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:34.800467000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495034.800467000", + "frame.time_delta": "0.061255000", + "frame.time_delta_displayed": "0.061255000", + "frame.time_relative": "1443.339781000", + "frame.number": "4930", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002d30", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003818", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "13562", + "tcp.nxtseq": "13617", + "tcp.ack": "63604", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f482", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:7c:d8:00:26:e4:b9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812312792, TSecr 2548921": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812312792", + "tcp.options.timestamp.tsecr": "2548921" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4929", + "tcp.analysis.ack_rtt": "0.061255000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:98:b3:fc:91:24:2f:69:c7:f7:04:9e:84:e8:3f:30:77:97:39:34:a8:03:6b:18:9c:4b:81:3c:0f:46:3a:78:6b:9f:f6:25:23:db:59:b2:00:d0:f5:89" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:34.800971000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495034.800971000", + "frame.time_delta": "0.000504000", + "frame.time_delta_displayed": "0.000504000", + "frame.time_relative": "1443.340285000", + "frame.number": "4931", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009638", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007747", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "63604", + "tcp.ack": "13617", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000185e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:e4:bf:a7:a0:7c:d8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2548927, TSecr 2812312792": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2548927", + "tcp.options.timestamp.tsecr": "2812312792" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4930", + "tcp.analysis.ack_rtt": "0.000504000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:34.802371000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495034.802371000", + "frame.time_delta": "0.001400000", + "frame.time_delta_displayed": "0.001400000", + "frame.time_relative": "1443.341685000", + "frame.number": "4932", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000ffa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd97", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "541", + "tcp.ack": "4998", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fb93", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:36.631831000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495036.631831000", + "frame.time_delta": "1.829460000", + "frame.time_delta_displayed": "1.829460000", + "frame.time_relative": "1445.171145000", + "frame.number": "4933", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005da5", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005a44", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:37.243462000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495037.243462000", + "frame.time_delta": "0.611631000", + "frame.time_delta_displayed": "0.611631000", + "frame.time_relative": "1445.782776000", + "frame.number": "4934", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000d1e6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000007a8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:37.254446000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495037.254446000", + "frame.time_delta": "0.010984000", + "frame.time_delta_displayed": "0.010984000", + "frame.time_relative": "1445.793760000", + "frame.number": "4935", + "frame.len": "211", + "frame.cap_len": "211", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "197", + "ip.id": "0x000086d6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000051bb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "177", + "udp.checksum": "0x00009320", + "udp.checksum.status": "2", + "udp.stream": "45" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "4", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { + "dns.resp.name": "_smartthings._tcp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "19", + "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { + "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "4500", + "dns.resp.len": "38", + "dns.txt.length": "6", + "dns.txt": "path=\/", + "dns.txt.length": "19", + "dns.txt": "id=D052A8A1D7EE0001", + "dns.txt.length": "10", + "dns.txt": "type=hubv2" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { + "dns.srv.service": "D052A8A1D7EE0001", + "dns.srv.proto": "_smartthings", + "dns.srv.name": "_tcp.local", + "dns.resp.type": "33", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "25", + "dns.srv.priority": "0", + "dns.srv.weight": "0", + "dns.srv.port": "8081", + "dns.srv.target": "D052A8A1D7EE0001.local" + }, + "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { + "dns.resp.name": "D052A8A1D7EE0001.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "4", + "dns.a": "192.168.0.242" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:37.464985000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495037.464985000", + "frame.time_delta": "0.210539000", + "frame.time_delta_displayed": "0.210539000", + "frame.time_relative": "1446.004299000", + "frame.number": "4936", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000d1ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000007a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:37.693891000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495037.693891000", + "frame.time_delta": "0.228906000", + "frame.time_delta_displayed": "0.228906000", + "frame.time_relative": "1446.233205000", + "frame.number": "4937", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000d217", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00000777", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:39.810229000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495039.810229000", + "frame.time_delta": "2.116338000", + "frame.time_delta_displayed": "2.116338000", + "frame.time_relative": "1448.349543000", + "frame.number": "4938", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:39.810703000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495039.810703000", + "frame.time_delta": "0.000474000", + "frame.time_delta_displayed": "0.000474000", + "frame.time_relative": "1448.350017000", + "frame.number": "4939", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:39.810888000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495039.810888000", + "frame.time_delta": "0.000185000", + "frame.time_delta_displayed": "0.000185000", + "frame.time_relative": "1448.350202000", + "frame.number": "4940", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:39.810900000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495039.810900000", + "frame.time_delta": "0.000012000", + "frame.time_delta_displayed": "0.000012000", + "frame.time_relative": "1448.350214000", + "frame.number": "4941", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:40.203183000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495040.203183000", + "frame.time_delta": "0.392283000", + "frame.time_delta_displayed": "0.392283000", + "frame.time_relative": "1448.742497000", + "frame.number": "4942", + "frame.len": "134", + "frame.cap_len": "134", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:adwin_config" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "120", + "ip.id": "0x00000b7c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed10", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "100", + "udp.checksum": "0x00005267", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "adwin_config": { + "adwin_config.pattern": "0x5c000054", + "adwin_config.version": "1112689490", + "adwin_config.scan_id": "0xd073d502", + "adwin_config.status": "0x41da0000", + "adwin_config.timeout": "1279870552", + "adwin_config.filename": "V2", + "adwin_config.mac": "02:d3:af:c3:9f:42", + "adwin_config.unused": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:42.493618000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495042.493618000", + "frame.time_delta": "2.290435000", + "frame.time_delta_displayed": "2.290435000", + "frame.time_relative": "1451.032932000", + "frame.number": "4943", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00001095", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000b8c2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:42.546439000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495042.546439000", + "frame.time_delta": "0.052821000", + "frame.time_delta_displayed": "0.052821000", + "frame.time_relative": "1451.085753000", + "frame.number": "4944", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000109a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000b8bd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:42.599354000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495042.599354000", + "frame.time_delta": "0.052915000", + "frame.time_delta_displayed": "0.052915000", + "frame.time_relative": "1451.138668000", + "frame.number": "4945", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000109b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000b8b3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:42.652464000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495042.652464000", + "frame.time_delta": "0.053110000", + "frame.time_delta_displayed": "0.053110000", + "frame.time_relative": "1451.191778000", + "frame.number": "4946", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x000010a0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000b8ae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:42.705402000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495042.705402000", + "frame.time_delta": "0.052938000", + "frame.time_delta_displayed": "0.052938000", + "frame.time_relative": "1451.244716000", + "frame.number": "4947", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x000010a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000b8b3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:42.757833000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495042.757833000", + "frame.time_delta": "0.052431000", + "frame.time_delta_displayed": "0.052431000", + "frame.time_relative": "1451.297147000", + "frame.number": "4948", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x000010a4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000b8b0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:43.857050000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495043.857050000", + "frame.time_delta": "1.099217000", + "frame.time_delta_displayed": "1.099217000", + "frame.time_relative": "1452.396364000", + "frame.number": "4949", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:44.109041000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495044.109041000", + "frame.time_delta": "0.251991000", + "frame.time_delta_displayed": "0.251991000", + "frame.time_relative": "1452.648355000", + "frame.number": "4950", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:44.133070000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495044.133070000", + "frame.time_delta": "0.024029000", + "frame.time_delta_displayed": "0.024029000", + "frame.time_relative": "1452.672384000", + "frame.number": "4951", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:44.163409000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495044.163409000", + "frame.time_delta": "0.030339000", + "frame.time_delta_displayed": "0.030339000", + "frame.time_relative": "1452.702723000", + "frame.number": "4952", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:44.439306000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495044.439306000", + "frame.time_delta": "0.275897000", + "frame.time_delta_displayed": "0.275897000", + "frame.time_relative": "1452.978620000", + "frame.number": "4953", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:49.079778000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495049.079778000", + "frame.time_delta": "4.640472000", + "frame.time_delta_displayed": "4.640472000", + "frame.time_relative": "1457.619092000", + "frame.number": "4954", + "frame.len": "146", + "frame.cap_len": "146", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "132", + "ip.id": "0x00002d31", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037fe", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "80", + "tcp.seq": "13617", + "tcp.nxtseq": "13697", + "tcp.ack": "63604", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006325", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:8a:ca:00:26:e4:bf", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812316362, TSecr 2548927": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812316362", + "tcp.options.timestamp.tsecr": "2548927" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "80", + "tcp.analysis.push_bytes_sent": "80" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "75", + "ssl.app_data": "34:cd:34:17:47:48:0e:99:84:00:23:e4:52:68:d0:2e:56:75:d6:47:41:b3:69:54:b3:5a:43:63:56:8b:8c:8b:1f:69:41:f8:a4:d9:1d:b3:47:79:32:01:0f:30:2c:ac:f1:78:c4:be:80:39:7c:da:6e:a0:be:d0:b4:26:28:1a:58:1a:f4:dc:f6:f6:ea:6f:45:c6:95" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:49.080255000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495049.080255000", + "frame.time_delta": "0.000477000", + "frame.time_delta_displayed": "0.000477000", + "frame.time_relative": "1457.619569000", + "frame.number": "4955", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009639", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007746", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "63604", + "tcp.ack": "13697", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000488", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:ea:53:a7:a0:8a:ca", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2550355, TSecr 2812316362": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2550355", + "tcp.options.timestamp.tsecr": "2812316362" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4954", + "tcp.analysis.ack_rtt": "0.000477000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:49.085946000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495049.085946000", + "frame.time_delta": "0.005691000", + "frame.time_delta_displayed": "0.005691000", + "frame.time_relative": "1457.625260000", + "frame.number": "4956", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x0000963a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007716", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "63604", + "tcp.nxtseq": "63651", + "tcp.ack": "13697", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005e9c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:ea:53:a7:a0:8a:ca", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2550355, TSecr 2812316362": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2550355", + "tcp.options.timestamp.tsecr": "2812316362" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:e2:23:7b:62:b9:fd:03:5f:45:99:da:f9:cd:40:ff:ac:da:06:ad:05:eb:de:1d:12:5c:63:d9:11:30:a5:a5:3f:ec:d8:15" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:49.141741000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495049.141741000", + "frame.time_delta": "0.055795000", + "frame.time_delta_displayed": "0.055795000", + "frame.time_relative": "1457.681055000", + "frame.number": "4957", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000d710", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00000249", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:49.168769000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495049.168769000", + "frame.time_delta": "0.027028000", + "frame.time_delta_displayed": "0.027028000", + "frame.time_relative": "1457.708083000", + "frame.number": "4958", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:49.186294000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495049.186294000", + "frame.time_delta": "0.017525000", + "frame.time_delta_displayed": "0.017525000", + "frame.time_relative": "1457.725608000", + "frame.number": "4959", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d32", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000384d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "13697", + "tcp.ack": "63651", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000052d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:8a:e5:00:26:ea:53", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812316389, TSecr 2550355": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812316389", + "tcp.options.timestamp.tsecr": "2550355" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4956", + "tcp.analysis.ack_rtt": "0.100348000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:51.080900000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495051.080900000", + "frame.time_delta": "1.894606000", + "frame.time_delta_displayed": "1.894606000", + "frame.time_relative": "1459.620214000", + "frame.number": "4960", + "frame.len": "146", + "frame.cap_len": "146", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "132", + "ip.id": "0x00002d33", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037fc", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "80", + "tcp.seq": "13697", + "tcp.nxtseq": "13777", + "tcp.ack": "63651", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e0c3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:8c:be:00:26:ea:53", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812316862, TSecr 2550355": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812316862", + "tcp.options.timestamp.tsecr": "2550355" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "80", + "tcp.analysis.push_bytes_sent": "80" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "75", + "ssl.app_data": "34:cd:34:17:47:48:0e:9a:64:f1:7c:c7:d8:67:96:80:09:bd:f4:46:af:67:a2:36:c7:95:10:7b:90:e2:1e:17:2e:dc:ca:d9:42:cb:0b:34:07:ed:d0:82:e5:a7:c1:eb:6d:71:a6:18:cb:f8:77:e8:2b:82:2e:83:d8:23:00:98:6a:fe:d7:f9:9c:b9:9b:93:27:7d:5a" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:51.085903000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495051.085903000", + "frame.time_delta": "0.005003000", + "frame.time_delta_displayed": "0.005003000", + "frame.time_relative": "1459.625217000", + "frame.number": "4961", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x0000963b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007715", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "63651", + "tcp.nxtseq": "63698", + "tcp.ack": "13777", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002b41", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:eb:1b:a7:a0:8c:be", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2550555, TSecr 2812316862": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2550555", + "tcp.options.timestamp.tsecr": "2812316862" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4960", + "tcp.analysis.ack_rtt": "0.005003000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:e3:cb:27:e6:ea:15:a0:3b:14:a0:65:d6:ac:a0:c2:d9:b4:af:5a:11:4d:2d:fa:c7:b6:df:18:22:28:4f:65:fd:8f:bb:12" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:51.146106000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495051.146106000", + "frame.time_delta": "0.060203000", + "frame.time_delta_displayed": "0.060203000", + "frame.time_relative": "1459.685420000", + "frame.number": "4962", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d34", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000384b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "13777", + "tcp.ack": "63698", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000001fd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:8c:ce:00:26:eb:1b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812316878, TSecr 2550555": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812316878", + "tcp.options.timestamp.tsecr": "2550555" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4961", + "tcp.analysis.ack_rtt": "0.060203000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:52.132874000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495052.132874000", + "frame.time_delta": "0.986768000", + "frame.time_delta_displayed": "0.986768000", + "frame.time_relative": "1460.672188000", + "frame.number": "4963", + "frame.len": "122", + "frame.cap_len": "122", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "108", + "ip.id": "0x0000963c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000770b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "56", + "tcp.seq": "63698", + "tcp.nxtseq": "63754", + "tcp.ack": "13777", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006127", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:eb:84:a7:a0:8c:ce", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2550660, TSecr 2812316878": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2550660", + "tcp.options.timestamp.tsecr": "2812316878" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "56", + "tcp.analysis.push_bytes_sent": "56" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "51", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:e4:74:fa:ce:63:be:ac:58:56:b4:65:53:b7:ae:c0:8c:fe:1a:07:2c:9b:06:2c:50:82:bf:c8:17:c3:ad:fa:4f:5a:60:bd:16:47:59:8b:44:4d:a5:65:52" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:52.193133000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495052.193133000", + "frame.time_delta": "0.060259000", + "frame.time_delta_displayed": "0.060259000", + "frame.time_relative": "1460.732447000", + "frame.number": "4964", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d35", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000384a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "13777", + "tcp.ack": "63754", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000056", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:8d:d4:00:26:eb:84", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812317140, TSecr 2550660": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812317140", + "tcp.options.timestamp.tsecr": "2550660" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4963", + "tcp.analysis.ack_rtt": "0.060259000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:52.193580000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495052.193580000", + "frame.time_delta": "0.000447000", + "frame.time_delta_displayed": "0.000447000", + "frame.time_relative": "1460.732894000", + "frame.number": "4965", + "frame.len": "415", + "frame.cap_len": "415", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "401", + "ip.id": "0x0000963d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075e5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "349", + "tcp.seq": "63754", + "tcp.nxtseq": "64103", + "tcp.ack": "13777", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005ef6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:eb:8a:a7:a0:8d:d4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2550666, TSecr 2812317140": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2550666", + "tcp.options.timestamp.tsecr": "2812317140" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "349", + "tcp.analysis.push_bytes_sent": "349" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "344", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:e5:b6:34:a6:2e:b9:9b:26:6a:80:c9:95:f0:0d:fb:3f:be:b0:d1:05:6c:f1:b5:7f:d1:c8:61:e5:20:60:94:88:57:31:b8:ba:6a:7a:31:38:08:18:c0:29:eb:79:ab:97:b0:b9:98:fa:7b:9f:9c:38:d6:85:0b:0a:6d:b6:a8:ff:af:7f:35:76:37:4d:af:54:dc:2a:f1:72:f9:0e:3c:71:85:b8:9a:66:4f:5b:c6:19:d0:ec:f0:71:64:9f:e3:0e:8d:52:9c:ea:a2:4e:a2:e5:3c:7d:49:87:cf:26:22:a3:8b:ac:39:20:a5:74:5e:15:a5:02:6d:a5:54:88:33:4f:32:3d:ab:52:a8:40:67:0b:98:f6:19:95:c3:fb:4e:bf:3a:52:35:08:7c:d1:22:2e:31:40:a5:e0:4a:01:ea:8d:b9:1f:8c:35:a0:70:93:b0:25:5c:85:a2:d5:30:3a:50:95:d0:b8:04:9d:c8:78:4d:26:1f:02:d2:3d:67:f6:90:60:24:23:00:07:a2:ad:d9:11:ad:a5:25:da:d4:3c:3a:97:3d:8d:46:5d:e2:b2:de:07:6e:9f:ce:26:58:69:0d:dd:c0:8a:fa:b8:4a:62:b4:75:c4:3c:d2:cc:68:8a:f8:8d:33:31:7c:7c:33:fc:8f:8c:6d:9a:5d:1a:00:8d:5d:4a:91:f5:a2:b5:27:86:4e:a7:4d:94:d9:a5:07:17:cf:6a:2a:07:28:b1:86:8a:1c:0e:ad:9f:8f:cc:19:66:ee:b7:63:dd:73:04:ec:cb:90:82:5c:4f:bf:9b:59:05:1a:7d:36:0e:31:9e:0d:b9:d7:41:ac:c2:65:52:cc:02:97:28:3d:bf:27:50:72:b4:53:8d:4f:1b:73:d5:b4:8d:77:40" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:52.195295000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495052.195295000", + "frame.time_delta": "0.001715000", + "frame.time_delta_displayed": "0.001715000", + "frame.time_relative": "1460.734609000", + "frame.number": "4966", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d36", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000381a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "13777", + "tcp.nxtseq": "13824", + "tcp.ack": "63754", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000702c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:8d:d5:00:26:eb:84", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812317141, TSecr 2550660": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812317141", + "tcp.options.timestamp.tsecr": "2550660" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:9b:06:b4:af:6b:28:b4:13:3b:19:d4:43:50:06:72:d6:c1:eb:ac:72:81:7a:24:34:a7:29:6d:08:fb:c8:3a:6a:54:91:2b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:52.227919000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495052.227919000", + "frame.time_delta": "0.032624000", + "frame.time_delta_displayed": "0.032624000", + "frame.time_relative": "1460.767233000", + "frame.number": "4967", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000963e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007741", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "64103", + "tcp.ack": "13824", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fdcf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:eb:8e:a7:a0:8d:d5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2550670, TSecr 2812317141": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2550670", + "tcp.options.timestamp.tsecr": "2812317141" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4966", + "tcp.analysis.ack_rtt": "0.032624000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:52.254467000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495052.254467000", + "frame.time_delta": "0.026548000", + "frame.time_delta_displayed": "0.026548000", + "frame.time_relative": "1460.793781000", + "frame.number": "4968", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d37", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003819", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "13824", + "tcp.nxtseq": "13871", + "tcp.ack": "64103", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006fe4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:8d:e4:00:26:eb:8a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812317156, TSecr 2550666": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812317156", + "tcp.options.timestamp.tsecr": "2550666" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4965", + "tcp.analysis.ack_rtt": "0.060887000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:9c:de:66:38:9d:b0:19:41:30:8e:37:74:bd:59:be:bb:23:9e:de:83:e2:a9:19:2c:ae:c2:83:75:ca:88:68:31:b5:cb:67" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:52.254896000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495052.254896000", + "frame.time_delta": "0.000429000", + "frame.time_delta_displayed": "0.000429000", + "frame.time_relative": "1460.794210000", + "frame.number": "4969", + "frame.len": "122", + "frame.cap_len": "122", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "108", + "ip.id": "0x0000963f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007708", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "56", + "tcp.seq": "64103", + "tcp.nxtseq": "64159", + "tcp.ack": "13871", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000db41", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:eb:90:a7:a0:8d:e4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2550672, TSecr 2812317156": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2550672", + "tcp.options.timestamp.tsecr": "2812317156" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4968", + "tcp.analysis.ack_rtt": "0.000429000", + "tcp.analysis.bytes_in_flight": "56", + "tcp.analysis.push_bytes_sent": "56" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "51", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:e6:cd:51:4a:7d:ec:e4:56:49:2c:d3:0d:34:cd:b9:82:06:ab:54:e5:52:bb:e8:b1:b2:7a:31:fa:0d:5b:83:c0:26:d7:03:ca:15:59:2b:7f:a6:57:55:a9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:52.316254000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495052.316254000", + "frame.time_delta": "0.061358000", + "frame.time_delta_displayed": "0.061358000", + "frame.time_relative": "1460.855568000", + "frame.number": "4970", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d38", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003818", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "13871", + "tcp.nxtseq": "13918", + "tcp.ack": "64159", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000064d5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:8d:f3:00:26:eb:90", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812317171, TSecr 2550672": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812317171", + "tcp.options.timestamp.tsecr": "2550672" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4969", + "tcp.analysis.ack_rtt": "0.061358000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:9d:be:a0:bf:cf:77:1a:9c:66:bd:4a:31:cc:da:5e:f8:58:69:c0:e8:98:8f:80:29:bf:7d:37:16:a8:e9:91:f5:85:97:3a" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:52.347975000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495052.347975000", + "frame.time_delta": "0.031721000", + "frame.time_delta_displayed": "0.031721000", + "frame.time_relative": "1460.887289000", + "frame.number": "4971", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009640", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000773f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "64159", + "tcp.ack": "13918", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fd0f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:eb:9a:a7:a0:8d:f3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2550682, TSecr 2812317171": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2550682", + "tcp.options.timestamp.tsecr": "2812317171" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4970", + "tcp.analysis.ack_rtt": "0.031721000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:53.049148000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495053.049148000", + "frame.time_delta": "0.701173000", + "frame.time_delta_displayed": "0.701173000", + "frame.time_relative": "1461.588462000", + "frame.number": "4972", + "frame.len": "415", + "frame.cap_len": "415", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "401", + "ip.id": "0x00009641", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075e1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "349", + "tcp.seq": "64159", + "tcp.nxtseq": "64508", + "tcp.ack": "13918", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f3e2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:eb:e0:a7:a0:8d:f3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2550752, TSecr 2812317171": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2550752", + "tcp.options.timestamp.tsecr": "2812317171" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "349", + "tcp.analysis.push_bytes_sent": "349" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "344", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:e7:7a:85:0e:6d:c7:ed:fd:b0:4b:20:60:24:c3:9a:78:79:52:6e:29:53:5b:55:50:30:03:1a:f4:c9:5d:7a:4f:6d:c3:14:f9:4c:52:64:2e:3a:3f:a4:fa:9f:a4:2d:b6:2c:46:18:44:3a:9b:e9:9e:ed:1b:e3:0d:6d:73:f2:1f:25:1e:58:2f:cc:98:ed:d6:92:e7:e5:2c:4a:8b:ef:3a:87:8c:47:cc:9f:2f:f4:10:03:20:07:3d:05:f8:ee:b2:c4:6e:9a:0d:62:b1:dc:72:a2:fe:e1:42:8b:3c:28:1d:09:ab:c9:02:e2:14:17:19:00:77:c1:ae:05:85:f2:66:14:a3:be:58:39:b8:fd:c3:d9:a4:9f:f8:ea:75:6a:53:29:66:c4:c0:5e:23:50:db:dd:cb:f4:3e:76:71:b1:86:32:f0:cc:07:c7:79:6e:23:8c:2b:81:e7:f3:56:c8:cd:09:e5:45:fe:5d:19:70:14:25:15:d4:bc:a2:c5:fa:7b:91:c6:54:c0:ed:39:3c:86:b2:1a:d2:3c:75:f8:b7:69:78:b9:4c:74:da:ab:d8:01:09:8b:6f:87:14:c6:b1:52:33:ef:e4:fd:4e:ae:36:97:9d:de:4f:a9:38:f0:6c:71:c5:8a:47:ed:fd:4b:e8:70:af:21:ee:af:6a:12:47:3c:87:c3:07:fc:3c:49:36:91:71:3a:6b:52:69:d3:79:b3:9e:82:26:95:73:f6:b1:a7:60:8a:41:9a:08:48:59:34:b6:db:6d:79:d1:95:ce:38:a6:43:6b:76:22:2e:c4:58:76:47:bb:e2:3a:77:17:34:4a:3e:1c:b7:37:18:de:73:ed:1a:36:5b:cc:c4:7c:94:6d:7d:aa:97:f0:1e:4b:72:06" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:53.082700000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495053.082700000", + "frame.time_delta": "0.033552000", + "frame.time_delta_displayed": "0.033552000", + "frame.time_relative": "1461.622014000", + "frame.number": "4973", + "frame.len": "146", + "frame.cap_len": "146", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "132", + "ip.id": "0x00002d39", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037f6", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "80", + "tcp.seq": "13918", + "tcp.nxtseq": "13998", + "tcp.ack": "64159", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004d6d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:8e:b3:00:26:eb:9a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812317363, TSecr 2550682": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812317363", + "tcp.options.timestamp.tsecr": "2550682" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "80", + "tcp.analysis.push_bytes_sent": "80" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "75", + "ssl.app_data": "34:cd:34:17:47:48:0e:9e:57:f8:85:4b:a9:46:d1:b8:21:bf:37:eb:12:78:5e:4c:94:17:4b:2e:e3:e7:e3:84:7b:e4:1f:72:fa:a2:c8:32:24:4e:f1:f9:6d:e9:37:e0:09:2e:14:77:15:cb:c3:31:79:e3:6e:06:b2:03:9e:7f:6b:1c:fe:17:b1:11:fd:f8:ba:8d:d2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:53.083127000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495053.083127000", + "frame.time_delta": "0.000427000", + "frame.time_delta_displayed": "0.000427000", + "frame.time_relative": "1461.622441000", + "frame.number": "4974", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009642", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000773d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "64508", + "tcp.ack": "13998", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fa59", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:eb:e3:a7:a0:8e:b3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2550755, TSecr 2812317363": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2550755", + "tcp.options.timestamp.tsecr": "2812317363" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4973", + "tcp.analysis.ack_rtt": "0.000427000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:53.110074000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495053.110074000", + "frame.time_delta": "0.026947000", + "frame.time_delta_displayed": "0.026947000", + "frame.time_relative": "1461.649388000", + "frame.number": "4975", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d3a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003816", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "13998", + "tcp.nxtseq": "14045", + "tcp.ack": "64508", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fbc5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:8e:b9:00:26:eb:e0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812317369, TSecr 2550752": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812317369", + "tcp.options.timestamp.tsecr": "2550752" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4972", + "tcp.analysis.ack_rtt": "0.060926000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:9f:de:67:6d:6b:ab:7c:56:e0:d2:6b:00:ba:72:17:0f:3f:fe:c4:43:56:62:ba:52:f2:48:c5:71:a1:04:7a:7a:36:b3:63" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:53.110274000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495053.110274000", + "frame.time_delta": "0.000200000", + "frame.time_delta_displayed": "0.000200000", + "frame.time_relative": "1461.649588000", + "frame.number": "4976", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00009643", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000770d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "64508", + "tcp.nxtseq": "64555", + "tcp.ack": "14045", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000041b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:eb:e6:a7:a0:8e:b9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2550758, TSecr 2812317369": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2550758", + "tcp.options.timestamp.tsecr": "2812317369" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4975", + "tcp.analysis.ack_rtt": "0.000200000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:e8:7a:9f:9e:c1:08:6d:cc:58:22:ae:ef:1b:3b:b8:ac:68:19:c2:b5:6c:14:d5:2a:1a:cb:ea:71:de:6a:44:7c:62:fa:2f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:53.210329000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495053.210329000", + "frame.time_delta": "0.100055000", + "frame.time_delta_displayed": "0.100055000", + "frame.time_relative": "1461.749643000", + "frame.number": "4977", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d3b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003844", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "14045", + "tcp.ack": "64555", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fac7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:8e:d3:00:26:eb:e6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812317395, TSecr 2550758": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812317395", + "tcp.options.timestamp.tsecr": "2550758" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4976", + "tcp.analysis.ack_rtt": "0.100055000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:53.234460000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495053.234460000", + "frame.time_delta": "0.024131000", + "frame.time_delta_displayed": "0.024131000", + "frame.time_relative": "1461.773774000", + "frame.number": "4978", + "frame.len": "416", + "frame.cap_len": "416", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "402", + "ip.id": "0x00009644", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075dd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "350", + "tcp.seq": "64555", + "tcp.nxtseq": "64905", + "tcp.ack": "14045", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ac00", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:eb:f2:a7:a0:8e:d3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2550770, TSecr 2812317395": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2550770", + "tcp.options.timestamp.tsecr": "2812317395" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "350", + "tcp.analysis.push_bytes_sent": "350" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "345", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:e9:1d:b0:1d:c1:5d:54:44:4e:93:17:91:2c:56:cd:6f:ef:5f:59:f1:11:86:2c:1d:67:05:cd:ba:65:0b:09:d7:79:28:c6:89:4d:25:8b:d4:80:f6:6d:ce:ca:ad:d3:50:81:33:59:2b:9e:f2:d1:94:b8:97:54:09:4b:d8:6d:c9:21:4a:04:81:44:0d:fc:a5:b0:44:dd:b4:f0:f6:f1:e3:2d:11:8e:19:fb:a5:8d:68:29:cb:94:79:ba:f0:43:7f:1c:22:c3:72:0c:2e:5e:09:f1:5c:a9:a1:34:aa:9b:7e:72:1e:b2:64:20:80:ee:9a:6f:85:39:ee:83:b0:df:0e:f3:03:b1:98:27:99:c7:93:eb:8c:98:a1:3e:42:e7:85:b8:6a:d3:40:7c:38:39:cf:5c:72:b1:19:88:e1:97:14:1a:48:c7:8c:bf:01:44:75:aa:7b:bb:bd:d9:a3:79:74:79:b7:8d:26:68:95:eb:20:54:62:d6:d0:9b:a0:57:6c:91:81:c6:95:54:ae:e9:69:84:07:1d:d9:dc:ea:09:b9:3b:3e:e5:35:b1:8b:34:d6:59:f8:f8:54:cc:97:f4:e3:86:eb:21:cb:b6:3f:bb:c8:ba:85:7d:77:5c:35:53:b9:45:16:47:1a:9a:ea:5f:e0:21:f6:a4:4d:7e:15:11:70:a2:b5:54:8d:e9:2f:ca:c2:9f:29:26:f8:82:80:d4:df:73:64:cc:56:f3:d8:82:58:0b:46:ff:41:06:ea:30:27:ca:4f:c7:5f:8b:b3:12:56:f2:8f:1a:1a:dc:1a:8d:cf:5f:03:1d:61:cd:87:01:4b:8e:12:9a:9e:56:6b:2e:49:06:85:bf:9b:26:47:aa:4d:91:68:1a:ac:9b:76:de:d4:66:de" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:53.294715000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495053.294715000", + "frame.time_delta": "0.060255000", + "frame.time_delta_displayed": "0.060255000", + "frame.time_relative": "1461.834029000", + "frame.number": "4979", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d3c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003843", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "14045", + "tcp.ack": "64905", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f948", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:8e:e8:00:26:eb:f2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812317416, TSecr 2550770": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812317416", + "tcp.options.timestamp.tsecr": "2550770" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4978", + "tcp.analysis.ack_rtt": "0.060255000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:53.295213000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495053.295213000", + "frame.time_delta": "0.000498000", + "frame.time_delta_displayed": "0.000498000", + "frame.time_relative": "1461.834527000", + "frame.number": "4980", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d3d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003813", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "14045", + "tcp.nxtseq": "14092", + "tcp.ack": "64905", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a26c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:8e:e8:00:26:eb:f2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812317416, TSecr 2550770": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812317416", + "tcp.options.timestamp.tsecr": "2550770" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:a0:48:e3:b2:a0:7d:23:82:79:cf:2f:78:13:1b:c8:f4:de:5f:d8:fa:ba:84:f6:86:4a:a0:07:8c:be:13:dc:a7:80:42:43" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:53.337913000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495053.337913000", + "frame.time_delta": "0.042700000", + "frame.time_delta_displayed": "0.042700000", + "frame.time_relative": "1461.877227000", + "frame.number": "4981", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009645", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000773a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "64905", + "tcp.ack": "14092", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f81f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:eb:fd:a7:a0:8e:e8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2550781, TSecr 2812317416": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2550781", + "tcp.options.timestamp.tsecr": "2812317416" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4980", + "tcp.analysis.ack_rtt": "0.042700000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:54.146372000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495054.146372000", + "frame.time_delta": "0.808459000", + "frame.time_delta_displayed": "0.808459000", + "frame.time_relative": "1462.685686000", + "frame.number": "4982", + "frame.len": "134", + "frame.cap_len": "134", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "120", + "ip.id": "0x00009646", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076f5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "68", + "tcp.seq": "64905", + "tcp.nxtseq": "64973", + "tcp.ack": "14092", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000042fc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:ec:4d:a7:a0:8e:e8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2550861, TSecr 2812317416": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2550861", + "tcp.options.timestamp.tsecr": "2812317416" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "68", + "tcp.analysis.push_bytes_sent": "68" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "63", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:ea:af:6a:1c:34:3f:d2:3a:f5:b8:a9:a6:2a:06:cd:ac:e3:64:e1:9f:b7:13:2f:99:72:7a:d8:d8:d8:50:45:56:90:c6:c8:95:39:f1:25:1e:4f:8e:ef:c7:a7:a2:77:93:86:de:d4:9b:b8:76:6d:79" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:54.207429000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495054.207429000", + "frame.time_delta": "0.061057000", + "frame.time_delta_displayed": "0.061057000", + "frame.time_relative": "1462.746743000", + "frame.number": "4983", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d3e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003812", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "14092", + "tcp.nxtseq": "14139", + "tcp.ack": "64973", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ea77", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:8f:cc:00:26:ec:4d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812317644, TSecr 2550861": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812317644", + "tcp.options.timestamp.tsecr": "2550861" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4982", + "tcp.analysis.ack_rtt": "0.061057000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:a1:3e:9d:12:c3:7c:75:04:28:ff:2a:c3:f1:5b:e6:0e:84:00:29:b4:b1:46:f0:7f:30:ff:a2:06:56:86:aa:42:1a:dc:bc" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:54.207880000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495054.207880000", + "frame.time_delta": "0.000451000", + "frame.time_delta_displayed": "0.000451000", + "frame.time_relative": "1462.747194000", + "frame.number": "4984", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009647", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007738", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "64973", + "tcp.ack": "14139", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f671", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:ec:54:a7:a0:8f:cc", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2550868, TSecr 2812317644": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2550868", + "tcp.options.timestamp.tsecr": "2812317644" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4983", + "tcp.analysis.ack_rtt": "0.000451000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:55.083855000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495055.083855000", + "frame.time_delta": "0.875975000", + "frame.time_delta_displayed": "0.875975000", + "frame.time_relative": "1463.623169000", + "frame.number": "4985", + "frame.len": "172", + "frame.cap_len": "172", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "158", + "ip.id": "0x00002d3f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037d6", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "106", + "tcp.seq": "14139", + "tcp.nxtseq": "14245", + "tcp.ack": "64973", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a0ae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:90:a7:00:26:ec:54", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812317863, TSecr 2550868": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812317863", + "tcp.options.timestamp.tsecr": "2550868" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "106", + "tcp.analysis.push_bytes_sent": "106" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "101", + "ssl.app_data": "34:cd:34:17:47:48:0e:a2:1d:11:d0:bd:94:86:85:54:3a:32:84:f0:ff:84:6e:95:d7:af:d1:7c:33:91:09:df:f6:84:d0:8e:94:70:59:f9:a2:15:82:f0:b1:80:06:ca:67:9b:85:24:8a:97:84:da:4a:46:05:5e:6e:20:f2:6d:93:ce:8b:0f:8c:9a:81:e5:35:ad:62:f9:57:18:fb:9c:e4:d1:47:ae:3c:c5:72:83:b2:6d:a8:91:db:ac:46:e7:6d:f6:6d:42:fb" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:55.084337000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495055.084337000", + "frame.time_delta": "0.000482000", + "frame.time_delta_displayed": "0.000482000", + "frame.time_relative": "1463.623651000", + "frame.number": "4986", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009648", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007737", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "64973", + "tcp.ack": "14245", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f4d5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:ec:ab:a7:a0:90:a7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2550955, TSecr 2812317863": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2550955", + "tcp.options.timestamp.tsecr": "2812317863" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4985", + "tcp.analysis.ack_rtt": "0.000482000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:55.091680000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495055.091680000", + "frame.time_delta": "0.007343000", + "frame.time_delta_displayed": "0.007343000", + "frame.time_relative": "1463.630994000", + "frame.number": "4987", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00009649", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007707", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "64973", + "tcp.nxtseq": "65020", + "tcp.ack": "14245", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002247", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:ec:ac:a7:a0:90:a7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2550956, TSecr 2812317863": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2550956", + "tcp.options.timestamp.tsecr": "2812317863" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:eb:7c:5e:16:69:58:2b:ca:80:f8:88:13:4b:3e:05:0d:23:8f:7b:2b:9f:a3:fb:44:e0:63:79:50:63:14:78:f2:9b:ca:8f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:55.190424000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495055.190424000", + "frame.time_delta": "0.098744000", + "frame.time_delta_displayed": "0.098744000", + "frame.time_relative": "1463.729738000", + "frame.number": "4988", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d40", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000383f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "14245", + "tcp.ack": "65020", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f579", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:90:c2:00:26:ec:ac", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812317890, TSecr 2550956": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812317890", + "tcp.options.timestamp.tsecr": "2550956" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4987", + "tcp.analysis.ack_rtt": "0.098744000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:56.148058000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495056.148058000", + "frame.time_delta": "0.957634000", + "frame.time_delta_displayed": "0.957634000", + "frame.time_relative": "1464.687372000", + "frame.number": "4989", + "frame.len": "131", + "frame.cap_len": "131", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "117", + "ip.id": "0x0000964a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076f4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "65", + "tcp.seq": "65020", + "tcp.nxtseq": "65085", + "tcp.ack": "14245", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000080f2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:ed:16:a7:a0:90:c2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2551062, TSecr 2812317890": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2551062", + "tcp.options.timestamp.tsecr": "2812317890" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "65", + "tcp.analysis.push_bytes_sent": "65" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "60", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:ec:46:7e:52:cc:cd:77:18:7e:88:f6:b0:32:7d:15:a6:77:36:57:bc:21:fc:9b:76:53:6d:8e:c7:fa:bf:44:7d:6d:14:57:a7:2e:a9:99:f0:dd:dd:ad:8e:9f:6a:ac:38:e6:b4:ed:f6:0e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:56.208162000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495056.208162000", + "frame.time_delta": "0.060104000", + "frame.time_delta_displayed": "0.060104000", + "frame.time_relative": "1464.747476000", + "frame.number": "4990", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d41", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000383e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "14245", + "tcp.ack": "65085", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f3d0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:91:c0:00:26:ed:16", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812318144, TSecr 2551062": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812318144", + "tcp.options.timestamp.tsecr": "2551062" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4989", + "tcp.analysis.ack_rtt": "0.060104000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:56.209047000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495056.209047000", + "frame.time_delta": "0.000885000", + "frame.time_delta_displayed": "0.000885000", + "frame.time_relative": "1464.748361000", + "frame.number": "4991", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d42", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000380e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "14245", + "tcp.nxtseq": "14292", + "tcp.ack": "65085", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000655b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:91:c0:00:26:ed:16", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812318144, TSecr 2551062": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812318144", + "tcp.options.timestamp.tsecr": "2551062" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:a3:dd:04:3f:b2:ac:20:49:e6:4e:81:25:82:e8:c1:24:63:34:ef:4e:cf:3c:b8:aa:c4:2e:c7:b2:ed:79:ae:7d:60:a4:94" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:56.247771000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495056.247771000", + "frame.time_delta": "0.038724000", + "frame.time_delta_displayed": "0.038724000", + "frame.time_relative": "1464.787085000", + "frame.number": "4992", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000964b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007734", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "65085", + "tcp.ack": "14292", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f2a8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:ed:20:a7:a0:91:c0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2551072, TSecr 2812318144": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2551072", + "tcp.options.timestamp.tsecr": "2812318144" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4991", + "tcp.analysis.ack_rtt": "0.038724000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:57.084072000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495057.084072000", + "frame.time_delta": "0.836301000", + "frame.time_delta_displayed": "0.836301000", + "frame.time_relative": "1465.623386000", + "frame.number": "4993", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x00002d43", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037f5", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "71", + "tcp.seq": "14292", + "tcp.nxtseq": "14363", + "tcp.ack": "65085", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000aaf0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:92:9b:00:26:ed:20", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812318363, TSecr 2551072": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812318363", + "tcp.options.timestamp.tsecr": "2551072" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "71", + "tcp.analysis.push_bytes_sent": "71" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "66", + "ssl.app_data": "34:cd:34:17:47:48:0e:a4:7e:75:27:f9:1c:f8:af:0c:12:7a:10:89:00:7c:2b:41:b6:71:d8:db:71:06:a8:05:8e:c0:a1:c8:1a:67:8b:32:35:b4:ad:79:b1:0d:7d:b0:5c:1b:f8:14:a3:bb:7f:9f:1f:5b:b7:45:48:ae:93:b4:3e:ef" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:57.084557000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495057.084557000", + "frame.time_delta": "0.000485000", + "frame.time_delta_displayed": "0.000485000", + "frame.time_relative": "1465.623871000", + "frame.number": "4994", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000964c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007733", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "65085", + "tcp.ack": "14363", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f133", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:ed:73:a7:a0:92:9b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2551155, TSecr 2812318363": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2551155", + "tcp.options.timestamp.tsecr": "2812318363" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4993", + "tcp.analysis.ack_rtt": "0.000485000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:57.088608000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495057.088608000", + "frame.time_delta": "0.004051000", + "frame.time_delta_displayed": "0.004051000", + "frame.time_relative": "1465.627922000", + "frame.number": "4995", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x0000964d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007703", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "65085", + "tcp.nxtseq": "65132", + "tcp.ack": "14363", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ccef", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:ed:74:a7:a0:92:9b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2551156, TSecr 2812318363": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2551156", + "tcp.options.timestamp.tsecr": "2812318363" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:ed:36:e3:bc:b1:68:c0:b3:da:20:d9:f0:51:14:75:51:b3:06:3b:09:e7:02:61:9b:a8:cf:67:dc:2a:3c:d6:a9:30:23:ee" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:57.186350000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495057.186350000", + "frame.time_delta": "0.097742000", + "frame.time_delta_displayed": "0.097742000", + "frame.time_relative": "1465.725664000", + "frame.number": "4996", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d44", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000383b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "14363", + "tcp.ack": "65132", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f1d8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:92:b5:00:26:ed:74", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812318389, TSecr 2551156": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812318389", + "tcp.options.timestamp.tsecr": "2551156" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4995", + "tcp.analysis.ack_rtt": "0.097742000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:57.284543000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495057.284543000", + "frame.time_delta": "0.098193000", + "frame.time_delta_displayed": "0.098193000", + "frame.time_relative": "1465.823857000", + "frame.number": "4997", + "frame.len": "131", + "frame.cap_len": "131", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "117", + "ip.id": "0x00002d45", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037f9", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "65", + "tcp.seq": "14363", + "tcp.nxtseq": "14428", + "tcp.ack": "65132", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005fc3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:92:cd:00:26:ed:74", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812318413, TSecr 2551156": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812318413", + "tcp.options.timestamp.tsecr": "2551156" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "65", + "tcp.analysis.push_bytes_sent": "65" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "60", + "ssl.app_data": "34:cd:34:17:47:48:0e:a5:1f:b5:76:e6:dc:9f:79:e3:5a:77:e6:a5:a9:e7:01:c4:91:c9:22:37:98:70:95:54:aa:0d:68:d8:3e:29:cc:ee:f1:67:a8:c8:63:d8:2d:c1:48:1d:cc:9c:1d:6c:1f:f8:00:1b:9a:ba" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:57.288454000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495057.288454000", + "frame.time_delta": "0.003911000", + "frame.time_delta_displayed": "0.003911000", + "frame.time_relative": "1465.827768000", + "frame.number": "4998", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x0000964e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007702", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "65132", + "tcp.nxtseq": "65179", + "tcp.ack": "14428", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a5c6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:ed:88:a7:a0:92:cd", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2551176, TSecr 2812318413": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2551176", + "tcp.options.timestamp.tsecr": "2812318413" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4997", + "tcp.analysis.ack_rtt": "0.003911000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:ee:e5:18:83:fd:dd:ae:04:b2:48:72:6f:4b:1b:6c:da:44:68:5e:0c:f2:68:7d:d8:4e:91:35:96:ee:93:f1:03:13:f0:30" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:57.348698000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495057.348698000", + "frame.time_delta": "0.060244000", + "frame.time_delta_displayed": "0.060244000", + "frame.time_relative": "1465.888012000", + "frame.number": "4999", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d46", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003839", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "14428", + "tcp.ack": "65179", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f12c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:92:dd:00:26:ed:88", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812318429, TSecr 2551176": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812318429", + "tcp.options.timestamp.tsecr": "2551176" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "4998", + "tcp.analysis.ack_rtt": "0.060244000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:58.178058000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495058.178058000", + "frame.time_delta": "0.829360000", + "frame.time_delta_displayed": "0.829360000", + "frame.time_relative": "1466.717372000", + "frame.number": "5000", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x0000964f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "64", + "tcp.seq": "65179", + "tcp.nxtseq": "65243", + "tcp.ack": "14428", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000643e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:ed:e1:a7:a0:92:dd", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2551265, TSecr 2812318429": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2551265", + "tcp.options.timestamp.tsecr": "2812318429" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "64", + "tcp.analysis.push_bytes_sent": "64" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "59", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:ef:4c:d1:3c:5a:91:fa:de:1f:f5:a6:74:6b:21:b4:c7:eb:d0:ea:6e:50:fc:99:6f:28:c4:72:63:38:ee:0e:48:a9:33:8c:47:ef:fa:5d:69:59:8b:d2:1f:78:a1:b4:c4:14:fe:e9:f8" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:58.238310000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495058.238310000", + "frame.time_delta": "0.060252000", + "frame.time_delta_displayed": "0.060252000", + "frame.time_relative": "1466.777624000", + "frame.number": "5001", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d47", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003838", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "14428", + "tcp.ack": "65243", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000efb5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:93:bb:00:26:ed:e1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812318651, TSecr 2551265": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812318651", + "tcp.options.timestamp.tsecr": "2551265" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5000", + "tcp.analysis.ack_rtt": "0.060252000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:58.238767000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495058.238767000", + "frame.time_delta": "0.000457000", + "frame.time_delta_displayed": "0.000457000", + "frame.time_relative": "1466.778081000", + "frame.number": "5002", + "frame.len": "409", + "frame.cap_len": "409", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "395", + "ip.id": "0x00009650", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075d8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "343", + "tcp.seq": "65243", + "tcp.nxtseq": "65586", + "tcp.ack": "14428", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001d0b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:ed:e7:a7:a0:93:bb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2551271, TSecr 2812318651": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2551271", + "tcp.options.timestamp.tsecr": "2812318651" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "343", + "tcp.analysis.push_bytes_sent": "343" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "338", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:f0:31:09:1a:bd:d2:0a:36:0a:e4:33:eb:e6:d0:ca:e2:a6:b8:ff:28:92:59:05:5a:7b:32:eb:f6:e2:3a:49:ff:95:9c:c4:7a:d8:b0:7e:cc:7b:99:76:fb:5b:e3:0b:a7:85:51:c4:48:36:fd:0c:bd:05:e0:2a:77:97:91:40:fa:e6:a8:80:97:e5:ac:ab:21:f5:f4:11:fa:4d:22:de:e5:12:6b:b3:c3:24:11:f6:3f:fe:53:73:1a:c7:a8:49:10:6a:28:fe:d3:c9:e6:cb:66:ea:73:22:6a:c9:21:af:36:03:1e:05:d3:2c:52:c3:38:e5:56:61:b2:4b:f4:61:bc:98:eb:d3:74:b9:8c:39:f2:ee:6a:ea:f7:62:54:b4:b4:93:ef:a1:6c:4c:65:71:9a:dd:c9:a7:3f:a0:08:2b:6d:68:66:5c:a3:77:9d:ac:53:8a:e4:22:f1:d2:e7:8a:4e:4e:f2:01:2b:9e:6f:96:20:7c:d3:20:b0:de:da:f8:44:fa:52:b2:6c:89:eb:c1:3c:e7:9b:99:13:11:16:31:f1:ab:e1:b5:9e:03:d6:d3:6c:f0:8a:ff:5d:9b:94:6a:74:b7:b4:61:8b:7e:83:b3:46:cf:15:a6:0e:63:a8:65:6c:d4:6c:4c:68:be:9e:cb:36:4f:50:91:b1:bc:d5:7b:bf:8c:2c:0e:15:e4:dc:0d:11:69:e9:ce:6f:d8:38:7d:79:df:5e:86:d6:5c:8c:e9:d2:a3:2f:b0:64:8f:3e:ef:2e:7f:03:f6:e5:f9:01:87:e0:4e:b6:40:2d:cd:1e:b9:e9:db:a3:a0:7b:f8:58:86:78:fa:3c:d7:98:da:1a:02:68:de:18:e5:1e:d9:7a:51:a1:83:96:0a" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:58.239081000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495058.239081000", + "frame.time_delta": "0.000314000", + "frame.time_delta_displayed": "0.000314000", + "frame.time_relative": "1466.778395000", + "frame.number": "5003", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d48", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003808", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "14428", + "tcp.nxtseq": "14475", + "tcp.ack": "65243", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000002b1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:93:bc:00:26:ed:e1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812318652, TSecr 2551265": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812318652", + "tcp.options.timestamp.tsecr": "2551265" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:a6:7f:c9:aa:4e:92:0d:c3:7a:90:72:48:e6:9d:1c:26:4f:24:a3:db:57:05:d9:ce:e7:3b:2b:f7:16:e5:7c:93:c6:6e:2f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:58.277713000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495058.277713000", + "frame.time_delta": "0.038632000", + "frame.time_delta_displayed": "0.038632000", + "frame.time_relative": "1466.817027000", + "frame.number": "5004", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009651", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000772e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "65586", + "tcp.ack": "14475", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ed35", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:ed:eb:a7:a0:93:bc", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2551275, TSecr 2812318652": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2551275", + "tcp.options.timestamp.tsecr": "2812318652" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5003", + "tcp.analysis.ack_rtt": "0.038632000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:58.299544000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495058.299544000", + "frame.time_delta": "0.021831000", + "frame.time_delta_displayed": "0.021831000", + "frame.time_relative": "1466.838858000", + "frame.number": "5005", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d49", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003807", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "14475", + "tcp.nxtseq": "14522", + "tcp.ack": "65586", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005d43", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:93:cb:00:26:ed:e7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812318667, TSecr 2551271": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812318667", + "tcp.options.timestamp.tsecr": "2551271" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5002", + "tcp.analysis.ack_rtt": "0.060777000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:a7:68:23:93:7c:f8:f0:e4:80:9b:66:88:1f:22:68:bf:8c:08:a2:e7:75:76:a5:d5:90:bc:2f:df:af:16:28:02:53:0e:43" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:10:58.300042000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495058.300042000", + "frame.time_delta": "0.000498000", + "frame.time_delta_displayed": "0.000498000", + "frame.time_relative": "1466.839356000", + "frame.number": "5006", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009652", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000772d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "65586", + "tcp.ack": "14522", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ecf5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:ed:ed:a7:a0:93:cb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2551277, TSecr 2812318667": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2551277", + "tcp.options.timestamp.tsecr": "2812318667" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5005", + "tcp.analysis.ack_rtt": "0.000498000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:04.799253000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495064.799253000", + "frame.time_delta": "6.499211000", + "frame.time_delta_displayed": "6.499211000", + "frame.time_relative": "1473.338567000", + "frame.number": "5007", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005813", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a67e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "4997", + "tcp.ack": "541", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f11e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:04.942596000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495064.942596000", + "frame.time_delta": "0.143343000", + "frame.time_delta_displayed": "0.143343000", + "frame.time_relative": "1473.481910000", + "frame.number": "5008", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000ffb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd96", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "541", + "tcp.ack": "4998", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fb93", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:06.043235000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495066.043235000", + "frame.time_delta": "1.100639000", + "frame.time_delta_displayed": "1.100639000", + "frame.time_relative": "1474.582549000", + "frame.number": "5009", + "frame.len": "318", + "frame.cap_len": "318", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "304", + "ip.id": "0x00003b09", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "46", + "ip.proto": "6", + "ip.checksum": "0x000058c0", + "ip.checksum.status": "2", + "ip.src": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.src_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49775", + "tcp.port": "80", + "tcp.port": "49775", + "tcp.stream": "170", + "tcp.len": "264", + "tcp.seq": "1", + "tcp.nxtseq": "265", + "tcp.ack": "258", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30016", + "tcp.window_size": "30016", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000095bd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018629000", + "tcp.analysis.bytes_in_flight": "264", + "tcp.analysis.push_bytes_sent": "264" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.date": "Wed, 01 Nov 2017 00:11:06 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:11:06 GMT\r\n", + "http.content_type": "text\/javascript; charset=\"UTF-8\"", + "http.response.line": "Content-Type: text\/javascript; charset=\"UTF-8\"\r\n", + "http.content_length_header": "24", + "http.content_length_header_tree": { + "http.content_length": "24" + }, + "http.response.line": "Content-Length: 24\r\n", + "http.connection": "keep-alive", + "http.response.line": "Connection: keep-alive\r\n", + "http.cache_control": "no-cache", + "http.response.line": "Cache-Control: no-cache\r\n", + "http.response.line": "Access-Control-Allow-Origin: *\r\n", + "http.response.line": "Access-Control-Allow-Methods: GET\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "280.037377000", + "http.request_in": "4380", + "http.file_data": "[[],\"15094945528362978\"]" + }, + "data-text-lines": { + "[[],\"15094945528362978\"]": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:06.075695000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495066.075695000", + "frame.time_delta": "0.032460000", + "frame.time_delta_displayed": "0.032460000", + "frame.time_relative": "1474.615009000", + "frame.number": "5010", + "frame.len": "345", + "frame.cap_len": "345", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "331", + "ip.id": "0x00002d4a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000371e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "279", + "tcp.seq": "14522", + "tcp.nxtseq": "14801", + "tcp.ack": "65586", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000faa6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:9b:63:00:26:ed:ed", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812320611, TSecr 2551277": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812320611", + "tcp.options.timestamp.tsecr": "2551277" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "279", + "tcp.analysis.push_bytes_sent": "279" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "274", + "ssl.app_data": "34:cd:34:17:47:48:0e:a8:94:7c:05:80:91:8a:ef:0d:76:3e:df:d9:c7:37:5f:30:b9:8d:aa:39:0a:e0:8f:a1:6a:0c:92:9e:55:00:eb:5b:a5:a8:5a:c5:ea:86:dc:67:03:be:6a:1c:3e:59:78:33:bd:d7:cc:b7:a3:75:60:ba:1d:c0:fb:a1:d8:e4:4f:08:5e:ee:7d:04:dd:79:8b:b9:15:fb:bd:ab:d5:ec:f2:a4:41:e2:01:3c:38:1c:80:8c:26:1e:49:ed:fa:5b:0e:01:9c:e7:f0:61:db:07:d6:4f:c1:40:f6:12:96:a6:54:3f:c9:64:89:66:00:e4:00:17:d0:a5:d6:89:1a:82:54:fc:1c:6f:35:99:81:4d:6f:c0:9a:8a:21:ea:f9:3c:c8:35:cd:85:bb:7d:a2:7d:22:fa:51:c7:8f:08:3d:5c:89:73:f2:c8:ff:6b:4d:f3:c4:40:cd:ec:97:4f:0a:ac:4b:44:eb:6d:94:e4:b5:21:09:20:68:af:7f:2d:80:57:a1:c0:4e:1c:3b:10:61:f8:04:75:8c:e0:8c:9c:08:bb:e7:a1:49:7d:9a:da:34:18:2a:df:36:9d:6b:be:7b:5a:4c:c2:39:fc:e2:de:60:8c:1e:99:de:ea:57:e4:0b:53:f0:70:0e:cc:1e:47:0b:0d:fd:bd:8b:9b:6c:ab:e3:05:f7:0c:ac:ab:aa:d4:39:52:2c:b0:9a:11" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:06.076244000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495066.076244000", + "frame.time_delta": "0.000549000", + "frame.time_delta_displayed": "0.000549000", + "frame.time_relative": "1474.615558000", + "frame.number": "5011", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009653", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000772c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "65586", + "tcp.ack": "14801", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e13d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:f0:f6:a7:a0:9b:63", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2552054, TSecr 2812320611": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2552054", + "tcp.options.timestamp.tsecr": "2812320611" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5010", + "tcp.analysis.ack_rtt": "0.000549000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:06.076935000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495066.076935000", + "frame.time_delta": "0.000691000", + "frame.time_delta_displayed": "0.000691000", + "frame.time_relative": "1474.616249000", + "frame.number": "5012", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000104a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f386", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.dst_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49775", + "tcp.dstport": "80", + "tcp.port": "49775", + "tcp.port": "80", + "tcp.stream": "170", + "tcp.len": "0", + "tcp.seq": "258", + "tcp.ack": "265", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5336", + "tcp.window_size": "5336", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000e03f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5009", + "tcp.analysis.ack_rtt": "0.033700000", + "tcp.analysis.initial_rtt": "0.018629000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:06.089573000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495066.089573000", + "frame.time_delta": "0.012638000", + "frame.time_delta_displayed": "0.012638000", + "frame.time_relative": "1474.628887000", + "frame.number": "5013", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003b0a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "46", + "ip.proto": "6", + "ip.checksum": "0x000059c7", + "ip.checksum.status": "2", + "ip.src": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.src_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49775", + "tcp.port": "80", + "tcp.port": "49775", + "tcp.stream": "170", + "tcp.len": "0", + "tcp.seq": "265", + "tcp.ack": "259", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30016", + "tcp.window_size": "30016", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00007fd6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5012", + "tcp.analysis.ack_rtt": "0.012638000", + "tcp.analysis.initial_rtt": "0.018629000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:06.092836000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495066.092836000", + "frame.time_delta": "0.003263000", + "frame.time_delta_displayed": "0.003263000", + "frame.time_relative": "1474.632150000", + "frame.number": "5014", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x00009654", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076f6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "65586", + "tcp.nxtseq": "65639", + "tcp.ack": "14801", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007108", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:f0:f8:a7:a0:9b:63", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2552056, TSecr 2812320611": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2552056", + "tcp.options.timestamp.tsecr": "2812320611" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:f1:85:7c:c6:ae:c8:44:8f:61:fe:d5:40:fb:5a:cf:96:3a:dd:fe:70:8e:98:a3:8c:f0:37:07:ee:88:51:da:e7:dc:e1:46:f4:3d:58:66:ff:77" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:06.094889000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495066.094889000", + "frame.time_delta": "0.002053000", + "frame.time_delta_displayed": "0.002053000", + "frame.time_relative": "1474.634203000", + "frame.number": "5015", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000104b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f385", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.237", + "ip.addr": "54.241.191.237", + "ip.dst_host": "54.241.191.237", + "ip.host": "54.241.191.237", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49775", + "tcp.dstport": "80", + "tcp.port": "49775", + "tcp.port": "80", + "tcp.stream": "170", + "tcp.len": "0", + "tcp.seq": "259", + "tcp.ack": "266", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5335", + "tcp.window_size": "5335", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000e03f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5013", + "tcp.analysis.ack_rtt": "0.005316000", + "tcp.analysis.initial_rtt": "0.018629000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:06.190625000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495066.190625000", + "frame.time_delta": "0.095736000", + "frame.time_delta_displayed": "0.095736000", + "frame.time_relative": "1474.729939000", + "frame.number": "5016", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d4b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003834", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "14801", + "tcp.ack": "65639", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e1d8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:9b:80:00:26:f0:f8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812320640, TSecr 2552056": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812320640", + "tcp.options.timestamp.tsecr": "2552056" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5014", + "tcp.analysis.ack_rtt": "0.097789000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:06.191163000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495066.191163000", + "frame.time_delta": "0.000538000", + "frame.time_delta_displayed": "0.000538000", + "frame.time_relative": "1474.730477000", + "frame.number": "5017", + "frame.len": "726", + "frame.cap_len": "726", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "712", + "ip.id": "0x00009655", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007496", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "660", + "tcp.seq": "65639", + "tcp.nxtseq": "66299", + "tcp.ack": "14801", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000564b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:f1:02:a7:a0:9b:80", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2552066, TSecr 2812320640": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2552066", + "tcp.options.timestamp.tsecr": "2812320640" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "660", + "tcp.analysis.push_bytes_sent": "660" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:f2:25:62:59:9c:df:ab:21:11:ce:51:9d:8d:7f:e7:1b:ba:c9:63:3e:f2:09:cc:b4:14:b0:7b:e5:2f:90:1d:d9:51:34:24:35:1e:71:6c:a3:01:d8" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:f3:84:49:0f:8e:81:aa:19:bd:49:bb:28:1f:f9:c4:98:d3:4f:aa:d9:a8:d4:3e:9b:a8:39:f5:76:0c:11:10:22:0b:30:bd:e2:44:a6:a0:66:b4:1f:21:2c:fa:f4:b6:eb:06:02:2e:c6:6c:0f:86:5f:d9:36:22:f3:d0:2c:c0:ba:d9:53:e7:78:a7:5d:ee:f2:8c:f9:58:2e:3b:84:d8:c1:61:db:22:e0:08:bc:77:3f:5e" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "500", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:f4:82:0f:73:c2:2f:c8:a4:ae:42:f2:f6:ed:2e:06:e3:d8:5c:58:4e:d8:b4:14:bf:22:82:0c:3d:e9:c2:84:fc:1b:84:63:c1:53:21:4c:b6:7b:fb:92:b2:8f:e9:9f:2a:3a:a4:42:0d:f5:11:ad:88:ef:cf:61:ae:c4:a1:53:9d:4d:92:1f:0b:f1:d4:7d:04:b6:b4:55:eb:4e:0f:09:fc:a4:21:e2:7a:b4:f7:c7:0f:e8:bf:78:17:e4:15:57:e5:3b:58:cf:66:7b:4b:85:75:72:10:b5:3b:9d:aa:8c:9d:73:f3:e7:7a:66:d1:24:64:a5:c9:30:b3:1d:5d:29:0e:a6:3e:87:1a:63:a3:2f:e0:9c:94:56:51:97:33:98:9d:80:38:ea:3c:04:ae:9b:45:09:fa:55:c0:88:3b:50:8e:42:d1:6a:a3:00:25:9f:93:ce:5e:e9:ec:a2:e8:19:2d:39:fb:f0:35:4e:73:4c:f8:13:91:e9:75:8e:4e:91:87:48:09:1b:52:a9:e0:e4:59:fb:c3:e9:82:3d:6f:70:9b:5b:78:f1:91:dc:62:e5:b5:9b:2e:f3:3a:18:3b:c9:0d:3b:94:4c:3c:d3:7a:6c:a2:37:ba:41:94:85:e8:8b:9d:eb:47:4e:aa:11:67:03:98:60:9d:55:c8:ad:fc:e3:96:ec:f1:23:6b:3b:9a:95:f6:ba:20:b0:5f:be:d3:14:4e:36:0f:60:a1:43:9e:02:f1:d4:74:1c:75:19:17:06:a8:0b:48:c2:47:1b:d0:6f:30:4f:8f:f4:d8:7a:8c:44:c7:43:b7:5d:dd:0a:37:95:0d:e8:ed:1c:42:55:1b:3f:34:ab:4e:14:1a:c5:66:d0:5c:c2:f3:a3:d6:08:4d:77:e0:94:fc:2b:f0:ef:05:fc:82:37:6e:2b:cd:44:c1:03:c4:c7:2d:2e:27:8a:4c:e7:5d:e6:38:7c:30:ff:33:be:d7:3e:10:26:10:e7:a6:dd:2f:e3:31:f4:bd:e1:ec:5a:b2:bd:ba:01:16:db:a8:8b:91:34:98:3e:1d:10:92:a4:0a:36:c1:bc:0e:8a:04:8e:ed:95:15:b5:b5:61:92:0e:31:94:fc:c1:c3:88:74:ca:9e:83:2b:6e:87:5f:8f:73:e5:90:80:a5:86:d6:ba:60:5d:b0:ad:f9:95:58:00:36:85:da:bc:99:15:4b:8d:b7:ae:08:7b:f9:0a:69:63:24:e8:54:7a:46:c4:4c:df:5b:90:06:15:33:92:fd:c8:1f:a8:fa:3d:be:0e:98:62:c7:da:ef:30:af:36:e6" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:06.251719000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495066.251719000", + "frame.time_delta": "0.060556000", + "frame.time_delta_displayed": "0.060556000", + "frame.time_relative": "1474.791033000", + "frame.number": "5018", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d4c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003833", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "14801", + "tcp.ack": "66299", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000df2b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:9b:8f:00:26:f1:02", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812320655, TSecr 2552066": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812320655", + "tcp.options.timestamp.tsecr": "2552066" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5017", + "tcp.analysis.ack_rtt": "0.060556000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:06.481910000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495066.481910000", + "frame.time_delta": "0.230191000", + "frame.time_delta_displayed": "0.230191000", + "frame.time_relative": "1475.021224000", + "frame.number": "5019", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009656", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "66299", + "tcp.nxtseq": "66353", + "tcp.ack": "14801", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a626", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:f1:1f:a7:a0:9b:8f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2552095, TSecr 2812320655": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2552095", + "tcp.options.timestamp.tsecr": "2812320655" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:f5:a7:bd:1d:de:be:6b:8f:d2:bd:31:d6:34:45:12:af:15:01:e6:4e:32:45:7c:84:3a:75:2b:5a:ed:dc:b2:22:7c:fc:15:eb:b7:44:97:9b:56:4e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:06.542036000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495066.542036000", + "frame.time_delta": "0.060126000", + "frame.time_delta_displayed": "0.060126000", + "frame.time_relative": "1475.081350000", + "frame.number": "5020", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d4d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003832", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "14801", + "tcp.ack": "66353", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000de90", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:9b:d7:00:26:f1:1f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812320727, TSecr 2552095": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812320727", + "tcp.options.timestamp.tsecr": "2552095" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5019", + "tcp.analysis.ack_rtt": "0.060126000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:06.633456000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495066.633456000", + "frame.time_delta": "0.091420000", + "frame.time_delta_displayed": "0.091420000", + "frame.time_relative": "1475.172770000", + "frame.number": "5021", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005dac", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005a3d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:07.084030000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495067.084030000", + "frame.time_delta": "0.450574000", + "frame.time_delta_displayed": "0.450574000", + "frame.time_relative": "1475.623344000", + "frame.number": "5022", + "frame.len": "77", + "frame.cap_len": "77", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "63", + "ip.id": "0x0000104c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00002998", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49153", + "udp.dstport": "53", + "udp.port": "49153", + "udp.port": "53", + "udp.length": "43", + "udp.checksum": "0x0000ae31", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "pubsub.pubnub.com: type A, class IN": { + "dns.qry.name": "pubsub.pubnub.com", + "dns.qry.name.len": "17", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:07.085855000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495067.085855000", + "frame.time_delta": "0.001825000", + "frame.time_delta_displayed": "0.001825000", + "frame.time_relative": "1475.625169000", + "frame.number": "5023", + "frame.len": "540", + "frame.cap_len": "540", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "526", + "ip.id": "0x0000d828", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000deec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49153", + "udp.port": "53", + "udp.port": "49153", + "udp.length": "506", + "udp.checksum": "0x000083d5", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.response_to": "5022", + "dns.time": "0.001825000", + "dns.id": "0x00000000", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "2", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "11", + "Queries": { + "pubsub.pubnub.com: type A, class IN": { + "dns.qry.name": "pubsub.pubnub.com", + "dns.qry.name.len": "17", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "pubsub.pubnub.com: type A, class IN, addr 54.219.189.240": { + "dns.resp.name": "pubsub.pubnub.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "86", + "dns.resp.len": "4", + "dns.a": "54.219.189.240" + }, + "pubsub.pubnub.com: type A, class IN, addr 54.241.191.232": { + "dns.resp.name": "pubsub.pubnub.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "86", + "dns.resp.len": "4", + "dns.a": "54.241.191.232" + } + }, + "Authoritative nameservers": { + "pubnub.com: type NS, class IN, ns ns-1979.awsdns-55.co.uk": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "52492", + "dns.resp.len": "25", + "dns.ns": "ns-1979.awsdns-55.co.uk" + }, + "pubnub.com: type NS, class IN, ns ns3.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "52492", + "dns.resp.len": "20", + "dns.ns": "ns3.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns-1127.awsdns-12.org": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "52492", + "dns.resp.len": "23", + "dns.ns": "ns-1127.awsdns-12.org" + }, + "pubnub.com: type NS, class IN, ns ns4.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "52492", + "dns.resp.len": "6", + "dns.ns": "ns4.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns2.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "52492", + "dns.resp.len": "6", + "dns.ns": "ns2.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns1.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "52492", + "dns.resp.len": "6", + "dns.ns": "ns1.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns-22.awsdns-02.com": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "52492", + "dns.resp.len": "18", + "dns.ns": "ns-22.awsdns-02.com" + }, + "pubnub.com: type NS, class IN, ns ns-907.awsdns-49.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "52492", + "dns.resp.len": "19", + "dns.ns": "ns-907.awsdns-49.net" + } + }, + "Additional records": { + "ns1.p19.dynect.net: type A, class IN, addr 208.78.70.19": { + "dns.resp.name": "ns1.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4783", + "dns.resp.len": "4", + "dns.a": "208.78.70.19" + }, + "ns2.p19.dynect.net: type A, class IN, addr 204.13.250.19": { + "dns.resp.name": "ns2.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56743", + "dns.resp.len": "4", + "dns.a": "204.13.250.19" + }, + "ns3.p19.dynect.net: type A, class IN, addr 208.78.71.19": { + "dns.resp.name": "ns3.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3053", + "dns.resp.len": "4", + "dns.a": "208.78.71.19" + }, + "ns4.p19.dynect.net: type A, class IN, addr 204.13.251.19": { + "dns.resp.name": "ns4.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56744", + "dns.resp.len": "4", + "dns.a": "204.13.251.19" + }, + "ns-22.awsdns-02.com: type A, class IN, addr 205.251.192.22": { + "dns.resp.name": "ns-22.awsdns-02.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57485", + "dns.resp.len": "4", + "dns.a": "205.251.192.22" + }, + "ns-907.awsdns-49.net: type A, class IN, addr 205.251.195.139": { + "dns.resp.name": "ns-907.awsdns-49.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57593", + "dns.resp.len": "4", + "dns.a": "205.251.195.139" + }, + "ns-1127.awsdns-12.org: type A, class IN, addr 205.251.196.103": { + "dns.resp.name": "ns-1127.awsdns-12.org", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57135", + "dns.resp.len": "4", + "dns.a": "205.251.196.103" + }, + "ns-1979.awsdns-55.co.uk: type A, class IN, addr 205.251.199.187": { + "dns.resp.name": "ns-1979.awsdns-55.co.uk", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56936", + "dns.resp.len": "4", + "dns.a": "205.251.199.187" + }, + "ns1.p19.dynect.net: type AAAA, class IN, addr 2001:500:90:1::19": { + "dns.resp.name": "ns1.p19.dynect.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "257", + "dns.resp.len": "16", + "dns.aaaa": "2001:500:90:1::19" + }, + "ns3.p19.dynect.net: type AAAA, class IN, addr 2001:500:94:1::19": { + "dns.resp.name": "ns3.p19.dynect.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "257", + "dns.resp.len": "16", + "dns.aaaa": "2001:500:94:1::19" + }, + "ns-22.awsdns-02.com: type AAAA, class IN, addr 2600:9000:5300:1600::1": { + "dns.resp.name": "ns-22.awsdns-02.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57485", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5300:1600::1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:07.092792000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495067.092792000", + "frame.time_delta": "0.006937000", + "frame.time_delta_displayed": "0.006937000", + "frame.time_relative": "1475.632106000", + "frame.number": "5024", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x0000104d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f592", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.189.240", + "ip.addr": "54.219.189.240", + "ip.dst_host": "54.219.189.240", + "ip.host": "54.219.189.240", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49776", + "tcp.dstport": "80", + "tcp.port": "49776", + "tcp.port": "80", + "tcp.stream": "183", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.checksum": "0x00008a6f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:78", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1400" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:07.105499000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495067.105499000", + "frame.time_delta": "0.012707000", + "frame.time_delta_displayed": "0.012707000", + "frame.time_relative": "1475.644813000", + "frame.number": "5025", + "frame.len": "58", + "frame.cap_len": "58", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x000095e0", + "ip.checksum.status": "2", + "ip.src": "54.219.189.240", + "ip.addr": "54.219.189.240", + "ip.src_host": "54.219.189.240", + "ip.host": "54.219.189.240", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49776", + "tcp.port": "80", + "tcp.port": "49776", + "tcp.stream": "183", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x0000f773", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5024", + "tcp.analysis.ack_rtt": "0.012707000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:07.110697000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495067.110697000", + "frame.time_delta": "0.005198000", + "frame.time_delta_displayed": "0.005198000", + "frame.time_relative": "1475.650011000", + "frame.number": "5026", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000104e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f595", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.189.240", + "ip.addr": "54.219.189.240", + "ip.dst_host": "54.219.189.240", + "ip.host": "54.219.189.240", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49776", + "tcp.dstport": "80", + "tcp.port": "49776", + "tcp.port": "80", + "tcp.stream": "183", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003259", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5025", + "tcp.analysis.ack_rtt": "0.005198000", + "tcp.analysis.initial_rtt": "0.017905000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:07.129932000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495067.129932000", + "frame.time_delta": "0.019235000", + "frame.time_delta_displayed": "0.019235000", + "frame.time_relative": "1475.669246000", + "frame.number": "5027", + "frame.len": "69", + "frame.cap_len": "69", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "55", + "ip.id": "0x0000104f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f585", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.189.240", + "ip.addr": "54.219.189.240", + "ip.dst_host": "54.219.189.240", + "ip.host": "54.219.189.240", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49776", + "tcp.dstport": "80", + "tcp.port": "49776", + "tcp.port": "80", + "tcp.stream": "183", + "tcp.len": "15", + "tcp.seq": "1", + "tcp.nxtseq": "16", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00007ad4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.017905000", + "tcp.analysis.bytes_in_flight": "15", + "tcp.analysis.push_bytes_sent": "15" + }, + "tcp.segment_data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:07.142381000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495067.142381000", + "frame.time_delta": "0.012449000", + "frame.time_delta_displayed": "0.012449000", + "frame.time_relative": "1475.681695000", + "frame.number": "5028", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006429", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x000031bb", + "ip.checksum.status": "2", + "ip.src": "54.219.189.240", + "ip.addr": "54.219.189.240", + "ip.src_host": "54.219.189.240", + "ip.host": "54.219.189.240", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49776", + "tcp.port": "80", + "tcp.port": "49776", + "tcp.stream": "183", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "16", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00000f22", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5027", + "tcp.analysis.ack_rtt": "0.012449000", + "tcp.analysis.initial_rtt": "0.017905000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:07.147511000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495067.147511000", + "frame.time_delta": "0.005130000", + "frame.time_delta_displayed": "0.005130000", + "frame.time_relative": "1475.686825000", + "frame.number": "5029", + "frame.len": "296", + "frame.cap_len": "296", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "282", + "ip.id": "0x00001050", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f4a1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.189.240", + "ip.addr": "54.219.189.240", + "ip.dst_host": "54.219.189.240", + "ip.host": "54.219.189.240", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49776", + "tcp.dstport": "80", + "tcp.port": "49776", + "tcp.port": "80", + "tcp.stream": "183", + "tcp.len": "242", + "tcp.seq": "16", + "tcp.nxtseq": "258", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000b167", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.017905000", + "tcp.analysis.bytes_in_flight": "242", + "tcp.analysis.push_bytes_sent": "242" + }, + "tcp.segment_data": "73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" + }, + "tcp.segments": { + "tcp.segment": "5027", + "tcp.segment": "5029", + "tcp.segment.count": "2", + "tcp.reassembled.length": "257", + "tcp.reassembled.data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f:73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" + }, + "http": { + "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "pubsub.pubnub.com", + "http.request.line": "Host: pubsub.pubnub.com\r\n", + "http.user_agent": "lwsockets\/0.1", + "http.request.line": "User-Agent: lwsockets\/0.1\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.cache_control": "no-cache, no-store, max-age=0", + "http.request.line": "Cache-Control: no-cache, no-store, max-age=0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/pubsub.pubnub.com\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:07.161038000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495067.161038000", + "frame.time_delta": "0.013527000", + "frame.time_delta_displayed": "0.013527000", + "frame.time_relative": "1475.700352000", + "frame.number": "5030", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000642a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x000031ba", + "ip.checksum.status": "2", + "ip.src": "54.219.189.240", + "ip.addr": "54.219.189.240", + "ip.src_host": "54.219.189.240", + "ip.host": "54.219.189.240", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49776", + "tcp.port": "80", + "tcp.port": "49776", + "tcp.stream": "183", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "258", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "15544", + "tcp.window_size": "15544", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00000a80", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5029", + "tcp.analysis.ack_rtt": "0.013527000", + "tcp.analysis.initial_rtt": "0.017905000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:09.244603000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495069.244603000", + "frame.time_delta": "2.083565000", + "frame.time_delta_displayed": "2.083565000", + "frame.time_relative": "1477.783917000", + "frame.number": "5031", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000e93b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000f01d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:09.809184000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495069.809184000", + "frame.time_delta": "0.564581000", + "frame.time_delta_displayed": "0.564581000", + "frame.time_relative": "1478.348498000", + "frame.number": "5032", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:09.809310000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495069.809310000", + "frame.time_delta": "0.000126000", + "frame.time_delta_displayed": "0.000126000", + "frame.time_relative": "1478.348624000", + "frame.number": "5033", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:10.813580000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495070.813580000", + "frame.time_delta": "1.004270000", + "frame.time_delta_displayed": "1.004270000", + "frame.time_relative": "1479.352894000", + "frame.number": "5034", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000b7c8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000000f2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "39612", + "udp.dstport": "53", + "udp.port": "39612", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00001b56", + "udp.checksum.status": "2", + "udp.stream": "114" + }, + "dns": { + "dns.id": "0x00000f2b", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:10.814178000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495070.814178000", + "frame.time_delta": "0.000598000", + "frame.time_delta_displayed": "0.000598000", + "frame.time_relative": "1479.353492000", + "frame.number": "5035", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00009140", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000277a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "39612", + "udp.port": "53", + "udp.port": "39612", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "114" + }, + "dns": { + "dns.response_to": "5034", + "dns.time": "0.000598000", + "dns.id": "0x00000f2b", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:10.814982000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495070.814982000", + "frame.time_delta": "0.000804000", + "frame.time_delta_displayed": "0.000804000", + "frame.time_relative": "1479.354296000", + "frame.number": "5036", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000b7c9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000000f1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56942", + "udp.dstport": "53", + "udp.port": "56942", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000f2a2", + "udp.checksum.status": "2", + "udp.stream": "115" + }, + "dns": { + "dns.id": "0x00000f2c", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:10.815500000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495070.815500000", + "frame.time_delta": "0.000518000", + "frame.time_delta_displayed": "0.000518000", + "frame.time_relative": "1479.354814000", + "frame.number": "5037", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00009141", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002769", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "56942", + "udp.port": "53", + "udp.port": "56942", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "115" + }, + "dns": { + "dns.response_to": "5036", + "dns.time": "0.000518000", + "dns.id": "0x00000f2c", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2307", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:10.816621000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495070.816621000", + "frame.time_delta": "0.001121000", + "frame.time_delta_displayed": "0.001121000", + "frame.time_relative": "1479.355935000", + "frame.number": "5038", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00006ad7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000caf8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35304", + "tcp.dstport": "80", + "tcp.port": "35304", + "tcp.port": "80", + "tcp.stream": "184", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00007ab3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:10.953701000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495070.953701000", + "frame.time_delta": "0.137080000", + "frame.time_delta_displayed": "0.137080000", + "frame.time_relative": "1479.493015000", + "frame.number": "5039", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x000073d9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x000016fa", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35304", + "tcp.port": "80", + "tcp.port": "35304", + "tcp.stream": "184", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x0000b575", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5038", + "tcp.analysis.ack_rtt": "0.137080000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:10.954233000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495070.954233000", + "frame.time_delta": "0.000532000", + "frame.time_delta_displayed": "0.000532000", + "frame.time_relative": "1479.493547000", + "frame.number": "5040", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006ad8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cb03", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35304", + "tcp.dstport": "80", + "tcp.port": "35304", + "tcp.port": "80", + "tcp.stream": "184", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00007f04", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5039", + "tcp.analysis.ack_rtt": "0.000532000", + "tcp.analysis.initial_rtt": "0.137612000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:10.954247000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495070.954247000", + "frame.time_delta": "0.000014000", + "frame.time_delta_displayed": "0.000014000", + "frame.time_relative": "1479.493561000", + "frame.number": "5041", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x00006ad9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c8aa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35304", + "tcp.dstport": "80", + "tcp.port": "35304", + "tcp.port": "80", + "tcp.stream": "184", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003540", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137612000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:33:22:2c:20:4e:6f:6e:63:65:3d:22:32:5a:66:53:39:50:4c:49:48:36:79:37:49:4e:55:49:65:39:52:68:2b:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:46:47:50:30:57:61:47:51:6d:39:73:6f:76:75:45:77:5a:55:6d:31:78:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.093709000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.093709000", + "frame.time_delta": "0.139462000", + "frame.time_delta_displayed": "0.139462000", + "frame.time_relative": "1479.633023000", + "frame.number": "5042", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b31d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000d7bd", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35304", + "tcp.port": "80", + "tcp.port": "35304", + "tcp.stream": "184", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000dc38", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5041", + "tcp.analysis.ack_rtt": "0.139462000", + "tcp.analysis.initial_rtt": "0.137612000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.094329000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.094329000", + "frame.time_delta": "0.000620000", + "frame.time_delta_displayed": "0.000620000", + "frame.time_relative": "1479.633643000", + "frame.number": "5043", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x00006ada", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c621", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35304", + "tcp.dstport": "80", + "tcp.port": "35304", + "tcp.port": "80", + "tcp.stream": "184", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000489b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137612000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "6e:6c:1f:c5:34:6b:0c:99:0b:bc:fe:e4:f9:eb:f5:11:fc:0e:7f:6f:b6:cd:20:e4:c9:d7:a3:ff:ce:ab:c9:13:0e:b9:2e:1c:4b:89:37:4e:a7:fb:00:06:94:2e:79:af:7d:e7:a5:8b:bc:ed:8d:07:cb:27:d1:00:ad:c8:f5:ff:15:d7:81:7f:ae:e0:45:a8:17:51:96:6b:96:c4:53:fd:49:33:08:7e:93:79:fc:16:45:21:cd:23:7c:70:05:b7:ed:7a:63:d7:f6:5f:5b:01:62:a8:10:4a:00:67:90:11:2a:f3:59:84:09:42:e7:91:40:67:14:aa:cf:7c:4c:8e:4f:77:2d:cf:41:8a:3b:07:cf:1b:86:88:b1:5c:cb:27:e6:e2:5a:72:ca:88:d6:03:77:ec:e6:fd:94:2c:ba:87:91:7c:ba:00:fa:5d:26:53:29:d0:76:20:25:ec:b9:4f:9e:fe:6f:12:aa:24:55:97:5d:86:56:87:1f:f1:c7:cf:70:04:87:29:e2:8b:ba:3f:49:46:d2:f2:36:64:2e:d4:72:c6:2c:38:36:28:9c:00:37:68:f7:66:1e:b9:f5:83:02:66:9c:3e:76:cc:fe:d7:4b:b7:72:17:cd:c1:91:7a:6f:af:d0:03:a6:96:11:92:fb:8a:86:ad:e5:12:65:49:32:cb:9a:00:af:cc:a9:c8:50:16:86:d3:72:15:f9:33:3f:76:52:9e:e0:39:6a:1e:0c:16:76:59:f7:1c:c5:10:62:41:18:43:f9:19:58:7b:78:ca:2e:84:5b:14:3f:b1:a0:54:7b:15:f2:21:4a:ff:75:e8:1f:ba:61:db:ec:53:58:c5:cd:2f:bc:94:f4:88:87:fc:0f:80:7e:70:66:bc:ce:21:b9:2f:24:bc:f2:72:0a:b5:1c:21:0b:4f:41:97:0d:25:30:04:fe:e1:89:b7:b5:df:80:60:56:30:89:5f:04:32:eb:51:9f:a7:5d:7f:65:f0:9d:41:a2:3a:32:ed:9a:ad:4d:e7:34:8c:73:2f:91:6a:55:a0:9c:57:65:1f:cb:e8:e7:a4:77:2e:4b:3f:bc:f9:49:d6:3e:e8:14:96:19:1f:84:0a:bf:d4:8d:74:a3:d1:5e:5a:b7:ff:72:12:ce:7b:a9:c2:89:0d:95:2d:95:0f:e4:58:ab:3b:33:26:32:aa:6a:17:c4:5b:98:6a:c6:d7:05:1f:1d:38:7b:7b:13:d0:95:db:35:51:d3:56:df:d1:8f:59:fd:32:e9:ab:73:7a:e8:42:91:f2:88:58:0a:d4:56:ab:04:6f:ea:5c:7e:da:12:34:59:50:a9:bc:81:fd:cd:46:ca:48:77:4a:e8:03:e4:83:d6:cf:dd:71:6a:aa:4d:cc:06:bc:d3:f1:09:3c:75:9f:b3:76:67:17:7e:ff:f6:41:46:fa:1b:f0:cf:0d:09:61:0f:62:c6:61:e5:78:d2:40:41:b1:c8:53:02:59:1b:50:ce:43:6b:60:85:a1:0f:97:48:df:20:ef:52:5a:8a:7b:d3:6d:ea:e8:13:53:00:ad:a8:a1:1c:b4:f4:a7:97:ef:79:bf:dc:ba:cd:c3:3e:47:3e:45:fa:84:f2:03:2e:34:8a:91:44:d1:95:df:bd:bb:e3:12:1f:bc:04:ff:56:0f:d1:bc:12:70:fc:89:f0:90:05:ec:2b:c0:33:9c:9b:1f:bc:2e:bb:20:34:51:50:0a:35:91:1a:01:20:fb:2f:e1:79:83:00:64:97:d2:51:f3:a1:3c:41:b4:43:20:cf:b5:04:f7:20:27:50:c8:4e:7d:f3:e1:09:4e:69:70:d3:62:89:b9:d6:a3:72:16:06:9f:97:93:0b:36:2b:f8:92:44:65:c9:b8:9e:bf:22:19:1e:14:bc:58:7a:00:d4:cd:e2:4f:c3:8f:5f:85:e2:11:23:11:c0:e3:80:7d:83:21:63:c4:1c:d1:41:6f:65:52:0b:ea:c9:82:57:75:d8:77:b1:ec:35:9c:df:00:67:fd:a3:48:84:a2:2b:f2:59:57:28:15:13:2d:5d:e1:3f:30:56:e0:e9:bf:1d:f1:c8:b9:63:bb:21:e0:3c:01:71:cb:65:bf:2b:13:e2:cd:fb:4c:bc:0a:5a:74:70:7a:57:44:c7:86:88:7d:17:5c:84:42:93:25:2d:19:4a:13:b2:da:71:eb:29:39:5e:38:5d:2a:00:b4:5e:4d:15:60:ee:96:e9:01:dd:a8:bf:ce:6e:e0:d0:c9:94:a7:62:52:7a:fb:f5:14:6b:18:27:59:ca:69:6b:25:f4:dd:0d:4c:9c:86:8a:4c:4b:cc:52:d0:a0:d6:80:11:98:a5:8c:2d:fe:85:d2:e0:2c:4b:2d:19:e9:4b:34:be:c9:a8:a5:a3:7f:bd:b2:b2:be:ca:ed:33:db:17:62:ae:6c:63:94:6d:16:23:b4:c7:0d:62:6b:25:60:1d:82:86:dd:24:9e:82:d7:42:f4:a3:6a:cb:5d:f6:67:11:ac:fd:95:19:51:1f:e4:d7:fa:81:0a:e8:6b:26:56:1c:f8:27:1c:1d:60:be:42:c2:98:6a:b5:44:07:3c:60:4e:eb:53:dc:ce:e5:c1:cf:1e:2f:fb:45:e0:91:ca:96:8f:35:86:f9:df:dd:d0:fc:9e:e3:ba:99:56:7e:7b:d1:0b:c1:a6:ad:62:24:d5:35:0b:14:ed:14:13:ce:84:34:2b:5f:56:4b:1f:86:a2:67:b3:8c:c9:7a:7f:ce:b3:04:4b:7a:92:15:70:09:ea:53:96:b0:8d:b1:93:f9:6c:8e:55:a5:92:59:b0:4d:c8:19:59:2b:e9:df:13:45:1b:bd:dd:b4:4f:a7:32:71:8b:e3:5c:8e:cf:a2:d2:8e:3d:51:fe:29:8b:ac:b2:f3:4d:76:33:e8:e6:07:66:8d:ad:45:3e:22:78:9c:a4:64:e4:db:7c:2d:ca:62:58:06:17:66:fb:43:92:20:6b:12:8d:9d:11:10:be:2f:56:59:93:08:68:57:9f:c1:1f:66:ca:b4:43:39:10:26:ba:82:0c:44:96:1e:6e:ad:99:f3:09:a6:ac:58:06:b3:91:fc:0a:d3:03:bc:c8:fa:2e:11:43:96:65:18:fd:3c:54:4e:b7:f8:57:d9:73:cc:c7:b3:b4:82:6d:c8:de:24:b6:ee:78:0e:b7:5f:11:8f:8f:e8:07:e1:2c:cf:82:47:d6:fe:95:5a:aa:c7:79:43:2f:2c:ca:3e:6e:b3:f3:62:6d:44:31:29:34:f8:68:13:9c:06:a1:5a:39:26:2c:03:70:cf" + }, + "tcp.segments": { + "tcp.segment": "5041", + "tcp.segment": "5043", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:33:22:2c:20:4e:6f:6e:63:65:3d:22:32:5a:66:53:39:50:4c:49:48:36:79:37:49:4e:55:49:65:39:52:68:2b:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:46:47:50:30:57:61:47:51:6d:39:73:6f:76:75:45:77:5a:55:6d:31:78:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:6e:6c:1f:c5:34:6b:0c:99:0b:bc:fe:e4:f9:eb:f5:11:fc:0e:7f:6f:b6:cd:20:e4:c9:d7:a3:ff:ce:ab:c9:13:0e:b9:2e:1c:4b:89:37:4e:a7:fb:00:06:94:2e:79:af:7d:e7:a5:8b:bc:ed:8d:07:cb:27:d1:00:ad:c8:f5:ff:15:d7:81:7f:ae:e0:45:a8:17:51:96:6b:96:c4:53:fd:49:33:08:7e:93:79:fc:16:45:21:cd:23:7c:70:05:b7:ed:7a:63:d7:f6:5f:5b:01:62:a8:10:4a:00:67:90:11:2a:f3:59:84:09:42:e7:91:40:67:14:aa:cf:7c:4c:8e:4f:77:2d:cf:41:8a:3b:07:cf:1b:86:88:b1:5c:cb:27:e6:e2:5a:72:ca:88:d6:03:77:ec:e6:fd:94:2c:ba:87:91:7c:ba:00:fa:5d:26:53:29:d0:76:20:25:ec:b9:4f:9e:fe:6f:12:aa:24:55:97:5d:86:56:87:1f:f1:c7:cf:70:04:87:29:e2:8b:ba:3f:49:46:d2:f2:36:64:2e:d4:72:c6:2c:38:36:28:9c:00:37:68:f7:66:1e:b9:f5:83:02:66:9c:3e:76:cc:fe:d7:4b:b7:72:17:cd:c1:91:7a:6f:af:d0:03:a6:96:11:92:fb:8a:86:ad:e5:12:65:49:32:cb:9a:00:af:cc:a9:c8:50:16:86:d3:72:15:f9:33:3f:76:52:9e:e0:39:6a:1e:0c:16:76:59:f7:1c:c5:10:62:41:18:43:f9:19:58:7b:78:ca:2e:84:5b:14:3f:b1:a0:54:7b:15:f2:21:4a:ff:75:e8:1f:ba:61:db:ec:53:58:c5:cd:2f:bc:94:f4:88:87:fc:0f:80:7e:70:66:bc:ce:21:b9:2f:24:bc:f2:72:0a:b5:1c:21:0b:4f:41:97:0d:25:30:04:fe:e1:89:b7:b5:df:80:60:56:30:89:5f:04:32:eb:51:9f:a7:5d:7f:65:f0:9d:41:a2:3a:32:ed:9a:ad:4d:e7:34:8c:73:2f:91:6a:55:a0:9c:57:65:1f:cb:e8:e7:a4:77:2e:4b:3f:bc:f9:49:d6:3e:e8:14:96:19:1f:84:0a:bf:d4:8d:74:a3:d1:5e:5a:b7:ff:72:12:ce:7b:a9:c2:89:0d:95:2d:95:0f:e4:58:ab:3b:33:26:32:aa:6a:17:c4:5b:98:6a:c6:d7:05:1f:1d:38:7b:7b:13:d0:95:db:35:51:d3:56:df:d1:8f:59:fd:32:e9:ab:73:7a:e8:42:91:f2:88:58:0a:d4:56:ab:04:6f:ea:5c:7e:da:12:34:59:50:a9:bc:81:fd:cd:46:ca:48:77:4a:e8:03:e4:83:d6:cf:dd:71:6a:aa:4d:cc:06:bc:d3:f1:09:3c:75:9f:b3:76:67:17:7e:ff:f6:41:46:fa:1b:f0:cf:0d:09:61:0f:62:c6:61:e5:78:d2:40:41:b1:c8:53:02:59:1b:50:ce:43:6b:60:85:a1:0f:97:48:df:20:ef:52:5a:8a:7b:d3:6d:ea:e8:13:53:00:ad:a8:a1:1c:b4:f4:a7:97:ef:79:bf:dc:ba:cd:c3:3e:47:3e:45:fa:84:f2:03:2e:34:8a:91:44:d1:95:df:bd:bb:e3:12:1f:bc:04:ff:56:0f:d1:bc:12:70:fc:89:f0:90:05:ec:2b:c0:33:9c:9b:1f:bc:2e:bb:20:34:51:50:0a:35:91:1a:01:20:fb:2f:e1:79:83:00:64:97:d2:51:f3:a1:3c:41:b4:43:20:cf:b5:04:f7:20:27:50:c8:4e:7d:f3:e1:09:4e:69:70:d3:62:89:b9:d6:a3:72:16:06:9f:97:93:0b:36:2b:f8:92:44:65:c9:b8:9e:bf:22:19:1e:14:bc:58:7a:00:d4:cd:e2:4f:c3:8f:5f:85:e2:11:23:11:c0:e3:80:7d:83:21:63:c4:1c:d1:41:6f:65:52:0b:ea:c9:82:57:75:d8:77:b1:ec:35:9c:df:00:67:fd:a3:48:84:a2:2b:f2:59:57:28:15:13:2d:5d:e1:3f:30:56:e0:e9:bf:1d:f1:c8:b9:63:bb:21:e0:3c:01:71:cb:65:bf:2b:13:e2:cd:fb:4c:bc:0a:5a:74:70:7a:57:44:c7:86:88:7d:17:5c:84:42:93:25:2d:19:4a:13:b2:da:71:eb:29:39:5e:38:5d:2a:00:b4:5e:4d:15:60:ee:96:e9:01:dd:a8:bf:ce:6e:e0:d0:c9:94:a7:62:52:7a:fb:f5:14:6b:18:27:59:ca:69:6b:25:f4:dd:0d:4c:9c:86:8a:4c:4b:cc:52:d0:a0:d6:80:11:98:a5:8c:2d:fe:85:d2:e0:2c:4b:2d:19:e9:4b:34:be:c9:a8:a5:a3:7f:bd:b2:b2:be:ca:ed:33:db:17:62:ae:6c:63:94:6d:16:23:b4:c7:0d:62:6b:25:60:1d:82:86:dd:24:9e:82:d7:42:f4:a3:6a:cb:5d:f6:67:11:ac:fd:95:19:51:1f:e4:d7:fa:81:0a:e8:6b:26:56:1c:f8:27:1c:1d:60:be:42:c2:98:6a:b5:44:07:3c:60:4e:eb:53:dc:ce:e5:c1:cf:1e:2f:fb:45:e0:91:ca:96:8f:35:86:f9:df:dd:d0:fc:9e:e3:ba:99:56:7e:7b:d1:0b:c1:a6:ad:62:24:d5:35:0b:14:ed:14:13:ce:84:34:2b:5f:56:4b:1f:86:a2:67:b3:8c:c9:7a:7f:ce:b3:04:4b:7a:92:15:70:09:ea:53:96:b0:8d:b1:93:f9:6c:8e:55:a5:92:59:b0:4d:c8:19:59:2b:e9:df:13:45:1b:bd:dd:b4:4f:a7:32:71:8b:e3:5c:8e:cf:a2:d2:8e:3d:51:fe:29:8b:ac:b2:f3:4d:76:33:e8:e6:07:66:8d:ad:45:3e:22:78:9c:a4:64:e4:db:7c:2d:ca:62:58:06:17:66:fb:43:92:20:6b:12:8d:9d:11:10:be:2f:56:59:93:08:68:57:9f:c1:1f:66:ca:b4:43:39:10:26:ba:82:0c:44:96:1e:6e:ad:99:f3:09:a6:ac:58:06:b3:91:fc:0a:d3:03:bc:c8:fa:2e:11:43:96:65:18:fd:3c:54:4e:b7:f8:57:d9:73:cc:c7:b3:b4:82:6d:c8:de:24:b6:ee:78:0e:b7:5f:11:8f:8f:e8:07:e1:2c:cf:82:47:d6:fe:95:5a:aa:c7:79:43:2f:2c:ca:3e:6e:b3:f3:62:6d:44:31:29:34:f8:68:13:9c:06:a1:5a:39:26:2c:03:70:cf" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"193\", Nonce=\"2ZfS9PLIH6y7INUIe9Rh+w==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"FGP0WaGQm9sovuEwZUm1xA==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"193\", Nonce=\"2ZfS9PLIH6y7INUIe9Rh+w==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"FGP0WaGQm9sovuEwZUm1xA==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "nl\u001f\u00ef\u00bf\u00bd4k\f\u00ef\u00bf\u00bd\u000b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bd\u000e\u007fo\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0013\u000e\u00ef\u00bf\u00bd.\u001cK\u00ef\u00bf\u00bd7N\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "6e:6c:1f:c5:34:6b:0c:99:0b:bc:fe:e4:f9:eb:f5:11:fc:0e:7f:6f:b6:cd:20:e4:c9:d7:a3:ff:ce:ab:c9:13:0e:b9:2e:1c:4b:89:37:4e:a7:fb:00:06:94:2e:79:af:7d:e7:a5:8b:bc:ed:8d:07:cb:27:d1:00:ad:c8:f5:ff:15:d7:81:7f:ae:e0:45:a8:17:51:96:6b:96:c4:53:fd:49:33:08:7e:93:79:fc:16:45:21:cd:23:7c:70:05:b7:ed:7a:63:d7:f6:5f:5b:01:62:a8:10:4a:00:67:90:11:2a:f3:59:84:09:42:e7:91:40:67:14:aa:cf:7c:4c:8e:4f:77:2d:cf:41:8a:3b:07:cf:1b:86:88:b1:5c:cb:27:e6:e2:5a:72:ca:88:d6:03:77:ec:e6:fd:94:2c:ba:87:91:7c:ba:00:fa:5d:26:53:29:d0:76:20:25:ec:b9:4f:9e:fe:6f:12:aa:24:55:97:5d:86:56:87:1f:f1:c7:cf:70:04:87:29:e2:8b:ba:3f:49:46:d2:f2:36:64:2e:d4:72:c6:2c:38:36:28:9c:00:37:68:f7:66:1e:b9:f5:83:02:66:9c:3e:76:cc:fe:d7:4b:b7:72:17:cd:c1:91:7a:6f:af:d0:03:a6:96:11:92:fb:8a:86:ad:e5:12:65:49:32:cb:9a:00:af:cc:a9:c8:50:16:86:d3:72:15:f9:33:3f:76:52:9e:e0:39:6a:1e:0c:16:76:59:f7:1c:c5:10:62:41:18:43:f9:19:58:7b:78:ca:2e:84:5b:14:3f:b1:a0:54:7b:15:f2:21:4a:ff:75:e8:1f:ba:61:db:ec:53:58:c5:cd:2f:bc:94:f4:88:87:fc:0f:80:7e:70:66:bc:ce:21:b9:2f:24:bc:f2:72:0a:b5:1c:21:0b:4f:41:97:0d:25:30:04:fe:e1:89:b7:b5:df:80:60:56:30:89:5f:04:32:eb:51:9f:a7:5d:7f:65:f0:9d:41:a2:3a:32:ed:9a:ad:4d:e7:34:8c:73:2f:91:6a:55:a0:9c:57:65:1f:cb:e8:e7:a4:77:2e:4b:3f:bc:f9:49:d6:3e:e8:14:96:19:1f:84:0a:bf:d4:8d:74:a3:d1:5e:5a:b7:ff:72:12:ce:7b:a9:c2:89:0d:95:2d:95:0f:e4:58:ab:3b:33:26:32:aa:6a:17:c4:5b:98:6a:c6:d7:05:1f:1d:38:7b:7b:13:d0:95:db:35:51:d3:56:df:d1:8f:59:fd:32:e9:ab:73:7a:e8:42:91:f2:88:58:0a:d4:56:ab:04:6f:ea:5c:7e:da:12:34:59:50:a9:bc:81:fd:cd:46:ca:48:77:4a:e8:03:e4:83:d6:cf:dd:71:6a:aa:4d:cc:06:bc:d3:f1:09:3c:75:9f:b3:76:67:17:7e:ff:f6:41:46:fa:1b:f0:cf:0d:09:61:0f:62:c6:61:e5:78:d2:40:41:b1:c8:53:02:59:1b:50:ce:43:6b:60:85:a1:0f:97:48:df:20:ef:52:5a:8a:7b:d3:6d:ea:e8:13:53:00:ad:a8:a1:1c:b4:f4:a7:97:ef:79:bf:dc:ba:cd:c3:3e:47:3e:45:fa:84:f2:03:2e:34:8a:91:44:d1:95:df:bd:bb:e3:12:1f:bc:04:ff:56:0f:d1:bc:12:70:fc:89:f0:90:05:ec:2b:c0:33:9c:9b:1f:bc:2e:bb:20:34:51:50:0a:35:91:1a:01:20:fb:2f:e1:79:83:00:64:97:d2:51:f3:a1:3c:41:b4:43:20:cf:b5:04:f7:20:27:50:c8:4e:7d:f3:e1:09:4e:69:70:d3:62:89:b9:d6:a3:72:16:06:9f:97:93:0b:36:2b:f8:92:44:65:c9:b8:9e:bf:22:19:1e:14:bc:58:7a:00:d4:cd:e2:4f:c3:8f:5f:85:e2:11:23:11:c0:e3:80:7d:83:21:63:c4:1c:d1:41:6f:65:52:0b:ea:c9:82:57:75:d8:77:b1:ec:35:9c:df:00:67:fd:a3:48:84:a2:2b:f2:59:57:28:15:13:2d:5d:e1:3f:30:56:e0:e9:bf:1d:f1:c8:b9:63:bb:21:e0:3c:01:71:cb:65:bf:2b:13:e2:cd:fb:4c:bc:0a:5a:74:70:7a:57:44:c7:86:88:7d:17:5c:84:42:93:25:2d:19:4a:13:b2:da:71:eb:29:39:5e:38:5d:2a:00:b4:5e:4d:15:60:ee:96:e9:01:dd:a8:bf:ce:6e:e0:d0:c9:94:a7:62:52:7a:fb:f5:14:6b:18:27:59:ca:69:6b:25:f4:dd:0d:4c:9c:86:8a:4c:4b:cc:52:d0:a0:d6:80:11:98:a5:8c:2d:fe:85:d2:e0:2c:4b:2d:19:e9:4b:34:be:c9:a8:a5:a3:7f:bd:b2:b2:be:ca:ed:33:db:17:62:ae:6c:63:94:6d:16:23:b4:c7:0d:62:6b:25:60:1d:82:86:dd:24:9e:82:d7:42:f4:a3:6a:cb:5d:f6:67:11:ac:fd:95:19:51:1f:e4:d7:fa:81:0a:e8:6b:26:56:1c:f8:27:1c:1d:60:be:42:c2:98:6a:b5:44:07:3c:60:4e:eb:53:dc:ce:e5:c1:cf:1e:2f:fb:45:e0:91:ca:96:8f:35:86:f9:df:dd:d0:fc:9e:e3:ba:99:56:7e:7b:d1:0b:c1:a6:ad:62:24:d5:35:0b:14:ed:14:13:ce:84:34:2b:5f:56:4b:1f:86:a2:67:b3:8c:c9:7a:7f:ce:b3:04:4b:7a:92:15:70:09:ea:53:96:b0:8d:b1:93:f9:6c:8e:55:a5:92:59:b0:4d:c8:19:59:2b:e9:df:13:45:1b:bd:dd:b4:4f:a7:32:71:8b:e3:5c:8e:cf:a2:d2:8e:3d:51:fe:29:8b:ac:b2:f3:4d:76:33:e8:e6:07:66:8d:ad:45:3e:22:78:9c:a4:64:e4:db:7c:2d:ca:62:58:06:17:66:fb:43:92:20:6b:12:8d:9d:11:10:be:2f:56:59:93:08:68:57:9f:c1:1f:66:ca:b4:43:39:10:26:ba:82:0c:44:96:1e:6e:ad:99:f3:09:a6:ac:58:06:b3:91:fc:0a:d3:03:bc:c8:fa:2e:11:43:96:65:18:fd:3c:54:4e:b7:f8:57:d9:73:cc:c7:b3:b4:82:6d:c8:de:24:b6:ee:78:0e:b7:5f:11:8f:8f:e8:07:e1:2c:cf:82:47:d6:fe:95:5a:aa:c7:79:43:2f:2c:ca:3e:6e:b3:f3:62:6d:44:31:29:34:f8:68:13:9c:06:a1:5a:39:26:2c:03:70:cf" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.231487000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.231487000", + "frame.time_delta": "0.137158000", + "frame.time_delta_displayed": "0.137158000", + "frame.time_relative": "1479.770801000", + "frame.number": "5044", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f01e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00009abc", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35304", + "tcp.port": "80", + "tcp.port": "35304", + "tcp.stream": "184", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000d278", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5043", + "tcp.analysis.ack_rtt": "0.137158000", + "tcp.analysis.initial_rtt": "0.137612000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.234947000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.234947000", + "frame.time_delta": "0.003460000", + "frame.time_delta_displayed": "0.003460000", + "frame.time_relative": "1479.774261000", + "frame.number": "5045", + "frame.len": "1434", + "frame.cap_len": "1434", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1420", + "ip.id": "0x0000f0eb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000948b", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35304", + "tcp.port": "80", + "tcp.port": "35304", + "tcp.stream": "184", + "tcp.len": "1380", + "tcp.seq": "1", + "tcp.nxtseq": "1381", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00000a73", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137612000", + "tcp.analysis.bytes_in_flight": "1380", + "tcp.analysis.push_bytes_sent": "1380" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:34:30:31:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:70:72:69:76:61:74:65:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:74:65:78:74:2f:68:74:6d:6c:0d:0a:53:65:72:76:65:72:3a:20:4d:69:63:72:6f:73:6f:66:74:2d:49:49:53:2f:37:2e:35:0d:0a:57:57:57:2d:41:75:74:68:65:6e:74:69:63:61:74:65:3a:20:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:52:65:6e:65:77:4e:6f:6e:63:65:3d:22:54:72:75:65:22:2c:20:4e:6f:6e:63:65:3d:22:62:56:47:32:5a:46:77:56:78:67:36:39:49:4e:55:49:47:4f:4f:67:58:41:3d:3d:22:0d:0a:58:2d:41:73:70:4e:65:74:2d:56:65:72:73:69:6f:6e:3a:20:34:2e:30:2e:33:30:33:31:39:0d:0a:58:2d:50:6f:77:65:72:65:64:2d:42:79:3a:20:41:53:50:2e:4e:45:54:0d:0a:44:61:74:65:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:31:31:3a:31:30:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:39:33:0d:0a:0d:0a:3c:21:44:4f:43:54:59:50:45:20:68:74:6d:6c:20:50:55:42:4c:49:43:20:22:2d:2f:2f:57:33:43:2f:2f:44:54:44:20:58:48:54:4d:4c:20:31:2e:30:20:53:74:72:69:63:74:2f:2f:45:4e:22:20:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:54:52:2f:78:68:74:6d:6c:31:2f:44:54:44:2f:78:68:74:6d:6c:31:2d:73:74:72:69:63:74:2e:64:74:64:22:3e:0d:0a:3c:68:74:6d:6c:20:78:6d:6c:6e:73:3d:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:31:39:39:39:2f:78:68:74:6d:6c:22:3e:0d:0a:3c:68:65:61:64:3e:0d:0a:3c:6d:65:74:61:20:68:74:74:70:2d:65:71:75:69:76:3d:22:43:6f:6e:74:65:6e:74:2d:54:79:70:65:22:20:63:6f:6e:74:65:6e:74:3d:22:74:65:78:74:2f:68:74:6d:6c:3b:20:63:68:61:72:73:65:74:3d:69:73:6f:2d:38:38:35:39:2d:31:22:2f:3e:0d:0a:3c:74:69:74:6c:65:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:74:69:74:6c:65:3e:0d:0a:3c:73:74:79:6c:65:20:74:79:70:65:3d:22:74:65:78:74:2f:63:73:73:22:3e:0d:0a:3c:21:2d:2d:0d:0a:62:6f:64:79:7b:6d:61:72:67:69:6e:3a:30:3b:66:6f:6e:74:2d:73:69:7a:65:3a:2e:37:65:6d:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:56:65:72:64:61:6e:61:2c:20:41:72:69:61:6c:2c:20:48:65:6c:76:65:74:69:63:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:45:45:45:45:45:45:3b:7d:0d:0a:66:69:65:6c:64:73:65:74:7b:70:61:64:64:69:6e:67:3a:30:20:31:35:70:78:20:31:30:70:78:20:31:35:70:78:3b:7d:20:0d:0a:68:31:7b:66:6f:6e:74:2d:73:69:7a:65:3a:32:2e:34:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:7d:0d:0a:68:32:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:37:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:43:43:30:30:30:30:3b:7d:20:0d:0a:68:33:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:32:65:6d:3b:6d:61:72:67:69:6e:3a:31:30:70:78:20:30:20:30:20:30:3b:63:6f:6c:6f:72:3a:23:30:30:30:30:30:30:3b:7d:20:0d:0a:23:68:65:61:64:65:72:7b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:30:3b:70:61:64:64:69:6e:67:3a:36:70:78:20:32:25:20:36:70:78:20:32:25:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:22:74:72:65:62:75:63:68:65:74:20:4d:53:22:2c:20:56:65:72:64:61:6e:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:0d:0a:62:61:63:6b:67:72:6f:75:6e:64:2d:63:6f:6c:6f:72:3a:23:35:35:35:35:35:35:3b:7d:0d:0a:23:63:6f:6e:74:65:6e:74:7b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:32:25:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2e:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:7b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:46:46:46:3b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:2d:74:6f:70:3a:38:70:78:3b:70:61:64:64:69:6e:67:3a:31:30:70:78:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2d:2d:3e:0d:0a:3c:2f:73:74:79:6c:65:3e:0d:0a:3c:2f:68:65:61:64:3e:0d:0a:3c:62:6f:64:79:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:68:65:61:64:65:72:22:3e:3c:68:31:3e:53:65:72:76:65:72:20:45:72:72:6f:72:3c:2f:68:31:3e:3c:2f:64:69:76:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:63:6f:6e:74:65:6e:74:22:3e:0d:0a:20:3c:64:69:76:20:63:6c:61:73:73:3d:22:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:22:3e:3c:66:69:65:6c:64:73" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.234968000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.234968000", + "frame.time_delta": "0.000021000", + "frame.time_delta_displayed": "0.000021000", + "frame.time_relative": "1479.774282000", + "frame.number": "5046", + "frame.len": "134", + "frame.cap_len": "134", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "120", + "ip.id": "0x0000f0ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000999e", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35304", + "tcp.port": "80", + "tcp.port": "35304", + "tcp.stream": "184", + "tcp.len": "80", + "tcp.seq": "1381", + "tcp.nxtseq": "1461", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000055f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137612000", + "tcp.analysis.bytes_in_flight": "1460", + "tcp.analysis.push_bytes_sent": "1460" + }, + "tcp.segment_data": "65:74:3e:0d:0a:20:20:3c:68:32:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:68:32:3e" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.235044000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.235044000", + "frame.time_delta": "0.000076000", + "frame.time_delta_displayed": "0.000076000", + "frame.time_relative": "1479.774358000", + "frame.number": "5047", + "frame.len": "213", + "frame.cap_len": "213", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "199", + "ip.id": "0x0000f0ed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000994e", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35304", + "tcp.port": "80", + "tcp.port": "35304", + "tcp.stream": "184", + "tcp.len": "159", + "tcp.seq": "1461", + "tcp.nxtseq": "1620", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000066f7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137612000", + "tcp.analysis.bytes_in_flight": "1619", + "tcp.analysis.push_bytes_sent": "159" + }, + "tcp.segment_data": "0d:0a:20:20:3c:68:33:3e:59:6f:75:20:64:6f:20:6e:6f:74:20:68:61:76:65:20:70:65:72:6d:69:73:73:69:6f:6e:20:74:6f:20:76:69:65:77:20:74:68:69:73:20:64:69:72:65:63:74:6f:72:79:20:6f:72:20:70:61:67:65:20:75:73:69:6e:67:20:74:68:65:20:63:72:65:64:65:6e:74:69:61:6c:73:20:74:68:61:74:20:79:6f:75:20:73:75:70:70:6c:69:65:64:2e:3c:2f:68:33:3e:0d:0a:20:3c:2f:66:69:65:6c:64:73:65:74:3e:3c:2f:64:69:76:3e:0d:0a:3c:2f:64:69:76:3e:0d:0a:3c:2f:62:6f:64:79:3e:0d:0a:3c:2f:68:74:6d:6c:3e:0d:0a" + }, + "tcp.segments": { + "tcp.segment": "5045", + "tcp.segment": "5046", + "tcp.segment": "5047", + "tcp.segment.count": "3", + "tcp.reassembled.length": "1619", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:34:30:31:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:70:72:69:76:61:74:65:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:74:65:78:74:2f:68:74:6d:6c:0d:0a:53:65:72:76:65:72:3a:20:4d:69:63:72:6f:73:6f:66:74:2d:49:49:53:2f:37:2e:35:0d:0a:57:57:57:2d:41:75:74:68:65:6e:74:69:63:61:74:65:3a:20:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:52:65:6e:65:77:4e:6f:6e:63:65:3d:22:54:72:75:65:22:2c:20:4e:6f:6e:63:65:3d:22:62:56:47:32:5a:46:77:56:78:67:36:39:49:4e:55:49:47:4f:4f:67:58:41:3d:3d:22:0d:0a:58:2d:41:73:70:4e:65:74:2d:56:65:72:73:69:6f:6e:3a:20:34:2e:30:2e:33:30:33:31:39:0d:0a:58:2d:50:6f:77:65:72:65:64:2d:42:79:3a:20:41:53:50:2e:4e:45:54:0d:0a:44:61:74:65:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:31:31:3a:31:30:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:39:33:0d:0a:0d:0a:3c:21:44:4f:43:54:59:50:45:20:68:74:6d:6c:20:50:55:42:4c:49:43:20:22:2d:2f:2f:57:33:43:2f:2f:44:54:44:20:58:48:54:4d:4c:20:31:2e:30:20:53:74:72:69:63:74:2f:2f:45:4e:22:20:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:54:52:2f:78:68:74:6d:6c:31:2f:44:54:44:2f:78:68:74:6d:6c:31:2d:73:74:72:69:63:74:2e:64:74:64:22:3e:0d:0a:3c:68:74:6d:6c:20:78:6d:6c:6e:73:3d:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:31:39:39:39:2f:78:68:74:6d:6c:22:3e:0d:0a:3c:68:65:61:64:3e:0d:0a:3c:6d:65:74:61:20:68:74:74:70:2d:65:71:75:69:76:3d:22:43:6f:6e:74:65:6e:74:2d:54:79:70:65:22:20:63:6f:6e:74:65:6e:74:3d:22:74:65:78:74:2f:68:74:6d:6c:3b:20:63:68:61:72:73:65:74:3d:69:73:6f:2d:38:38:35:39:2d:31:22:2f:3e:0d:0a:3c:74:69:74:6c:65:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:74:69:74:6c:65:3e:0d:0a:3c:73:74:79:6c:65:20:74:79:70:65:3d:22:74:65:78:74:2f:63:73:73:22:3e:0d:0a:3c:21:2d:2d:0d:0a:62:6f:64:79:7b:6d:61:72:67:69:6e:3a:30:3b:66:6f:6e:74:2d:73:69:7a:65:3a:2e:37:65:6d:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:56:65:72:64:61:6e:61:2c:20:41:72:69:61:6c:2c:20:48:65:6c:76:65:74:69:63:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:45:45:45:45:45:45:3b:7d:0d:0a:66:69:65:6c:64:73:65:74:7b:70:61:64:64:69:6e:67:3a:30:20:31:35:70:78:20:31:30:70:78:20:31:35:70:78:3b:7d:20:0d:0a:68:31:7b:66:6f:6e:74:2d:73:69:7a:65:3a:32:2e:34:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:7d:0d:0a:68:32:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:37:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:43:43:30:30:30:30:3b:7d:20:0d:0a:68:33:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:32:65:6d:3b:6d:61:72:67:69:6e:3a:31:30:70:78:20:30:20:30:20:30:3b:63:6f:6c:6f:72:3a:23:30:30:30:30:30:30:3b:7d:20:0d:0a:23:68:65:61:64:65:72:7b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:30:3b:70:61:64:64:69:6e:67:3a:36:70:78:20:32:25:20:36:70:78:20:32:25:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:22:74:72:65:62:75:63:68:65:74:20:4d:53:22:2c:20:56:65:72:64:61:6e:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:0d:0a:62:61:63:6b:67:72:6f:75:6e:64:2d:63:6f:6c:6f:72:3a:23:35:35:35:35:35:35:3b:7d:0d:0a:23:63:6f:6e:74:65:6e:74:7b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:32:25:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2e:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:7b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:46:46:46:3b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:2d:74:6f:70:3a:38:70:78:3b:70:61:64:64:69:6e:67:3a:31:30:70:78:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2d:2d:3e:0d:0a:3c:2f:73:74:79:6c:65:3e:0d:0a:3c:2f:68:65:61:64:3e:0d:0a:3c:62:6f:64:79:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:68:65:61:64:65:72:22:3e:3c:68:31:3e:53:65:72:76:65:72:20:45:72:72:6f:72:3c:2f:68:31:3e:3c:2f:64:69:76:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:63:6f:6e:74:65:6e:74:22:3e:0d:0a:20:3c:64:69:76:20:63:6c:61:73:73:3d:22:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:22:3e:3c:66:69:65:6c:64:73:65:74:3e:0d:0a:20:20:3c:68:32:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:68:32:3e:0d:0a:20:20:3c:68:33:3e:59:6f:75:20:64:6f:20:6e:6f:74:20:68:61:76:65:20:70:65:72:6d:69:73:73:69:6f:6e:20:74:6f:20:76:69:65:77:20:74:68:69:73:20:64:69:72:65:63:74:6f:72:79:20:6f:72:20:70:61:67:65:20:75:73:69:6e:67:20:74:68:65:20:63:72:65:64:65:6e:74:69:61:6c:73:20:74:68:61:74:20:79:6f:75:20:73:75:70:70:6c:69:65:64:2e:3c:2f:68:33:3e:0d:0a:20:3c:2f:66:69:65:6c:64:73:65:74:3e:3c:2f:64:69:76:3e:0d:0a:3c:2f:64:69:76:3e:0d:0a:3c:2f:62:6f:64:79:3e:0d:0a:3c:2f:68:74:6d:6c:3e:0d:0a" + }, + "http": { + "HTTP\/1.1 401 Unauthorized\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 401 Unauthorized\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "401", + "http.response.phrase": "Unauthorized" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_type": "text\/html", + "http.response.line": "Content-Type: text\/html\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Type=\"SSO\", RenewNonce=\"True\", Nonce=\"bVG2ZFwVxg69INUIGOOgXA==\"", + "http.response.line": "WWW-Authenticate: CBAuth Type=\"SSO\", RenewNonce=\"True\", Nonce=\"bVG2ZFwVxg69INUIGOOgXA==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Wed, 01 Nov 2017 00:11:10 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:11:10 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "http.content_length_header": "1293", + "http.content_length_header_tree": { + "http.content_length": "1293" + }, + "http.response.line": "Content-Length: 1293\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.140715000", + "http.request_in": "5043", + "http.file_data": "<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD XHTML 1.0 Strict\/\/EN\" \"http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-strict.dtd\">\r\n<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text\/html; charset=iso-8859-1\"\/>\r\n<title>401 - Unauthorized: Access is denied due to invalid credentials.<\/title>\r\n<style type=\"text\/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n<\/style>\r\n<\/head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error<\/h1><\/div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n <h2>401 - Unauthorized: Access is denied due to invalid credentials.<\/h2>\r\n <h3>You do not have permission to view this directory or page using the credentials that you supplied.<\/h3>\r\n <\/fieldset><\/div>\r\n<\/div>\r\n<\/body>\r\n<\/html>\r\n" + }, + "data-text-lines": { + "<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD XHTML 1.0 Strict\/\/EN\" \"http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-strict.dtd\">\\r\\n": "", + "<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\\r\\n": "", + "<head>\\r\\n": "", + "<meta http-equiv=\"Content-Type\" content=\"text\/html; charset=iso-8859-1\"\/>\\r\\n": "", + "<title>401 - Unauthorized: Access is denied due to invalid credentials.<\/title>\\r\\n": "", + "<style type=\"text\/css\">\\r\\n": "", + "<!--\\r\\n": "", + "body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\\r\\n": "", + "fieldset{padding:0 15px 10px 15px;} \\r\\n": "", + "h1{font-size:2.4em;margin:0;color:#FFF;}\\r\\n": "", + "h2{font-size:1.7em;margin:0;color:#CC0000;} \\r\\n": "", + "h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \\r\\n": "", + "#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\\r\\n": "", + "background-color:#555555;}\\r\\n": "", + "#content{margin:0 0 0 2%;position:relative;}\\r\\n": "", + ".content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\\r\\n": "", + "-->\\r\\n": "", + "<\/style>\\r\\n": "", + "<\/head>\\r\\n": "", + "<body>\\r\\n": "", + "<div id=\"header\"><h1>Server Error<\/h1><\/div>\\r\\n": "", + "<div id=\"content\">\\r\\n": "", + " <div class=\"content-container\"><fieldset>\\r\\n": "", + " <h2>401 - Unauthorized: Access is denied due to invalid credentials.<\/h2>\\r\\n": "", + " <h3>You do not have permission to view this directory or page using the credentials that you supplied.<\/h3>\\r\\n": "", + " <\/fieldset><\/div>\\r\\n": "", + "<\/div>\\r\\n": "", + "<\/body>\\r\\n": "", + "<\/html>\\r\\n": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.235120000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.235120000", + "frame.time_delta": "0.000076000", + "frame.time_delta_displayed": "0.000076000", + "frame.time_relative": "1479.774434000", + "frame.number": "5048", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f0ef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x000099eb", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35304", + "tcp.port": "80", + "tcp.port": "35304", + "tcp.stream": "184", + "tcp.len": "0", + "tcp.seq": "1620", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000cc24", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.235567000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.235567000", + "frame.time_delta": "0.000447000", + "frame.time_delta_displayed": "0.000447000", + "frame.time_relative": "1479.774881000", + "frame.number": "5049", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006adb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cb00", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35304", + "tcp.dstport": "80", + "tcp.port": "35304", + "tcp.port": "80", + "tcp.stream": "184", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "1381", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "31740", + "tcp.window_size": "31740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000687c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5045", + "tcp.analysis.ack_rtt": "0.000620000", + "tcp.analysis.initial_rtt": "0.137612000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.235580000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.235580000", + "frame.time_delta": "0.000013000", + "frame.time_delta_displayed": "0.000013000", + "frame.time_relative": "1479.774894000", + "frame.number": "5050", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006adc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000caff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35304", + "tcp.dstport": "80", + "tcp.port": "35304", + "tcp.port": "80", + "tcp.stream": "184", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "1461", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "31740", + "tcp.window_size": "31740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000682c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5046", + "tcp.analysis.ack_rtt": "0.000612000", + "tcp.analysis.initial_rtt": "0.137612000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.235589000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.235589000", + "frame.time_delta": "0.000009000", + "frame.time_delta_displayed": "0.000009000", + "frame.time_relative": "1479.774903000", + "frame.number": "5051", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006add", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cafe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35304", + "tcp.dstport": "80", + "tcp.port": "35304", + "tcp.port": "80", + "tcp.stream": "184", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "1620", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "31740", + "tcp.window_size": "31740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000678d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5047", + "tcp.analysis.ack_rtt": "0.000545000", + "tcp.analysis.initial_rtt": "0.137612000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.235866000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.235866000", + "frame.time_delta": "0.000277000", + "frame.time_delta_displayed": "0.000277000", + "frame.time_relative": "1479.775180000", + "frame.number": "5052", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006ade", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cafd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35304", + "tcp.dstport": "80", + "tcp.port": "35304", + "tcp.port": "80", + "tcp.stream": "184", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "1621", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "31740", + "tcp.window_size": "31740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000678b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5048", + "tcp.analysis.ack_rtt": "0.000746000", + "tcp.analysis.initial_rtt": "0.137612000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.236845000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.236845000", + "frame.time_delta": "0.000979000", + "frame.time_delta_displayed": "0.000979000", + "frame.time_relative": "1479.776159000", + "frame.number": "5053", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000b7d7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000000e3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "40699", + "udp.dstport": "53", + "udp.port": "40699", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00001715", + "udp.checksum.status": "2", + "udp.stream": "116" + }, + "dns": { + "dns.id": "0x00000f2d", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.237374000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.237374000", + "frame.time_delta": "0.000529000", + "frame.time_delta_displayed": "0.000529000", + "frame.time_relative": "1479.776688000", + "frame.number": "5054", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00009152", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002768", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "40699", + "udp.port": "53", + "udp.port": "40699", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "116" + }, + "dns": { + "dns.response_to": "5053", + "dns.time": "0.000529000", + "dns.id": "0x00000f2d", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.238177000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.238177000", + "frame.time_delta": "0.000803000", + "frame.time_delta_displayed": "0.000803000", + "frame.time_relative": "1479.777491000", + "frame.number": "5055", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000b7d8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000000e2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51969", + "udp.dstport": "53", + "udp.port": "51969", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000060e", + "udp.checksum.status": "2", + "udp.stream": "117" + }, + "dns": { + "dns.id": "0x00000f2e", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.238670000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.238670000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "1479.777984000", + "frame.number": "5056", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00009153", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002757", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "51969", + "udp.port": "53", + "udp.port": "51969", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "117" + }, + "dns": { + "dns.response_to": "5055", + "dns.time": "0.000493000", + "dns.id": "0x00000f2e", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2306", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.239456000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.239456000", + "frame.time_delta": "0.000786000", + "frame.time_delta_displayed": "0.000786000", + "frame.time_relative": "1479.778770000", + "frame.number": "5057", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000218d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001443", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35305", + "tcp.dstport": "80", + "tcp.port": "35305", + "tcp.port": "80", + "tcp.stream": "185", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000b57c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.372410000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.372410000", + "frame.time_delta": "0.132954000", + "frame.time_delta_displayed": "0.132954000", + "frame.time_relative": "1479.911724000", + "frame.number": "5058", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002c99", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00005e42", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35304", + "tcp.port": "80", + "tcp.port": "35304", + "tcp.stream": "184", + "tcp.len": "0", + "tcp.seq": "1621", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000cc23", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5052", + "tcp.analysis.ack_rtt": "0.136544000", + "tcp.analysis.initial_rtt": "0.137612000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.374883000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.374883000", + "frame.time_delta": "0.002473000", + "frame.time_delta_displayed": "0.002473000", + "frame.time_relative": "1479.914197000", + "frame.number": "5059", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x0000c7b8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000c31a", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35305", + "tcp.port": "80", + "tcp.port": "35305", + "tcp.stream": "185", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x00001a3a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5057", + "tcp.analysis.ack_rtt": "0.135427000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.375389000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.375389000", + "frame.time_delta": "0.000506000", + "frame.time_delta_displayed": "0.000506000", + "frame.time_relative": "1479.914703000", + "frame.number": "5060", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000218e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000144e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35305", + "tcp.dstport": "80", + "tcp.port": "35305", + "tcp.port": "80", + "tcp.stream": "185", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000e3c8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5059", + "tcp.analysis.ack_rtt": "0.000506000", + "tcp.analysis.initial_rtt": "0.135933000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.375403000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.375403000", + "frame.time_delta": "0.000014000", + "frame.time_delta_displayed": "0.000014000", + "frame.time_relative": "1479.914717000", + "frame.number": "5061", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x0000218f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000011f5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35305", + "tcp.dstport": "80", + "tcp.port": "35305", + "tcp.port": "80", + "tcp.stream": "185", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000e919", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.135933000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:34:22:2c:20:4e:6f:6e:63:65:3d:22:62:56:47:32:5a:46:77:56:78:67:36:39:49:4e:55:49:47:4f:4f:67:58:41:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:32:71:45:38:75:53:7a:6b:4d:63:4c:77:66:43:45:36:36:31:51:52:38:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.511575000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.511575000", + "frame.time_delta": "0.136172000", + "frame.time_delta_displayed": "0.136172000", + "frame.time_relative": "1480.050889000", + "frame.number": "5062", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000003f5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x000086e6", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35305", + "tcp.port": "80", + "tcp.port": "35305", + "tcp.stream": "185", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000040fd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5061", + "tcp.analysis.ack_rtt": "0.136172000", + "tcp.analysis.initial_rtt": "0.135933000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.512200000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.512200000", + "frame.time_delta": "0.000625000", + "frame.time_delta_displayed": "0.000625000", + "frame.time_relative": "1480.051514000", + "frame.number": "5063", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x00002190", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000f6c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35305", + "tcp.dstport": "80", + "tcp.port": "35305", + "tcp.port": "80", + "tcp.stream": "185", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000034b0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.135933000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "60:1c:db:16:a0:58:ce:ea:5e:1d:a2:bd:26:a5:4d:65:09:cc:df:36:c3:4e:db:f2:2c:0a:48:6c:17:97:04:32:e2:20:da:be:25:12:de:34:47:3c:fc:0a:97:5e:eb:4c:63:9f:99:73:92:b2:8c:05:d0:d3:46:df:47:d2:ec:9e:19:ce:f8:1a:84:ee:89:19:bd:aa:00:58:e4:c0:2a:42:51:6f:42:80:26:7a:4b:9e:3d:0f:18:eb:20:24:6a:79:16:4e:81:e2:8c:9d:b4:f5:14:74:fe:59:15:16:d3:ea:41:55:05:00:c6:40:4b:51:a0:fb:53:26:0d:06:27:9c:11:ec:25:82:44:8d:3b:36:66:f0:05:6c:ac:c0:d9:82:5c:cd:a9:04:3e:b8:5d:07:3e:f1:55:d3:54:35:88:d8:c0:fd:84:44:4b:9c:07:65:7d:ac:43:e5:7e:9b:25:2a:72:39:ad:b6:f6:1a:c4:db:69:44:8b:23:dd:ca:78:8a:5f:5f:16:7f:c1:c9:df:92:f4:6f:38:7d:c6:d9:30:52:f9:3f:40:4c:a7:2c:d4:35:ba:f5:6f:0b:6a:b3:b0:cf:b6:91:bb:af:e2:3c:d8:fa:4f:5b:72:22:25:98:99:68:93:f9:ac:ba:97:2d:a7:b1:03:d0:d1:6c:8f:d6:69:20:9c:71:f8:f4:17:5d:7b:dd:41:3b:2b:7d:de:ea:bc:11:15:73:3f:17:4b:65:c1:12:e3:85:4f:a9:05:7e:f6:ce:09:45:ec:06:d7:3f:1a:bf:87:05:1a:c2:95:db:69:1d:26:a9:54:9e:d8:47:2a:6c:ed:39:a1:d9:f7:a7:cb:ab:97:67:f0:79:62:c3:1f:e7:bf:46:b0:cd:d7:3a:53:50:d3:5e:52:6b:26:2c:0f:ed:5c:dc:c6:92:4b:35:d4:49:5f:c9:d0:fc:1a:57:00:0e:d2:d0:e1:8d:ab:1e:48:59:b8:c2:8e:ff:76:2d:3c:c7:e4:23:99:19:ae:18:5a:ef:2d:be:30:9f:d7:55:01:1c:12:d9:48:df:fb:76:66:0e:15:32:96:85:51:a7:36:d6:99:fd:4d:98:62:f5:e7:05:ee:e9:97:a6:10:1d:10:a5:65:cf:23:bb:22:8d:9b:c7:f0:8e:a2:65:3a:11:a3:4d:bf:d0:4c:08:97:2b:90:35:ae:38:26:8e:ba:25:09:ef:cb:e0:3a:a7:2c:09:2f:24:c3:0c:dd:ea:f2:e6:ff:4d:b8:31:6a:71:86:8c:9d:ed:48:ea:69:fc:02:bf:25:a4:7f:d0:7f:19:4d:90:a4:d8:b8:81:a5:6e:66:79:c6:65:05:14:53:47:74:15:7d:cb:e2:56:2a:03:4b:0d:13:b1:00:b1:07:ba:61:fe:c7:d2:0f:9d:37:ff:08:59:79:33:c6:94:69:38:83:16:35:5e:7a:fe:af:96:55:96:b3:0c:67:2e:e8:42:7c:8e:de:98:ea:30:a4:91:47:f3:b3:ba:65:45:52:a0:3a:a9:79:71:5c:4f:cb:3e:c1:6f:7f:a2:8b:de:35:84:13:d9:8b:d0:b7:20:fc:ba:de:4f:ee:a3:06:fc:a0:25:47:fa:e2:d9:8d:83:e3:3b:75:8c:99:ea:76:a5:8c:e7:eb:26:48:2f:91:1e:5d:58:36:50:75:f8:9f:4c:3d:5f:f4:db:be:b4:cf:02:bd:ae:25:26:be:d0:80:bf:66:9f:a8:b7:8f:c6:00:1e:4d:ba:36:3e:01:55:c2:ac:b6:68:cc:97:a2:8c:e4:ab:6c:04:28:71:a7:ac:08:0e:69:5a:f8:64:a7:22:34:88:25:a1:41:cd:4c:74:49:f7:05:4f:32:e3:f7:01:38:0e:2d:76:80:9a:a4:2f:a6:70:f2:56:41:cc:43:c9:6e:21:d2:db:83:13:9f:30:48:09:68:36:64:3d:e7:0f:14:26:c2:0e:b3:8b:89:98:99:67:c6:7a:ae:41:4b:d0:fa:d8:68:64:0a:8e:36:05:bf:b3:1a:5c:12:d7:a8:52:6a:a8:64:b4:da:f0:bb:c0:c5:1f:b2:55:43:98:69:a0:c2:1a:ac:76:33:12:fc:7c:2a:67:05:bf:f1:c3:48:0c:23:ba:b2:d8:a8:1b:f6:d0:07:ea:d4:de:84:02:fc:0d:da:96:fb:0a:e2:3c:e2:61:0d:43:a1:c0:dc:a9:70:e9:9e:83:a7:ea:c3:6a:96:4a:5b:66:05:23:f6:0d:b9:6c:08:41:fe:6f:01:7d:0a:fb:73:5f:34:27:1d:e9:20:1d:1e:c1:7d:ea:e9:95:4c:e2:8b:c4:58:f6:39:20:cb:2e:62:1d:ae:92:60:96:0f:ef:f7:c4:e8:ce:46:4c:8f:0a:85:0a:d3:3f:d0:4a:0f:3e:94:5a:7d:ce:3c:ec:c2:61:2d:7e:31:d2:15:f4:51:e8:52:58:37:de:ed:d4:c2:95:a0:57:33:65:34:1e:db:47:f6:28:69:6f:ba:8c:aa:ef:a1:d9:57:15:72:d4:9b:cd:e4:16:3d:47:12:8e:b2:c3:ab:94:87:e1:e4:75:d7:52:93:b6:36:9f:3b:5d:fe:b2:0a:99:18:b1:2a:85:e5:fd:1a:1b:5d:f4:f0:ed:2b:a2:45:39:b5:2d:96:7f:7e:b6:b9:83:f4:ee:0f:45:59:94:2d:ec:98:c2:f2:8b:04:2b:4e:ea:26:51:4c:93:5b:76:66:5c:cc:cc:93:f5:c0:ba:92:f5:04:76:33:74:7a:5f:7b:ce:59:08:72:a9:79:b0:8c:19:e2:b8:43:ed:be:2d:95:18:7e:91:1b:fb:5c:b9:b6:cc:0d:e2:9c:9f:76:53:76:7c:ff:ee:1b:fc:2d:05:9a:2e:b4:11:1b:64:05:9f:1b:6f:37:36:4f:29:ea:7c:7b:69:0f:84:57:0a:8e:f8:54:85:e3:36:82:c8:ef:1a:e2:5e:bf:8b:6c:0e:d4:f2:6c:8c:7b:5f:a9:69:7c:12:e0:8d:de:41:eb:c6:49:82:1e:c6:7e:59:98:36:33:25:4f:6f:2c:34:86:3c:2f:38:5a:2d:c1:ec:47:0a:67:1f:37:4a:95:77:5e:c5:58:64:bf:52:bb:b4:cf:f6:a7:48:ce:a6:d0:5d:6f:6f:06:30:71:d7:06:34:3a:02:3c:d7:71:e1:f1:3e:ba:25:74:1f:57:ba:5f:7f:1d:1c:9f:47:3e:9e:66:18:0d:6f:93:a8:70:35:ad:bc:f2:f5:03:8f:11:ba:2c:3a:da:b6:22:a4:02:87:99:d6:79:fc:4e:b7:2f:c4:70:5d:29:12:b5:e9" + }, + "tcp.segments": { + "tcp.segment": "5061", + "tcp.segment": "5063", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:34:22:2c:20:4e:6f:6e:63:65:3d:22:62:56:47:32:5a:46:77:56:78:67:36:39:49:4e:55:49:47:4f:4f:67:58:41:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:32:71:45:38:75:53:7a:6b:4d:63:4c:77:66:43:45:36:36:31:51:52:38:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:60:1c:db:16:a0:58:ce:ea:5e:1d:a2:bd:26:a5:4d:65:09:cc:df:36:c3:4e:db:f2:2c:0a:48:6c:17:97:04:32:e2:20:da:be:25:12:de:34:47:3c:fc:0a:97:5e:eb:4c:63:9f:99:73:92:b2:8c:05:d0:d3:46:df:47:d2:ec:9e:19:ce:f8:1a:84:ee:89:19:bd:aa:00:58:e4:c0:2a:42:51:6f:42:80:26:7a:4b:9e:3d:0f:18:eb:20:24:6a:79:16:4e:81:e2:8c:9d:b4:f5:14:74:fe:59:15:16:d3:ea:41:55:05:00:c6:40:4b:51:a0:fb:53:26:0d:06:27:9c:11:ec:25:82:44:8d:3b:36:66:f0:05:6c:ac:c0:d9:82:5c:cd:a9:04:3e:b8:5d:07:3e:f1:55:d3:54:35:88:d8:c0:fd:84:44:4b:9c:07:65:7d:ac:43:e5:7e:9b:25:2a:72:39:ad:b6:f6:1a:c4:db:69:44:8b:23:dd:ca:78:8a:5f:5f:16:7f:c1:c9:df:92:f4:6f:38:7d:c6:d9:30:52:f9:3f:40:4c:a7:2c:d4:35:ba:f5:6f:0b:6a:b3:b0:cf:b6:91:bb:af:e2:3c:d8:fa:4f:5b:72:22:25:98:99:68:93:f9:ac:ba:97:2d:a7:b1:03:d0:d1:6c:8f:d6:69:20:9c:71:f8:f4:17:5d:7b:dd:41:3b:2b:7d:de:ea:bc:11:15:73:3f:17:4b:65:c1:12:e3:85:4f:a9:05:7e:f6:ce:09:45:ec:06:d7:3f:1a:bf:87:05:1a:c2:95:db:69:1d:26:a9:54:9e:d8:47:2a:6c:ed:39:a1:d9:f7:a7:cb:ab:97:67:f0:79:62:c3:1f:e7:bf:46:b0:cd:d7:3a:53:50:d3:5e:52:6b:26:2c:0f:ed:5c:dc:c6:92:4b:35:d4:49:5f:c9:d0:fc:1a:57:00:0e:d2:d0:e1:8d:ab:1e:48:59:b8:c2:8e:ff:76:2d:3c:c7:e4:23:99:19:ae:18:5a:ef:2d:be:30:9f:d7:55:01:1c:12:d9:48:df:fb:76:66:0e:15:32:96:85:51:a7:36:d6:99:fd:4d:98:62:f5:e7:05:ee:e9:97:a6:10:1d:10:a5:65:cf:23:bb:22:8d:9b:c7:f0:8e:a2:65:3a:11:a3:4d:bf:d0:4c:08:97:2b:90:35:ae:38:26:8e:ba:25:09:ef:cb:e0:3a:a7:2c:09:2f:24:c3:0c:dd:ea:f2:e6:ff:4d:b8:31:6a:71:86:8c:9d:ed:48:ea:69:fc:02:bf:25:a4:7f:d0:7f:19:4d:90:a4:d8:b8:81:a5:6e:66:79:c6:65:05:14:53:47:74:15:7d:cb:e2:56:2a:03:4b:0d:13:b1:00:b1:07:ba:61:fe:c7:d2:0f:9d:37:ff:08:59:79:33:c6:94:69:38:83:16:35:5e:7a:fe:af:96:55:96:b3:0c:67:2e:e8:42:7c:8e:de:98:ea:30:a4:91:47:f3:b3:ba:65:45:52:a0:3a:a9:79:71:5c:4f:cb:3e:c1:6f:7f:a2:8b:de:35:84:13:d9:8b:d0:b7:20:fc:ba:de:4f:ee:a3:06:fc:a0:25:47:fa:e2:d9:8d:83:e3:3b:75:8c:99:ea:76:a5:8c:e7:eb:26:48:2f:91:1e:5d:58:36:50:75:f8:9f:4c:3d:5f:f4:db:be:b4:cf:02:bd:ae:25:26:be:d0:80:bf:66:9f:a8:b7:8f:c6:00:1e:4d:ba:36:3e:01:55:c2:ac:b6:68:cc:97:a2:8c:e4:ab:6c:04:28:71:a7:ac:08:0e:69:5a:f8:64:a7:22:34:88:25:a1:41:cd:4c:74:49:f7:05:4f:32:e3:f7:01:38:0e:2d:76:80:9a:a4:2f:a6:70:f2:56:41:cc:43:c9:6e:21:d2:db:83:13:9f:30:48:09:68:36:64:3d:e7:0f:14:26:c2:0e:b3:8b:89:98:99:67:c6:7a:ae:41:4b:d0:fa:d8:68:64:0a:8e:36:05:bf:b3:1a:5c:12:d7:a8:52:6a:a8:64:b4:da:f0:bb:c0:c5:1f:b2:55:43:98:69:a0:c2:1a:ac:76:33:12:fc:7c:2a:67:05:bf:f1:c3:48:0c:23:ba:b2:d8:a8:1b:f6:d0:07:ea:d4:de:84:02:fc:0d:da:96:fb:0a:e2:3c:e2:61:0d:43:a1:c0:dc:a9:70:e9:9e:83:a7:ea:c3:6a:96:4a:5b:66:05:23:f6:0d:b9:6c:08:41:fe:6f:01:7d:0a:fb:73:5f:34:27:1d:e9:20:1d:1e:c1:7d:ea:e9:95:4c:e2:8b:c4:58:f6:39:20:cb:2e:62:1d:ae:92:60:96:0f:ef:f7:c4:e8:ce:46:4c:8f:0a:85:0a:d3:3f:d0:4a:0f:3e:94:5a:7d:ce:3c:ec:c2:61:2d:7e:31:d2:15:f4:51:e8:52:58:37:de:ed:d4:c2:95:a0:57:33:65:34:1e:db:47:f6:28:69:6f:ba:8c:aa:ef:a1:d9:57:15:72:d4:9b:cd:e4:16:3d:47:12:8e:b2:c3:ab:94:87:e1:e4:75:d7:52:93:b6:36:9f:3b:5d:fe:b2:0a:99:18:b1:2a:85:e5:fd:1a:1b:5d:f4:f0:ed:2b:a2:45:39:b5:2d:96:7f:7e:b6:b9:83:f4:ee:0f:45:59:94:2d:ec:98:c2:f2:8b:04:2b:4e:ea:26:51:4c:93:5b:76:66:5c:cc:cc:93:f5:c0:ba:92:f5:04:76:33:74:7a:5f:7b:ce:59:08:72:a9:79:b0:8c:19:e2:b8:43:ed:be:2d:95:18:7e:91:1b:fb:5c:b9:b6:cc:0d:e2:9c:9f:76:53:76:7c:ff:ee:1b:fc:2d:05:9a:2e:b4:11:1b:64:05:9f:1b:6f:37:36:4f:29:ea:7c:7b:69:0f:84:57:0a:8e:f8:54:85:e3:36:82:c8:ef:1a:e2:5e:bf:8b:6c:0e:d4:f2:6c:8c:7b:5f:a9:69:7c:12:e0:8d:de:41:eb:c6:49:82:1e:c6:7e:59:98:36:33:25:4f:6f:2c:34:86:3c:2f:38:5a:2d:c1:ec:47:0a:67:1f:37:4a:95:77:5e:c5:58:64:bf:52:bb:b4:cf:f6:a7:48:ce:a6:d0:5d:6f:6f:06:30:71:d7:06:34:3a:02:3c:d7:71:e1:f1:3e:ba:25:74:1f:57:ba:5f:7f:1d:1c:9f:47:3e:9e:66:18:0d:6f:93:a8:70:35:ad:bc:f2:f5:03:8f:11:ba:2c:3a:da:b6:22:a4:02:87:99:d6:79:fc:4e:b7:2f:c4:70:5d:29:12:b5:e9" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"194\", Nonce=\"bVG2ZFwVxg69INUIGOOgXA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"2qE8uSzkMcLwfCE661QR8A==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"194\", Nonce=\"bVG2ZFwVxg69INUIGOOgXA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"2qE8uSzkMcLwfCE661QR8A==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "`\u001c\u00ef\u00bf\u00bd\u0016\u00ef\u00bf\u00bdX\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd^\u001d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bdMe\t\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd,\nHl\u0017\u00ef\u00bf\u00bd\u00042\u00ef\u00bf\u00bd \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd%\u0012\u00ef\u00bf\u00bd4G<\u00ef\u00bf\u00bd\n\u00ef\u00bf\u00bd^\u00ef\u00bf\u00bdLc\u00ef\u00bf\u00bd\u00ef\u00bf\u00bds\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdF\u00ef\u00bf\u00bdG\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "60:1c:db:16:a0:58:ce:ea:5e:1d:a2:bd:26:a5:4d:65:09:cc:df:36:c3:4e:db:f2:2c:0a:48:6c:17:97:04:32:e2:20:da:be:25:12:de:34:47:3c:fc:0a:97:5e:eb:4c:63:9f:99:73:92:b2:8c:05:d0:d3:46:df:47:d2:ec:9e:19:ce:f8:1a:84:ee:89:19:bd:aa:00:58:e4:c0:2a:42:51:6f:42:80:26:7a:4b:9e:3d:0f:18:eb:20:24:6a:79:16:4e:81:e2:8c:9d:b4:f5:14:74:fe:59:15:16:d3:ea:41:55:05:00:c6:40:4b:51:a0:fb:53:26:0d:06:27:9c:11:ec:25:82:44:8d:3b:36:66:f0:05:6c:ac:c0:d9:82:5c:cd:a9:04:3e:b8:5d:07:3e:f1:55:d3:54:35:88:d8:c0:fd:84:44:4b:9c:07:65:7d:ac:43:e5:7e:9b:25:2a:72:39:ad:b6:f6:1a:c4:db:69:44:8b:23:dd:ca:78:8a:5f:5f:16:7f:c1:c9:df:92:f4:6f:38:7d:c6:d9:30:52:f9:3f:40:4c:a7:2c:d4:35:ba:f5:6f:0b:6a:b3:b0:cf:b6:91:bb:af:e2:3c:d8:fa:4f:5b:72:22:25:98:99:68:93:f9:ac:ba:97:2d:a7:b1:03:d0:d1:6c:8f:d6:69:20:9c:71:f8:f4:17:5d:7b:dd:41:3b:2b:7d:de:ea:bc:11:15:73:3f:17:4b:65:c1:12:e3:85:4f:a9:05:7e:f6:ce:09:45:ec:06:d7:3f:1a:bf:87:05:1a:c2:95:db:69:1d:26:a9:54:9e:d8:47:2a:6c:ed:39:a1:d9:f7:a7:cb:ab:97:67:f0:79:62:c3:1f:e7:bf:46:b0:cd:d7:3a:53:50:d3:5e:52:6b:26:2c:0f:ed:5c:dc:c6:92:4b:35:d4:49:5f:c9:d0:fc:1a:57:00:0e:d2:d0:e1:8d:ab:1e:48:59:b8:c2:8e:ff:76:2d:3c:c7:e4:23:99:19:ae:18:5a:ef:2d:be:30:9f:d7:55:01:1c:12:d9:48:df:fb:76:66:0e:15:32:96:85:51:a7:36:d6:99:fd:4d:98:62:f5:e7:05:ee:e9:97:a6:10:1d:10:a5:65:cf:23:bb:22:8d:9b:c7:f0:8e:a2:65:3a:11:a3:4d:bf:d0:4c:08:97:2b:90:35:ae:38:26:8e:ba:25:09:ef:cb:e0:3a:a7:2c:09:2f:24:c3:0c:dd:ea:f2:e6:ff:4d:b8:31:6a:71:86:8c:9d:ed:48:ea:69:fc:02:bf:25:a4:7f:d0:7f:19:4d:90:a4:d8:b8:81:a5:6e:66:79:c6:65:05:14:53:47:74:15:7d:cb:e2:56:2a:03:4b:0d:13:b1:00:b1:07:ba:61:fe:c7:d2:0f:9d:37:ff:08:59:79:33:c6:94:69:38:83:16:35:5e:7a:fe:af:96:55:96:b3:0c:67:2e:e8:42:7c:8e:de:98:ea:30:a4:91:47:f3:b3:ba:65:45:52:a0:3a:a9:79:71:5c:4f:cb:3e:c1:6f:7f:a2:8b:de:35:84:13:d9:8b:d0:b7:20:fc:ba:de:4f:ee:a3:06:fc:a0:25:47:fa:e2:d9:8d:83:e3:3b:75:8c:99:ea:76:a5:8c:e7:eb:26:48:2f:91:1e:5d:58:36:50:75:f8:9f:4c:3d:5f:f4:db:be:b4:cf:02:bd:ae:25:26:be:d0:80:bf:66:9f:a8:b7:8f:c6:00:1e:4d:ba:36:3e:01:55:c2:ac:b6:68:cc:97:a2:8c:e4:ab:6c:04:28:71:a7:ac:08:0e:69:5a:f8:64:a7:22:34:88:25:a1:41:cd:4c:74:49:f7:05:4f:32:e3:f7:01:38:0e:2d:76:80:9a:a4:2f:a6:70:f2:56:41:cc:43:c9:6e:21:d2:db:83:13:9f:30:48:09:68:36:64:3d:e7:0f:14:26:c2:0e:b3:8b:89:98:99:67:c6:7a:ae:41:4b:d0:fa:d8:68:64:0a:8e:36:05:bf:b3:1a:5c:12:d7:a8:52:6a:a8:64:b4:da:f0:bb:c0:c5:1f:b2:55:43:98:69:a0:c2:1a:ac:76:33:12:fc:7c:2a:67:05:bf:f1:c3:48:0c:23:ba:b2:d8:a8:1b:f6:d0:07:ea:d4:de:84:02:fc:0d:da:96:fb:0a:e2:3c:e2:61:0d:43:a1:c0:dc:a9:70:e9:9e:83:a7:ea:c3:6a:96:4a:5b:66:05:23:f6:0d:b9:6c:08:41:fe:6f:01:7d:0a:fb:73:5f:34:27:1d:e9:20:1d:1e:c1:7d:ea:e9:95:4c:e2:8b:c4:58:f6:39:20:cb:2e:62:1d:ae:92:60:96:0f:ef:f7:c4:e8:ce:46:4c:8f:0a:85:0a:d3:3f:d0:4a:0f:3e:94:5a:7d:ce:3c:ec:c2:61:2d:7e:31:d2:15:f4:51:e8:52:58:37:de:ed:d4:c2:95:a0:57:33:65:34:1e:db:47:f6:28:69:6f:ba:8c:aa:ef:a1:d9:57:15:72:d4:9b:cd:e4:16:3d:47:12:8e:b2:c3:ab:94:87:e1:e4:75:d7:52:93:b6:36:9f:3b:5d:fe:b2:0a:99:18:b1:2a:85:e5:fd:1a:1b:5d:f4:f0:ed:2b:a2:45:39:b5:2d:96:7f:7e:b6:b9:83:f4:ee:0f:45:59:94:2d:ec:98:c2:f2:8b:04:2b:4e:ea:26:51:4c:93:5b:76:66:5c:cc:cc:93:f5:c0:ba:92:f5:04:76:33:74:7a:5f:7b:ce:59:08:72:a9:79:b0:8c:19:e2:b8:43:ed:be:2d:95:18:7e:91:1b:fb:5c:b9:b6:cc:0d:e2:9c:9f:76:53:76:7c:ff:ee:1b:fc:2d:05:9a:2e:b4:11:1b:64:05:9f:1b:6f:37:36:4f:29:ea:7c:7b:69:0f:84:57:0a:8e:f8:54:85:e3:36:82:c8:ef:1a:e2:5e:bf:8b:6c:0e:d4:f2:6c:8c:7b:5f:a9:69:7c:12:e0:8d:de:41:eb:c6:49:82:1e:c6:7e:59:98:36:33:25:4f:6f:2c:34:86:3c:2f:38:5a:2d:c1:ec:47:0a:67:1f:37:4a:95:77:5e:c5:58:64:bf:52:bb:b4:cf:f6:a7:48:ce:a6:d0:5d:6f:6f:06:30:71:d7:06:34:3a:02:3c:d7:71:e1:f1:3e:ba:25:74:1f:57:ba:5f:7f:1d:1c:9f:47:3e:9e:66:18:0d:6f:93:a8:70:35:ad:bc:f2:f5:03:8f:11:ba:2c:3a:da:b6:22:a4:02:87:99:d6:79:fc:4e:b7:2f:c4:70:5d:29:12:b5:e9" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.649165000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.649165000", + "frame.time_delta": "0.136965000", + "frame.time_delta_displayed": "0.136965000", + "frame.time_relative": "1480.188479000", + "frame.number": "5064", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003f05", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00004bd6", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35305", + "tcp.port": "80", + "tcp.port": "35305", + "tcp.stream": "185", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000373d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5063", + "tcp.analysis.ack_rtt": "0.136965000", + "tcp.analysis.initial_rtt": "0.135933000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.673777000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.673777000", + "frame.time_delta": "0.024612000", + "frame.time_delta_displayed": "0.024612000", + "frame.time_relative": "1480.213091000", + "frame.number": "5065", + "frame.len": "925", + "frame.cap_len": "925", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "911", + "ip.id": "0x0000493e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00003e36", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35305", + "tcp.port": "80", + "tcp.port": "35305", + "tcp.stream": "185", + "tcp.len": "871", + "tcp.seq": "1", + "tcp.nxtseq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00007d8f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.135933000", + "tcp.analysis.bytes_in_flight": "871", + "tcp.analysis.push_bytes_sent": "871" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_length_header": "560", + "http.content_length_header_tree": { + "http.content_length": "560" + }, + "http.response.line": "Content-Length: 560\r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Nonce=\"wD61ydoCCg+9INUIKpgyvg==\"", + "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"wD61ydoCCg+9INUIKpgyvg==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Wed, 01 Nov 2017 00:11:11 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:11:11 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.161577000", + "http.request_in": "5063", + "http.file_data": "`\u001c\u00ef\u00bf\u00bd\u0016\u00ef\u00bf\u00bdX\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd^\u001d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bdMe\t\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd,\nHl\u0017\u00ef\u00bf\u00bd\u00042\u00ef\u00bf\u00bd9.\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd0\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdds\u00ef\u00bf\u00bd5]DG\u00ef\u00bf\u00bd8\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdO-\u00ef\u00bf\u00bd9\u00ef\u00bf\u00bdQ\u001b\u00ef\u00bf\u00bdF}\u00ef\u00bf\u00bdM\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd \u00ef\u00bf\u00bdb\u00ef\u00bf\u00bd#\u00ef\u00bf\u00bdf0Im\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdSq\u00ef\u00bf\u00bde\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdyp\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0010\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd+f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd@\u00ef\u00bf\u00bdo\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "60:1c:db:16:a0:58:ce:ea:5e:1d:a2:bd:26:a5:4d:65:09:cc:df:36:c3:4e:db:f2:2c:0a:48:6c:17:97:04:32:d0:39:2e:f2:ee:ec:30:bf:88:64:73:a1:35:5d:44:47:d5:38:f1:9b:4f:2d:d2:39:a2:51:1b:aa:46:7d:f1:4d:ac:de:de:84:d6:20:b1:62:b4:23:d2:66:30:49:6d:cc:e1:53:71:93:65:d3:bd:ee:cb:f4:79:70:8b:fb:02:ec:88:1c:fb:ca:10:cb:ca:9a:2b:66:b7:94:36:b8:fd:40:9c:6f:c4:ff:ba:64:d3:bd:00:9b:9d:3b:e8:bd:23:8a:68:ee:08:87:da:af:35:c7:52:42:8d:51:00:fd:71:c2:2e:7c:1a:1d:59:8e:f2:57:85:51:94:bb:ba:38:08:38:0f:6c:45:2e:5f:12:d2:be:dc:aa:73:b0:53:07:9d:74:0b:c8:ac:5d:1e:9c:ae:34:44:ad:86:cb:27:76:bb:78:47:7d:78:4d:2d:e0:5f:83:e6:8d:6a:6f:d9:54:25:d8:c7:cf:32:46:55:b3:67:59:7d:21:80:74:78:42:70:90:65:3e:c5:76:0b:46:1a:bb:13:7e:52:20:c1:13:37:56:d1:3a:0c:6a:a4:20:f9:71:4e:b7:57:5a:db:32:0a:16:e5:de:57:44:53:4f:ec:08:38:1b:f2:b2:47:f2:d2:c1:4d:dd:82:ec:85:d0:1b:e7:92:ea:02:e7:13:d3:be:1e:dc:d4:49:7d:9a:d0:d9:52:0e:46:08:ca:cd:68:83:c6:d9:6c:8f:64:e1:2f:43:05:99:50:32:b0:6a:6a:08:f7:e1:a0:6b:57:43:0b:94:a5:7f:7b:d8:47:14:11:51:86:fd:9a:9f:2a:17:c3:af:a8:6b:2d:65:a3:11:a9:ee:0e:4e:75:ba:fe:d0:ea:c1:50:a9:57:55:a5:45:d8:2c:0e:14:ce:af:22:91:8e:a6:9f:d9:14:69:55:eb:5c:af:bf:ae:a5:03:76:e0:e7:aa:e2:ea:38:25:1a:42:9e:86:1a:4a:dc:42:52:d2:f2:c8:f5:0c:f7:de:6e:ba:12:96:44:2f:4a:5f:de:ed:62:6c:c4:c1:a7:66:fe:f5:34:49:6f:2b:c2:2e:b2:f8:c2:6d:33:ca:cf:f7:31:42:b4:0f:06:aa:eb:28:2f:df:7d:60:9d:5a:c4:38:af:76:9e:20:e8:17:29:69:2e:31:cd:29:c3:70:65:c3:be:a4:44:4d:c7:bb:bd:c2:b8:ea:61:93:f6:88:24:55:b7:cb:07:41:5f:e5:c5:53:e8:db:97:06:5c:7a:df:c1:79:5a:19:84:f9:12:77:87:f1:bb:a4:f0:88:f2:6e:6c:70:f7:2e:3f:b7:16:25:72:6b:0a:ce:38:d7:83:2f:fe:b8:a5:36:46:48:01:6e:68:95:f8:4a:d5:10:b7:e4:ea:20:87:a9:a9:27" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.673865000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.673865000", + "frame.time_delta": "0.000088000", + "frame.time_delta_displayed": "0.000088000", + "frame.time_relative": "1480.213179000", + "frame.number": "5066", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004940", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000419b", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35305", + "tcp.port": "80", + "tcp.port": "35305", + "tcp.stream": "185", + "tcp.len": "0", + "tcp.seq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000033d5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.674339000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.674339000", + "frame.time_delta": "0.000474000", + "frame.time_delta_displayed": "0.000474000", + "frame.time_relative": "1480.213653000", + "frame.number": "5067", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002191", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000144b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35305", + "tcp.dstport": "80", + "tcp.port": "35305", + "tcp.port": "80", + "tcp.stream": "185", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "872", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000d424", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5065", + "tcp.analysis.ack_rtt": "0.000562000", + "tcp.analysis.initial_rtt": "0.135933000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.675122000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.675122000", + "frame.time_delta": "0.000783000", + "frame.time_delta_displayed": "0.000783000", + "frame.time_relative": "1480.214436000", + "frame.number": "5068", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002192", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000144a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35305", + "tcp.dstport": "80", + "tcp.port": "35305", + "tcp.port": "80", + "tcp.stream": "185", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "873", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000d422", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5066", + "tcp.analysis.ack_rtt": "0.001257000", + "tcp.analysis.initial_rtt": "0.135933000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:11.810365000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495071.810365000", + "frame.time_delta": "0.135243000", + "frame.time_delta_displayed": "0.135243000", + "frame.time_relative": "1480.349679000", + "frame.number": "5069", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008338", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x000007a3", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35305", + "tcp.port": "80", + "tcp.port": "35305", + "tcp.stream": "185", + "tcp.len": "0", + "tcp.seq": "873", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000033d4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5068", + "tcp.analysis.ack_rtt": "0.135243000", + "tcp.analysis.initial_rtt": "0.135933000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:12.812419000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495072.812419000", + "frame.time_delta": "1.002054000", + "frame.time_delta_displayed": "1.002054000", + "frame.time_relative": "1481.351733000", + "frame.number": "5070", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000b81f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000009b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "43179", + "udp.dstport": "53", + "udp.port": "43179", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00000d63", + "udp.checksum.status": "2", + "udp.stream": "118" + }, + "dns": { + "dns.id": "0x00000f2f", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:12.813029000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495072.813029000", + "frame.time_delta": "0.000610000", + "frame.time_delta_displayed": "0.000610000", + "frame.time_relative": "1481.352343000", + "frame.number": "5071", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000091ca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000026f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "43179", + "udp.port": "53", + "udp.port": "43179", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "118" + }, + "dns": { + "dns.response_to": "5070", + "dns.time": "0.000610000", + "dns.id": "0x00000f2f", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:12.815055000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495072.815055000", + "frame.time_delta": "0.002026000", + "frame.time_delta_displayed": "0.002026000", + "frame.time_relative": "1481.354369000", + "frame.number": "5072", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000b820", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000009a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "39114", + "udp.dstport": "53", + "udp.port": "39114", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00003843", + "udp.checksum.status": "2", + "udp.stream": "119" + }, + "dns": { + "dns.id": "0x00000f30", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:12.815601000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495072.815601000", + "frame.time_delta": "0.000546000", + "frame.time_delta_displayed": "0.000546000", + "frame.time_relative": "1481.354915000", + "frame.number": "5073", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x000091cb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000026df", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "39114", + "udp.port": "53", + "udp.port": "39114", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "119" + }, + "dns": { + "dns.response_to": "5072", + "dns.time": "0.000546000", + "dns.id": "0x00000f30", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2305", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:12.816652000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495072.816652000", + "frame.time_delta": "0.001051000", + "frame.time_delta_displayed": "0.001051000", + "frame.time_relative": "1481.355966000", + "frame.number": "5074", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00007ec1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b70e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35306", + "tcp.dstport": "80", + "tcp.port": "35306", + "tcp.port": "80", + "tcp.stream": "186", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000d9fa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:12.952226000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495072.952226000", + "frame.time_delta": "0.135574000", + "frame.time_delta_displayed": "0.135574000", + "frame.time_relative": "1481.491540000", + "frame.number": "5075", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x0000b13c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000d996", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35306", + "tcp.port": "80", + "tcp.port": "35306", + "tcp.stream": "186", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x0000c21f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5074", + "tcp.analysis.ack_rtt": "0.135574000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:12.952762000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495072.952762000", + "frame.time_delta": "0.000536000", + "frame.time_delta_displayed": "0.000536000", + "frame.time_relative": "1481.492076000", + "frame.number": "5076", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007ec2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b719", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35306", + "tcp.dstport": "80", + "tcp.port": "35306", + "tcp.port": "80", + "tcp.stream": "186", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008bae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5075", + "tcp.analysis.ack_rtt": "0.000536000", + "tcp.analysis.initial_rtt": "0.136110000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:12.953302000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495072.953302000", + "frame.time_delta": "0.000540000", + "frame.time_delta_displayed": "0.000540000", + "frame.time_relative": "1481.492616000", + "frame.number": "5077", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x00007ec3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b4c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35306", + "tcp.dstport": "80", + "tcp.port": "35306", + "tcp.port": "80", + "tcp.stream": "186", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000b469", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136110000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:35:22:2c:20:4e:6f:6e:63:65:3d:22:77:44:36:31:79:64:6f:43:43:67:2b:39:49:4e:55:49:4b:70:67:79:76:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:69:59:6c:41:71:2b:69:6b:72:65:6f:4c:35:4d:59:64:50:64:58:7a:6a:51:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:13.091041000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495073.091041000", + "frame.time_delta": "0.137739000", + "frame.time_delta_displayed": "0.137739000", + "frame.time_relative": "1481.630355000", + "frame.number": "5078", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e898", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000a242", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35306", + "tcp.port": "80", + "tcp.port": "35306", + "tcp.stream": "186", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000e8e2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5077", + "tcp.analysis.ack_rtt": "0.137739000", + "tcp.analysis.initial_rtt": "0.136110000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:13.091669000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495073.091669000", + "frame.time_delta": "0.000628000", + "frame.time_delta_displayed": "0.000628000", + "frame.time_relative": "1481.630983000", + "frame.number": "5079", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x00007ec4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b237", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35306", + "tcp.dstport": "80", + "tcp.port": "35306", + "tcp.port": "80", + "tcp.stream": "186", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000f904", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136110000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "80:24:d3:8c:ac:6d:af:d4:97:d3:d1:27:a1:35:fa:58:44:1d:93:fa:8f:b7:b7:58:62:47:9d:2e:22:28:e1:80:7b:23:5e:b3:8b:54:b0:16:13:cb:5f:76:37:fe:8d:e1:9e:87:f0:42:e7:76:e8:2e:3f:14:b6:22:88:1f:1c:79:ec:fe:22:a9:59:4c:12:97:31:67:7d:73:7e:af:34:dd:06:ee:2e:35:c1:e7:aa:42:79:9f:1c:09:41:e5:47:96:91:85:c5:b6:6c:09:bc:0b:d6:da:f1:c8:15:1e:57:ee:7e:c8:b4:ab:65:d5:69:85:62:17:a9:4c:cc:6b:5a:04:d7:d4:f6:79:52:41:28:0c:ec:6a:25:fe:fa:c4:ad:1b:30:a0:cd:2c:40:6e:9c:c6:ff:fb:0a:79:54:71:32:de:45:ce:17:a7:e8:2d:5b:67:4e:cc:5d:31:6a:b7:2a:86:03:6b:2a:d6:a3:e3:49:7f:9d:49:d1:98:0b:70:e9:14:19:e6:89:e0:0e:ed:6a:3a:bb:8e:ea:08:7f:8d:c9:5d:49:41:0c:4b:93:5b:4e:74:93:6e:57:76:de:43:98:b3:a4:8f:56:0f:ac:ad:c8:1d:c9:cd:20:bd:d7:6a:14:9b:84:d3:d9:57:c2:cb:77:ad:74:69:70:3d:d3:e5:58:3d:6d:89:44:85:fe:27:2b:17:70:5f:80:d9:0a:e8:d6:06:6e:f9:80:47:11:cb:2e:95:66:8d:df:b9:8b:6e:93:e8:94:56:50:ce:47:69:76:30:dd:84:30:a1:7b:bc:5f:35:0e:70:de:75:1e:96:bc:13:7b:b5:06:8f:b4:f4:51:e0:1d:58:ef:03:05:94:25:82:3e:8c:f3:64:ee:9d:60:38:6a:bd:0b:ab:1d:19:f9:a3:cc:0b:6d:0d:f8:79:20:1e:0c:14:9d:39:a6:26:6c:00:e2:c9:05:a7:e2:70:86:2d:93:9f:67:8d:b4:d8:a5:a8:1e:e2:de:7d:7f:d0:b8:ea:c7:8b:4c:c5:7d:e8:83:07:db:8c:35:a5:c2:6b:ad:bf:43:db:13:09:d4:42:a4:56:b0:5b:6b:f3:82:82:65:42:3d:a6:e1:bf:ce:4a:8b:1f:af:45:9c:1c:ac:7b:78:cd:d0:6d:1b:3b:ab:ad:7a:7f:7b:6e:a6:bf:e5:59:8d:e7:15:34:f1:12:d9:8f:b6:fc:d5:f4:07:e1:63:40:3a:d6:bd:bf:bf:e7:c8:18:2b:20:be:11:c8:2f:b7:eb:99:df:9d:2f:f7:39:cd:bc:5e:51:2c:d7:09:99:e0:77:69:02:a2:cb:02:66:c8:8a:10:5a:0e:42:2c:eb:21:af:3d:55:49:98:04:12:d5:f7:61:55:73:a4:6d:52:af:d7:58:68:82:44:4b:4d:d2:ac:90:95:db:31:9e:44:ec:0b:ed:73:9c:97:41:a9:18:4b:1f:3c:31:13:21:86:21:34:73:64:84:cd:03:05:59:32:0a:fe:3a:98:fa:a7:7b:9b:c9:68:11:47:15:f6:7a:d6:f4:9f:9f:70:75:06:2b:52:3e:3b:b2:09:e5:7a:67:04:e0:06:1b:80:cf:3f:d9:f7:e1:a7:e4:e1:d9:3b:07:19:35:3f:ab:9f:52:46:8c:66:8a:8c:fd:60:8c:78:c1:e5:54:19:13:fa:38:71:37:9e:40:4f:7a:d1:47:04:45:4a:d1:e4:2a:d4:f1:46:f9:15:e4:ee:d5:9f:9b:d8:14:02:71:80:fe:67:b2:14:df:68:ac:b8:ac:9b:30:2c:a0:40:69:83:ca:c7:9e:36:4a:8c:74:a6:f3:10:cc:2a:d9:55:65:01:58:02:aa:7b:c3:43:9c:a6:9d:7f:33:b6:83:f1:f0:74:4f:e4:78:4a:2a:9a:10:cf:a1:4c:06:08:dc:db:11:8f:0d:20:42:07:99:b8:c8:89:4b:45:71:5d:74:ca:e0:25:c3:2a:57:31:aa:06:0c:87:be:1d:b7:76:7c:3c:90:4a:31:00:78:9f:ce:74:4f:9c:e1:87:cc:7f:31:77:a4:b8:f1:f0:85:d7:12:b5:b8:94:26:ea:bc:00:ca:ff:08:a3:3a:be:7b:ea:80:51:e5:30:aa:25:3f:6e:68:e3:a6:0f:19:32:3c:d6:e3:af:57:74:21:b1:bb:e4:28:cd:78:d6:9f:6f:5b:1e:46:8c:48:86:42:29:56:d4:35:ec:8c:5c:ea:89:e0:26:e0:1f:e8:46:da:32:99:01:63:9e:00:87:7e:52:7e:2d:b0:2e:de:fd:9c:68:67:13:48:7c:c6:02:c4:58:06:f7:cb:ba:71:81:26:a7:35:22:6c:aa:26:46:5a:1e:49:0c:5d:9d:a5:dc:46:e6:48:45:72:38:07:5c:f4:01:c3:36:ca:67:0d:05:bd:46:af:34:a6:3d:21:aa:ee:2f:ff:6e:f3:d9:c5:1e:76:88:da:64:25:de:e1:14:a3:76:e5:04:c7:3d:2d:de:92:f4:ad:ba:b4:72:62:44:75:7d:e2:3c:4c:73:8d:28:ae:d0:a3:73:24:32:50:bf:05:75:12:c4:f2:ed:0f:9a:62:d8:ec:d4:64:f9:b3:7a:cf:5f:6d:10:ed:9e:e0:58:03:ee:ee:87:23:bf:d5:d8:87:d6:68:fb:e5:e0:6f:8c:0b:cd:75:ce:d7:66:2c:1c:4b:2b:ff:ce:71:1b:68:79:8e:47:83:01:9f:38:ad:1e:74:6a:93:c2:79:1d:2c:69:e0:ca:99:fd:52:e2:88:35:62:32:20:9f:51:e0:e5:b9:f5:35:d2:95:23:d5:83:5f:19:3b:32:65:0f:94:42:48:e4:54:89:98:e2:7a:04:d8:4f:a8:de:f1:db:d3:1f:e4:3d:d8:55:ce:8b:be:fa:12:6c:f1:6f:ce:ff:67:55:93:16:69:b7:4b:b8:1b:f7:1f:76:a7:2a:c6:9d:8c:96:bf:e3:35:33:c1:91:09:d5:62:7c:4d:40:ca:09:16:16:25:4a:8c:77:4b:71:ee:1a:5a:9a:93:0d:7f:7f:df:eb:5f:04:55:d0:56:3b:98:2d:35:15:1c:3c:61:c1:61:b0:2d:22:fa:89:6e:cc:1a:25:3b:b3:ff:7b:2a:39:e0:ef:01:ba:a6:67:ee:7f:30:c6:30:6a:8c:ec:66:81:ca:64:b8:3d:d7:5e:d8:8e:50:8b:e8:02:fb:07:0f:81:b1:af:eb:f5:70:e5:85:69:30:f1:99:21:66:19:41:31:d1:6b:0d:b9:5f:af:f8:3d:f5:9b:d6:dc:4f:3a:59:e0:04:e9:82" + }, + "tcp.segments": { + "tcp.segment": "5077", + "tcp.segment": "5079", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:35:22:2c:20:4e:6f:6e:63:65:3d:22:77:44:36:31:79:64:6f:43:43:67:2b:39:49:4e:55:49:4b:70:67:79:76:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:69:59:6c:41:71:2b:69:6b:72:65:6f:4c:35:4d:59:64:50:64:58:7a:6a:51:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:80:24:d3:8c:ac:6d:af:d4:97:d3:d1:27:a1:35:fa:58:44:1d:93:fa:8f:b7:b7:58:62:47:9d:2e:22:28:e1:80:7b:23:5e:b3:8b:54:b0:16:13:cb:5f:76:37:fe:8d:e1:9e:87:f0:42:e7:76:e8:2e:3f:14:b6:22:88:1f:1c:79:ec:fe:22:a9:59:4c:12:97:31:67:7d:73:7e:af:34:dd:06:ee:2e:35:c1:e7:aa:42:79:9f:1c:09:41:e5:47:96:91:85:c5:b6:6c:09:bc:0b:d6:da:f1:c8:15:1e:57:ee:7e:c8:b4:ab:65:d5:69:85:62:17:a9:4c:cc:6b:5a:04:d7:d4:f6:79:52:41:28:0c:ec:6a:25:fe:fa:c4:ad:1b:30:a0:cd:2c:40:6e:9c:c6:ff:fb:0a:79:54:71:32:de:45:ce:17:a7:e8:2d:5b:67:4e:cc:5d:31:6a:b7:2a:86:03:6b:2a:d6:a3:e3:49:7f:9d:49:d1:98:0b:70:e9:14:19:e6:89:e0:0e:ed:6a:3a:bb:8e:ea:08:7f:8d:c9:5d:49:41:0c:4b:93:5b:4e:74:93:6e:57:76:de:43:98:b3:a4:8f:56:0f:ac:ad:c8:1d:c9:cd:20:bd:d7:6a:14:9b:84:d3:d9:57:c2:cb:77:ad:74:69:70:3d:d3:e5:58:3d:6d:89:44:85:fe:27:2b:17:70:5f:80:d9:0a:e8:d6:06:6e:f9:80:47:11:cb:2e:95:66:8d:df:b9:8b:6e:93:e8:94:56:50:ce:47:69:76:30:dd:84:30:a1:7b:bc:5f:35:0e:70:de:75:1e:96:bc:13:7b:b5:06:8f:b4:f4:51:e0:1d:58:ef:03:05:94:25:82:3e:8c:f3:64:ee:9d:60:38:6a:bd:0b:ab:1d:19:f9:a3:cc:0b:6d:0d:f8:79:20:1e:0c:14:9d:39:a6:26:6c:00:e2:c9:05:a7:e2:70:86:2d:93:9f:67:8d:b4:d8:a5:a8:1e:e2:de:7d:7f:d0:b8:ea:c7:8b:4c:c5:7d:e8:83:07:db:8c:35:a5:c2:6b:ad:bf:43:db:13:09:d4:42:a4:56:b0:5b:6b:f3:82:82:65:42:3d:a6:e1:bf:ce:4a:8b:1f:af:45:9c:1c:ac:7b:78:cd:d0:6d:1b:3b:ab:ad:7a:7f:7b:6e:a6:bf:e5:59:8d:e7:15:34:f1:12:d9:8f:b6:fc:d5:f4:07:e1:63:40:3a:d6:bd:bf:bf:e7:c8:18:2b:20:be:11:c8:2f:b7:eb:99:df:9d:2f:f7:39:cd:bc:5e:51:2c:d7:09:99:e0:77:69:02:a2:cb:02:66:c8:8a:10:5a:0e:42:2c:eb:21:af:3d:55:49:98:04:12:d5:f7:61:55:73:a4:6d:52:af:d7:58:68:82:44:4b:4d:d2:ac:90:95:db:31:9e:44:ec:0b:ed:73:9c:97:41:a9:18:4b:1f:3c:31:13:21:86:21:34:73:64:84:cd:03:05:59:32:0a:fe:3a:98:fa:a7:7b:9b:c9:68:11:47:15:f6:7a:d6:f4:9f:9f:70:75:06:2b:52:3e:3b:b2:09:e5:7a:67:04:e0:06:1b:80:cf:3f:d9:f7:e1:a7:e4:e1:d9:3b:07:19:35:3f:ab:9f:52:46:8c:66:8a:8c:fd:60:8c:78:c1:e5:54:19:13:fa:38:71:37:9e:40:4f:7a:d1:47:04:45:4a:d1:e4:2a:d4:f1:46:f9:15:e4:ee:d5:9f:9b:d8:14:02:71:80:fe:67:b2:14:df:68:ac:b8:ac:9b:30:2c:a0:40:69:83:ca:c7:9e:36:4a:8c:74:a6:f3:10:cc:2a:d9:55:65:01:58:02:aa:7b:c3:43:9c:a6:9d:7f:33:b6:83:f1:f0:74:4f:e4:78:4a:2a:9a:10:cf:a1:4c:06:08:dc:db:11:8f:0d:20:42:07:99:b8:c8:89:4b:45:71:5d:74:ca:e0:25:c3:2a:57:31:aa:06:0c:87:be:1d:b7:76:7c:3c:90:4a:31:00:78:9f:ce:74:4f:9c:e1:87:cc:7f:31:77:a4:b8:f1:f0:85:d7:12:b5:b8:94:26:ea:bc:00:ca:ff:08:a3:3a:be:7b:ea:80:51:e5:30:aa:25:3f:6e:68:e3:a6:0f:19:32:3c:d6:e3:af:57:74:21:b1:bb:e4:28:cd:78:d6:9f:6f:5b:1e:46:8c:48:86:42:29:56:d4:35:ec:8c:5c:ea:89:e0:26:e0:1f:e8:46:da:32:99:01:63:9e:00:87:7e:52:7e:2d:b0:2e:de:fd:9c:68:67:13:48:7c:c6:02:c4:58:06:f7:cb:ba:71:81:26:a7:35:22:6c:aa:26:46:5a:1e:49:0c:5d:9d:a5:dc:46:e6:48:45:72:38:07:5c:f4:01:c3:36:ca:67:0d:05:bd:46:af:34:a6:3d:21:aa:ee:2f:ff:6e:f3:d9:c5:1e:76:88:da:64:25:de:e1:14:a3:76:e5:04:c7:3d:2d:de:92:f4:ad:ba:b4:72:62:44:75:7d:e2:3c:4c:73:8d:28:ae:d0:a3:73:24:32:50:bf:05:75:12:c4:f2:ed:0f:9a:62:d8:ec:d4:64:f9:b3:7a:cf:5f:6d:10:ed:9e:e0:58:03:ee:ee:87:23:bf:d5:d8:87:d6:68:fb:e5:e0:6f:8c:0b:cd:75:ce:d7:66:2c:1c:4b:2b:ff:ce:71:1b:68:79:8e:47:83:01:9f:38:ad:1e:74:6a:93:c2:79:1d:2c:69:e0:ca:99:fd:52:e2:88:35:62:32:20:9f:51:e0:e5:b9:f5:35:d2:95:23:d5:83:5f:19:3b:32:65:0f:94:42:48:e4:54:89:98:e2:7a:04:d8:4f:a8:de:f1:db:d3:1f:e4:3d:d8:55:ce:8b:be:fa:12:6c:f1:6f:ce:ff:67:55:93:16:69:b7:4b:b8:1b:f7:1f:76:a7:2a:c6:9d:8c:96:bf:e3:35:33:c1:91:09:d5:62:7c:4d:40:ca:09:16:16:25:4a:8c:77:4b:71:ee:1a:5a:9a:93:0d:7f:7f:df:eb:5f:04:55:d0:56:3b:98:2d:35:15:1c:3c:61:c1:61:b0:2d:22:fa:89:6e:cc:1a:25:3b:b3:ff:7b:2a:39:e0:ef:01:ba:a6:67:ee:7f:30:c6:30:6a:8c:ec:66:81:ca:64:b8:3d:d7:5e:d8:8e:50:8b:e8:02:fb:07:0f:81:b1:af:eb:f5:70:e5:85:69:30:f1:99:21:66:19:41:31:d1:6b:0d:b9:5f:af:f8:3d:f5:9b:d6:dc:4f:3a:59:e0:04:e9:82" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"195\", Nonce=\"wD61ydoCCg+9INUIKpgyvg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"iYlAq+ikreoL5MYdPdXzjQ==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"195\", Nonce=\"wD61ydoCCg+9INUIKpgyvg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"iYlAq+ikreoL5MYdPdXzjQ==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdm\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd'\u00ef\u00bf\u00bd5\u00ef\u00bf\u00bdXD\u001d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdXbG\u00ef\u00bf\u00bd.\"(\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd{#^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdT\u00ef\u00bf\u00bd\u0016\u0013\u00ef\u00bf\u00bd_v7\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdB\u00ef\u00bf\u00bdv\u00ef\u00bf\u00bd.?\u0014\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bd\u001f\u001cy\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bdYL\u0012\u00ef\u00bf\u00bd1g}s~\u00ef\u00bf\u00bd4\u00ef\u00bf\u00bd\u0006\u00ef\u00bf\u00bd.5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdBy\u00ef\u00bf\u00bd\u001c\tA\u00ef\u00bf\u00bdG\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdl\t\u00ef\u00bf\u00bd\u000b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0015\u001eW\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bde\u00ef\u00bf\u00bdi\u00ef\u00bf\u00bdb\u0017\u00ef\u00bf\u00bdL\u00ef\u00bf\u00bdkZ\u0004\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdyRA(\f\u00ef\u00bf\u00bdj%\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001b0\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd,@n\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\nyTq2\u00ef\u00bf\u00bdE\u00ef\u00bf\u00bd\u0017\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd-[gN\u00ef\u00bf\u00bd]1j\u00ef\u00bf\u00bd*\u00ef\u00bf\u00bd\u0003k*\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdI\u007f\u00ef\u00bf\u00bdI\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000bp\u00ef\u00bf\u00bd\u0014\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bdj:\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\b\u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd]IA\fK\u00ef\u00bf\u00bd[Nt\u00ef\u00bf\u00bdnWv\u00ef\u00bf\u00bdC\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdV\u000f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd \u00ef\u00bf\u00bd\u00ef\u00bf\u00bdj\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdW\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdw\u00ef\u00bf\u00bdtip=\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdX=m\u00ef\u00bf\u00bdD\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd'+\u0017p_\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\n\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0006n\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdG\u0011\u00ef\u00bf\u00bd.\u00ef\u00bf\u00bdf\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdn\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdVP\u00ef\u00bf\u00bdGiv0\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd0\u00ef\u00bf\u00bd{\u00ef\u00bf\u00bd_5\u000ep\u00ef\u00bf\u00bdu\u001e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0013{\u00ef\u00bf\u00bd\u0006\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdQ\u00ef\u00bf\u00bd\u001dX\u00ef\u00bf\u00bd\u0003\u0005\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bd>\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd`8j\u00ef\u00bf\u00bd\u000b\u00ef\u00bf\u00bd\u001d\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000bm\r\u00ef\u00bf\u00bdy \u001e\f\u0014\u00ef\u00bf\u00bd9\u00ef\u00bf\u00bd&l" + }, + "media": { + "media.type": "80:24:d3:8c:ac:6d:af:d4:97:d3:d1:27:a1:35:fa:58:44:1d:93:fa:8f:b7:b7:58:62:47:9d:2e:22:28:e1:80:7b:23:5e:b3:8b:54:b0:16:13:cb:5f:76:37:fe:8d:e1:9e:87:f0:42:e7:76:e8:2e:3f:14:b6:22:88:1f:1c:79:ec:fe:22:a9:59:4c:12:97:31:67:7d:73:7e:af:34:dd:06:ee:2e:35:c1:e7:aa:42:79:9f:1c:09:41:e5:47:96:91:85:c5:b6:6c:09:bc:0b:d6:da:f1:c8:15:1e:57:ee:7e:c8:b4:ab:65:d5:69:85:62:17:a9:4c:cc:6b:5a:04:d7:d4:f6:79:52:41:28:0c:ec:6a:25:fe:fa:c4:ad:1b:30:a0:cd:2c:40:6e:9c:c6:ff:fb:0a:79:54:71:32:de:45:ce:17:a7:e8:2d:5b:67:4e:cc:5d:31:6a:b7:2a:86:03:6b:2a:d6:a3:e3:49:7f:9d:49:d1:98:0b:70:e9:14:19:e6:89:e0:0e:ed:6a:3a:bb:8e:ea:08:7f:8d:c9:5d:49:41:0c:4b:93:5b:4e:74:93:6e:57:76:de:43:98:b3:a4:8f:56:0f:ac:ad:c8:1d:c9:cd:20:bd:d7:6a:14:9b:84:d3:d9:57:c2:cb:77:ad:74:69:70:3d:d3:e5:58:3d:6d:89:44:85:fe:27:2b:17:70:5f:80:d9:0a:e8:d6:06:6e:f9:80:47:11:cb:2e:95:66:8d:df:b9:8b:6e:93:e8:94:56:50:ce:47:69:76:30:dd:84:30:a1:7b:bc:5f:35:0e:70:de:75:1e:96:bc:13:7b:b5:06:8f:b4:f4:51:e0:1d:58:ef:03:05:94:25:82:3e:8c:f3:64:ee:9d:60:38:6a:bd:0b:ab:1d:19:f9:a3:cc:0b:6d:0d:f8:79:20:1e:0c:14:9d:39:a6:26:6c:00:e2:c9:05:a7:e2:70:86:2d:93:9f:67:8d:b4:d8:a5:a8:1e:e2:de:7d:7f:d0:b8:ea:c7:8b:4c:c5:7d:e8:83:07:db:8c:35:a5:c2:6b:ad:bf:43:db:13:09:d4:42:a4:56:b0:5b:6b:f3:82:82:65:42:3d:a6:e1:bf:ce:4a:8b:1f:af:45:9c:1c:ac:7b:78:cd:d0:6d:1b:3b:ab:ad:7a:7f:7b:6e:a6:bf:e5:59:8d:e7:15:34:f1:12:d9:8f:b6:fc:d5:f4:07:e1:63:40:3a:d6:bd:bf:bf:e7:c8:18:2b:20:be:11:c8:2f:b7:eb:99:df:9d:2f:f7:39:cd:bc:5e:51:2c:d7:09:99:e0:77:69:02:a2:cb:02:66:c8:8a:10:5a:0e:42:2c:eb:21:af:3d:55:49:98:04:12:d5:f7:61:55:73:a4:6d:52:af:d7:58:68:82:44:4b:4d:d2:ac:90:95:db:31:9e:44:ec:0b:ed:73:9c:97:41:a9:18:4b:1f:3c:31:13:21:86:21:34:73:64:84:cd:03:05:59:32:0a:fe:3a:98:fa:a7:7b:9b:c9:68:11:47:15:f6:7a:d6:f4:9f:9f:70:75:06:2b:52:3e:3b:b2:09:e5:7a:67:04:e0:06:1b:80:cf:3f:d9:f7:e1:a7:e4:e1:d9:3b:07:19:35:3f:ab:9f:52:46:8c:66:8a:8c:fd:60:8c:78:c1:e5:54:19:13:fa:38:71:37:9e:40:4f:7a:d1:47:04:45:4a:d1:e4:2a:d4:f1:46:f9:15:e4:ee:d5:9f:9b:d8:14:02:71:80:fe:67:b2:14:df:68:ac:b8:ac:9b:30:2c:a0:40:69:83:ca:c7:9e:36:4a:8c:74:a6:f3:10:cc:2a:d9:55:65:01:58:02:aa:7b:c3:43:9c:a6:9d:7f:33:b6:83:f1:f0:74:4f:e4:78:4a:2a:9a:10:cf:a1:4c:06:08:dc:db:11:8f:0d:20:42:07:99:b8:c8:89:4b:45:71:5d:74:ca:e0:25:c3:2a:57:31:aa:06:0c:87:be:1d:b7:76:7c:3c:90:4a:31:00:78:9f:ce:74:4f:9c:e1:87:cc:7f:31:77:a4:b8:f1:f0:85:d7:12:b5:b8:94:26:ea:bc:00:ca:ff:08:a3:3a:be:7b:ea:80:51:e5:30:aa:25:3f:6e:68:e3:a6:0f:19:32:3c:d6:e3:af:57:74:21:b1:bb:e4:28:cd:78:d6:9f:6f:5b:1e:46:8c:48:86:42:29:56:d4:35:ec:8c:5c:ea:89:e0:26:e0:1f:e8:46:da:32:99:01:63:9e:00:87:7e:52:7e:2d:b0:2e:de:fd:9c:68:67:13:48:7c:c6:02:c4:58:06:f7:cb:ba:71:81:26:a7:35:22:6c:aa:26:46:5a:1e:49:0c:5d:9d:a5:dc:46:e6:48:45:72:38:07:5c:f4:01:c3:36:ca:67:0d:05:bd:46:af:34:a6:3d:21:aa:ee:2f:ff:6e:f3:d9:c5:1e:76:88:da:64:25:de:e1:14:a3:76:e5:04:c7:3d:2d:de:92:f4:ad:ba:b4:72:62:44:75:7d:e2:3c:4c:73:8d:28:ae:d0:a3:73:24:32:50:bf:05:75:12:c4:f2:ed:0f:9a:62:d8:ec:d4:64:f9:b3:7a:cf:5f:6d:10:ed:9e:e0:58:03:ee:ee:87:23:bf:d5:d8:87:d6:68:fb:e5:e0:6f:8c:0b:cd:75:ce:d7:66:2c:1c:4b:2b:ff:ce:71:1b:68:79:8e:47:83:01:9f:38:ad:1e:74:6a:93:c2:79:1d:2c:69:e0:ca:99:fd:52:e2:88:35:62:32:20:9f:51:e0:e5:b9:f5:35:d2:95:23:d5:83:5f:19:3b:32:65:0f:94:42:48:e4:54:89:98:e2:7a:04:d8:4f:a8:de:f1:db:d3:1f:e4:3d:d8:55:ce:8b:be:fa:12:6c:f1:6f:ce:ff:67:55:93:16:69:b7:4b:b8:1b:f7:1f:76:a7:2a:c6:9d:8c:96:bf:e3:35:33:c1:91:09:d5:62:7c:4d:40:ca:09:16:16:25:4a:8c:77:4b:71:ee:1a:5a:9a:93:0d:7f:7f:df:eb:5f:04:55:d0:56:3b:98:2d:35:15:1c:3c:61:c1:61:b0:2d:22:fa:89:6e:cc:1a:25:3b:b3:ff:7b:2a:39:e0:ef:01:ba:a6:67:ee:7f:30:c6:30:6a:8c:ec:66:81:ca:64:b8:3d:d7:5e:d8:8e:50:8b:e8:02:fb:07:0f:81:b1:af:eb:f5:70:e5:85:69:30:f1:99:21:66:19:41:31:d1:6b:0d:b9:5f:af:f8:3d:f5:9b:d6:dc:4f:3a:59:e0:04:e9:82" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:13.227442000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495073.227442000", + "frame.time_delta": "0.135773000", + "frame.time_delta_displayed": "0.135773000", + "frame.time_relative": "1481.766756000", + "frame.number": "5080", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002069", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00006a72", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35306", + "tcp.port": "80", + "tcp.port": "35306", + "tcp.stream": "186", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000df22", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5079", + "tcp.analysis.ack_rtt": "0.135773000", + "tcp.analysis.initial_rtt": "0.136110000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:13.258123000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495073.258123000", + "frame.time_delta": "0.030681000", + "frame.time_delta_displayed": "0.030681000", + "frame.time_relative": "1481.797437000", + "frame.number": "5081", + "frame.len": "925", + "frame.cap_len": "925", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "911", + "ip.id": "0x00002d97", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x000059dd", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35306", + "tcp.port": "80", + "tcp.port": "35306", + "tcp.stream": "186", + "tcp.len": "871", + "tcp.seq": "1", + "tcp.nxtseq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000cbbc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136110000", + "tcp.analysis.bytes_in_flight": "871", + "tcp.analysis.push_bytes_sent": "871" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_length_header": "560", + "http.content_length_header_tree": { + "http.content_length": "560" + }, + "http.response.line": "Content-Length: 560\r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Nonce=\"lZYmtsAo+Q+9INUIsAqH5g==\"", + "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"lZYmtsAo+Q+9INUIsAqH5g==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Wed, 01 Nov 2017 00:11:12 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:11:12 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.166454000", + "http.request_in": "5079", + "http.file_data": "\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdm\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd'\u00ef\u00bf\u00bd5\u00ef\u00bf\u00bdXD\u001d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdXbG\u00ef\u00bf\u00bd.\"(\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "80:24:d3:8c:ac:6d:af:d4:97:d3:d1:27:a1:35:fa:58:44:1d:93:fa:8f:b7:b7:58:62:47:9d:2e:22:28:e1:80:d4:14:dc:ab:00:f5:9b:d7:2e:71:fe:0c:6c:18:a5:69:6e:1b:0a:e4:c3:e8:05:8a:69:a6:fe:47:87:19:9d:2f:2c:5a:20:0e:bb:ac:b3:78:09:9d:4f:db:15:65:e0:c4:85:13:8f:e9:15:06:fc:6c:94:6c:63:ae:ff:23:43:d8:65:0f:2c:9d:c7:a9:4e:01:ac:2d:84:58:b2:8f:e9:27:93:45:e5:fc:86:7e:d6:65:48:10:34:4e:0d:bc:10:b1:da:b6:9a:7b:0c:54:ec:43:ca:51:89:94:ea:e8:25:bb:41:c1:b2:33:a8:02:14:12:9d:d9:f1:92:c6:37:a1:55:a1:cc:39:ce:01:60:55:7b:88:f0:c8:cd:ab:e5:35:99:56:d3:5b:2b:2b:9d:4c:3e:8d:04:93:17:d0:35:cb:c3:55:3f:42:b2:15:1f:9a:85:16:f9:ca:73:e0:86:4d:fb:81:19:3b:98:6e:94:fb:93:dc:fb:6b:b4:7f:75:55:25:a0:fd:bf:28:94:20:3b:f7:b2:2a:90:56:07:2d:fe:8a:47:8b:e1:ed:18:cf:9b:1f:39:d5:2d:b0:6c:99:4a:c4:4a:e3:b1:c1:1c:12:4b:b5:52:58:a6:0c:2c:8e:78:18:df:31:3f:8e:35:17:bf:d3:17:41:08:5f:0b:19:17:cf:6f:cd:78:76:34:9a:62:c5:d8:83:2f:02:d4:ee:6e:ad:52:fa:e4:b0:0d:57:af:3f:c3:e6:50:2d:fc:61:7a:51:19:26:66:6b:9b:4d:90:6e:1e:48:c9:e6:df:5a:04:68:e6:70:a0:af:da:60:5f:31:87:cb:91:73:fb:b7:03:6d:d8:7f:fa:52:26:af:d6:bd:65:9e:c5:34:b5:a1:12:f2:dc:96:b3:6c:88:73:44:98:79:c7:c2:5b:0b:3f:90:94:e5:5d:f7:25:db:92:02:84:11:cb:55:06:c9:0c:46:0e:8c:17:78:fa:66:60:25:74:bb:3f:70:ee:c8:f9:c6:bf:23:97:b0:87:de:04:9a:c8:81:3c:21:36:84:83:6a:2d:b3:e0:27:34:61:33:00:c8:09:46:9c:a1:d2:08:6a:0b:12:05:38:e9:a0:05:07:b4:c1:0e:28:a6:9e:9b:ff:43:2d:cd:c5:ea:4f:0b:3e:0e:26:20:a4:20:7c:72:a0:d5:0d:b0:c8:5e:a1:45:96:05:d2:a9:f0:ed:56:09:db:23:eb:4e:15:4b:cb:46:22:6e:3d:45:44:cd:9e:04:45:7f:98:09:e0:80:39:1d:5c:13:fc:9b:7f:a9:3c:1f:89:11:b9:05:20:54:d8:cd:d0:0f:8e:e1:32:4b:c0:d3:e7:04:87:30:d8:f1:cd:cc:4c:be:40:bf:f6:69:b0:1e:02:68" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:13.258214000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495073.258214000", + "frame.time_delta": "0.000091000", + "frame.time_delta_displayed": "0.000091000", + "frame.time_relative": "1481.797528000", + "frame.number": "5082", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002d99", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00005d42", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35306", + "tcp.port": "80", + "tcp.port": "35306", + "tcp.stream": "186", + "tcp.len": "0", + "tcp.seq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000dbba", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:13.258701000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495073.258701000", + "frame.time_delta": "0.000487000", + "frame.time_delta_displayed": "0.000487000", + "frame.time_relative": "1481.798015000", + "frame.number": "5083", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007ec5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b716", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35306", + "tcp.dstport": "80", + "tcp.port": "35306", + "tcp.port": "80", + "tcp.stream": "186", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "872", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00007c0a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5081", + "tcp.analysis.ack_rtt": "0.000578000", + "tcp.analysis.initial_rtt": "0.136110000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:13.259385000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495073.259385000", + "frame.time_delta": "0.000684000", + "frame.time_delta_displayed": "0.000684000", + "frame.time_relative": "1481.798699000", + "frame.number": "5084", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007ec6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b715", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35306", + "tcp.dstport": "80", + "tcp.port": "35306", + "tcp.port": "80", + "tcp.stream": "186", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "873", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00007c08", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5082", + "tcp.analysis.ack_rtt": "0.001171000", + "tcp.analysis.initial_rtt": "0.136110000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:13.394836000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495073.394836000", + "frame.time_delta": "0.135451000", + "frame.time_delta_displayed": "0.135451000", + "frame.time_relative": "1481.934150000", + "frame.number": "5085", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000065c0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000251b", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35306", + "tcp.port": "80", + "tcp.port": "35306", + "tcp.stream": "186", + "tcp.len": "0", + "tcp.seq": "873", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000dbb9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5084", + "tcp.analysis.ack_rtt": "0.135451000", + "tcp.analysis.initial_rtt": "0.136110000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:14.817640000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495074.817640000", + "frame.time_delta": "1.422804000", + "frame.time_delta_displayed": "1.422804000", + "frame.time_relative": "1483.356954000", + "frame.number": "5086", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000b84a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000070", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "35508", + "udp.dstport": "53", + "udp.port": "35508", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00002b58", + "udp.checksum.status": "2", + "udp.stream": "120" + }, + "dns": { + "dns.id": "0x00000f31", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:14.818193000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495074.818193000", + "frame.time_delta": "0.000553000", + "frame.time_delta_displayed": "0.000553000", + "frame.time_relative": "1483.357507000", + "frame.number": "5087", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000091d7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000026e3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "35508", + "udp.port": "53", + "udp.port": "35508", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "120" + }, + "dns": { + "dns.response_to": "5086", + "dns.time": "0.000553000", + "dns.id": "0x00000f31", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:14.818973000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495074.818973000", + "frame.time_delta": "0.000780000", + "frame.time_delta_displayed": "0.000780000", + "frame.time_relative": "1483.358287000", + "frame.number": "5088", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000b84b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000006f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51660", + "udp.dstport": "53", + "udp.port": "51660", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000073f", + "udp.checksum.status": "2", + "udp.stream": "121" + }, + "dns": { + "dns.id": "0x00000f32", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:14.819376000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495074.819376000", + "frame.time_delta": "0.000403000", + "frame.time_delta_displayed": "0.000403000", + "frame.time_relative": "1483.358690000", + "frame.number": "5089", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x000091d8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000026d2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "51660", + "udp.port": "53", + "udp.port": "51660", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "121" + }, + "dns": { + "dns.response_to": "5088", + "dns.time": "0.000403000", + "dns.id": "0x00000f32", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2303", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:14.820415000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495074.820415000", + "frame.time_delta": "0.001039000", + "frame.time_delta_displayed": "0.001039000", + "frame.time_relative": "1483.359729000", + "frame.number": "5090", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000554a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e085", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35307", + "tcp.dstport": "80", + "tcp.port": "35307", + "tcp.port": "80", + "tcp.stream": "187", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000b37a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:14.956076000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495074.956076000", + "frame.time_delta": "0.135661000", + "frame.time_delta_displayed": "0.135661000", + "frame.time_relative": "1483.495390000", + "frame.number": "5091", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x00007d8d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00000d46", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35307", + "tcp.port": "80", + "tcp.port": "35307", + "tcp.stream": "187", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x00002b77", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5090", + "tcp.analysis.ack_rtt": "0.135661000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:14.956618000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495074.956618000", + "frame.time_delta": "0.000542000", + "frame.time_delta_displayed": "0.000542000", + "frame.time_relative": "1483.495932000", + "frame.number": "5092", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000554b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e090", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35307", + "tcp.dstport": "80", + "tcp.port": "35307", + "tcp.port": "80", + "tcp.stream": "187", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000f505", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5091", + "tcp.analysis.ack_rtt": "0.000542000", + "tcp.analysis.initial_rtt": "0.136203000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:14.956631000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495074.956631000", + "frame.time_delta": "0.000013000", + "frame.time_delta_displayed": "0.000013000", + "frame.time_relative": "1483.495945000", + "frame.number": "5093", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x0000554c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000de37", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35307", + "tcp.dstport": "80", + "tcp.port": "35307", + "tcp.port": "80", + "tcp.stream": "187", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000c8d8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136203000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:36:22:2c:20:4e:6f:6e:63:65:3d:22:6c:5a:59:6d:74:73:41:6f:2b:51:2b:39:49:4e:55:49:73:41:71:48:35:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:71:37:67:57:54:36:61:55:4c:45:76:43:32:68:43:5a:64:6f:33:59:6c:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:15.093125000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495075.093125000", + "frame.time_delta": "0.136494000", + "frame.time_delta_displayed": "0.136494000", + "frame.time_relative": "1483.632439000", + "frame.number": "5094", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b8d3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000d207", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35307", + "tcp.port": "80", + "tcp.port": "35307", + "tcp.stream": "187", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000523a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5093", + "tcp.analysis.ack_rtt": "0.136494000", + "tcp.analysis.initial_rtt": "0.136203000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:15.093753000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495075.093753000", + "frame.time_delta": "0.000628000", + "frame.time_delta_displayed": "0.000628000", + "frame.time_relative": "1483.633067000", + "frame.number": "5095", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x0000554d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dbae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35307", + "tcp.dstport": "80", + "tcp.port": "35307", + "tcp.port": "80", + "tcp.stream": "187", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008ec3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136203000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "d2:1b:6d:bc:fd:dd:25:a5:2b:e2:bd:ff:cb:be:a9:d2:74:1a:c5:af:64:f9:21:3d:1f:a0:43:5e:c4:e6:9b:cd:f9:fe:e4:1f:fa:9a:32:68:4b:b1:01:48:35:c1:2a:3c:5a:47:bd:11:b7:3a:6d:a7:26:ce:ee:87:b7:51:e5:50:90:1e:26:57:a8:e0:7d:74:2e:d7:22:d4:ac:28:3c:c9:02:b8:6b:81:ec:76:59:bd:29:a1:d7:e1:4d:38:cd:04:4e:c4:19:7e:18:fd:56:3f:51:7b:2a:b1:cc:a4:ec:ed:96:b6:7d:a5:e0:c0:3f:43:54:1f:da:e1:3b:d3:b1:4e:c8:54:76:7d:ea:71:09:48:ac:f4:2a:00:a5:71:93:23:e0:ed:e4:e9:b4:37:ab:5f:44:a0:19:b4:b9:aa:51:bd:fa:51:d9:ce:9e:39:ab:00:0a:26:fd:6b:3c:84:10:8f:79:1a:96:b4:2a:d2:e5:41:14:99:ea:95:c1:31:0b:c6:c0:25:f7:24:06:9b:3d:b0:b0:04:20:17:3f:50:30:bd:03:02:83:13:7c:5a:c9:57:85:46:21:34:4f:12:6e:35:de:ef:7d:23:12:18:ae:6c:67:eb:58:4a:77:a2:73:d1:fa:b2:61:7f:c3:7b:78:85:4f:b1:be:8c:2a:47:03:75:cd:17:00:b5:dc:bd:ad:56:3e:e8:30:be:e7:ab:7a:1c:73:01:6e:7a:0e:4c:6c:16:00:48:9e:4b:e6:2e:b6:58:59:a0:ea:f3:3b:fa:eb:96:16:3d:2c:07:5f:01:49:ab:c1:a5:b4:8b:36:ea:15:81:a0:79:a1:6e:66:3d:ce:f9:14:10:fc:55:23:66:c0:ae:ca:67:ca:69:dc:6e:fc:6e:29:db:be:d5:77:de:2b:d0:11:ce:92:87:1e:15:9e:06:44:65:07:cd:cf:52:e6:6f:e7:2e:12:5b:e5:5f:cd:b0:40:4a:00:1a:23:90:2c:64:b5:73:ce:43:d4:3f:11:da:c9:fb:6e:c4:e0:c3:f9:87:34:de:0f:c6:75:ff:ee:79:63:a5:b7:63:05:40:84:05:d0:f7:1e:9d:e6:3c:03:61:b1:21:20:1e:8f:2a:26:bd:b4:d5:5b:bf:8c:ce:d0:5a:c9:17:f4:66:f5:a6:47:5f:33:ad:b4:9d:ea:93:ba:5b:30:3b:65:14:14:d2:86:06:3b:a8:dc:41:ee:eb:32:f9:e4:37:2b:1d:89:32:3f:c0:e5:56:47:ad:aa:6d:1e:14:72:cd:6a:0b:2f:ca:29:0d:08:25:4d:5e:43:7a:ad:ed:86:52:ea:ec:84:c3:f4:77:f8:db:04:e6:2f:d6:bd:13:40:c9:db:14:73:63:21:e0:24:c2:52:a0:e2:59:1f:b8:d2:d2:be:a8:ad:ab:75:59:53:05:fd:28:e2:a9:d9:9a:0a:78:6a:66:e2:5c:e3:a8:9c:d1:4f:54:ff:f2:48:9a:b4:79:93:3f:b0:72:23:73:11:b1:2c:91:4b:7d:62:d9:45:67:d3:5f:ca:cb:7d:cb:d1:04:70:74:e0:08:7a:4c:0e:24:a9:43:42:db:5d:9a:50:8c:24:6a:5b:a3:27:02:f6:2e:b8:74:19:b7:84:a2:f1:a6:f8:1c:d4:6f:c3:fc:e6:0a:da:3b:8a:23:6b:c7:38:1d:74:8f:e2:73:f3:a2:bf:d6:81:56:b1:a4:de:9a:12:c3:f0:71:e4:3f:44:a0:02:64:a6:71:b5:0d:3d:92:ec:b0:92:f0:ee:d7:fb:f9:64:3c:09:36:6e:13:c4:9d:79:95:09:f0:66:b3:ed:fb:da:7c:81:6d:77:de:db:da:87:21:39:cf:1e:68:c8:a6:6f:3c:ce:cf:73:ac:1d:d9:14:be:80:a9:33:11:39:9b:25:29:27:6d:7f:93:8c:8a:90:44:71:5e:82:3b:63:cd:62:e3:ad:bf:a7:f3:01:8a:5d:42:6c:b4:96:e0:41:40:fb:84:9f:13:7b:67:b3:71:66:17:9d:a6:ef:f8:d4:44:4c:95:a0:be:2a:75:f6:60:7e:73:12:34:c1:da:57:39:3f:ba:46:e1:e6:9f:de:25:db:a0:36:0b:ef:0a:97:6b:65:57:d7:98:4b:79:5c:ac:0e:23:90:c8:34:38:fd:88:1b:4a:18:7a:31:2e:94:0c:c4:4f:d0:bd:1b:12:3e:75:29:77:5d:5a:33:04:84:72:47:c7:ff:42:3e:ef:9d:19:83:9e:ad:52:19:98:62:8c:eb:6a:d2:3d:c3:25:00:c5:db:99:c1:3a:7d:22:36:c9:6f:7f:3c:37:0f:21:a3:b7:40:85:d7:11:6b:f3:5d:a2:58:1f:d9:ff:63:06:a1:91:bc:79:23:85:eb:e4:01:2f:46:3b:b7:c6:32:02:c8:8c:fe:7a:9c:ac:ab:a8:63:cb:07:17:bc:9d:24:a4:6a:7a:87:25:4a:a8:3a:d8:c3:59:39:c9:dc:36:77:b1:2f:84:fd:70:07:39:1c:7e:b4:8f:23:38:52:a7:a5:1e:30:50:5b:66:5b:bf:3e:37:f0:21:4f:cc:94:af:76:a5:a3:61:40:4f:0f:f4:78:7f:94:01:75:eb:e9:91:d1:81:53:37:5c:9d:b0:29:e1:4a:cf:09:83:19:56:e3:44:81:57:72:0b:14:f9:6b:80:22:9f:fa:a1:b1:7c:56:00:d4:0e:8f:18:78:8d:2a:42:ae:b7:5b:1e:0a:61:9d:bc:a0:f9:07:12:fc:f6:61:36:94:9f:62:9a:df:cf:cb:a9:ce:f5:15:69:ac:3a:b2:fe:ae:08:4f:2f:ce:d4:7b:73:13:41:1f:4f:32:c7:59:25:94:b6:e5:ab:dd:5f:fb:f7:85:f6:ec:18:a3:ab:68:2f:96:11:62:53:22:31:30:44:a6:76:d6:26:48:ad:12:75:96:e5:6b:27:c4:05:ed:5b:3f:65:48:d0:d5:8b:79:84:02:30:e4:5d:9c:48:6b:3e:ac:19:39:91:2e:5d:79:d5:9e:81:50:69:da:45:ee:65:10:7a:98:fa:49:18:24:25:8f:1d:d4:04:d7:45:db:00:64:78:02:b2:cc:e9:db:78:a7:77:e9:26:cd:ce:ea:3e:dc:f3:47:a7:06:27:47:fb:f3:76:9c:52:61:8c:31:c6:7b:11:e8:9a:7c:21:d1:a9:18:4f:83:9a:58:2d:cb:c8:9d:90:f9:3a:8b:d5:59:81:f6:39:24:9a:ad:ab:d3:9a:83:d6:cf:00:1f:f6:02:64:b2:9f:32:d6:21:1a:a5:50:b5:e7:2b" + }, + "tcp.segments": { + "tcp.segment": "5093", + "tcp.segment": "5095", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:36:22:2c:20:4e:6f:6e:63:65:3d:22:6c:5a:59:6d:74:73:41:6f:2b:51:2b:39:49:4e:55:49:73:41:71:48:35:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:71:37:67:57:54:36:61:55:4c:45:76:43:32:68:43:5a:64:6f:33:59:6c:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:d2:1b:6d:bc:fd:dd:25:a5:2b:e2:bd:ff:cb:be:a9:d2:74:1a:c5:af:64:f9:21:3d:1f:a0:43:5e:c4:e6:9b:cd:f9:fe:e4:1f:fa:9a:32:68:4b:b1:01:48:35:c1:2a:3c:5a:47:bd:11:b7:3a:6d:a7:26:ce:ee:87:b7:51:e5:50:90:1e:26:57:a8:e0:7d:74:2e:d7:22:d4:ac:28:3c:c9:02:b8:6b:81:ec:76:59:bd:29:a1:d7:e1:4d:38:cd:04:4e:c4:19:7e:18:fd:56:3f:51:7b:2a:b1:cc:a4:ec:ed:96:b6:7d:a5:e0:c0:3f:43:54:1f:da:e1:3b:d3:b1:4e:c8:54:76:7d:ea:71:09:48:ac:f4:2a:00:a5:71:93:23:e0:ed:e4:e9:b4:37:ab:5f:44:a0:19:b4:b9:aa:51:bd:fa:51:d9:ce:9e:39:ab:00:0a:26:fd:6b:3c:84:10:8f:79:1a:96:b4:2a:d2:e5:41:14:99:ea:95:c1:31:0b:c6:c0:25:f7:24:06:9b:3d:b0:b0:04:20:17:3f:50:30:bd:03:02:83:13:7c:5a:c9:57:85:46:21:34:4f:12:6e:35:de:ef:7d:23:12:18:ae:6c:67:eb:58:4a:77:a2:73:d1:fa:b2:61:7f:c3:7b:78:85:4f:b1:be:8c:2a:47:03:75:cd:17:00:b5:dc:bd:ad:56:3e:e8:30:be:e7:ab:7a:1c:73:01:6e:7a:0e:4c:6c:16:00:48:9e:4b:e6:2e:b6:58:59:a0:ea:f3:3b:fa:eb:96:16:3d:2c:07:5f:01:49:ab:c1:a5:b4:8b:36:ea:15:81:a0:79:a1:6e:66:3d:ce:f9:14:10:fc:55:23:66:c0:ae:ca:67:ca:69:dc:6e:fc:6e:29:db:be:d5:77:de:2b:d0:11:ce:92:87:1e:15:9e:06:44:65:07:cd:cf:52:e6:6f:e7:2e:12:5b:e5:5f:cd:b0:40:4a:00:1a:23:90:2c:64:b5:73:ce:43:d4:3f:11:da:c9:fb:6e:c4:e0:c3:f9:87:34:de:0f:c6:75:ff:ee:79:63:a5:b7:63:05:40:84:05:d0:f7:1e:9d:e6:3c:03:61:b1:21:20:1e:8f:2a:26:bd:b4:d5:5b:bf:8c:ce:d0:5a:c9:17:f4:66:f5:a6:47:5f:33:ad:b4:9d:ea:93:ba:5b:30:3b:65:14:14:d2:86:06:3b:a8:dc:41:ee:eb:32:f9:e4:37:2b:1d:89:32:3f:c0:e5:56:47:ad:aa:6d:1e:14:72:cd:6a:0b:2f:ca:29:0d:08:25:4d:5e:43:7a:ad:ed:86:52:ea:ec:84:c3:f4:77:f8:db:04:e6:2f:d6:bd:13:40:c9:db:14:73:63:21:e0:24:c2:52:a0:e2:59:1f:b8:d2:d2:be:a8:ad:ab:75:59:53:05:fd:28:e2:a9:d9:9a:0a:78:6a:66:e2:5c:e3:a8:9c:d1:4f:54:ff:f2:48:9a:b4:79:93:3f:b0:72:23:73:11:b1:2c:91:4b:7d:62:d9:45:67:d3:5f:ca:cb:7d:cb:d1:04:70:74:e0:08:7a:4c:0e:24:a9:43:42:db:5d:9a:50:8c:24:6a:5b:a3:27:02:f6:2e:b8:74:19:b7:84:a2:f1:a6:f8:1c:d4:6f:c3:fc:e6:0a:da:3b:8a:23:6b:c7:38:1d:74:8f:e2:73:f3:a2:bf:d6:81:56:b1:a4:de:9a:12:c3:f0:71:e4:3f:44:a0:02:64:a6:71:b5:0d:3d:92:ec:b0:92:f0:ee:d7:fb:f9:64:3c:09:36:6e:13:c4:9d:79:95:09:f0:66:b3:ed:fb:da:7c:81:6d:77:de:db:da:87:21:39:cf:1e:68:c8:a6:6f:3c:ce:cf:73:ac:1d:d9:14:be:80:a9:33:11:39:9b:25:29:27:6d:7f:93:8c:8a:90:44:71:5e:82:3b:63:cd:62:e3:ad:bf:a7:f3:01:8a:5d:42:6c:b4:96:e0:41:40:fb:84:9f:13:7b:67:b3:71:66:17:9d:a6:ef:f8:d4:44:4c:95:a0:be:2a:75:f6:60:7e:73:12:34:c1:da:57:39:3f:ba:46:e1:e6:9f:de:25:db:a0:36:0b:ef:0a:97:6b:65:57:d7:98:4b:79:5c:ac:0e:23:90:c8:34:38:fd:88:1b:4a:18:7a:31:2e:94:0c:c4:4f:d0:bd:1b:12:3e:75:29:77:5d:5a:33:04:84:72:47:c7:ff:42:3e:ef:9d:19:83:9e:ad:52:19:98:62:8c:eb:6a:d2:3d:c3:25:00:c5:db:99:c1:3a:7d:22:36:c9:6f:7f:3c:37:0f:21:a3:b7:40:85:d7:11:6b:f3:5d:a2:58:1f:d9:ff:63:06:a1:91:bc:79:23:85:eb:e4:01:2f:46:3b:b7:c6:32:02:c8:8c:fe:7a:9c:ac:ab:a8:63:cb:07:17:bc:9d:24:a4:6a:7a:87:25:4a:a8:3a:d8:c3:59:39:c9:dc:36:77:b1:2f:84:fd:70:07:39:1c:7e:b4:8f:23:38:52:a7:a5:1e:30:50:5b:66:5b:bf:3e:37:f0:21:4f:cc:94:af:76:a5:a3:61:40:4f:0f:f4:78:7f:94:01:75:eb:e9:91:d1:81:53:37:5c:9d:b0:29:e1:4a:cf:09:83:19:56:e3:44:81:57:72:0b:14:f9:6b:80:22:9f:fa:a1:b1:7c:56:00:d4:0e:8f:18:78:8d:2a:42:ae:b7:5b:1e:0a:61:9d:bc:a0:f9:07:12:fc:f6:61:36:94:9f:62:9a:df:cf:cb:a9:ce:f5:15:69:ac:3a:b2:fe:ae:08:4f:2f:ce:d4:7b:73:13:41:1f:4f:32:c7:59:25:94:b6:e5:ab:dd:5f:fb:f7:85:f6:ec:18:a3:ab:68:2f:96:11:62:53:22:31:30:44:a6:76:d6:26:48:ad:12:75:96:e5:6b:27:c4:05:ed:5b:3f:65:48:d0:d5:8b:79:84:02:30:e4:5d:9c:48:6b:3e:ac:19:39:91:2e:5d:79:d5:9e:81:50:69:da:45:ee:65:10:7a:98:fa:49:18:24:25:8f:1d:d4:04:d7:45:db:00:64:78:02:b2:cc:e9:db:78:a7:77:e9:26:cd:ce:ea:3e:dc:f3:47:a7:06:27:47:fb:f3:76:9c:52:61:8c:31:c6:7b:11:e8:9a:7c:21:d1:a9:18:4f:83:9a:58:2d:cb:c8:9d:90:f9:3a:8b:d5:59:81:f6:39:24:9a:ad:ab:d3:9a:83:d6:cf:00:1f:f6:02:64:b2:9f:32:d6:21:1a:a5:50:b5:e7:2b" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"196\", Nonce=\"lZYmtsAo+Q+9INUIsAqH5g==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"q7gWT6aULEvC2hCZdo3Ylg==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"196\", Nonce=\"lZYmtsAo+Q+9INUIsAqH5g==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"q7gWT6aULEvC2hCZdo3Ylg==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "\u00ef\u00bf\u00bd\u001bm\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bd+\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdt\u001a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdd\u00ef\u00bf\u00bd!=\u001f\u00ef\u00bf\u00bdC^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd2hK\u00ef\u00bf\u00bd\u0001H5\u00ef\u00bf\u00bd*<ZG\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bd:m\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdQ\u00ef\u00bf\u00bdP\u00ef\u00bf\u00bd\u001e&W\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd}t.\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd(<\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bdk\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdvY\u00ef\u00bf\u00bd)\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdM8\u00ef\u00bf\u00bd\u0004N\u00ef\u00bf\u00bd\u0019~\u0018\u00ef\u00bf\u00bdV?Q{*\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd?CT\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd;\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bdTv}\u00ef\u00bf\u00bdq\tH\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd*" + }, + "media": { + "media.type": "d2:1b:6d:bc:fd:dd:25:a5:2b:e2:bd:ff:cb:be:a9:d2:74:1a:c5:af:64:f9:21:3d:1f:a0:43:5e:c4:e6:9b:cd:f9:fe:e4:1f:fa:9a:32:68:4b:b1:01:48:35:c1:2a:3c:5a:47:bd:11:b7:3a:6d:a7:26:ce:ee:87:b7:51:e5:50:90:1e:26:57:a8:e0:7d:74:2e:d7:22:d4:ac:28:3c:c9:02:b8:6b:81:ec:76:59:bd:29:a1:d7:e1:4d:38:cd:04:4e:c4:19:7e:18:fd:56:3f:51:7b:2a:b1:cc:a4:ec:ed:96:b6:7d:a5:e0:c0:3f:43:54:1f:da:e1:3b:d3:b1:4e:c8:54:76:7d:ea:71:09:48:ac:f4:2a:00:a5:71:93:23:e0:ed:e4:e9:b4:37:ab:5f:44:a0:19:b4:b9:aa:51:bd:fa:51:d9:ce:9e:39:ab:00:0a:26:fd:6b:3c:84:10:8f:79:1a:96:b4:2a:d2:e5:41:14:99:ea:95:c1:31:0b:c6:c0:25:f7:24:06:9b:3d:b0:b0:04:20:17:3f:50:30:bd:03:02:83:13:7c:5a:c9:57:85:46:21:34:4f:12:6e:35:de:ef:7d:23:12:18:ae:6c:67:eb:58:4a:77:a2:73:d1:fa:b2:61:7f:c3:7b:78:85:4f:b1:be:8c:2a:47:03:75:cd:17:00:b5:dc:bd:ad:56:3e:e8:30:be:e7:ab:7a:1c:73:01:6e:7a:0e:4c:6c:16:00:48:9e:4b:e6:2e:b6:58:59:a0:ea:f3:3b:fa:eb:96:16:3d:2c:07:5f:01:49:ab:c1:a5:b4:8b:36:ea:15:81:a0:79:a1:6e:66:3d:ce:f9:14:10:fc:55:23:66:c0:ae:ca:67:ca:69:dc:6e:fc:6e:29:db:be:d5:77:de:2b:d0:11:ce:92:87:1e:15:9e:06:44:65:07:cd:cf:52:e6:6f:e7:2e:12:5b:e5:5f:cd:b0:40:4a:00:1a:23:90:2c:64:b5:73:ce:43:d4:3f:11:da:c9:fb:6e:c4:e0:c3:f9:87:34:de:0f:c6:75:ff:ee:79:63:a5:b7:63:05:40:84:05:d0:f7:1e:9d:e6:3c:03:61:b1:21:20:1e:8f:2a:26:bd:b4:d5:5b:bf:8c:ce:d0:5a:c9:17:f4:66:f5:a6:47:5f:33:ad:b4:9d:ea:93:ba:5b:30:3b:65:14:14:d2:86:06:3b:a8:dc:41:ee:eb:32:f9:e4:37:2b:1d:89:32:3f:c0:e5:56:47:ad:aa:6d:1e:14:72:cd:6a:0b:2f:ca:29:0d:08:25:4d:5e:43:7a:ad:ed:86:52:ea:ec:84:c3:f4:77:f8:db:04:e6:2f:d6:bd:13:40:c9:db:14:73:63:21:e0:24:c2:52:a0:e2:59:1f:b8:d2:d2:be:a8:ad:ab:75:59:53:05:fd:28:e2:a9:d9:9a:0a:78:6a:66:e2:5c:e3:a8:9c:d1:4f:54:ff:f2:48:9a:b4:79:93:3f:b0:72:23:73:11:b1:2c:91:4b:7d:62:d9:45:67:d3:5f:ca:cb:7d:cb:d1:04:70:74:e0:08:7a:4c:0e:24:a9:43:42:db:5d:9a:50:8c:24:6a:5b:a3:27:02:f6:2e:b8:74:19:b7:84:a2:f1:a6:f8:1c:d4:6f:c3:fc:e6:0a:da:3b:8a:23:6b:c7:38:1d:74:8f:e2:73:f3:a2:bf:d6:81:56:b1:a4:de:9a:12:c3:f0:71:e4:3f:44:a0:02:64:a6:71:b5:0d:3d:92:ec:b0:92:f0:ee:d7:fb:f9:64:3c:09:36:6e:13:c4:9d:79:95:09:f0:66:b3:ed:fb:da:7c:81:6d:77:de:db:da:87:21:39:cf:1e:68:c8:a6:6f:3c:ce:cf:73:ac:1d:d9:14:be:80:a9:33:11:39:9b:25:29:27:6d:7f:93:8c:8a:90:44:71:5e:82:3b:63:cd:62:e3:ad:bf:a7:f3:01:8a:5d:42:6c:b4:96:e0:41:40:fb:84:9f:13:7b:67:b3:71:66:17:9d:a6:ef:f8:d4:44:4c:95:a0:be:2a:75:f6:60:7e:73:12:34:c1:da:57:39:3f:ba:46:e1:e6:9f:de:25:db:a0:36:0b:ef:0a:97:6b:65:57:d7:98:4b:79:5c:ac:0e:23:90:c8:34:38:fd:88:1b:4a:18:7a:31:2e:94:0c:c4:4f:d0:bd:1b:12:3e:75:29:77:5d:5a:33:04:84:72:47:c7:ff:42:3e:ef:9d:19:83:9e:ad:52:19:98:62:8c:eb:6a:d2:3d:c3:25:00:c5:db:99:c1:3a:7d:22:36:c9:6f:7f:3c:37:0f:21:a3:b7:40:85:d7:11:6b:f3:5d:a2:58:1f:d9:ff:63:06:a1:91:bc:79:23:85:eb:e4:01:2f:46:3b:b7:c6:32:02:c8:8c:fe:7a:9c:ac:ab:a8:63:cb:07:17:bc:9d:24:a4:6a:7a:87:25:4a:a8:3a:d8:c3:59:39:c9:dc:36:77:b1:2f:84:fd:70:07:39:1c:7e:b4:8f:23:38:52:a7:a5:1e:30:50:5b:66:5b:bf:3e:37:f0:21:4f:cc:94:af:76:a5:a3:61:40:4f:0f:f4:78:7f:94:01:75:eb:e9:91:d1:81:53:37:5c:9d:b0:29:e1:4a:cf:09:83:19:56:e3:44:81:57:72:0b:14:f9:6b:80:22:9f:fa:a1:b1:7c:56:00:d4:0e:8f:18:78:8d:2a:42:ae:b7:5b:1e:0a:61:9d:bc:a0:f9:07:12:fc:f6:61:36:94:9f:62:9a:df:cf:cb:a9:ce:f5:15:69:ac:3a:b2:fe:ae:08:4f:2f:ce:d4:7b:73:13:41:1f:4f:32:c7:59:25:94:b6:e5:ab:dd:5f:fb:f7:85:f6:ec:18:a3:ab:68:2f:96:11:62:53:22:31:30:44:a6:76:d6:26:48:ad:12:75:96:e5:6b:27:c4:05:ed:5b:3f:65:48:d0:d5:8b:79:84:02:30:e4:5d:9c:48:6b:3e:ac:19:39:91:2e:5d:79:d5:9e:81:50:69:da:45:ee:65:10:7a:98:fa:49:18:24:25:8f:1d:d4:04:d7:45:db:00:64:78:02:b2:cc:e9:db:78:a7:77:e9:26:cd:ce:ea:3e:dc:f3:47:a7:06:27:47:fb:f3:76:9c:52:61:8c:31:c6:7b:11:e8:9a:7c:21:d1:a9:18:4f:83:9a:58:2d:cb:c8:9d:90:f9:3a:8b:d5:59:81:f6:39:24:9a:ad:ab:d3:9a:83:d6:cf:00:1f:f6:02:64:b2:9f:32:d6:21:1a:a5:50:b5:e7:2b" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:15.229733000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495075.229733000", + "frame.time_delta": "0.135980000", + "frame.time_delta_displayed": "0.135980000", + "frame.time_relative": "1483.769047000", + "frame.number": "5096", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f212", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x000098c8", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35307", + "tcp.port": "80", + "tcp.port": "35307", + "tcp.stream": "187", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000487a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5095", + "tcp.analysis.ack_rtt": "0.135980000", + "tcp.analysis.initial_rtt": "0.136203000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:15.268515000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495075.268515000", + "frame.time_delta": "0.038782000", + "frame.time_delta_displayed": "0.038782000", + "frame.time_relative": "1483.807829000", + "frame.number": "5097", + "frame.len": "925", + "frame.cap_len": "925", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "911", + "ip.id": "0x000001a4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x000085d0", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35307", + "tcp.port": "80", + "tcp.port": "35307", + "tcp.stream": "187", + "tcp.len": "871", + "tcp.seq": "1", + "tcp.nxtseq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00007f95", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136203000", + "tcp.analysis.bytes_in_flight": "871", + "tcp.analysis.push_bytes_sent": "871" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_length_header": "560", + "http.content_length_header_tree": { + "http.content_length": "560" + }, + "http.response.line": "Content-Length: 560\r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Nonce=\"yD9CZboPLxG9INUIPNnxbw==\"", + "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"yD9CZboPLxG9INUIPNnxbw==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Wed, 01 Nov 2017 00:11:14 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:11:14 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.174762000", + "http.request_in": "5095", + "http.file_data": "\u00ef\u00bf\u00bd\u001bm\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bd+\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdt\u001a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdd\u00ef\u00bf\u00bd!=\u001f\u00ef\u00bf\u00bdC^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdI\u0016\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001b\r\u00ef\u00bf\u00bdEh\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdy\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdt\u007fn\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdbA+\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd;\u00ef\u00bf\u00bd`}\u00ef\u00bf\u00bd{\ra)\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\f\u0011\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd[\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001a\u00ef\u00bf\u00bd{\u00ef\u00bf\u00bd(\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd!\u0006\u001ah\u0011\u00ef\u00bf\u00bd=j^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "d2:1b:6d:bc:fd:dd:25:a5:2b:e2:bd:ff:cb:be:a9:d2:74:1a:c5:af:64:f9:21:3d:1f:a0:43:5e:c4:e6:9b:cd:5e:8d:ad:49:16:8d:96:1b:0d:e7:45:68:db:a1:0c:bb:f3:14:ee:9a:a2:72:f3:ea:31:9c:f3:84:fe:fa:79:f5:b3:bb:74:7f:6e:89:a8:62:41:2b:eb:cf:3b:b4:60:7d:9a:7b:0d:61:29:96:a2:0c:11:83:bf:91:0e:ef:f8:b4:8a:5b:e2:8b:0b:ee:b1:1a:db:7b:b4:28:d6:ca:63:bb:21:06:1a:68:11:ee:3d:6a:5e:d0:d4:00:95:09:3f:15:6c:76:90:ce:3d:b6:36:97:e6:ae:d5:c2:7a:19:b6:bc:9f:f5:c2:16:73:a3:60:8b:23:97:95:1a:e9:40:c3:03:bd:c1:d7:db:64:46:d2:f1:84:a4:07:af:dd:4e:a8:71:4f:d3:0d:d2:d2:bf:af:36:8e:ee:69:b6:ba:6c:2f:f5:31:5e:fb:aa:97:99:65:a9:09:59:b4:5d:29:e1:f0:9d:69:b7:44:f7:5b:f3:44:6c:e9:b5:12:b0:f5:16:d6:dc:de:55:a5:18:51:09:fd:b5:dd:ba:7b:a6:62:ea:a6:cb:e2:70:44:17:8f:4e:59:4a:a9:eb:c0:cc:19:6d:e2:e9:21:e8:8b:66:32:94:da:aa:9a:19:3b:b1:56:08:3f:25:2b:24:37:a6:5b:33:93:a3:94:19:45:50:af:9e:4e:ed:b8:7b:dc:dd:75:cb:51:9d:97:5b:e0:0a:72:15:4c:ee:5c:f3:01:53:66:d1:d0:64:9a:30:cb:f0:c2:3e:5e:f0:9b:ee:74:bb:e8:8f:6e:54:8f:ec:fb:e7:61:b2:aa:f0:40:b3:ea:7a:43:fa:f4:71:4a:e4:1b:29:79:b2:4c:a7:d0:46:7a:9e:39:f3:ea:36:e8:6c:bc:a3:46:b0:91:d2:94:45:08:de:96:6c:55:e0:ae:c2:ae:ca:b1:a7:4c:43:88:c5:c2:7f:4a:51:8e:97:78:41:ed:75:4e:9d:27:f6:f7:cd:37:92:a0:5b:ff:35:18:14:a9:50:bf:c9:fe:dd:e2:68:0b:32:af:c8:23:ae:77:d6:7a:d8:87:c1:ad:5a:73:2b:98:07:93:68:1e:4d:89:94:d4:b4:b2:eb:e0:6c:48:0c:d7:d6:af:fb:f4:2c:b2:e8:97:a4:f4:8f:c4:3d:e6:b6:71:1d:85:f1:22:93:25:5d:8d:61:1f:9b:0a:9e:95:a5:55:01:d1:1a:c2:40:53:ee:91:e4:24:78:a3:bc:bc:47:ca:cb:58:6e:8b:d7:13:35:cd:0c:68:7c:7a:01:42:be:ba:07:c3:7c:cb:f6:25:a8:c4:52:cb:f1:c1:9e:b2:56:17:8f:09:30:cb:18:00:a9:45:a0:f3:57:5d:25:9d:2f:ee:d5:fc:61:d8:17:15:eb:12:65:09:7f:6e:da" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:15.268606000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495075.268606000", + "frame.time_delta": "0.000091000", + "frame.time_delta_displayed": "0.000091000", + "frame.time_relative": "1483.807920000", + "frame.number": "5098", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000001a6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00008935", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35307", + "tcp.port": "80", + "tcp.port": "35307", + "tcp.stream": "187", + "tcp.len": "0", + "tcp.seq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00004512", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:15.269088000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495075.269088000", + "frame.time_delta": "0.000482000", + "frame.time_delta_displayed": "0.000482000", + "frame.time_relative": "1483.808402000", + "frame.number": "5099", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000554e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e08d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35307", + "tcp.dstport": "80", + "tcp.port": "35307", + "tcp.port": "80", + "tcp.stream": "187", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "872", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000e561", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5097", + "tcp.analysis.ack_rtt": "0.000573000", + "tcp.analysis.initial_rtt": "0.136203000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:15.269821000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495075.269821000", + "frame.time_delta": "0.000733000", + "frame.time_delta_displayed": "0.000733000", + "frame.time_relative": "1483.809135000", + "frame.number": "5100", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000554f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e08c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35307", + "tcp.dstport": "80", + "tcp.port": "35307", + "tcp.port": "80", + "tcp.stream": "187", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "873", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000e55f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5098", + "tcp.analysis.ack_rtt": "0.001215000", + "tcp.analysis.initial_rtt": "0.136203000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:15.405472000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495075.405472000", + "frame.time_delta": "0.135651000", + "frame.time_delta_displayed": "0.135651000", + "frame.time_relative": "1483.944786000", + "frame.number": "5101", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003ca0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00004e3b", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35307", + "tcp.port": "80", + "tcp.port": "35307", + "tcp.stream": "187", + "tcp.len": "0", + "tcp.seq": "873", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00004511", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5100", + "tcp.analysis.ack_rtt": "0.135651000", + "tcp.analysis.initial_rtt": "0.136203000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:16.520157000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495076.520157000", + "frame.time_delta": "1.114685000", + "frame.time_delta_displayed": "1.114685000", + "frame.time_relative": "1485.059471000", + "frame.number": "5102", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:16.520556000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495076.520556000", + "frame.time_delta": "0.000399000", + "frame.time_delta_displayed": "0.000399000", + "frame.time_relative": "1485.059870000", + "frame.number": "5103", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:17.653983000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495077.653983000", + "frame.time_delta": "1.133427000", + "frame.time_delta_displayed": "1.133427000", + "frame.time_relative": "1486.193297000", + "frame.number": "5104", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f60", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b890", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001773", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000282", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=642", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:17.654557000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495077.654557000", + "frame.time_delta": "0.000574000", + "frame.time_delta_displayed": "0.000574000", + "frame.time_relative": "1486.193871000", + "frame.number": "5105", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f61", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000998b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f86e", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000282", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=642", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:17.654931000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495077.654931000", + "frame.time_delta": "0.000374000", + "frame.time_delta_displayed": "0.000374000", + "frame.time_relative": "1486.194245000", + "frame.number": "5106", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008634", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000282", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=642", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:19.158161000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495079.158161000", + "frame.time_delta": "1.503230000", + "frame.time_delta_displayed": "1.503230000", + "frame.time_relative": "1487.697475000", + "frame.number": "5107", + "frame.len": "345", + "frame.cap_len": "345", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "331", + "ip.id": "0x00002d4e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000371a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "279", + "tcp.seq": "14801", + "tcp.nxtseq": "15080", + "tcp.ack": "66353", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000781", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:a8:29:00:26:f1:1f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812323881, TSecr 2552095": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812323881", + "tcp.options.timestamp.tsecr": "2552095" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "279", + "tcp.analysis.push_bytes_sent": "279" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "274", + "ssl.app_data": "34:cd:34:17:47:48:0e:a9:75:75:1f:c9:07:93:75:8b:1c:fa:3a:66:86:51:0f:e6:4d:39:37:81:50:27:3e:57:c1:b4:80:21:5f:38:8d:92:7c:bc:ad:1d:f3:4e:c3:dd:55:2e:75:6d:5c:b5:7d:eb:c9:a1:d9:13:5d:77:ec:c2:9e:59:11:f2:b3:48:d1:e6:15:aa:77:14:88:08:65:3f:f3:01:51:2e:13:16:3f:a8:9c:08:9d:a2:b0:74:be:36:cf:a3:19:b9:dc:b5:c8:e4:e0:35:a4:98:28:f8:32:c4:01:23:7a:c9:71:7d:25:78:c2:3f:a7:7f:ab:c7:80:89:5a:34:43:d5:1f:84:06:47:9a:24:5d:81:5b:25:eb:ec:f6:2f:aa:03:fd:02:88:49:3e:ee:72:98:e1:47:7d:a7:39:06:f8:2a:b0:4e:fb:6f:8e:84:b2:68:9f:7d:bd:47:fb:2b:bf:f4:2f:be:24:0c:a0:17:fd:62:19:e6:1c:58:1b:22:9c:2f:9c:ef:66:48:c3:b8:80:2c:64:0a:fe:bb:e7:5e:9c:62:8f:8b:0b:b9:63:ba:ca:18:06:96:2e:80:c1:96:7a:c9:b5:54:de:f3:a8:0f:a7:31:09:24:39:e7:66:58:c7:e2:c1:62:48:6c:7e:c3:d4:d9:d3:de:75:8e:04:f0:71:61:3a:48:e7:10:51:7d:81:60:c1:db:58:00:ea:2b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:19.165688000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495079.165688000", + "frame.time_delta": "0.007527000", + "frame.time_delta_displayed": "0.007527000", + "frame.time_relative": "1487.705002000", + "frame.number": "5108", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x00009657", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "66353", + "tcp.nxtseq": "66406", + "tcp.ack": "15080", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006680", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:f6:13:a7:a0:a8:29", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2553363, TSecr 2812323881": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2553363", + "tcp.options.timestamp.tsecr": "2812323881" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5107", + "tcp.analysis.ack_rtt": "0.007527000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:f6:e7:79:94:61:5f:a7:96:de:1f:00:30:30:f4:d5:8f:17:ad:57:d4:02:f8:64:18:02:d0:88:b4:e8:19:fe:61:c8:be:5f:a9:42:83:ed:a2:5f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:19.226032000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495079.226032000", + "frame.time_delta": "0.060344000", + "frame.time_delta_displayed": "0.060344000", + "frame.time_relative": "1487.765346000", + "frame.number": "5109", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d4f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003830", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "15080", + "tcp.ack": "66406", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cbed", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:a8:3a:00:26:f6:13", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812323898, TSecr 2553363": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812323898", + "tcp.options.timestamp.tsecr": "2553363" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5108", + "tcp.analysis.ack_rtt": "0.060344000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:19.226706000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495079.226706000", + "frame.time_delta": "0.000674000", + "frame.time_delta_displayed": "0.000674000", + "frame.time_relative": "1487.766020000", + "frame.number": "5110", + "frame.len": "726", + "frame.cap_len": "726", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "712", + "ip.id": "0x00009658", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007493", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "660", + "tcp.seq": "66406", + "tcp.nxtseq": "67066", + "tcp.ack": "15080", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b6c7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:f6:19:a7:a0:a8:3a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2553369, TSecr 2812323898": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2553369", + "tcp.options.timestamp.tsecr": "2812323898" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "660", + "tcp.analysis.push_bytes_sent": "660" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:f7:cf:f9:7b:35:53:86:39:49:43:e6:d1:28:0b:b9:ff:af:5b:6a:97:e7:22:8c:de:b5:b7:4b:dd:f5:52:f3:62:cd:13:7b:1c:f9:47:c9:0d:31:d8" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:f8:67:35:f5:19:e1:28:df:2e:16:d8:98:87:bd:cf:d2:a1:c1:50:17:c6:86:dd:12:de:e4:ae:2f:49:b7:cd:68:e2:f8:aa:be:77:8c:98:cc:46:6d:fa:88:c6:99:02:60:d8:68:09:52:f0:f4:0f:d8:34:bb:bc:34:0f:51:db:30:d2:02:1e:d2:81:54:3f:f8:3e:05:63:53:aa:b2:d1:ca:75:f2:a0:e3:d8:21:aa:f6:f7" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "500", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:f9:67:7a:38:90:07:78:3c:b4:b7:ca:44:0d:ed:1c:76:f6:d4:d5:17:55:1c:ed:f8:ff:a0:f9:67:64:33:66:7d:66:de:af:04:f3:38:80:1f:fc:62:49:68:48:8c:3f:ac:e0:d8:95:cf:ed:a4:ee:13:81:34:2d:9a:b4:c9:c3:fc:44:96:33:40:d6:e4:f7:f6:cc:b5:08:42:6f:97:ca:6e:62:19:da:05:9a:06:ec:9b:b3:22:13:af:09:1c:a6:9c:6b:ff:b3:0b:e2:2b:7b:f3:b7:69:28:00:5b:c1:70:6d:7f:23:a9:bd:20:c7:e3:56:61:fe:ea:62:6c:e5:9b:d3:1e:13:72:d9:09:75:3c:b7:33:2c:b4:c3:d9:bf:85:18:46:15:20:4c:ef:92:b7:40:21:e5:6c:dd:87:cd:25:a9:31:24:33:f4:79:a6:5d:0c:4d:c7:60:83:2b:c6:74:b0:4f:1e:37:01:64:fd:90:65:54:1b:e9:54:67:e2:98:91:48:00:9f:18:69:13:f2:db:d0:75:0b:17:0f:cb:95:ba:44:fb:b1:38:90:8b:a5:14:da:d0:7d:42:8d:8b:c9:f4:39:e2:78:47:c9:40:88:55:5e:e3:39:a9:08:ac:67:36:75:5d:dc:3a:aa:d8:51:4e:1d:60:71:13:cd:58:2e:c9:a7:2c:82:f2:41:ba:5e:69:50:4e:08:b2:62:87:c3:71:db:3e:52:58:1f:f3:2b:8d:93:16:67:63:d4:85:dc:14:b1:cf:ea:83:8e:46:d4:1d:60:aa:86:98:ac:33:0f:7f:85:46:8b:1c:9a:b7:1b:78:e0:31:39:aa:cc:40:6c:e0:3d:96:8b:53:f7:30:37:bd:19:c1:6f:cd:3f:73:1d:23:06:ae:89:7f:5b:aa:c0:6d:bb:5c:55:ff:f2:55:57:13:9c:5b:63:fd:70:41:d8:69:9f:ff:1c:a3:19:03:89:50:84:79:54:26:8b:ae:b7:df:85:d5:be:8f:9b:59:36:96:03:72:4d:00:ec:7e:e9:00:c3:a7:09:4d:e1:92:03:5d:38:cf:ae:5a:a9:35:73:b2:57:92:d3:fc:cc:f8:c6:32:36:1f:55:43:85:af:eb:b9:52:e3:7d:5b:a1:c8:c5:2c:29:a8:b1:d0:d8:46:a9:8d:b3:c4:27:f6:cb:8f:28:89:57:07:22:18:3b:b8:a0:88:8c:24:c4:88:cd:3a:39:00:44:bc:1b:01:33:67:ee:c0:88:52:ef:66:5e:58:99:43:52:68:f5:a7:b9:78:69:b1:f7:b7:c5:af:32" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:19.286800000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495079.286800000", + "frame.time_delta": "0.060094000", + "frame.time_delta_displayed": "0.060094000", + "frame.time_relative": "1487.826114000", + "frame.number": "5111", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d50", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000382f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "15080", + "tcp.ack": "67066", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c943", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:a8:4a:00:26:f6:19", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812323914, TSecr 2553369": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812323914", + "tcp.options.timestamp.tsecr": "2553369" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5110", + "tcp.analysis.ack_rtt": "0.060094000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:19.566963000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495079.566963000", + "frame.time_delta": "0.280163000", + "frame.time_delta_displayed": "0.280163000", + "frame.time_relative": "1488.106277000", + "frame.number": "5112", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009659", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "67066", + "tcp.nxtseq": "67120", + "tcp.ack": "15080", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000006db", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:f6:3c:a7:a0:a8:4a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2553404, TSecr 2812323914": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2553404", + "tcp.options.timestamp.tsecr": "2812323914" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:fa:6a:96:74:3b:6d:fc:d8:18:cd:b1:53:b3:33:22:52:a9:86:02:04:99:cd:34:8e:76:96:12:9c:ef:8d:a3:64:b7:1d:56:cc:17:98:08:71:8d:2d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:19.627108000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495079.627108000", + "frame.time_delta": "0.060145000", + "frame.time_delta_displayed": "0.060145000", + "frame.time_relative": "1488.166422000", + "frame.number": "5113", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d51", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000382e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "15080", + "tcp.ack": "67120", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c895", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:a8:9f:00:26:f6:3c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812323999, TSecr 2553404": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812323999", + "tcp.options.timestamp.tsecr": "2553404" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5112", + "tcp.analysis.ack_rtt": "0.060145000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:22.653730000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495082.653730000", + "frame.time_delta": "3.026622000", + "frame.time_delta_displayed": "3.026622000", + "frame.time_relative": "1491.193044000", + "frame.number": "5114", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f64", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b88c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001773", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000282", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=642", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:22.654662000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495082.654662000", + "frame.time_delta": "0.000932000", + "frame.time_delta_displayed": "0.000932000", + "frame.time_relative": "1491.193976000", + "frame.number": "5115", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f65", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009987", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f86e", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000282", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=642", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:22.655193000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495082.655193000", + "frame.time_delta": "0.000531000", + "frame.time_delta_displayed": "0.000531000", + "frame.time_relative": "1491.194507000", + "frame.number": "5116", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008634", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000282", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=642", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:24.160187000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495084.160187000", + "frame.time_delta": "1.504994000", + "frame.time_delta_displayed": "1.504994000", + "frame.time_relative": "1492.699501000", + "frame.number": "5117", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:24.160619000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495084.160619000", + "frame.time_delta": "0.000432000", + "frame.time_delta_displayed": "0.000432000", + "frame.time_relative": "1492.699933000", + "frame.number": "5118", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:24.832852000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495084.832852000", + "frame.time_delta": "0.672233000", + "frame.time_delta_displayed": "0.672233000", + "frame.time_relative": "1493.372166000", + "frame.number": "5119", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000b8f5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ffc4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "35550", + "udp.dstport": "53", + "udp.port": "35550", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00002b2c", + "udp.checksum.status": "2", + "udp.stream": "122" + }, + "dns": { + "dns.id": "0x00000f33", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:24.833710000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495084.833710000", + "frame.time_delta": "0.000858000", + "frame.time_delta_displayed": "0.000858000", + "frame.time_relative": "1493.373024000", + "frame.number": "5120", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00009425", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002495", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "35550", + "udp.port": "53", + "udp.port": "35550", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "122" + }, + "dns": { + "dns.response_to": "5119", + "dns.time": "0.000858000", + "dns.id": "0x00000f33", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:24.834522000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495084.834522000", + "frame.time_delta": "0.000812000", + "frame.time_delta_displayed": "0.000812000", + "frame.time_relative": "1493.373836000", + "frame.number": "5121", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000b8f6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ffc3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "47757", + "udp.dstport": "53", + "udp.port": "47757", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000167c", + "udp.checksum.status": "2", + "udp.stream": "123" + }, + "dns": { + "dns.id": "0x00000f34", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:24.835057000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495084.835057000", + "frame.time_delta": "0.000535000", + "frame.time_delta_displayed": "0.000535000", + "frame.time_relative": "1493.374371000", + "frame.number": "5122", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00009426", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002484", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "47757", + "udp.port": "53", + "udp.port": "47757", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "123" + }, + "dns": { + "dns.response_to": "5121", + "dns.time": "0.000535000", + "dns.id": "0x00000f34", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2293", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:24.836050000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495084.836050000", + "frame.time_delta": "0.000993000", + "frame.time_delta_displayed": "0.000993000", + "frame.time_relative": "1493.375364000", + "frame.number": "5123", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000092d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002ca3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35308", + "tcp.dstport": "80", + "tcp.port": "35308", + "tcp.port": "80", + "tcp.stream": "188", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000138c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:24.972293000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495084.972293000", + "frame.time_delta": "0.136243000", + "frame.time_delta_displayed": "0.136243000", + "frame.time_relative": "1493.511607000", + "frame.number": "5124", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x00002339", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000679a", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35308", + "tcp.port": "80", + "tcp.port": "35308", + "tcp.stream": "188", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x000084f9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5123", + "tcp.analysis.ack_rtt": "0.136243000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:24.972828000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495084.972828000", + "frame.time_delta": "0.000535000", + "frame.time_delta_displayed": "0.000535000", + "frame.time_relative": "1493.512142000", + "frame.number": "5125", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000092e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002cae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35308", + "tcp.dstport": "80", + "tcp.port": "35308", + "tcp.port": "80", + "tcp.stream": "188", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00004e88", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5124", + "tcp.analysis.ack_rtt": "0.000535000", + "tcp.analysis.initial_rtt": "0.136778000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:24.972842000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495084.972842000", + "frame.time_delta": "0.000014000", + "frame.time_delta_displayed": "0.000014000", + "frame.time_relative": "1493.512156000", + "frame.number": "5126", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x0000092f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002a55", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35308", + "tcp.dstport": "80", + "tcp.port": "35308", + "tcp.port": "80", + "tcp.stream": "188", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000ed5e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136778000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:37:22:2c:20:4e:6f:6e:63:65:3d:22:79:44:39:43:5a:62:6f:50:4c:78:47:39:49:4e:55:49:50:4e:6e:78:62:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:51:37:51:42:4e:77:56:44:6e:4e:56:74:66:6a:4a:76:33:32:54:30:76:51:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:25.110395000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495085.110395000", + "frame.time_delta": "0.137553000", + "frame.time_delta_displayed": "0.137553000", + "frame.time_relative": "1493.649709000", + "frame.number": "5127", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005e49", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00002c92", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35308", + "tcp.port": "80", + "tcp.port": "35308", + "tcp.stream": "188", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000abbc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5126", + "tcp.analysis.ack_rtt": "0.137553000", + "tcp.analysis.initial_rtt": "0.136778000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:25.111023000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495085.111023000", + "frame.time_delta": "0.000628000", + "frame.time_delta_displayed": "0.000628000", + "frame.time_relative": "1493.650337000", + "frame.number": "5128", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x00000930", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000027cc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35308", + "tcp.dstport": "80", + "tcp.port": "35308", + "tcp.port": "80", + "tcp.stream": "188", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00000332", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136778000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "be:83:67:a5:4d:0f:66:cc:36:bf:0e:07:83:15:8d:77:d3:1d:42:d5:ee:c2:53:d0:d0:50:fd:c4:59:1a:80:c7:a4:10:58:15:29:6c:72:cd:2f:65:2a:78:9c:06:ad:1d:0f:7f:f6:3e:ee:95:53:e1:9f:85:4b:db:5a:27:9a:b2:8d:99:4d:76:78:bf:fc:73:05:1e:ae:17:9f:0c:c7:d9:67:16:e5:2b:79:5e:3b:e4:c5:be:06:00:9e:75:a6:47:5f:f2:7c:c9:c1:b6:b3:dc:2c:e0:cc:ff:27:1d:73:39:72:dd:b9:f9:e1:d7:5d:14:3e:3e:c1:2d:4f:17:4d:10:61:2a:33:dc:18:98:54:2f:74:d2:0e:33:03:a8:c9:fa:84:94:6b:72:48:df:a0:b9:cd:5b:35:34:cb:7c:fc:ac:c5:d4:2f:60:f7:95:4c:9a:0f:98:62:c7:08:a2:29:cb:e0:f1:0c:e9:c0:af:1e:2d:7e:37:e3:64:fb:7f:d0:4d:ff:3b:0a:2c:31:08:65:1b:17:65:26:d0:1d:57:68:0a:8b:81:d6:9f:84:b1:7e:63:d4:50:49:cf:71:78:39:53:a1:80:9d:4f:ac:08:56:d9:3e:38:92:e0:03:15:d6:ba:6f:aa:0e:26:fc:5d:a6:20:9a:fe:eb:a1:50:83:40:00:68:c0:16:af:dc:57:7d:2c:25:18:27:ac:01:47:1b:7f:a7:a8:77:4f:fc:87:c4:41:92:31:a7:49:87:9b:01:a1:6d:c1:ab:ae:f9:3e:c5:14:9f:e7:69:fd:0f:6a:36:7a:46:4c:40:bd:70:ad:65:4c:b3:93:50:db:c5:4d:e8:fe:c5:86:fa:ee:f0:c8:e3:3e:9c:2c:c5:06:7a:9b:8a:a8:e0:40:bf:44:1e:04:82:58:bf:a9:21:88:59:44:b3:fa:d7:88:5c:cf:3f:be:ed:82:39:33:7b:cc:1f:a1:fb:9a:ab:14:f9:fb:b9:d1:cd:d8:29:48:20:ca:bf:0f:73:2b:b3:23:4e:1b:35:22:36:93:7e:77:87:a1:35:7c:25:91:6c:13:cd:50:03:03:3f:b6:0a:40:d1:a6:62:fc:d1:f9:d3:8d:90:7d:7c:1b:5a:0a:ca:ef:ac:93:d4:c3:9a:87:48:2c:9d:b6:8f:f9:09:fc:9e:68:08:48:e1:0a:4b:21:76:72:29:d6:38:b2:79:06:4d:2e:fc:06:25:29:7e:80:bb:a0:94:f0:e9:dd:91:1d:de:58:1d:b1:27:a3:34:cf:be:5e:20:7c:83:db:4e:f1:7e:a0:34:00:92:56:8e:5c:11:a1:32:b9:bf:59:86:ec:6d:11:85:8c:a8:a4:13:f6:1a:09:6c:7d:43:81:8c:cb:07:22:ae:72:ed:e5:1d:02:82:9b:35:01:a2:a7:87:cd:03:91:4e:19:43:df:7f:bd:7a:c3:ea:0b:6a:87:2a:ce:65:a6:ce:bc:ce:18:f9:98:78:b9:01:ab:9c:50:ba:d0:4c:6f:13:b3:a9:ed:82:d9:f8:ac:74:2d:be:d2:c1:40:a7:11:af:70:d8:15:2d:73:dc:6b:c3:9e:83:c8:d9:f9:f9:9c:33:33:bf:0f:90:0c:20:1a:39:fa:8b:a1:27:9b:e0:68:8c:bf:2e:d8:be:8f:41:9c:1a:45:30:05:91:95:47:93:12:5a:c3:fb:b9:16:b5:3e:00:03:92:bf:75:03:66:68:2a:1c:89:78:29:8e:f8:b6:23:a8:84:f1:d2:9b:11:76:01:29:73:ed:92:5b:1e:3f:31:98:46:a9:b3:32:95:70:fb:2a:9e:9a:1e:50:9e:bf:2f:49:97:56:31:eb:d6:aa:4c:49:e3:87:38:96:6a:80:e8:55:b1:8a:1a:74:24:34:e4:31:79:56:8f:a4:3e:da:4d:31:71:b8:d1:8e:d8:18:47:8f:f3:1f:ec:93:00:31:7e:c3:d6:56:81:5f:b5:6a:83:fc:04:4a:78:bd:20:6e:ea:13:69:d1:bb:6f:f9:09:eb:0f:71:52:00:bd:ce:56:ae:83:4b:cd:67:1a:6a:25:e9:ca:28:9a:5d:5b:40:f6:2c:38:de:4e:d4:e4:a2:1a:31:2f:3f:70:6c:8e:03:9e:e1:ca:ea:6a:bb:c7:6d:9b:89:ac:9a:ca:36:7d:88:5b:94:84:8c:18:ad:d5:42:4a:93:a5:8b:35:42:1c:5c:7d:1b:a4:1b:f6:53:7d:24:84:57:29:9f:d9:34:f0:8c:c3:4e:a5:7c:c8:f5:2b:21:ad:ff:70:86:ab:fd:78:e4:2c:64:c8:4f:6b:28:d6:bc:34:98:e9:b1:b4:95:27:1d:6a:46:33:64:16:75:21:be:12:c7:e8:46:97:b3:e9:79:62:e8:cf:1a:29:3f:8c:d3:b5:11:aa:35:6e:8d:55:d5:9f:ab:5d:db:11:7e:b9:ad:2a:18:9c:4e:a9:72:4a:8d:ad:15:a7:06:a6:cc:b6:43:41:22:5b:9c:fe:fc:41:4c:0c:1a:5e:30:49:e2:32:5d:81:19:24:c1:b8:93:82:23:96:bc:04:71:ee:60:fb:61:be:e8:00:f9:45:9b:62:56:a4:b0:8b:8c:6d:e3:b4:8f:26:ee:e0:4e:19:55:60:0e:5a:01:a8:d7:ec:e9:79:a1:a4:48:e4:90:72:2c:a3:3f:4e:55:c6:8f:81:f0:99:08:ad:52:08:de:d3:db:4f:5e:ad:4e:0b:98:a0:81:9e:46:3c:2b:8f:10:ff:f5:2f:47:39:9a:4e:f3:3d:e0:ed:40:5c:7b:67:c3:0a:67:70:99:9c:c6:ab:ad:e9:1f:e0:14:aa:d7:50:4d:f8:25:56:91:9f:41:fb:cb:51:f2:8d:c9:57:46:ea:26:16:2e:8a:1a:6f:9f:3c:ed:2e:f1:58:20:c6:cc:92:6e:48:37:b2:fc:98:ad:b3:64:77:e5:ea:da:32:4f:c3:7b:26:f8:82:18:bb:7c:98:53:17:65:fa:0c:ab:ef:61:00:32:84:09:cc:2c:97:b0:3c:a0:20:60:47:b5:4d:2f:76:a6:4c:f2:23:06:2b:49:2c:19:42:44:ce:ae:82:81:9f:04:0a:c2:7e:ef:ff:6e:88:18:bc:33:74:d8:11:3a:64:bd:8f:74:cf:45:ce:4a:30:84:10:e7:21:c5:7e:1c:10:99:78:d7:e6:5d:ad:79:02:e7:ca:6e:14:50:42:25:0b:08:0d:af:94:b5:55:bf:73:54:27:c6:ab:9e:ee:b8:0a:81:b9:cb:22:38:02:4a:3c:69:a5:5e:b2:f9:9a:30:5d:9a:31:13" + }, + "tcp.segments": { + "tcp.segment": "5126", + "tcp.segment": "5128", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:37:22:2c:20:4e:6f:6e:63:65:3d:22:79:44:39:43:5a:62:6f:50:4c:78:47:39:49:4e:55:49:50:4e:6e:78:62:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:51:37:51:42:4e:77:56:44:6e:4e:56:74:66:6a:4a:76:33:32:54:30:76:51:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:be:83:67:a5:4d:0f:66:cc:36:bf:0e:07:83:15:8d:77:d3:1d:42:d5:ee:c2:53:d0:d0:50:fd:c4:59:1a:80:c7:a4:10:58:15:29:6c:72:cd:2f:65:2a:78:9c:06:ad:1d:0f:7f:f6:3e:ee:95:53:e1:9f:85:4b:db:5a:27:9a:b2:8d:99:4d:76:78:bf:fc:73:05:1e:ae:17:9f:0c:c7:d9:67:16:e5:2b:79:5e:3b:e4:c5:be:06:00:9e:75:a6:47:5f:f2:7c:c9:c1:b6:b3:dc:2c:e0:cc:ff:27:1d:73:39:72:dd:b9:f9:e1:d7:5d:14:3e:3e:c1:2d:4f:17:4d:10:61:2a:33:dc:18:98:54:2f:74:d2:0e:33:03:a8:c9:fa:84:94:6b:72:48:df:a0:b9:cd:5b:35:34:cb:7c:fc:ac:c5:d4:2f:60:f7:95:4c:9a:0f:98:62:c7:08:a2:29:cb:e0:f1:0c:e9:c0:af:1e:2d:7e:37:e3:64:fb:7f:d0:4d:ff:3b:0a:2c:31:08:65:1b:17:65:26:d0:1d:57:68:0a:8b:81:d6:9f:84:b1:7e:63:d4:50:49:cf:71:78:39:53:a1:80:9d:4f:ac:08:56:d9:3e:38:92:e0:03:15:d6:ba:6f:aa:0e:26:fc:5d:a6:20:9a:fe:eb:a1:50:83:40:00:68:c0:16:af:dc:57:7d:2c:25:18:27:ac:01:47:1b:7f:a7:a8:77:4f:fc:87:c4:41:92:31:a7:49:87:9b:01:a1:6d:c1:ab:ae:f9:3e:c5:14:9f:e7:69:fd:0f:6a:36:7a:46:4c:40:bd:70:ad:65:4c:b3:93:50:db:c5:4d:e8:fe:c5:86:fa:ee:f0:c8:e3:3e:9c:2c:c5:06:7a:9b:8a:a8:e0:40:bf:44:1e:04:82:58:bf:a9:21:88:59:44:b3:fa:d7:88:5c:cf:3f:be:ed:82:39:33:7b:cc:1f:a1:fb:9a:ab:14:f9:fb:b9:d1:cd:d8:29:48:20:ca:bf:0f:73:2b:b3:23:4e:1b:35:22:36:93:7e:77:87:a1:35:7c:25:91:6c:13:cd:50:03:03:3f:b6:0a:40:d1:a6:62:fc:d1:f9:d3:8d:90:7d:7c:1b:5a:0a:ca:ef:ac:93:d4:c3:9a:87:48:2c:9d:b6:8f:f9:09:fc:9e:68:08:48:e1:0a:4b:21:76:72:29:d6:38:b2:79:06:4d:2e:fc:06:25:29:7e:80:bb:a0:94:f0:e9:dd:91:1d:de:58:1d:b1:27:a3:34:cf:be:5e:20:7c:83:db:4e:f1:7e:a0:34:00:92:56:8e:5c:11:a1:32:b9:bf:59:86:ec:6d:11:85:8c:a8:a4:13:f6:1a:09:6c:7d:43:81:8c:cb:07:22:ae:72:ed:e5:1d:02:82:9b:35:01:a2:a7:87:cd:03:91:4e:19:43:df:7f:bd:7a:c3:ea:0b:6a:87:2a:ce:65:a6:ce:bc:ce:18:f9:98:78:b9:01:ab:9c:50:ba:d0:4c:6f:13:b3:a9:ed:82:d9:f8:ac:74:2d:be:d2:c1:40:a7:11:af:70:d8:15:2d:73:dc:6b:c3:9e:83:c8:d9:f9:f9:9c:33:33:bf:0f:90:0c:20:1a:39:fa:8b:a1:27:9b:e0:68:8c:bf:2e:d8:be:8f:41:9c:1a:45:30:05:91:95:47:93:12:5a:c3:fb:b9:16:b5:3e:00:03:92:bf:75:03:66:68:2a:1c:89:78:29:8e:f8:b6:23:a8:84:f1:d2:9b:11:76:01:29:73:ed:92:5b:1e:3f:31:98:46:a9:b3:32:95:70:fb:2a:9e:9a:1e:50:9e:bf:2f:49:97:56:31:eb:d6:aa:4c:49:e3:87:38:96:6a:80:e8:55:b1:8a:1a:74:24:34:e4:31:79:56:8f:a4:3e:da:4d:31:71:b8:d1:8e:d8:18:47:8f:f3:1f:ec:93:00:31:7e:c3:d6:56:81:5f:b5:6a:83:fc:04:4a:78:bd:20:6e:ea:13:69:d1:bb:6f:f9:09:eb:0f:71:52:00:bd:ce:56:ae:83:4b:cd:67:1a:6a:25:e9:ca:28:9a:5d:5b:40:f6:2c:38:de:4e:d4:e4:a2:1a:31:2f:3f:70:6c:8e:03:9e:e1:ca:ea:6a:bb:c7:6d:9b:89:ac:9a:ca:36:7d:88:5b:94:84:8c:18:ad:d5:42:4a:93:a5:8b:35:42:1c:5c:7d:1b:a4:1b:f6:53:7d:24:84:57:29:9f:d9:34:f0:8c:c3:4e:a5:7c:c8:f5:2b:21:ad:ff:70:86:ab:fd:78:e4:2c:64:c8:4f:6b:28:d6:bc:34:98:e9:b1:b4:95:27:1d:6a:46:33:64:16:75:21:be:12:c7:e8:46:97:b3:e9:79:62:e8:cf:1a:29:3f:8c:d3:b5:11:aa:35:6e:8d:55:d5:9f:ab:5d:db:11:7e:b9:ad:2a:18:9c:4e:a9:72:4a:8d:ad:15:a7:06:a6:cc:b6:43:41:22:5b:9c:fe:fc:41:4c:0c:1a:5e:30:49:e2:32:5d:81:19:24:c1:b8:93:82:23:96:bc:04:71:ee:60:fb:61:be:e8:00:f9:45:9b:62:56:a4:b0:8b:8c:6d:e3:b4:8f:26:ee:e0:4e:19:55:60:0e:5a:01:a8:d7:ec:e9:79:a1:a4:48:e4:90:72:2c:a3:3f:4e:55:c6:8f:81:f0:99:08:ad:52:08:de:d3:db:4f:5e:ad:4e:0b:98:a0:81:9e:46:3c:2b:8f:10:ff:f5:2f:47:39:9a:4e:f3:3d:e0:ed:40:5c:7b:67:c3:0a:67:70:99:9c:c6:ab:ad:e9:1f:e0:14:aa:d7:50:4d:f8:25:56:91:9f:41:fb:cb:51:f2:8d:c9:57:46:ea:26:16:2e:8a:1a:6f:9f:3c:ed:2e:f1:58:20:c6:cc:92:6e:48:37:b2:fc:98:ad:b3:64:77:e5:ea:da:32:4f:c3:7b:26:f8:82:18:bb:7c:98:53:17:65:fa:0c:ab:ef:61:00:32:84:09:cc:2c:97:b0:3c:a0:20:60:47:b5:4d:2f:76:a6:4c:f2:23:06:2b:49:2c:19:42:44:ce:ae:82:81:9f:04:0a:c2:7e:ef:ff:6e:88:18:bc:33:74:d8:11:3a:64:bd:8f:74:cf:45:ce:4a:30:84:10:e7:21:c5:7e:1c:10:99:78:d7:e6:5d:ad:79:02:e7:ca:6e:14:50:42:25:0b:08:0d:af:94:b5:55:bf:73:54:27:c6:ab:9e:ee:b8:0a:81:b9:cb:22:38:02:4a:3c:69:a5:5e:b2:f9:9a:30:5d:9a:31:13" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"197\", Nonce=\"yD9CZboPLxG9INUIPNnxbw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"Q7QBNwVDnNVtfjJv32T0vQ==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"197\", Nonce=\"yD9CZboPLxG9INUIPNnxbw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"Q7QBNwVDnNVtfjJv32T0vQ==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdg\u00ef\u00bf\u00bdM\u000ff\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bd\u000e\u0007\u00ef\u00bf\u00bd\u0015\u00ef\u00bf\u00bdw\u00ef\u00bf\u00bd\u001dB\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdP\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdY\u001a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0010X\u0015)lr\u00ef\u00bf\u00bd\/e*x\u00ef\u00bf\u00bd\u0006\u00ef\u00bf\u00bd\u001d\u000f\u007f\u00ef\u00bf\u00bd>\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdK\u00ef\u00bf\u00bdZ'\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdMvx\u00ef\u00bf\u00bd\u00ef\u00bf\u00bds\u0005\u001e\u00ef\u00bf\u00bd\u0017\u00ef\u00bf\u00bd\f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdg\u0016\u00ef\u00bf\u00bd+y^;\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0006" + }, + "media": { + "media.type": "be:83:67:a5:4d:0f:66:cc:36:bf:0e:07:83:15:8d:77:d3:1d:42:d5:ee:c2:53:d0:d0:50:fd:c4:59:1a:80:c7:a4:10:58:15:29:6c:72:cd:2f:65:2a:78:9c:06:ad:1d:0f:7f:f6:3e:ee:95:53:e1:9f:85:4b:db:5a:27:9a:b2:8d:99:4d:76:78:bf:fc:73:05:1e:ae:17:9f:0c:c7:d9:67:16:e5:2b:79:5e:3b:e4:c5:be:06:00:9e:75:a6:47:5f:f2:7c:c9:c1:b6:b3:dc:2c:e0:cc:ff:27:1d:73:39:72:dd:b9:f9:e1:d7:5d:14:3e:3e:c1:2d:4f:17:4d:10:61:2a:33:dc:18:98:54:2f:74:d2:0e:33:03:a8:c9:fa:84:94:6b:72:48:df:a0:b9:cd:5b:35:34:cb:7c:fc:ac:c5:d4:2f:60:f7:95:4c:9a:0f:98:62:c7:08:a2:29:cb:e0:f1:0c:e9:c0:af:1e:2d:7e:37:e3:64:fb:7f:d0:4d:ff:3b:0a:2c:31:08:65:1b:17:65:26:d0:1d:57:68:0a:8b:81:d6:9f:84:b1:7e:63:d4:50:49:cf:71:78:39:53:a1:80:9d:4f:ac:08:56:d9:3e:38:92:e0:03:15:d6:ba:6f:aa:0e:26:fc:5d:a6:20:9a:fe:eb:a1:50:83:40:00:68:c0:16:af:dc:57:7d:2c:25:18:27:ac:01:47:1b:7f:a7:a8:77:4f:fc:87:c4:41:92:31:a7:49:87:9b:01:a1:6d:c1:ab:ae:f9:3e:c5:14:9f:e7:69:fd:0f:6a:36:7a:46:4c:40:bd:70:ad:65:4c:b3:93:50:db:c5:4d:e8:fe:c5:86:fa:ee:f0:c8:e3:3e:9c:2c:c5:06:7a:9b:8a:a8:e0:40:bf:44:1e:04:82:58:bf:a9:21:88:59:44:b3:fa:d7:88:5c:cf:3f:be:ed:82:39:33:7b:cc:1f:a1:fb:9a:ab:14:f9:fb:b9:d1:cd:d8:29:48:20:ca:bf:0f:73:2b:b3:23:4e:1b:35:22:36:93:7e:77:87:a1:35:7c:25:91:6c:13:cd:50:03:03:3f:b6:0a:40:d1:a6:62:fc:d1:f9:d3:8d:90:7d:7c:1b:5a:0a:ca:ef:ac:93:d4:c3:9a:87:48:2c:9d:b6:8f:f9:09:fc:9e:68:08:48:e1:0a:4b:21:76:72:29:d6:38:b2:79:06:4d:2e:fc:06:25:29:7e:80:bb:a0:94:f0:e9:dd:91:1d:de:58:1d:b1:27:a3:34:cf:be:5e:20:7c:83:db:4e:f1:7e:a0:34:00:92:56:8e:5c:11:a1:32:b9:bf:59:86:ec:6d:11:85:8c:a8:a4:13:f6:1a:09:6c:7d:43:81:8c:cb:07:22:ae:72:ed:e5:1d:02:82:9b:35:01:a2:a7:87:cd:03:91:4e:19:43:df:7f:bd:7a:c3:ea:0b:6a:87:2a:ce:65:a6:ce:bc:ce:18:f9:98:78:b9:01:ab:9c:50:ba:d0:4c:6f:13:b3:a9:ed:82:d9:f8:ac:74:2d:be:d2:c1:40:a7:11:af:70:d8:15:2d:73:dc:6b:c3:9e:83:c8:d9:f9:f9:9c:33:33:bf:0f:90:0c:20:1a:39:fa:8b:a1:27:9b:e0:68:8c:bf:2e:d8:be:8f:41:9c:1a:45:30:05:91:95:47:93:12:5a:c3:fb:b9:16:b5:3e:00:03:92:bf:75:03:66:68:2a:1c:89:78:29:8e:f8:b6:23:a8:84:f1:d2:9b:11:76:01:29:73:ed:92:5b:1e:3f:31:98:46:a9:b3:32:95:70:fb:2a:9e:9a:1e:50:9e:bf:2f:49:97:56:31:eb:d6:aa:4c:49:e3:87:38:96:6a:80:e8:55:b1:8a:1a:74:24:34:e4:31:79:56:8f:a4:3e:da:4d:31:71:b8:d1:8e:d8:18:47:8f:f3:1f:ec:93:00:31:7e:c3:d6:56:81:5f:b5:6a:83:fc:04:4a:78:bd:20:6e:ea:13:69:d1:bb:6f:f9:09:eb:0f:71:52:00:bd:ce:56:ae:83:4b:cd:67:1a:6a:25:e9:ca:28:9a:5d:5b:40:f6:2c:38:de:4e:d4:e4:a2:1a:31:2f:3f:70:6c:8e:03:9e:e1:ca:ea:6a:bb:c7:6d:9b:89:ac:9a:ca:36:7d:88:5b:94:84:8c:18:ad:d5:42:4a:93:a5:8b:35:42:1c:5c:7d:1b:a4:1b:f6:53:7d:24:84:57:29:9f:d9:34:f0:8c:c3:4e:a5:7c:c8:f5:2b:21:ad:ff:70:86:ab:fd:78:e4:2c:64:c8:4f:6b:28:d6:bc:34:98:e9:b1:b4:95:27:1d:6a:46:33:64:16:75:21:be:12:c7:e8:46:97:b3:e9:79:62:e8:cf:1a:29:3f:8c:d3:b5:11:aa:35:6e:8d:55:d5:9f:ab:5d:db:11:7e:b9:ad:2a:18:9c:4e:a9:72:4a:8d:ad:15:a7:06:a6:cc:b6:43:41:22:5b:9c:fe:fc:41:4c:0c:1a:5e:30:49:e2:32:5d:81:19:24:c1:b8:93:82:23:96:bc:04:71:ee:60:fb:61:be:e8:00:f9:45:9b:62:56:a4:b0:8b:8c:6d:e3:b4:8f:26:ee:e0:4e:19:55:60:0e:5a:01:a8:d7:ec:e9:79:a1:a4:48:e4:90:72:2c:a3:3f:4e:55:c6:8f:81:f0:99:08:ad:52:08:de:d3:db:4f:5e:ad:4e:0b:98:a0:81:9e:46:3c:2b:8f:10:ff:f5:2f:47:39:9a:4e:f3:3d:e0:ed:40:5c:7b:67:c3:0a:67:70:99:9c:c6:ab:ad:e9:1f:e0:14:aa:d7:50:4d:f8:25:56:91:9f:41:fb:cb:51:f2:8d:c9:57:46:ea:26:16:2e:8a:1a:6f:9f:3c:ed:2e:f1:58:20:c6:cc:92:6e:48:37:b2:fc:98:ad:b3:64:77:e5:ea:da:32:4f:c3:7b:26:f8:82:18:bb:7c:98:53:17:65:fa:0c:ab:ef:61:00:32:84:09:cc:2c:97:b0:3c:a0:20:60:47:b5:4d:2f:76:a6:4c:f2:23:06:2b:49:2c:19:42:44:ce:ae:82:81:9f:04:0a:c2:7e:ef:ff:6e:88:18:bc:33:74:d8:11:3a:64:bd:8f:74:cf:45:ce:4a:30:84:10:e7:21:c5:7e:1c:10:99:78:d7:e6:5d:ad:79:02:e7:ca:6e:14:50:42:25:0b:08:0d:af:94:b5:55:bf:73:54:27:c6:ab:9e:ee:b8:0a:81:b9:cb:22:38:02:4a:3c:69:a5:5e:b2:f9:9a:30:5d:9a:31:13" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:25.247437000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495085.247437000", + "frame.time_delta": "0.136414000", + "frame.time_delta_displayed": "0.136414000", + "frame.time_relative": "1493.786751000", + "frame.number": "5129", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000094a7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000f633", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35308", + "tcp.port": "80", + "tcp.port": "35308", + "tcp.stream": "188", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000a1fc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5128", + "tcp.analysis.ack_rtt": "0.136414000", + "tcp.analysis.initial_rtt": "0.136778000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:25.370807000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495085.370807000", + "frame.time_delta": "0.123370000", + "frame.time_delta_displayed": "0.123370000", + "frame.time_relative": "1493.910121000", + "frame.number": "5130", + "frame.len": "925", + "frame.cap_len": "925", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "911", + "ip.id": "0x0000c801", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000bf72", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35308", + "tcp.port": "80", + "tcp.port": "35308", + "tcp.stream": "188", + "tcp.len": "871", + "tcp.seq": "1", + "tcp.nxtseq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000a55d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136778000", + "tcp.analysis.bytes_in_flight": "871", + "tcp.analysis.push_bytes_sent": "871" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_length_header": "560", + "http.content_length_header_tree": { + "http.content_length": "560" + }, + "http.response.line": "Content-Length: 560\r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Nonce=\"rQDslO2oIxe9INUImx2QNg==\"", + "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"rQDslO2oIxe9INUImx2QNg==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Wed, 01 Nov 2017 00:11:24 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:11:24 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.259784000", + "http.request_in": "5128", + "http.file_data": "\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdg\u00ef\u00bf\u00bdM\u000ff\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bd\u000e\u0007\u00ef\u00bf\u00bd\u0015\u00ef\u00bf\u00bdw\u00ef\u00bf\u00bd\u001dB\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdP\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdY\u001a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdAX5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd5b\u001e\u00ef\u00bf\u00bdO\u00ef\u00bf\u00bd\u0013\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001a+{\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00167`\u00ef\u00bf\u00bd+\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdSe\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdF\u0001\u00ef\u00bf\u00bdv\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdT\u00ef\u00bf\u00bd:U\b\u00ef\u00bf\u00bdv\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdF\u00ef\u00bf\u00bd[QK\u00ef\u00bf\u00bdy\u00ef\u00bf\u00bdG&\u00ef\u00bf\u00bdlps\u00ef\u00bf\u00bd#\u00ef\u00bf\u00bdXV\u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdb\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdv\u00ef\u00bf\u00bd'\u00ef\u00bf\u00bd#\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdl\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001br<n\u00ef\u00bf\u00bdnOv\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0005\u00ef\u00bf\u00bd\u0002\u0010@\u00ef\u00bf\u00bd9\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0004\u00ef\u00bf\u00bd\u0012\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd)\u00ef\u00bf\u00bdY\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0011o\u00ef\u00bf\u00bd\u001d\u00ef\u00bf\u00bd*\u00ef\u00bf\u00bd5-\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdk;\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|\u00ef\u00bf\u00bd4!|+\u00ef\u00bf\u00bdfnEX\u001d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd*\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd{\u00ef\u00bf\u00bdcWjz\u00ef\u00bf\u00bd<\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdP\u00ef\u00bf\u00bdd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdo\u000b\u00ef\u00bf\u00bd\u0013\u00ef\u00bf\u00bdCJ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdIM\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdT\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bdA[\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\b\u00ef\u00bf\u00bd!$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd8\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdHAMS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdZ\u00ef\u00bf\u00bd\u0005\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "be:83:67:a5:4d:0f:66:cc:36:bf:0e:07:83:15:8d:77:d3:1d:42:d5:ee:c2:53:d0:d0:50:fd:c4:59:1a:80:c7:e6:df:d8:14:a3:8f:41:58:35:d0:a2:85:ec:35:62:1e:cc:4f:cd:13:99:99:1a:2b:7b:b4:9b:16:37:60:fa:2b:e5:33:a9:e9:c0:53:65:89:b7:e1:46:01:bd:76:f9:a0:db:54:81:3a:55:08:88:76:8a:dc:46:b0:5b:51:4b:92:79:f4:47:26:fd:6c:70:73:ec:23:9d:58:56:7f:d6:ca:ef:ba:d8:62:ed:f0:ef:76:81:27:bf:23:f7:96:d9:6c:c2:b2:1b:72:3c:6e:da:6e:4f:76:98:d3:05:fc:02:10:40:e9:39:d4:c9:04:89:12:89:b5:29:f1:59:d2:b3:b5:b4:11:6f:cf:1d:8c:2a:ee:35:2d:8a:11:95:94:9b:0b:dd:e0:f6:6b:3b:fe:d6:7c:8e:34:21:7c:2b:90:66:6e:45:58:1d:d3:8d:2a:9c:cf:7b:af:63:57:6a:7a:96:3c:82:ee:50:9c:64:b2:bf:6f:0b:a4:13:f5:43:4a:b9:b8:b0:e8:49:4d:ec:e4:db:e9:f9:54:b9:02:82:a6:02:8f:41:5b:e9:99:05:b0:9e:08:88:21:24:a2:b1:38:ad:a5:48:41:4d:53:f9:fd:5a:c1:05:8a:00:95:9e:89:a2:00:ab:16:8f:ca:fc:a7:c9:6f:06:18:b4:e8:4f:ce:6a:02:5f:b9:bd:87:13:0f:9e:0d:4b:46:ba:fd:ad:8a:bc:82:9b:c7:89:89:8c:e1:01:67:ab:1d:bc:1f:21:56:54:f8:95:43:c4:f7:20:b4:f3:bc:03:bb:67:69:c3:b3:07:85:47:bc:94:b1:00:f5:3a:5e:b5:df:2e:2a:64:91:fc:f8:13:a5:a1:36:f8:ff:75:3d:fc:a1:d9:4c:ae:55:26:2c:d6:30:9e:b2:6a:1c:14:db:a5:b2:ee:e0:0e:24:f6:5d:c4:a9:34:1e:d8:a8:50:eb:b4:62:49:35:91:1d:b1:b9:4c:d0:71:37:c7:16:69:8d:e3:17:1e:6a:9b:9e:24:9b:0c:ef:88:0c:22:a0:59:17:26:e9:0b:bb:e6:d8:2a:98:95:e4:02:5a:e3:c6:06:4a:cc:7d:e2:f7:e7:98:89:de:81:3f:4a:bf:19:11:55:c8:ca:0f:75:bb:3e:55:86:e8:33:e1:84:29:62:35:e2:e6:f6:8c:84:6c:df:c4:ee:1d:64:a1:e3:a8:a8:aa:dd:b9:7a:20:9d:16:9c:31:39:ed:22:08:49:ca:5b:cc:d7:d8:73:7f:6e:c2:36:01:92:ef:13:84:72:8b:2d:80:26:ab:02:33:c0:7d:07:5d:9b:38:24:42:4a:3f:fa:2e:40:5a:65:c1:dd:44:37:1e:d2:c7:b1:5f:6f:ef:6a:78:56:01:36:14:8a:f7:23:5d:8c:ee" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:25.370900000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495085.370900000", + "frame.time_delta": "0.000093000", + "frame.time_delta_displayed": "0.000093000", + "frame.time_relative": "1493.910214000", + "frame.number": "5131", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c803", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000c2d7", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35308", + "tcp.port": "80", + "tcp.port": "35308", + "tcp.stream": "188", + "tcp.len": "0", + "tcp.seq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00009e94", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:25.371383000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495085.371383000", + "frame.time_delta": "0.000483000", + "frame.time_delta_displayed": "0.000483000", + "frame.time_relative": "1493.910697000", + "frame.number": "5132", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000931", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002cab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35308", + "tcp.dstport": "80", + "tcp.port": "35308", + "tcp.port": "80", + "tcp.stream": "188", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "872", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003ee4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5130", + "tcp.analysis.ack_rtt": "0.000576000", + "tcp.analysis.initial_rtt": "0.136778000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:25.372408000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495085.372408000", + "frame.time_delta": "0.001025000", + "frame.time_delta_displayed": "0.001025000", + "frame.time_relative": "1493.911722000", + "frame.number": "5133", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000932", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002caa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35308", + "tcp.dstport": "80", + "tcp.port": "35308", + "tcp.port": "80", + "tcp.stream": "188", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "873", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003ee2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5131", + "tcp.analysis.ack_rtt": "0.001508000", + "tcp.analysis.initial_rtt": "0.136778000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:25.402597000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495085.402597000", + "frame.time_delta": "0.030189000", + "frame.time_delta_displayed": "0.030189000", + "frame.time_relative": "1493.941911000", + "frame.number": "5134", + "frame.len": "134", + "frame.cap_len": "134", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:adwin_config" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "120", + "ip.id": "0x00000b7e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed0e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "100", + "udp.checksum": "0x00001917", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "adwin_config": { + "adwin_config.pattern": "0x5c000054", + "adwin_config.version": "1112689490", + "adwin_config.scan_id": "0xd073d502", + "adwin_config.status": "0x41da0000", + "adwin_config.timeout": "1279870552", + "adwin_config.filename": "V2", + "adwin_config.mac": "fc:de:8e:3a:f3:96", + "adwin_config.unused": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:25.508270000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495085.508270000", + "frame.time_delta": "0.105673000", + "frame.time_delta_displayed": "0.105673000", + "frame.time_relative": "1494.047584000", + "frame.number": "5135", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000059a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00008541", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35308", + "tcp.port": "80", + "tcp.port": "35308", + "tcp.stream": "188", + "tcp.len": "0", + "tcp.seq": "873", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00009e93", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5133", + "tcp.analysis.ack_rtt": "0.135862000", + "tcp.analysis.initial_rtt": "0.136778000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:26.830942000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495086.830942000", + "frame.time_delta": "1.322672000", + "frame.time_delta_displayed": "1.322672000", + "frame.time_relative": "1495.370256000", + "frame.number": "5136", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000b945", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ff74", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "36771", + "udp.dstport": "53", + "udp.port": "36771", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00002665", + "udp.checksum.status": "2", + "udp.stream": "124" + }, + "dns": { + "dns.id": "0x00000f35", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:26.831550000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495086.831550000", + "frame.time_delta": "0.000608000", + "frame.time_delta_displayed": "0.000608000", + "frame.time_relative": "1495.370864000", + "frame.number": "5137", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000094e9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000023d1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "36771", + "udp.port": "53", + "udp.port": "36771", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "124" + }, + "dns": { + "dns.response_to": "5136", + "dns.time": "0.000608000", + "dns.id": "0x00000f35", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:26.832333000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495086.832333000", + "frame.time_delta": "0.000783000", + "frame.time_delta_displayed": "0.000783000", + "frame.time_relative": "1495.371647000", + "frame.number": "5138", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000b946", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ff73", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "38144", + "udp.dstport": "53", + "udp.port": "38144", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00003c07", + "udp.checksum.status": "2", + "udp.stream": "125" + }, + "dns": { + "dns.id": "0x00000f36", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:26.832881000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495086.832881000", + "frame.time_delta": "0.000548000", + "frame.time_delta_displayed": "0.000548000", + "frame.time_relative": "1495.372195000", + "frame.number": "5139", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x000094ea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000023c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "38144", + "udp.port": "53", + "udp.port": "38144", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "125" + }, + "dns": { + "dns.response_to": "5138", + "dns.time": "0.000548000", + "dns.id": "0x00000f36", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2291", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:26.834272000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495086.834272000", + "frame.time_delta": "0.001391000", + "frame.time_delta_displayed": "0.001391000", + "frame.time_relative": "1495.373586000", + "frame.number": "5140", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000f609", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003fc6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35309", + "tcp.dstport": "80", + "tcp.port": "35309", + "tcp.port": "80", + "tcp.stream": "189", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000b4f4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:26.971464000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495086.971464000", + "frame.time_delta": "0.137192000", + "frame.time_delta_displayed": "0.137192000", + "frame.time_relative": "1495.510778000", + "frame.number": "5141", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x000037ce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00005305", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35309", + "tcp.port": "80", + "tcp.port": "35309", + "tcp.stream": "189", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x0000145c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5140", + "tcp.analysis.ack_rtt": "0.137192000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:26.972000000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495086.972000000", + "frame.time_delta": "0.000536000", + "frame.time_delta_displayed": "0.000536000", + "frame.time_relative": "1495.511314000", + "frame.number": "5142", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f60a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003fd1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35309", + "tcp.dstport": "80", + "tcp.port": "35309", + "tcp.port": "80", + "tcp.stream": "189", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000ddea", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5141", + "tcp.analysis.ack_rtt": "0.000536000", + "tcp.analysis.initial_rtt": "0.137728000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:26.972015000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495086.972015000", + "frame.time_delta": "0.000015000", + "frame.time_delta_displayed": "0.000015000", + "frame.time_relative": "1495.511329000", + "frame.number": "5143", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x0000f60b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003d78", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35309", + "tcp.dstport": "80", + "tcp.port": "35309", + "tcp.port": "80", + "tcp.stream": "189", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000c7bd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137728000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:38:22:2c:20:4e:6f:6e:63:65:3d:22:72:51:44:73:6c:4f:32:6f:49:78:65:39:49:4e:55:49:6d:78:32:51:4e:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:61:4b:6e:33:57:4e:4e:5a:4a:42:4e:57:31:33:4f:34:63:57:64:6c:58:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:27.110044000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495087.110044000", + "frame.time_delta": "0.138029000", + "frame.time_delta_displayed": "0.138029000", + "frame.time_relative": "1495.649358000", + "frame.number": "5144", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000074f6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x000015e5", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35309", + "tcp.port": "80", + "tcp.port": "35309", + "tcp.stream": "189", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003b1f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5143", + "tcp.analysis.ack_rtt": "0.138029000", + "tcp.analysis.initial_rtt": "0.137728000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:27.110666000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495087.110666000", + "frame.time_delta": "0.000622000", + "frame.time_delta_displayed": "0.000622000", + "frame.time_relative": "1495.649980000", + "frame.number": "5145", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x0000f60c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003aef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35309", + "tcp.dstport": "80", + "tcp.port": "35309", + "tcp.port": "80", + "tcp.stream": "189", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00005d2b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137728000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "19:00:9b:9f:ed:68:dd:ae:c8:d4:19:21:89:79:a6:3b:80:ae:a8:d9:ff:d4:e4:1a:48:eb:1e:dd:37:14:09:cf:fb:a0:3d:76:98:54:78:29:1b:a1:3b:25:e8:59:1d:89:4e:d5:f4:8b:74:24:d5:6c:9c:c4:49:f6:ad:22:99:c3:90:28:7c:71:3a:d4:4d:16:0e:c0:d5:2b:40:2d:73:9f:8a:21:12:80:0a:47:a2:4d:9b:ca:0d:56:a8:d5:f5:c1:2f:40:f6:f1:a1:51:d6:86:10:03:31:1b:00:ff:56:54:20:49:08:cf:3b:05:e1:21:bc:77:11:2e:9b:5e:2a:df:29:7a:7c:d4:3f:f6:ee:30:28:4a:7d:25:6c:60:b5:94:91:90:4f:ab:1d:03:6d:12:29:f7:c1:b5:ea:c7:98:3d:e3:e8:35:8a:cb:24:ba:63:57:97:bc:98:9b:bf:11:bc:f4:46:52:d1:5c:10:49:d2:f7:4d:9a:f7:5e:03:4b:ef:03:3e:b1:3f:c9:b4:b3:11:13:43:05:2f:cd:3b:54:4e:bf:49:33:01:13:2a:ae:ac:1b:cc:0c:1e:05:97:8d:f9:96:7b:19:87:a8:5c:fe:3e:8a:f6:01:6a:85:c0:bd:88:4a:a8:d7:ac:b0:86:d0:ec:64:aa:8e:16:bc:83:bb:ae:a2:fa:d1:88:f8:ca:d0:a5:c3:95:b6:40:a2:96:e4:50:2a:fe:54:80:b0:61:6d:90:f9:51:b8:c3:ab:f5:59:6a:bb:e4:66:0d:5f:f4:ae:0e:3e:28:c0:8b:a6:49:c0:87:27:7a:5d:1a:f5:b8:b9:e3:81:ff:e2:f4:87:e5:4b:be:d7:3a:2b:32:40:e1:a3:cc:2a:75:33:d1:8c:e6:1c:61:43:96:a7:84:f2:fa:39:73:4a:51:6b:51:d9:5b:bc:ec:59:a5:50:bd:a2:26:42:6b:ea:70:3b:68:2f:77:78:b8:b2:99:ea:51:2f:1e:7b:1c:63:4b:7f:a9:26:95:77:1b:f4:c1:04:94:e1:9a:9d:ac:3d:fe:4a:41:d6:2b:29:20:68:b0:c8:1b:b6:1c:86:6b:74:48:b0:0b:47:55:7a:60:30:42:07:05:f1:dc:fb:a7:fd:9d:e7:eb:cf:5a:e3:f4:2d:b5:b4:a8:56:e7:64:51:39:73:6c:92:b1:c1:83:f3:a2:04:0d:da:03:43:9c:5b:20:c5:7f:68:1f:43:3e:c7:c6:0e:84:e2:f8:90:fd:e6:44:6b:1e:16:18:ae:66:5b:43:b5:0e:02:9e:25:35:9d:50:60:79:a5:49:ee:17:cf:2e:0c:76:5e:74:a2:8f:7f:4d:d6:5e:07:be:1d:7e:d9:7f:91:c1:ac:51:ba:3f:ef:55:8c:43:42:33:04:ee:d5:ad:a0:12:3f:86:9b:95:4c:e5:c9:a8:8e:d4:d5:2a:a1:ae:06:2c:4e:37:91:bd:f6:9b:66:79:ed:16:a4:4b:12:26:2f:37:f7:c3:cf:b9:72:aa:fb:9e:ad:e5:90:14:02:8b:e5:70:c0:12:bc:40:1f:04:a3:6f:5a:77:ef:59:d6:2a:0f:45:a0:af:48:06:cb:fd:8a:20:a1:00:1a:91:07:3b:5a:a2:69:12:a3:89:ae:64:84:e5:41:63:b4:40:ea:61:5a:2b:57:b7:eb:dc:49:5a:0c:c0:cd:f5:bb:67:df:13:57:b7:e0:3c:be:1c:cb:3c:6a:90:e1:c8:72:e3:85:a4:ec:46:37:d7:13:f0:01:46:18:25:ad:eb:d6:1f:e0:77:f8:ae:fa:c1:28:3d:26:fb:e2:bd:4b:55:a7:58:de:f3:c6:e0:90:f4:52:90:05:41:0c:b4:2f:a4:c5:1c:ee:80:af:03:7f:ec:40:3a:3d:bd:e4:75:a2:04:2d:56:52:5e:e3:e4:85:fd:48:0b:1b:bc:3d:aa:a5:9b:76:ad:45:c6:62:ef:7b:9a:f6:a6:e7:d3:45:72:f2:e8:a3:f2:3e:89:15:46:8b:5a:70:4a:d8:78:87:84:b5:01:95:86:0c:fa:d2:d9:21:1f:da:b0:13:e9:47:dc:70:a2:b4:73:f0:a7:69:0e:96:4c:c5:13:01:76:dd:c2:ad:94:09:92:94:11:86:f7:c5:96:c2:29:db:93:2d:9c:38:9a:49:83:37:07:fe:9a:e2:b6:39:17:af:62:2c:e6:4d:ea:82:43:fd:1f:4b:da:44:f6:54:c0:59:bd:79:40:a5:36:91:5d:91:a7:2c:31:62:e5:a3:c7:c6:62:93:d5:a7:90:db:f7:4a:6c:00:89:a3:bb:0f:0e:2f:fe:7e:7f:ab:08:a7:21:f9:fd:cb:07:3c:6a:dd:45:89:c5:47:ba:fc:50:8c:80:f8:6f:22:5d:c7:ab:16:32:3d:b7:b2:9e:4a:74:2b:09:f2:fc:d2:6b:fb:db:b1:03:e6:59:e0:b4:49:01:80:cf:11:83:7b:33:53:f4:90:ea:3b:6a:b5:d6:39:e5:cf:d0:bf:42:28:18:bd:10:68:a1:09:8f:00:59:25:67:4c:f6:a4:7a:77:5d:52:0a:14:a2:df:44:e0:2e:d1:de:59:ce:18:8e:8a:de:0e:d8:50:1c:f9:fd:9d:58:a2:11:df:a5:69:f0:a2:ff:ab:1b:f4:c0:f3:2a:b9:af:e2:49:d2:2c:4f:25:2b:94:9b:89:bc:4c:99:b8:8a:bf:9e:92:4e:aa:37:01:e1:60:03:3c:dd:9f:78:94:00:02:bf:78:86:d6:55:22:cc:78:a6:77:f7:07:c3:83:77:e1:5a:d9:52:1e:17:bc:c8:64:4e:89:d3:ef:e5:10:ea:fd:f2:62:33:12:d4:5b:6c:68:4f:8f:5f:dc:86:d2:f5:96:a1:bb:dd:8e:08:bf:c9:e0:a4:12:c6:46:3c:40:d1:86:a2:af:20:0b:8b:cc:0a:c0:8e:d2:5c:45:b1:32:43:63:ff:fa:26:54:d3:d7:ea:8f:24:e7:9a:1f:11:ea:b4:7b:ba:bd:2b:a6:07:d2:8d:45:5e:e5:8e:27:2f:e6:27:23:0a:2d:42:94:3a:47:33:33:82:77:27:91:75:68:13:38:61:7f:85:33:0c:f8:58:b5:1e:89:01:ac:06:4d:25:fc:3e:f3:eb:e1:94:08:4f:a4:86:cf:b8:c9:e5:df:41:46:9d:99:19:61:3c:9b:32:47:41:27:92:86:ae:dd:d9:c2:ef:0a:9d:d9:27:dc:e0:ca:3d:13:fb:7d:40:2c:2d:e7:c9:73:ce:15:1b:3b:ef:c8:7e:24:e2:14:46:14:cd:fd:26:71:66:fa:95" + }, + "tcp.segments": { + "tcp.segment": "5143", + "tcp.segment": "5145", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:38:22:2c:20:4e:6f:6e:63:65:3d:22:72:51:44:73:6c:4f:32:6f:49:78:65:39:49:4e:55:49:6d:78:32:51:4e:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:61:4b:6e:33:57:4e:4e:5a:4a:42:4e:57:31:33:4f:34:63:57:64:6c:58:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:19:00:9b:9f:ed:68:dd:ae:c8:d4:19:21:89:79:a6:3b:80:ae:a8:d9:ff:d4:e4:1a:48:eb:1e:dd:37:14:09:cf:fb:a0:3d:76:98:54:78:29:1b:a1:3b:25:e8:59:1d:89:4e:d5:f4:8b:74:24:d5:6c:9c:c4:49:f6:ad:22:99:c3:90:28:7c:71:3a:d4:4d:16:0e:c0:d5:2b:40:2d:73:9f:8a:21:12:80:0a:47:a2:4d:9b:ca:0d:56:a8:d5:f5:c1:2f:40:f6:f1:a1:51:d6:86:10:03:31:1b:00:ff:56:54:20:49:08:cf:3b:05:e1:21:bc:77:11:2e:9b:5e:2a:df:29:7a:7c:d4:3f:f6:ee:30:28:4a:7d:25:6c:60:b5:94:91:90:4f:ab:1d:03:6d:12:29:f7:c1:b5:ea:c7:98:3d:e3:e8:35:8a:cb:24:ba:63:57:97:bc:98:9b:bf:11:bc:f4:46:52:d1:5c:10:49:d2:f7:4d:9a:f7:5e:03:4b:ef:03:3e:b1:3f:c9:b4:b3:11:13:43:05:2f:cd:3b:54:4e:bf:49:33:01:13:2a:ae:ac:1b:cc:0c:1e:05:97:8d:f9:96:7b:19:87:a8:5c:fe:3e:8a:f6:01:6a:85:c0:bd:88:4a:a8:d7:ac:b0:86:d0:ec:64:aa:8e:16:bc:83:bb:ae:a2:fa:d1:88:f8:ca:d0:a5:c3:95:b6:40:a2:96:e4:50:2a:fe:54:80:b0:61:6d:90:f9:51:b8:c3:ab:f5:59:6a:bb:e4:66:0d:5f:f4:ae:0e:3e:28:c0:8b:a6:49:c0:87:27:7a:5d:1a:f5:b8:b9:e3:81:ff:e2:f4:87:e5:4b:be:d7:3a:2b:32:40:e1:a3:cc:2a:75:33:d1:8c:e6:1c:61:43:96:a7:84:f2:fa:39:73:4a:51:6b:51:d9:5b:bc:ec:59:a5:50:bd:a2:26:42:6b:ea:70:3b:68:2f:77:78:b8:b2:99:ea:51:2f:1e:7b:1c:63:4b:7f:a9:26:95:77:1b:f4:c1:04:94:e1:9a:9d:ac:3d:fe:4a:41:d6:2b:29:20:68:b0:c8:1b:b6:1c:86:6b:74:48:b0:0b:47:55:7a:60:30:42:07:05:f1:dc:fb:a7:fd:9d:e7:eb:cf:5a:e3:f4:2d:b5:b4:a8:56:e7:64:51:39:73:6c:92:b1:c1:83:f3:a2:04:0d:da:03:43:9c:5b:20:c5:7f:68:1f:43:3e:c7:c6:0e:84:e2:f8:90:fd:e6:44:6b:1e:16:18:ae:66:5b:43:b5:0e:02:9e:25:35:9d:50:60:79:a5:49:ee:17:cf:2e:0c:76:5e:74:a2:8f:7f:4d:d6:5e:07:be:1d:7e:d9:7f:91:c1:ac:51:ba:3f:ef:55:8c:43:42:33:04:ee:d5:ad:a0:12:3f:86:9b:95:4c:e5:c9:a8:8e:d4:d5:2a:a1:ae:06:2c:4e:37:91:bd:f6:9b:66:79:ed:16:a4:4b:12:26:2f:37:f7:c3:cf:b9:72:aa:fb:9e:ad:e5:90:14:02:8b:e5:70:c0:12:bc:40:1f:04:a3:6f:5a:77:ef:59:d6:2a:0f:45:a0:af:48:06:cb:fd:8a:20:a1:00:1a:91:07:3b:5a:a2:69:12:a3:89:ae:64:84:e5:41:63:b4:40:ea:61:5a:2b:57:b7:eb:dc:49:5a:0c:c0:cd:f5:bb:67:df:13:57:b7:e0:3c:be:1c:cb:3c:6a:90:e1:c8:72:e3:85:a4:ec:46:37:d7:13:f0:01:46:18:25:ad:eb:d6:1f:e0:77:f8:ae:fa:c1:28:3d:26:fb:e2:bd:4b:55:a7:58:de:f3:c6:e0:90:f4:52:90:05:41:0c:b4:2f:a4:c5:1c:ee:80:af:03:7f:ec:40:3a:3d:bd:e4:75:a2:04:2d:56:52:5e:e3:e4:85:fd:48:0b:1b:bc:3d:aa:a5:9b:76:ad:45:c6:62:ef:7b:9a:f6:a6:e7:d3:45:72:f2:e8:a3:f2:3e:89:15:46:8b:5a:70:4a:d8:78:87:84:b5:01:95:86:0c:fa:d2:d9:21:1f:da:b0:13:e9:47:dc:70:a2:b4:73:f0:a7:69:0e:96:4c:c5:13:01:76:dd:c2:ad:94:09:92:94:11:86:f7:c5:96:c2:29:db:93:2d:9c:38:9a:49:83:37:07:fe:9a:e2:b6:39:17:af:62:2c:e6:4d:ea:82:43:fd:1f:4b:da:44:f6:54:c0:59:bd:79:40:a5:36:91:5d:91:a7:2c:31:62:e5:a3:c7:c6:62:93:d5:a7:90:db:f7:4a:6c:00:89:a3:bb:0f:0e:2f:fe:7e:7f:ab:08:a7:21:f9:fd:cb:07:3c:6a:dd:45:89:c5:47:ba:fc:50:8c:80:f8:6f:22:5d:c7:ab:16:32:3d:b7:b2:9e:4a:74:2b:09:f2:fc:d2:6b:fb:db:b1:03:e6:59:e0:b4:49:01:80:cf:11:83:7b:33:53:f4:90:ea:3b:6a:b5:d6:39:e5:cf:d0:bf:42:28:18:bd:10:68:a1:09:8f:00:59:25:67:4c:f6:a4:7a:77:5d:52:0a:14:a2:df:44:e0:2e:d1:de:59:ce:18:8e:8a:de:0e:d8:50:1c:f9:fd:9d:58:a2:11:df:a5:69:f0:a2:ff:ab:1b:f4:c0:f3:2a:b9:af:e2:49:d2:2c:4f:25:2b:94:9b:89:bc:4c:99:b8:8a:bf:9e:92:4e:aa:37:01:e1:60:03:3c:dd:9f:78:94:00:02:bf:78:86:d6:55:22:cc:78:a6:77:f7:07:c3:83:77:e1:5a:d9:52:1e:17:bc:c8:64:4e:89:d3:ef:e5:10:ea:fd:f2:62:33:12:d4:5b:6c:68:4f:8f:5f:dc:86:d2:f5:96:a1:bb:dd:8e:08:bf:c9:e0:a4:12:c6:46:3c:40:d1:86:a2:af:20:0b:8b:cc:0a:c0:8e:d2:5c:45:b1:32:43:63:ff:fa:26:54:d3:d7:ea:8f:24:e7:9a:1f:11:ea:b4:7b:ba:bd:2b:a6:07:d2:8d:45:5e:e5:8e:27:2f:e6:27:23:0a:2d:42:94:3a:47:33:33:82:77:27:91:75:68:13:38:61:7f:85:33:0c:f8:58:b5:1e:89:01:ac:06:4d:25:fc:3e:f3:eb:e1:94:08:4f:a4:86:cf:b8:c9:e5:df:41:46:9d:99:19:61:3c:9b:32:47:41:27:92:86:ae:dd:d9:c2:ef:0a:9d:d9:27:dc:e0:ca:3d:13:fb:7d:40:2c:2d:e7:c9:73:ce:15:1b:3b:ef:c8:7e:24:e2:14:46:14:cd:fd:26:71:66:fa:95" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"198\", Nonce=\"rQDslO2oIxe9INUImx2QNg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"aKn3WNNZJBNW13O4cWdlXg==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"198\", Nonce=\"rQDslO2oIxe9INUImx2QNg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"aKn3WNNZJBNW13O4cWdlXg==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "\u0019" + }, + "media": { + "media.type": "19:00:9b:9f:ed:68:dd:ae:c8:d4:19:21:89:79:a6:3b:80:ae:a8:d9:ff:d4:e4:1a:48:eb:1e:dd:37:14:09:cf:fb:a0:3d:76:98:54:78:29:1b:a1:3b:25:e8:59:1d:89:4e:d5:f4:8b:74:24:d5:6c:9c:c4:49:f6:ad:22:99:c3:90:28:7c:71:3a:d4:4d:16:0e:c0:d5:2b:40:2d:73:9f:8a:21:12:80:0a:47:a2:4d:9b:ca:0d:56:a8:d5:f5:c1:2f:40:f6:f1:a1:51:d6:86:10:03:31:1b:00:ff:56:54:20:49:08:cf:3b:05:e1:21:bc:77:11:2e:9b:5e:2a:df:29:7a:7c:d4:3f:f6:ee:30:28:4a:7d:25:6c:60:b5:94:91:90:4f:ab:1d:03:6d:12:29:f7:c1:b5:ea:c7:98:3d:e3:e8:35:8a:cb:24:ba:63:57:97:bc:98:9b:bf:11:bc:f4:46:52:d1:5c:10:49:d2:f7:4d:9a:f7:5e:03:4b:ef:03:3e:b1:3f:c9:b4:b3:11:13:43:05:2f:cd:3b:54:4e:bf:49:33:01:13:2a:ae:ac:1b:cc:0c:1e:05:97:8d:f9:96:7b:19:87:a8:5c:fe:3e:8a:f6:01:6a:85:c0:bd:88:4a:a8:d7:ac:b0:86:d0:ec:64:aa:8e:16:bc:83:bb:ae:a2:fa:d1:88:f8:ca:d0:a5:c3:95:b6:40:a2:96:e4:50:2a:fe:54:80:b0:61:6d:90:f9:51:b8:c3:ab:f5:59:6a:bb:e4:66:0d:5f:f4:ae:0e:3e:28:c0:8b:a6:49:c0:87:27:7a:5d:1a:f5:b8:b9:e3:81:ff:e2:f4:87:e5:4b:be:d7:3a:2b:32:40:e1:a3:cc:2a:75:33:d1:8c:e6:1c:61:43:96:a7:84:f2:fa:39:73:4a:51:6b:51:d9:5b:bc:ec:59:a5:50:bd:a2:26:42:6b:ea:70:3b:68:2f:77:78:b8:b2:99:ea:51:2f:1e:7b:1c:63:4b:7f:a9:26:95:77:1b:f4:c1:04:94:e1:9a:9d:ac:3d:fe:4a:41:d6:2b:29:20:68:b0:c8:1b:b6:1c:86:6b:74:48:b0:0b:47:55:7a:60:30:42:07:05:f1:dc:fb:a7:fd:9d:e7:eb:cf:5a:e3:f4:2d:b5:b4:a8:56:e7:64:51:39:73:6c:92:b1:c1:83:f3:a2:04:0d:da:03:43:9c:5b:20:c5:7f:68:1f:43:3e:c7:c6:0e:84:e2:f8:90:fd:e6:44:6b:1e:16:18:ae:66:5b:43:b5:0e:02:9e:25:35:9d:50:60:79:a5:49:ee:17:cf:2e:0c:76:5e:74:a2:8f:7f:4d:d6:5e:07:be:1d:7e:d9:7f:91:c1:ac:51:ba:3f:ef:55:8c:43:42:33:04:ee:d5:ad:a0:12:3f:86:9b:95:4c:e5:c9:a8:8e:d4:d5:2a:a1:ae:06:2c:4e:37:91:bd:f6:9b:66:79:ed:16:a4:4b:12:26:2f:37:f7:c3:cf:b9:72:aa:fb:9e:ad:e5:90:14:02:8b:e5:70:c0:12:bc:40:1f:04:a3:6f:5a:77:ef:59:d6:2a:0f:45:a0:af:48:06:cb:fd:8a:20:a1:00:1a:91:07:3b:5a:a2:69:12:a3:89:ae:64:84:e5:41:63:b4:40:ea:61:5a:2b:57:b7:eb:dc:49:5a:0c:c0:cd:f5:bb:67:df:13:57:b7:e0:3c:be:1c:cb:3c:6a:90:e1:c8:72:e3:85:a4:ec:46:37:d7:13:f0:01:46:18:25:ad:eb:d6:1f:e0:77:f8:ae:fa:c1:28:3d:26:fb:e2:bd:4b:55:a7:58:de:f3:c6:e0:90:f4:52:90:05:41:0c:b4:2f:a4:c5:1c:ee:80:af:03:7f:ec:40:3a:3d:bd:e4:75:a2:04:2d:56:52:5e:e3:e4:85:fd:48:0b:1b:bc:3d:aa:a5:9b:76:ad:45:c6:62:ef:7b:9a:f6:a6:e7:d3:45:72:f2:e8:a3:f2:3e:89:15:46:8b:5a:70:4a:d8:78:87:84:b5:01:95:86:0c:fa:d2:d9:21:1f:da:b0:13:e9:47:dc:70:a2:b4:73:f0:a7:69:0e:96:4c:c5:13:01:76:dd:c2:ad:94:09:92:94:11:86:f7:c5:96:c2:29:db:93:2d:9c:38:9a:49:83:37:07:fe:9a:e2:b6:39:17:af:62:2c:e6:4d:ea:82:43:fd:1f:4b:da:44:f6:54:c0:59:bd:79:40:a5:36:91:5d:91:a7:2c:31:62:e5:a3:c7:c6:62:93:d5:a7:90:db:f7:4a:6c:00:89:a3:bb:0f:0e:2f:fe:7e:7f:ab:08:a7:21:f9:fd:cb:07:3c:6a:dd:45:89:c5:47:ba:fc:50:8c:80:f8:6f:22:5d:c7:ab:16:32:3d:b7:b2:9e:4a:74:2b:09:f2:fc:d2:6b:fb:db:b1:03:e6:59:e0:b4:49:01:80:cf:11:83:7b:33:53:f4:90:ea:3b:6a:b5:d6:39:e5:cf:d0:bf:42:28:18:bd:10:68:a1:09:8f:00:59:25:67:4c:f6:a4:7a:77:5d:52:0a:14:a2:df:44:e0:2e:d1:de:59:ce:18:8e:8a:de:0e:d8:50:1c:f9:fd:9d:58:a2:11:df:a5:69:f0:a2:ff:ab:1b:f4:c0:f3:2a:b9:af:e2:49:d2:2c:4f:25:2b:94:9b:89:bc:4c:99:b8:8a:bf:9e:92:4e:aa:37:01:e1:60:03:3c:dd:9f:78:94:00:02:bf:78:86:d6:55:22:cc:78:a6:77:f7:07:c3:83:77:e1:5a:d9:52:1e:17:bc:c8:64:4e:89:d3:ef:e5:10:ea:fd:f2:62:33:12:d4:5b:6c:68:4f:8f:5f:dc:86:d2:f5:96:a1:bb:dd:8e:08:bf:c9:e0:a4:12:c6:46:3c:40:d1:86:a2:af:20:0b:8b:cc:0a:c0:8e:d2:5c:45:b1:32:43:63:ff:fa:26:54:d3:d7:ea:8f:24:e7:9a:1f:11:ea:b4:7b:ba:bd:2b:a6:07:d2:8d:45:5e:e5:8e:27:2f:e6:27:23:0a:2d:42:94:3a:47:33:33:82:77:27:91:75:68:13:38:61:7f:85:33:0c:f8:58:b5:1e:89:01:ac:06:4d:25:fc:3e:f3:eb:e1:94:08:4f:a4:86:cf:b8:c9:e5:df:41:46:9d:99:19:61:3c:9b:32:47:41:27:92:86:ae:dd:d9:c2:ef:0a:9d:d9:27:dc:e0:ca:3d:13:fb:7d:40:2c:2d:e7:c9:73:ce:15:1b:3b:ef:c8:7e:24:e2:14:46:14:cd:fd:26:71:66:fa:95" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:27.248083000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495087.248083000", + "frame.time_delta": "0.137417000", + "frame.time_delta_displayed": "0.137417000", + "frame.time_relative": "1495.787397000", + "frame.number": "5146", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b3c6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000d714", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35309", + "tcp.port": "80", + "tcp.port": "35309", + "tcp.stream": "189", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000315f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5145", + "tcp.analysis.ack_rtt": "0.137417000", + "tcp.analysis.initial_rtt": "0.137728000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:27.270690000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495087.270690000", + "frame.time_delta": "0.022607000", + "frame.time_delta_displayed": "0.022607000", + "frame.time_relative": "1495.810004000", + "frame.number": "5147", + "frame.len": "925", + "frame.cap_len": "925", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "911", + "ip.id": "0x0000bd86", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000c9ed", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35309", + "tcp.port": "80", + "tcp.port": "35309", + "tcp.stream": "189", + "tcp.len": "871", + "tcp.seq": "1", + "tcp.nxtseq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00001be7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137728000", + "tcp.analysis.bytes_in_flight": "871", + "tcp.analysis.push_bytes_sent": "871" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_length_header": "560", + "http.content_length_header_tree": { + "http.content_length": "560" + }, + "http.response.line": "Content-Length: 560\r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Nonce=\"kDkZX21ZVBi9INUIdxegJQ==\"", + "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"kDkZX21ZVBi9INUIdxegJQ==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Wed, 01 Nov 2017 00:11:26 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:11:26 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.160024000", + "http.request_in": "5145", + "http.file_data": "\u0019" + }, + "media": { + "media.type": "19:00:9b:9f:ed:68:dd:ae:c8:d4:19:21:89:79:a6:3b:80:ae:a8:d9:ff:d4:e4:1a:48:eb:1e:dd:37:14:09:cf:5e:eb:b1:5b:3e:b1:cc:56:ca:8a:e1:00:f8:e1:4e:dc:ba:c8:38:b4:7a:1a:d2:41:c3:45:4b:c4:d2:42:06:ab:e9:30:8d:1a:c4:ff:8f:9c:e3:54:33:75:42:e3:9e:42:c8:e1:6b:d3:47:b4:fc:25:5d:c6:b3:9c:a7:5b:f5:6b:81:23:28:98:a5:16:e3:72:37:18:bb:78:47:8e:59:21:27:2f:49:4f:6e:b5:13:cf:43:ef:38:50:08:17:92:ba:9b:26:fe:14:b7:a8:d8:34:99:01:39:7a:34:84:6d:85:a0:69:d6:b8:c0:50:25:ae:99:4d:ff:03:e6:df:1d:8b:d6:4f:60:82:93:f1:b9:da:37:6a:c2:4d:46:6e:56:60:55:55:6c:aa:dd:e6:d9:bf:5c:64:15:0b:a8:d7:e3:50:22:72:ee:59:7e:86:d5:ab:89:cc:15:22:5d:9f:df:d1:23:65:2a:b8:84:e4:49:cb:b5:5f:0e:6f:f0:93:a1:f5:cb:62:af:69:2a:c5:7c:d2:ad:bf:14:cc:ad:dc:dd:fc:65:da:ac:4f:2f:a9:d0:e4:3a:b5:7d:6b:fa:e2:78:63:b8:94:81:d7:26:12:d0:9d:e6:59:26:56:15:50:41:39:3d:d6:b0:6d:53:57:b7:e4:2d:51:0c:47:4c:09:3a:da:30:10:0d:1c:67:f3:fc:7b:67:cb:bf:f6:63:e8:c8:ee:c4:1d:1d:ad:f8:7f:b9:5c:fe:34:ac:56:56:52:b2:5e:af:4c:80:3a:70:f8:9d:e1:2f:28:8c:62:cf:03:ef:fa:d1:c8:9d:cb:25:d0:a8:3c:2b:c9:57:4e:d3:68:21:1b:d5:92:f5:59:0b:a7:98:25:ed:0f:c9:6a:71:b9:7d:a2:e9:73:fe:ec:63:37:a0:6c:51:f2:ca:91:14:f8:13:dc:56:7d:68:7d:20:1d:ab:bf:78:8d:e9:d3:ca:11:65:5f:29:59:6a:cf:99:68:91:5a:8b:97:cc:b6:10:33:89:7e:a6:56:a5:e0:92:1d:28:00:a1:6d:d5:a2:a4:a0:0d:1f:1d:e6:72:aa:f7:ef:70:e9:0a:61:e8:a5:da:71:d0:ac:71:dc:36:0b:f8:9b:5c:d8:8e:e3:8b:71:e9:72:7e:85:a5:c4:48:6f:75:36:e0:47:71:77:df:48:e4:b5:2a:6b:dd:4c:dc:91:f0:9f:37:f3:61:7f:86:81:1c:e0:e9:20:cd:03:07:f0:88:b9:0e:36:50:bb:ce:0f:de:38:dc:36:9d:58:f7:0f:d8:fe:0c:5f:a6:50:e3:2f:fc:6b:5c:dc:c1:b3:65:08:64:95:39:1f:a5:e9:af:2b:a1:80:52:ad:9e:5c:de:63:8c:50:e3:70:da:52:e6:a1:dd:0e:29:e9" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:27.270779000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495087.270779000", + "frame.time_delta": "0.000089000", + "frame.time_delta_displayed": "0.000089000", + "frame.time_relative": "1495.810093000", + "frame.number": "5148", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000bd88", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000cd52", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35309", + "tcp.port": "80", + "tcp.port": "35309", + "tcp.stream": "189", + "tcp.len": "0", + "tcp.seq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00002df7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:27.271267000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495087.271267000", + "frame.time_delta": "0.000488000", + "frame.time_delta_displayed": "0.000488000", + "frame.time_relative": "1495.810581000", + "frame.number": "5149", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f60d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003fce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35309", + "tcp.dstport": "80", + "tcp.port": "35309", + "tcp.port": "80", + "tcp.stream": "189", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "872", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000ce46", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5147", + "tcp.analysis.ack_rtt": "0.000577000", + "tcp.analysis.initial_rtt": "0.137728000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:27.272128000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495087.272128000", + "frame.time_delta": "0.000861000", + "frame.time_delta_displayed": "0.000861000", + "frame.time_relative": "1495.811442000", + "frame.number": "5150", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f60e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003fcd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35309", + "tcp.dstport": "80", + "tcp.port": "35309", + "tcp.port": "80", + "tcp.stream": "189", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "873", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000ce44", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5148", + "tcp.analysis.ack_rtt": "0.001349000", + "tcp.analysis.initial_rtt": "0.137728000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:27.409328000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495087.409328000", + "frame.time_delta": "0.137200000", + "frame.time_delta_displayed": "0.137200000", + "frame.time_relative": "1495.948642000", + "frame.number": "5151", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fb46", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00008f94", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35309", + "tcp.port": "80", + "tcp.port": "35309", + "tcp.stream": "189", + "tcp.len": "0", + "tcp.seq": "873", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00002df6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5150", + "tcp.analysis.ack_rtt": "0.137200000", + "tcp.analysis.initial_rtt": "0.137728000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:27.653987000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495087.653987000", + "frame.time_delta": "0.244659000", + "frame.time_delta_displayed": "0.244659000", + "frame.time_relative": "1496.193301000", + "frame.number": "5152", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f66", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b88a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001773", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000282", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=642", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:27.654521000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495087.654521000", + "frame.time_delta": "0.000534000", + "frame.time_delta_displayed": "0.000534000", + "frame.time_relative": "1496.193835000", + "frame.number": "5153", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f67", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009985", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f86e", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000282", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=642", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:27.655131000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495087.655131000", + "frame.time_delta": "0.000610000", + "frame.time_delta_displayed": "0.000610000", + "frame.time_relative": "1496.194445000", + "frame.number": "5154", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008634", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000282", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=642", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.252861000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.252861000", + "frame.time_delta": "0.597730000", + "frame.time_delta_displayed": "0.597730000", + "frame.time_relative": "1496.792175000", + "frame.number": "5155", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00003f29", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007938", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51455", + "udp.dstport": "53", + "udp.port": "51455", + "udp.port": "53", + "udp.length": "52", + "udp.checksum": "0x0000289a", + "udp.checksum.status": "2", + "udp.stream": "126" + }, + "dns": { + "dns.id": "0x00002502", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type A, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.252866000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.252866000", + "frame.time_delta": "0.000005000", + "frame.time_delta_displayed": "0.000005000", + "frame.time_relative": "1496.792180000", + "frame.number": "5156", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00003f2a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007937", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51455", + "udp.dstport": "53", + "udp.port": "51455", + "udp.port": "53", + "udp.length": "52", + "udp.checksum": "0x000073af", + "udp.checksum.status": "2", + "udp.stream": "126" + }, + "dns": { + "dns.id": "0x0000d9d1", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type AAAA, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.253679000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.253679000", + "frame.time_delta": "0.000813000", + "frame.time_delta_displayed": "0.000813000", + "frame.time_relative": "1496.792993000", + "frame.number": "5157", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00000e01", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000aa60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "51455", + "udp.port": "53", + "udp.port": "51455", + "udp.length": "52", + "udp.checksum": "0x00008289", + "udp.checksum.status": "2", + "udp.stream": "126" + }, + "dns": { + "dns.response_to": "5156", + "dns.time": "0.000813000", + "dns.id": "0x0000d9d1", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type AAAA, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.267611000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.267611000", + "frame.time_delta": "0.013932000", + "frame.time_delta_displayed": "0.013932000", + "frame.time_relative": "1496.806925000", + "frame.number": "5158", + "frame.len": "447", + "frame.cap_len": "447", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "433", + "ip.id": "0x00000e02", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000a8f6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "51455", + "udp.port": "53", + "udp.port": "51455", + "udp.length": "413", + "udp.checksum": "0x000083f2", + "udp.checksum.status": "2", + "udp.stream": "126" + }, + "dns": { + "dns.response_to": "5155", + "dns.time": "0.014750000", + "dns.id": "0x00002502", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "3", + "dns.count.auth_rr": "4", + "dns.count.add_rr": "8", + "Queries": { + "fw-update2.smartthings.com: type A, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "fw-update2.smartthings.com: type A, class IN, addr 52.70.238.171": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60", + "dns.resp.len": "4", + "dns.a": "52.70.238.171" + }, + "fw-update2.smartthings.com: type A, class IN, addr 52.4.156.100": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60", + "dns.resp.len": "4", + "dns.a": "52.4.156.100" + }, + "fw-update2.smartthings.com: type A, class IN, addr 34.231.50.247": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60", + "dns.resp.len": "4", + "dns.a": "34.231.50.247" + } + }, + "Authoritative nameservers": { + "smartthings.com: type NS, class IN, ns ns-779.awsdns-33.net": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "9774", + "dns.resp.len": "22", + "dns.ns": "ns-779.awsdns-33.net" + }, + "smartthings.com: type NS, class IN, ns ns-1610.awsdns-09.co.uk": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "9774", + "dns.resp.len": "25", + "dns.ns": "ns-1610.awsdns-09.co.uk" + }, + "smartthings.com: type NS, class IN, ns ns-442.awsdns-55.com": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "9774", + "dns.resp.len": "19", + "dns.ns": "ns-442.awsdns-55.com" + }, + "smartthings.com: type NS, class IN, ns ns-1275.awsdns-31.org": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "9774", + "dns.resp.len": "23", + "dns.ns": "ns-1275.awsdns-31.org" + } + }, + "Additional records": { + "ns-442.awsdns-55.com: type A, class IN, addr 205.251.193.186": { + "dns.resp.name": "ns-442.awsdns-55.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "138840", + "dns.resp.len": "4", + "dns.a": "205.251.193.186" + }, + "ns-779.awsdns-33.net: type A, class IN, addr 205.251.195.11": { + "dns.resp.name": "ns-779.awsdns-33.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "10460", + "dns.resp.len": "4", + "dns.a": "205.251.195.11" + }, + "ns-1275.awsdns-31.org: type A, class IN, addr 205.251.196.251": { + "dns.resp.name": "ns-1275.awsdns-31.org", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6753", + "dns.resp.len": "4", + "dns.a": "205.251.196.251" + }, + "ns-1610.awsdns-09.co.uk: type A, class IN, addr 205.251.198.74": { + "dns.resp.name": "ns-1610.awsdns-09.co.uk", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "15355", + "dns.resp.len": "4", + "dns.a": "205.251.198.74" + }, + "ns-442.awsdns-55.com: type AAAA, class IN, addr 2600:9000:5301:ba00::1": { + "dns.resp.name": "ns-442.awsdns-55.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "138840", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5301:ba00::1" + }, + "ns-779.awsdns-33.net: type AAAA, class IN, addr 2600:9000:5303:b00::1": { + "dns.resp.name": "ns-779.awsdns-33.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "10460", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5303:b00::1" + }, + "ns-1275.awsdns-31.org: type AAAA, class IN, addr 2600:9000:5304:fb00::1": { + "dns.resp.name": "ns-1275.awsdns-31.org", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6753", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5304:fb00::1" + }, + "ns-1610.awsdns-09.co.uk: type AAAA, class IN, addr 2600:9000:5306:4a00::1": { + "dns.resp.name": "ns-1610.awsdns-09.co.uk", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "15355", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5306:4a00::1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.268690000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.268690000", + "frame.time_delta": "0.001079000", + "frame.time_delta_displayed": "0.001079000", + "frame.time_relative": "1496.808004000", + "frame.number": "5159", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00009baa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ba85", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34281", + "tcp.dstport": "443", + "tcp.port": "34281", + "tcp.port": "443", + "tcp.stream": "190", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x0000af9c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:26:f9:a2:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 2554274, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2554274", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.343056000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.343056000", + "frame.time_delta": "0.074366000", + "frame.time_delta_displayed": "0.074366000", + "frame.time_relative": "1496.882370000", + "frame.number": "5160", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000af2f", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34281", + "tcp.port": "443", + "tcp.port": "34281", + "tcp.stream": "190", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "26847", + "tcp.window_size": "26847", + "tcp.checksum": "0x0000c0c0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:4b:47:fe:f5:00:26:f9:a2:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 1263009525, TSecr 2554274": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263009525", + "tcp.options.timestamp.tsecr": "2554274" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5159", + "tcp.analysis.ack_rtt": "0.074366000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.343519000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.343519000", + "frame.time_delta": "0.000463000", + "frame.time_delta_displayed": "0.000463000", + "frame.time_relative": "1496.882833000", + "frame.number": "5161", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009bab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ba8c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34281", + "tcp.dstport": "443", + "tcp.port": "34281", + "tcp.port": "443", + "tcp.stream": "190", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00005781", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:f9:a9:4b:47:fe:f5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2554281, TSecr 1263009525": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2554281", + "tcp.options.timestamp.tsecr": "1263009525" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5160", + "tcp.analysis.ack_rtt": "0.000463000", + "tcp.analysis.initial_rtt": "0.074829000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.345704000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.345704000", + "frame.time_delta": "0.002185000", + "frame.time_delta_displayed": "0.002185000", + "frame.time_relative": "1496.885018000", + "frame.number": "5162", + "frame.len": "373", + "frame.cap_len": "373", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "359", + "ip.id": "0x00009bac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b958", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34281", + "tcp.dstport": "443", + "tcp.port": "34281", + "tcp.port": "443", + "tcp.stream": "190", + "tcp.len": "307", + "tcp.seq": "1", + "tcp.nxtseq": "308", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x000014b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:f9:a9:4b:47:fe:f5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2554281, TSecr 1263009525": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2554281", + "tcp.options.timestamp.tsecr": "1263009525" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.074829000", + "tcp.analysis.bytes_in_flight": "307", + "tcp.analysis.push_bytes_sent": "307" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000301", + "ssl.record.length": "302", + "ssl.handshake": { + "ssl.handshake.type": "1", + "ssl.handshake.length": "298", + "ssl.handshake.version": "0x00000303", + "Random": { + "ssl.handshake.random_time": "Jun 8, 1974 06:10:04.000000000 PDT", + "ssl.handshake.random": "69:20:23:8d:16:d0:be:40:8c:9f:d0:86:e3:7f:a6:df:9a:35:b8:ee:68:f2:77:f3:e1:04:70:23" + }, + "ssl.handshake.session_id_length": "0", + "ssl.handshake.cipher_suites_length": "148", + "ssl.handshake.ciphersuites": { + "ssl.handshake.ciphersuite": "49200", + "ssl.handshake.ciphersuite": "49196", + "ssl.handshake.ciphersuite": "49192", + "ssl.handshake.ciphersuite": "49188", + "ssl.handshake.ciphersuite": "49172", + "ssl.handshake.ciphersuite": "49162", + "ssl.handshake.ciphersuite": "163", + "ssl.handshake.ciphersuite": "159", + "ssl.handshake.ciphersuite": "107", + "ssl.handshake.ciphersuite": "106", + "ssl.handshake.ciphersuite": "57", + "ssl.handshake.ciphersuite": "56", + "ssl.handshake.ciphersuite": "136", + "ssl.handshake.ciphersuite": "135", + "ssl.handshake.ciphersuite": "49202", + "ssl.handshake.ciphersuite": "49198", + "ssl.handshake.ciphersuite": "49194", + "ssl.handshake.ciphersuite": "49190", + "ssl.handshake.ciphersuite": "49167", + "ssl.handshake.ciphersuite": "49157", + "ssl.handshake.ciphersuite": "157", + "ssl.handshake.ciphersuite": "61", + "ssl.handshake.ciphersuite": "53", + "ssl.handshake.ciphersuite": "132", + "ssl.handshake.ciphersuite": "49199", + "ssl.handshake.ciphersuite": "49195", + "ssl.handshake.ciphersuite": "49191", + "ssl.handshake.ciphersuite": "49187", + "ssl.handshake.ciphersuite": "49171", + "ssl.handshake.ciphersuite": "49161", + "ssl.handshake.ciphersuite": "162", + "ssl.handshake.ciphersuite": "158", + "ssl.handshake.ciphersuite": "103", + "ssl.handshake.ciphersuite": "64", + "ssl.handshake.ciphersuite": "51", + "ssl.handshake.ciphersuite": "50", + "ssl.handshake.ciphersuite": "154", + "ssl.handshake.ciphersuite": "153", + "ssl.handshake.ciphersuite": "69", + "ssl.handshake.ciphersuite": "68", + "ssl.handshake.ciphersuite": "49201", + "ssl.handshake.ciphersuite": "49197", + "ssl.handshake.ciphersuite": "49193", + "ssl.handshake.ciphersuite": "49189", + "ssl.handshake.ciphersuite": "49166", + "ssl.handshake.ciphersuite": "49156", + "ssl.handshake.ciphersuite": "156", + "ssl.handshake.ciphersuite": "60", + "ssl.handshake.ciphersuite": "47", + "ssl.handshake.ciphersuite": "150", + "ssl.handshake.ciphersuite": "65", + "ssl.handshake.ciphersuite": "7", + "ssl.handshake.ciphersuite": "49169", + "ssl.handshake.ciphersuite": "49159", + "ssl.handshake.ciphersuite": "49164", + "ssl.handshake.ciphersuite": "49154", + "ssl.handshake.ciphersuite": "5", + "ssl.handshake.ciphersuite": "4", + "ssl.handshake.ciphersuite": "49170", + "ssl.handshake.ciphersuite": "49160", + "ssl.handshake.ciphersuite": "22", + "ssl.handshake.ciphersuite": "19", + "ssl.handshake.ciphersuite": "49165", + "ssl.handshake.ciphersuite": "49155", + "ssl.handshake.ciphersuite": "10", + "ssl.handshake.ciphersuite": "21", + "ssl.handshake.ciphersuite": "18", + "ssl.handshake.ciphersuite": "9", + "ssl.handshake.ciphersuite": "20", + "ssl.handshake.ciphersuite": "17", + "ssl.handshake.ciphersuite": "8", + "ssl.handshake.ciphersuite": "6", + "ssl.handshake.ciphersuite": "3", + "ssl.handshake.ciphersuite": "255" + }, + "ssl.handshake.comp_methods_length": "1", + "ssl.handshake.comp_methods": { + "ssl.handshake.comp_method": "0" + }, + "ssl.handshake.extensions_length": "109", + "Extension: ec_point_formats": { + "ssl.handshake.extension.type": "0x0000000b", + "ssl.handshake.extension.len": "4", + "ssl.handshake.extensions_ec_point_formats_length": "3", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_ec_point_format": "0", + "ssl.handshake.extensions_ec_point_format": "1", + "ssl.handshake.extensions_ec_point_format": "2" + } + }, + "Extension: elliptic_curves": { + "ssl.handshake.extension.type": "0x0000000a", + "ssl.handshake.extension.len": "52", + "ssl.handshake.extensions_elliptic_curves_length": "50", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_elliptic_curve": "0x0000000e", + "ssl.handshake.extensions_elliptic_curve": "0x0000000d", + "ssl.handshake.extensions_elliptic_curve": "0x00000019", + "ssl.handshake.extensions_elliptic_curve": "0x0000000b", + "ssl.handshake.extensions_elliptic_curve": "0x0000000c", + "ssl.handshake.extensions_elliptic_curve": "0x00000018", + "ssl.handshake.extensions_elliptic_curve": "0x00000009", + "ssl.handshake.extensions_elliptic_curve": "0x0000000a", + "ssl.handshake.extensions_elliptic_curve": "0x00000016", + "ssl.handshake.extensions_elliptic_curve": "0x00000017", + "ssl.handshake.extensions_elliptic_curve": "0x00000008", + "ssl.handshake.extensions_elliptic_curve": "0x00000006", + "ssl.handshake.extensions_elliptic_curve": "0x00000007", + "ssl.handshake.extensions_elliptic_curve": "0x00000014", + "ssl.handshake.extensions_elliptic_curve": "0x00000015", + "ssl.handshake.extensions_elliptic_curve": "0x00000004", + "ssl.handshake.extensions_elliptic_curve": "0x00000005", + "ssl.handshake.extensions_elliptic_curve": "0x00000012", + "ssl.handshake.extensions_elliptic_curve": "0x00000013", + "ssl.handshake.extensions_elliptic_curve": "0x00000001", + "ssl.handshake.extensions_elliptic_curve": "0x00000002", + "ssl.handshake.extensions_elliptic_curve": "0x00000003", + "ssl.handshake.extensions_elliptic_curve": "0x0000000f", + "ssl.handshake.extensions_elliptic_curve": "0x00000010", + "ssl.handshake.extensions_elliptic_curve": "0x00000011" + } + }, + "Extension: SessionTicket TLS": { + "ssl.handshake.extension.type": "0x00000023", + "ssl.handshake.extension.len": "0", + "ssl.handshake.extension.data": "" + }, + "Extension: signature_algorithms": { + "ssl.handshake.extension.type": "0x0000000d", + "ssl.handshake.extension.len": "32", + "ssl.handshake.sig_hash_alg_len": "30", + "ssl.handshake.sig_hash_algs": { + "ssl.handshake.sig_hash_alg": "0x00000601", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000602", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000603", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000501", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000502", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000503", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000401", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000402", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000403", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000301", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000302", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000303", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000201", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000202", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000203", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "3" + } + } + }, + "Extension: Heartbeat": { + "ssl.handshake.extension.type": "0x0000000f", + "ssl.handshake.extension.len": "1", + "ssl.handshake.extension.heartbeat.mode": "1" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.420209000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.420209000", + "frame.time_delta": "0.074505000", + "frame.time_delta_displayed": "0.074505000", + "frame.time_relative": "1496.959523000", + "frame.number": "5163", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000d6a7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000d88f", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34281", + "tcp.port": "443", + "tcp.port": "34281", + "tcp.stream": "190", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000056b2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:47:ff:08:00:26:f9:a9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263009544, TSecr 2554281": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263009544", + "tcp.options.timestamp.tsecr": "2554281" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5162", + "tcp.analysis.ack_rtt": "0.074505000", + "tcp.analysis.initial_rtt": "0.074829000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.421620000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.421620000", + "frame.time_delta": "0.001411000", + "frame.time_delta_displayed": "0.001411000", + "frame.time_relative": "1496.960934000", + "frame.number": "5164", + "frame.len": "1514", + "frame.cap_len": "1514", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1500", + "ip.id": "0x0000d6a8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000d2e6", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34281", + "tcp.port": "443", + "tcp.port": "34281", + "tcp.stream": "190", + "tcp.len": "1448", + "tcp.seq": "1", + "tcp.nxtseq": "1449", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000dc6e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:47:ff:08:00:26:f9:a9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263009544, TSecr 2554281": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263009544", + "tcp.options.timestamp.tsecr": "2554281" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.074829000", + "tcp.analysis.bytes_in_flight": "1448", + "tcp.analysis.push_bytes_sent": "1448" + }, + "tcp.segment_data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e" + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "89", + "ssl.handshake": { + "ssl.handshake.type": "2", + "ssl.handshake.length": "85", + "ssl.handshake.version": "0x00000303", + "Random": { + "ssl.handshake.random_time": "Aug 25, 2073 01:24:02.000000000 PDT", + "ssl.handshake.random": "a2:96:cd:57:0c:21:27:6e:90:d5:85:40:2e:a7:1d:53:4d:fe:81:cb:dc:ef:df:66:0d:4a:17:6e" + }, + "ssl.handshake.session_id_length": "32", + "ssl.handshake.session_id": "b6:7a:c7:d1:f6:b0:5c:ac:98:7a:ae:96:9b:6c:92:c1:c4:a4:0b:32:47:2c:8a:b7:7a:d5:74:3b:8c:eb:00:dc", + "ssl.handshake.ciphersuite": "49199", + "ssl.handshake.comp_method": "0", + "ssl.handshake.extensions_length": "13", + "Extension: renegotiation_info": { + "ssl.handshake.extension.type": "0x0000ff01", + "ssl.handshake.extension.len": "1", + "Renegotiation Info extension": { + "ssl.handshake.extensions_reneg_info_len": "0" + } + }, + "Extension: ec_point_formats": { + "ssl.handshake.extension.type": "0x0000000b", + "ssl.handshake.extension.len": "4", + "ssl.handshake.extensions_ec_point_formats_length": "3", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_ec_point_format": "0", + "ssl.handshake.extensions_ec_point_format": "1", + "ssl.handshake.extensions_ec_point_format": "2" + } + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.421695000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.421695000", + "frame.time_delta": "0.000075000", + "frame.time_delta_displayed": "0.000075000", + "frame.time_relative": "1496.961009000", + "frame.number": "5165", + "frame.len": "289", + "frame.cap_len": "289", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:x509ce:ns_cert_exts:x509ce:x509ce:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "275", + "ip.id": "0x0000d6a9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000d7ae", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34281", + "tcp.port": "443", + "tcp.port": "34281", + "tcp.stream": "190", + "tcp.len": "223", + "tcp.seq": "1449", + "tcp.nxtseq": "1672", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001d70", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:47:ff:09:00:26:f9:a9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263009545, TSecr 2554281": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263009545", + "tcp.options.timestamp.tsecr": "2554281" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.074829000", + "tcp.analysis.bytes_in_flight": "1671", + "tcp.analysis.push_bytes_sent": "1671" + }, + "tcp.segment_data": "3a:cd:63:9f" + }, + "tcp.segments": { + "tcp.segment": "5164", + "tcp.segment": "5165", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1358", + "tcp.reassembled.data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1353", + "ssl.handshake": { + "ssl.handshake.type": "11", + "ssl.handshake.length": "1349", + "ssl.handshake.certificates_length": "1346", + "ssl.handshake.certificates": { + "ssl.handshake.certificate_length": "777", + "ssl.handshake.certificate": "30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79", + "ssl.handshake.certificate_tree": { + "x509af.signedCertificate_element": { + "x509af.version": "2", + "x509af.serialNumber": "0", + "x509af.signature_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "x509af.issuer": "0", + "x509af.issuer_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.validity_element": { + "x509af.notBefore": "0", + "x509af.notBefore_tree": { + "x509af.utcTime": "15-03-05 21:25:44 (UTC)" + }, + "x509af.notAfter": "0", + "x509af.notAfter_tree": { + "x509af.utcTime": "25-03-02 21:25:44 (UTC)" + } + }, + "x509af.subject": "0", + "x509af.subject_tree": { + "x509af.rdnSequence": "5", + "x509af.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STFWSRV" + } + } + } + } + }, + "x509af.subjectPublicKeyInfo_element": { + "x509af.algorithm_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.1" + }, + "x509af.subjectPublicKey": "30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01", + "x509af.subjectPublicKey_tree": { + "pkcs1.modulus": "00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b", + "pkcs1.publicExponent": "65537" + } + }, + "x509af.extensions": "4", + "x509af.extensions_tree": { + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.19", + "x509ce.BasicConstraintsSyntax_element": "" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.16.840.1.113730.1.13", + "ns_cert_exts.Comment": "OpenSSL Generated Certificate" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.14", + "x509ce.SubjectKeyIdentifier": "01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.35", + "x509ce.AuthorityKeyIdentifier_element": { + "x509ce.authorityCertIssuer": "1", + "x509ce.authorityCertIssuer_tree": { + "x509ce.GeneralName": "4", + "x509ce.GeneralName_tree": { + "x509ce.directoryName": "0", + "x509ce.directoryName_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + } + } + }, + "x509ce.authorityCertSerialNumber": "-2877719464742176835" + } + } + } + }, + "x509af.algorithmIdentifier_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "ber.bitstring.padding": "0", + "x509af.encrypted": "0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79" + }, + "ssl.handshake.certificate_length": "563", + "ssl.handshake.certificate": "30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f", + "ssl.handshake.certificate_tree": { + "x509af.signedCertificate_element": { + "x509af.serialNumber": "-2877719464742176835", + "x509af.signature_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "x509af.issuer": "0", + "x509af.issuer_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.validity_element": { + "x509af.notBefore": "0", + "x509af.notBefore_tree": { + "x509af.utcTime": "15-03-05 21:25:34 (UTC)" + }, + "x509af.notAfter": "0", + "x509af.notAfter_tree": { + "x509af.utcTime": "25-03-02 21:25:34 (UTC)" + } + }, + "x509af.subject": "0", + "x509af.subject_tree": { + "x509af.rdnSequence": "5", + "x509af.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.subjectPublicKeyInfo_element": { + "x509af.algorithm_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.1" + }, + "x509af.subjectPublicKey": "30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01", + "x509af.subjectPublicKey_tree": { + "pkcs1.modulus": "00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f", + "pkcs1.publicExponent": "65537" + } + } + }, + "x509af.algorithmIdentifier_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "ber.bitstring.padding": "0", + "x509af.encrypted": "48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" + } + } + } + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "205", + "ssl.handshake": { + "ssl.handshake.type": "12", + "ssl.handshake.length": "201", + "EC Diffie-Hellman Server Params": { + "ssl.handshake.server_curve_type": "0x00000003", + "ssl.handshake.server_named_curve": "0x00000017", + "ssl.handshake.server_point_len": "65", + "ssl.handshake.server_point": "04:39:db:5a:15:a1:b7:78:06:65:8c:21:57:a6:18:4d:b4:f4:52:00:dd:0e:e1:76:53:b8:53:32:55:7d:fa:19:fa:b3:23:55:db:59:40:e7:15:16:76:29:03:b7:94:ff:71:ad:df:d3:71:dd:13:bf:ed:e4:24:b8:67:ef:47:d8:dc", + "ssl.handshake.sig_hash_alg": "0x00000601", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_len": "128", + "ssl.handshake.sig": "18:4a:e6:20:69:31:c3:fe:ed:17:2d:22:10:21:98:3d:41:13:bb:a7:30:46:6b:af:d7:c2:06:08:89:e0:e5:d5:d4:82:cc:9e:d5:45:3d:ef:96:66:ab:c8:33:1b:b0:8f:05:02:9e:47:c7:e7:fe:73:0a:df:71:12:73:49:36:8f:61:44:32:7b:c6:9d:84:ac:3e:be:d6:87:6a:88:b2:b6:08:1f:1a:a4:89:ea:7e:6d:ef:a4:05:81:87:be:3c:eb:c7:64:cb:40:0e:4a:cb:2b:94:26:c3:c2:53:42:2f:32:48:5d:8b:f1:c0:61:38:9e:ed:9b:dd:c1:0f:81:75:22" + } + } + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "4", + "ssl.handshake": { + "ssl.handshake.type": "14", + "ssl.handshake.length": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.422281000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.422281000", + "frame.time_delta": "0.000586000", + "frame.time_delta_displayed": "0.000586000", + "frame.time_relative": "1496.961595000", + "frame.number": "5166", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009bad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ba8a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34281", + "tcp.dstport": "443", + "tcp.port": "34281", + "tcp.port": "443", + "tcp.stream": "190", + "tcp.len": "0", + "tcp.seq": "308", + "tcp.ack": "1449", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "274", + "tcp.window_size": "17536", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000505e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:f9:b1:4b:47:ff:08", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2554289, TSecr 1263009544": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2554289", + "tcp.options.timestamp.tsecr": "1263009544" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5164", + "tcp.analysis.ack_rtt": "0.000661000", + "tcp.analysis.initial_rtt": "0.074829000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.422294000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.422294000", + "frame.time_delta": "0.000013000", + "frame.time_delta_displayed": "0.000013000", + "frame.time_relative": "1496.961608000", + "frame.number": "5167", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009bae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ba89", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34281", + "tcp.dstport": "443", + "tcp.port": "34281", + "tcp.port": "443", + "tcp.stream": "190", + "tcp.len": "0", + "tcp.seq": "308", + "tcp.ack": "1672", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "319", + "tcp.window_size": "20416", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00004f51", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:f9:b1:4b:47:ff:09", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2554289, TSecr 1263009545": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2554289", + "tcp.options.timestamp.tsecr": "1263009545" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5165", + "tcp.analysis.ack_rtt": "0.000599000", + "tcp.analysis.initial_rtt": "0.074829000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.451144000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.451144000", + "frame.time_delta": "0.028850000", + "frame.time_delta_displayed": "0.028850000", + "frame.time_relative": "1496.990458000", + "frame.number": "5168", + "frame.len": "192", + "frame.cap_len": "192", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "178", + "ip.id": "0x00009baf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ba0a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34281", + "tcp.dstport": "443", + "tcp.port": "34281", + "tcp.port": "443", + "tcp.stream": "190", + "tcp.len": "126", + "tcp.seq": "308", + "tcp.nxtseq": "434", + "tcp.ack": "1672", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "319", + "tcp.window_size": "20416", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00003545", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:f9:b4:4b:47:ff:09", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2554292, TSecr 1263009545": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2554292", + "tcp.options.timestamp.tsecr": "1263009545" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.074829000", + "tcp.analysis.bytes_in_flight": "126", + "tcp.analysis.push_bytes_sent": "126" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "70", + "ssl.handshake": { + "ssl.handshake.type": "16", + "ssl.handshake.length": "66", + "EC Diffie-Hellman Client Params": { + "ssl.handshake.client_point_len": "65", + "ssl.handshake.client_point": "04:18:0d:5b:95:8c:a4:67:f6:63:86:d7:d0:93:64:66:2b:e1:2e:ad:19:52:4c:44:89:f7:3e:a4:cf:13:46:d3:83:2c:8a:ad:ed:4a:1a:6c:6a:c9:61:79:33:ba:74:15:a3:61:b9:19:89:67:af:bb:da:76:49:71:32:2d:82:f1:52" + } + } + }, + "ssl.record": { + "ssl.record.content_type": "20", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1", + "ssl.change_cipher_spec": "" + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "40", + "ssl.handshake": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.525918000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.525918000", + "frame.time_delta": "0.074774000", + "frame.time_delta_displayed": "0.074774000", + "frame.time_relative": "1497.065232000", + "frame.number": "5169", + "frame.len": "117", + "frame.cap_len": "117", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "103", + "ip.id": "0x0000d6aa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000d859", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34281", + "tcp.port": "443", + "tcp.port": "34281", + "tcp.stream": "190", + "tcp.len": "51", + "tcp.seq": "1672", + "tcp.nxtseq": "1723", + "tcp.ack": "434", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000041b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:47:ff:23:00:26:f9:b4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263009571, TSecr 2554292": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263009571", + "tcp.options.timestamp.tsecr": "2554292" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5168", + "tcp.analysis.ack_rtt": "0.074774000", + "tcp.analysis.initial_rtt": "0.074829000", + "tcp.analysis.bytes_in_flight": "51", + "tcp.analysis.push_bytes_sent": "51" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "20", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1", + "ssl.change_cipher_spec": "" + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "40", + "ssl.handshake": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.526961000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.526961000", + "frame.time_delta": "0.001043000", + "frame.time_delta_displayed": "0.001043000", + "frame.time_relative": "1497.066275000", + "frame.number": "5170", + "frame.len": "135", + "frame.cap_len": "135", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "121", + "ip.id": "0x00009bb0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ba42", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34281", + "tcp.dstport": "443", + "tcp.port": "34281", + "tcp.port": "443", + "tcp.stream": "190", + "tcp.len": "69", + "tcp.seq": "434", + "tcp.nxtseq": "503", + "tcp.ack": "1723", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "319", + "tcp.window_size": "20416", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000bff4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:f9:bc:4b:47:ff:23", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2554300, TSecr 1263009571": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2554300", + "tcp.options.timestamp.tsecr": "1263009571" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5169", + "tcp.analysis.ack_rtt": "0.001043000", + "tcp.analysis.initial_rtt": "0.074829000", + "tcp.analysis.bytes_in_flight": "69", + "tcp.analysis.push_bytes_sent": "69" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "64", + "ssl.app_data": "ca:da:22:45:7b:33:bb:7f:76:a6:02:2e:1e:3d:87:17:30:0b:53:0c:6e:0d:20:08:95:ce:06:1c:58:6d:ed:30:3a:a5:df:54:93:62:db:9e:42:cc:a1:64:04:0f:b3:5a:30:4e:ba:fb:93:b2:ce:ea:65:98:71:ed:f6:3f:c1:3e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.602307000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.602307000", + "frame.time_delta": "0.075346000", + "frame.time_delta_displayed": "0.075346000", + "frame.time_relative": "1497.141621000", + "frame.number": "5171", + "frame.len": "135", + "frame.cap_len": "135", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "121", + "ip.id": "0x0000d6ab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000d846", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34281", + "tcp.port": "443", + "tcp.port": "34281", + "tcp.stream": "190", + "tcp.len": "69", + "tcp.seq": "1723", + "tcp.nxtseq": "1792", + "tcp.ack": "503", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000304f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:47:ff:36:00:26:f9:bc", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263009590, TSecr 2554300": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263009590", + "tcp.options.timestamp.tsecr": "2554300" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5170", + "tcp.analysis.ack_rtt": "0.075346000", + "tcp.analysis.initial_rtt": "0.074829000", + "tcp.analysis.bytes_in_flight": "69", + "tcp.analysis.push_bytes_sent": "69" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "64", + "ssl.app_data": "4a:22:63:df:b7:10:67:bc:be:f6:ff:75:78:98:b7:59:20:9e:f8:a9:1b:94:7e:d2:ba:19:02:a3:84:9d:8a:fe:6b:5b:64:56:39:ee:ae:be:87:d9:72:17:2a:13:78:84:00:cb:7b:f8:69:d4:5d:ad:6e:c2:25:f1:82:87:69:27" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.603267000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.603267000", + "frame.time_delta": "0.000960000", + "frame.time_delta_displayed": "0.000960000", + "frame.time_relative": "1497.142581000", + "frame.number": "5172", + "frame.len": "555", + "frame.cap_len": "555", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "541", + "ip.id": "0x00009bb1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b89d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34281", + "tcp.dstport": "443", + "tcp.port": "34281", + "tcp.port": "443", + "tcp.stream": "190", + "tcp.len": "489", + "tcp.seq": "503", + "tcp.nxtseq": "992", + "tcp.ack": "1792", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "319", + "tcp.window_size": "20416", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00003356", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:f9:c3:4b:47:ff:36", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2554307, TSecr 1263009590": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2554307", + "tcp.options.timestamp.tsecr": "1263009590" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5171", + "tcp.analysis.ack_rtt": "0.000960000", + "tcp.analysis.initial_rtt": "0.074829000", + "tcp.analysis.bytes_in_flight": "489", + "tcp.analysis.push_bytes_sent": "489" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "484", + "ssl.app_data": "ca:da:22:45:7b:33:bb:80:74:97:3e:41:70:ba:aa:eb:a1:5f:e6:63:40:eb:94:aa:74:eb:f8:ce:71:b3:8e:c6:4b:b5:03:0a:74:8d:22:55:ea:8a:85:cb:39:85:98:f9:82:f9:ad:38:ed:8b:57:88:6c:ce:df:d8:02:c4:12:63:db:8b:20:fc:1e:e4:e1:71:97:58:ab:77:5d:65:bc:7a:a0:e2:85:8a:14:d7:52:f6:60:35:c5:9f:eb:12:b4:ee:1d:89:6e:25:68:d0:8b:60:34:14:55:c7:d2:11:2f:b1:75:ac:cd:f3:27:ac:6f:75:55:09:7f:36:ac:9c:7f:49:91:32:19:94:99:a4:d3:9e:f2:18:8f:8c:56:7d:97:55:98:81:eb:1c:28:24:c2:9d:64:27:38:17:dd:44:5b:8c:94:4f:16:1b:a6:99:e7:86:48:2a:44:b2:9a:1f:1e:ff:35:9a:90:85:e7:dc:7c:81:a6:81:af:91:bc:b8:21:22:d7:de:f7:b1:4e:40:02:1d:91:1a:b9:4c:42:38:5b:81:74:95:f5:b1:0e:a7:b7:0a:b9:3f:9d:41:19:0d:fe:9f:ef:c0:d0:d5:a1:0f:ae:64:bb:41:85:02:3e:33:e2:d4:5d:58:49:c2:57:64:1c:0e:ad:d3:19:b8:15:e5:17:68:0c:e5:30:95:cc:df:a5:2c:35:bb:d7:fb:22:46:e2:44:37:5c:35:a9:6b:b8:b7:46:6e:e3:94:8e:35:50:78:15:fc:5d:3b:88:d5:8a:1a:07:a0:c5:19:63:38:3d:08:8b:be:ac:cf:db:0d:6f:90:31:1c:56:cb:49:63:e2:8e:f7:ca:91:47:0a:d0:2e:76:b9:0f:eb:82:f8:47:64:e8:26:c3:73:b5:3c:25:b5:ac:1e:fe:7e:9e:20:8b:19:8d:35:18:e1:8a:a3:77:82:fd:0a:dd:94:84:15:27:c4:c4:72:1c:2c:9e:a2:c1:57:31:46:e9:4d:bc:9e:2f:44:25:11:22:4c:cd:2d:04:35:b0:a3:45:86:be:99:1b:a8:85:e6:30:f8:df:f4:6a:7a:b8:c0:31:3a:95:5b:8c:fd:87:d7:b5:40:fb:d4:6f:cf:fc:7a:95:39:89:07:5c:5e:f3:e2:df:f8:90:17:37:55:ee:09:4c:3f:48:64:d6:20:d6:bd:cd:7f:a4:6a:4a:8b:e7:88:1d:1d:1e:38:d5:ab:28:15:f2:9a:8a:5e:a7:cd:2a:36:01:57:2a:e1:87:30:b0:1f:bb:21:0f:f0" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.678805000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.678805000", + "frame.time_delta": "0.075538000", + "frame.time_delta_displayed": "0.075538000", + "frame.time_relative": "1497.218119000", + "frame.number": "5173", + "frame.len": "141", + "frame.cap_len": "141", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "127", + "ip.id": "0x0000d6ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000d83f", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34281", + "tcp.port": "443", + "tcp.port": "34281", + "tcp.stream": "190", + "tcp.len": "75", + "tcp.seq": "1792", + "tcp.nxtseq": "1867", + "tcp.ack": "992", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000021af", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:47:ff:49:00:26:f9:c3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263009609, TSecr 2554307": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263009609", + "tcp.options.timestamp.tsecr": "2554307" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5172", + "tcp.analysis.ack_rtt": "0.075538000", + "tcp.analysis.initial_rtt": "0.074829000", + "tcp.analysis.bytes_in_flight": "75", + "tcp.analysis.push_bytes_sent": "75" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "70", + "ssl.app_data": "4a:22:63:df:b7:10:67:bd:26:ed:98:d0:0c:2b:dd:b1:d2:ce:fa:76:c5:58:10:e6:69:c2:df:1a:c8:ca:43:e5:71:66:4a:bc:f0:78:53:ec:b3:32:83:b9:70:97:b1:2f:03:38:18:ca:b2:fd:27:25:9c:21:ec:aa:3f:98:da:4f:f9:43:d0:42:77:b2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.679547000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.679547000", + "frame.time_delta": "0.000742000", + "frame.time_delta_displayed": "0.000742000", + "frame.time_relative": "1497.218861000", + "frame.number": "5174", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009bb2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ba85", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34281", + "tcp.dstport": "443", + "tcp.port": "34281", + "tcp.port": "443", + "tcp.stream": "190", + "tcp.len": "0", + "tcp.seq": "992", + "tcp.ack": "1867", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "319", + "tcp.window_size": "20416", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00004b87", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:f9:cb:4b:47:ff:49", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2554315, TSecr 1263009609": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2554315", + "tcp.options.timestamp.tsecr": "1263009609" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5173", + "tcp.analysis.ack_rtt": "0.000742000", + "tcp.analysis.initial_rtt": "0.074829000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.754075000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.754075000", + "frame.time_delta": "0.074528000", + "frame.time_delta_displayed": "0.074528000", + "frame.time_relative": "1497.293389000", + "frame.number": "5175", + "frame.len": "97", + "frame.cap_len": "97", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "83", + "ip.id": "0x0000d6ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000d86a", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34281", + "tcp.port": "443", + "tcp.port": "34281", + "tcp.stream": "190", + "tcp.len": "31", + "tcp.seq": "1867", + "tcp.nxtseq": "1898", + "tcp.ack": "993", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ab7c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:47:ff:5c:00:26:f9:cb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263009628, TSecr 2554315": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263009628", + "tcp.options.timestamp.tsecr": "2554315" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5174", + "tcp.analysis.ack_rtt": "0.074528000", + "tcp.analysis.initial_rtt": "0.074829000", + "tcp.analysis.bytes_in_flight": "31", + "tcp.analysis.push_bytes_sent": "31" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "21", + "ssl.record.version": "0x00000303", + "ssl.record.length": "26", + "ssl.alert_message": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.754160000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.754160000", + "frame.time_delta": "0.000085000", + "frame.time_delta_displayed": "0.000085000", + "frame.time_relative": "1497.293474000", + "frame.number": "5176", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000d6ae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000d888", + "ip.checksum.status": "2", + "ip.src": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.src_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "34281", + "tcp.port": "443", + "tcp.port": "34281", + "tcp.stream": "190", + "tcp.len": "0", + "tcp.seq": "1898", + "tcp.ack": "993", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004c21", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:47:ff:5c:00:26:f9:cb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263009628, TSecr 2554315": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263009628", + "tcp.options.timestamp.tsecr": "2554315" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.754588000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.754588000", + "frame.time_delta": "0.000428000", + "frame.time_delta_displayed": "0.000428000", + "frame.time_relative": "1497.293902000", + "frame.number": "5177", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000070a0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e5a3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34281", + "tcp.dstport": "443", + "tcp.port": "34281", + "tcp.port": "443", + "tcp.stream": "190", + "tcp.len": "0", + "tcp.seq": "993", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000466c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.754600000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.754600000", + "frame.time_delta": "0.000012000", + "frame.time_delta_displayed": "0.000012000", + "frame.time_relative": "1497.293914000", + "frame.number": "5178", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000070a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e5a2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.70.238.171", + "ip.addr": "52.70.238.171", + "ip.dst_host": "52.70.238.171", + "ip.host": "52.70.238.171", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "34281", + "tcp.dstport": "443", + "tcp.port": "34281", + "tcp.port": "443", + "tcp.stream": "190", + "tcp.len": "0", + "tcp.seq": "993", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000466c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.837028000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.837028000", + "frame.time_delta": "0.082428000", + "frame.time_delta_displayed": "0.082428000", + "frame.time_relative": "1497.376342000", + "frame.number": "5179", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000b98f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ff2a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "41160", + "udp.dstport": "53", + "udp.port": "41160", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000153e", + "udp.checksum.status": "2", + "udp.stream": "127" + }, + "dns": { + "dns.id": "0x00000f37", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.837619000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.837619000", + "frame.time_delta": "0.000591000", + "frame.time_delta_displayed": "0.000591000", + "frame.time_relative": "1497.376933000", + "frame.number": "5180", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000095a7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002313", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "41160", + "udp.port": "53", + "udp.port": "41160", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "127" + }, + "dns": { + "dns.response_to": "5179", + "dns.time": "0.000591000", + "dns.id": "0x00000f37", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.838420000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.838420000", + "frame.time_delta": "0.000801000", + "frame.time_delta_displayed": "0.000801000", + "frame.time_relative": "1497.377734000", + "frame.number": "5181", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000b990", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ff29", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50227", + "udp.dstport": "53", + "udp.port": "50227", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00000cd2", + "udp.checksum.status": "2", + "udp.stream": "128" + }, + "dns": { + "dns.id": "0x00000f38", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.838943000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.838943000", + "frame.time_delta": "0.000523000", + "frame.time_delta_displayed": "0.000523000", + "frame.time_relative": "1497.378257000", + "frame.number": "5182", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x000095a8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002302", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "50227", + "udp.port": "53", + "udp.port": "50227", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "128" + }, + "dns": { + "dns.response_to": "5181", + "dns.time": "0.000523000", + "dns.id": "0x00000f38", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2289", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.839916000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.839916000", + "frame.time_delta": "0.000973000", + "frame.time_delta_displayed": "0.000973000", + "frame.time_relative": "1497.379230000", + "frame.number": "5183", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000f02d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000045a2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35310", + "tcp.dstport": "80", + "tcp.port": "35310", + "tcp.port": "80", + "tcp.stream": "191", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000b692", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.853581000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.853581000", + "frame.time_delta": "0.013665000", + "frame.time_delta_displayed": "0.013665000", + "frame.time_relative": "1497.392895000", + "frame.number": "5184", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.975590000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.975590000", + "frame.time_delta": "0.122009000", + "frame.time_delta_displayed": "0.122009000", + "frame.time_relative": "1497.514904000", + "frame.number": "5185", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x000049e2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x000040f1", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35310", + "tcp.port": "80", + "tcp.port": "35310", + "tcp.stream": "191", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x000011b1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5183", + "tcp.analysis.ack_rtt": "0.135674000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.976150000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.976150000", + "frame.time_delta": "0.000560000", + "frame.time_delta_displayed": "0.000560000", + "frame.time_relative": "1497.515464000", + "frame.number": "5186", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f02e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000045ad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35310", + "tcp.dstport": "80", + "tcp.port": "35310", + "tcp.port": "80", + "tcp.stream": "191", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000db3f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5185", + "tcp.analysis.ack_rtt": "0.000560000", + "tcp.analysis.initial_rtt": "0.136234000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:28.976657000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495088.976657000", + "frame.time_delta": "0.000507000", + "frame.time_delta_displayed": "0.000507000", + "frame.time_relative": "1497.515971000", + "frame.number": "5187", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x0000f02f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004354", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35310", + "tcp.dstport": "80", + "tcp.port": "35310", + "tcp.port": "80", + "tcp.stream": "191", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00000282", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136234000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:39:22:2c:20:4e:6f:6e:63:65:3d:22:6b:44:6b:5a:58:32:31:5a:56:42:69:39:49:4e:55:49:64:78:65:67:4a:51:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:6a:2f:6e:70:73:62:74:69:31:6b:74:56:6a:55:43:31:65:49:69:32:4d:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:29.112964000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495089.112964000", + "frame.time_delta": "0.136307000", + "frame.time_delta_displayed": "0.136307000", + "frame.time_relative": "1497.652278000", + "frame.number": "5188", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000855e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000057d", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35310", + "tcp.port": "80", + "tcp.port": "35310", + "tcp.stream": "191", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003874", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5187", + "tcp.analysis.ack_rtt": "0.136307000", + "tcp.analysis.initial_rtt": "0.136234000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:29.113597000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495089.113597000", + "frame.time_delta": "0.000633000", + "frame.time_delta_displayed": "0.000633000", + "frame.time_relative": "1497.652911000", + "frame.number": "5189", + "frame.len": "1302", + "frame.cap_len": "1302", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1288", + "ip.id": "0x0000f030", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000040cb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35310", + "tcp.dstport": "80", + "tcp.port": "35310", + "tcp.port": "80", + "tcp.stream": "191", + "tcp.len": "1248", + "tcp.seq": "601", + "tcp.nxtseq": "1849", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000c6bd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136234000", + "tcp.analysis.bytes_in_flight": "1248", + "tcp.analysis.push_bytes_sent": "1248" + }, + "tcp.segment_data": "ef:c9:8a:03:97:88:9f:e9:c1:bf:37:c2:b7:d5:3a:4b:b4:f7:f0:49:64:a7:28:bf:01:24:a5:e9:d4:0c:eb:e8:34:d0:7a:54:bf:1d:de:7f:1b:0e:a8:c8:0e:02:45:f9:eb:c2:d6:37:8c:4c:e2:22:0c:d9:0d:8e:76:3f:e3:02:2e:9a:80:61:c0:8e:01:07:fc:1a:64:c4:26:ca:4d:3f:14:8c:c8:35:fd:98:f4:73:b7:8a:47:b8:1c:3f:c3:08:51:62:2a:c8:3d:19:f7:a5:bb:ec:20:2f:bc:56:45:39:f0:25:d2:9b:5e:49:0d:ea:cc:29:b9:2c:fe:3b:2e:50:b5:16:66:55:10:d7:e8:d4:ec:11:ff:e9:7d:63:e0:4e:fa:ec:fb:70:2a:ed:f3:31:c7:2e:af:8a:4d:91:e5:56:87:8c:1b:a7:6a:8c:d9:7f:dd:fc:f2:df:c1:7a:e8:b0:5a:29:f9:fa:80:e4:3f:5c:ee:dc:93:7b:e8:b2:e0:29:b3:d8:1c:40:af:59:1d:92:21:71:5e:1c:df:9f:2d:43:3e:d5:d4:ec:f3:98:98:89:41:20:81:84:c9:f4:2f:e2:80:23:71:ee:7c:df:1e:e9:1b:10:8b:5b:66:21:5c:3e:27:b2:ae:45:2e:fa:00:23:e5:98:b3:7e:db:e0:d5:3e:86:9d:22:4c:87:32:4f:52:76:e4:6d:1a:63:9c:3a:d4:76:59:fc:dc:63:7c:d5:44:30:72:45:22:48:3f:0e:e1:86:e8:91:df:9a:e0:0e:da:2b:d0:d8:ce:2c:4d:46:a9:d7:dd:76:68:e1:56:da:98:93:7f:40:05:7c:30:e1:f8:0c:5c:0c:d2:d8:70:f1:54:64:b1:4b:cb:68:12:0b:95:0d:2b:fb:11:28:56:9e:ff:89:79:75:1d:c9:e8:e1:d5:11:3b:a6:1c:95:59:85:f2:75:03:23:11:ee:0e:cd:8d:21:57:ae:f5:98:6b:b4:31:ec:fc:76:ad:d3:b3:6c:d9:2c:f4:ad:d6:59:13:ab:df:f7:93:f3:42:42:d8:dd:11:2c:6d:d0:59:9f:83:5e:a2:84:87:f3:ac:6f:19:61:e9:f9:ff:90:02:a1:c5:95:43:3f:8d:f2:32:39:de:e2:83:ab:08:d9:57:e8:bc:36:cd:3c:a4:ef:b3:80:f9:02:01:83:f1:8f:da:81:13:7b:3e:aa:bc:21:98:b3:d6:29:c4:c3:91:7f:63:2a:9b:91:f0:07:cb:70:e8:bc:81:8e:bc:84:d2:d0:94:46:cc:09:13:51:e1:be:f9:d8:34:36:56:22:d9:f8:63:4f:2c:8e:80:f1:88:44:07:47:97:ec:d3:72:69:f6:bf:3e:05:5b:0c:b1:bd:b7:50:cf:d5:c1:72:c1:3a:c0:d9:23:d6:c8:b0:a8:5f:10:83:8d:8a:2c:9c:42:4a:af:58:4b:f3:1e:79:95:b9:82:ca:d6:6f:f3:3c:1c:a1:7e:8e:28:c8:52:0a:e7:ca:a8:d1:84:a1:5b:49:d9:fe:50:e3:37:77:ce:7e:3d:f9:54:ac:08:31:0e:59:62:00:a2:31:29:1a:45:25:be:54:9e:1b:f4:3c:a0:df:5f:10:a2:ab:6a:eb:b3:5e:f2:7e:ab:77:0a:23:a6:e0:fc:91:33:b8:31:3b:2f:ef:19:c8:e7:a3:6e:54:69:5d:b3:a6:f2:ba:23:34:a5:f2:61:3c:ca:09:59:62:1f:77:34:16:00:e1:74:7c:ec:3f:97:d9:e5:05:02:5a:9e:0e:30:92:d2:dd:ca:9c:7a:6c:14:7c:be:3d:7c:71:ed:eb:97:e4:b8:a3:84:3e:2e:d1:8b:b9:6a:67:3f:e8:a6:09:4f:6b:be:65:bf:77:bb:38:cd:99:e5:ab:ce:7f:48:43:52:0c:f4:b5:e1:e9:49:fe:13:85:5d:3a:99:aa:47:7d:20:8b:f5:7a:f5:3c:2a:95:23:f0:83:22:df:ec:b3:b2:72:a6:6f:1c:8c:da:b8:60:4b:c9:5b:db:54:c6:7e:0a:7a:4f:be:d1:cc:05:0f:4a:2c:c4:16:2b:82:d2:5e:cc:ab:19:eb:9b:da:7e:11:91:5b:56:1c:e8:1c:53:76:9c:49:2b:58:21:29:1a:e9:ec:4d:79:f9:c4:32:73:3f:89:c3:cd:79:8f:1f:aa:0e:d9:f1:12:fe:a1:7b:32:b4:74:6a:f6:44:51:42:e3:b7:e2:42:48:e9:5d:c9:64:56:9d:1d:71:9b:11:8b:de:69:d4:1d:55:bc:9a:d8:9e:73:4b:21:7d:d8:79:fe:14:f1:29:c3:d0:39:bd:7c:69:a8:44:69:f2:c7:73:6d:a6:13:c4:5a:e5:40:3a:47:02:3b:e9:38:0e:2c:29:61:3c:0a:25:3f:c9:4c:20:04:c4:da:05:2c:0a:42:74:df:13:4a:59:de:ce:a1:43:4f:e8:55:46:17:00:70:19:95:60:23:e2:d3:c3:cf:17:91:9b:a3:f4:b7:d8:0c:48:f9:c6:4b:4a:91:d2:0a:04:84:77:ca:a4:06:af:44:ca:7a:b5:94:43:cd:c5:8f:06:7e:1c:c7:04:3c:ed:ac:9f:99:c6:55:a9:a6:d1:70:78:76:30:55:ef:17:db:44:63:61:36:59:e3:bc:15:85:b8:61:60:48:7f:ff:f6:71:ea:c4:ef:24:58:d8:46:8b:65:e8:97:de:a8:8f:bf:8a:e5:50:d7:41:5c:0d:4d:94:6e:38:48:ff:98:af:ac:ab:b0:92:df:01:a7:ad:61:6e:40:7b:e5:b2:f9:23:06:40:74:4c:a4:23:c5:d9:74:d5:79:ac:67:ca:f2:73:f4:42:74:65:c7:02:7a:63:3d:ba:a7:b2:5a:28:06:cf:c2:92:68:1c:d5:68:b3:0a:2b:c2:84:81:a0:1e:c1:2e:a8:01:75:e9:80:c2:c8:e6:97:4a:cc:51:cd:f1:ee:96:f7:ed:76:52:fe:e1:4f:2f:f0:b5:68:c6:e6:d0:36:14:c6:35:5c:c2:02:96:2b:9e:26:63:fe:0c:20:dd:a4:d5:e5:d7:2d:0d:5d:e8:c9:e9:a8:31:9d:23:45:81:4a:a5:73:01:41:82:77:ec:1c:20:7a:e5:db:1e:af:87:0e:55:ef:b3:66:61:99:02:20:59:31:af:64:57:68:c3:43:ba:1b:42:25:83:14:cb:a4:35:df:b2:92:9d:f1:ba:86:d1:e3:8a:4f:80:38:bc:97:68:ca:52:3f:40:44:a8:3a:61:78:65:8a:d4:d6:0f:e6:88:cc:4f:b0:a1:a2:97:ac" + }, + "tcp.segments": { + "tcp.segment": "5187", + "tcp.segment": "5189", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1848", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:39:22:2c:20:4e:6f:6e:63:65:3d:22:6b:44:6b:5a:58:32:31:5a:56:42:69:39:49:4e:55:49:64:78:65:67:4a:51:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:6a:2f:6e:70:73:62:74:69:31:6b:74:56:6a:55:43:31:65:49:69:32:4d:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:ef:c9:8a:03:97:88:9f:e9:c1:bf:37:c2:b7:d5:3a:4b:b4:f7:f0:49:64:a7:28:bf:01:24:a5:e9:d4:0c:eb:e8:34:d0:7a:54:bf:1d:de:7f:1b:0e:a8:c8:0e:02:45:f9:eb:c2:d6:37:8c:4c:e2:22:0c:d9:0d:8e:76:3f:e3:02:2e:9a:80:61:c0:8e:01:07:fc:1a:64:c4:26:ca:4d:3f:14:8c:c8:35:fd:98:f4:73:b7:8a:47:b8:1c:3f:c3:08:51:62:2a:c8:3d:19:f7:a5:bb:ec:20:2f:bc:56:45:39:f0:25:d2:9b:5e:49:0d:ea:cc:29:b9:2c:fe:3b:2e:50:b5:16:66:55:10:d7:e8:d4:ec:11:ff:e9:7d:63:e0:4e:fa:ec:fb:70:2a:ed:f3:31:c7:2e:af:8a:4d:91:e5:56:87:8c:1b:a7:6a:8c:d9:7f:dd:fc:f2:df:c1:7a:e8:b0:5a:29:f9:fa:80:e4:3f:5c:ee:dc:93:7b:e8:b2:e0:29:b3:d8:1c:40:af:59:1d:92:21:71:5e:1c:df:9f:2d:43:3e:d5:d4:ec:f3:98:98:89:41:20:81:84:c9:f4:2f:e2:80:23:71:ee:7c:df:1e:e9:1b:10:8b:5b:66:21:5c:3e:27:b2:ae:45:2e:fa:00:23:e5:98:b3:7e:db:e0:d5:3e:86:9d:22:4c:87:32:4f:52:76:e4:6d:1a:63:9c:3a:d4:76:59:fc:dc:63:7c:d5:44:30:72:45:22:48:3f:0e:e1:86:e8:91:df:9a:e0:0e:da:2b:d0:d8:ce:2c:4d:46:a9:d7:dd:76:68:e1:56:da:98:93:7f:40:05:7c:30:e1:f8:0c:5c:0c:d2:d8:70:f1:54:64:b1:4b:cb:68:12:0b:95:0d:2b:fb:11:28:56:9e:ff:89:79:75:1d:c9:e8:e1:d5:11:3b:a6:1c:95:59:85:f2:75:03:23:11:ee:0e:cd:8d:21:57:ae:f5:98:6b:b4:31:ec:fc:76:ad:d3:b3:6c:d9:2c:f4:ad:d6:59:13:ab:df:f7:93:f3:42:42:d8:dd:11:2c:6d:d0:59:9f:83:5e:a2:84:87:f3:ac:6f:19:61:e9:f9:ff:90:02:a1:c5:95:43:3f:8d:f2:32:39:de:e2:83:ab:08:d9:57:e8:bc:36:cd:3c:a4:ef:b3:80:f9:02:01:83:f1:8f:da:81:13:7b:3e:aa:bc:21:98:b3:d6:29:c4:c3:91:7f:63:2a:9b:91:f0:07:cb:70:e8:bc:81:8e:bc:84:d2:d0:94:46:cc:09:13:51:e1:be:f9:d8:34:36:56:22:d9:f8:63:4f:2c:8e:80:f1:88:44:07:47:97:ec:d3:72:69:f6:bf:3e:05:5b:0c:b1:bd:b7:50:cf:d5:c1:72:c1:3a:c0:d9:23:d6:c8:b0:a8:5f:10:83:8d:8a:2c:9c:42:4a:af:58:4b:f3:1e:79:95:b9:82:ca:d6:6f:f3:3c:1c:a1:7e:8e:28:c8:52:0a:e7:ca:a8:d1:84:a1:5b:49:d9:fe:50:e3:37:77:ce:7e:3d:f9:54:ac:08:31:0e:59:62:00:a2:31:29:1a:45:25:be:54:9e:1b:f4:3c:a0:df:5f:10:a2:ab:6a:eb:b3:5e:f2:7e:ab:77:0a:23:a6:e0:fc:91:33:b8:31:3b:2f:ef:19:c8:e7:a3:6e:54:69:5d:b3:a6:f2:ba:23:34:a5:f2:61:3c:ca:09:59:62:1f:77:34:16:00:e1:74:7c:ec:3f:97:d9:e5:05:02:5a:9e:0e:30:92:d2:dd:ca:9c:7a:6c:14:7c:be:3d:7c:71:ed:eb:97:e4:b8:a3:84:3e:2e:d1:8b:b9:6a:67:3f:e8:a6:09:4f:6b:be:65:bf:77:bb:38:cd:99:e5:ab:ce:7f:48:43:52:0c:f4:b5:e1:e9:49:fe:13:85:5d:3a:99:aa:47:7d:20:8b:f5:7a:f5:3c:2a:95:23:f0:83:22:df:ec:b3:b2:72:a6:6f:1c:8c:da:b8:60:4b:c9:5b:db:54:c6:7e:0a:7a:4f:be:d1:cc:05:0f:4a:2c:c4:16:2b:82:d2:5e:cc:ab:19:eb:9b:da:7e:11:91:5b:56:1c:e8:1c:53:76:9c:49:2b:58:21:29:1a:e9:ec:4d:79:f9:c4:32:73:3f:89:c3:cd:79:8f:1f:aa:0e:d9:f1:12:fe:a1:7b:32:b4:74:6a:f6:44:51:42:e3:b7:e2:42:48:e9:5d:c9:64:56:9d:1d:71:9b:11:8b:de:69:d4:1d:55:bc:9a:d8:9e:73:4b:21:7d:d8:79:fe:14:f1:29:c3:d0:39:bd:7c:69:a8:44:69:f2:c7:73:6d:a6:13:c4:5a:e5:40:3a:47:02:3b:e9:38:0e:2c:29:61:3c:0a:25:3f:c9:4c:20:04:c4:da:05:2c:0a:42:74:df:13:4a:59:de:ce:a1:43:4f:e8:55:46:17:00:70:19:95:60:23:e2:d3:c3:cf:17:91:9b:a3:f4:b7:d8:0c:48:f9:c6:4b:4a:91:d2:0a:04:84:77:ca:a4:06:af:44:ca:7a:b5:94:43:cd:c5:8f:06:7e:1c:c7:04:3c:ed:ac:9f:99:c6:55:a9:a6:d1:70:78:76:30:55:ef:17:db:44:63:61:36:59:e3:bc:15:85:b8:61:60:48:7f:ff:f6:71:ea:c4:ef:24:58:d8:46:8b:65:e8:97:de:a8:8f:bf:8a:e5:50:d7:41:5c:0d:4d:94:6e:38:48:ff:98:af:ac:ab:b0:92:df:01:a7:ad:61:6e:40:7b:e5:b2:f9:23:06:40:74:4c:a4:23:c5:d9:74:d5:79:ac:67:ca:f2:73:f4:42:74:65:c7:02:7a:63:3d:ba:a7:b2:5a:28:06:cf:c2:92:68:1c:d5:68:b3:0a:2b:c2:84:81:a0:1e:c1:2e:a8:01:75:e9:80:c2:c8:e6:97:4a:cc:51:cd:f1:ee:96:f7:ed:76:52:fe:e1:4f:2f:f0:b5:68:c6:e6:d0:36:14:c6:35:5c:c2:02:96:2b:9e:26:63:fe:0c:20:dd:a4:d5:e5:d7:2d:0d:5d:e8:c9:e9:a8:31:9d:23:45:81:4a:a5:73:01:41:82:77:ec:1c:20:7a:e5:db:1e:af:87:0e:55:ef:b3:66:61:99:02:20:59:31:af:64:57:68:c3:43:ba:1b:42:25:83:14:cb:a4:35:df:b2:92:9d:f1:ba:86:d1:e3:8a:4f:80:38:bc:97:68:ca:52:3f:40:44:a8:3a:61:78:65:8a:d4:d6:0f:e6:88:cc:4f:b0:a1:a2:97:ac" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"199\", Nonce=\"kDkZX21ZVBi9INUIdxegJQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"j\/npsbti1ktVjUC1eIi2MA==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"199\", Nonce=\"kDkZX21ZVBi9INUIdxegJQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"j\/npsbti1ktVjUC1eIi2MA==\"\r\n", + "http.content_length_header": "1248 ", + "http.content_length_header_tree": { + "http.content_length": "1248" + }, + "http.request.line": "Content-Length: 1248 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd7\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd:K\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdId\u00ef\u00bf\u00bd(\u00ef\u00bf\u00bd\u0001$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd4\u00ef\u00bf\u00bdzT\u00ef\u00bf\u00bd\u001d\u00ef\u00bf\u00bd\u007f\u001b\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000e\u0002E\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd7\u00ef\u00bf\u00bdL\u00ef\u00bf\u00bd\"\f\u00ef\u00bf\u00bd\r\u00ef\u00bf\u00bdv?\u00ef\u00bf\u00bd\u0002.\u00ef\u00bf\u00bd\u00ef\u00bf\u00bda\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0001\u0007\u00ef\u00bf\u00bd\u001ad\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bdM?\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bds\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdG\u00ef\u00bf\u00bd\u001c?\u00ef\u00bf\u00bd\bQb*\u00ef\u00bf\u00bd=\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd \/\u00ef\u00bf\u00bdVE9\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd^I\r\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd)\u00ef\u00bf\u00bd,\u00ef\u00bf\u00bd;.P\u00ef\u00bf\u00bd\u0016fU\u0010\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd}c\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdp*\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bd.\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdM\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdV\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001b\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdz\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdZ)\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd?\\\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd{\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd)\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c@\u00ef\u00bf\u00bdY\u001d\u00ef\u00bf\u00bd!q^\u001c\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd-C>\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdA \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd#q\u00ef\u00bf\u00bd|\u00ef\u00bf\u00bd\u001e\u00ef\u00bf\u00bd\u001b\u0010\u00ef\u00bf\u00bd[f!\\>'\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdE.\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "ef:c9:8a:03:97:88:9f:e9:c1:bf:37:c2:b7:d5:3a:4b:b4:f7:f0:49:64:a7:28:bf:01:24:a5:e9:d4:0c:eb:e8:34:d0:7a:54:bf:1d:de:7f:1b:0e:a8:c8:0e:02:45:f9:eb:c2:d6:37:8c:4c:e2:22:0c:d9:0d:8e:76:3f:e3:02:2e:9a:80:61:c0:8e:01:07:fc:1a:64:c4:26:ca:4d:3f:14:8c:c8:35:fd:98:f4:73:b7:8a:47:b8:1c:3f:c3:08:51:62:2a:c8:3d:19:f7:a5:bb:ec:20:2f:bc:56:45:39:f0:25:d2:9b:5e:49:0d:ea:cc:29:b9:2c:fe:3b:2e:50:b5:16:66:55:10:d7:e8:d4:ec:11:ff:e9:7d:63:e0:4e:fa:ec:fb:70:2a:ed:f3:31:c7:2e:af:8a:4d:91:e5:56:87:8c:1b:a7:6a:8c:d9:7f:dd:fc:f2:df:c1:7a:e8:b0:5a:29:f9:fa:80:e4:3f:5c:ee:dc:93:7b:e8:b2:e0:29:b3:d8:1c:40:af:59:1d:92:21:71:5e:1c:df:9f:2d:43:3e:d5:d4:ec:f3:98:98:89:41:20:81:84:c9:f4:2f:e2:80:23:71:ee:7c:df:1e:e9:1b:10:8b:5b:66:21:5c:3e:27:b2:ae:45:2e:fa:00:23:e5:98:b3:7e:db:e0:d5:3e:86:9d:22:4c:87:32:4f:52:76:e4:6d:1a:63:9c:3a:d4:76:59:fc:dc:63:7c:d5:44:30:72:45:22:48:3f:0e:e1:86:e8:91:df:9a:e0:0e:da:2b:d0:d8:ce:2c:4d:46:a9:d7:dd:76:68:e1:56:da:98:93:7f:40:05:7c:30:e1:f8:0c:5c:0c:d2:d8:70:f1:54:64:b1:4b:cb:68:12:0b:95:0d:2b:fb:11:28:56:9e:ff:89:79:75:1d:c9:e8:e1:d5:11:3b:a6:1c:95:59:85:f2:75:03:23:11:ee:0e:cd:8d:21:57:ae:f5:98:6b:b4:31:ec:fc:76:ad:d3:b3:6c:d9:2c:f4:ad:d6:59:13:ab:df:f7:93:f3:42:42:d8:dd:11:2c:6d:d0:59:9f:83:5e:a2:84:87:f3:ac:6f:19:61:e9:f9:ff:90:02:a1:c5:95:43:3f:8d:f2:32:39:de:e2:83:ab:08:d9:57:e8:bc:36:cd:3c:a4:ef:b3:80:f9:02:01:83:f1:8f:da:81:13:7b:3e:aa:bc:21:98:b3:d6:29:c4:c3:91:7f:63:2a:9b:91:f0:07:cb:70:e8:bc:81:8e:bc:84:d2:d0:94:46:cc:09:13:51:e1:be:f9:d8:34:36:56:22:d9:f8:63:4f:2c:8e:80:f1:88:44:07:47:97:ec:d3:72:69:f6:bf:3e:05:5b:0c:b1:bd:b7:50:cf:d5:c1:72:c1:3a:c0:d9:23:d6:c8:b0:a8:5f:10:83:8d:8a:2c:9c:42:4a:af:58:4b:f3:1e:79:95:b9:82:ca:d6:6f:f3:3c:1c:a1:7e:8e:28:c8:52:0a:e7:ca:a8:d1:84:a1:5b:49:d9:fe:50:e3:37:77:ce:7e:3d:f9:54:ac:08:31:0e:59:62:00:a2:31:29:1a:45:25:be:54:9e:1b:f4:3c:a0:df:5f:10:a2:ab:6a:eb:b3:5e:f2:7e:ab:77:0a:23:a6:e0:fc:91:33:b8:31:3b:2f:ef:19:c8:e7:a3:6e:54:69:5d:b3:a6:f2:ba:23:34:a5:f2:61:3c:ca:09:59:62:1f:77:34:16:00:e1:74:7c:ec:3f:97:d9:e5:05:02:5a:9e:0e:30:92:d2:dd:ca:9c:7a:6c:14:7c:be:3d:7c:71:ed:eb:97:e4:b8:a3:84:3e:2e:d1:8b:b9:6a:67:3f:e8:a6:09:4f:6b:be:65:bf:77:bb:38:cd:99:e5:ab:ce:7f:48:43:52:0c:f4:b5:e1:e9:49:fe:13:85:5d:3a:99:aa:47:7d:20:8b:f5:7a:f5:3c:2a:95:23:f0:83:22:df:ec:b3:b2:72:a6:6f:1c:8c:da:b8:60:4b:c9:5b:db:54:c6:7e:0a:7a:4f:be:d1:cc:05:0f:4a:2c:c4:16:2b:82:d2:5e:cc:ab:19:eb:9b:da:7e:11:91:5b:56:1c:e8:1c:53:76:9c:49:2b:58:21:29:1a:e9:ec:4d:79:f9:c4:32:73:3f:89:c3:cd:79:8f:1f:aa:0e:d9:f1:12:fe:a1:7b:32:b4:74:6a:f6:44:51:42:e3:b7:e2:42:48:e9:5d:c9:64:56:9d:1d:71:9b:11:8b:de:69:d4:1d:55:bc:9a:d8:9e:73:4b:21:7d:d8:79:fe:14:f1:29:c3:d0:39:bd:7c:69:a8:44:69:f2:c7:73:6d:a6:13:c4:5a:e5:40:3a:47:02:3b:e9:38:0e:2c:29:61:3c:0a:25:3f:c9:4c:20:04:c4:da:05:2c:0a:42:74:df:13:4a:59:de:ce:a1:43:4f:e8:55:46:17:00:70:19:95:60:23:e2:d3:c3:cf:17:91:9b:a3:f4:b7:d8:0c:48:f9:c6:4b:4a:91:d2:0a:04:84:77:ca:a4:06:af:44:ca:7a:b5:94:43:cd:c5:8f:06:7e:1c:c7:04:3c:ed:ac:9f:99:c6:55:a9:a6:d1:70:78:76:30:55:ef:17:db:44:63:61:36:59:e3:bc:15:85:b8:61:60:48:7f:ff:f6:71:ea:c4:ef:24:58:d8:46:8b:65:e8:97:de:a8:8f:bf:8a:e5:50:d7:41:5c:0d:4d:94:6e:38:48:ff:98:af:ac:ab:b0:92:df:01:a7:ad:61:6e:40:7b:e5:b2:f9:23:06:40:74:4c:a4:23:c5:d9:74:d5:79:ac:67:ca:f2:73:f4:42:74:65:c7:02:7a:63:3d:ba:a7:b2:5a:28:06:cf:c2:92:68:1c:d5:68:b3:0a:2b:c2:84:81:a0:1e:c1:2e:a8:01:75:e9:80:c2:c8:e6:97:4a:cc:51:cd:f1:ee:96:f7:ed:76:52:fe:e1:4f:2f:f0:b5:68:c6:e6:d0:36:14:c6:35:5c:c2:02:96:2b:9e:26:63:fe:0c:20:dd:a4:d5:e5:d7:2d:0d:5d:e8:c9:e9:a8:31:9d:23:45:81:4a:a5:73:01:41:82:77:ec:1c:20:7a:e5:db:1e:af:87:0e:55:ef:b3:66:61:99:02:20:59:31:af:64:57:68:c3:43:ba:1b:42:25:83:14:cb:a4:35:df:b2:92:9d:f1:ba:86:d1:e3:8a:4f:80:38:bc:97:68:ca:52:3f:40:44:a8:3a:61:78:65:8a:d4:d6:0f:e6:88:cc:4f:b0:a1:a2:97:ac" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:29.199453000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495089.199453000", + "frame.time_delta": "0.085856000", + "frame.time_delta_displayed": "0.085856000", + "frame.time_relative": "1497.738767000", + "frame.number": "5190", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000f44a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e50e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:29.249915000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495089.249915000", + "frame.time_delta": "0.050462000", + "frame.time_delta_displayed": "0.050462000", + "frame.time_relative": "1497.789229000", + "frame.number": "5191", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c1cb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000c90f", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35310", + "tcp.port": "80", + "tcp.port": "35310", + "tcp.stream": "191", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00002eb4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5189", + "tcp.analysis.ack_rtt": "0.136318000", + "tcp.analysis.initial_rtt": "0.136234000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:29.273382000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495089.273382000", + "frame.time_delta": "0.023467000", + "frame.time_delta_displayed": "0.023467000", + "frame.time_relative": "1497.812696000", + "frame.number": "5192", + "frame.len": "925", + "frame.cap_len": "925", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "911", + "ip.id": "0x0000cba4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000bbcf", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35310", + "tcp.port": "80", + "tcp.port": "35310", + "tcp.stream": "191", + "tcp.len": "871", + "tcp.seq": "1", + "tcp.nxtseq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000ffdd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.136234000", + "tcp.analysis.bytes_in_flight": "871", + "tcp.analysis.push_bytes_sent": "871" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_length_header": "560", + "http.content_length_header_tree": { + "http.content_length": "560" + }, + "http.response.line": "Content-Length: 560\r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Nonce=\"Q5UCcvzThhm9INUIe1noSg==\"", + "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"Q5UCcvzThhm9INUIe1noSg==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Wed, 01 Nov 2017 00:11:28 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:11:28 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.159785000", + "http.request_in": "5189", + "http.file_data": "\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd7\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd:K\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdId\u00ef\u00bf\u00bd(\u00ef\u00bf\u00bd\u0001$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd^q\u00ef\u00bf\u00bdU\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdXT6\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd>\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd:\"`A~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd(\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001e9f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~k\u0001\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bde(\u001c6#-tR4\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd5\u00ef\u00bf\u00bd\f\u00ef\u00bf\u00bdg\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001cl\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdP\u0018I\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd[\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0012\u00ef\u00bf\u00bdv\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bdw\u00ef\u00bf\u00bda\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd{y\fe\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd{,\u00ef\u00bf\u00bd?ys\u00ef\u00bf\u00bdd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0016`\u00ef\u00bf\u00bd\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdW\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0018z\u00ef\u00bf\u00bd\u0019bl\u00ef\u00bf\u00bd-e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd9\t!>_\u00ef\u00bf\u00bd\fR\u00ef\u00bf\u00bd\u00ef\u00bf\u00bde\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd:\u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bd\u001b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001fX\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bd\u001d\u00ef\u00bf\u00bd\u0004\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdV\u00ef\u00bf\u00bd\b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0006\u000e\u001a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdF\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdX!\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdw\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdI\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd<\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003*\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00153\u0018H\u000f\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bdE\u0015\u000b\u0016G\u00ef\u00bf\u00bd\u007fgZ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bda\u0005a\u0013\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000b\u001b\u00ef\u00bf\u00bdu\u00ef\u00bf\u00bdA\u0005pK6]zdXI\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "ef:c9:8a:03:97:88:9f:e9:c1:bf:37:c2:b7:d5:3a:4b:b4:f7:f0:49:64:a7:28:bf:01:24:a5:e9:d4:0c:eb:e8:89:5e:71:cc:55:19:f3:da:87:9f:58:54:36:dc:87:3e:bd:4e:ee:63:ec:ca:e6:f0:83:03:eb:88:80:90:3a:22:60:41:7e:8d:e7:28:ba:90:1e:39:66:dc:9d:7e:6b:01:1f:d8:b0:65:28:1c:36:23:2d:74:52:34:c5:92:35:88:0c:fb:67:a5:f5:96:1c:6c:bb:8d:50:18:49:fc:c9:5b:d5:bd:12:d7:76:92:24:a5:77:eb:61:b5:81:7b:79:0c:65:91:02:c1:ed:86:7b:2c:d4:3f:79:73:85:64:8e:fa:16:60:be:05:ab:e2:82:57:a3:d3:ec:a9:9b:c1:18:7a:e9:19:62:6c:c0:2d:65:ef:91:39:09:21:3e:5f:b7:0c:52:cc:a3:65:e7:d4:3a:7f:b1:b0:4e:82:1b:af:cd:cd:1f:58:89:fd:e3:2f:b3:36:9f:1d:ee:04:88:d2:56:ae:08:f9:ba:06:0e:1a:a7:88:46:8b:c3:fc:9f:f8:d4:88:58:21:e3:94:77:9f:33:81:da:80:8b:9b:80:7e:fe:ee:11:ed:a2:49:ef:cd:b1:3c:ce:97:c1:9a:03:2a:a3:fb:94:15:33:18:48:0f:e9:02:db:45:15:0b:16:47:d4:7f:67:5a:c7:eb:ec:de:61:05:61:13:d4:d7:df:d2:0b:1b:9b:75:ee:41:05:70:4b:36:5d:7a:64:58:49:b0:00:42:ba:3d:d7:ad:9d:50:c6:be:40:c1:b2:8f:d9:3a:8d:30:aa:09:d7:07:e6:0c:ad:d4:9d:29:cd:db:35:73:4c:b2:e4:53:33:10:73:46:06:79:09:43:f4:b4:68:88:a2:06:07:0a:3a:9d:e6:4f:25:c8:c8:07:df:89:33:7c:68:41:9f:fd:12:db:1a:4e:de:76:74:a7:5a:e2:99:69:fe:f9:9f:dc:71:aa:ed:ad:5d:9d:73:1a:ce:bf:37:b9:5b:9d:be:53:aa:64:0e:fc:8c:85:5a:40:dc:e3:2e:c9:7d:48:e8:d9:2e:95:c3:c4:04:7e:8e:cd:28:44:59:2b:a0:17:10:6a:e2:15:f5:c4:75:a7:39:df:13:7b:6b:3e:fd:c4:61:b6:d3:ac:dd:19:ea:a6:01:27:cc:fd:5b:04:63:60:2e:24:8c:52:97:aa:6c:ce:fb:73:0b:05:f8:67:e0:91:29:70:7f:ec:a2:4c:6a:96:bb:77:16:8e:bf:c2:e7:b1:81:59:0c:1e:86:ca:fa:26:64:70:5d:09:15:27:8d:5d:50:89:c7:99:1f:da:60:d3:be:1c:3f:b0:d0:c4:07:c7:48:56:b9:e5:a6:f2:0e:37:80:d3:c2:91:00:23:d9:0a:29:b4:97:c2:b0:99:29:1b:35:bb:aa:29:6f:6b:a7:dd" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:29.273472000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495089.273472000", + "frame.time_delta": "0.000090000", + "frame.time_delta_displayed": "0.000090000", + "frame.time_relative": "1497.812786000", + "frame.number": "5193", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cba6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000bf34", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35310", + "tcp.port": "80", + "tcp.port": "35310", + "tcp.stream": "191", + "tcp.len": "0", + "tcp.seq": "872", + "tcp.ack": "1849", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00002b4c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:29.273962000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495089.273962000", + "frame.time_delta": "0.000490000", + "frame.time_delta_displayed": "0.000490000", + "frame.time_relative": "1497.813276000", + "frame.number": "5194", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f031", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000045aa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35310", + "tcp.dstport": "80", + "tcp.port": "35310", + "tcp.port": "80", + "tcp.stream": "191", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "872", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000cb9b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5192", + "tcp.analysis.ack_rtt": "0.000580000", + "tcp.analysis.initial_rtt": "0.136234000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:29.274628000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495089.274628000", + "frame.time_delta": "0.000666000", + "frame.time_delta_displayed": "0.000666000", + "frame.time_relative": "1497.813942000", + "frame.number": "5195", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f032", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000045a9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35310", + "tcp.dstport": "80", + "tcp.port": "35310", + "tcp.port": "80", + "tcp.stream": "191", + "tcp.len": "0", + "tcp.seq": "1849", + "tcp.ack": "873", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000cb99", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5193", + "tcp.analysis.ack_rtt": "0.001156000", + "tcp.analysis.initial_rtt": "0.136234000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:29.410382000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495089.410382000", + "frame.time_delta": "0.135754000", + "frame.time_delta_displayed": "0.135754000", + "frame.time_relative": "1497.949696000", + "frame.number": "5196", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000a49", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00008092", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35310", + "tcp.port": "80", + "tcp.port": "35310", + "tcp.stream": "191", + "tcp.len": "0", + "tcp.seq": "873", + "tcp.ack": "1850", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5988", + "tcp.window_size": "5988", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00002b4b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5195", + "tcp.analysis.ack_rtt": "0.135754000", + "tcp.analysis.initial_rtt": "0.136234000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.433072000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.433072000", + "frame.time_delta": "1.022690000", + "frame.time_delta_displayed": "1.022690000", + "frame.time_relative": "1498.972386000", + "frame.number": "5197", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x0000210a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e73a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52117", + "udp.dstport": "1900", + "udp.port": "52117", + "udp.port": "1900", + "udp.length": "134", + "udp.checksum": "0x00004d48", + "udp.checksum.status": "2", + "udp.stream": "10" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "13", + "http.prev_request_in": "4768" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.833108000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.833108000", + "frame.time_delta": "0.400036000", + "frame.time_delta_displayed": "0.400036000", + "frame.time_relative": "1499.372422000", + "frame.number": "5198", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000016ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000a09f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "73", + "http.prev_response_in": "4830" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.836750000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.836750000", + "frame.time_delta": "0.003642000", + "frame.time_delta_displayed": "0.003642000", + "frame.time_relative": "1499.376064000", + "frame.number": "5199", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001b43", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d24", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54674", + "tcp.dstport": "80", + "tcp.port": "54674", + "tcp.port": "80", + "tcp.stream": "192", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000ffe1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.837312000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.837312000", + "frame.time_delta": "0.000562000", + "frame.time_delta_displayed": "0.000562000", + "frame.time_relative": "1499.376626000", + "frame.number": "5200", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54674", + "tcp.port": "80", + "tcp.port": "54674", + "tcp.stream": "192", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000015d9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5199", + "tcp.analysis.ack_rtt": "0.000562000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.840233000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.840233000", + "frame.time_delta": "0.002921000", + "frame.time_delta_displayed": "0.002921000", + "frame.time_relative": "1499.379547000", + "frame.number": "5201", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b44", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d2f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54674", + "tcp.dstport": "80", + "tcp.port": "54674", + "tcp.port": "80", + "tcp.stream": "192", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c7b7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5200", + "tcp.analysis.ack_rtt": "0.002921000", + "tcp.analysis.initial_rtt": "0.003483000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.840790000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.840790000", + "frame.time_delta": "0.000557000", + "frame.time_delta_displayed": "0.000557000", + "frame.time_relative": "1499.380104000", + "frame.number": "5202", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001b45", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c87", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54674", + "tcp.dstport": "80", + "tcp.port": "54674", + "tcp.port": "80", + "tcp.stream": "192", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000dd30", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003483000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.841272000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.841272000", + "frame.time_delta": "0.000482000", + "frame.time_delta_displayed": "0.000482000", + "frame.time_relative": "1499.380586000", + "frame.number": "5203", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cb08", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ed6a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54674", + "tcp.port": "80", + "tcp.port": "54674", + "tcp.stream": "192", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b948", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5202", + "tcp.analysis.ack_rtt": "0.000482000", + "tcp.analysis.initial_rtt": "0.003483000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.841869000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.841869000", + "frame.time_delta": "0.000597000", + "frame.time_delta_displayed": "0.000597000", + "frame.time_relative": "1499.381183000", + "frame.number": "5204", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000cb09", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ed58", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54674", + "tcp.port": "80", + "tcp.port": "54674", + "tcp.stream": "192", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f969", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003483000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.842297000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.842297000", + "frame.time_delta": "0.000428000", + "frame.time_delta_displayed": "0.000428000", + "frame.time_relative": "1499.381611000", + "frame.number": "5205", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000cb0a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e985", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54674", + "tcp.port": "80", + "tcp.port": "54674", + "tcp.stream": "192", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004bd3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003483000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "5204", + "tcp.segment": "5205", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001507000", + "http.request_in": "5202", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.845243000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.845243000", + "frame.time_delta": "0.002946000", + "frame.time_delta_displayed": "0.002946000", + "frame.time_relative": "1499.384557000", + "frame.number": "5206", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b46", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d2d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54674", + "tcp.dstport": "80", + "tcp.port": "54674", + "tcp.port": "80", + "tcp.stream": "192", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c31f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5205", + "tcp.analysis.ack_rtt": "0.002946000", + "tcp.analysis.initial_rtt": "0.003483000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.845910000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.845910000", + "frame.time_delta": "0.000667000", + "frame.time_delta_displayed": "0.000667000", + "frame.time_relative": "1499.385224000", + "frame.number": "5207", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b47", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d2c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54674", + "tcp.dstport": "80", + "tcp.port": "54674", + "tcp.port": "80", + "tcp.stream": "192", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c31e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.846365000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.846365000", + "frame.time_delta": "0.000455000", + "frame.time_delta_displayed": "0.000455000", + "frame.time_relative": "1499.385679000", + "frame.number": "5208", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000011d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b756", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54674", + "tcp.port": "80", + "tcp.port": "54674", + "tcp.stream": "192", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b552", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5207", + "tcp.analysis.ack_rtt": "0.000455000", + "tcp.analysis.initial_rtt": "0.003483000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.886065000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.886065000", + "frame.time_delta": "0.039700000", + "frame.time_delta_displayed": "0.039700000", + "frame.time_relative": "1499.425379000", + "frame.number": "5209", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000016b1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000a091", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "74", + "http.prev_response_in": "5198" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.896604000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.896604000", + "frame.time_delta": "0.010539000", + "frame.time_delta_displayed": "0.010539000", + "frame.time_relative": "1499.435918000", + "frame.number": "5210", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001b48", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d1f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54675", + "tcp.dstport": "80", + "tcp.port": "54675", + "tcp.port": "80", + "tcp.stream": "193", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00006229", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.897146000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.897146000", + "frame.time_delta": "0.000542000", + "frame.time_delta_displayed": "0.000542000", + "frame.time_relative": "1499.436460000", + "frame.number": "5211", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54675", + "tcp.port": "80", + "tcp.port": "54675", + "tcp.stream": "193", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000dca8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5210", + "tcp.analysis.ack_rtt": "0.000542000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.899536000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.899536000", + "frame.time_delta": "0.002390000", + "frame.time_delta_displayed": "0.002390000", + "frame.time_relative": "1499.438850000", + "frame.number": "5212", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b49", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d2a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54675", + "tcp.dstport": "80", + "tcp.port": "54675", + "tcp.port": "80", + "tcp.stream": "193", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008e87", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5211", + "tcp.analysis.ack_rtt": "0.002390000", + "tcp.analysis.initial_rtt": "0.002932000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.900257000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.900257000", + "frame.time_delta": "0.000721000", + "frame.time_delta_displayed": "0.000721000", + "frame.time_relative": "1499.439571000", + "frame.number": "5213", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001b4a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c82", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54675", + "tcp.dstport": "80", + "tcp.port": "54675", + "tcp.port": "80", + "tcp.stream": "193", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a400", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002932000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.900735000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.900735000", + "frame.time_delta": "0.000478000", + "frame.time_delta_displayed": "0.000478000", + "frame.time_relative": "1499.440049000", + "frame.number": "5214", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e4a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d3d1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54675", + "tcp.port": "80", + "tcp.port": "54675", + "tcp.stream": "193", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008018", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5213", + "tcp.analysis.ack_rtt": "0.000478000", + "tcp.analysis.initial_rtt": "0.002932000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.901382000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.901382000", + "frame.time_delta": "0.000647000", + "frame.time_delta_displayed": "0.000647000", + "frame.time_relative": "1499.440696000", + "frame.number": "5215", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000e4a2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d3bf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54675", + "tcp.port": "80", + "tcp.port": "54675", + "tcp.stream": "193", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c039", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002932000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.901733000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.901733000", + "frame.time_delta": "0.000351000", + "frame.time_delta_displayed": "0.000351000", + "frame.time_relative": "1499.441047000", + "frame.number": "5216", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000e4a3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cfec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54675", + "tcp.port": "80", + "tcp.port": "54675", + "tcp.stream": "193", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000012a3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002932000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "5215", + "tcp.segment": "5216", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001476000", + "http.request_in": "5213", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.904568000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.904568000", + "frame.time_delta": "0.002835000", + "frame.time_delta_displayed": "0.002835000", + "frame.time_relative": "1499.443882000", + "frame.number": "5217", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b4b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d28", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54675", + "tcp.dstport": "80", + "tcp.port": "54675", + "tcp.port": "80", + "tcp.stream": "193", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000089ef", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5216", + "tcp.analysis.ack_rtt": "0.002835000", + "tcp.analysis.initial_rtt": "0.002932000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.905216000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.905216000", + "frame.time_delta": "0.000648000", + "frame.time_delta_displayed": "0.000648000", + "frame.time_relative": "1499.444530000", + "frame.number": "5218", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b4c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d27", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54675", + "tcp.dstport": "80", + "tcp.port": "54675", + "tcp.port": "80", + "tcp.stream": "193", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000089ee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.905629000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.905629000", + "frame.time_delta": "0.000413000", + "frame.time_delta_displayed": "0.000413000", + "frame.time_relative": "1499.444943000", + "frame.number": "5219", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000122", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b751", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54675", + "tcp.port": "80", + "tcp.port": "54675", + "tcp.stream": "193", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007c22", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5218", + "tcp.analysis.ack_rtt": "0.000413000", + "tcp.analysis.initial_rtt": "0.002932000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.938888000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.938888000", + "frame.time_delta": "0.033259000", + "frame.time_delta_displayed": "0.033259000", + "frame.time_relative": "1499.478202000", + "frame.number": "5220", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000016b2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000a096", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "75", + "http.prev_response_in": "5209" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.942235000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.942235000", + "frame.time_delta": "0.003347000", + "frame.time_delta_displayed": "0.003347000", + "frame.time_relative": "1499.481549000", + "frame.number": "5221", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001b4d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d1a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54676", + "tcp.dstport": "80", + "tcp.port": "54676", + "tcp.port": "80", + "tcp.stream": "194", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000b3ab", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.942770000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.942770000", + "frame.time_delta": "0.000535000", + "frame.time_delta_displayed": "0.000535000", + "frame.time_relative": "1499.482084000", + "frame.number": "5222", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54676", + "tcp.port": "80", + "tcp.port": "54676", + "tcp.stream": "194", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000e60a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5221", + "tcp.analysis.ack_rtt": "0.000535000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.945435000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.945435000", + "frame.time_delta": "0.002665000", + "frame.time_delta_displayed": "0.002665000", + "frame.time_relative": "1499.484749000", + "frame.number": "5223", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b4e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d25", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54676", + "tcp.dstport": "80", + "tcp.port": "54676", + "tcp.port": "80", + "tcp.stream": "194", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000097e9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5222", + "tcp.analysis.ack_rtt": "0.002665000", + "tcp.analysis.initial_rtt": "0.003200000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.946060000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.946060000", + "frame.time_delta": "0.000625000", + "frame.time_delta_displayed": "0.000625000", + "frame.time_relative": "1499.485374000", + "frame.number": "5224", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001b4f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c7d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54676", + "tcp.dstport": "80", + "tcp.port": "54676", + "tcp.port": "80", + "tcp.stream": "194", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ad62", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003200000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.946541000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.946541000", + "frame.time_delta": "0.000481000", + "frame.time_delta_displayed": "0.000481000", + "frame.time_relative": "1499.485855000", + "frame.number": "5225", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009b43", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001d30", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54676", + "tcp.port": "80", + "tcp.port": "54676", + "tcp.stream": "194", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000897a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5224", + "tcp.analysis.ack_rtt": "0.000481000", + "tcp.analysis.initial_rtt": "0.003200000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.947111000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.947111000", + "frame.time_delta": "0.000570000", + "frame.time_delta_displayed": "0.000570000", + "frame.time_relative": "1499.486425000", + "frame.number": "5226", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00009b44", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001d1e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54676", + "tcp.port": "80", + "tcp.port": "54676", + "tcp.stream": "194", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c99b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003200000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.947458000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.947458000", + "frame.time_delta": "0.000347000", + "frame.time_delta_displayed": "0.000347000", + "frame.time_relative": "1499.486772000", + "frame.number": "5227", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00009b45", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000194b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54676", + "tcp.port": "80", + "tcp.port": "54676", + "tcp.stream": "194", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001c05", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003200000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "5226", + "tcp.segment": "5227", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001398000", + "http.request_in": "5224", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.949285000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.949285000", + "frame.time_delta": "0.001827000", + "frame.time_delta_displayed": "0.001827000", + "frame.time_relative": "1499.488599000", + "frame.number": "5228", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00009b46", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000194a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54676", + "tcp.port": "80", + "tcp.port": "54676", + "tcp.stream": "194", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001c05", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003200000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.949733000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.949733000", + "frame.time_delta": "0.000448000", + "frame.time_delta_displayed": "0.000448000", + "frame.time_relative": "1499.489047000", + "frame.number": "5229", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b50", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d23", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54676", + "tcp.dstport": "80", + "tcp.port": "54676", + "tcp.port": "80", + "tcp.stream": "194", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009351", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5227", + "tcp.analysis.ack_rtt": "0.002275000", + "tcp.analysis.initial_rtt": "0.003200000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.950314000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.950314000", + "frame.time_delta": "0.000581000", + "frame.time_delta_displayed": "0.000581000", + "frame.time_relative": "1499.489628000", + "frame.number": "5230", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b51", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d22", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54676", + "tcp.dstport": "80", + "tcp.port": "54676", + "tcp.port": "80", + "tcp.stream": "194", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009350", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.950745000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.950745000", + "frame.time_delta": "0.000431000", + "frame.time_delta_displayed": "0.000431000", + "frame.time_relative": "1499.490059000", + "frame.number": "5231", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000127", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b74c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54676", + "tcp.port": "80", + "tcp.port": "54676", + "tcp.stream": "194", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008584", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5230", + "tcp.analysis.ack_rtt": "0.000431000", + "tcp.analysis.initial_rtt": "0.003200000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:30.952196000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495090.952196000", + "frame.time_delta": "0.001451000", + "frame.time_delta_displayed": "0.001451000", + "frame.time_relative": "1499.491510000", + "frame.number": "5232", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001b52", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d15", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54676", + "tcp.dstport": "80", + "tcp.port": "54676", + "tcp.port": "80", + "tcp.stream": "194", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ac47", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:2f:47:27:40:2f:47:2b:23", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003200000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "5229", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.885930000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.885930000", + "frame.time_delta": "0.933734000", + "frame.time_delta_displayed": "0.933734000", + "frame.time_relative": "1500.425244000", + "frame.number": "5233", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000016e9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000a062", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "76", + "http.prev_response_in": "5220" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.889629000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.889629000", + "frame.time_delta": "0.003699000", + "frame.time_delta_displayed": "0.003699000", + "frame.time_relative": "1500.428943000", + "frame.number": "5234", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001b53", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d14", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54677", + "tcp.dstport": "80", + "tcp.port": "54677", + "tcp.port": "80", + "tcp.stream": "195", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000092c5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.890331000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.890331000", + "frame.time_delta": "0.000702000", + "frame.time_delta_displayed": "0.000702000", + "frame.time_relative": "1500.429645000", + "frame.number": "5235", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54677", + "tcp.port": "80", + "tcp.port": "54677", + "tcp.stream": "195", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000db26", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5234", + "tcp.analysis.ack_rtt": "0.000702000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.893113000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.893113000", + "frame.time_delta": "0.002782000", + "frame.time_delta_displayed": "0.002782000", + "frame.time_relative": "1500.432427000", + "frame.number": "5236", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b54", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d1f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54677", + "tcp.dstport": "80", + "tcp.port": "54677", + "tcp.port": "80", + "tcp.stream": "195", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008d05", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5235", + "tcp.analysis.ack_rtt": "0.002782000", + "tcp.analysis.initial_rtt": "0.003484000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.893720000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.893720000", + "frame.time_delta": "0.000607000", + "frame.time_delta_displayed": "0.000607000", + "frame.time_relative": "1500.433034000", + "frame.number": "5237", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001b55", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c77", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54677", + "tcp.dstport": "80", + "tcp.port": "54677", + "tcp.port": "80", + "tcp.stream": "195", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a27e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003484000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.894196000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.894196000", + "frame.time_delta": "0.000476000", + "frame.time_delta_displayed": "0.000476000", + "frame.time_relative": "1500.433510000", + "frame.number": "5238", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006f2a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004949", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54677", + "tcp.port": "80", + "tcp.port": "54677", + "tcp.stream": "195", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007e96", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5237", + "tcp.analysis.ack_rtt": "0.000476000", + "tcp.analysis.initial_rtt": "0.003484000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.894913000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.894913000", + "frame.time_delta": "0.000717000", + "frame.time_delta_displayed": "0.000717000", + "frame.time_relative": "1500.434227000", + "frame.number": "5239", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00006f2b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004937", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54677", + "tcp.port": "80", + "tcp.port": "54677", + "tcp.stream": "195", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000beb7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003484000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.894924000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.894924000", + "frame.time_delta": "0.000011000", + "frame.time_delta_displayed": "0.000011000", + "frame.time_relative": "1500.434238000", + "frame.number": "5240", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00006f2c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004564", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54677", + "tcp.port": "80", + "tcp.port": "54677", + "tcp.stream": "195", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001121", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003484000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "5239", + "tcp.segment": "5240", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001204000", + "http.request_in": "5237", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.899286000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.899286000", + "frame.time_delta": "0.004362000", + "frame.time_delta_displayed": "0.004362000", + "frame.time_relative": "1500.438600000", + "frame.number": "5241", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00006f2d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004563", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54677", + "tcp.port": "80", + "tcp.port": "54677", + "tcp.stream": "195", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001121", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003484000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.retransmission": "", + "_ws.expert.message": "This frame is a (suspected) retransmission", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + }, + "tcp.analysis.rto": "0.004362000", + "tcp.analysis.rto_frame": "5240" + } + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.899871000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.899871000", + "frame.time_delta": "0.000585000", + "frame.time_delta_displayed": "0.000585000", + "frame.time_relative": "1500.439185000", + "frame.number": "5242", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b56", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d1d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54677", + "tcp.dstport": "80", + "tcp.port": "54677", + "tcp.port": "80", + "tcp.stream": "195", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000886d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5240", + "tcp.analysis.ack_rtt": "0.004947000", + "tcp.analysis.initial_rtt": "0.003484000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.900474000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.900474000", + "frame.time_delta": "0.000603000", + "frame.time_delta_displayed": "0.000603000", + "frame.time_relative": "1500.439788000", + "frame.number": "5243", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b57", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d1c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54677", + "tcp.dstport": "80", + "tcp.port": "54677", + "tcp.port": "80", + "tcp.stream": "195", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000886c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.900903000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.900903000", + "frame.time_delta": "0.000429000", + "frame.time_delta_displayed": "0.000429000", + "frame.time_relative": "1500.440217000", + "frame.number": "5244", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000015c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b717", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54677", + "tcp.port": "80", + "tcp.port": "54677", + "tcp.stream": "195", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007aa0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5243", + "tcp.analysis.ack_rtt": "0.000429000", + "tcp.analysis.initial_rtt": "0.003484000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.902838000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.902838000", + "frame.time_delta": "0.001935000", + "frame.time_delta_displayed": "0.001935000", + "frame.time_relative": "1500.442152000", + "frame.number": "5245", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001b58", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d0f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54677", + "tcp.dstport": "80", + "tcp.port": "54677", + "tcp.port": "80", + "tcp.stream": "195", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000cd67", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:6c:92:d3:f2:6c:92:d7:d5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003484000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "5242", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.938891000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.938891000", + "frame.time_delta": "0.036053000", + "frame.time_delta_displayed": "0.036053000", + "frame.time_relative": "1500.478205000", + "frame.number": "5246", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000016ed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000a055", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "77", + "http.prev_response_in": "5233" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.942608000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.942608000", + "frame.time_delta": "0.003717000", + "frame.time_delta_displayed": "0.003717000", + "frame.time_relative": "1500.481922000", + "frame.number": "5247", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001b59", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d0e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54678", + "tcp.dstport": "80", + "tcp.port": "54678", + "tcp.port": "80", + "tcp.stream": "196", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00001b15", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.943147000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.943147000", + "frame.time_delta": "0.000539000", + "frame.time_delta_displayed": "0.000539000", + "frame.time_relative": "1500.482461000", + "frame.number": "5248", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54678", + "tcp.port": "80", + "tcp.port": "54678", + "tcp.stream": "196", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000c5d9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5247", + "tcp.analysis.ack_rtt": "0.000539000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.945695000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.945695000", + "frame.time_delta": "0.002548000", + "frame.time_delta_displayed": "0.002548000", + "frame.time_relative": "1500.485009000", + "frame.number": "5249", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b5a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d19", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54678", + "tcp.dstport": "80", + "tcp.port": "54678", + "tcp.port": "80", + "tcp.stream": "196", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000077b8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5248", + "tcp.analysis.ack_rtt": "0.002548000", + "tcp.analysis.initial_rtt": "0.003087000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.946862000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.946862000", + "frame.time_delta": "0.001167000", + "frame.time_delta_displayed": "0.001167000", + "frame.time_relative": "1500.486176000", + "frame.number": "5250", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001b5b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c71", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54678", + "tcp.dstport": "80", + "tcp.port": "54678", + "tcp.port": "80", + "tcp.stream": "196", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008d31", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003087000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.947343000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.947343000", + "frame.time_delta": "0.000481000", + "frame.time_delta_displayed": "0.000481000", + "frame.time_relative": "1500.486657000", + "frame.number": "5251", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005ccb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005ba8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54678", + "tcp.port": "80", + "tcp.port": "54678", + "tcp.stream": "196", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006949", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5250", + "tcp.analysis.ack_rtt": "0.000481000", + "tcp.analysis.initial_rtt": "0.003087000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.947928000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.947928000", + "frame.time_delta": "0.000585000", + "frame.time_delta_displayed": "0.000585000", + "frame.time_relative": "1500.487242000", + "frame.number": "5252", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00005ccc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005b96", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54678", + "tcp.port": "80", + "tcp.port": "54678", + "tcp.stream": "196", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a96a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003087000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.948279000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.948279000", + "frame.time_delta": "0.000351000", + "frame.time_delta_displayed": "0.000351000", + "frame.time_relative": "1500.487593000", + "frame.number": "5253", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00005ccd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000057c3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54678", + "tcp.port": "80", + "tcp.port": "54678", + "tcp.stream": "196", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000fbd3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003087000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "5252", + "tcp.segment": "5253", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001417000", + "http.request_in": "5250", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.949293000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.949293000", + "frame.time_delta": "0.001014000", + "frame.time_delta_displayed": "0.001014000", + "frame.time_relative": "1500.488607000", + "frame.number": "5254", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00005cce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000057c2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54678", + "tcp.port": "80", + "tcp.port": "54678", + "tcp.stream": "196", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000fbd3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003087000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.951972000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.951972000", + "frame.time_delta": "0.002679000", + "frame.time_delta_displayed": "0.002679000", + "frame.time_relative": "1500.491286000", + "frame.number": "5255", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b5c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d17", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54678", + "tcp.dstport": "80", + "tcp.port": "54678", + "tcp.port": "80", + "tcp.stream": "196", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007320", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5253", + "tcp.analysis.ack_rtt": "0.003693000", + "tcp.analysis.initial_rtt": "0.003087000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.952606000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.952606000", + "frame.time_delta": "0.000634000", + "frame.time_delta_displayed": "0.000634000", + "frame.time_relative": "1500.491920000", + "frame.number": "5256", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b5d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d16", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54678", + "tcp.dstport": "80", + "tcp.port": "54678", + "tcp.port": "80", + "tcp.stream": "196", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000731f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.953049000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.953049000", + "frame.time_delta": "0.000443000", + "frame.time_delta_displayed": "0.000443000", + "frame.time_relative": "1500.492363000", + "frame.number": "5257", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000160", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b713", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54678", + "tcp.port": "80", + "tcp.port": "54678", + "tcp.stream": "196", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006553", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5256", + "tcp.analysis.ack_rtt": "0.000443000", + "tcp.analysis.initial_rtt": "0.003087000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.954732000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.954732000", + "frame.time_delta": "0.001683000", + "frame.time_delta_displayed": "0.001683000", + "frame.time_relative": "1500.494046000", + "frame.number": "5258", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001b5e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d09", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54678", + "tcp.dstport": "80", + "tcp.port": "54678", + "tcp.port": "80", + "tcp.stream": "196", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007ce1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:fd:f4:e0:2c:fd:f4:e4:0f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003087000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "5255", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:31.991769000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495091.991769000", + "frame.time_delta": "0.037037000", + "frame.time_delta_displayed": "0.037037000", + "frame.time_relative": "1500.531083000", + "frame.number": "5259", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000016ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000a05a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "78", + "http.prev_response_in": "5246" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:32.003347000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495092.003347000", + "frame.time_delta": "0.011578000", + "frame.time_delta_displayed": "0.011578000", + "frame.time_relative": "1500.542661000", + "frame.number": "5260", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001b5f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d08", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54679", + "tcp.dstport": "80", + "tcp.port": "54679", + "tcp.port": "80", + "tcp.stream": "197", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000030bc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:32.003896000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495092.003896000", + "frame.time_delta": "0.000549000", + "frame.time_delta_displayed": "0.000549000", + "frame.time_relative": "1500.543210000", + "frame.number": "5261", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54679", + "tcp.port": "80", + "tcp.port": "54679", + "tcp.stream": "197", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000777f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5260", + "tcp.analysis.ack_rtt": "0.000549000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:32.007527000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495092.007527000", + "frame.time_delta": "0.003631000", + "frame.time_delta_displayed": "0.003631000", + "frame.time_relative": "1500.546841000", + "frame.number": "5262", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b60", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d13", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54679", + "tcp.dstport": "80", + "tcp.port": "54679", + "tcp.port": "80", + "tcp.stream": "197", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000295e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5261", + "tcp.analysis.ack_rtt": "0.003631000", + "tcp.analysis.initial_rtt": "0.004180000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:32.008154000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495092.008154000", + "frame.time_delta": "0.000627000", + "frame.time_delta_displayed": "0.000627000", + "frame.time_relative": "1500.547468000", + "frame.number": "5263", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001b61", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c6b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54679", + "tcp.dstport": "80", + "tcp.port": "54679", + "tcp.port": "80", + "tcp.stream": "197", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003ed7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004180000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:32.008646000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495092.008646000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "1500.547960000", + "frame.number": "5264", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f431", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c441", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54679", + "tcp.port": "80", + "tcp.port": "54679", + "tcp.stream": "197", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001aef", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5263", + "tcp.analysis.ack_rtt": "0.000492000", + "tcp.analysis.initial_rtt": "0.004180000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:32.009291000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495092.009291000", + "frame.time_delta": "0.000645000", + "frame.time_delta_displayed": "0.000645000", + "frame.time_relative": "1500.548605000", + "frame.number": "5265", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000f432", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c42f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54679", + "tcp.port": "80", + "tcp.port": "54679", + "tcp.stream": "197", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005b10", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004180000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:32.009719000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495092.009719000", + "frame.time_delta": "0.000428000", + "frame.time_delta_displayed": "0.000428000", + "frame.time_relative": "1500.549033000", + "frame.number": "5266", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000f433", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c05c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54679", + "tcp.port": "80", + "tcp.port": "54679", + "tcp.stream": "197", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ad79", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004180000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "5265", + "tcp.segment": "5266", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001565000", + "http.request_in": "5263", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:32.012061000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495092.012061000", + "frame.time_delta": "0.002342000", + "frame.time_delta_displayed": "0.002342000", + "frame.time_relative": "1500.551375000", + "frame.number": "5267", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b62", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d11", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54679", + "tcp.dstport": "80", + "tcp.port": "54679", + "tcp.port": "80", + "tcp.stream": "197", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000024c6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5266", + "tcp.analysis.ack_rtt": "0.002342000", + "tcp.analysis.initial_rtt": "0.004180000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:32.012686000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495092.012686000", + "frame.time_delta": "0.000625000", + "frame.time_delta_displayed": "0.000625000", + "frame.time_relative": "1500.552000000", + "frame.number": "5268", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b63", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005d10", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54679", + "tcp.dstport": "80", + "tcp.port": "54679", + "tcp.port": "80", + "tcp.stream": "197", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000024c5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:32.013140000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495092.013140000", + "frame.time_delta": "0.000454000", + "frame.time_delta_displayed": "0.000454000", + "frame.time_relative": "1500.552454000", + "frame.number": "5269", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000161", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b712", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54679", + "tcp.port": "80", + "tcp.port": "54679", + "tcp.stream": "197", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000016f9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5268", + "tcp.analysis.ack_rtt": "0.000454000", + "tcp.analysis.initial_rtt": "0.004180000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:34.939207000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495094.939207000", + "frame.time_delta": "2.926067000", + "frame.time_delta_displayed": "2.926067000", + "frame.time_relative": "1503.478521000", + "frame.number": "5270", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005814", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a67d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "4997", + "tcp.ack": "541", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f11e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:35.082663000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495095.082663000", + "frame.time_delta": "0.143456000", + "frame.time_delta_displayed": "0.143456000", + "frame.time_relative": "1503.621977000", + "frame.number": "5271", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000ffc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd95", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "541", + "tcp.ack": "4998", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fb93", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:36.189825000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495096.189825000", + "frame.time_delta": "1.107162000", + "frame.time_delta_displayed": "1.107162000", + "frame.time_relative": "1504.729139000", + "frame.number": "5272", + "frame.len": "1325", + "frame.cap_len": "1325", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1311", + "ip.id": "0x0000965a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000723a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1259", + "tcp.seq": "67120", + "tcp.nxtseq": "68379", + "tcp.ack": "15080", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009a41", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:fc:ba:a7:a0:a8:9f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2555066, TSecr 2812323999": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2555066", + "tcp.options.timestamp.tsecr": "2812323999" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1259", + "tcp.analysis.push_bytes_sent": "1259" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1254", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:fb:e3:ba:91:19:1f:86:fd:d9:ef:b9:b1:ae:30:33:cd:35:a1:bb:45:7b:c1:ba:0a:3c:9f:7f:04:d9:a4:70:40:22:61:68:f5:08:b5:2e:53:0b:a9:d1:fe:6d:2b:0f:d7:db:38:b0:a5:18:9d:9e:da:ce:42:45:83:8f:56:ad:b6:2c:09:6e:b6:51:eb:e4:a5:67:36:9e:94:89:e2:4d:b8:e7:18:ca:4e:8d:31:84:2f:b9:a1:02:9f:07:b0:1e:78:63:d3:61:b9:fa:3f:74:a8:cc:db:c5:cc:c3:40:c8:43:70:40:c3:e8:c6:21:8a:a8:dc:09:27:ad:e6:7c:19:3e:b8:4c:34:26:fc:37:5b:09:48:d0:55:3a:05:77:73:0b:49:54:e7:68:b2:10:bb:1a:39:dd:98:8d:b5:b3:18:06:f1:19:c9:90:e0:e8:c0:3a:0d:ca:43:3f:3e:cb:24:29:af:8d:7a:07:0e:d1:ce:e9:a4:31:88:50:ce:cf:a1:f9:ea:62:86:2d:8e:29:3f:57:2c:32:4e:f9:29:68:3f:d1:71:38:27:36:8c:e9:66:f7:87:63:75:94:84:22:66:74:4f:32:30:79:de:b3:e9:bb:73:fd:98:c3:ef:dd:e4:23:34:7a:fc:14:ed:9a:5a:fd:73:b6:b1:56:61:ab:b8:e6:f6:dc:fa:ad:3e:a4:cf:aa:79:9d:7e:ec:31:1f:5a:72:c5:57:b2:a9:6b:76:84:8c:cc:e0:f9:a8:76:c2:a5:f3:cf:aa:71:35:8c:e6:fa:92:86:f9:53:bf:47:71:99:0f:18:4d:97:ca:ca:6f:5b:5e:6a:f1:e5:3a:4c:27:ee:26:16:ca:a8:42:00:de:e9:b5:88:4e:cb:2b:39:8c:a1:e9:c0:a0:d9:31:cf:51:78:72:95:df:45:5e:ba:29:cf:67:f8:c3:d9:07:5e:ce:96:46:73:17:5a:96:e9:b7:f4:23:17:db:32:bb:00:63:20:f0:0a:63:a9:83:98:fc:d9:8b:c1:d2:c1:5c:cc:61:84:a5:14:4d:b4:61:9f:94:ee:0f:dc:71:d9:1c:5d:54:4e:2a:ba:c7:ac:47:42:a9:eb:32:7f:ad:1f:06:4e:22:dc:e1:70:17:f8:fa:17:f3:74:b4:2a:e5:f3:8e:61:8a:83:8b:ee:33:98:7c:58:b4:13:52:4d:e4:a4:c6:3f:45:19:d6:6b:47:e9:a9:c5:5d:b8:46:1c:ba:95:a5:09:56:fb:af:b3:ac:5a:16:27:34:aa:d5:07:a9:63:8e:61:0f:f1:e0:75:64:66:2a:17:69:bd:7e:bc:d6:e9:0b:5d:33:46:32:32:51:7d:84:58:15:e4:63:16:a6:70:df:64:02:e5:f7:de:2a:fd:45:5f:05:80:9a:cf:e5:c0:72:53:1e:e2:a4:9c:27:b5:60:51:e8:b7:b7:f2:58:c9:04:27:f8:d6:c0:c7:9a:1a:cf:2f:5e:bd:0d:e2:ff:21:b5:54:a1:32:f3:3b:9d:26:07:58:b0:4f:66:a6:af:07:43:13:26:ab:2b:22:ba:f3:e2:00:65:d7:4b:71:ff:9b:11:eb:0b:3b:2c:db:b3:ae:38:21:39:fa:bd:2f:b5:d0:b3:52:9d:13:91:d5:46:c3:b9:9c:1d:3f:0a:03:90:8f:24:6d:2c:91:2d:82:9d:66:9b:94:c2:21:2d:e7:db:20:95:44:c7:1c:f7:cf:52:3d:f5:bc:7a:44:b5:78:49:a1:70:4f:93:2e:90:fd:8a:c5:de:ee:6d:4f:2b:0d:14:0b:e6:17:9f:75:c1:32:27:42:6c:d2:5d:c3:03:a7:46:6e:db:49:73:48:d0:1f:dd:f2:f1:c5:39:79:3e:ef:1d:d9:b0:88:34:c1:ac:66:cc:ae:7f:2f:af:66:b1:df:c2:c2:0d:89:8a:f0:99:46:30:1c:7a:1e:c8:e3:9f:91:ef:76:84:c3:cd:87:5d:eb:10:ec:77:7e:f0:32:17:a2:5a:f7:00:47:3a:5e:92:79:1f:3e:42:99:29:c3:30:1c:a8:16:af:b6:99:79:4d:01:8a:34:e7:cd:85:ac:32:f1:a7:9b:ec:83:16:7b:78:dd:12:d6:6b:d9:6c:b7:af:c6:87:17:09:1a:de:e0:be:94:0d:f9:c1:1e:f3:02:49:a4:ea:fe:2a:ae:23:30:1a:3a:8b:92:8d:b2:b8:53:c4:ef:c6:fd:57:00:94:09:f4:d1:d9:f6:10:08:7d:39:a1:7f:2a:e2:70:54:dd:7f:58:83:59:4b:e5:48:c2:e0:fe:02:cb:55:e7:b8:ff:99:b0:e4:02:5d:8c:1b:7b:cb:1d:16:42:f3:42:a2:8a:9e:d2:bb:4b:e2:32:c5:21:80:4f:4a:ba:0f:0d:71:5b:c9:4c:2b:e2:4b:fa:2e:07:ba:ac:e0:54:a3:b9:0d:3d:53:b0:e8:52:4f:76:d3:e7:ae:26:22:b7:23:31:d8:86:ee:57:7d:08:4b:fb:24:4f:fd:2b:b6:ac:f7:dc:20:46:ad:35:9b:3c:94:5e:e6:b3:d1:82:2f:fd:10:ee:dd:51:01:d7:92:93:65:30:52:94:80:2e:f8:cf:63:d4:0e:90:1d:38:53:25:da:89:14:4b:c0:ca:16:0b:5c:2c:f9:65:7a:ad:35:cf:b7:e3:ab:9b:c8:20:71:b8:be:cb:f1:84:47:b6:8d:d0:13:14:af:5a:c6:1c:93:48:e9:8e:58:82:b7:d2:fb:94:b9:c3:c6:a1:7c:f4:f1:13:98:06:fb:60:59:dc:e5:73:64:8b:39:5e:5f:dd:17:f2:51:57:34:0c:05:bd:39:76:0b:f8:e9:7e:45:bc:3d:e7:68:f7:f3:c2:37:14:49:0f:fe:1e:c1:64:92:ce:44:ca:6f:f2:5e:cb:9a:5a:21:52:e2:5e:9b:ba:8b:d6:56:b0:5b:86:17:ba:c4:5a:f7:c0:ae:bf:ba:e7:56:89:f2:58:a0:4e:bb:28:d2:79:ce:1f:a8:7a:3f:34:c5:30:27:60:07:ba:89:c1:6a:c7:bb:b1:29:76:a3:8d:96:5d:6a:fb:f0:51:c1:2b:08:a2:97:8f:ed:09:2c:aa:47:58:02:e9:ca:e1:0a:42:9a:d9:bf:a0:01:e6:8f:0d:5e:2e:a9:90:c4:65:e5:c6:ee:50:14:1f:c9:eb:ef:fb:e7:54:91:c2:53:c0:89:fd:c0:f3:9b:23:1e:f5:5e:1b:5d:30:30:98:6f:45:bc:82:7c:45:51:a7:2b:7c:71:bc:94:6b:d9:19:64:9f:5c:49:8c:ac:20:df:9e:6f:4d:02:37" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:36.250156000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495096.250156000", + "frame.time_delta": "0.060331000", + "frame.time_delta_displayed": "0.060331000", + "frame.time_relative": "1504.789470000", + "frame.number": "5273", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d52", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000382d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "15080", + "tcp.ack": "68379", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000acf1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:b8:da:00:26:fc:ba", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812328154, TSecr 2555066": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812328154", + "tcp.options.timestamp.tsecr": "2555066" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5272", + "tcp.analysis.ack_rtt": "0.060331000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:36.635698000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495096.635698000", + "frame.time_delta": "0.385542000", + "frame.time_delta_displayed": "0.385542000", + "frame.time_relative": "1505.175012000", + "frame.number": "5274", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005dd4", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005a15", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:36.678828000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495096.678828000", + "frame.time_delta": "0.043130000", + "frame.time_delta_displayed": "0.043130000", + "frame.time_relative": "1505.218142000", + "frame.number": "5275", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x0000210b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e709", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "59440", + "udp.dstport": "1900", + "udp.port": "59440", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x0000622d", + "udp.checksum.status": "2", + "udp.stream": "129" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.270753000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.270753000", + "frame.time_delta": "0.591925000", + "frame.time_delta_displayed": "0.591925000", + "frame.time_relative": "1505.810067000", + "frame.number": "5276", + "frame.len": "622", + "frame.cap_len": "622", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "608", + "ip.id": "0x00002d53", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003600", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "556", + "tcp.seq": "15080", + "tcp.nxtseq": "15636", + "tcp.ack": "68379", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000dc30", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:b9:d9:00:26:fc:ba", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812328409, TSecr 2555066": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812328409", + "tcp.options.timestamp.tsecr": "2555066" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "556", + "tcp.analysis.push_bytes_sent": "556" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "551", + "ssl.app_data": "34:cd:34:17:47:48:0e:aa:88:a9:c7:44:fc:dd:41:3b:12:35:ee:3a:a7:89:16:fb:e4:73:59:d9:20:de:7f:83:4f:30:39:8b:2b:e5:99:1f:b8:69:a6:d8:73:2b:4e:e9:c3:7f:44:7d:cc:f7:a9:d4:5a:69:a6:f2:c6:eb:f0:c6:32:fb:52:af:f4:c0:de:1b:11:c3:73:52:d7:14:e5:e8:37:d1:92:88:da:b7:85:7e:85:78:26:58:81:31:85:00:b8:d3:8b:38:a0:dc:cb:94:5e:6d:c7:b4:9e:f0:dd:67:8b:9b:4d:e3:46:0a:5c:c1:ac:fd:0d:7f:08:5c:17:7e:f5:1c:c9:49:ff:b1:96:d6:e7:e7:fd:61:33:45:7c:5a:59:92:d5:c1:c7:4d:62:0f:79:76:cc:d6:a1:e0:6c:06:99:34:13:51:83:90:13:d1:20:de:e9:f8:71:bd:ad:f0:af:9d:de:92:4d:68:de:f9:88:55:57:e0:64:f5:a3:6d:e5:54:ce:3f:d0:c0:54:dd:e1:d8:8c:93:9a:fc:45:9f:7e:b5:84:be:f3:13:38:07:91:e1:9d:f6:82:ee:ac:36:31:93:8e:4e:fb:ec:4e:98:5f:47:25:3e:4f:92:77:ac:59:f6:78:d1:07:68:37:6c:48:a2:d3:f1:c8:2b:db:48:28:05:bd:2c:54:c5:bd:35:a2:f8:37:af:ba:14:0b:c3:02:85:9d:f8:b5:04:6d:bd:a4:d7:69:4c:e1:a3:f3:a7:57:f7:da:0f:d6:70:a1:e5:2b:f2:69:4e:e1:b3:12:f3:5a:22:4c:cd:ee:2e:fa:ad:5b:ef:1b:de:21:93:b6:d4:49:9e:cc:79:53:60:ce:69:84:46:be:15:54:71:20:db:2a:00:f8:a0:d3:ce:c0:64:76:4a:aa:65:46:ea:59:0f:40:a9:76:22:ed:39:6c:32:87:75:d1:91:d8:c4:9b:93:21:70:f2:6d:2e:d7:2c:5d:21:d9:fe:e2:e5:e0:31:2c:bc:93:31:3d:1c:61:56:00:91:99:60:07:28:0e:13:9c:b6:f2:a8:d7:53:33:11:8d:ba:17:2f:c0:88:f4:a4:e0:c0:cb:ba:73:46:e7:40:5a:9a:d4:0c:24:0d:6a:2d:61:88:9b:87:cd:2b:58:b1:fd:f1:14:3a:19:a7:23:f5:90:f7:50:df:f7:61:f6:c7:92:b5:87:44:c6:e3:cd:78:15:ec:52:60:f2:49:38:51:07:af:40:2b:5f:41:d3:7b:63:a5:9d:05:9f:64:5d:55:76:80:5d:b7:98:7e:45:56:b7:fd:64:0d:35:b0:20:ae:82:26:40:41:a0:3c:5e:81:a3:fe:1e:9a:ef:60:3e:23:05:d3:53:73:a1:d5:8e:27:1d:ee:b5:97:04:30:fa:64:3c:6c:59:ff:b7:a6:75:80:4c:20:e9:65:37:4d:4e:56" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.305600000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.305600000", + "frame.time_delta": "0.034847000", + "frame.time_delta_displayed": "0.034847000", + "frame.time_relative": "1505.844914000", + "frame.number": "5277", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x0000965b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076ef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "68379", + "tcp.nxtseq": "68432", + "tcp.ack": "15636", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000641", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:fd:29:a7:a0:b9:d9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2555177, TSecr 2812328409": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2555177", + "tcp.options.timestamp.tsecr": "2812328409" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5276", + "tcp.analysis.ack_rtt": "0.034847000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:fc:0c:d3:62:d1:c8:73:dc:fc:c3:cc:9c:1e:f9:e0:0f:d6:fa:19:0f:f0:b5:32:82:09:eb:dd:d8:d4:6b:b3:51:72:3b:0c:0e:a7:40:68:fd:ad" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.308469000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.308469000", + "frame.time_delta": "0.002869000", + "frame.time_delta_displayed": "0.002869000", + "frame.time_relative": "1505.847783000", + "frame.number": "5278", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000046d4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000070c4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36190", + "tcp.dstport": "49153", + "tcp.port": "36190", + "tcp.port": "49153", + "tcp.stream": "198", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 49153", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x00006f53", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:26:fd:2a:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 2555178, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2555178", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.314768000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.314768000", + "frame.time_delta": "0.006299000", + "frame.time_delta_displayed": "0.006299000", + "frame.time_relative": "1505.854082000", + "frame.number": "5279", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "94:10:3e:36:60:09", + "arp.src.proto_ipv4": "192.168.0.225", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.315184000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.315184000", + "frame.time_delta": "0.000416000", + "frame.time_delta_displayed": "0.000416000", + "frame.time_relative": "1505.854498000", + "frame.number": "5280", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "94:10:3e:36:60:09", + "arp.dst.proto_ipv4": "192.168.0.225" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.321893000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.321893000", + "frame.time_delta": "0.006709000", + "frame.time_delta_displayed": "0.006709000", + "frame.time_relative": "1505.861207000", + "frame.number": "5281", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b7a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36190", + "tcp.port": "49153", + "tcp.port": "36190", + "tcp.stream": "198", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 49153", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5840", + "tcp.window_size": "5840", + "tcp.checksum": "0x0000d9b2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 1 (multiply by 2)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "1", + "tcp.options.wscale.multiplier": "2" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5278", + "tcp.analysis.ack_rtt": "0.013424000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.322403000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.322403000", + "frame.time_delta": "0.000510000", + "frame.time_delta_displayed": "0.000510000", + "frame.time_relative": "1505.861717000", + "frame.number": "5282", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000046d5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000070d7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36190", + "tcp.dstport": "49153", + "tcp.port": "36190", + "tcp.port": "49153", + "tcp.stream": "198", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000306a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5281", + "tcp.analysis.ack_rtt": "0.000510000", + "tcp.analysis.initial_rtt": "0.013934000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.335349000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.335349000", + "frame.time_delta": "0.012946000", + "frame.time_delta_displayed": "0.012946000", + "frame.time_relative": "1505.874663000", + "frame.number": "5283", + "frame.len": "558", + "frame.cap_len": "558", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "544", + "ip.id": "0x000046d6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006ede", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36190", + "tcp.dstport": "49153", + "tcp.port": "36190", + "tcp.port": "49153", + "tcp.stream": "198", + "tcp.len": "504", + "tcp.seq": "1", + "tcp.nxtseq": "505", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00007933", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.013934000", + "tcp.analysis.bytes_in_flight": "504", + "tcp.analysis.push_bytes_sent": "504" + } + }, + "http": { + "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/upnp\/control\/basicevent1", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "SOAPAction: \"urn:Belkin:service:basicevent:1#SetBinaryState\"\n", + "http.host": "192.168.0.225:49153", + "http.request.line": "Host: 192.168.0.225:49153\n", + "http.content_type": "text\/xml", + "http.request.line": "Content-Type: text\/xml\n", + "http.content_length_header": "333", + "http.content_length_header_tree": { + "http.content_length": "333" + }, + "http.request.line": "Content-Length: 333\n", + "\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.225:49153\/upnp\/control\/basicevent1", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "<?xml version=\"1.0\"?>\n<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">\n<SOAP-ENV:Body>\n <m:SetBinaryState xmlns:m=\"urn:Belkin:service:basicevent:1\">\n<BinaryState>0<\/BinaryState>\n <\/m:SetBinaryState>\n<\/SOAP-ENV:Body>\n<\/SOAP-ENV:Envelope>" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\"?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "?>": "" + }, + "xml.tag": "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", + "xml.attribute": "SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", + "xml.tag": "<SOAP-ENV:Body>", + "xml.tag_tree": { + "xml.tag": "<m:SetBinaryState xmlns:m=\"urn:Belkin:service:basicevent:1\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:m=\"urn:Belkin:service:basicevent:1\"", + "xml.tag": "<BinaryState>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/BinaryState>": "" + }, + "<\/m:SetBinaryState>": "" + }, + "<\/SOAP-ENV:Body>": "" + }, + "<\/SOAP-ENV:Envelope>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.337382000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.337382000", + "frame.time_delta": "0.002033000", + "frame.time_delta_displayed": "0.002033000", + "frame.time_relative": "1505.876696000", + "frame.number": "5284", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006d8d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004a1f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36190", + "tcp.port": "49153", + "tcp.port": "36190", + "tcp.stream": "198", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "505", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x000021d7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5283", + "tcp.analysis.ack_rtt": "0.002033000", + "tcp.analysis.initial_rtt": "0.013934000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.365793000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.365793000", + "frame.time_delta": "0.028411000", + "frame.time_delta_displayed": "0.028411000", + "frame.time_relative": "1505.905107000", + "frame.number": "5285", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d54", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000382b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "15636", + "tcp.ack": "68432", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a90a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:b9:f1:00:26:fd:29", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812328433, TSecr 2555177": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812328433", + "tcp.options.timestamp.tsecr": "2555177" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5277", + "tcp.analysis.ack_rtt": "0.060193000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.366314000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.366314000", + "frame.time_delta": "0.000521000", + "frame.time_delta_displayed": "0.000521000", + "frame.time_relative": "1505.905628000", + "frame.number": "5286", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "160", + "ip.id": "0x0000965c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076b7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "108", + "tcp.seq": "68432", + "tcp.nxtseq": "68540", + "tcp.ack": "15636", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000977c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:fd:30:a7:a0:b9:f1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2555184, TSecr 2812328433": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2555184", + "tcp.options.timestamp.tsecr": "2812328433" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "108", + "tcp.analysis.push_bytes_sent": "108" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:fd:68:86:b7:eb:d8:57:8f:7e:f1:89:71:fc:5a:23:9d:a7:24:1f:3b:3d:60:9b:0d:39:5e:a3:89:c3:89:fb:4a:c0:24:50:70:6b:42:9c:bc:ba:e8" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:fe:13:1c:ca:75:82:91:d6:37:f5:16:e5:59:28:30:af:a7:3e:29:98:ba:24:e9:e4:a1:e3:63:ff:b8:c6:f9:50:31:6c:fa:0f:17:90:7b:fd:1d:2b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.367359000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.367359000", + "frame.time_delta": "0.001045000", + "frame.time_delta_displayed": "0.001045000", + "frame.time_relative": "1505.906673000", + "frame.number": "5287", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00001837", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009f14", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "305", + "udp.checksum": "0x0000dcea", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.368416000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.368416000", + "frame.time_delta": "0.001057000", + "frame.time_delta_displayed": "0.001057000", + "frame.time_relative": "1505.907730000", + "frame.number": "5288", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00006d8e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000495e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36190", + "tcp.port": "49153", + "tcp.port": "36190", + "tcp.stream": "198", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "505", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00002ad8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.013934000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:33:37:36:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:31:31:3a:33:37:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.368824000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.368824000", + "frame.time_delta": "0.000408000", + "frame.time_delta_displayed": "0.000408000", + "frame.time_relative": "1505.908138000", + "frame.number": "5289", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000046d7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000070d5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36190", + "tcp.dstport": "49153", + "tcp.port": "36190", + "tcp.port": "49153", + "tcp.stream": "198", + "tcp.len": "0", + "tcp.seq": "505", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00002da2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5288", + "tcp.analysis.ack_rtt": "0.000408000", + "tcp.analysis.initial_rtt": "0.013934000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.369823000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.369823000", + "frame.time_delta": "0.000999000", + "frame.time_delta_displayed": "0.000999000", + "frame.time_relative": "1505.909137000", + "frame.number": "5290", + "frame.len": "430", + "frame.cap_len": "430", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "416", + "ip.id": "0x00006d8f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000048a5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36190", + "tcp.port": "49153", + "tcp.port": "36190", + "tcp.stream": "198", + "tcp.len": "376", + "tcp.seq": "193", + "tcp.nxtseq": "570", + "tcp.ack": "505", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x000023f5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.013934000", + "tcp.analysis.bytes_in_flight": "377", + "tcp.analysis.push_bytes_sent": "376" + }, + "tcp.segment_data": "3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:30:3c:2f:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:0d:0a:3c:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:31:35:30:39:34:39:35:30:39:37:3c:2f:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:0d:0a:3c:2f:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" + }, + "tcp.segments": { + "tcp.segment": "5288", + "tcp.segment": "5290", + "tcp.segment.count": "2", + "tcp.reassembled.length": "568", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:33:37:36:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:31:31:3a:33:37:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a:3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:30:3c:2f:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:0d:0a:3c:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:31:35:30:39:34:39:35:30:39:37:3c:2f:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:0d:0a:3c:2f:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_length_header": "376", + "http.content_length_header_tree": { + "http.content_length": "376" + }, + "http.response.line": "CONTENT-LENGTH: 376\r\n", + "http.content_type": "text\/xml; charset=\"utf-8\"", + "http.response.line": "CONTENT-TYPE: text\/xml; charset=\"utf-8\"\r\n", + "http.date": "Wed, 01 Nov 2017 00:11:37 GMT", + "http.response.line": "DATE: Wed, 01 Nov 2017 00:11:37 GMT\r\n", + "http.response.line": "EXT:\r\n", + "http.server": "Unspecified, UPnP\/1.0, Unspecified", + "http.response.line": "SERVER: Unspecified, UPnP\/1.0, Unspecified\r\n", + "http.response.line": "X-User-Agent: redsonic\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.034474000", + "http.request_in": "5283", + "http.file_data": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"><s:Body>\n<u:SetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">\r\n<BinaryState>0<\/BinaryState>\r\n<CountdownEndTime>0<\/CountdownEndTime>\r\n<deviceCurrentTime>1509495097<\/deviceCurrentTime>\r\n<\/u:SetBinaryStateResponse>\r\n<\/s:Body> <\/s:Envelope>" + }, + "xml": { + "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", + "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", + "xml.tag": "<s:Body>", + "xml.tag_tree": { + "xml.tag": "<u:SetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:u=\"urn:Belkin:service:basicevent:1\"", + "xml.tag": "<BinaryState>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/BinaryState>": "" + }, + "xml.tag": "<CountdownEndTime>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/CountdownEndTime>": "" + }, + "xml.tag": "<deviceCurrentTime>", + "xml.tag_tree": { + "xml.cdata": "1509495097", + "<\/deviceCurrentTime>": "" + }, + "<\/u:SetBinaryStateResponse>": "" + }, + "<\/s:Body>": "" + }, + "<\/s:Envelope>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.406060000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.406060000", + "frame.time_delta": "0.036237000", + "frame.time_delta_displayed": "0.036237000", + "frame.time_relative": "1505.945374000", + "frame.number": "5291", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000046d8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000070d4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36190", + "tcp.dstport": "49153", + "tcp.port": "36190", + "tcp.port": "49153", + "tcp.stream": "198", + "tcp.len": "0", + "tcp.seq": "505", + "tcp.ack": "570", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00002c18", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5290", + "tcp.analysis.ack_rtt": "0.036237000", + "tcp.analysis.initial_rtt": "0.013934000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.420146000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.420146000", + "frame.time_delta": "0.014086000", + "frame.time_delta_displayed": "0.014086000", + "frame.time_relative": "1505.959460000", + "frame.number": "5292", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00001838", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009f0a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "314", + "udp.checksum": "0x0000ead5", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "5287" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.426710000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.426710000", + "frame.time_delta": "0.006564000", + "frame.time_delta_displayed": "0.006564000", + "frame.time_relative": "1505.966024000", + "frame.number": "5293", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d55", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000382a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "15636", + "tcp.ack": "68540", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a887", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:ba:01:00:26:fd:30", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812328449, TSecr 2555184": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812328449", + "tcp.options.timestamp.tsecr": "2555184" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5286", + "tcp.analysis.ack_rtt": "0.060396000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.427257000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.427257000", + "frame.time_delta": "0.000547000", + "frame.time_delta_displayed": "0.000547000", + "frame.time_relative": "1505.966571000", + "frame.number": "5294", + "frame.len": "752", + "frame.cap_len": "752", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "738", + "ip.id": "0x0000965d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007474", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "686", + "tcp.seq": "68540", + "tcp.nxtseq": "69226", + "tcp.ack": "15636", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f7af", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:fd:36:a7:a0:ba:01", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2555190, TSecr 2812328449": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2555190", + "tcp.options.timestamp.tsecr": "2812328449" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "686", + "tcp.analysis.push_bytes_sent": "686" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "246", + "ssl.app_data": "13:6b:24:d2:9f:7e:45:ff:54:d6:47:5b:66:4b:8f:d8:6c:80:3b:fe:76:59:df:9f:e8:f7:21:b5:c7:0e:5f:25:85:30:74:fb:26:7b:59:c6:56:3b:3a:16:d6:25:2f:64:8a:dc:5a:dc:be:cd:5a:22:eb:67:9f:c3:47:50:9a:be:45:cc:c6:2c:dd:51:4e:15:04:a6:2a:f1:e8:b1:bf:a5:6b:5b:6f:82:37:5f:88:64:9e:17:87:b8:a2:a7:dd:5b:4b:b6:03:57:27:5e:68:b3:d9:12:37:1d:84:ed:54:fa:5f:cb:50:a7:3a:c7:86:00:0d:ef:9b:9d:e8:2d:68:de:c7:df:e8:ba:7d:aa:dc:df:5a:d7:6f:57:ee:d1:7c:3a:69:4d:85:ba:13:71:e7:f3:54:0e:dd:89:4b:fc:f1:ed:c4:63:23:39:9f:87:dd:61:19:a6:8b:14:4f:99:ed:df:0f:ad:84:e7:2c:dd:7d:e6:e4:a4:2d:9c:c8:b2:7e:03:17:52:d1:9a:8b:1d:06:ef:fd:52:b2:c9:6a:20:c0:49:3f:65:c6:06:8d:cf:32:0c:bb:b8:2b:16:ed:58:e3:db:50:8a:ee:a7:a1:d1:33:d3:6b:8d:0d:33:68:c4:0b:74:e2:25:64:77:d8:6b" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "430", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:00:37:b0:1e:1b:fd:e9:e3:63:cd:31:bf:f9:75:f0:7e:ce:75:88:1d:fd:d8:5b:dd:c6:b8:74:7b:ad:1f:63:83:e3:30:c7:d7:00:e4:ba:a0:13:4c:c7:98:30:66:25:5b:9f:c2:78:89:1a:0e:7a:30:4c:3d:23:58:e4:58:c9:dc:85:bf:25:a5:21:f4:12:3c:4a:b7:f7:08:0c:47:e1:8c:c0:ae:c0:ff:12:8a:b5:35:74:ab:2d:20:59:21:57:9a:c3:12:75:8a:2a:44:fc:4c:86:84:49:be:1e:53:cc:e3:34:48:af:4c:d7:4d:60:86:29:8a:7c:35:73:4e:61:99:5d:bc:58:8e:1a:1b:a8:40:5f:49:2b:5a:53:31:16:f4:f0:d3:da:44:6e:7d:2c:4d:bb:22:ab:f6:06:9c:b2:c7:26:ae:56:27:5a:17:2c:1f:4b:d1:8e:d9:e9:30:36:64:98:3c:ca:0a:27:e4:bc:e2:b2:dc:27:ad:10:ae:98:18:12:ce:9f:4c:fa:e0:18:28:ff:df:29:c7:71:c8:61:b5:50:21:f0:8d:d9:48:01:de:6d:e0:44:32:cf:ac:30:1a:d3:43:c7:9e:cc:ac:97:6d:b9:ff:5d:af:00:77:83:ff:0f:38:0a:bf:df:17:e4:f5:9f:d2:c3:f6:c3:df:16:8b:17:24:64:6c:c6:5d:aa:f8:38:0d:17:32:87:bd:21:dd:09:16:e2:fb:96:a3:53:c1:a9:37:44:b6:be:8e:bd:a8:a2:59:a3:01:30:e8:f8:96:e4:43:72:7c:a4:82:7d:0c:65:42:4c:4f:b3:34:3e:6c:ca:22:50:e3:cd:58:36:fb:01:bc:86:19:52:72:b1:50:6f:1d:f6:90:62:1e:ee:8c:d7:0e:7a:ab:48:b0:74:9a:f0:4e:6e:e1:87:9d:51:94:aa:26:06:03:74:cc:bb:e5:42:a1:3b:9f:a1:e8:c3:b7:d3:47:a9:a3:20:2b:c0:d7:46:70:d3:11:fd:e7:05:89:d9:b8:4f:2c:72:8f:15:36:44:3f:84:74:dd:9c:79:01:d9:43:68:34:1f:dd:fb:fa:75:bd:ab:7a:4e:8d:56:39:16:cc:d0:f3:c2:f6:2e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.472939000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.472939000", + "frame.time_delta": "0.045682000", + "frame.time_delta_displayed": "0.045682000", + "frame.time_relative": "1506.012253000", + "frame.number": "5295", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000183c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009f0c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "308", + "udp.checksum": "0x00000e60", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "5292" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.487686000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.487686000", + "frame.time_delta": "0.014747000", + "frame.time_delta_displayed": "0.014747000", + "frame.time_relative": "1506.027000000", + "frame.number": "5296", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d56", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003829", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "15636", + "tcp.ack": "69226", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a5c4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:ba:10:00:26:fd:36", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812328464, TSecr 2555190": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812328464", + "tcp.options.timestamp.tsecr": "2555190" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5294", + "tcp.analysis.ack_rtt": "0.060429000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.488713000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.488713000", + "frame.time_delta": "0.001027000", + "frame.time_delta_displayed": "0.001027000", + "frame.time_relative": "1506.028027000", + "frame.number": "5297", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d57", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037f9", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "15636", + "tcp.nxtseq": "15683", + "tcp.ack": "69226", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009bb2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:ba:10:00:26:fd:36", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812328464, TSecr 2555190": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812328464", + "tcp.options.timestamp.tsecr": "2555190" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:ab:d1:48:0b:29:d4:a6:8a:a1:b4:16:44:43:23:03:86:d3:ee:9a:75:3a:bd:ea:d9:4b:d8:be:79:9f:7b:84:c7:d7:aa:3c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.492326000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.492326000", + "frame.time_delta": "0.003613000", + "frame.time_delta_displayed": "0.003613000", + "frame.time_relative": "1506.031640000", + "frame.number": "5298", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x0000965e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076f2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "69226", + "tcp.nxtseq": "69273", + "tcp.ack": "15683", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002f56", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:fd:3c:a7:a0:ba:10", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2555196, TSecr 2812328464": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2555196", + "tcp.options.timestamp.tsecr": "2812328464" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5297", + "tcp.analysis.ack_rtt": "0.003613000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:01:eb:72:69:e0:ed:36:27:13:e8:cf:7b:a7:f0:08:2f:26:99:35:88:88:43:74:e4:23:4e:14:5e:7b:bc:80:9f:6f:b3:59" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.516921000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.516921000", + "frame.time_delta": "0.024595000", + "frame.time_delta_displayed": "0.024595000", + "frame.time_relative": "1506.056235000", + "frame.number": "5299", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000046d9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000070d3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36190", + "tcp.dstport": "49153", + "tcp.port": "36190", + "tcp.port": "49153", + "tcp.stream": "198", + "tcp.len": "0", + "tcp.seq": "505", + "tcp.ack": "570", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00002c17", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.518702000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.518702000", + "frame.time_delta": "0.001781000", + "frame.time_delta_displayed": "0.001781000", + "frame.time_relative": "1506.058016000", + "frame.number": "5300", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b7ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36190", + "tcp.port": "49153", + "tcp.port": "36190", + "tcp.stream": "198", + "tcp.len": "0", + "tcp.seq": "570", + "tcp.ack": "506", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00001f9d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5299", + "tcp.analysis.ack_rtt": "0.001781000", + "tcp.analysis.initial_rtt": "0.013934000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.590512000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.590512000", + "frame.time_delta": "0.071810000", + "frame.time_delta_displayed": "0.071810000", + "frame.time_relative": "1506.129826000", + "frame.number": "5301", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d58", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003827", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "15683", + "tcp.ack": "69273", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a546", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:ba:2a:00:26:fd:3c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812328490, TSecr 2555196": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812328490", + "tcp.options.timestamp.tsecr": "2555196" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5298", + "tcp.analysis.ack_rtt": "0.098186000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.591009000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.591009000", + "frame.time_delta": "0.000497000", + "frame.time_delta_displayed": "0.000497000", + "frame.time_relative": "1506.130323000", + "frame.number": "5302", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x0000965f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076ea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "69273", + "tcp.nxtseq": "69327", + "tcp.ack": "15683", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000438e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:fd:46:a7:a0:ba:2a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2555206, TSecr 2812328490": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2555206", + "tcp.options.timestamp.tsecr": "2812328490" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:02:d6:49:5f:d8:b1:1c:42:48:d5:21:ec:ce:9f:f3:b1:d7:46:95:78:6b:cc:71:76:a7:cd:0c:1d:34:72:b5:9d:c6:48:56:7f:11:77:d8:d0:fc:16" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.651755000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.651755000", + "frame.time_delta": "0.060746000", + "frame.time_delta_displayed": "0.060746000", + "frame.time_relative": "1506.191069000", + "frame.number": "5303", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d59", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003826", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "15683", + "tcp.ack": "69327", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a4f7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:ba:39:00:26:fd:46", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812328505, TSecr 2555206": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812328505", + "tcp.options.timestamp.tsecr": "2555206" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5302", + "tcp.analysis.ack_rtt": "0.060746000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:37.679515000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495097.679515000", + "frame.time_delta": "0.027760000", + "frame.time_delta_displayed": "0.027760000", + "frame.time_relative": "1506.218829000", + "frame.number": "5304", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x0000210c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e708", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "59440", + "udp.dstport": "1900", + "udp.port": "59440", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x0000622d", + "udp.checksum.status": "2", + "udp.stream": "129" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "5275" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.095060000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.095060000", + "frame.time_delta": "0.415545000", + "frame.time_delta_displayed": "0.415545000", + "frame.time_relative": "1506.634374000", + "frame.number": "5305", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000041ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075b2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4983", + "tcp.dstport": "39500", + "tcp.port": "4983", + "tcp.port": "39500", + "tcp.stream": "199", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 39500", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5840", + "tcp.window_size": "5840", + "tcp.checksum": "0x00006c0f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 1 (multiply by 2)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "1", + "tcp.options.wscale.multiplier": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.095558000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.095558000", + "frame.time_delta": "0.000498000", + "frame.time_delta_displayed": "0.000498000", + "frame.time_relative": "1506.634872000", + "frame.number": "5306", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b7a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4983", + "tcp.port": "39500", + "tcp.port": "4983", + "tcp.stream": "199", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 39500", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x000078cf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5305", + "tcp.analysis.ack_rtt": "0.000498000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.097600000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.097600000", + "frame.time_delta": "0.002042000", + "frame.time_delta_displayed": "0.002042000", + "frame.time_relative": "1506.636914000", + "frame.number": "5307", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000041ef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075bd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4983", + "tcp.dstport": "39500", + "tcp.port": "4983", + "tcp.port": "39500", + "tcp.stream": "199", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000e740", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5306", + "tcp.analysis.ack_rtt": "0.002042000", + "tcp.analysis.initial_rtt": "0.002540000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.098510000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.098510000", + "frame.time_delta": "0.000910000", + "frame.time_delta_displayed": "0.000910000", + "frame.time_relative": "1506.637824000", + "frame.number": "5308", + "frame.len": "258", + "frame.cap_len": "258", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "244", + "ip.id": "0x000041f0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000074f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4983", + "tcp.dstport": "39500", + "tcp.port": "4983", + "tcp.port": "39500", + "tcp.stream": "199", + "tcp.len": "204", + "tcp.seq": "1", + "tcp.nxtseq": "205", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000b3f2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002540000", + "tcp.analysis.bytes_in_flight": "204", + "tcp.analysis.push_bytes_sent": "204" + }, + "tcp.segment_data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:33:32:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:37:63:63:64:39:66:33:38:2d:31:64:64:32:2d:31:31:62:32:2d:62:64:62:64:2d:38:32:36:39:32:65:66:62:30:64:37:65:0d:0a:53:45:51:3a:20:32:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.098954000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.098954000", + "frame.time_delta": "0.000444000", + "frame.time_delta_displayed": "0.000444000", + "frame.time_relative": "1506.638268000", + "frame.number": "5309", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008ade", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002cce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4983", + "tcp.port": "39500", + "tcp.port": "4983", + "tcp.stream": "199", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "205", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000f0e7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5308", + "tcp.analysis.ack_rtt": "0.000444000", + "tcp.analysis.initial_rtt": "0.002540000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.100764000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.100764000", + "frame.time_delta": "0.001810000", + "frame.time_delta_displayed": "0.001810000", + "frame.time_relative": "1506.640078000", + "frame.number": "5310", + "frame.len": "187", + "frame.cap_len": "187", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml:http:data" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "173", + "ip.id": "0x000041f1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007536", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4983", + "tcp.dstport": "39500", + "tcp.port": "4983", + "tcp.port": "39500", + "tcp.stream": "199", + "tcp.len": "133", + "tcp.seq": "205", + "tcp.nxtseq": "338", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000421c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002540000", + "tcp.analysis.bytes_in_flight": "133", + "tcp.analysis.push_bytes_sent": "133" + }, + "tcp.segment_data": "3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" + }, + "tcp.segments": { + "tcp.segment": "5308", + "tcp.segment": "5310", + "tcp.segment.count": "2", + "tcp.reassembled.length": "336", + "tcp.reassembled.data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:33:32:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:37:63:63:64:39:66:33:38:2d:31:64:64:32:2d:31:31:62:32:2d:62:64:62:64:2d:38:32:36:39:32:65:66:62:30:64:37:65:0d:0a:53:45:51:3a:20:32:0d:0a:0d:0a:3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" + }, + "http": { + "NOTIFY \/ HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY \/ HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "\/", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.242:39500", + "http.content_type": "text\/xml; charset=\"utf-8\"", + "http.content_length_header": "132", + "http.content_length_header_tree": { + "http.content_length": "132" + }, + "http.unknown_header": "NT: upnp:event\\r\\n", + "http.unknown_header": "NTS: upnp:propchange\\r\\n", + "http.unknown_header": "SID: uuid:7ccd9f38-1dd2-11b2-bdbd-82692efb0d7e\\r\\n", + "http.unknown_header": "SEQ: 2\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.242:39500\/", + "http.notification": "1", + "http.file_data": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">\n<e:property>\n<BinaryState>0<\/BinaryState>\n<\/e:property>\n<\/e:propertyset>\n\n\r" + }, + "xml": { + "xml.tag": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:e=\"urn:schemas-upnp-org:event-1-0\"", + "xml.tag": "<e:property>", + "xml.tag_tree": { + "xml.tag": "<BinaryState>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/BinaryState>": "" + }, + "<\/e:property>": "" + }, + "<\/e:propertyset>": "" + } + }, + "http": { + "data": { + "data.data": "0a", + "data.len": "1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.101209000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.101209000", + "frame.time_delta": "0.000445000", + "frame.time_delta_displayed": "0.000445000", + "frame.time_relative": "1506.640523000", + "frame.number": "5311", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008adf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002ccd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4983", + "tcp.port": "39500", + "tcp.port": "4983", + "tcp.stream": "199", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "338", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000f051", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5310", + "tcp.analysis.ack_rtt": "0.000445000", + "tcp.analysis.initial_rtt": "0.002540000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.170807000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.170807000", + "frame.time_delta": "0.069598000", + "frame.time_delta_displayed": "0.069598000", + "frame.time_relative": "1506.710121000", + "frame.number": "5312", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009660", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076e9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "69327", + "tcp.nxtseq": "69381", + "tcp.ack": "15683", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c271", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:fd:80:a7:a0:ba:39", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2555264, TSecr 2812328505": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2555264", + "tcp.options.timestamp.tsecr": "2812328505" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:03:14:11:a9:31:63:ec:3d:93:23:53:d7:0e:c9:45:1f:1a:56:86:7c:d7:67:e5:71:30:38:a1:a6:dc:18:e3:9d:55:2e:67:5c:10:da:46:14:6a:01" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.231023000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.231023000", + "frame.time_delta": "0.060216000", + "frame.time_delta_displayed": "0.060216000", + "frame.time_relative": "1506.770337000", + "frame.number": "5313", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d5a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003825", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "15683", + "tcp.ack": "69381", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a3f6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:ba:ca:00:26:fd:80", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812328650, TSecr 2555264": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812328650", + "tcp.options.timestamp.tsecr": "2555264" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5312", + "tcp.analysis.ack_rtt": "0.060216000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.231545000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.231545000", + "frame.time_delta": "0.000522000", + "frame.time_delta_displayed": "0.000522000", + "frame.time_relative": "1506.770859000", + "frame.number": "5314", + "frame.len": "462", + "frame.cap_len": "462", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "448", + "ip.id": "0x00009661", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007592", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "396", + "tcp.seq": "69381", + "tcp.nxtseq": "69777", + "tcp.ack": "15683", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003e41", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:fd:86:a7:a0:ba:ca", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2555270, TSecr 2812328650": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2555270", + "tcp.options.timestamp.tsecr": "2812328650" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "396", + "tcp.analysis.push_bytes_sent": "396" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "391", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:04:2f:aa:ab:60:2e:0e:c2:d7:cf:ee:b8:1b:55:df:b2:c1:6e:e6:6b:4b:56:a9:7a:5d:f6:3e:a9:d6:6b:57:03:ec:4a:e9:5e:01:3a:60:6d:6b:9b:c2:3f:28:d3:d8:0f:d2:3b:46:09:78:8d:fc:73:5b:4e:ee:82:29:51:cf:ff:64:f7:5a:ce:ad:cc:f4:7d:58:dd:5c:8e:29:d4:86:2c:cf:b8:e6:0b:74:80:da:5a:49:b6:05:60:fa:c0:6e:58:52:16:22:28:34:e4:87:c5:93:28:dd:be:3c:64:ad:71:60:21:ac:33:67:1b:83:57:96:b7:fa:29:c7:18:76:86:dc:22:11:8f:0a:0f:6c:d8:13:40:f1:74:8b:1e:75:e4:ee:3a:a0:cf:45:94:46:8e:68:ce:9a:00:16:34:0d:56:aa:07:ce:63:28:5a:97:2a:7c:56:4e:ef:3a:0d:54:81:20:3b:2f:76:13:86:b7:2e:20:e7:17:f0:1d:1a:14:42:f0:02:9a:c8:57:33:fb:d7:e6:d1:76:c3:4f:a1:dc:0d:fb:49:38:ca:5b:78:4c:33:6f:04:c5:08:8e:8c:cf:a6:c4:4d:3c:a7:ac:ad:6e:71:d8:f9:ad:72:5a:bf:b6:cc:c7:9d:ff:de:cb:65:fa:bf:19:2a:d6:92:2f:e7:a7:f7:95:1d:b3:6e:ce:d0:92:4e:25:61:07:06:c7:a4:85:c5:00:e4:2a:a2:d2:2c:2d:c6:90:3d:cb:fc:0c:d2:40:f4:ad:0d:32:a6:04:9b:ca:11:e2:a2:45:b5:97:a8:8f:5f:16:dc:41:35:af:2b:5c:91:a4:fb:ac:93:36:d1:59:36:58:df:1f:fb:a3:5a:cd:f6:11:0c:84:37:73:25:3c:6c:08:a9:6e:70:88:f3:18:dd:21:67:62:65:41:70:1e:72:62:40:4d:c9:e7:70:94:e4:7c:77:e1:09:d0:56:39:68:47:c8:30:b8:00:47:30:8d:9d:d3:0a:3d:64:df:62:08" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.292413000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.292413000", + "frame.time_delta": "0.060868000", + "frame.time_delta_displayed": "0.060868000", + "frame.time_relative": "1506.831727000", + "frame.number": "5315", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d5b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003824", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "15683", + "tcp.ack": "69777", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a255", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:ba:d9:00:26:fd:86", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812328665, TSecr 2555270": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812328665", + "tcp.options.timestamp.tsecr": "2555270" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5314", + "tcp.analysis.ack_rtt": "0.060868000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.293206000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.293206000", + "frame.time_delta": "0.000793000", + "frame.time_delta_displayed": "0.000793000", + "frame.time_relative": "1506.832520000", + "frame.number": "5316", + "frame.len": "151", + "frame.cap_len": "151", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "137", + "ip.id": "0x00002d5c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037ce", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "85", + "tcp.seq": "15683", + "tcp.nxtseq": "15768", + "tcp.ack": "69777", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005f4d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:ba:d9:00:26:fd:86", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812328665, TSecr 2555270": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812328665", + "tcp.options.timestamp.tsecr": "2555270" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "85", + "tcp.analysis.push_bytes_sent": "85" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "80", + "ssl.app_data": "34:cd:34:17:47:48:0e:ac:3a:cc:ee:55:79:b4:6e:67:8c:a2:f8:18:75:16:6a:9d:c6:9d:ed:26:8c:5c:0b:3b:79:d3:1b:93:31:86:5e:00:b3:a1:1d:e2:e3:e4:e6:0b:56:24:d0:4a:9e:c3:0c:6b:26:8e:fa:55:1c:20:e2:aa:86:17:c9:4b:ba:04:09:f9:57:74:3b:19:d8:88:f7:cf" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.297689000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.297689000", + "frame.time_delta": "0.004483000", + "frame.time_delta_displayed": "0.004483000", + "frame.time_relative": "1506.837003000", + "frame.number": "5317", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00009662", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076ee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "69777", + "tcp.nxtseq": "69824", + "tcp.ack": "15768", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e0cc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:fd:8d:a7:a0:ba:d9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2555277, TSecr 2812328665": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2555277", + "tcp.options.timestamp.tsecr": "2812328665" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5316", + "tcp.analysis.ack_rtt": "0.004483000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:05:ae:29:66:87:cb:2f:23:96:f4:a2:38:62:42:5b:8b:8d:cd:6f:02:4b:01:07:c3:64:9c:9f:6c:41:95:10:81:66:33:d7" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.308989000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.308989000", + "frame.time_delta": "0.011300000", + "frame.time_delta_displayed": "0.011300000", + "frame.time_relative": "1506.848303000", + "frame.number": "5318", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00008ae0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002ca6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4983", + "tcp.port": "39500", + "tcp.port": "4983", + "tcp.stream": "199", + "tcp.len": "38", + "tcp.seq": "1", + "tcp.nxtseq": "39", + "tcp.ack": "338", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000fcdc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002540000", + "tcp.analysis.bytes_in_flight": "38", + "tcp.analysis.push_bytes_sent": "38" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.311325000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.311325000", + "frame.time_delta": "0.002336000", + "frame.time_delta_displayed": "0.002336000", + "frame.time_relative": "1506.850639000", + "frame.number": "5319", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000041f2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4983", + "tcp.dstport": "39500", + "tcp.port": "4983", + "tcp.port": "39500", + "tcp.stream": "199", + "tcp.len": "0", + "tcp.seq": "338", + "tcp.ack": "39", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000e5c9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5318", + "tcp.analysis.ack_rtt": "0.002336000", + "tcp.analysis.initial_rtt": "0.002540000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.312152000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.312152000", + "frame.time_delta": "0.000827000", + "frame.time_delta_displayed": "0.000827000", + "frame.time_relative": "1506.851466000", + "frame.number": "5320", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000041f3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075b9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4983", + "tcp.dstport": "39500", + "tcp.port": "4983", + "tcp.port": "39500", + "tcp.stream": "199", + "tcp.len": "0", + "tcp.seq": "338", + "tcp.ack": "39", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000e5c8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.312803000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.312803000", + "frame.time_delta": "0.000651000", + "frame.time_delta_displayed": "0.000651000", + "frame.time_relative": "1506.852117000", + "frame.number": "5321", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008ae1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002ccb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4983", + "tcp.port": "39500", + "tcp.port": "4983", + "tcp.stream": "199", + "tcp.len": "0", + "tcp.seq": "39", + "tcp.ack": "339", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000f029", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5320", + "tcp.analysis.ack_rtt": "0.000651000", + "tcp.analysis.initial_rtt": "0.002540000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.315262000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.315262000", + "frame.time_delta": "0.002459000", + "frame.time_delta_displayed": "0.002459000", + "frame.time_relative": "1506.854576000", + "frame.number": "5322", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000041f4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075b8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4983", + "tcp.dstport": "39500", + "tcp.port": "4983", + "tcp.port": "39500", + "tcp.stream": "199", + "tcp.len": "0", + "tcp.seq": "339", + "tcp.ack": "40", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000e5c7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5321", + "tcp.analysis.ack_rtt": "0.002459000", + "tcp.analysis.initial_rtt": "0.002540000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.358532000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.358532000", + "frame.time_delta": "0.043270000", + "frame.time_delta_displayed": "0.043270000", + "frame.time_relative": "1506.897846000", + "frame.number": "5323", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d5d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037f3", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "15768", + "tcp.nxtseq": "15815", + "tcp.ack": "69824", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e9c8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:ba:ea:00:26:fd:8d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812328682, TSecr 2555277": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812328682", + "tcp.options.timestamp.tsecr": "2555277" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5317", + "tcp.analysis.ack_rtt": "0.060843000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:ad:3c:17:23:9d:06:39:27:2b:98:22:d9:75:65:50:39:ac:7d:37:16:04:b3:8c:7b:b0:40:08:0c:8f:08:e4:9e:00:a3:f7" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.359022000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.359022000", + "frame.time_delta": "0.000490000", + "frame.time_delta_displayed": "0.000490000", + "frame.time_relative": "1506.898336000", + "frame.number": "5324", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "160", + "ip.id": "0x00009663", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076b0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "108", + "tcp.seq": "69824", + "tcp.nxtseq": "69932", + "tcp.ack": "15815", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d15e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:fd:93:a7:a0:ba:ea", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2555283, TSecr 2812328682": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2555283", + "tcp.options.timestamp.tsecr": "2812328682" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5323", + "tcp.analysis.ack_rtt": "0.000490000", + "tcp.analysis.bytes_in_flight": "108", + "tcp.analysis.push_bytes_sent": "108" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:06:ad:b6:c2:3f:34:d4:9e:19:df:72:72:75:81:1e:fe:26:d8:19:0c:f3:f2:1f:8a:ab:b2:f9:21:39:a3:10:fb:ab:fc:8f:59:e2:6a:60:a1:5a:06" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:07:96:eb:88:21:6c:92:2e:95:8f:7d:80:6f:48:95:b2:a8:74:5e:a8:c2:51:11:e2:5d:4f:86:5d:73:7d:16:94:92:7a:97:82:09:31:2d:f0:4a:3d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.419922000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.419922000", + "frame.time_delta": "0.060900000", + "frame.time_delta_displayed": "0.060900000", + "frame.time_relative": "1506.959236000", + "frame.number": "5325", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00001840", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009f0b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "305", + "udp.checksum": "0x0000dcea", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "5295" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.458318000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.458318000", + "frame.time_delta": "0.038396000", + "frame.time_delta_displayed": "0.038396000", + "frame.time_relative": "1506.997632000", + "frame.number": "5326", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d5e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003821", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "15815", + "tcp.ack": "69932", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a0ff", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:bb:03:00:26:fd:93", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812328707, TSecr 2555283": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812328707", + "tcp.options.timestamp.tsecr": "2555283" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5324", + "tcp.analysis.ack_rtt": "0.099296000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.458803000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.458803000", + "frame.time_delta": "0.000485000", + "frame.time_delta_displayed": "0.000485000", + "frame.time_relative": "1506.998117000", + "frame.number": "5327", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009664", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076ea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "69932", + "tcp.nxtseq": "69981", + "tcp.ack": "15815", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000d26", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:fd:9d:a7:a0:bb:03", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2555293, TSecr 2812328707": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2555293", + "tcp.options.timestamp.tsecr": "2812328707" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:08:0e:04:42:84:b3:ec:fd:bd:fa:35:02:10:57:22:07:71:14:f1:e0:3e:82:6f:db:3b:23:10:45:45:4f:45:ba:97:ee:35:76:38" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.472632000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.472632000", + "frame.time_delta": "0.013829000", + "frame.time_delta_displayed": "0.013829000", + "frame.time_relative": "1507.011946000", + "frame.number": "5328", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00001845", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009efd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "314", + "udp.checksum": "0x0000ead5", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "5325" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.519014000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.519014000", + "frame.time_delta": "0.046382000", + "frame.time_delta_displayed": "0.046382000", + "frame.time_relative": "1507.058328000", + "frame.number": "5329", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d5f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003820", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "15815", + "tcp.ack": "69981", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a0b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:bb:12:00:26:fd:9d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812328722, TSecr 2555293": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812328722", + "tcp.options.timestamp.tsecr": "2555293" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5327", + "tcp.analysis.ack_rtt": "0.060211000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.525410000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.525410000", + "frame.time_delta": "0.006396000", + "frame.time_delta_displayed": "0.006396000", + "frame.time_relative": "1507.064724000", + "frame.number": "5330", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00001849", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009eff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "308", + "udp.checksum": "0x00000e60", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "5328" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:38.683495000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495098.683495000", + "frame.time_delta": "0.158085000", + "frame.time_delta_displayed": "0.158085000", + "frame.time_relative": "1507.222809000", + "frame.number": "5331", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x0000210d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e707", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "59440", + "udp.dstport": "1900", + "udp.port": "59440", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x0000622d", + "udp.checksum.status": "2", + "udp.stream": "129" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "5304" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:39.056598000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495099.056598000", + "frame.time_delta": "0.373103000", + "frame.time_delta_displayed": "0.373103000", + "frame.time_relative": "1507.595912000", + "frame.number": "5332", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00001860", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009eeb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "305", + "udp.checksum": "0x0000dcea", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "5330" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:39.109313000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495099.109313000", + "frame.time_delta": "0.052715000", + "frame.time_delta_displayed": "0.052715000", + "frame.time_relative": "1507.648627000", + "frame.number": "5333", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00001863", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009edf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "314", + "udp.checksum": "0x0000ead5", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "5332" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:39.162191000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495099.162191000", + "frame.time_delta": "0.052878000", + "frame.time_delta_displayed": "0.052878000", + "frame.time_relative": "1507.701505000", + "frame.number": "5334", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00001868", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009ee0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "308", + "udp.checksum": "0x00000e60", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "5333" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:39.680270000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495099.680270000", + "frame.time_delta": "0.518079000", + "frame.time_delta_displayed": "0.518079000", + "frame.time_relative": "1508.219584000", + "frame.number": "5335", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x0000210e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e706", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "59440", + "udp.dstport": "1900", + "udp.port": "59440", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x0000622d", + "udp.checksum.status": "2", + "udp.stream": "129" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "5331" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:40.108720000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495100.108720000", + "frame.time_delta": "0.428450000", + "frame.time_delta_displayed": "0.428450000", + "frame.time_relative": "1508.648034000", + "frame.number": "5336", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00001878", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009ed3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "305", + "udp.checksum": "0x0000dcea", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "5334" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:40.161540000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495100.161540000", + "frame.time_delta": "0.052820000", + "frame.time_delta_displayed": "0.052820000", + "frame.time_relative": "1508.700854000", + "frame.number": "5337", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000187c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009ec6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "314", + "udp.checksum": "0x0000ead5", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "5336" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:40.214322000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495100.214322000", + "frame.time_delta": "0.052782000", + "frame.time_delta_displayed": "0.052782000", + "frame.time_relative": "1508.753636000", + "frame.number": "5338", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00001880", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009ec8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "308", + "udp.checksum": "0x00000e60", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "5337" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:40.477851000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495100.477851000", + "frame.time_delta": "0.263529000", + "frame.time_delta_displayed": "0.263529000", + "frame.time_relative": "1509.017165000", + "frame.number": "5339", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000188d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009ebe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "305", + "udp.checksum": "0x0000dcea", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "5338" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:40.530818000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495100.530818000", + "frame.time_delta": "0.052967000", + "frame.time_delta_displayed": "0.052967000", + "frame.time_relative": "1509.070132000", + "frame.number": "5340", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00001890", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009eb2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "314", + "udp.checksum": "0x0000ead5", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "5339" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:40.583399000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495100.583399000", + "frame.time_delta": "0.052581000", + "frame.time_delta_displayed": "0.052581000", + "frame.time_relative": "1509.122713000", + "frame.number": "5341", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00001892", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009eb6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "308", + "udp.checksum": "0x00000e60", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "5340" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:41.529534000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495101.529534000", + "frame.time_delta": "0.946135000", + "frame.time_delta_displayed": "0.946135000", + "frame.time_relative": "1510.068848000", + "frame.number": "5342", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000018de", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009e6d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "305", + "udp.checksum": "0x0000dcea", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "5341" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:41.582551000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495101.582551000", + "frame.time_delta": "0.053017000", + "frame.time_delta_displayed": "0.053017000", + "frame.time_relative": "1510.121865000", + "frame.number": "5343", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000018e0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009e62", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "314", + "udp.checksum": "0x0000ead5", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "5342" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:41.635370000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495101.635370000", + "frame.time_delta": "0.052819000", + "frame.time_delta_displayed": "0.052819000", + "frame.time_relative": "1510.174684000", + "frame.number": "5344", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000018e2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009e66", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "308", + "udp.checksum": "0x00000e60", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "5343" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:42.319226000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495102.319226000", + "frame.time_delta": "0.683856000", + "frame.time_delta_displayed": "0.683856000", + "frame.time_relative": "1510.858540000", + "frame.number": "5345", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000018eb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009e60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "305", + "udp.checksum": "0x0000dcea", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "5344" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:42.372012000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495102.372012000", + "frame.time_delta": "0.052786000", + "frame.time_delta_displayed": "0.052786000", + "frame.time_relative": "1510.911326000", + "frame.number": "5346", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000018ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009e56", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "314", + "udp.checksum": "0x0000ead5", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "5345" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:42.424861000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495102.424861000", + "frame.time_delta": "0.052849000", + "frame.time_delta_displayed": "0.052849000", + "frame.time_relative": "1510.964175000", + "frame.number": "5347", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000018f1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009e57", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "308", + "udp.checksum": "0x00000e60", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "5346" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:43.376289000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495103.376289000", + "frame.time_delta": "0.951428000", + "frame.time_delta_displayed": "0.951428000", + "frame.time_relative": "1511.915603000", + "frame.number": "5348", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000018f9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009e52", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "305", + "udp.checksum": "0x0000dcea", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "5347" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:43.429032000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495103.429032000", + "frame.time_delta": "0.052743000", + "frame.time_delta_displayed": "0.052743000", + "frame.time_relative": "1511.968346000", + "frame.number": "5349", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000018fb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009e47", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "314", + "udp.checksum": "0x0000ead5", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "5348" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:43.481815000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495103.481815000", + "frame.time_delta": "0.052783000", + "frame.time_delta_displayed": "0.052783000", + "frame.time_relative": "1512.021129000", + "frame.number": "5350", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000018fe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009e4a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "59440", + "udp.port": "1900", + "udp.port": "59440", + "udp.length": "308", + "udp.checksum": "0x00000e60", + "udp.checksum.status": "2", + "udp.stream": "130" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "5349" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:43.692594000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495103.692594000", + "frame.time_delta": "0.210779000", + "frame.time_delta_displayed": "0.210779000", + "frame.time_relative": "1512.231908000", + "frame.number": "5351", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00001536", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000b421", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:43.711463000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495103.711463000", + "frame.time_delta": "0.018869000", + "frame.time_delta_displayed": "0.018869000", + "frame.time_relative": "1512.250777000", + "frame.number": "5352", + "frame.len": "213", + "frame.cap_len": "213", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "199", + "ip.id": "0x00009665", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007687", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "147", + "tcp.seq": "69981", + "tcp.nxtseq": "70128", + "tcp.ack": "15815", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005e64", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:ff:aa:a7:a0:bb:12", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2555818, TSecr 2812328722": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2555818", + "tcp.options.timestamp.tsecr": "2812328722" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "147", + "tcp.analysis.push_bytes_sent": "147" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "142", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:09:51:66:79:7a:1a:68:cb:4a:79:5f:4c:11:84:62:65:a9:5d:8c:2e:f5:46:5e:ac:54:f0:6f:ff:ea:3e:07:65:b1:e3:b6:2f:cf:7b:a0:ec:8c:60:e3:8e:0b:6a:82:37:ab:7d:6d:94:d6:1b:5f:b6:9a:6e:78:8b:f1:70:43:14:12:56:59:3b:63:8f:48:16:f0:e6:57:cb:36:30:7f:a0:51:0e:ce:4c:88:32:4e:c0:e4:04:fb:8c:40:1c:5a:d0:17:74:02:28:f5:50:74:1e:25:e0:ef:e9:e3:9b:50:88:34:c3:42:09:b0:51:49:e6:8f:5d:99:fb:75:27:d0:e3:7f:47:0d:51:fd:33:00" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:43.745494000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495103.745494000", + "frame.time_delta": "0.034031000", + "frame.time_delta_displayed": "0.034031000", + "frame.time_relative": "1512.284808000", + "frame.number": "5353", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000153a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000b41d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:43.771586000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495103.771586000", + "frame.time_delta": "0.026092000", + "frame.time_delta_displayed": "0.026092000", + "frame.time_relative": "1512.310900000", + "frame.number": "5354", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d60", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000381f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "15815", + "tcp.ack": "70128", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000098f4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:c0:33:00:26:ff:aa", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812330035, TSecr 2555818": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812330035", + "tcp.options.timestamp.tsecr": "2555818" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5352", + "tcp.analysis.ack_rtt": "0.060123000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:43.798365000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495103.798365000", + "frame.time_delta": "0.026779000", + "frame.time_delta_displayed": "0.026779000", + "frame.time_relative": "1512.337679000", + "frame.number": "5355", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000153f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000b40f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:43.827383000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495103.827383000", + "frame.time_delta": "0.029018000", + "frame.time_delta_displayed": "0.029018000", + "frame.time_relative": "1512.366697000", + "frame.number": "5356", + "frame.len": "196", + "frame.cap_len": "196", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "182", + "ip.id": "0x00009666", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007697", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "130", + "tcp.seq": "70128", + "tcp.nxtseq": "70258", + "tcp.ack": "15815", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007f61", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:26:ff:b6:a7:a0:c0:33", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2555830, TSecr 2812330035": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2555830", + "tcp.options.timestamp.tsecr": "2812330035" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "130", + "tcp.analysis.push_bytes_sent": "130" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "125", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:0a:8f:63:d0:e0:fe:6d:bb:f6:7f:53:1f:8b:01:de:ed:1c:fc:ea:90:74:5a:7c:72:87:30:b2:ae:7b:c2:e9:d2:f0:be:96:02:3e:92:eb:13:be:1b:34:8b:34:2d:5b:99:18:6b:de:f4:d0:69:55:7a:a4:80:a5:b4:13:ce:c8:3f:a7:bf:98:db:fa:a1:29:a2:ab:f7:a3:ab:56:18:73:83:2a:a9:2f:fb:56:04:ed:4c:69:0f:74:6e:23:45:a0:65:25:64:0b:42:97:40:d3:4b:d3:85:15:8d:54:b6:b8:f0:b4:8f:b3:5d:8f:02" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:43.851277000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495103.851277000", + "frame.time_delta": "0.023894000", + "frame.time_delta_displayed": "0.023894000", + "frame.time_relative": "1512.390591000", + "frame.number": "5357", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00001540", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000b40e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:43.887571000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495103.887571000", + "frame.time_delta": "0.036294000", + "frame.time_delta_displayed": "0.036294000", + "frame.time_relative": "1512.426885000", + "frame.number": "5358", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d61", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000381e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "15815", + "tcp.ack": "70258", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009849", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:c0:50:00:26:ff:b6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812330064, TSecr 2555830": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812330064", + "tcp.options.timestamp.tsecr": "2555830" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5356", + "tcp.analysis.ack_rtt": "0.060188000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:43.904165000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495103.904165000", + "frame.time_delta": "0.016594000", + "frame.time_delta_displayed": "0.016594000", + "frame.time_relative": "1512.443479000", + "frame.number": "5359", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00001541", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000b413", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:43.957113000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495103.957113000", + "frame.time_delta": "0.052948000", + "frame.time_delta_displayed": "0.052948000", + "frame.time_relative": "1512.496427000", + "frame.number": "5360", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00001544", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000b410", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:47.337093000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495107.337093000", + "frame.time_delta": "3.379980000", + "frame.time_delta_displayed": "3.379980000", + "frame.time_relative": "1515.876407000", + "frame.number": "5361", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000fa19", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000df74", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:47.344847000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495107.344847000", + "frame.time_delta": "0.007754000", + "frame.time_delta_displayed": "0.007754000", + "frame.time_relative": "1515.884161000", + "frame.number": "5362", + "frame.len": "211", + "frame.cap_len": "211", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "197", + "ip.id": "0x0000972c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004165", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "177", + "udp.checksum": "0x00009320", + "udp.checksum.status": "2", + "udp.stream": "45" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "4", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { + "dns.resp.name": "_smartthings._tcp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "19", + "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { + "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "4500", + "dns.resp.len": "38", + "dns.txt.length": "6", + "dns.txt": "path=\/", + "dns.txt.length": "19", + "dns.txt": "id=D052A8A1D7EE0001", + "dns.txt.length": "10", + "dns.txt": "type=hubv2" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { + "dns.srv.service": "D052A8A1D7EE0001", + "dns.srv.proto": "_smartthings", + "dns.srv.name": "_tcp.local", + "dns.resp.type": "33", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "25", + "dns.srv.priority": "0", + "dns.srv.weight": "0", + "dns.srv.port": "8081", + "dns.srv.target": "D052A8A1D7EE0001.local" + }, + "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { + "dns.resp.name": "D052A8A1D7EE0001.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "4", + "dns.a": "192.168.0.242" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:47.471493000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495107.471493000", + "frame.time_delta": "0.126646000", + "frame.time_delta_displayed": "0.126646000", + "frame.time_relative": "1516.010807000", + "frame.number": "5363", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000fa3f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000df4e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:47.699423000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495107.699423000", + "frame.time_delta": "0.227930000", + "frame.time_delta_displayed": "0.227930000", + "frame.time_relative": "1516.238737000", + "frame.number": "5364", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000fa67", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000df26", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:47.984755000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495107.984755000", + "frame.time_delta": "0.285332000", + "frame.time_delta_displayed": "0.285332000", + "frame.time_relative": "1516.524069000", + "frame.number": "5365", + "frame.len": "621", + "frame.cap_len": "621", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "607", + "ip.id": "0x00002d62", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000035f2", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "555", + "tcp.seq": "15815", + "tcp.nxtseq": "16370", + "tcp.ack": "70258", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009626", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:c4:50:00:26:ff:b6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812331088, TSecr 2555830": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812331088", + "tcp.options.timestamp.tsecr": "2555830" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "555", + "tcp.analysis.push_bytes_sent": "555" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "550", + "ssl.app_data": "34:cd:34:17:47:48:0e:ae:fd:c4:d8:a8:20:78:28:95:ed:8b:7e:92:62:1d:82:2c:f7:ee:8e:67:be:e5:39:f5:58:db:85:d6:91:5f:0e:89:bf:6c:43:3e:a5:c5:8d:66:3e:c1:4e:cc:71:20:4d:23:b6:67:d7:af:90:16:27:09:3d:73:5f:42:75:d7:bf:0c:9a:fe:56:f8:9c:be:b5:6c:35:a1:23:07:70:96:6f:e1:29:db:45:8d:96:6c:31:27:c3:8b:b7:d9:f5:12:b3:a9:31:a3:a4:6a:64:94:e2:b2:f3:ef:be:ad:7b:95:51:74:e2:3e:ec:8b:8a:98:1d:e6:50:53:7e:3c:ca:b0:f1:93:29:77:68:82:05:f7:88:42:34:a1:b9:61:d1:f3:86:ae:32:e2:7c:47:4d:79:4b:35:61:fa:eb:71:91:65:71:ce:94:81:d7:b4:d2:e4:67:50:2b:b5:1f:38:79:dd:0a:b5:fd:b2:90:1c:11:8a:5d:8c:02:ec:a9:2c:77:ca:85:00:f9:42:a8:81:7b:3f:37:0c:38:26:14:a0:03:aa:87:e0:29:5d:1f:5b:95:ed:f0:56:d1:71:ac:75:3c:75:b3:e5:95:00:e2:83:1a:83:4b:0b:ff:8d:b5:53:b3:7d:2d:90:11:3b:e8:75:5e:43:2d:e3:86:36:be:71:8f:a8:e3:f5:6f:20:b0:09:e5:bb:69:cf:c8:3b:eb:7e:80:11:82:5f:fa:1e:52:fc:45:e0:2a:42:33:3d:ec:90:af:d1:af:90:43:b6:54:57:75:98:44:dc:71:40:94:b3:97:bb:43:d3:ae:dc:b4:65:59:85:85:55:c1:e1:2e:20:16:9c:bb:ac:ea:df:18:0c:8d:99:01:b2:4e:3c:9d:73:9d:8d:39:21:08:41:3d:0a:5b:a2:3f:5c:0e:d7:b6:f9:6e:27:2d:cd:2a:5a:56:6f:94:b6:37:f9:39:a7:1a:9d:eb:78:ba:62:72:7d:2a:87:1a:4f:69:2f:3f:cd:04:34:c2:be:7b:40:62:fe:80:b9:6e:88:f8:d2:8b:91:3b:e6:67:5c:de:b8:38:e5:79:33:c5:c3:67:fc:3d:aa:78:17:27:1e:df:ee:f8:41:71:dd:c2:e5:ef:3f:cb:de:2e:e1:2e:09:88:02:93:7a:1e:64:d8:e5:b6:b7:65:00:57:47:79:11:43:79:19:33:cf:1d:90:a5:7b:ec:25:09:80:26:00:c9:01:f4:fc:16:78:a1:a2:9b:5f:7e:61:14:aa:cd:c4:7c:a3:b3:7c:27:23:89:e0:34:30:4b:e8:e8:b8:a5:f9:b6:21:d5:5f:52:45:bf:ab:65:2d:d1:c5:9c:0a:3e:4b:e8:a9:7e:86:db:db:a5:4e:31:ea:b9:3d:87:6f:72:44:fb:3b:57:d8:22:07:ab:3a:93:42:58:a9:c6:c8:fc:10:8f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.015602000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.015602000", + "frame.time_delta": "0.030847000", + "frame.time_delta_displayed": "0.030847000", + "frame.time_relative": "1516.554916000", + "frame.number": "5366", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009667", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007718", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "70258", + "tcp.ack": "16370", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008f8c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:01:59:a7:a0:c4:50", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2556249, TSecr 2812331088": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2556249", + "tcp.options.timestamp.tsecr": "2812331088" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5365", + "tcp.analysis.ack_rtt": "0.030847000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.019723000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.019723000", + "frame.time_delta": "0.004121000", + "frame.time_delta_displayed": "0.004121000", + "frame.time_relative": "1516.559037000", + "frame.number": "5367", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x00009668", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076e2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "70258", + "tcp.nxtseq": "70311", + "tcp.ack": "16370", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bbef", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:01:59:a7:a0:c4:50", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2556249, TSecr 2812331088": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2556249", + "tcp.options.timestamp.tsecr": "2812331088" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:0b:86:89:97:63:90:7d:3b:15:a2:7d:37:14:04:db:26:93:07:0e:ff:df:9d:de:34:b1:cd:f3:1e:29:90:29:a5:9e:bb:eb:f9:1b:b5:19:ea:bd" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.022479000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.022479000", + "frame.time_delta": "0.002756000", + "frame.time_delta_displayed": "0.002756000", + "frame.time_relative": "1516.561793000", + "frame.number": "5368", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000e261", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d5d6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36194", + "tcp.dstport": "49154", + "tcp.port": "36194", + "tcp.port": "49154", + "tcp.stream": "200", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 49154", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x00003e3b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:27:01:59:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 2556249, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2556249", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.032731000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.032731000", + "frame.time_delta": "0.010252000", + "frame.time_delta_displayed": "0.010252000", + "frame.time_relative": "1516.572045000", + "frame.number": "5369", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "14:91:82:25:10:77", + "arp.src.proto_ipv4": "192.168.0.65", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.033169000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.033169000", + "frame.time_delta": "0.000438000", + "frame.time_delta_displayed": "0.000438000", + "frame.time_relative": "1516.572483000", + "frame.number": "5370", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "14:91:82:25:10:77", + "arp.dst.proto_ipv4": "192.168.0.65" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.068376000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.068376000", + "frame.time_delta": "0.035207000", + "frame.time_delta_displayed": "0.035207000", + "frame.time_relative": "1516.607690000", + "frame.number": "5371", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b840", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36194", + "tcp.port": "49154", + "tcp.port": "36194", + "tcp.stream": "200", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 49154", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5840", + "tcp.window_size": "5840", + "tcp.checksum": "0x000032cb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 1 (multiply by 2)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "1", + "tcp.options.wscale.multiplier": "2" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5368", + "tcp.analysis.ack_rtt": "0.045897000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.068869000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.068869000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "1516.608183000", + "frame.number": "5372", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e262", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d5e9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36194", + "tcp.dstport": "49154", + "tcp.port": "36194", + "tcp.port": "49154", + "tcp.stream": "200", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00008982", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5371", + "tcp.analysis.ack_rtt": "0.000493000", + "tcp.analysis.initial_rtt": "0.046390000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.079845000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.079845000", + "frame.time_delta": "0.010976000", + "frame.time_delta_displayed": "0.010976000", + "frame.time_relative": "1516.619159000", + "frame.number": "5373", + "frame.len": "557", + "frame.cap_len": "557", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "543", + "ip.id": "0x0000e263", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d3f1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36194", + "tcp.dstport": "49154", + "tcp.port": "36194", + "tcp.port": "49154", + "tcp.stream": "200", + "tcp.len": "503", + "tcp.seq": "1", + "tcp.nxtseq": "504", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000c18a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.046390000", + "tcp.analysis.bytes_in_flight": "503", + "tcp.analysis.push_bytes_sent": "503" + } + }, + "http": { + "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/upnp\/control\/basicevent1", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "SOAPAction: \"urn:Belkin:service:basicevent:1#SetBinaryState\"\n", + "http.host": "192.168.0.65:49154", + "http.request.line": "Host: 192.168.0.65:49154\n", + "http.content_type": "text\/xml", + "http.request.line": "Content-Type: text\/xml\n", + "http.content_length_header": "333", + "http.content_length_header_tree": { + "http.content_length": "333" + }, + "http.request.line": "Content-Length: 333\n", + "\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.65:49154\/upnp\/control\/basicevent1", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "<?xml version=\"1.0\"?>\n<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">\n<SOAP-ENV:Body>\n <m:SetBinaryState xmlns:m=\"urn:Belkin:service:basicevent:1\">\n<BinaryState>0<\/BinaryState>\n <\/m:SetBinaryState>\n<\/SOAP-ENV:Body>\n<\/SOAP-ENV:Envelope>" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\"?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "?>": "" + }, + "xml.tag": "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", + "xml.attribute": "SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", + "xml.tag": "<SOAP-ENV:Body>", + "xml.tag_tree": { + "xml.tag": "<m:SetBinaryState xmlns:m=\"urn:Belkin:service:basicevent:1\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:m=\"urn:Belkin:service:basicevent:1\"", + "xml.tag": "<BinaryState>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/BinaryState>": "" + }, + "<\/m:SetBinaryState>": "" + }, + "<\/SOAP-ENV:Body>": "" + }, + "<\/SOAP-ENV:Envelope>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.080055000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.080055000", + "frame.time_delta": "0.000210000", + "frame.time_delta_displayed": "0.000210000", + "frame.time_relative": "1516.619369000", + "frame.number": "5374", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d63", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000381c", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "16370", + "tcp.ack": "70311", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000902e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:c4:68:00:27:01:59", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812331112, TSecr 2556249": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812331112", + "tcp.options.timestamp.tsecr": "2556249" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5367", + "tcp.analysis.ack_rtt": "0.060332000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.080513000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.080513000", + "frame.time_delta": "0.000458000", + "frame.time_delta_displayed": "0.000458000", + "frame.time_relative": "1516.619827000", + "frame.number": "5375", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009669", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076e0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "70311", + "tcp.nxtseq": "70365", + "tcp.ack": "16370", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009eb0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:01:5f:a7:a0:c4:68", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2556255, TSecr 2812331112": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2556255", + "tcp.options.timestamp.tsecr": "2812331112" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:0c:ad:09:dd:1a:3d:df:f7:58:f4:be:d0:2c:12:6c:f1:8d:e1:7f:38:d0:fd:b1:33:46:16:0d:ce:9e:d2:1e:ee:6c:b6:d0:7b:44:7a:60:3d:a4:c7" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.087700000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.087700000", + "frame.time_delta": "0.007187000", + "frame.time_delta_displayed": "0.007187000", + "frame.time_relative": "1516.627014000", + "frame.number": "5376", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c146", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f705", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36194", + "tcp.port": "49154", + "tcp.port": "36194", + "tcp.stream": "200", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "504", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00007af0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5373", + "tcp.analysis.ack_rtt": "0.007855000", + "tcp.analysis.initial_rtt": "0.046390000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.119849000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.119849000", + "frame.time_delta": "0.032149000", + "frame.time_delta_displayed": "0.032149000", + "frame.time_relative": "1516.659163000", + "frame.number": "5377", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000c147", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f644", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36194", + "tcp.port": "49154", + "tcp.port": "36194", + "tcp.stream": "200", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "504", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x000087f5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.046390000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:34:32:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:31:31:3a:34:38:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.120015000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.120015000", + "frame.time_delta": "0.000166000", + "frame.time_delta_displayed": "0.000166000", + "frame.time_relative": "1516.659329000", + "frame.number": "5378", + "frame.len": "474", + "frame.cap_len": "474", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "460", + "ip.id": "0x0000c148", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f55f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36194", + "tcp.port": "49154", + "tcp.port": "36194", + "tcp.stream": "200", + "tcp.len": "420", + "tcp.seq": "193", + "tcp.nxtseq": "614", + "tcp.ack": "504", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000ba4f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.046390000", + "tcp.analysis.bytes_in_flight": "613", + "tcp.analysis.push_bytes_sent": "420" + }, + "tcp.segment_data": "3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:7c:31:35:30:39:34:39:34:35:30:36:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:30:3c:2f:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:0d:0a:3c:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:31:35:30:39:34:39:35:31:30:38:3c:2f:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:0d:0a:3c:2f:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" + }, + "tcp.segments": { + "tcp.segment": "5377", + "tcp.segment": "5378", + "tcp.segment.count": "2", + "tcp.reassembled.length": "612", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:34:32:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:31:31:3a:34:38:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a:3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:7c:31:35:30:39:34:39:34:35:30:36:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:30:3c:2f:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:0d:0a:3c:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:31:35:30:39:34:39:35:31:30:38:3c:2f:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:0d:0a:3c:2f:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_length_header": "420", + "http.content_length_header_tree": { + "http.content_length": "420" + }, + "http.response.line": "CONTENT-LENGTH: 420\r\n", + "http.content_type": "text\/xml; charset=\"utf-8\"", + "http.response.line": "CONTENT-TYPE: text\/xml; charset=\"utf-8\"\r\n", + "http.date": "Wed, 01 Nov 2017 00:11:48 GMT", + "http.response.line": "DATE: Wed, 01 Nov 2017 00:11:48 GMT\r\n", + "http.response.line": "EXT:\r\n", + "http.server": "Unspecified, UPnP\/1.0, Unspecified", + "http.response.line": "SERVER: Unspecified, UPnP\/1.0, Unspecified\r\n", + "http.response.line": "X-User-Agent: redsonic\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.040170000", + "http.request_in": "5373", + "http.file_data": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"><s:Body>\n<u:SetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">\r\n<BinaryState>0|1509494506|0|0|14320|1209600|15|0|0|4860051<\/BinaryState>\r\n<CountdownEndTime>0<\/CountdownEndTime>\r\n<deviceCurrentTime>1509495108<\/deviceCurrentTime>\r\n<\/u:SetBinaryStateResponse>\r\n<\/s:Body> <\/s:Envelope>" + }, + "xml": { + "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", + "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", + "xml.tag": "<s:Body>", + "xml.tag_tree": { + "xml.tag": "<u:SetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:u=\"urn:Belkin:service:basicevent:1\"", + "xml.tag": "<BinaryState>", + "xml.tag_tree": { + "xml.cdata": "0|1509494506|0|0|14320|1209600|15|0|0|4860051", + "<\/BinaryState>": "" + }, + "xml.tag": "<CountdownEndTime>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/CountdownEndTime>": "" + }, + "xml.tag": "<deviceCurrentTime>", + "xml.tag_tree": { + "xml.cdata": "1509495108", + "<\/deviceCurrentTime>": "" + }, + "<\/u:SetBinaryStateResponse>": "" + }, + "<\/s:Body>": "" + }, + "<\/s:Envelope>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.120346000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.120346000", + "frame.time_delta": "0.000331000", + "frame.time_delta_displayed": "0.000331000", + "frame.time_relative": "1516.659660000", + "frame.number": "5379", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e264", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d5e7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36194", + "tcp.dstport": "49154", + "tcp.port": "36194", + "tcp.port": "49154", + "tcp.stream": "200", + "tcp.len": "0", + "tcp.seq": "504", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x000086bb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5377", + "tcp.analysis.ack_rtt": "0.000497000", + "tcp.analysis.initial_rtt": "0.046390000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.141022000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.141022000", + "frame.time_delta": "0.020676000", + "frame.time_delta_displayed": "0.020676000", + "frame.time_relative": "1516.680336000", + "frame.number": "5380", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d64", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000381b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "16370", + "tcp.ack": "70365", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008fe3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:c4:77:00:27:01:5f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812331127, TSecr 2556255": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812331127", + "tcp.options.timestamp.tsecr": "2556255" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5375", + "tcp.analysis.ack_rtt": "0.060509000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.141581000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.141581000", + "frame.time_delta": "0.000559000", + "frame.time_delta_displayed": "0.000559000", + "frame.time_relative": "1516.680895000", + "frame.number": "5381", + "frame.len": "791", + "frame.cap_len": "791", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "777", + "ip.id": "0x0000966a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007440", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "725", + "tcp.seq": "70365", + "tcp.nxtseq": "71090", + "tcp.ack": "16370", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000be1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:01:65:a7:a0:c4:77", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2556261, TSecr 2812331127": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2556261", + "tcp.options.timestamp.tsecr": "2812331127" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "725", + "tcp.analysis.push_bytes_sent": "725" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:0d:a8:2e:d5:3d:9a:08:8c:49:0b:99:d5:57:5d:cb:dc:cf:9d:c9:00:98:ca:4b:53:7c:8f:b5:e8:f0:ba:46:19:88:4f:c1:8c:eb:57:6c:f2:b5:55" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "666", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:0e:a5:4c:90:9a:14:fb:ff:17:b9:9d:64:21:30:8f:a2:42:3c:1c:51:7d:c0:70:b0:da:f6:a9:ba:8a:d8:41:11:b2:c0:59:3c:4c:ed:a3:6d:9c:f2:98:cc:8e:72:0c:66:2a:4b:db:64:bc:84:3e:b0:d0:48:7e:7c:05:1d:28:1c:94:32:1a:32:df:ae:a3:cb:76:b5:ce:54:3e:8a:66:b5:73:65:34:cb:fc:83:27:3b:f5:b6:06:c5:dc:44:31:ee:74:83:bb:01:7f:f8:82:02:00:f3:75:f4:54:da:73:ea:d5:80:75:c6:75:e7:c6:44:eb:75:99:51:ae:aa:58:8d:d2:f1:cf:64:a1:d2:cb:33:1e:36:4b:e9:db:5f:44:7b:e1:c5:4f:5c:fb:59:cc:e9:d4:ee:4a:9f:cd:64:51:20:02:58:a7:3c:dd:11:50:2c:db:e2:93:a0:71:10:3e:10:77:20:4e:c6:f5:94:68:73:90:2a:c3:c1:5c:d5:8a:3d:52:b1:4e:96:4c:52:aa:21:ba:24:ea:54:c5:12:43:d9:15:14:56:c9:87:43:e7:dd:ad:70:e3:c8:30:42:72:e1:db:4e:79:ee:ad:f6:49:f9:af:a0:1e:c9:e6:49:3d:ab:05:a5:09:9a:95:c3:5c:f2:54:ad:b9:15:d6:1b:73:b5:b5:3a:cb:e0:54:a8:a4:e8:c0:92:ba:a7:55:64:53:09:de:ae:bb:57:ff:24:68:86:6b:ce:0c:2d:22:27:f3:b1:43:ce:2e:62:fa:55:ba:cc:1d:fa:56:36:1f:d5:b9:94:a1:97:c4:f4:69:73:98:ea:f5:74:fd:14:3c:57:bb:32:a8:18:6e:52:1f:f1:49:64:9f:6f:ba:d2:1c:4d:0c:56:d9:a1:33:c6:01:de:d7:44:af:75:76:3a:e1:3e:14:d4:98:dc:f1:af:d3:8c:02:be:b2:16:0d:89:e6:64:29:c3:6a:e3:b0:e7:cb:d0:98:3e:02:a2:b8:06:b9:f6:ca:66:b1:dd:39:3e:6c:67:23:eb:8d:d0:e9:88:61:e0:97:d2:de:8d:ea:d0:43:30:6b:b0:80:a8:d9:9a:f8:91:92:b8:11:f5:40:3a:44:e5:58:fa:b7:0d:8c:39:69:2f:d2:0c:56:2e:72:c0:24:39:48:b7:7a:c3:da:4c:af:c0:19:4d:3c:2d:18:67:60:77:3b:5d:1a:40:0f:7f:30:aa:43:44:91:ba:18:70:d1:b8:4a:38:e1:81:de:e3:85:d8:18:03:21:06:08:4a:d0:e3:4e:8b:5d:a2:0b:fd:59:03:e2:cc:b8:21:89:69:5a:0c:c7:67:25:63:e7:a7:f2:c5:72:d1:c6:09:b1:28:99:42:9f:f6:65:81:6e:03:af:8d:3c:c4:4d:ab:2b:e5:af:d6:75:2e:45:91:ba:ac:63:26:46:71:29:78:61:25:f4:ba:59:6e:90:8e:ed:64:4e:49:1f:27:b0:d2:fe:33:e9:0f:89:4f:a4:ad:b5:c1:49:81:94:05:76:9c:fe:c2:f2:a4:86:61:8e:c8:67:98:9a:ec:34:2d:91:0b:40:35:e4:63:fd:92:59:b0:67:f0:5e:ca:25:5f:e5:7d:f0:d1:f7:2c:49:f5:7f:44:33:d3:1e:83:3e:3e:62:8a:85:fb:b1:d0:0c:4d:9e:10:88:d3:f5:1f:0a:34:ad:fb:76:63:c9:09:26:10:5f:ad:bb:8c:17:6c:04:da:bb:40:8f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.155574000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.155574000", + "frame.time_delta": "0.013993000", + "frame.time_delta_displayed": "0.013993000", + "frame.time_relative": "1516.694888000", + "frame.number": "5382", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e265", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d5e6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36194", + "tcp.dstport": "49154", + "tcp.port": "36194", + "tcp.port": "49154", + "tcp.stream": "200", + "tcp.len": "0", + "tcp.seq": "504", + "tcp.ack": "614", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00008505", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5378", + "tcp.analysis.ack_rtt": "0.035559000", + "tcp.analysis.initial_rtt": "0.046390000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.201826000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.201826000", + "frame.time_delta": "0.046252000", + "frame.time_delta_displayed": "0.046252000", + "frame.time_relative": "1516.741140000", + "frame.number": "5383", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d65", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000381a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "16370", + "tcp.ack": "71090", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008cf9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:c4:86:00:27:01:65", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812331142, TSecr 2556261": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812331142", + "tcp.options.timestamp.tsecr": "2556261" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5381", + "tcp.analysis.ack_rtt": "0.060245000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.203199000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.203199000", + "frame.time_delta": "0.001373000", + "frame.time_delta_displayed": "0.001373000", + "frame.time_relative": "1516.742513000", + "frame.number": "5384", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d66", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037ea", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "16370", + "tcp.nxtseq": "16417", + "tcp.ack": "71090", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c8c4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:c4:87:00:27:01:65", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812331143, TSecr 2556261": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812331143", + "tcp.options.timestamp.tsecr": "2556261" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:af:07:38:8e:93:1a:26:18:0d:85:0b:02:99:46:db:43:8b:87:9d:18:d7:3e:80:d0:c1:7e:9a:01:73:c5:0b:15:4c:56:7e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.203629000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.203629000", + "frame.time_delta": "0.000430000", + "frame.time_delta_displayed": "0.000430000", + "frame.time_relative": "1516.742943000", + "frame.number": "5385", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000966b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007714", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "71090", + "tcp.ack": "16417", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008bd4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:01:6b:a7:a0:c4:87", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2556267, TSecr 2812331143": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2556267", + "tcp.options.timestamp.tsecr": "2812331143" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5384", + "tcp.analysis.ack_rtt": "0.000430000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.207076000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.207076000", + "frame.time_delta": "0.003447000", + "frame.time_delta_displayed": "0.003447000", + "frame.time_relative": "1516.746390000", + "frame.number": "5386", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x0000966c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076e4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "71090", + "tcp.nxtseq": "71137", + "tcp.ack": "16417", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fab0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:01:6c:a7:a0:c4:87", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2556268, TSecr 2812331143": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2556268", + "tcp.options.timestamp.tsecr": "2812331143" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:0f:00:39:49:cb:e7:52:7d:b3:bb:7d:0f:f0:6c:61:f4:74:bb:9c:f0:f3:9a:6d:9f:ad:2a:57:31:d7:8d:89:62:5a:bc:74" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.227536000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.227536000", + "frame.time_delta": "0.020460000", + "frame.time_delta_displayed": "0.020460000", + "frame.time_relative": "1516.766850000", + "frame.number": "5387", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e266", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d5e5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36194", + "tcp.dstport": "49154", + "tcp.port": "36194", + "tcp.port": "49154", + "tcp.stream": "200", + "tcp.len": "0", + "tcp.seq": "504", + "tcp.ack": "614", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00008504", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.229772000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.229772000", + "frame.time_delta": "0.002236000", + "frame.time_delta_displayed": "0.002236000", + "frame.time_relative": "1516.769086000", + "frame.number": "5388", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b84c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36194", + "tcp.port": "49154", + "tcp.port": "36194", + "tcp.stream": "200", + "tcp.len": "0", + "tcp.seq": "614", + "tcp.ack": "505", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000788a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5387", + "tcp.analysis.ack_rtt": "0.002236000", + "tcp.analysis.initial_rtt": "0.046390000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.306524000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.306524000", + "frame.time_delta": "0.076752000", + "frame.time_delta_displayed": "0.076752000", + "frame.time_relative": "1516.845838000", + "frame.number": "5389", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d67", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003818", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "16417", + "tcp.ack": "71137", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008c79", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:c4:a1:00:27:01:6c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812331169, TSecr 2556268": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812331169", + "tcp.options.timestamp.tsecr": "2556268" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5386", + "tcp.analysis.ack_rtt": "0.099448000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.307016000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.307016000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "1516.846330000", + "frame.number": "5390", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x0000966d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "71137", + "tcp.nxtseq": "71191", + "tcp.ack": "16417", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fd19", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:01:76:a7:a0:c4:a1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2556278, TSecr 2812331169": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2556278", + "tcp.options.timestamp.tsecr": "2812331169" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:10:75:4c:b1:ba:91:a2:6e:ce:2e:4b:25:14:07:de:41:dc:57:dd:1c:25:28:e2:e0:af:e4:70:48:11:56:53:5c:22:9b:e3:d4:11:b5:9c:2a:c6:96" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:48.367370000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495108.367370000", + "frame.time_delta": "0.060354000", + "frame.time_delta_displayed": "0.060354000", + "frame.time_relative": "1516.906684000", + "frame.number": "5391", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d68", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003817", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "16417", + "tcp.ack": "71191", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008c2a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:c4:b0:00:27:01:76", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812331184, TSecr 2556278": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812331184", + "tcp.options.timestamp.tsecr": "2556278" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5390", + "tcp.analysis.ack_rtt": "0.060354000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:49.339316000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495109.339316000", + "frame.time_delta": "0.971946000", + "frame.time_delta_displayed": "0.971946000", + "frame.time_relative": "1517.878630000", + "frame.number": "5392", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000faeb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000de6d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:49.402816000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495109.402816000", + "frame.time_delta": "0.063500000", + "frame.time_delta_displayed": "0.063500000", + "frame.time_relative": "1517.942130000", + "frame.number": "5393", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00004b42", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006cfe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4131", + "tcp.dstport": "39500", + "tcp.port": "4131", + "tcp.port": "39500", + "tcp.stream": "201", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 39500", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5840", + "tcp.window_size": "5840", + "tcp.checksum": "0x00004c8c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 1 (multiply by 2)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "1", + "tcp.options.wscale.multiplier": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:49.403312000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495109.403312000", + "frame.time_delta": "0.000496000", + "frame.time_delta_displayed": "0.000496000", + "frame.time_relative": "1517.942626000", + "frame.number": "5394", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b840", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4131", + "tcp.port": "39500", + "tcp.port": "4131", + "tcp.stream": "201", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 39500", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x00004b20", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5393", + "tcp.analysis.ack_rtt": "0.000496000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:49.405301000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495109.405301000", + "frame.time_delta": "0.001989000", + "frame.time_delta_displayed": "0.001989000", + "frame.time_relative": "1517.944615000", + "frame.number": "5395", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004b43", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006d09", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4131", + "tcp.dstport": "39500", + "tcp.port": "4131", + "tcp.port": "39500", + "tcp.stream": "201", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000b991", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5394", + "tcp.analysis.ack_rtt": "0.001989000", + "tcp.analysis.initial_rtt": "0.002485000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:49.408945000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495109.408945000", + "frame.time_delta": "0.003644000", + "frame.time_delta_displayed": "0.003644000", + "frame.time_relative": "1517.948259000", + "frame.number": "5396", + "frame.len": "258", + "frame.cap_len": "258", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "244", + "ip.id": "0x00004b44", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006c3c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4131", + "tcp.dstport": "39500", + "tcp.port": "4131", + "tcp.port": "39500", + "tcp.stream": "201", + "tcp.len": "204", + "tcp.seq": "1", + "tcp.nxtseq": "205", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00002e2e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002485000", + "tcp.analysis.bytes_in_flight": "204", + "tcp.analysis.push_bytes_sent": "204" + }, + "tcp.segment_data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:37:36:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:38:36:65:65:36:38:36:34:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:34:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:49.409414000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495109.409414000", + "frame.time_delta": "0.000469000", + "frame.time_delta_displayed": "0.000469000", + "frame.time_relative": "1517.948728000", + "frame.number": "5397", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c6a6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f1a5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4131", + "tcp.port": "39500", + "tcp.port": "4131", + "tcp.stream": "201", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "205", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000c338", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5396", + "tcp.analysis.ack_rtt": "0.000469000", + "tcp.analysis.initial_rtt": "0.002485000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:49.415361000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495109.415361000", + "frame.time_delta": "0.005947000", + "frame.time_delta_displayed": "0.005947000", + "frame.time_relative": "1517.954675000", + "frame.number": "5398", + "frame.len": "231", + "frame.cap_len": "231", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml:http:data" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "217", + "ip.id": "0x00004b45", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006c56", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4131", + "tcp.dstport": "39500", + "tcp.port": "4131", + "tcp.port": "39500", + "tcp.stream": "201", + "tcp.len": "177", + "tcp.seq": "205", + "tcp.nxtseq": "382", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00008574", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002485000", + "tcp.analysis.bytes_in_flight": "177", + "tcp.analysis.push_bytes_sent": "177" + }, + "tcp.segment_data": "3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:7c:31:35:30:39:34:39:35:31:30:38:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" + }, + "tcp.segments": { + "tcp.segment": "5396", + "tcp.segment": "5398", + "tcp.segment.count": "2", + "tcp.reassembled.length": "380", + "tcp.reassembled.data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:37:36:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:38:36:65:65:36:38:36:34:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:34:0d:0a:0d:0a:3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:7c:31:35:30:39:34:39:35:31:30:38:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" + }, + "http": { + "NOTIFY \/ HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY \/ HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "\/", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.242:39500", + "http.content_type": "text\/xml; charset=\"utf-8\"", + "http.content_length_header": "176", + "http.content_length_header_tree": { + "http.content_length": "176" + }, + "http.unknown_header": "NT: upnp:event\\r\\n", + "http.unknown_header": "NTS: upnp:propchange\\r\\n", + "http.unknown_header": "SID: uuid:86ee6864-1dd2-11b2-be5b-b0ef260068aa\\r\\n", + "http.unknown_header": "SEQ: 4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.242:39500\/", + "http.notification": "1", + "http.file_data": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">\n<e:property>\n<BinaryState>0|1509495108|0|0|14320|1209600|15|0|0|4860051<\/BinaryState>\n<\/e:property>\n<\/e:propertyset>\n\n\r" + }, + "xml": { + "xml.tag": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:e=\"urn:schemas-upnp-org:event-1-0\"", + "xml.tag": "<e:property>", + "xml.tag_tree": { + "xml.tag": "<BinaryState>", + "xml.tag_tree": { + "xml.cdata": "0|1509495108|0|0|14320|1209600|15|0|0|4860051", + "<\/BinaryState>": "" + }, + "<\/e:property>": "" + }, + "<\/e:propertyset>": "" + } + }, + "http": { + "data": { + "data.data": "0a", + "data.len": "1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:49.415819000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495109.415819000", + "frame.time_delta": "0.000458000", + "frame.time_delta_displayed": "0.000458000", + "frame.time_relative": "1517.955133000", + "frame.number": "5399", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c6a7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f1a4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4131", + "tcp.port": "39500", + "tcp.port": "4131", + "tcp.stream": "201", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "382", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000c276", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5398", + "tcp.analysis.ack_rtt": "0.000458000", + "tcp.analysis.initial_rtt": "0.002485000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:49.429674000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495109.429674000", + "frame.time_delta": "0.013855000", + "frame.time_delta_displayed": "0.013855000", + "frame.time_relative": "1517.968988000", + "frame.number": "5400", + "frame.len": "531", + "frame.cap_len": "531", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "517", + "ip.id": "0x0000966e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007540", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "465", + "tcp.seq": "71191", + "tcp.nxtseq": "71656", + "tcp.ack": "16417", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bc60", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:01:e6:a7:a0:c4:b0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2556390, TSecr 2812331184": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2556390", + "tcp.options.timestamp.tsecr": "2812331184" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "465", + "tcp.analysis.push_bytes_sent": "465" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "460", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:11:6a:d3:86:cf:98:f5:e1:62:89:8d:14:35:6c:09:ef:70:c9:32:7d:e5:51:ea:b6:a4:e9:03:6d:34:12:02:aa:b3:d7:fc:95:e9:e7:2d:15:02:fc:90:99:e2:be:07:48:2c:6a:dc:4d:c1:67:bf:65:82:c2:8a:c1:1d:1d:8a:f0:85:d9:59:f6:e5:61:97:1b:ac:52:28:36:63:8e:9e:82:03:ad:f7:12:b5:8e:fd:a1:2e:78:f2:ff:01:69:6a:39:e9:2e:43:18:47:ba:69:04:e2:bf:78:d6:39:12:8c:54:93:b4:23:3e:ff:f9:4e:66:68:96:cc:4e:38:4f:85:76:d0:53:cd:03:e2:93:24:84:ce:29:3b:15:6e:53:44:78:c0:d7:43:82:75:72:a8:64:65:f1:da:0e:51:42:b6:35:47:ef:74:40:69:3e:da:10:47:2e:62:9f:5d:ae:df:57:bb:c7:12:ac:1e:b3:c9:1d:02:5c:64:c9:18:6f:63:44:82:06:66:ff:8a:42:7b:82:73:17:d6:78:d4:87:75:a1:11:e5:95:dc:80:4f:16:ae:c0:7e:d3:9f:d4:cb:83:69:c7:ad:78:97:8e:29:ca:72:3c:43:34:c2:20:0e:9a:2a:54:2b:ac:83:9b:03:78:bf:dc:c8:78:dc:e8:dd:0a:a8:62:da:89:3a:10:dd:ae:96:ec:32:1c:8a:57:40:73:ce:b1:30:dc:c7:a4:69:f3:e3:04:4f:1c:3d:ce:40:28:e4:cf:6f:e2:2a:13:eb:5d:54:ef:5c:54:e1:b6:45:d9:32:6b:4e:5d:e9:89:4d:51:6e:50:74:84:49:0b:55:40:01:e4:e9:78:62:7e:93:c4:37:c6:1a:1c:7c:23:71:c7:39:52:1f:5b:06:bc:70:8a:1c:10:33:70:12:14:e9:2d:6a:56:e8:6d:22:53:1e:a6:bb:80:ee:50:bb:03:11:59:99:fa:f7:8f:21:f4:a9:9f:e6:1f:78:b2:05:c7:2b:ea:be:62:65:94:bb:bc:29:e8:42:8c:aa:29:90:28:72:e3:f6:e8:3b:8b:e1:1d:13:62:34:f7:3e:b2:16:af:a9:32:12:b5:f1:50:71:a3:80:12:6e:34:9f:17:6e:4b:e1:4e:a9:9f:78:5f:fd:7e:00:33:5a:52:b7:2e:90:81:06:fa:d1:d1:12:fc:41:d9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:49.489886000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495109.489886000", + "frame.time_delta": "0.060212000", + "frame.time_delta_displayed": "0.060212000", + "frame.time_relative": "1518.029200000", + "frame.number": "5401", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d69", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003816", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "16417", + "tcp.ack": "71656", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000088d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:c5:c8:00:27:01:e6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812331464, TSecr 2556390": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812331464", + "tcp.options.timestamp.tsecr": "2556390" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5400", + "tcp.analysis.ack_rtt": "0.060212000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:49.490670000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495109.490670000", + "frame.time_delta": "0.000784000", + "frame.time_delta_displayed": "0.000784000", + "frame.time_relative": "1518.029984000", + "frame.number": "5402", + "frame.len": "151", + "frame.cap_len": "151", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "137", + "ip.id": "0x00002d6a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037c0", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "85", + "tcp.seq": "16417", + "tcp.nxtseq": "16502", + "tcp.ack": "71656", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bb17", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:c5:c9:00:27:01:e6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812331465, TSecr 2556390": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812331465", + "tcp.options.timestamp.tsecr": "2556390" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "85", + "tcp.analysis.push_bytes_sent": "85" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "80", + "ssl.app_data": "34:cd:34:17:47:48:0e:b0:79:ab:ea:ac:56:ba:53:7b:89:41:8d:dc:a6:bd:61:7d:fb:13:c1:ce:55:fa:e0:b5:76:54:78:8d:91:c9:6c:be:6e:c1:2f:9f:ef:e8:c0:ce:4e:19:4c:ea:3d:c3:86:29:90:b7:32:66:05:0d:e0:b0:b9:80:8a:39:71:e3:c1:10:e4:52:78:9e:24:21:3b:fd" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:49.495406000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495109.495406000", + "frame.time_delta": "0.004736000", + "frame.time_delta_displayed": "0.004736000", + "frame.time_relative": "1518.034720000", + "frame.number": "5403", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x0000966f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076e1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "71656", + "tcp.nxtseq": "71703", + "tcp.ack": "16502", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000064e5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:01:ec:a7:a0:c5:c9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2556396, TSecr 2812331465": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2556396", + "tcp.options.timestamp.tsecr": "2812331465" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5402", + "tcp.analysis.ack_rtt": "0.004736000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:12:51:53:f2:b5:ee:8d:25:22:90:4e:73:46:e1:cc:89:55:35:08:2e:a5:4f:3c:6a:4f:e8:56:14:89:d9:b4:3d:de:50:f3" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:49.500922000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495109.500922000", + "frame.time_delta": "0.005516000", + "frame.time_delta_displayed": "0.005516000", + "frame.time_relative": "1518.040236000", + "frame.number": "5404", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x0000c6a8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f17d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4131", + "tcp.port": "39500", + "tcp.port": "4131", + "tcp.stream": "201", + "tcp.len": "38", + "tcp.seq": "1", + "tcp.nxtseq": "39", + "tcp.ack": "382", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000cf01", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002485000", + "tcp.analysis.bytes_in_flight": "38", + "tcp.analysis.push_bytes_sent": "38" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:49.503163000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495109.503163000", + "frame.time_delta": "0.002241000", + "frame.time_delta_displayed": "0.002241000", + "frame.time_relative": "1518.042477000", + "frame.number": "5405", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004b46", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006d06", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4131", + "tcp.dstport": "39500", + "tcp.port": "4131", + "tcp.port": "39500", + "tcp.stream": "201", + "tcp.len": "0", + "tcp.seq": "382", + "tcp.ack": "39", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000b7ee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5404", + "tcp.analysis.ack_rtt": "0.002241000", + "tcp.analysis.initial_rtt": "0.002485000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:49.505532000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495109.505532000", + "frame.time_delta": "0.002369000", + "frame.time_delta_displayed": "0.002369000", + "frame.time_relative": "1518.044846000", + "frame.number": "5406", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004b47", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006d05", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4131", + "tcp.dstport": "39500", + "tcp.port": "4131", + "tcp.port": "39500", + "tcp.stream": "201", + "tcp.len": "0", + "tcp.seq": "382", + "tcp.ack": "39", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000b7ed", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:49.506206000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495109.506206000", + "frame.time_delta": "0.000674000", + "frame.time_delta_displayed": "0.000674000", + "frame.time_relative": "1518.045520000", + "frame.number": "5407", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c6a9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f1a2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4131", + "tcp.port": "39500", + "tcp.port": "4131", + "tcp.stream": "201", + "tcp.len": "0", + "tcp.seq": "39", + "tcp.ack": "383", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000c24e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5406", + "tcp.analysis.ack_rtt": "0.000674000", + "tcp.analysis.initial_rtt": "0.002485000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:49.515029000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495109.515029000", + "frame.time_delta": "0.008823000", + "frame.time_delta_displayed": "0.008823000", + "frame.time_relative": "1518.054343000", + "frame.number": "5408", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004b48", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006d04", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4131", + "tcp.dstport": "39500", + "tcp.port": "4131", + "tcp.port": "39500", + "tcp.stream": "201", + "tcp.len": "0", + "tcp.seq": "383", + "tcp.ack": "40", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000b7ec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5407", + "tcp.analysis.ack_rtt": "0.008823000", + "tcp.analysis.initial_rtt": "0.002485000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:49.556407000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495109.556407000", + "frame.time_delta": "0.041378000", + "frame.time_delta_displayed": "0.041378000", + "frame.time_relative": "1518.095721000", + "frame.number": "5409", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d6b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037e5", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "16502", + "tcp.nxtseq": "16549", + "tcp.ack": "71703", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007222", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:c5:d9:00:27:01:ec", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812331481, TSecr 2556396": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812331481", + "tcp.options.timestamp.tsecr": "2556396" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5403", + "tcp.analysis.ack_rtt": "0.061001000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:b1:2e:4f:9d:b7:58:44:b6:3c:c8:2d:41:5e:de:c2:0f:67:bc:ac:99:d6:f8:6c:b6:21:f7:08:42:d2:37:ff:f2:1a:df:ae" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:49.556841000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495109.556841000", + "frame.time_delta": "0.000434000", + "frame.time_delta_displayed": "0.000434000", + "frame.time_relative": "1518.096155000", + "frame.number": "5410", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "160", + "ip.id": "0x00009670", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076a3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "108", + "tcp.seq": "71703", + "tcp.nxtseq": "71811", + "tcp.ack": "16549", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000243c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:01:f3:a7:a0:c5:d9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2556403, TSecr 2812331481": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2556403", + "tcp.options.timestamp.tsecr": "2812331481" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5409", + "tcp.analysis.ack_rtt": "0.000434000", + "tcp.analysis.bytes_in_flight": "108", + "tcp.analysis.push_bytes_sent": "108" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:13:3b:71:45:a9:3e:9e:3f:a8:96:f0:7e:e0:9e:8c:fc:5c:b3:99:db:cc:39:35:8a:16:2a:17:39:4a:f0:f1:c2:23:4d:f1:a1:5f:6d:e1:be:a1:c0" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:14:4d:0e:3c:69:fa:08:ad:08:38:5b:aa:c0:d4:4a:1b:67:76:67:2a:4a:75:9f:cd:c5:29:30:d9:c4:6e:6e:4b:69:27:ba:00:2c:bc:47:bc:a9:e5" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:49.654273000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495109.654273000", + "frame.time_delta": "0.097432000", + "frame.time_delta_displayed": "0.097432000", + "frame.time_relative": "1518.193587000", + "frame.number": "5411", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d6c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003813", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "16549", + "tcp.ack": "71811", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000877b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:c5:f2:00:27:01:f3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812331506, TSecr 2556403": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812331506", + "tcp.options.timestamp.tsecr": "2556403" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5410", + "tcp.analysis.ack_rtt": "0.097432000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:49.654756000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495109.654756000", + "frame.time_delta": "0.000483000", + "frame.time_delta_displayed": "0.000483000", + "frame.time_relative": "1518.194070000", + "frame.number": "5412", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009671", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076dd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "71811", + "tcp.nxtseq": "71860", + "tcp.ack": "16549", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008fb6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:01:fc:a7:a0:c5:f2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2556412, TSecr 2812331506": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2556412", + "tcp.options.timestamp.tsecr": "2812331506" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:15:01:92:02:0e:50:1e:88:68:a1:2d:94:d9:e9:87:b5:16:47:be:ac:32:50:28:bb:f7:f4:0d:33:e7:b8:7b:ff:1b:aa:99:37:db" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:11:49.715075000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495109.715075000", + "frame.time_delta": "0.060319000", + "frame.time_delta_displayed": "0.060319000", + "frame.time_relative": "1518.254389000", + "frame.number": "5413", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d6d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003812", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "16549", + "tcp.ack": "71860", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008732", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:c6:01:00:27:01:fc", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812331521, TSecr 2556412": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812331521", + "tcp.options.timestamp.tsecr": "2556412" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5412", + "tcp.analysis.ack_rtt": "0.060319000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:04.356743000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495124.356743000", + "frame.time_delta": "14.641668000", + "frame.time_delta_displayed": "14.641668000", + "frame.time_relative": "1532.896057000", + "frame.number": "5414", + "frame.len": "94", + "frame.cap_len": "94", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "80", + "ip.id": "0x00005815", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a654", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "40", + "tcp.seq": "4998", + "tcp.nxtseq": "5038", + "tcp.ack": "541", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003829", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "40", + "tcp.analysis.push_bytes_sent": "40" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "35", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:ea:bd:1f:d5:d4:0c:d5:96:63:c2:1d:f2:a7:2d:2c:b2:e0:5b:b3:66:7f:e5:e6:fa:0f:b0:5d:1b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:04.500152000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495124.500152000", + "frame.time_delta": "0.143409000", + "frame.time_delta_displayed": "0.143409000", + "frame.time_relative": "1533.039466000", + "frame.number": "5415", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00000ffd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd70", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "36", + "tcp.seq": "541", + "tcp.nxtseq": "577", + "tcp.ack": "5038", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e0d0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5414", + "tcp.analysis.ack_rtt": "0.143409000", + "tcp.analysis.bytes_in_flight": "36", + "tcp.analysis.push_bytes_sent": "36" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "31", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:6f:27:d8:a3:55:31:e9:1e:3d:bc:24:4f:9e:8d:d8:86:53:19:0f:f1:77:c2:e8:7d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:04.500672000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495124.500672000", + "frame.time_delta": "0.000520000", + "frame.time_delta_displayed": "0.000520000", + "frame.time_relative": "1533.039986000", + "frame.number": "5416", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005816", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a67b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5038", + "tcp.ack": "577", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f0d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5415", + "tcp.analysis.ack_rtt": "0.000520000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:06.639388000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495126.639388000", + "frame.time_delta": "2.138716000", + "frame.time_delta_displayed": "2.138716000", + "frame.time_relative": "1535.178702000", + "frame.number": "5417", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005ddb", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005a0e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:07.402986000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495127.402986000", + "frame.time_delta": "0.763598000", + "frame.time_delta_displayed": "0.763598000", + "frame.time_relative": "1535.942300000", + "frame.number": "5418", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b81", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed0f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x00003c28", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:33:84:4c:e9:e8:d1:cd:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:09.269067000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495129.269067000", + "frame.time_delta": "1.866081000", + "frame.time_delta_displayed": "1.866081000", + "frame.time_relative": "1537.808381000", + "frame.number": "5419", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000ff81", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000d9d7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:09.510119000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495129.510119000", + "frame.time_delta": "0.241052000", + "frame.time_delta_displayed": "0.241052000", + "frame.time_relative": "1538.049433000", + "frame.number": "5420", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:09.510517000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495129.510517000", + "frame.time_delta": "0.000398000", + "frame.time_delta_displayed": "0.000398000", + "frame.time_relative": "1538.049831000", + "frame.number": "5421", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:10.203031000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495130.203031000", + "frame.time_delta": "0.692514000", + "frame.time_delta_displayed": "0.692514000", + "frame.time_relative": "1538.742345000", + "frame.number": "5422", + "frame.len": "134", + "frame.cap_len": "134", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:adwin_config" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "120", + "ip.id": "0x00000b83", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed09", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "100", + "udp.checksum": "0x0000de15", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "adwin_config": { + "adwin_config.pattern": "0x5c000054", + "adwin_config.version": "1112689490", + "adwin_config.scan_id": "0xd073d502", + "adwin_config.status": "0x41da0000", + "adwin_config.timeout": "1279870552", + "adwin_config.filename": "V2", + "adwin_config.mac": "9f:36:19:4e:7a:42", + "adwin_config.unused": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:12.656531000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495132.656531000", + "frame.time_delta": "2.453500000", + "frame.time_delta_displayed": "2.453500000", + "frame.time_relative": "1541.195845000", + "frame.number": "5423", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f76", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b87a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001672", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000283", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=643", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:12.657049000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495132.657049000", + "frame.time_delta": "0.000518000", + "frame.time_delta_displayed": "0.000518000", + "frame.time_relative": "1541.196363000", + "frame.number": "5424", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f77", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009975", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f76d", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000283", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=643", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:12.657687000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495132.657687000", + "frame.time_delta": "0.000638000", + "frame.time_delta_displayed": "0.000638000", + "frame.time_relative": "1541.197001000", + "frame.number": "5425", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008533", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000283", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=643", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:17.656841000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495137.656841000", + "frame.time_delta": "4.999154000", + "frame.time_delta_displayed": "4.999154000", + "frame.time_relative": "1546.196155000", + "frame.number": "5426", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f78", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b878", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001672", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000283", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=643", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:17.657342000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495137.657342000", + "frame.time_delta": "0.000501000", + "frame.time_delta_displayed": "0.000501000", + "frame.time_relative": "1546.196656000", + "frame.number": "5427", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f79", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009973", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f76d", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000283", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=643", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:17.657960000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495137.657960000", + "frame.time_delta": "0.000618000", + "frame.time_delta_displayed": "0.000618000", + "frame.time_relative": "1546.197274000", + "frame.number": "5428", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008533", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000283", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=643", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:18.802091000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495138.802091000", + "frame.time_delta": "1.144131000", + "frame.time_delta_displayed": "1.144131000", + "frame.time_relative": "1547.341405000", + "frame.number": "5429", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b85", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed0b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x00000a90", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:34:44:3c:58:90:d4:cd:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:18.901575000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495138.901575000", + "frame.time_delta": "0.099484000", + "frame.time_delta_displayed": "0.099484000", + "frame.time_relative": "1547.440889000", + "frame.number": "5430", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00000b87", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed3d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "44", + "udp.checksum": "0x00005393", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:35:84:5f:5d:96:d4:cd:f2:14:2d:00:00:00", + "data.len": "36" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:19.005814000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495139.005814000", + "frame.time_delta": "0.104239000", + "frame.time_delta_displayed": "0.104239000", + "frame.time_relative": "1547.545128000", + "frame.number": "5431", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b89", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed07", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x00007323", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:36:44:fe:43:9c:d4:cd:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:ab:9c:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:20.574555000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495140.574555000", + "frame.time_delta": "1.568741000", + "frame.time_delta_displayed": "1.568741000", + "frame.time_relative": "1549.113869000", + "frame.number": "5432", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009672", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "71860", + "tcp.nxtseq": "71909", + "tcp.ack": "16549", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000087eb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:0e:11:a7:a0:c6:01", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2559505, TSecr 2812331521": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2559505", + "tcp.options.timestamp.tsecr": "2812331521" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:16:dd:05:90:c0:40:84:b5:a4:61:53:aa:88:91:60:30:c6:f4:ef:cc:51:cf:cd:11:7c:78:72:ae:1c:7a:1c:23:b1:d0:3b:7f:c3" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:20.636633000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495140.636633000", + "frame.time_delta": "0.062078000", + "frame.time_delta_displayed": "0.062078000", + "frame.time_relative": "1549.175947000", + "frame.number": "5433", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d6e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003811", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "16549", + "tcp.ack": "71909", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005cba", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:e4:33:00:27:0e:11", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812339251, TSecr 2559505": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812339251", + "tcp.options.timestamp.tsecr": "2559505" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5432", + "tcp.analysis.ack_rtt": "0.062078000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:20.637261000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495140.637261000", + "frame.time_delta": "0.000628000", + "frame.time_delta_displayed": "0.000628000", + "frame.time_relative": "1549.176575000", + "frame.number": "5434", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002d6f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037d9", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "16549", + "tcp.nxtseq": "16604", + "tcp.ack": "71909", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000b49", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:e4:33:00:27:0e:11", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812339251, TSecr 2559505": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812339251", + "tcp.options.timestamp.tsecr": "2559505" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:b2:61:61:cb:1d:a6:f4:25:d7:c4:99:51:56:0f:e9:aa:3d:9b:ef:f9:55:6f:20:d1:d7:0d:e8:53:03:58:ae:3b:2e:7b:85:c3:4e:07:5c:bb:c0:d9:cd" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:20.674224000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495140.674224000", + "frame.time_delta": "0.036963000", + "frame.time_delta_displayed": "0.036963000", + "frame.time_relative": "1549.213538000", + "frame.number": "5435", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009673", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000770c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "71909", + "tcp.ack": "16604", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005b8a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:0e:1b:a7:a0:e4:33", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2559515, TSecr 2812339251": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2559515", + "tcp.options.timestamp.tsecr": "2812339251" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5434", + "tcp.analysis.ack_rtt": "0.036963000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:22.657108000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495142.657108000", + "frame.time_delta": "1.982884000", + "frame.time_delta_displayed": "1.982884000", + "frame.time_relative": "1551.196422000", + "frame.number": "5436", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f7c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b874", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001672", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000283", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=643", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:22.657852000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495142.657852000", + "frame.time_delta": "0.000744000", + "frame.time_delta_displayed": "0.000744000", + "frame.time_relative": "1551.197166000", + "frame.number": "5437", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f7d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000996f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f76d", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000283", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=643", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:22.658286000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495142.658286000", + "frame.time_delta": "0.000434000", + "frame.time_delta_displayed": "0.000434000", + "frame.time_relative": "1551.197600000", + "frame.number": "5438", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008533", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000283", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=643", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:25.626990000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495145.626990000", + "frame.time_delta": "2.968704000", + "frame.time_delta_displayed": "2.968704000", + "frame.time_relative": "1554.166304000", + "frame.number": "5439", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:25.640225000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495145.640225000", + "frame.time_delta": "0.013235000", + "frame.time_delta_displayed": "0.013235000", + "frame.time_relative": "1554.179539000", + "frame.number": "5440", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:25.640669000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495145.640669000", + "frame.time_delta": "0.000444000", + "frame.time_delta_displayed": "0.000444000", + "frame.time_relative": "1554.179983000", + "frame.number": "5441", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:25.890959000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495145.890959000", + "frame.time_delta": "0.250290000", + "frame.time_delta_displayed": "0.250290000", + "frame.time_relative": "1554.430273000", + "frame.number": "5442", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:25.911177000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495145.911177000", + "frame.time_delta": "0.020218000", + "frame.time_delta_displayed": "0.020218000", + "frame.time_relative": "1554.450491000", + "frame.number": "5443", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:25.971991000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495145.971991000", + "frame.time_delta": "0.060814000", + "frame.time_delta_displayed": "0.060814000", + "frame.time_relative": "1554.511305000", + "frame.number": "5444", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:26.055692000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495146.055692000", + "frame.time_delta": "0.083701000", + "frame.time_delta_displayed": "0.083701000", + "frame.time_relative": "1554.595006000", + "frame.number": "5445", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:26.082881000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495146.082881000", + "frame.time_delta": "0.027189000", + "frame.time_delta_displayed": "0.027189000", + "frame.time_relative": "1554.622195000", + "frame.number": "5446", + "frame.len": "264", + "frame.cap_len": "264", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "250", + "ip.id": "0x00002d70", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003749", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "198", + "tcp.seq": "16604", + "tcp.nxtseq": "16802", + "tcp.ack": "71909", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000fcb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:e9:85:00:27:0e:1b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812340613, TSecr 2559515": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812340613", + "tcp.options.timestamp.tsecr": "2559515" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "198", + "tcp.analysis.push_bytes_sent": "198" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "193", + "ssl.app_data": "34:cd:34:17:47:48:0e:b3:07:09:39:2a:22:b6:fe:73:f4:8d:5a:2b:07:6d:37:6f:d6:f2:9d:c5:70:bb:3b:6c:da:5f:da:f2:82:d5:7b:42:39:01:80:04:f2:c2:69:2d:01:ea:ac:94:f5:cc:1c:90:30:2c:59:2f:ae:2e:14:f0:56:f6:07:08:d2:6f:c0:f9:fd:7c:6a:52:7a:6b:d9:7c:4a:19:95:41:f9:c0:39:26:28:7b:72:72:e9:a0:88:84:ae:e3:2c:3e:eb:14:da:5d:97:41:8e:27:7c:01:4d:59:64:ab:fb:0e:bf:96:ba:6f:18:5c:7c:6b:63:33:90:97:bd:15:ff:42:65:e3:01:ed:f5:71:7e:0e:dc:3b:a7:65:e8:1b:58:aa:28:f1:99:06:0d:81:71:42:77:c2:d2:d1:a2:f5:ee:aa:0e:d6:a7:22:19:54:03:63:1c:0f:26:08:eb:0e:74:1d:e0:a6:d7:03:6d:64:91:64:67:38:6b:3f:b2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:26.083398000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495146.083398000", + "frame.time_delta": "0.000517000", + "frame.time_delta_displayed": "0.000517000", + "frame.time_relative": "1554.622712000", + "frame.number": "5447", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009674", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000770b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "71909", + "tcp.ack": "16802", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005356", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:10:37:a7:a0:e9:85", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2560055, TSecr 2812340613": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2560055", + "tcp.options.timestamp.tsecr": "2812340613" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5446", + "tcp.analysis.ack_rtt": "0.000517000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:26.099725000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495146.099725000", + "frame.time_delta": "0.016327000", + "frame.time_delta_displayed": "0.016327000", + "frame.time_relative": "1554.639039000", + "frame.number": "5448", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x00009675", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076d5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "71909", + "tcp.nxtseq": "71962", + "tcp.ack": "16802", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e112", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:10:39:a7:a0:e9:85", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2560057, TSecr 2812340613": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2560057", + "tcp.options.timestamp.tsecr": "2812340613" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:17:bb:7b:5d:7c:11:30:d4:11:75:1a:be:dc:33:54:99:00:c9:0a:38:29:fe:57:4a:31:2b:7d:d8:eb:01:9d:e2:08:a7:b2:0d:38:12:74:eb:a3" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:26.198310000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495146.198310000", + "frame.time_delta": "0.098585000", + "frame.time_delta_displayed": "0.098585000", + "frame.time_relative": "1554.737624000", + "frame.number": "5449", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d71", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000380e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "16802", + "tcp.ack": "71962", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000053f1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:e9:a2:00:27:10:39", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812340642, TSecr 2560057": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812340642", + "tcp.options.timestamp.tsecr": "2560057" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5448", + "tcp.analysis.ack_rtt": "0.098585000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:26.198934000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495146.198934000", + "frame.time_delta": "0.000624000", + "frame.time_delta_displayed": "0.000624000", + "frame.time_relative": "1554.738248000", + "frame.number": "5450", + "frame.len": "1413", + "frame.cap_len": "1413", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1399", + "ip.id": "0x00009676", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000071c6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1347", + "tcp.seq": "71962", + "tcp.nxtseq": "73309", + "tcp.ack": "16802", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a611", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:10:43:a7:a0:e9:a2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2560067, TSecr 2812340642": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2560067", + "tcp.options.timestamp.tsecr": "2812340642" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1347", + "tcp.analysis.push_bytes_sent": "1347" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "121", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:18:86:fc:64:01:2e:fb:9b:3e:45:a3:a2:04:29:f3:2a:b0:fc:c0:6d:91:14:c2:76:90:ea:62:e1:d0:c5:2e:f9:f4:77:f5:ac:49:5c:af:20:2d:55:e9:31:d4:a3:82:b2:a7:da:10:d9:40:a8:b2:57:a9:fe:96:e8:70:5b:fb:b6:20:21:06:da:2d:f0:fd:41:87:4a:61:c7:84:57:e7:6e:02:86:76:5c:7f:cd:7b:d5:23:22:7d:3c:b2:df:40:56:ca:a5:06:b2:23:a7:98:e7:ec:89:01:7a:e3:a8:7f:c4:f5:38" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1078", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:19:52:8c:8e:52:23:8c:43:d7:39:36:1f:85:7c:6a:be:ab:a4:16:d6:48:66:d2:7a:b2:e8:d8:76:0a:12:11:f5:ef:ee:e2:71:c1:1d:c4:9b:6b:df:e7:f4:90:7b:c0:ba:01:ee:fa:aa:d2:ee:2e:39:ba:3d:fc:fc:c6:39:33:76:f8:eb:3a:e8:96:15:56:30:49:b4:19:4d:71:5f:b1:fa:c6:5e:99:c0:88:21:0c:e5:51:8c:b7:ef:b7:e9:6f:d7:a2:10:fa:a5:24:24:9c:38:f2:e2:7c:76:d3:42:36:f2:0b:06:b8:5e:27:78:46:7f:a1:b9:79:1d:13:e6:9d:f8:dd:a6:71:77:b9:90:98:89:6f:27:e5:28:09:22:67:81:b6:d8:2d:98:8b:67:e1:64:06:c7:1b:58:4f:05:ba:ed:5f:25:c5:61:48:11:94:b7:61:d3:6f:0a:92:39:a4:2e:35:55:08:3e:48:8f:6f:f5:a5:8b:7f:d4:37:d0:0e:da:93:8c:1f:15:5f:ef:9b:31:61:11:a3:dc:20:50:7e:25:62:03:57:44:25:e7:58:b8:c0:ac:86:01:e5:ea:c8:a6:bb:e2:21:6c:84:3e:bc:37:6c:77:07:09:28:8c:f1:49:be:cf:16:98:17:9f:a1:d9:00:c8:df:1b:f9:79:de:23:8e:35:79:78:ba:a4:29:60:7b:25:ef:cd:33:56:1f:92:bb:22:86:f0:dd:02:93:e4:3b:45:da:0f:2c:4a:e0:03:13:f3:82:7d:56:b7:db:24:e0:95:c7:27:9f:11:ae:b6:9a:01:a9:d2:80:09:22:9a:a7:78:ae:e1:b1:17:77:f8:4a:e6:a0:b5:65:47:77:47:5a:aa:20:01:48:d4:39:c7:df:17:76:cc:59:3b:d2:c2:03:ca:a8:aa:1d:04:0f:be:cd:ad:4e:83:40:5f:74:cf:d3:21:51:92:7e:de:7b:d7:50:07:2b:ad:7a:cf:6d:fd:80:98:1a:85:e8:4c:90:88:94:54:98:43:63:ad:38:d7:10:3e:78:89:fa:58:9a:d0:32:70:79:65:9d:f6:eb:72:0e:ba:af:5f:25:80:63:a2:31:67:48:6a:72:be:bb:4a:21:a0:f7:cf:bd:2f:06:28:a2:50:e8:55:fc:53:0c:81:11:1d:81:7d:1c:c5:84:40:d0:05:52:77:57:d8:df:35:7e:2d:3f:59:da:42:79:9b:cf:3c:3e:de:89:51:72:0f:e6:3c:55:8d:e2:a6:2b:18:37:cd:86:f1:54:d4:05:0f:4a:2c:f0:81:87:97:6b:b5:b9:ae:d5:8a:55:44:7e:ca:1e:6b:54:7b:4b:33:b6:00:92:11:52:ec:c3:7e:e0:33:3c:6a:77:40:ff:27:00:d1:90:2b:e1:df:5f:b9:67:63:7b:9a:73:79:17:94:0a:95:29:b6:81:f1:78:e0:f6:af:2f:ad:22:fc:74:8c:49:63:c4:c7:1f:c4:58:58:52:62:ef:10:89:e4:0a:ff:aa:d5:95:b1:f2:6d:75:ed:9f:a9:da:9b:6d:ea:9e:3b:5e:c4:af:a5:77:e3:7d:29:18:41:d3:22:07:47:bb:d1:b8:29:5d:c4:09:a6:5b:4e:9a:e3:43:02:ce:5f:97:81:97:f1:d0:b7:7f:4b:f6:91:72:59:60:bc:86:19:6a:72:70:32:d8:f7:a9:b2:de:65:ab:1c:46:a6:13:22:87:b2:6f:5d:1a:0f:e8:ec:df:10:90:7b:34:dd:16:b4:50:23:c7:88:db:4e:db:48:e1:0e:5d:8c:fa:74:34:1a:f4:54:57:16:7a:58:73:b0:50:fe:78:35:b4:86:41:40:7f:0c:cc:52:51:b8:73:91:f5:34:30:ae:f3:2f:3f:b5:4b:f2:77:6c:1d:42:2c:4f:01:e4:b3:ab:03:fb:0d:d9:f8:79:b0:e1:18:ca:f4:6e:5e:1e:37:09:1c:a7:27:df:62:a8:fd:2a:85:6d:3f:cf:e2:76:d7:ed:83:06:9f:92:fb:98:36:b3:89:ca:02:a5:56:d2:e3:49:50:1c:c4:71:bc:10:65:f7:ba:7c:ea:94:98:e1:8b:66:17:96:ac:d9:f3:00:0e:ab:03:48:95:2c:7b:eb:f1:13:1b:4f:58:df:fd:bb:bf:a4:81:ca:2e:ef:98:b5:37:82:d9:51:2d:0b:c3:98:01:76:05:c0:bf:9a:c0:d0:b2:82:8d:2d:fb:f6:fb:ef:7f:98:a5:91:b2:72:e2:34:b3:1b:cc:28:a5:b0:aa:ad:88:88:63:c3:fe:08:9e:67:28:71:ff:8a:96:ca:30:d7:78:92:7e:30:e5:cf:97:87:cf:df:13:89:8d:01:bd:b9:18:20:d5:dd:6e:be:0f:02:da:8c:28:57:69:62:d3:ba:0e:b5:b9:c6:64:c2:a4:08:8e:83:7e:42:c5:9c:06:89:1b:cf:47:f6:10:42:60:1e:f6:0a:47:79:9f:69:12:5e:1e:eb:06:83:8d:a6:29:82:33:f0:49:91:ac:e3:7b:5c:ef:4a:a5:ee:8a:c2:59:fb:50:c5:b3:20:e2:0c:70:c7:c8:96:39:2d:79:72:f2:2e:df:ba:c7:75:53:5c:ff:28:bf:3b:c2:c1:6c:72:1d:d7:92:22:4c:b2:3a:b1:a7:50:56:2b:f8:2a:b9:30:7e:09:af:24:ad:c7:17:e3:11:c1:1b:c7:7a:b0:bf:bf:4f:71:9d:63:d5:72:c4:e4:d2:53:1f:ba:ef:20:86:16:ed:c7:45:78:ba:e4:94:8f:10:e1:66:13:d4:5b:4c:14:c7:9a:ec:de:46:53:07:b3:28:4d:5b" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "133", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:1a:f9:8a:41:9e:59:41:79:4f:88:42:61:70:7b:b4:db:59:c6:ab:71:f4:58:ca:58:0a:d4:da:a4:79:56:e9:eb:e4:1a:3c:d1:08:40:a3:b1:4d:f8:e1:36:23:f6:2d:03:43:ab:d1:12:44:57:85:07:db:66:ec:a9:23:6f:f4:f3:f2:73:71:72:51:71:c2:b5:e2:5e:2b:d1:82:6e:9c:16:f7:6e:12:ee:c6:9a:55:91:09:75:d8:f2:9b:62:7b:43:e3:13:bc:ac:6a:51:6a:1a:d0:a7:05:28:40:ca:62:d5:a6:7d:be:38:0d:0e:b1:9b:42:4f:2f:3c:a0:59" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:26.259319000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495146.259319000", + "frame.time_delta": "0.060385000", + "frame.time_delta_displayed": "0.060385000", + "frame.time_relative": "1554.798633000", + "frame.number": "5451", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d72", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000380d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "16802", + "tcp.ack": "73309", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004e95", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:e9:b1:00:27:10:43", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812340657, TSecr 2560067": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812340657", + "tcp.options.timestamp.tsecr": "2560067" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5450", + "tcp.analysis.ack_rtt": "0.060385000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:26.517656000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495146.517656000", + "frame.time_delta": "0.258337000", + "frame.time_delta_displayed": "0.258337000", + "frame.time_relative": "1555.056970000", + "frame.number": "5452", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009677", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076d2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "73309", + "tcp.nxtseq": "73363", + "tcp.ack": "16802", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000080e2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:10:63:a7:a0:e9:b1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2560099, TSecr 2812340657": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2560099", + "tcp.options.timestamp.tsecr": "2812340657" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:1b:5b:a6:f0:4c:05:12:b6:40:76:6c:62:b8:37:13:8c:61:09:d7:2c:b2:06:2c:53:29:95:91:9e:f8:0f:fd:e2:c8:83:66:2a:9c:db:06:15:92:4b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:26.577840000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495146.577840000", + "frame.time_delta": "0.060184000", + "frame.time_delta_displayed": "0.060184000", + "frame.time_relative": "1555.117154000", + "frame.number": "5453", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d73", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000380c", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "16802", + "tcp.ack": "73363", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004df0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:ea:00:00:27:10:63", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812340736, TSecr 2560099": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812340736", + "tcp.options.timestamp.tsecr": "2560099" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5452", + "tcp.analysis.ack_rtt": "0.060184000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:28.851314000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495148.851314000", + "frame.time_delta": "2.273474000", + "frame.time_delta_displayed": "2.273474000", + "frame.time_relative": "1557.390628000", + "frame.number": "5454", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:29.273493000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495149.273493000", + "frame.time_delta": "0.422179000", + "frame.time_delta_displayed": "0.422179000", + "frame.time_relative": "1557.812807000", + "frame.number": "5455", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00000b04", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ce55", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:30.092719000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495150.092719000", + "frame.time_delta": "0.819226000", + "frame.time_delta_displayed": "0.819226000", + "frame.time_relative": "1558.632033000", + "frame.number": "5456", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:57:18:8e:aa:94", + "arp.src.proto_ipv4": "192.168.0.108", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:31.162451000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495151.162451000", + "frame.time_delta": "1.069732000", + "frame.time_delta_displayed": "1.069732000", + "frame.time_relative": "1559.701765000", + "frame.number": "5457", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:34.579107000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495154.579107000", + "frame.time_delta": "3.416656000", + "frame.time_delta_displayed": "3.416656000", + "frame.time_relative": "1563.118421000", + "frame.number": "5458", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005817", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a67a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5037", + "tcp.ack": "577", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f0d2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:34.788792000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495154.788792000", + "frame.time_delta": "0.209685000", + "frame.time_delta_displayed": "0.209685000", + "frame.time_relative": "1563.328106000", + "frame.number": "5459", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000ffe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd93", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "577", + "tcp.ack": "5038", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fb47", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:34.825427000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495154.825427000", + "frame.time_delta": "0.036635000", + "frame.time_delta_displayed": "0.036635000", + "frame.time_relative": "1563.364741000", + "frame.number": "5460", + "frame.len": "1325", + "frame.cap_len": "1325", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1311", + "ip.id": "0x00009678", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000721c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1259", + "tcp.seq": "73363", + "tcp.nxtseq": "74622", + "tcp.ack": "16802", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000415a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:13:a2:a7:a0:ea:00", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2560930, TSecr 2812340736": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2560930", + "tcp.options.timestamp.tsecr": "2812340736" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1259", + "tcp.analysis.push_bytes_sent": "1259" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1254", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:1c:bc:da:9d:cf:69:f8:0a:0b:9c:9b:71:72:e4:6c:6a:28:71:de:dc:bc:76:27:ed:08:b5:3e:f1:f0:c8:32:a6:7f:55:10:6b:da:9c:0d:24:40:18:f0:f3:be:c9:af:55:db:78:9f:f9:9b:42:bb:13:b4:68:94:34:e6:56:e7:b8:53:94:f5:c1:92:09:53:d7:d3:dd:82:52:36:2d:db:49:00:a1:51:1f:6b:c2:0c:de:41:53:27:5d:7b:b6:ba:ac:9d:c9:06:a0:84:1d:dc:13:be:4b:3e:b7:f4:3d:94:5b:3b:6a:04:fa:3b:77:b6:78:4d:5a:36:f1:b2:9a:e7:a6:54:7e:ac:71:0e:f8:ba:f7:29:a3:53:0c:33:08:b8:50:d8:07:8b:62:09:5c:b4:df:a7:bc:20:3a:25:58:ae:ad:59:9b:0f:d6:ad:ca:99:8a:85:00:39:7a:d5:db:81:c8:a9:93:8e:ba:52:89:c4:2d:dc:d4:b2:18:c3:0a:15:53:cd:3b:dd:ae:71:ae:ba:d0:93:03:88:0a:51:12:16:2f:8b:ff:54:da:a4:42:98:4d:c5:00:dc:c9:3a:39:95:c1:dc:0e:ba:6c:22:ed:7d:01:2f:25:03:0d:f3:ff:4d:43:f8:40:ba:d0:0c:1c:bc:93:22:d3:c9:f6:06:a9:e8:25:e2:33:29:e9:37:6d:31:05:93:48:66:ee:24:3d:fd:3e:7d:c3:96:f1:d8:00:49:fa:04:0a:19:10:0f:fd:a1:0e:f7:4b:92:08:b7:0f:63:c1:ff:76:37:6d:56:41:5a:ad:22:6c:30:6d:24:02:57:4d:02:6f:4a:0a:ac:ff:62:5c:bf:e3:d9:f5:2c:57:c8:0c:81:55:92:98:a4:63:2c:29:e3:d9:b8:5d:a4:6f:fd:2a:db:31:87:c3:c5:0b:1d:5d:0e:48:1f:2d:78:25:bc:d1:70:4d:16:44:62:9b:9e:2a:d9:b2:f6:29:08:8f:d4:37:18:ee:d3:93:44:76:db:eb:5d:f0:24:fe:f6:cb:f8:24:5a:fa:fd:3e:18:05:2a:8c:dd:4c:6c:3c:e7:3b:3b:b6:3a:b3:69:97:57:ad:eb:e2:c9:a5:01:fc:a2:fa:d2:0b:65:2d:1f:80:79:e9:67:75:b0:f2:d5:27:bd:42:fc:88:35:98:84:cd:29:8d:52:24:95:78:12:5c:90:ea:3a:c5:a2:d6:a7:70:92:40:fc:32:c7:f3:0b:15:29:4c:32:e0:d3:f4:e6:b7:cc:99:a2:90:50:6f:51:3b:6a:72:a3:6f:aa:18:61:7e:b7:49:3e:b4:19:f1:63:6a:11:44:ad:dd:c2:fa:1b:df:c7:34:0b:15:91:7a:dd:c2:69:ae:fc:ee:1d:87:4c:ef:3c:7f:d5:b5:dc:d3:fb:88:88:83:3c:71:53:2f:c1:1b:0f:a7:76:70:66:46:ad:f9:11:6d:46:2e:02:15:d6:15:c4:af:fb:8c:76:ff:87:dc:b7:b6:b9:5f:7d:41:b3:2f:8f:f0:6f:bd:dd:9b:b7:7d:a6:db:9c:e0:7c:20:cb:eb:06:b8:61:08:a1:80:c9:08:1f:76:ca:58:50:62:f2:ba:78:ef:41:7d:f5:ed:b1:b8:c0:00:f8:c8:ea:b6:e8:8e:df:1a:5a:c7:d5:4c:8e:e5:b9:40:0d:eb:07:5e:7d:b2:be:8c:df:e9:42:82:29:aa:96:b6:28:ee:6e:19:3e:80:87:a8:42:2b:c0:0e:42:4a:c0:05:5a:c3:22:8c:44:c4:27:f0:ca:90:fc:5a:97:14:ee:78:a6:fd:a9:c9:77:86:84:54:cb:96:72:7f:b2:0d:c0:86:d6:e2:62:a5:09:95:f5:30:69:ab:4b:4b:c5:37:9b:5c:e0:4c:9c:f6:ec:8f:91:99:b1:c1:4e:f2:e5:de:23:de:f7:63:35:9a:b4:fc:01:94:80:ea:6f:d3:c1:e8:01:e7:2a:55:b9:0a:e3:7a:01:75:36:c2:cc:67:e6:e0:a7:d3:f5:67:55:68:24:e9:45:0b:6b:90:52:b8:ab:cd:6d:d2:26:c9:fa:13:59:06:b9:19:a6:fe:e1:c8:f6:61:3d:6c:6d:fb:51:af:45:30:b6:1e:6f:13:c1:26:07:f0:f8:c1:10:2f:2b:17:7e:78:1c:3d:45:ff:bf:2d:87:1a:af:47:f6:da:15:68:e0:c6:71:3b:f6:80:08:3b:19:23:b0:b5:2b:a6:35:01:96:fe:97:12:ed:20:87:97:e1:ce:8d:80:ec:c5:59:b6:48:c9:1b:6c:db:6f:ea:5e:21:ab:93:40:15:b2:de:65:bb:b4:2c:cd:d1:96:f4:c9:ad:c6:a6:31:b5:ec:90:0e:cf:6a:dc:5d:39:98:d3:36:72:59:ea:15:4e:0e:e5:7f:b8:e6:59:6a:92:c8:2e:33:a8:70:e3:d0:ce:4a:19:44:41:00:26:79:fc:c6:87:3e:37:f1:fd:63:c0:4e:93:fc:05:bc:f2:6c:37:47:ed:4b:8e:4f:ed:f4:f5:24:40:73:d6:5c:cb:2b:c4:1d:96:85:1a:61:46:06:2e:7a:eb:b7:3c:02:6c:74:1c:9b:5d:7a:93:d7:27:ad:79:8e:e0:b7:24:5b:dc:96:bd:d6:39:b2:30:99:2b:c9:79:eb:80:1c:04:52:2e:08:b8:81:82:04:72:e8:00:4d:e5:4c:fd:db:85:d2:92:d3:10:f3:d0:5a:fa:a1:2f:0e:3e:8e:b3:20:18:8c:53:3b:82:32:bb:74:47:41:7b:c5:48:33:3f:f9:08:2a:a4:e3:94:70:a1:37:a7:00:83:61:df:9f:69:a6:93:11:8d:e5:dc:2e:5b:87:ba:fa:0f:95:63:bb:a5:93:a9:03:4c:29:ef:6a:e2:a8:fa:54:5b:f8:36:f2:f6:76:34:67:72:20:46:cf:a6:fc:4b:31:b4:45:53:94:57:15:ea:89:42:48:01:6a:14:f4:06:ae:35:8c:a4:06:8f:20:5d:73:e6:0d:d3:ac:5d:ef:6f:09:a0:3f:d8:f1:ef:1c:6c:3b:83:cc:b6:de:f4:8d:51:f7:e4:82:b1:f5:db:9e:ad:57:b5:9d:3a:99:3e:2e:ec:2c:8c:6f:33:a9:ee:bc:19:28:c3:47:af:a1:b5:66:e8:30:bf:d3:f2:be:e2:e4:1e:19:e2:b3:73:75:5a:ea:43:06:c0:c1:eb:4c:cc:56:c8:40:8d:ff:a4:72:3c:e6:28:82:95:d1:92:80:2b:1f:a4:a2:87:45:fe:dd:64:5d:14:e7:6b:2b:0c:48:11:89:b1:3e:66:75:f7" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:34.885607000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495154.885607000", + "frame.time_delta": "0.060180000", + "frame.time_delta_displayed": "0.060180000", + "frame.time_relative": "1563.424921000", + "frame.number": "5461", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d74", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000380b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "16802", + "tcp.ack": "74622", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003da9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:f2:1d:00:27:13:a2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812342813, TSecr 2560930": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812342813", + "tcp.options.timestamp.tsecr": "2560930" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5460", + "tcp.analysis.ack_rtt": "0.060180000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:36.639416000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495156.639416000", + "frame.time_delta": "1.753809000", + "frame.time_delta_displayed": "1.753809000", + "frame.time_relative": "1565.178730000", + "frame.number": "5462", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005de3", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005a06", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:36.782403000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495156.782403000", + "frame.time_delta": "0.142987000", + "frame.time_delta_displayed": "0.142987000", + "frame.time_relative": "1565.321717000", + "frame.number": "5463", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00001b14", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ae43", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:36.869583000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495156.869583000", + "frame.time_delta": "0.087180000", + "frame.time_delta_displayed": "0.087180000", + "frame.time_relative": "1565.408897000", + "frame.number": "5464", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00001b16", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ae41", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:36.888098000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495156.888098000", + "frame.time_delta": "0.018515000", + "frame.time_delta_displayed": "0.018515000", + "frame.time_relative": "1565.427412000", + "frame.number": "5465", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00001b19", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ae35", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:36.940561000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495156.940561000", + "frame.time_delta": "0.052463000", + "frame.time_delta_displayed": "0.052463000", + "frame.time_relative": "1565.479875000", + "frame.number": "5466", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00001b1e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ae30", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:36.993549000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495156.993549000", + "frame.time_delta": "0.052988000", + "frame.time_delta_displayed": "0.052988000", + "frame.time_relative": "1565.532863000", + "frame.number": "5467", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00001b20", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ae34", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:37.046367000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495157.046367000", + "frame.time_delta": "0.052818000", + "frame.time_delta_displayed": "0.052818000", + "frame.time_relative": "1565.585681000", + "frame.number": "5468", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00001b22", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ae32", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:38.974551000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495158.974551000", + "frame.time_delta": "1.928184000", + "frame.time_delta_displayed": "1.928184000", + "frame.time_relative": "1567.513865000", + "frame.number": "5469", + "frame.len": "145", + "frame.cap_len": "145", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "131", + "ip.id": "0x00002d75", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037bb", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "79", + "tcp.seq": "16802", + "tcp.nxtseq": "16881", + "tcp.ack": "74622", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e514", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:f6:1c:00:27:13:a2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812343836, TSecr 2560930": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812343836", + "tcp.options.timestamp.tsecr": "2560930" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "79", + "tcp.analysis.push_bytes_sent": "79" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "74", + "ssl.app_data": "34:cd:34:17:47:48:0e:b4:10:49:25:1b:33:9e:37:70:e7:ea:09:33:f6:05:1c:06:33:78:9d:d4:bb:09:db:c5:c5:4f:d2:f9:b1:63:cb:83:35:be:53:78:09:37:a6:7d:af:70:b4:38:11:5e:7b:1a:57:9e:f4:5e:0e:78:ce:ca:6e:b9:b9:48:cf:ba:7c:bc:94:5e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:38.978354000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495158.978354000", + "frame.time_delta": "0.003803000", + "frame.time_delta_displayed": "0.003803000", + "frame.time_relative": "1567.517668000", + "frame.number": "5470", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00009679", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076d7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "74622", + "tcp.nxtseq": "74669", + "tcp.ack": "16881", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006842", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:15:41:a7:a0:f6:1c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2561345, TSecr 2812343836": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2561345", + "tcp.options.timestamp.tsecr": "2812343836" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5469", + "tcp.analysis.ack_rtt": "0.003803000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:1d:50:46:5b:ea:39:17:71:4f:b7:32:60:98:08:9f:cd:56:c4:c7:f3:a4:dc:b0:ab:9e:1c:e8:0d:6a:97:c7:69:01:82:81" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:39.038687000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495159.038687000", + "frame.time_delta": "0.060333000", + "frame.time_delta_displayed": "0.060333000", + "frame.time_relative": "1567.578001000", + "frame.number": "5471", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d76", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003809", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "16881", + "tcp.ack": "74669", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000377d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:f6:2c:00:27:15:41", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812343852, TSecr 2561345": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812343852", + "tcp.options.timestamp.tsecr": "2561345" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5470", + "tcp.analysis.ack_rtt": "0.060333000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:39.127740000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495159.127740000", + "frame.time_delta": "0.089053000", + "frame.time_delta_displayed": "0.089053000", + "frame.time_relative": "1567.667054000", + "frame.number": "5472", + "frame.len": "408", + "frame.cap_len": "408", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "394", + "ip.id": "0x0000967a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075af", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "342", + "tcp.seq": "74669", + "tcp.nxtseq": "75011", + "tcp.ack": "16881", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bfec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:15:50:a7:a0:f6:2c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2561360, TSecr 2812343852": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2561360", + "tcp.options.timestamp.tsecr": "2812343852" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "342", + "tcp.analysis.push_bytes_sent": "342" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "337", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:1e:28:e4:58:b4:09:0e:85:67:70:f1:13:ac:31:63:a2:45:fa:eb:f5:75:5c:b9:36:89:a4:95:87:e7:a4:3d:02:1f:4f:c2:22:93:0d:0e:f9:3d:a6:37:63:db:0a:99:30:e8:b0:f9:bf:b2:76:08:22:bb:87:a7:cf:47:b0:75:99:d9:31:3f:be:d2:a8:87:33:66:b9:4b:6c:ac:86:89:ee:d9:9f:32:f5:fd:a4:85:b8:16:37:de:e8:14:c7:a7:4b:58:f2:5f:6b:45:21:dc:e3:38:57:cd:80:0f:99:df:9a:7c:10:41:66:d0:9a:29:88:77:9b:19:58:55:80:f5:22:d9:5d:0f:68:7c:6c:4a:a3:fd:fc:d9:22:4d:a4:7c:56:21:0a:0e:0c:2e:bc:d6:f6:e7:8a:ce:96:1d:03:2a:f5:20:50:8c:26:d3:b5:10:08:13:8c:5f:e8:c0:2c:91:4f:66:ee:ef:42:f7:0d:8e:3d:5e:1e:0b:95:a0:99:3e:25:76:5b:22:76:1d:3f:77:d4:b2:0b:16:ff:f4:91:dd:07:c4:be:29:53:db:71:bd:e4:96:5e:0c:a4:21:b8:75:fe:e5:76:33:bd:41:9f:84:6d:a6:2e:02:52:e3:2d:4d:ce:04:75:68:28:27:78:95:61:3b:13:a9:2c:82:da:f2:92:82:49:67:01:26:ea:6c:ac:19:05:03:e9:57:0d:b2:b3:fb:bc:d6:ff:61:51:1a:54:91:33:a1:c6:21:6e:1d:a7:0f:43:53:15:a9:5b:41:9a:34:a4:69:b3:16:2c:a7:fc:fa:c9:f0:95:1f:30:e4:51:eb:04:53:b1:93:77:c0:8b:bd:b5:30:e0:63:dd:16:da:96:8f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:39.187943000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495159.187943000", + "frame.time_delta": "0.060203000", + "frame.time_delta_displayed": "0.060203000", + "frame.time_relative": "1567.727257000", + "frame.number": "5473", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d77", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003808", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "16881", + "tcp.ack": "75011", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000035f3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:f6:51:00:27:15:50", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812343889, TSecr 2561360": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812343889", + "tcp.options.timestamp.tsecr": "2561360" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5472", + "tcp.analysis.ack_rtt": "0.060203000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:39.188404000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495159.188404000", + "frame.time_delta": "0.000461000", + "frame.time_delta_displayed": "0.000461000", + "frame.time_relative": "1567.727718000", + "frame.number": "5474", + "frame.len": "410", + "frame.cap_len": "410", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "396", + "ip.id": "0x0000967b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "344", + "tcp.seq": "75011", + "tcp.nxtseq": "75355", + "tcp.ack": "16881", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e7c3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:15:56:a7:a0:f6:51", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2561366, TSecr 2812343889": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2561366", + "tcp.options.timestamp.tsecr": "2812343889" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "344", + "tcp.analysis.push_bytes_sent": "344" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "339", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:1f:99:15:45:58:41:fe:a7:8e:68:3e:ad:13:90:31:6c:f1:bd:c3:4d:82:1b:2f:20:2c:13:08:cc:cc:70:80:81:3f:a3:66:a3:a0:bb:1d:22:7f:57:2c:89:0b:dc:4f:06:c5:19:ad:a9:39:59:17:15:60:c1:28:51:6b:5f:2c:bf:25:58:77:c4:b2:0e:8c:63:ae:f3:dd:4c:24:c3:be:9c:52:18:91:07:f0:6f:ed:76:28:5a:76:55:e3:ad:53:96:e8:7f:e5:1f:33:ed:98:7b:72:9f:d2:16:7a:b6:cd:c8:1e:c6:b4:8d:25:7e:28:75:89:5b:19:01:d3:e4:a5:d4:78:fd:33:cb:ba:2c:14:a5:10:52:d4:62:17:b8:3c:96:54:4a:3c:21:32:a0:4b:d6:5b:00:46:29:98:d6:6e:88:0d:10:98:c9:fa:49:5a:ba:50:87:18:48:1d:c5:20:3c:40:ad:9f:0d:03:43:fd:b6:09:08:2b:a2:86:50:61:5b:e2:47:28:8c:20:34:fd:1d:da:a1:3c:96:64:44:ec:d1:e0:55:6d:00:ea:7b:e0:13:16:24:b6:68:de:1b:e0:cd:58:b5:80:f5:e8:53:46:a9:61:23:64:e2:cc:db:9f:55:48:44:96:29:61:80:bc:27:ed:c5:7d:56:93:a8:3b:9d:bd:3a:a9:87:8a:1f:3c:06:fd:2d:e3:e3:d4:9c:29:70:74:3a:7c:df:0f:c8:3c:b2:2f:30:85:0a:3c:53:c0:bc:fc:08:23:cd:6c:ce:e0:e8:1b:a1:57:08:df:90:4b:d9:e0:15:2c:bf:80:01:74:a7:3a:51:6e:3e:d7:ea:b7:7f:c2:8d:94:d1:30:59:3a:6c:f0:16:64:90" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:39.188640000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495159.188640000", + "frame.time_delta": "0.000236000", + "frame.time_delta_displayed": "0.000236000", + "frame.time_relative": "1567.727954000", + "frame.number": "5475", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d78", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037d8", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "16881", + "tcp.nxtseq": "16928", + "tcp.ack": "75011", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c285", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:f6:51:00:27:15:50", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812343889, TSecr 2561360": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812343889", + "tcp.options.timestamp.tsecr": "2561360" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:b5:ed:64:ae:cd:68:5f:a7:e5:7c:11:d7:e3:56:01:7f:1b:88:b2:ef:67:a4:c1:3b:88:2e:fb:be:f1:e3:48:cc:43:a8:e5" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:39.223400000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495159.223400000", + "frame.time_delta": "0.034760000", + "frame.time_delta_displayed": "0.034760000", + "frame.time_relative": "1567.762714000", + "frame.number": "5476", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000967c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007703", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "75355", + "tcp.ack": "16928", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003373", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:15:5a:a7:a0:f6:51", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2561370, TSecr 2812343889": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2561370", + "tcp.options.timestamp.tsecr": "2812343889" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5475", + "tcp.analysis.ack_rtt": "0.034760000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:39.250335000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495159.250335000", + "frame.time_delta": "0.026935000", + "frame.time_delta_displayed": "0.026935000", + "frame.time_relative": "1567.789649000", + "frame.number": "5477", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d79", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037d7", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "16928", + "tcp.nxtseq": "16975", + "tcp.ack": "75355", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000243b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a0:f6:60:00:27:15:56", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812343904, TSecr 2561366": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812343904", + "tcp.options.timestamp.tsecr": "2561366" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5474", + "tcp.analysis.ack_rtt": "0.061931000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:b6:13:ce:8c:4f:c3:d1:c1:e2:94:1e:7b:4b:88:13:a7:99:78:3d:8d:b8:b1:02:ab:4f:8f:2f:47:29:6b:a8:bb:a6:5e:0f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:39.250824000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495159.250824000", + "frame.time_delta": "0.000489000", + "frame.time_delta_displayed": "0.000489000", + "frame.time_relative": "1567.790138000", + "frame.number": "5478", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000967d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007702", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "75355", + "tcp.ack": "16975", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003333", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:15:5c:a7:a0:f6:60", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2561372, TSecr 2812343904": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2561372", + "tcp.options.timestamp.tsecr": "2812343904" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5477", + "tcp.analysis.ack_rtt": "0.000489000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:48.139453000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495168.139453000", + "frame.time_delta": "8.888629000", + "frame.time_delta_displayed": "8.888629000", + "frame.time_relative": "1576.678767000", + "frame.number": "5479", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:48.142262000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495168.142262000", + "frame.time_delta": "0.002809000", + "frame.time_delta_displayed": "0.002809000", + "frame.time_relative": "1576.681576000", + "frame.number": "5480", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:48.150447000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495168.150447000", + "frame.time_delta": "0.008185000", + "frame.time_delta_displayed": "0.008185000", + "frame.time_relative": "1576.689761000", + "frame.number": "5481", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:48.320901000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495168.320901000", + "frame.time_delta": "0.170454000", + "frame.time_delta_displayed": "0.170454000", + "frame.time_relative": "1576.860215000", + "frame.number": "5482", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:48.701048000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495168.701048000", + "frame.time_delta": "0.380147000", + "frame.time_delta_displayed": "0.380147000", + "frame.time_relative": "1577.240362000", + "frame.number": "5483", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x00002458", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x0060f824", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:48.711106000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495168.711106000", + "frame.time_delta": "0.010058000", + "frame.time_delta_displayed": "0.010058000", + "frame.time_relative": "1577.250420000", + "frame.number": "5484", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x000052c9", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x000cbf3f", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:48.721656000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495168.721656000", + "frame.time_delta": "0.010550000", + "frame.time_delta_displayed": "0.010550000", + "frame.time_relative": "1577.260970000", + "frame.number": "5485", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:48.740628000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495168.740628000", + "frame.time_delta": "0.018972000", + "frame.time_delta_displayed": "0.018972000", + "frame.time_relative": "1577.279942000", + "frame.number": "5486", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:49.314204000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495169.314204000", + "frame.time_delta": "0.573576000", + "frame.time_delta_displayed": "0.573576000", + "frame.time_relative": "1577.853518000", + "frame.number": "5487", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00001f89", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000b9d0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:49.741064000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495169.741064000", + "frame.time_delta": "0.426860000", + "frame.time_delta_displayed": "0.426860000", + "frame.time_relative": "1578.280378000", + "frame.number": "5488", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:49.743578000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495169.743578000", + "frame.time_delta": "0.002514000", + "frame.time_delta_displayed": "0.002514000", + "frame.time_relative": "1578.282892000", + "frame.number": "5489", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:49.752594000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495169.752594000", + "frame.time_delta": "0.009016000", + "frame.time_delta_displayed": "0.009016000", + "frame.time_relative": "1578.291908000", + "frame.number": "5490", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:49.960923000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495169.960923000", + "frame.time_delta": "0.208329000", + "frame.time_delta_displayed": "0.208329000", + "frame.time_relative": "1578.500237000", + "frame.number": "5491", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.158248000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.158248000", + "frame.time_delta": "0.197325000", + "frame.time_delta_displayed": "0.197325000", + "frame.time_relative": "1578.697562000", + "frame.number": "5492", + "frame.len": "171", + "frame.cap_len": "171", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "157", + "ip.id": "0x0000973b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000311c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "137", + "udp.checksum": "0x00007fb2", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "16", + "http.prev_request_in": "999" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.158412000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.158412000", + "frame.time_delta": "0.000164000", + "frame.time_delta_displayed": "0.000164000", + "frame.time_relative": "1578.697726000", + "frame.number": "5493", + "frame.len": "171", + "frame.cap_len": "171", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "157", + "ip.id": "0x0000973c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000311b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "137", + "udp.checksum": "0x00007fb2", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "17", + "http.prev_request_in": "5492" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.159393000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.159393000", + "frame.time_delta": "0.000981000", + "frame.time_delta_displayed": "0.000981000", + "frame.time_relative": "1578.698707000", + "frame.number": "5494", + "frame.len": "171", + "frame.cap_len": "171", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "157", + "ip.id": "0x0000973d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000311a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "137", + "udp.checksum": "0x00007fb2", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "18", + "http.prev_request_in": "5493" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.159535000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.159535000", + "frame.time_delta": "0.000142000", + "frame.time_delta_displayed": "0.000142000", + "frame.time_relative": "1578.698849000", + "frame.number": "5495", + "frame.len": "171", + "frame.cap_len": "171", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "157", + "ip.id": "0x0000973e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00003119", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "137", + "udp.checksum": "0x00007fb2", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "19", + "http.prev_request_in": "5494" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.159676000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.159676000", + "frame.time_delta": "0.000141000", + "frame.time_delta_displayed": "0.000141000", + "frame.time_relative": "1578.698990000", + "frame.number": "5496", + "frame.len": "171", + "frame.cap_len": "171", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "157", + "ip.id": "0x0000973f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00003118", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "137", + "udp.checksum": "0x00007fb2", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "20", + "http.prev_request_in": "5495" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.159820000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.159820000", + "frame.time_delta": "0.000144000", + "frame.time_delta_displayed": "0.000144000", + "frame.time_relative": "1578.699134000", + "frame.number": "5497", + "frame.len": "169", + "frame.cap_len": "169", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "155", + "ip.id": "0x00009740", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00003119", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "135", + "udp.checksum": "0x0000e016", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "21", + "http.prev_request_in": "5496" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.160074000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.160074000", + "frame.time_delta": "0.000254000", + "frame.time_delta_displayed": "0.000254000", + "frame.time_relative": "1578.699388000", + "frame.number": "5498", + "frame.len": "169", + "frame.cap_len": "169", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "155", + "ip.id": "0x00009741", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00003118", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "135", + "udp.checksum": "0x0000e016", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "22", + "http.prev_request_in": "5497" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.160227000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.160227000", + "frame.time_delta": "0.000153000", + "frame.time_delta_displayed": "0.000153000", + "frame.time_relative": "1578.699541000", + "frame.number": "5499", + "frame.len": "169", + "frame.cap_len": "169", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "155", + "ip.id": "0x00009742", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00003117", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "135", + "udp.checksum": "0x0000e016", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "23", + "http.prev_request_in": "5498" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.160369000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.160369000", + "frame.time_delta": "0.000142000", + "frame.time_delta_displayed": "0.000142000", + "frame.time_relative": "1578.699683000", + "frame.number": "5500", + "frame.len": "169", + "frame.cap_len": "169", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "155", + "ip.id": "0x00009743", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00003116", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "135", + "udp.checksum": "0x0000e016", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "24", + "http.prev_request_in": "5499" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.160523000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.160523000", + "frame.time_delta": "0.000154000", + "frame.time_delta_displayed": "0.000154000", + "frame.time_relative": "1578.699837000", + "frame.number": "5501", + "frame.len": "169", + "frame.cap_len": "169", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "155", + "ip.id": "0x00009744", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00003115", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "135", + "udp.checksum": "0x0000e016", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "25", + "http.prev_request_in": "5500" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.160720000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.160720000", + "frame.time_delta": "0.000197000", + "frame.time_delta_displayed": "0.000197000", + "frame.time_relative": "1578.700034000", + "frame.number": "5502", + "frame.len": "166", + "frame.cap_len": "166", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "152", + "ip.id": "0x00009745", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00003117", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "132", + "udp.checksum": "0x00005fa7", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "26", + "http.prev_request_in": "5501" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.160865000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.160865000", + "frame.time_delta": "0.000145000", + "frame.time_delta_displayed": "0.000145000", + "frame.time_relative": "1578.700179000", + "frame.number": "5503", + "frame.len": "166", + "frame.cap_len": "166", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "152", + "ip.id": "0x00009746", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00003116", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "132", + "udp.checksum": "0x00005fa7", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "27", + "http.prev_request_in": "5502" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.161057000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.161057000", + "frame.time_delta": "0.000192000", + "frame.time_delta_displayed": "0.000192000", + "frame.time_relative": "1578.700371000", + "frame.number": "5504", + "frame.len": "166", + "frame.cap_len": "166", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "152", + "ip.id": "0x00009747", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00003115", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "132", + "udp.checksum": "0x00005fa7", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "28", + "http.prev_request_in": "5503" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.161199000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.161199000", + "frame.time_delta": "0.000142000", + "frame.time_delta_displayed": "0.000142000", + "frame.time_relative": "1578.700513000", + "frame.number": "5505", + "frame.len": "166", + "frame.cap_len": "166", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "152", + "ip.id": "0x00009748", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00003114", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "132", + "udp.checksum": "0x00005fa7", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "29", + "http.prev_request_in": "5504" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.161459000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.161459000", + "frame.time_delta": "0.000260000", + "frame.time_delta_displayed": "0.000260000", + "frame.time_relative": "1578.700773000", + "frame.number": "5506", + "frame.len": "166", + "frame.cap_len": "166", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "152", + "ip.id": "0x00009749", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00003113", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "132", + "udp.checksum": "0x00005fa7", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "30", + "http.prev_request_in": "5505" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.167554000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.167554000", + "frame.time_delta": "0.006095000", + "frame.time_delta_displayed": "0.006095000", + "frame.time_relative": "1578.706868000", + "frame.number": "5507", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000ea03", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 239.255.255.250 Change To Exclude Mode": { + "igmp.record_type": "4", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "239.255.255.250" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.193617000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.193617000", + "frame.time_delta": "0.026063000", + "frame.time_delta_displayed": "0.026063000", + "frame.time_relative": "1578.732931000", + "frame.number": "5508", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x00002e92", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x0029ee21", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.200649000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.200649000", + "frame.time_delta": "0.007032000", + "frame.time_delta_displayed": "0.007032000", + "frame.time_relative": "1578.739963000", + "frame.number": "5509", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x0000f36e", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x00b61df0", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.209508000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.209508000", + "frame.time_delta": "0.008859000", + "frame.time_delta_displayed": "0.008859000", + "frame.time_relative": "1578.748822000", + "frame.number": "5510", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.221093000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.221093000", + "frame.time_delta": "0.011585000", + "frame.time_delta_displayed": "0.011585000", + "frame.time_relative": "1578.760407000", + "frame.number": "5511", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.274622000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.274622000", + "frame.time_delta": "0.053529000", + "frame.time_delta_displayed": "0.053529000", + "frame.time_relative": "1578.813936000", + "frame.number": "5512", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002907", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008e5a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "91", + "http.prev_response_in": "1884" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.327458000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.327458000", + "frame.time_delta": "0.052836000", + "frame.time_delta_displayed": "0.052836000", + "frame.time_relative": "1578.866772000", + "frame.number": "5513", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000290c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008e4c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "92", + "http.prev_response_in": "5512" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.380293000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.380293000", + "frame.time_delta": "0.052835000", + "frame.time_delta_displayed": "0.052835000", + "frame.time_relative": "1578.919607000", + "frame.number": "5514", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002911", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008e4d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "93", + "http.prev_response_in": "5513" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.393355000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.393355000", + "frame.time_delta": "0.013062000", + "frame.time_delta_displayed": "0.013062000", + "frame.time_relative": "1578.932669000", + "frame.number": "5515", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x00000507", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "2", + "Group Record : 224.0.0.251 Change To Exclude Mode": { + "igmp.record_type": "4", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + }, + "Group Record : 239.255.255.250 Change To Exclude Mode": { + "igmp.record_type": "4", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "239.255.255.250" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.394590000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.394590000", + "frame.time_delta": "0.001235000", + "frame.time_delta_displayed": "0.001235000", + "frame.time_relative": "1578.933904000", + "frame.number": "5516", + "frame.len": "103", + "frame.cap_len": "103", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "89", + "ip.id": "0x00003cb0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00009ce9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "69", + "udp.checksum": "0x00000e5b", + "udp.checksum.status": "2", + "udp.stream": "38" + }, + "mdns": { + "dns.id": "0x00000001", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", + "dns.qry.name.len": "37", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.407948000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.407948000", + "frame.time_delta": "0.013358000", + "frame.time_delta_displayed": "0.013358000", + "frame.time_relative": "1578.947262000", + "frame.number": "5517", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000ee51", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ca23", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47508", + "tcp.dstport": "80", + "tcp.port": "47508", + "tcp.port": "80", + "tcp.stream": "202", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000a7c1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:5f:2d:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 941869, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "941869", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.408518000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.408518000", + "frame.time_delta": "0.000570000", + "frame.time_delta_displayed": "0.000570000", + "frame.time_relative": "1578.947832000", + "frame.number": "5518", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47508", + "tcp.port": "80", + "tcp.port": "47508", + "tcp.stream": "202", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000b329", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5517", + "tcp.analysis.ack_rtt": "0.000570000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.413398000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.413398000", + "frame.time_delta": "0.004880000", + "frame.time_delta_displayed": "0.004880000", + "frame.time_relative": "1578.952712000", + "frame.number": "5519", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ee52", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ca36", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47508", + "tcp.dstport": "80", + "tcp.port": "47508", + "tcp.port": "80", + "tcp.stream": "202", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000064b1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5518", + "tcp.analysis.ack_rtt": "0.004880000", + "tcp.analysis.initial_rtt": "0.005450000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.414299000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.414299000", + "frame.time_delta": "0.000901000", + "frame.time_delta_displayed": "0.000901000", + "frame.time_relative": "1578.953613000", + "frame.number": "5520", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000ee53", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c975", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47508", + "tcp.dstport": "80", + "tcp.port": "47508", + "tcp.port": "80", + "tcp.stream": "202", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c42b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005450000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.414791000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.414791000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "1578.954105000", + "frame.number": "5521", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008019", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003870", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47508", + "tcp.port": "80", + "tcp.port": "47508", + "tcp.stream": "202", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005680", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5520", + "tcp.analysis.ack_rtt": "0.000492000", + "tcp.analysis.initial_rtt": "0.005450000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.415468000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.415468000", + "frame.time_delta": "0.000677000", + "frame.time_delta_displayed": "0.000677000", + "frame.time_relative": "1578.954782000", + "frame.number": "5522", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000801a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000385e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47508", + "tcp.port": "80", + "tcp.port": "47508", + "tcp.stream": "202", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000096a1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005450000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.415896000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.415896000", + "frame.time_delta": "0.000428000", + "frame.time_delta_displayed": "0.000428000", + "frame.time_relative": "1578.955210000", + "frame.number": "5523", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000801b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000348b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47508", + "tcp.port": "80", + "tcp.port": "47508", + "tcp.stream": "202", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e90a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005450000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "5522", + "tcp.segment": "5523", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001597000", + "http.request_in": "5520", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.419361000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.419361000", + "frame.time_delta": "0.003465000", + "frame.time_delta_displayed": "0.003465000", + "frame.time_relative": "1578.958675000", + "frame.number": "5524", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ee54", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ca34", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47508", + "tcp.dstport": "80", + "tcp.port": "47508", + "tcp.port": "80", + "tcp.stream": "202", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000063e0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5522", + "tcp.analysis.ack_rtt": "0.003893000", + "tcp.analysis.initial_rtt": "0.005450000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.420033000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.420033000", + "frame.time_delta": "0.000672000", + "frame.time_delta_displayed": "0.000672000", + "frame.time_relative": "1578.959347000", + "frame.number": "5525", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ee55", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ca33", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47508", + "tcp.dstport": "80", + "tcp.port": "47508", + "tcp.port": "80", + "tcp.stream": "202", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005ff5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5523", + "tcp.analysis.ack_rtt": "0.004137000", + "tcp.analysis.initial_rtt": "0.005450000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.421027000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.421027000", + "frame.time_delta": "0.000994000", + "frame.time_delta_displayed": "0.000994000", + "frame.time_relative": "1578.960341000", + "frame.number": "5526", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ee56", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ca32", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47508", + "tcp.dstport": "80", + "tcp.port": "47508", + "tcp.port": "80", + "tcp.stream": "202", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005ff4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.421470000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.421470000", + "frame.time_delta": "0.000443000", + "frame.time_delta_displayed": "0.000443000", + "frame.time_relative": "1578.960784000", + "frame.number": "5527", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000ba0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ace9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47508", + "tcp.port": "80", + "tcp.port": "47508", + "tcp.stream": "202", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000528a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5526", + "tcp.analysis.ack_rtt": "0.000443000", + "tcp.analysis.initial_rtt": "0.005450000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.424093000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.424093000", + "frame.time_delta": "0.002623000", + "frame.time_delta_displayed": "0.002623000", + "frame.time_relative": "1578.963407000", + "frame.number": "5528", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000135a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a52f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47508", + "tcp.dstport": "80", + "tcp.port": "47508", + "tcp.port": "80", + "tcp.stream": "202", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006e1c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:50.849433000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495170.849433000", + "frame.time_delta": "0.425340000", + "frame.time_delta_displayed": "0.425340000", + "frame.time_relative": "1579.388747000", + "frame.number": "5529", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000f902", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Exclude Mode": { + "igmp.record_type": "4", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.223151000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.223151000", + "frame.time_delta": "0.373718000", + "frame.time_delta_displayed": "0.373718000", + "frame.time_relative": "1579.762465000", + "frame.number": "5530", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.225422000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.225422000", + "frame.time_delta": "0.002271000", + "frame.time_delta_displayed": "0.002271000", + "frame.time_relative": "1579.764736000", + "frame.number": "5531", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.229960000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.229960000", + "frame.time_delta": "0.004538000", + "frame.time_delta_displayed": "0.004538000", + "frame.time_relative": "1579.769274000", + "frame.number": "5532", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.313261000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.313261000", + "frame.time_delta": "0.083301000", + "frame.time_delta_displayed": "0.083301000", + "frame.time_relative": "1579.852575000", + "frame.number": "5533", + "frame.len": "103", + "frame.cap_len": "103", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "89", + "ip.id": "0x00003ccd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00009ccc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "69", + "udp.checksum": "0x00000f5a", + "udp.checksum.status": "2", + "udp.stream": "38" + }, + "mdns": { + "dns.id": "0x00000002", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", + "dns.qry.name.len": "37", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.326718000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.326718000", + "frame.time_delta": "0.013457000", + "frame.time_delta_displayed": "0.013457000", + "frame.time_relative": "1579.866032000", + "frame.number": "5534", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002952", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008e0f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "94", + "http.prev_response_in": "5514" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.333159000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.333159000", + "frame.time_delta": "0.006441000", + "frame.time_delta_displayed": "0.006441000", + "frame.time_relative": "1579.872473000", + "frame.number": "5535", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00004d84", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006af1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47512", + "tcp.dstport": "80", + "tcp.port": "47512", + "tcp.port": "80", + "tcp.stream": "203", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x000033c1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:5f:89:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 941961, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "941961", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.333701000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.333701000", + "frame.time_delta": "0.000542000", + "frame.time_delta_displayed": "0.000542000", + "frame.time_relative": "1579.873015000", + "frame.number": "5536", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47512", + "tcp.port": "80", + "tcp.port": "47512", + "tcp.stream": "203", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000a4bd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5535", + "tcp.analysis.ack_rtt": "0.000542000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.336598000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.336598000", + "frame.time_delta": "0.002897000", + "frame.time_delta_displayed": "0.002897000", + "frame.time_relative": "1579.875912000", + "frame.number": "5537", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004d85", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006b04", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47512", + "tcp.dstport": "80", + "tcp.port": "47512", + "tcp.port": "80", + "tcp.stream": "203", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005645", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5536", + "tcp.analysis.ack_rtt": "0.002897000", + "tcp.analysis.initial_rtt": "0.003439000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.336719000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.336719000", + "frame.time_delta": "0.000121000", + "frame.time_delta_displayed": "0.000121000", + "frame.time_relative": "1579.876033000", + "frame.number": "5538", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00004d86", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006a43", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47512", + "tcp.dstport": "80", + "tcp.port": "47512", + "tcp.port": "80", + "tcp.stream": "203", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b5bf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003439000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.337175000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.337175000", + "frame.time_delta": "0.000456000", + "frame.time_delta_displayed": "0.000456000", + "frame.time_relative": "1579.876489000", + "frame.number": "5539", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001028", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a861", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47512", + "tcp.port": "80", + "tcp.port": "47512", + "tcp.stream": "203", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004814", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5538", + "tcp.analysis.ack_rtt": "0.000456000", + "tcp.analysis.initial_rtt": "0.003439000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.337889000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.337889000", + "frame.time_delta": "0.000714000", + "frame.time_delta_displayed": "0.000714000", + "frame.time_relative": "1579.877203000", + "frame.number": "5540", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00001029", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a84f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47512", + "tcp.port": "80", + "tcp.port": "47512", + "tcp.stream": "203", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008835", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003439000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.338314000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.338314000", + "frame.time_delta": "0.000425000", + "frame.time_delta_displayed": "0.000425000", + "frame.time_relative": "1579.877628000", + "frame.number": "5541", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000102a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a47c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47512", + "tcp.port": "80", + "tcp.port": "47512", + "tcp.stream": "203", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000da9e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003439000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "5540", + "tcp.segment": "5541", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001595000", + "http.request_in": "5538", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.339169000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.339169000", + "frame.time_delta": "0.000855000", + "frame.time_delta_displayed": "0.000855000", + "frame.time_relative": "1579.878483000", + "frame.number": "5542", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000102b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a47b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47512", + "tcp.port": "80", + "tcp.port": "47512", + "tcp.stream": "203", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000da9e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003439000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.340509000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.340509000", + "frame.time_delta": "0.001340000", + "frame.time_delta_displayed": "0.001340000", + "frame.time_relative": "1579.879823000", + "frame.number": "5543", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004d87", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006b02", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47512", + "tcp.dstport": "80", + "tcp.port": "47512", + "tcp.port": "80", + "tcp.stream": "203", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005574", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5540", + "tcp.analysis.ack_rtt": "0.002620000", + "tcp.analysis.initial_rtt": "0.003439000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.419409000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.419409000", + "frame.time_delta": "0.078900000", + "frame.time_delta_displayed": "0.078900000", + "frame.time_relative": "1579.958723000", + "frame.number": "5544", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004d88", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006b01", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47512", + "tcp.dstport": "80", + "tcp.port": "47512", + "tcp.port": "80", + "tcp.stream": "203", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005189", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5541", + "tcp.analysis.ack_rtt": "0.081095000", + "tcp.analysis.initial_rtt": "0.003439000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.419457000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.419457000", + "frame.time_delta": "0.000048000", + "frame.time_delta_displayed": "0.000048000", + "frame.time_relative": "1579.958771000", + "frame.number": "5545", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00004d89", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006af4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47512", + "tcp.dstport": "80", + "tcp.port": "47512", + "tcp.port": "80", + "tcp.stream": "203", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d04a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:d7:94:cc:0c:d7:94:cf:f0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003439000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "5544", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.419495000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.419495000", + "frame.time_delta": "0.000038000", + "frame.time_delta_displayed": "0.000038000", + "frame.time_relative": "1579.958809000", + "frame.number": "5546", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004d8a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006aff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47512", + "tcp.dstport": "80", + "tcp.port": "47512", + "tcp.port": "80", + "tcp.stream": "203", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005188", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.419342000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.419342000", + "frame.time_delta": "-0.000153000", + "frame.time_delta_displayed": "-0.000153000", + "frame.time_relative": "1579.958656000", + "frame.number": "5547", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002953", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008e05", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "95", + "http.prev_response_in": "5534" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.423605000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.423605000", + "frame.time_delta": "0.004263000", + "frame.time_delta_displayed": "0.004263000", + "frame.time_relative": "1579.962919000", + "frame.number": "5548", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000bb5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000acd4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47512", + "tcp.port": "80", + "tcp.port": "47512", + "tcp.stream": "203", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000441e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5546", + "tcp.analysis.ack_rtt": "0.004110000", + "tcp.analysis.initial_rtt": "0.003439000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.433806000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.433806000", + "frame.time_delta": "0.010201000", + "frame.time_delta_displayed": "0.010201000", + "frame.time_relative": "1579.973120000", + "frame.number": "5549", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002956", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008e08", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "96", + "http.prev_response_in": "5547" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.463820000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.463820000", + "frame.time_delta": "0.030014000", + "frame.time_delta_displayed": "0.030014000", + "frame.time_relative": "1580.003134000", + "frame.number": "5550", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001382", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a507", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47512", + "tcp.dstport": "80", + "tcp.port": "47512", + "tcp.port": "80", + "tcp.stream": "203", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000fa77", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.473089000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.473089000", + "frame.time_delta": "0.009269000", + "frame.time_delta_displayed": "0.009269000", + "frame.time_relative": "1580.012403000", + "frame.number": "5551", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000ca08", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ee6c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47513", + "tcp.dstport": "80", + "tcp.port": "47513", + "tcp.port": "80", + "tcp.stream": "204", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00009942", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:5f:97:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 941975, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "941975", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.473623000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.473623000", + "frame.time_delta": "0.000534000", + "frame.time_delta_displayed": "0.000534000", + "frame.time_relative": "1580.012937000", + "frame.number": "5552", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47513", + "tcp.port": "80", + "tcp.port": "47513", + "tcp.stream": "204", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000416a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5551", + "tcp.analysis.ack_rtt": "0.000534000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.479989000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.479989000", + "frame.time_delta": "0.006366000", + "frame.time_delta_displayed": "0.006366000", + "frame.time_relative": "1580.019303000", + "frame.number": "5553", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ca09", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ee7f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47513", + "tcp.dstport": "80", + "tcp.port": "47513", + "tcp.port": "80", + "tcp.stream": "204", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f2f1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5552", + "tcp.analysis.ack_rtt": "0.006366000", + "tcp.analysis.initial_rtt": "0.006900000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.480336000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.480336000", + "frame.time_delta": "0.000347000", + "frame.time_delta_displayed": "0.000347000", + "frame.time_relative": "1580.019650000", + "frame.number": "5554", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000ca0a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000edbe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47513", + "tcp.dstport": "80", + "tcp.port": "47513", + "tcp.port": "80", + "tcp.stream": "204", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000526c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006900000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.480813000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.480813000", + "frame.time_delta": "0.000477000", + "frame.time_delta_displayed": "0.000477000", + "frame.time_relative": "1580.020127000", + "frame.number": "5555", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000bba5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fce3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47513", + "tcp.port": "80", + "tcp.port": "47513", + "tcp.stream": "204", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e4c0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5554", + "tcp.analysis.ack_rtt": "0.000477000", + "tcp.analysis.initial_rtt": "0.006900000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.481485000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.481485000", + "frame.time_delta": "0.000672000", + "frame.time_delta_displayed": "0.000672000", + "frame.time_relative": "1580.020799000", + "frame.number": "5556", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000bba6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fcd1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47513", + "tcp.port": "80", + "tcp.port": "47513", + "tcp.stream": "204", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000024e2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006900000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.481839000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.481839000", + "frame.time_delta": "0.000354000", + "frame.time_delta_displayed": "0.000354000", + "frame.time_relative": "1580.021153000", + "frame.number": "5557", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000bba7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f8fe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47513", + "tcp.port": "80", + "tcp.port": "47513", + "tcp.stream": "204", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000774b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006900000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "5556", + "tcp.segment": "5557", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001503000", + "http.request_in": "5554", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.484708000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.484708000", + "frame.time_delta": "0.002869000", + "frame.time_delta_displayed": "0.002869000", + "frame.time_relative": "1580.024022000", + "frame.number": "5558", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ca0b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ee7d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47513", + "tcp.dstport": "80", + "tcp.port": "47513", + "tcp.port": "80", + "tcp.stream": "204", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f220", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5556", + "tcp.analysis.ack_rtt": "0.003223000", + "tcp.analysis.initial_rtt": "0.006900000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.484818000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.484818000", + "frame.time_delta": "0.000110000", + "frame.time_delta_displayed": "0.000110000", + "frame.time_relative": "1580.024132000", + "frame.number": "5559", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ca0c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ee7c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47513", + "tcp.dstport": "80", + "tcp.port": "47513", + "tcp.port": "80", + "tcp.stream": "204", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ee35", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5557", + "tcp.analysis.ack_rtt": "0.002979000", + "tcp.analysis.initial_rtt": "0.006900000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.485342000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.485342000", + "frame.time_delta": "0.000524000", + "frame.time_delta_displayed": "0.000524000", + "frame.time_relative": "1580.024656000", + "frame.number": "5560", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ca0d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ee7b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47513", + "tcp.dstport": "80", + "tcp.port": "47513", + "tcp.port": "80", + "tcp.stream": "204", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ee34", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.485747000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.485747000", + "frame.time_delta": "0.000405000", + "frame.time_delta_displayed": "0.000405000", + "frame.time_relative": "1580.025061000", + "frame.number": "5561", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000bb6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000acd3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47513", + "tcp.port": "80", + "tcp.port": "47513", + "tcp.stream": "204", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e0ca", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5560", + "tcp.analysis.ack_rtt": "0.000405000", + "tcp.analysis.initial_rtt": "0.006900000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.491007000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.491007000", + "frame.time_delta": "0.005260000", + "frame.time_delta_displayed": "0.005260000", + "frame.time_relative": "1580.030321000", + "frame.number": "5562", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001385", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a504", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47513", + "tcp.dstport": "80", + "tcp.port": "47513", + "tcp.port": "80", + "tcp.stream": "204", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006007", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.600957000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.600957000", + "frame.time_delta": "0.109950000", + "frame.time_delta_displayed": "0.109950000", + "frame.time_relative": "1580.140271000", + "frame.number": "5563", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.908353000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.908353000", + "frame.time_delta": "0.307396000", + "frame.time_delta_displayed": "0.307396000", + "frame.time_relative": "1580.447667000", + "frame.number": "5564", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002963", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008dfe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "97", + "http.prev_response_in": "5549" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:51.961178000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495171.961178000", + "frame.time_delta": "0.052825000", + "frame.time_delta_displayed": "0.052825000", + "frame.time_relative": "1580.500492000", + "frame.number": "5565", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002965", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008df3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "98", + "http.prev_response_in": "5564" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.013987000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.013987000", + "frame.time_delta": "0.052809000", + "frame.time_delta_displayed": "0.052809000", + "frame.time_relative": "1580.553301000", + "frame.number": "5566", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002969", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008df5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "99", + "http.prev_response_in": "5565" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.030577000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.030577000", + "frame.time_delta": "0.016590000", + "frame.time_delta_displayed": "0.016590000", + "frame.time_relative": "1580.569891000", + "frame.number": "5567", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x00002883", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x004ef40b", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.036903000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.036903000", + "frame.time_delta": "0.006326000", + "frame.time_delta_displayed": "0.006326000", + "frame.time_relative": "1580.576217000", + "frame.number": "5568", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x0000156f", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x00cdfbd8", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.045872000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.045872000", + "frame.time_delta": "0.008969000", + "frame.time_delta_displayed": "0.008969000", + "frame.time_relative": "1580.585186000", + "frame.number": "5569", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00009fbd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000018b8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47517", + "tcp.dstport": "80", + "tcp.port": "47517", + "tcp.port": "80", + "tcp.stream": "205", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000534b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:5f:d0:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 942032, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "942032", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.046456000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.046456000", + "frame.time_delta": "0.000584000", + "frame.time_delta_displayed": "0.000584000", + "frame.time_relative": "1580.585770000", + "frame.number": "5570", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47517", + "tcp.port": "80", + "tcp.port": "47517", + "tcp.stream": "205", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00007f1b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5569", + "tcp.analysis.ack_rtt": "0.000584000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.053849000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.053849000", + "frame.time_delta": "0.007393000", + "frame.time_delta_displayed": "0.007393000", + "frame.time_relative": "1580.593163000", + "frame.number": "5571", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009fbe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000018cb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47517", + "tcp.dstport": "80", + "tcp.port": "47517", + "tcp.port": "80", + "tcp.stream": "205", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000030a3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5570", + "tcp.analysis.ack_rtt": "0.007393000", + "tcp.analysis.initial_rtt": "0.007977000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.053902000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.053902000", + "frame.time_delta": "0.000053000", + "frame.time_delta_displayed": "0.000053000", + "frame.time_relative": "1580.593216000", + "frame.number": "5572", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00009fbf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000180a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47517", + "tcp.dstport": "80", + "tcp.port": "47517", + "tcp.port": "80", + "tcp.stream": "205", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000901d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007977000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.054421000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.054421000", + "frame.time_delta": "0.000519000", + "frame.time_delta_displayed": "0.000519000", + "frame.time_relative": "1580.593735000", + "frame.number": "5573", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ad7a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000b0f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47517", + "tcp.port": "80", + "tcp.port": "47517", + "tcp.stream": "205", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002272", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5572", + "tcp.analysis.ack_rtt": "0.000519000", + "tcp.analysis.initial_rtt": "0.007977000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.055200000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.055200000", + "frame.time_delta": "0.000779000", + "frame.time_delta_displayed": "0.000779000", + "frame.time_relative": "1580.594514000", + "frame.number": "5574", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000ad7b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000afd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47517", + "tcp.port": "80", + "tcp.port": "47517", + "tcp.stream": "205", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006293", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007977000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.055647000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.055647000", + "frame.time_delta": "0.000447000", + "frame.time_delta_displayed": "0.000447000", + "frame.time_relative": "1580.594961000", + "frame.number": "5575", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000ad7c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000072a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47517", + "tcp.port": "80", + "tcp.port": "47517", + "tcp.stream": "205", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b4fc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007977000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "5574", + "tcp.segment": "5575", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001745000", + "http.request_in": "5572", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.056177000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.056177000", + "frame.time_delta": "0.000530000", + "frame.time_delta_displayed": "0.000530000", + "frame.time_relative": "1580.595491000", + "frame.number": "5576", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.059939000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.059939000", + "frame.time_delta": "0.003762000", + "frame.time_delta_displayed": "0.003762000", + "frame.time_relative": "1580.599253000", + "frame.number": "5577", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.060407000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.060407000", + "frame.time_delta": "0.000468000", + "frame.time_delta_displayed": "0.000468000", + "frame.time_relative": "1580.599721000", + "frame.number": "5578", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009fc0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000018c9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47517", + "tcp.dstport": "80", + "tcp.port": "47517", + "tcp.port": "80", + "tcp.stream": "205", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002fd2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5574", + "tcp.analysis.ack_rtt": "0.005207000", + "tcp.analysis.initial_rtt": "0.007977000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.060743000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.060743000", + "frame.time_delta": "0.000336000", + "frame.time_delta_displayed": "0.000336000", + "frame.time_relative": "1580.600057000", + "frame.number": "5579", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009fc1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000018c8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47517", + "tcp.dstport": "80", + "tcp.port": "47517", + "tcp.port": "80", + "tcp.stream": "205", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002be7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5575", + "tcp.analysis.ack_rtt": "0.005096000", + "tcp.analysis.initial_rtt": "0.007977000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.064033000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.064033000", + "frame.time_delta": "0.003290000", + "frame.time_delta_displayed": "0.003290000", + "frame.time_relative": "1580.603347000", + "frame.number": "5580", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009fc2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000018c7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47517", + "tcp.dstport": "80", + "tcp.port": "47517", + "tcp.port": "80", + "tcp.stream": "205", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002be6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.064515000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.064515000", + "frame.time_delta": "0.000482000", + "frame.time_delta_displayed": "0.000482000", + "frame.time_relative": "1580.603829000", + "frame.number": "5581", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000bc3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000acc6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47517", + "tcp.port": "80", + "tcp.port": "47517", + "tcp.stream": "205", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001e7c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5580", + "tcp.analysis.ack_rtt": "0.000482000", + "tcp.analysis.initial_rtt": "0.007977000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.069756000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.069756000", + "frame.time_delta": "0.005241000", + "frame.time_delta_displayed": "0.005241000", + "frame.time_relative": "1580.609070000", + "frame.number": "5582", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000013b1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a4d8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47517", + "tcp.dstport": "80", + "tcp.port": "47517", + "tcp.port": "80", + "tcp.stream": "205", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001a49", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.413307000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.413307000", + "frame.time_delta": "0.343551000", + "frame.time_delta_displayed": "0.343551000", + "frame.time_relative": "1580.952621000", + "frame.number": "5583", + "frame.len": "103", + "frame.cap_len": "103", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "89", + "ip.id": "0x00003ce5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00009cb4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "69", + "udp.checksum": "0x00000f59", + "udp.checksum.status": "2", + "udp.stream": "38" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", + "dns.qry.name.len": "37", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.960655000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.960655000", + "frame.time_delta": "0.547348000", + "frame.time_delta_displayed": "0.547348000", + "frame.time_relative": "1581.499969000", + "frame.number": "5584", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000029ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008db4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "100", + "http.prev_response_in": "5566" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.982639000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.982639000", + "frame.time_delta": "0.021984000", + "frame.time_delta_displayed": "0.021984000", + "frame.time_relative": "1581.521953000", + "frame.number": "5585", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000c050", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f824", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47522", + "tcp.dstport": "80", + "tcp.port": "47522", + "tcp.port": "80", + "tcp.stream": "206", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000deb5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:60:2e:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 942126, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "942126", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.983203000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.983203000", + "frame.time_delta": "0.000564000", + "frame.time_delta_displayed": "0.000564000", + "frame.time_relative": "1581.522517000", + "frame.number": "5586", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47522", + "tcp.port": "80", + "tcp.port": "47522", + "tcp.stream": "206", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00004fb9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5585", + "tcp.analysis.ack_rtt": "0.000564000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.986205000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.986205000", + "frame.time_delta": "0.003002000", + "frame.time_delta_displayed": "0.003002000", + "frame.time_relative": "1581.525519000", + "frame.number": "5587", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c051", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f837", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47522", + "tcp.dstport": "80", + "tcp.port": "47522", + "tcp.port": "80", + "tcp.stream": "206", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000141", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5586", + "tcp.analysis.ack_rtt": "0.003002000", + "tcp.analysis.initial_rtt": "0.003566000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.986352000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.986352000", + "frame.time_delta": "0.000147000", + "frame.time_delta_displayed": "0.000147000", + "frame.time_relative": "1581.525666000", + "frame.number": "5588", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000c052", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f776", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47522", + "tcp.dstport": "80", + "tcp.port": "47522", + "tcp.port": "80", + "tcp.stream": "206", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000060bb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003566000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.986798000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.986798000", + "frame.time_delta": "0.000446000", + "frame.time_delta_displayed": "0.000446000", + "frame.time_relative": "1581.526112000", + "frame.number": "5589", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000a38", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ae51", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47522", + "tcp.port": "80", + "tcp.port": "47522", + "tcp.stream": "206", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f30f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5588", + "tcp.analysis.ack_rtt": "0.000446000", + "tcp.analysis.initial_rtt": "0.003566000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.987548000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.987548000", + "frame.time_delta": "0.000750000", + "frame.time_delta_displayed": "0.000750000", + "frame.time_relative": "1581.526862000", + "frame.number": "5590", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00000a39", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ae3f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47522", + "tcp.port": "80", + "tcp.port": "47522", + "tcp.stream": "206", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003331", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003566000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.987940000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.987940000", + "frame.time_delta": "0.000392000", + "frame.time_delta_displayed": "0.000392000", + "frame.time_relative": "1581.527254000", + "frame.number": "5591", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00000a3a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000aa6c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47522", + "tcp.port": "80", + "tcp.port": "47522", + "tcp.stream": "206", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000859a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003566000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "5590", + "tcp.segment": "5591", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001588000", + "http.request_in": "5588", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.989205000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.989205000", + "frame.time_delta": "0.001265000", + "frame.time_delta_displayed": "0.001265000", + "frame.time_relative": "1581.528519000", + "frame.number": "5592", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00000a3b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000aa6b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47522", + "tcp.port": "80", + "tcp.port": "47522", + "tcp.stream": "206", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000859a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003566000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.991662000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.991662000", + "frame.time_delta": "0.002457000", + "frame.time_delta_displayed": "0.002457000", + "frame.time_relative": "1581.530976000", + "frame.number": "5593", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c053", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f835", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47522", + "tcp.dstport": "80", + "tcp.port": "47522", + "tcp.port": "80", + "tcp.stream": "206", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000070", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5590", + "tcp.analysis.ack_rtt": "0.004114000", + "tcp.analysis.initial_rtt": "0.003566000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.991712000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.991712000", + "frame.time_delta": "0.000050000", + "frame.time_delta_displayed": "0.000050000", + "frame.time_relative": "1581.531026000", + "frame.number": "5594", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c054", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f834", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47522", + "tcp.dstport": "80", + "tcp.port": "47522", + "tcp.port": "80", + "tcp.stream": "206", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000fc84", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5591", + "tcp.analysis.ack_rtt": "0.003772000", + "tcp.analysis.initial_rtt": "0.003566000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.993592000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.993592000", + "frame.time_delta": "0.001880000", + "frame.time_delta_displayed": "0.001880000", + "frame.time_relative": "1581.532906000", + "frame.number": "5595", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c055", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f833", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47522", + "tcp.dstport": "80", + "tcp.port": "47522", + "tcp.port": "80", + "tcp.stream": "206", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000fc83", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.994046000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.994046000", + "frame.time_delta": "0.000454000", + "frame.time_delta_displayed": "0.000454000", + "frame.time_relative": "1581.533360000", + "frame.number": "5596", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000c15", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ac74", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47522", + "tcp.port": "80", + "tcp.port": "47522", + "tcp.stream": "206", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ef19", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5595", + "tcp.analysis.ack_rtt": "0.000454000", + "tcp.analysis.initial_rtt": "0.003566000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:52.999472000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495172.999472000", + "frame.time_delta": "0.005426000", + "frame.time_delta_displayed": "0.005426000", + "frame.time_relative": "1581.538786000", + "frame.number": "5597", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000013cd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a4bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47522", + "tcp.dstport": "80", + "tcp.port": "47522", + "tcp.port": "80", + "tcp.stream": "206", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a612", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.000758000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.000758000", + "frame.time_delta": "0.001286000", + "frame.time_delta_displayed": "0.001286000", + "frame.time_relative": "1581.540072000", + "frame.number": "5598", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000013ce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a4bb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47522", + "tcp.dstport": "80", + "tcp.port": "47522", + "tcp.port": "80", + "tcp.stream": "206", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a611", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.014650000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.014650000", + "frame.time_delta": "0.013892000", + "frame.time_delta_displayed": "0.013892000", + "frame.time_relative": "1581.553964000", + "frame.number": "5599", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000029ae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008daa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "101", + "http.prev_response_in": "5584" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.067420000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.067420000", + "frame.time_delta": "0.052770000", + "frame.time_delta_displayed": "0.052770000", + "frame.time_relative": "1581.606734000", + "frame.number": "5600", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000029b2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008dac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "102", + "http.prev_response_in": "5599" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.076249000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.076249000", + "frame.time_delta": "0.008829000", + "frame.time_delta_displayed": "0.008829000", + "frame.time_relative": "1581.615563000", + "frame.number": "5601", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "76", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b6ac", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "3", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.077772000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.077772000", + "frame.time_delta": "0.001523000", + "frame.time_delta_displayed": "0.001523000", + "frame.time_relative": "1581.617086000", + "frame.number": "5602", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.080018000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.080018000", + "frame.time_delta": "0.002246000", + "frame.time_delta_displayed": "0.002246000", + "frame.time_relative": "1581.619332000", + "frame.number": "5603", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.091552000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.091552000", + "frame.time_delta": "0.011534000", + "frame.time_delta_displayed": "0.011534000", + "frame.time_relative": "1581.630866000", + "frame.number": "5604", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.166743000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.166743000", + "frame.time_delta": "0.075191000", + "frame.time_delta_displayed": "0.075191000", + "frame.time_relative": "1581.706057000", + "frame.number": "5605", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00002e98", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000089dd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47524", + "tcp.dstport": "80", + "tcp.port": "47524", + "tcp.port": "80", + "tcp.stream": "207", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000b1ae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:60:32:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 942130, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "942130", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.167324000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.167324000", + "frame.time_delta": "0.000581000", + "frame.time_delta_displayed": "0.000581000", + "frame.time_relative": "1581.706638000", + "frame.number": "5606", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47524", + "tcp.port": "80", + "tcp.port": "47524", + "tcp.stream": "207", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000037ef", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5605", + "tcp.analysis.ack_rtt": "0.000581000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.171246000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.171246000", + "frame.time_delta": "0.003922000", + "frame.time_delta_displayed": "0.003922000", + "frame.time_relative": "1581.710560000", + "frame.number": "5607", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002e99", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000089f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47524", + "tcp.dstport": "80", + "tcp.port": "47524", + "tcp.port": "80", + "tcp.stream": "207", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e976", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5606", + "tcp.analysis.ack_rtt": "0.003922000", + "tcp.analysis.initial_rtt": "0.004503000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.171924000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.171924000", + "frame.time_delta": "0.000678000", + "frame.time_delta_displayed": "0.000678000", + "frame.time_relative": "1581.711238000", + "frame.number": "5608", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00002e9a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000892f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47524", + "tcp.dstport": "80", + "tcp.port": "47524", + "tcp.port": "80", + "tcp.stream": "207", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000048f1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004503000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.172393000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.172393000", + "frame.time_delta": "0.000469000", + "frame.time_delta_displayed": "0.000469000", + "frame.time_relative": "1581.711707000", + "frame.number": "5609", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a4d8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000013b1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47524", + "tcp.port": "80", + "tcp.port": "47524", + "tcp.stream": "207", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000db45", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5608", + "tcp.analysis.ack_rtt": "0.000469000", + "tcp.analysis.initial_rtt": "0.004503000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.173063000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.173063000", + "frame.time_delta": "0.000670000", + "frame.time_delta_displayed": "0.000670000", + "frame.time_relative": "1581.712377000", + "frame.number": "5610", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000a4d9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000139f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47524", + "tcp.port": "80", + "tcp.port": "47524", + "tcp.stream": "207", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001b67", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004503000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.173419000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.173419000", + "frame.time_delta": "0.000356000", + "frame.time_delta_displayed": "0.000356000", + "frame.time_relative": "1581.712733000", + "frame.number": "5611", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000a4da", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000fcc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47524", + "tcp.port": "80", + "tcp.port": "47524", + "tcp.stream": "207", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006dd0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004503000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "5610", + "tcp.segment": "5611", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001495000", + "http.request_in": "5608", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.177243000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.177243000", + "frame.time_delta": "0.003824000", + "frame.time_delta_displayed": "0.003824000", + "frame.time_relative": "1581.716557000", + "frame.number": "5612", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002e9b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000089ee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47524", + "tcp.dstport": "80", + "tcp.port": "47524", + "tcp.port": "80", + "tcp.stream": "207", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e8a5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5610", + "tcp.analysis.ack_rtt": "0.004180000", + "tcp.analysis.initial_rtt": "0.004503000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.177361000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.177361000", + "frame.time_delta": "0.000118000", + "frame.time_delta_displayed": "0.000118000", + "frame.time_relative": "1581.716675000", + "frame.number": "5613", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002e9c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000089ed", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47524", + "tcp.dstport": "80", + "tcp.port": "47524", + "tcp.port": "80", + "tcp.stream": "207", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e4ba", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5611", + "tcp.analysis.ack_rtt": "0.003942000", + "tcp.analysis.initial_rtt": "0.004503000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.184023000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.184023000", + "frame.time_delta": "0.006662000", + "frame.time_delta_displayed": "0.006662000", + "frame.time_relative": "1581.723337000", + "frame.number": "5614", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002e9d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000089ec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47524", + "tcp.dstport": "80", + "tcp.port": "47524", + "tcp.port": "80", + "tcp.stream": "207", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e4b9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.184511000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.184511000", + "frame.time_delta": "0.000488000", + "frame.time_delta_displayed": "0.000488000", + "frame.time_relative": "1581.723825000", + "frame.number": "5615", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000c1f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ac6a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47524", + "tcp.port": "80", + "tcp.port": "47524", + "tcp.stream": "207", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d74f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5614", + "tcp.analysis.ack_rtt": "0.000488000", + "tcp.analysis.initial_rtt": "0.004503000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.188902000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.188902000", + "frame.time_delta": "0.004391000", + "frame.time_delta_displayed": "0.004391000", + "frame.time_relative": "1581.728216000", + "frame.number": "5616", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000013d4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a4b5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47524", + "tcp.dstport": "80", + "tcp.port": "47524", + "tcp.port": "80", + "tcp.stream": "207", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000790e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.232771000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.232771000", + "frame.time_delta": "0.043869000", + "frame.time_delta_displayed": "0.043869000", + "frame.time_relative": "1581.772085000", + "frame.number": "5617", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "36", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f315", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "1", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.254350000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.254350000", + "frame.time_delta": "0.021579000", + "frame.time_delta_displayed": "0.021579000", + "frame.time_relative": "1581.793664000", + "frame.number": "5618", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x00002524", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x0053f765", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.266789000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.266789000", + "frame.time_delta": "0.012439000", + "frame.time_delta_displayed": "0.012439000", + "frame.time_relative": "1581.806103000", + "frame.number": "5619", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x0000c71b", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x00f24a07", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.282635000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.282635000", + "frame.time_delta": "0.015846000", + "frame.time_delta_displayed": "0.015846000", + "frame.time_relative": "1581.821949000", + "frame.number": "5620", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:53.303498000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495173.303498000", + "frame.time_delta": "0.020863000", + "frame.time_delta_displayed": "0.020863000", + "frame.time_relative": "1581.842812000", + "frame.number": "5621", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.173154000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.173154000", + "frame.time_delta": "0.869656000", + "frame.time_delta_displayed": "0.869656000", + "frame.time_relative": "1582.712468000", + "frame.number": "5622", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002a10", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008d51", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "103", + "http.prev_response_in": "5600" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.225960000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.225960000", + "frame.time_delta": "0.052806000", + "frame.time_delta_displayed": "0.052806000", + "frame.time_relative": "1582.765274000", + "frame.number": "5623", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002a13", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008d45", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "104", + "http.prev_response_in": "5622" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.278704000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.278704000", + "frame.time_delta": "0.052744000", + "frame.time_delta_displayed": "0.052744000", + "frame.time_relative": "1582.818018000", + "frame.number": "5624", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002a16", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008d48", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "105", + "http.prev_response_in": "5623" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.302833000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.302833000", + "frame.time_delta": "0.024129000", + "frame.time_delta_displayed": "0.024129000", + "frame.time_relative": "1582.842147000", + "frame.number": "5625", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.305689000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.305689000", + "frame.time_delta": "0.002856000", + "frame.time_delta_displayed": "0.002856000", + "frame.time_relative": "1582.845003000", + "frame.number": "5626", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.310299000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.310299000", + "frame.time_delta": "0.004610000", + "frame.time_delta_displayed": "0.004610000", + "frame.time_relative": "1582.849613000", + "frame.number": "5627", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000004e7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b38e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47525", + "tcp.dstport": "80", + "tcp.port": "47525", + "tcp.port": "80", + "tcp.stream": "208", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00003fa2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:60:b3:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 942259, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "942259", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.310886000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.310886000", + "frame.time_delta": "0.000587000", + "frame.time_delta_displayed": "0.000587000", + "frame.time_relative": "1582.850200000", + "frame.number": "5628", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47525", + "tcp.port": "80", + "tcp.port": "47525", + "tcp.stream": "208", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00003447", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5627", + "tcp.analysis.ack_rtt": "0.000587000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.311396000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.311396000", + "frame.time_delta": "0.000510000", + "frame.time_delta_displayed": "0.000510000", + "frame.time_relative": "1582.850710000", + "frame.number": "5629", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.314553000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.314553000", + "frame.time_delta": "0.003157000", + "frame.time_delta_displayed": "0.003157000", + "frame.time_relative": "1582.853867000", + "frame.number": "5630", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000004e8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b3a1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47525", + "tcp.dstport": "80", + "tcp.port": "47525", + "tcp.port": "80", + "tcp.stream": "208", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e5ce", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5628", + "tcp.analysis.ack_rtt": "0.003667000", + "tcp.analysis.initial_rtt": "0.004254000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.315287000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.315287000", + "frame.time_delta": "0.000734000", + "frame.time_delta_displayed": "0.000734000", + "frame.time_relative": "1582.854601000", + "frame.number": "5631", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000004e9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b2e0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47525", + "tcp.dstport": "80", + "tcp.port": "47525", + "tcp.port": "80", + "tcp.stream": "208", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004549", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004254000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.315816000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.315816000", + "frame.time_delta": "0.000529000", + "frame.time_delta_displayed": "0.000529000", + "frame.time_relative": "1582.855130000", + "frame.number": "5632", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009860", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002029", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47525", + "tcp.port": "80", + "tcp.port": "47525", + "tcp.stream": "208", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d79d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5631", + "tcp.analysis.ack_rtt": "0.000529000", + "tcp.analysis.initial_rtt": "0.004254000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.316492000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.316492000", + "frame.time_delta": "0.000676000", + "frame.time_delta_displayed": "0.000676000", + "frame.time_relative": "1582.855806000", + "frame.number": "5633", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00009861", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002017", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47525", + "tcp.port": "80", + "tcp.port": "47525", + "tcp.stream": "208", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000017bf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004254000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.316916000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.316916000", + "frame.time_delta": "0.000424000", + "frame.time_delta_displayed": "0.000424000", + "frame.time_relative": "1582.856230000", + "frame.number": "5634", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00009862", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001c44", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47525", + "tcp.port": "80", + "tcp.port": "47525", + "tcp.stream": "208", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006a28", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004254000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "5633", + "tcp.segment": "5634", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001629000", + "http.request_in": "5631", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.319286000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.319286000", + "frame.time_delta": "0.002370000", + "frame.time_delta_displayed": "0.002370000", + "frame.time_relative": "1582.858600000", + "frame.number": "5635", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00009863", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001c43", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47525", + "tcp.port": "80", + "tcp.port": "47525", + "tcp.stream": "208", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006a28", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004254000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.320311000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.320311000", + "frame.time_delta": "0.001025000", + "frame.time_delta_displayed": "0.001025000", + "frame.time_relative": "1582.859625000", + "frame.number": "5636", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000004ea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b39f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47525", + "tcp.dstport": "80", + "tcp.port": "47525", + "tcp.port": "80", + "tcp.stream": "208", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e4fd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5633", + "tcp.analysis.ack_rtt": "0.003819000", + "tcp.analysis.initial_rtt": "0.004254000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.321628000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.321628000", + "frame.time_delta": "0.001317000", + "frame.time_delta_displayed": "0.001317000", + "frame.time_relative": "1582.860942000", + "frame.number": "5637", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000004eb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b39e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47525", + "tcp.dstport": "80", + "tcp.port": "47525", + "tcp.port": "80", + "tcp.stream": "208", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e112", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5634", + "tcp.analysis.ack_rtt": "0.004712000", + "tcp.analysis.initial_rtt": "0.004254000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.322947000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.322947000", + "frame.time_delta": "0.001319000", + "frame.time_delta_displayed": "0.001319000", + "frame.time_relative": "1582.862261000", + "frame.number": "5638", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000004ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b391", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47525", + "tcp.dstport": "80", + "tcp.port": "47525", + "tcp.port": "80", + "tcp.stream": "208", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000064d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:dc:74:44:ae:dc:74:48:92", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004254000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "5637", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.324433000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.324433000", + "frame.time_delta": "0.001486000", + "frame.time_delta_displayed": "0.001486000", + "frame.time_relative": "1582.863747000", + "frame.number": "5639", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000004ed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b39c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47525", + "tcp.dstport": "80", + "tcp.port": "47525", + "tcp.port": "80", + "tcp.stream": "208", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e111", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.324862000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.324862000", + "frame.time_delta": "0.000429000", + "frame.time_delta_displayed": "0.000429000", + "frame.time_relative": "1582.864176000", + "frame.number": "5640", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000c38", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ac51", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47525", + "tcp.port": "80", + "tcp.port": "47525", + "tcp.stream": "208", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d3a7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5639", + "tcp.analysis.ack_rtt": "0.000429000", + "tcp.analysis.initial_rtt": "0.004254000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.331430000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.331430000", + "frame.time_delta": "0.006568000", + "frame.time_delta_displayed": "0.006568000", + "frame.time_relative": "1582.870744000", + "frame.number": "5641", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001431", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a458", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47525", + "tcp.dstport": "80", + "tcp.port": "47525", + "tcp.port": "80", + "tcp.stream": "208", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000783", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.461159000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.461159000", + "frame.time_delta": "0.129729000", + "frame.time_delta_displayed": "0.129729000", + "frame.time_relative": "1583.000473000", + "frame.number": "5642", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.492553000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.492553000", + "frame.time_delta": "0.031394000", + "frame.time_delta_displayed": "0.031394000", + "frame.time_relative": "1583.031867000", + "frame.number": "5643", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000eb03", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 239.255.255.250 Change To Include Mode": { + "igmp.record_type": "3", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "239.255.255.250" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.641036000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.641036000", + "frame.time_delta": "0.148483000", + "frame.time_delta_displayed": "0.148483000", + "frame.time_relative": "1583.180350000", + "frame.number": "5644", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x00000707", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "2", + "Group Record : 224.0.0.251 Change To Include Mode": { + "igmp.record_type": "3", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + }, + "Group Record : 239.255.255.250 Change To Include Mode": { + "igmp.record_type": "3", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "239.255.255.250" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.918202000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.918202000", + "frame.time_delta": "0.277166000", + "frame.time_delta_displayed": "0.277166000", + "frame.time_relative": "1583.457516000", + "frame.number": "5645", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x00005238", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x00f5c9af", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.936092000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.936092000", + "frame.time_delta": "0.017890000", + "frame.time_delta_displayed": "0.017890000", + "frame.time_relative": "1583.475406000", + "frame.number": "5646", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x000056db", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x000cbb2d", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.955790000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.955790000", + "frame.time_delta": "0.019698000", + "frame.time_delta_displayed": "0.019698000", + "frame.time_relative": "1583.495104000", + "frame.number": "5647", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:54.972857000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495174.972857000", + "frame.time_delta": "0.017067000", + "frame.time_delta_displayed": "0.017067000", + "frame.time_relative": "1583.512171000", + "frame.number": "5648", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:55.227186000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495175.227186000", + "frame.time_delta": "0.254329000", + "frame.time_delta_displayed": "0.254329000", + "frame.time_relative": "1583.766500000", + "frame.number": "5649", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002a63", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008cfe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "106", + "http.prev_response_in": "5624" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:55.279994000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495175.279994000", + "frame.time_delta": "0.052808000", + "frame.time_delta_displayed": "0.052808000", + "frame.time_relative": "1583.819308000", + "frame.number": "5650", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002a67", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008cf1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "107", + "http.prev_response_in": "5649" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:55.332839000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495175.332839000", + "frame.time_delta": "0.052845000", + "frame.time_delta_displayed": "0.052845000", + "frame.time_relative": "1583.872153000", + "frame.number": "5651", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002a6b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008cf3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "108", + "http.prev_response_in": "5650" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:55.354274000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495175.354274000", + "frame.time_delta": "0.021435000", + "frame.time_delta_displayed": "0.021435000", + "frame.time_relative": "1583.893588000", + "frame.number": "5652", + "frame.len": "98", + "frame.cap_len": "98", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "84", + "ip.id": "0x00000b8c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed24", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "64", + "udp.checksum": "0x000024f2", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "38:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:04:33:b7:12:dd:cd:f2:14:0f:00:00:00:00:a6:d4:73:1a:21:e0:13:ff:c9:9a:3b:00:00:00:00:01:00:02:00", + "data.len": "56" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:55.384824000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495175.384824000", + "frame.time_delta": "0.030550000", + "frame.time_delta_displayed": "0.030550000", + "frame.time_relative": "1583.924138000", + "frame.number": "5653", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000fa02", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Include Mode": { + "igmp.record_type": "3", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:55.389913000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495175.389913000", + "frame.time_delta": "0.005089000", + "frame.time_delta_displayed": "0.005089000", + "frame.time_relative": "1583.929227000", + "frame.number": "5654", + "frame.len": "367", + "frame.cap_len": "367", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "353", + "ip.id": "0x00008020", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x00007675", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x00008086", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002a63", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008cfe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "109", + "http.prev_response_in": "5651" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:55.390297000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495175.390297000", + "frame.time_delta": "0.000384000", + "frame.time_delta_displayed": "0.000384000", + "frame.time_relative": "1583.929611000", + "frame.number": "5655", + "frame.len": "376", + "frame.cap_len": "376", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "362", + "ip.id": "0x00008021", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x0000766b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x0000808f", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002a67", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008cf1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "110", + "http.prev_response_in": "5654" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:55.390690000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495175.390690000", + "frame.time_delta": "0.000393000", + "frame.time_delta_displayed": "0.000393000", + "frame.time_relative": "1583.930004000", + "frame.number": "5656", + "frame.len": "370", + "frame.cap_len": "370", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "356", + "ip.id": "0x00008022", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x00007670", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x00008089", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002a6b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008cf3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "111", + "http.prev_response_in": "5655" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:55.701166000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495175.701166000", + "frame.time_delta": "0.310476000", + "frame.time_delta_displayed": "0.310476000", + "frame.time_relative": "1584.240480000", + "frame.number": "5657", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002a84", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008cdd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "112", + "http.prev_response_in": "5656" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:55.753956000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495175.753956000", + "frame.time_delta": "0.052790000", + "frame.time_delta_displayed": "0.052790000", + "frame.time_relative": "1584.293270000", + "frame.number": "5658", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002a85", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008cd3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "113", + "http.prev_response_in": "5657" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:55.806725000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495175.806725000", + "frame.time_delta": "0.052769000", + "frame.time_delta_displayed": "0.052769000", + "frame.time_relative": "1584.346039000", + "frame.number": "5659", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002a8a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008cd4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "114", + "http.prev_response_in": "5658" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:56.753915000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495176.753915000", + "frame.time_delta": "0.947190000", + "frame.time_delta_displayed": "0.947190000", + "frame.time_relative": "1585.293229000", + "frame.number": "5660", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002a8f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008cd2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "115", + "http.prev_response_in": "5659" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:56.806694000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495176.806694000", + "frame.time_delta": "0.052779000", + "frame.time_delta_displayed": "0.052779000", + "frame.time_relative": "1585.346008000", + "frame.number": "5661", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002a91", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008cc7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "116", + "http.prev_response_in": "5660" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:56.859452000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495176.859452000", + "frame.time_delta": "0.052758000", + "frame.time_delta_displayed": "0.052758000", + "frame.time_relative": "1585.398766000", + "frame.number": "5662", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002a93", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008ccb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "117", + "http.prev_response_in": "5661" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:57.151632000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495177.151632000", + "frame.time_delta": "0.292180000", + "frame.time_delta_displayed": "0.292180000", + "frame.time_relative": "1585.690946000", + "frame.number": "5663", + "frame.len": "407", + "frame.cap_len": "407", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "393", + "ip.id": "0x0000967e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "341", + "tcp.seq": "75355", + "tcp.nxtseq": "75696", + "tcp.ack": "16975", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cb6e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:1c:5a:a7:a0:f6:60", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2563162, TSecr 2812343904": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2563162", + "tcp.options.timestamp.tsecr": "2812343904" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "341", + "tcp.analysis.push_bytes_sent": "341" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "336", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:20:6b:5c:da:21:ab:3e:48:49:24:e6:64:2d:d9:90:29:6b:cf:ea:9f:6a:e9:59:95:42:5d:57:43:44:75:88:e0:3f:4b:9c:1e:a1:83:15:e2:53:8b:cc:0d:65:f0:83:04:6b:73:72:4f:f0:11:97:81:6c:d8:1a:fe:7f:8e:f5:c7:d8:cf:cc:da:14:0a:45:48:9d:36:0a:9e:22:94:1b:2a:71:ac:f4:66:34:68:20:36:d1:74:0e:6e:70:4a:59:64:66:f4:05:40:13:e8:eb:eb:fb:13:ee:22:6c:bb:84:44:70:f1:a0:f7:52:8f:4f:06:6b:91:64:2f:cd:e3:7b:3b:00:7a:12:89:46:10:7c:d3:f4:e3:b6:10:7b:e2:ff:0f:14:ea:08:06:30:fa:40:af:f5:78:0d:4d:24:c0:5e:6d:28:a8:7a:61:07:b0:2f:60:aa:dd:99:9a:82:ca:96:c6:e7:88:32:b1:a5:26:71:aa:e9:87:59:55:84:7e:8e:c8:3c:7a:62:e3:d2:0c:e2:fc:10:50:ce:7e:d4:df:e4:5e:f3:a8:98:7f:92:31:20:1d:51:7c:19:3a:8d:41:ae:27:87:a3:82:36:fb:e7:f6:f8:5f:e4:8c:4c:d9:56:19:e0:de:68:56:12:2c:05:1d:94:24:1c:84:93:68:95:d9:47:7d:a8:22:1d:d9:83:5d:86:41:ca:13:37:43:46:c0:35:86:b2:5e:50:34:90:a5:9b:db:a0:ad:d1:e2:40:97:0a:12:7f:d0:f0:f3:5b:8e:55:ec:ef:ea:d4:dd:f4:ef:26:10:5f:f0:4b:b5:bf:46:9c:70:80:8f:45:24:7b:2f:32:5c:27:dc:e1:f5:8f:09:7e:2a" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:57.212787000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495177.212787000", + "frame.time_delta": "0.061155000", + "frame.time_delta_displayed": "0.061155000", + "frame.time_relative": "1585.752101000", + "frame.number": "5664", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d7a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037d6", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "16975", + "tcp.nxtseq": "17022", + "tcp.ack": "75696", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007aeb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:07:eb:00:27:1c:5a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812348395, TSecr 2563162": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812348395", + "tcp.options.timestamp.tsecr": "2563162" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5663", + "tcp.analysis.ack_rtt": "0.061155000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:b7:17:6a:10:26:be:02:68:0b:f7:45:fa:50:0a:9f:79:ac:fb:d5:31:bd:4b:2b:ef:58:ee:99:e6:d7:90:38:70:83:5d:b1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:57.213229000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495177.213229000", + "frame.time_delta": "0.000442000", + "frame.time_delta_displayed": "0.000442000", + "frame.time_relative": "1585.752543000", + "frame.number": "5665", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000967f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007700", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "75696", + "tcp.ack": "17022", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000191f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:1c:61:a7:a1:07:eb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2563169, TSecr 2812348395": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2563169", + "tcp.options.timestamp.tsecr": "2812348395" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5664", + "tcp.analysis.ack_rtt": "0.000442000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:57.263795000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495177.263795000", + "frame.time_delta": "0.050566000", + "frame.time_delta_displayed": "0.050566000", + "frame.time_relative": "1585.803109000", + "frame.number": "5666", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000216b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000b823", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:57.264907000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495177.264907000", + "frame.time_delta": "0.001112000", + "frame.time_delta_displayed": "0.001112000", + "frame.time_relative": "1585.804221000", + "frame.number": "5667", + "frame.len": "211", + "frame.cap_len": "211", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "197", + "ip.id": "0x0000a4fe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00003393", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "177", + "udp.checksum": "0x00009320", + "udp.checksum.status": "2", + "udp.stream": "45" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "4", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { + "dns.resp.name": "_smartthings._tcp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "19", + "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { + "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "4500", + "dns.resp.len": "38", + "dns.txt.length": "6", + "dns.txt": "path=\/", + "dns.txt.length": "19", + "dns.txt": "id=D052A8A1D7EE0001", + "dns.txt.length": "10", + "dns.txt": "type=hubv2" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { + "dns.srv.service": "D052A8A1D7EE0001", + "dns.srv.proto": "_smartthings", + "dns.srv.name": "_tcp.local", + "dns.resp.type": "33", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "25", + "dns.srv.priority": "0", + "dns.srv.weight": "0", + "dns.srv.port": "8081", + "dns.srv.target": "D052A8A1D7EE0001.local" + }, + "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { + "dns.resp.name": "D052A8A1D7EE0001.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "4", + "dns.a": "192.168.0.242" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:57.489144000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495177.489144000", + "frame.time_delta": "0.224237000", + "frame.time_delta_displayed": "0.224237000", + "frame.time_relative": "1586.028458000", + "frame.number": "5668", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x000021a5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000b7e9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:57.623523000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495177.623523000", + "frame.time_delta": "0.134379000", + "frame.time_delta_displayed": "0.134379000", + "frame.time_relative": "1586.162837000", + "frame.number": "5669", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x00009680", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000759f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "75696", + "tcp.nxtseq": "76048", + "tcp.ack": "17022", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c0cd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:1c:8a:a7:a1:07:eb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2563210, TSecr 2812348395": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2563210", + "tcp.options.timestamp.tsecr": "2812348395" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "352", + "tcp.analysis.push_bytes_sent": "352" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "347", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:21:1c:21:a5:17:b9:4c:f6:6b:60:17:09:c9:03:e5:18:f7:ec:d3:fc:77:84:9d:3e:c7:5c:0a:32:ce:6f:1a:41:86:84:b7:ab:12:31:57:ba:27:ec:8c:26:29:fc:fc:6f:ef:6a:a2:90:c1:ee:e4:cc:8c:2a:f7:82:23:46:d1:45:9a:64:3b:62:99:c5:3b:d8:62:e8:98:26:33:9b:7c:0b:2b:aa:d0:b0:1d:c3:7c:bc:42:02:92:ff:bf:12:5b:21:95:b8:40:11:27:6c:58:a8:1f:ef:b5:aa:52:7c:cb:ba:f1:c2:f3:f2:cf:fd:f7:c9:29:8b:34:9f:e8:09:79:0a:ee:74:f4:d1:13:28:ea:b1:ed:6b:a6:42:5f:5d:4c:05:69:23:02:c3:08:0c:4e:e2:1a:6f:e4:54:8f:b4:ad:49:a2:37:5d:99:ef:81:bf:a9:32:8a:dc:b1:2b:26:e1:5d:47:3a:a4:0a:33:dd:e1:d3:ed:ac:8f:c7:d9:51:49:78:87:94:2d:9f:07:94:0a:03:49:f8:bd:0f:db:e8:ab:0f:09:67:8b:0e:7a:77:77:20:9c:a1:8a:c5:d3:57:b3:cb:b0:f5:3d:91:d8:c0:1f:84:49:d6:ef:ed:5f:cb:4d:ea:37:df:90:f8:df:6d:49:95:a8:e3:b2:6f:5b:aa:2d:03:a8:3f:85:4f:e2:01:87:bd:b6:40:f8:f5:94:ef:c3:10:10:e0:e4:28:67:c0:90:f4:d1:9e:eb:df:7c:60:84:04:8a:f5:ce:52:96:76:72:06:71:c8:5f:eb:25:6f:bf:ec:08:16:23:f4:f7:74:0e:a1:9d:d6:ca:71:70:9a:71:ad:8d:21:06:36:97:53:35:5b:8b:ef:4d:8e:d5:66:cb:06:52:47:28:73" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:57.684248000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495177.684248000", + "frame.time_delta": "0.060725000", + "frame.time_delta_displayed": "0.060725000", + "frame.time_relative": "1586.223562000", + "frame.number": "5670", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d7b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037d5", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "17022", + "tcp.nxtseq": "17069", + "tcp.ack": "76048", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ebcf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:08:61:00:27:1c:8a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812348513, TSecr 2563210": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812348513", + "tcp.options.timestamp.tsecr": "2563210" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5669", + "tcp.analysis.ack_rtt": "0.060725000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:b8:7b:29:f8:4b:47:4e:a4:42:89:78:d3:91:da:4e:28:0d:1a:64:eb:1e:aa:21:33:96:7b:1d:7d:6b:24:56:f2:38:95:43" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:57.684642000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495177.684642000", + "frame.time_delta": "0.000394000", + "frame.time_delta_displayed": "0.000394000", + "frame.time_relative": "1586.223956000", + "frame.number": "5671", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009681", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076fe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "76048", + "tcp.ack": "17069", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000016eb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:1c:90:a7:a1:08:61", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2563216, TSecr 2812348513": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2563216", + "tcp.options.timestamp.tsecr": "2812348513" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5670", + "tcp.analysis.ack_rtt": "0.000394000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:57.710892000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495177.710892000", + "frame.time_delta": "0.026250000", + "frame.time_delta_displayed": "0.026250000", + "frame.time_relative": "1586.250206000", + "frame.number": "5672", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x000021bf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000b7cf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:57.753316000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495177.753316000", + "frame.time_delta": "0.042424000", + "frame.time_delta_displayed": "0.042424000", + "frame.time_relative": "1586.292630000", + "frame.number": "5673", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002ab9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008ca8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "118", + "http.prev_response_in": "5662" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:57.806154000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495177.806154000", + "frame.time_delta": "0.052838000", + "frame.time_delta_displayed": "0.052838000", + "frame.time_relative": "1586.345468000", + "frame.number": "5674", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002abc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008c9c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "119", + "http.prev_response_in": "5673" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:57.858941000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495177.858941000", + "frame.time_delta": "0.052787000", + "frame.time_delta_displayed": "0.052787000", + "frame.time_relative": "1586.398255000", + "frame.number": "5675", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002abd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008ca1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "120", + "http.prev_response_in": "5674" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:58.399178000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495178.399178000", + "frame.time_delta": "0.540237000", + "frame.time_delta_displayed": "0.540237000", + "frame.time_relative": "1586.938492000", + "frame.number": "5676", + "frame.len": "367", + "frame.cap_len": "367", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "353", + "ip.id": "0x00008054", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x00007641", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x00008086", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002a84", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008cdd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "121", + "http.prev_response_in": "5675" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:58.399283000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495178.399283000", + "frame.time_delta": "0.000105000", + "frame.time_delta_displayed": "0.000105000", + "frame.time_relative": "1586.938597000", + "frame.number": "5677", + "frame.len": "376", + "frame.cap_len": "376", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "362", + "ip.id": "0x00008055", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x00007637", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x0000808f", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002a85", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008cd3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "122", + "http.prev_response_in": "5676" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:58.399325000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495178.399325000", + "frame.time_delta": "0.000042000", + "frame.time_delta_displayed": "0.000042000", + "frame.time_relative": "1586.938639000", + "frame.number": "5678", + "frame.len": "370", + "frame.cap_len": "370", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "356", + "ip.id": "0x00008056", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x0000763c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x00008089", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002a8a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008cd4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "123", + "http.prev_response_in": "5677" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:58.400362000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495178.400362000", + "frame.time_delta": "0.001037000", + "frame.time_delta_displayed": "0.001037000", + "frame.time_relative": "1586.939676000", + "frame.number": "5679", + "frame.len": "367", + "frame.cap_len": "367", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "353", + "ip.id": "0x00008057", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x0000763e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x00008086", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002a8f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008cd2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "124", + "http.prev_response_in": "5678" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:58.400410000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495178.400410000", + "frame.time_delta": "0.000048000", + "frame.time_delta_displayed": "0.000048000", + "frame.time_relative": "1586.939724000", + "frame.number": "5680", + "frame.len": "376", + "frame.cap_len": "376", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "362", + "ip.id": "0x00008058", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x00007634", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x0000808f", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002a91", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008cc7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "125", + "http.prev_response_in": "5679" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:58.401125000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495178.401125000", + "frame.time_delta": "0.000715000", + "frame.time_delta_displayed": "0.000715000", + "frame.time_relative": "1586.940439000", + "frame.number": "5681", + "frame.len": "370", + "frame.cap_len": "370", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "356", + "ip.id": "0x00008059", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x00007639", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x00008089", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002a93", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008ccb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "126", + "http.prev_response_in": "5680" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:58.806064000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495178.806064000", + "frame.time_delta": "0.404939000", + "frame.time_delta_displayed": "0.404939000", + "frame.time_relative": "1587.345378000", + "frame.number": "5682", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002ae9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008c78", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "127", + "http.prev_response_in": "5681" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:58.858878000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495178.858878000", + "frame.time_delta": "0.052814000", + "frame.time_delta_displayed": "0.052814000", + "frame.time_relative": "1587.398192000", + "frame.number": "5683", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002aed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008c6b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "128", + "http.prev_response_in": "5682" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:58.882368000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495178.882368000", + "frame.time_delta": "0.023490000", + "frame.time_delta_displayed": "0.023490000", + "frame.time_relative": "1587.421682000", + "frame.number": "5684", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "50:c7:bf:59:d5:84", + "eth.src_tree": { + "eth.src_resolved": "Tp-LinkT_59:d5:84", + "eth.addr": "50:c7:bf:59:d5:84", + "eth.addr_resolved": "Tp-LinkT_59:d5:84", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "50:c7:bf:59:d5:84", + "arp.src.proto_ipv4": "192.168.0.221", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:58.911749000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495178.911749000", + "frame.time_delta": "0.029381000", + "frame.time_delta_displayed": "0.029381000", + "frame.time_relative": "1587.451063000", + "frame.number": "5685", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002af1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008c6d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "129", + "http.prev_response_in": "5683" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:59.558439000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495179.558439000", + "frame.time_delta": "0.646690000", + "frame.time_delta_displayed": "0.646690000", + "frame.time_relative": "1588.097753000", + "frame.number": "5686", + "frame.len": "367", + "frame.cap_len": "367", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "353", + "ip.id": "0x0000808d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x00007608", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x00008086", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002ae9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008c78", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "130", + "http.prev_response_in": "5685" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:59.858029000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495179.858029000", + "frame.time_delta": "0.299590000", + "frame.time_delta_displayed": "0.299590000", + "frame.time_relative": "1588.397343000", + "frame.number": "5687", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002af3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008c6e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "131", + "http.prev_response_in": "5686" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:59.910814000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495179.910814000", + "frame.time_delta": "0.052785000", + "frame.time_delta_displayed": "0.052785000", + "frame.time_relative": "1588.450128000", + "frame.number": "5688", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002af8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008c60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "132", + "http.prev_response_in": "5687" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:12:59.963599000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495179.963599000", + "frame.time_delta": "0.052785000", + "frame.time_delta_displayed": "0.052785000", + "frame.time_relative": "1588.502913000", + "frame.number": "5689", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002afd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008c61", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "133", + "http.prev_response_in": "5688" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:00.158750000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495180.158750000", + "frame.time_delta": "0.195151000", + "frame.time_delta_displayed": "0.195151000", + "frame.time_relative": "1588.698064000", + "frame.number": "5690", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x00001051", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00002992", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49153", + "udp.dstport": "53", + "udp.port": "49153", + "udp.port": "53", + "udp.length": "44", + "udp.checksum": "0x0000f377", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "home.myblossom.com: type A, class IN": { + "dns.qry.name": "home.myblossom.com", + "dns.qry.name.len": "18", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:00.160632000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495180.160632000", + "frame.time_delta": "0.001882000", + "frame.time_delta_displayed": "0.001882000", + "frame.time_relative": "1588.699946000", + "frame.number": "5691", + "frame.len": "423", + "frame.cap_len": "423", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "409", + "ip.id": "0x0000daa5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dce4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49153", + "udp.port": "53", + "udp.port": "49153", + "udp.length": "389", + "udp.checksum": "0x00008360", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.response_to": "5690", + "dns.time": "0.001882000", + "dns.id": "0x00000000", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "2", + "dns.count.auth_rr": "4", + "dns.count.add_rr": "8", + "Queries": { + "home.myblossom.com: type A, class IN": { + "dns.qry.name": "home.myblossom.com", + "dns.qry.name.len": "18", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "home.myblossom.com: type A, class IN, addr 54.153.31.0": { + "dns.resp.name": "home.myblossom.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2", + "dns.resp.len": "4", + "dns.a": "54.153.31.0" + }, + "home.myblossom.com: type A, class IN, addr 54.219.161.163": { + "dns.resp.name": "home.myblossom.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2", + "dns.resp.len": "4", + "dns.a": "54.219.161.163" + } + }, + "Authoritative nameservers": { + "myblossom.com: type NS, class IN, ns ns-477.awsdns-59.com": { + "dns.resp.name": "myblossom.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57403", + "dns.resp.len": "19", + "dns.ns": "ns-477.awsdns-59.com" + }, + "myblossom.com: type NS, class IN, ns ns-540.awsdns-03.net": { + "dns.resp.name": "myblossom.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57403", + "dns.resp.len": "22", + "dns.ns": "ns-540.awsdns-03.net" + }, + "myblossom.com: type NS, class IN, ns ns-1743.awsdns-25.co.uk": { + "dns.resp.name": "myblossom.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57403", + "dns.resp.len": "25", + "dns.ns": "ns-1743.awsdns-25.co.uk" + }, + "myblossom.com: type NS, class IN, ns ns-1324.awsdns-37.org": { + "dns.resp.name": "myblossom.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57403", + "dns.resp.len": "23", + "dns.ns": "ns-1324.awsdns-37.org" + } + }, + "Additional records": { + "ns-477.awsdns-59.com: type A, class IN, addr 205.251.193.221": { + "dns.resp.name": "ns-477.awsdns-59.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "100950", + "dns.resp.len": "4", + "dns.a": "205.251.193.221" + }, + "ns-540.awsdns-03.net: type A, class IN, addr 205.251.194.28": { + "dns.resp.name": "ns-540.awsdns-03.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56937", + "dns.resp.len": "4", + "dns.a": "205.251.194.28" + }, + "ns-1324.awsdns-37.org: type A, class IN, addr 205.251.197.44": { + "dns.resp.name": "ns-1324.awsdns-37.org", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57021", + "dns.resp.len": "4", + "dns.a": "205.251.197.44" + }, + "ns-1743.awsdns-25.co.uk: type A, class IN, addr 205.251.198.207": { + "dns.resp.name": "ns-1743.awsdns-25.co.uk", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57347", + "dns.resp.len": "4", + "dns.a": "205.251.198.207" + }, + "ns-477.awsdns-59.com: type AAAA, class IN, addr 2600:9000:5301:dd00::1": { + "dns.resp.name": "ns-477.awsdns-59.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "100950", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5301:dd00::1" + }, + "ns-540.awsdns-03.net: type AAAA, class IN, addr 2600:9000:5302:1c00::1": { + "dns.resp.name": "ns-540.awsdns-03.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56937", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5302:1c00::1" + }, + "ns-1324.awsdns-37.org: type AAAA, class IN, addr 2600:9000:5305:2c00::1": { + "dns.resp.name": "ns-1324.awsdns-37.org", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57021", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5305:2c00::1" + }, + "ns-1743.awsdns-25.co.uk: type AAAA, class IN, addr 2600:9000:5306:cf00::1": { + "dns.resp.name": "ns-1743.awsdns-25.co.uk", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57347", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5306:cf00::1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:00.167580000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495180.167580000", + "frame.time_delta": "0.006948000", + "frame.time_delta_displayed": "0.006948000", + "frame.time_relative": "1588.706894000", + "frame.number": "5692", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00001052", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000094c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49777", + "tcp.dstport": "80", + "tcp.port": "49777", + "tcp.port": "80", + "tcp.stream": "209", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.checksum": "0x0000c14d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:78", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1400" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:00.181810000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495180.181810000", + "frame.time_delta": "0.014230000", + "frame.time_delta_displayed": "0.014230000", + "frame.time_relative": "1588.721124000", + "frame.number": "5693", + "frame.len": "58", + "frame.cap_len": "58", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "237", + "ip.proto": "6", + "ip.checksum": "0x00007712", + "ip.checksum.status": "2", + "ip.src": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.src_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49777", + "tcp.port": "80", + "tcp.port": "49777", + "tcp.stream": "209", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "26883", + "tcp.window_size": "26883", + "tcp.checksum": "0x00002af7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5692", + "tcp.analysis.ack_rtt": "0.014230000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:00.187594000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495180.187594000", + "frame.time_delta": "0.005784000", + "frame.time_delta_displayed": "0.005784000", + "frame.time_relative": "1588.726908000", + "frame.number": "5694", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001053", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000094c3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49777", + "tcp.dstport": "80", + "tcp.port": "49777", + "tcp.port": "80", + "tcp.stream": "209", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000095d7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5693", + "tcp.analysis.ack_rtt": "0.005784000", + "tcp.analysis.initial_rtt": "0.020014000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:00.666834000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495180.666834000", + "frame.time_delta": "0.479240000", + "frame.time_delta_displayed": "0.479240000", + "frame.time_relative": "1589.206148000", + "frame.number": "5695", + "frame.len": "179", + "frame.cap_len": "179", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "165", + "ip.id": "0x00001054", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x00009445", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49777", + "tcp.dstport": "80", + "tcp.port": "49777", + "tcp.port": "80", + "tcp.stream": "209", + "tcp.len": "125", + "tcp.seq": "1", + "tcp.nxtseq": "126", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00005423", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.020014000", + "tcp.analysis.bytes_in_flight": "125", + "tcp.analysis.push_bytes_sent": "125" + } + }, + "http": { + "GET \/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/parameters\/ HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/parameters\/ HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/parameters\/", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "home.myblossom.com", + "http.request.line": "Host: home.myblossom.com\r\n", + "http.user_agent": "WMSDK", + "http.request.line": "User-Agent: WMSDK\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/home.myblossom.com\/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/parameters\/", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:00.681437000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495180.681437000", + "frame.time_delta": "0.014603000", + "frame.time_delta_displayed": "0.014603000", + "frame.time_relative": "1589.220751000", + "frame.number": "5696", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000026e4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "237", + "ip.proto": "6", + "ip.checksum": "0x00005032", + "ip.checksum.status": "2", + "ip.src": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.src_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49777", + "tcp.port": "80", + "tcp.port": "49777", + "tcp.stream": "209", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "126", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "26883", + "tcp.window_size": "26883", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00004237", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5695", + "tcp.analysis.ack_rtt": "0.014603000", + "tcp.analysis.initial_rtt": "0.020014000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:00.710029000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495180.710029000", + "frame.time_delta": "0.028592000", + "frame.time_delta_displayed": "0.028592000", + "frame.time_relative": "1589.249343000", + "frame.number": "5697", + "frame.len": "485", + "frame.cap_len": "485", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:json" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "471", + "ip.id": "0x000026e5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "237", + "ip.proto": "6", + "ip.checksum": "0x00004e82", + "ip.checksum.status": "2", + "ip.src": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.src_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49777", + "tcp.port": "80", + "tcp.port": "49777", + "tcp.stream": "209", + "tcp.len": "431", + "tcp.seq": "1", + "tcp.nxtseq": "432", + "tcp.ack": "126", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "26883", + "tcp.window_size": "26883", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000584a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.020014000", + "tcp.analysis.bytes_in_flight": "431", + "tcp.analysis.push_bytes_sent": "431" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.response.line": "Allow: GET, HEAD, OPTIONS\r\n", + "http.content_type": "application\/json", + "http.response.line": "Content-Type: application\/json\r\n", + "http.date": "Wed, 01 Nov 2017 00:13:00 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:13:00 GMT\r\n", + "http.server": "nginx\/1.4.6 (Ubuntu)", + "http.response.line": "Server: nginx\/1.4.6 (Ubuntu)\r\n", + "http.response.line": "Vary: Accept, Cookie\r\n", + "http.content_length_header": "219", + "http.content_length_header_tree": { + "http.content_length": "219" + }, + "http.response.line": "Content-Length: 219\r\n", + "http.connection": "keep-alive", + "http.response.line": "Connection: keep-alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.043195000", + "http.request_in": "5695", + "http.file_data": "{\"dim_level\":32,\"pn_keepalive\":0,\"ovc_trip\":350,\"dim_delay\":600,\"wave_boost\":1,\"uap_debug\":0,\"ota_freq\":3720,\"current_time\":\"2017-10-31T17:13:00.711666-07:00\",\"stats_freq\":3600,\"build\":2011,\"psr_switch\":0,\"opn_trip\":40}" + }, + "json": { + "json.object": { + "json.member": { + "json.value.number": "32", + "json.key": "dim_level" + }, + "json.member": { + "json.value.number": "0", + "json.key": "pn_keepalive" + }, + "json.member": { + "json.value.number": "350", + "json.key": "ovc_trip" + }, + "json.member": { + "json.value.number": "600", + "json.key": "dim_delay" + }, + "json.member": { + "json.value.number": "1", + "json.key": "wave_boost" + }, + "json.member": { + "json.value.number": "0", + "json.key": "uap_debug" + }, + "json.member": { + "json.value.number": "3720", + "json.key": "ota_freq" + }, + "json.member": { + "json.value.string": "2017-10-31T17:13:00.711666-07:00", + "json.key": "current_time" + }, + "json.member": { + "json.value.number": "3600", + "json.key": "stats_freq" + }, + "json.member": { + "json.value.number": "2011", + "json.key": "build" + }, + "json.member": { + "json.value.number": "0", + "json.key": "psr_switch" + }, + "json.member": { + "json.value.number": "40", + "json.key": "opn_trip" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:00.723275000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495180.723275000", + "frame.time_delta": "0.013246000", + "frame.time_delta_displayed": "0.013246000", + "frame.time_relative": "1589.262589000", + "frame.number": "5698", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001055", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000094c1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49777", + "tcp.dstport": "80", + "tcp.port": "49777", + "tcp.port": "80", + "tcp.stream": "209", + "tcp.len": "0", + "tcp.seq": "126", + "tcp.ack": "432", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5169", + "tcp.window_size": "5169", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00009559", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5697", + "tcp.analysis.ack_rtt": "0.013246000", + "tcp.analysis.initial_rtt": "0.020014000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:00.736544000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495180.736544000", + "frame.time_delta": "0.013269000", + "frame.time_delta_displayed": "0.013269000", + "frame.time_relative": "1589.275858000", + "frame.number": "5699", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000026e6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "237", + "ip.proto": "6", + "ip.checksum": "0x00005030", + "ip.checksum.status": "2", + "ip.src": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.src_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49777", + "tcp.port": "80", + "tcp.port": "49777", + "tcp.stream": "209", + "tcp.len": "0", + "tcp.seq": "432", + "tcp.ack": "127", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "26883", + "tcp.window_size": "26883", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00004086", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5698", + "tcp.analysis.ack_rtt": "0.013269000", + "tcp.analysis.initial_rtt": "0.020014000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:00.742309000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495180.742309000", + "frame.time_delta": "0.005765000", + "frame.time_delta_displayed": "0.005765000", + "frame.time_relative": "1589.281623000", + "frame.number": "5700", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001056", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000094c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.153.31.0", + "ip.addr": "54.153.31.0", + "ip.dst_host": "54.153.31.0", + "ip.host": "54.153.31.0", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49777", + "tcp.dstport": "80", + "tcp.port": "49777", + "tcp.port": "80", + "tcp.stream": "209", + "tcp.len": "0", + "tcp.seq": "127", + "tcp.ack": "433", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5168", + "tcp.window_size": "5168", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00009559", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5699", + "tcp.analysis.ack_rtt": "0.005765000", + "tcp.analysis.initial_rtt": "0.020014000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:00.910635000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495180.910635000", + "frame.time_delta": "0.168326000", + "frame.time_delta_displayed": "0.168326000", + "frame.time_relative": "1589.449949000", + "frame.number": "5701", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002b4e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008c13", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "134", + "http.prev_response_in": "5689" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:00.968260000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495180.968260000", + "frame.time_delta": "0.057625000", + "frame.time_delta_displayed": "0.057625000", + "frame.time_relative": "1589.507574000", + "frame.number": "5702", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002b53", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008c05", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "135", + "http.prev_response_in": "5701" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:01.021125000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495181.021125000", + "frame.time_delta": "0.052865000", + "frame.time_delta_displayed": "0.052865000", + "frame.time_relative": "1589.560439000", + "frame.number": "5703", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002b56", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008c08", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "136", + "http.prev_response_in": "5702" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:01.264536000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495181.264536000", + "frame.time_delta": "0.243411000", + "frame.time_delta_displayed": "0.243411000", + "frame.time_relative": "1589.803850000", + "frame.number": "5704", + "frame.len": "367", + "frame.cap_len": "367", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "353", + "ip.id": "0x000080ef", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x000075a6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x00008086", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002b4e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008c13", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "137", + "http.prev_response_in": "5703" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:01.341184000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495181.341184000", + "frame.time_delta": "0.076648000", + "frame.time_delta_displayed": "0.076648000", + "frame.time_relative": "1589.880498000", + "frame.number": "5705", + "frame.len": "81", + "frame.cap_len": "81", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "67", + "ip.id": "0x00001057", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00002989", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49153", + "udp.dstport": "53", + "udp.port": "49153", + "udp.port": "53", + "udp.length": "47", + "udp.checksum": "0x000036dd", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "updates.myblossom.com: type A, class IN": { + "dns.qry.name": "updates.myblossom.com", + "dns.qry.name.len": "21", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:01.355492000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495181.355492000", + "frame.time_delta": "0.014308000", + "frame.time_delta_displayed": "0.014308000", + "frame.time_relative": "1589.894806000", + "frame.number": "5706", + "frame.len": "410", + "frame.cap_len": "410", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "396", + "ip.id": "0x0000dad8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dcbe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49153", + "udp.port": "53", + "udp.port": "49153", + "udp.length": "376", + "udp.checksum": "0x00008353", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.response_to": "5705", + "dns.time": "0.014308000", + "dns.id": "0x00000000", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "4", + "dns.count.add_rr": "8", + "Queries": { + "updates.myblossom.com: type A, class IN": { + "dns.qry.name": "updates.myblossom.com", + "dns.qry.name.len": "21", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "updates.myblossom.com: type A, class IN, addr 52.219.24.27": { + "dns.resp.name": "updates.myblossom.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5", + "dns.resp.len": "4", + "dns.a": "52.219.24.27" + } + }, + "Authoritative nameservers": { + "myblossom.com: type NS, class IN, ns ns-540.awsdns-03.net": { + "dns.resp.name": "myblossom.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57402", + "dns.resp.len": "22", + "dns.ns": "ns-540.awsdns-03.net" + }, + "myblossom.com: type NS, class IN, ns ns-1324.awsdns-37.org": { + "dns.resp.name": "myblossom.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57402", + "dns.resp.len": "23", + "dns.ns": "ns-1324.awsdns-37.org" + }, + "myblossom.com: type NS, class IN, ns ns-1743.awsdns-25.co.uk": { + "dns.resp.name": "myblossom.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57402", + "dns.resp.len": "25", + "dns.ns": "ns-1743.awsdns-25.co.uk" + }, + "myblossom.com: type NS, class IN, ns ns-477.awsdns-59.com": { + "dns.resp.name": "myblossom.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57402", + "dns.resp.len": "19", + "dns.ns": "ns-477.awsdns-59.com" + } + }, + "Additional records": { + "ns-477.awsdns-59.com: type A, class IN, addr 205.251.193.221": { + "dns.resp.name": "ns-477.awsdns-59.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "100949", + "dns.resp.len": "4", + "dns.a": "205.251.193.221" + }, + "ns-540.awsdns-03.net: type A, class IN, addr 205.251.194.28": { + "dns.resp.name": "ns-540.awsdns-03.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56936", + "dns.resp.len": "4", + "dns.a": "205.251.194.28" + }, + "ns-1324.awsdns-37.org: type A, class IN, addr 205.251.197.44": { + "dns.resp.name": "ns-1324.awsdns-37.org", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57020", + "dns.resp.len": "4", + "dns.a": "205.251.197.44" + }, + "ns-1743.awsdns-25.co.uk: type A, class IN, addr 205.251.198.207": { + "dns.resp.name": "ns-1743.awsdns-25.co.uk", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57346", + "dns.resp.len": "4", + "dns.a": "205.251.198.207" + }, + "ns-477.awsdns-59.com: type AAAA, class IN, addr 2600:9000:5301:dd00::1": { + "dns.resp.name": "ns-477.awsdns-59.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "100949", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5301:dd00::1" + }, + "ns-540.awsdns-03.net: type AAAA, class IN, addr 2600:9000:5302:1c00::1": { + "dns.resp.name": "ns-540.awsdns-03.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56936", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5302:1c00::1" + }, + "ns-1324.awsdns-37.org: type AAAA, class IN, addr 2600:9000:5305:2c00::1": { + "dns.resp.name": "ns-1324.awsdns-37.org", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57020", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5305:2c00::1" + }, + "ns-1743.awsdns-25.co.uk: type AAAA, class IN, addr 2600:9000:5306:cf00::1": { + "dns.resp.name": "ns-1743.awsdns-25.co.uk", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57346", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5306:cf00::1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:01.362097000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495181.362097000", + "frame.time_delta": "0.006605000", + "frame.time_delta_displayed": "0.006605000", + "frame.time_relative": "1589.901411000", + "frame.number": "5707", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00001058", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x00009d5d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "52.219.24.27", + "ip.addr": "52.219.24.27", + "ip.dst_host": "52.219.24.27", + "ip.host": "52.219.24.27", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Wilmington, DE, 39.564499, -75.597000": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Wilmington, DE", + "ip.geoip.city": "Wilmington, DE", + "ip.geoip.dst_lat": "39.564499", + "ip.geoip.lat": "39.564499", + "ip.geoip.dst_lon": "-75.597", + "ip.geoip.lon": "-75.597" + } + }, + "tcp": { + "tcp.srcport": "49778", + "tcp.dstport": "80", + "tcp.port": "49778", + "tcp.port": "80", + "tcp.stream": "210", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.checksum": "0x00006198", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:78", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1400" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:01.374807000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495181.374807000", + "frame.time_delta": "0.012710000", + "frame.time_delta_displayed": "0.012710000", + "frame.time_relative": "1589.914121000", + "frame.number": "5708", + "frame.len": "58", + "frame.cap_len": "58", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x0000b874", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "44", + "ip.proto": "6", + "ip.checksum": "0x0000c841", + "ip.checksum.status": "2", + "ip.src": "52.219.24.27", + "ip.addr": "52.219.24.27", + "ip.src_host": "52.219.24.27", + "ip.host": "52.219.24.27", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, Wilmington, DE, 39.564499, -75.597000": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Wilmington, DE", + "ip.geoip.city": "Wilmington, DE", + "ip.geoip.src_lat": "39.564499", + "ip.geoip.lat": "39.564499", + "ip.geoip.src_lon": "-75.597", + "ip.geoip.lon": "-75.597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49778", + "tcp.port": "80", + "tcp.port": "49778", + "tcp.stream": "210", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.checksum": "0x000044de", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:98", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1432" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5707", + "tcp.analysis.ack_rtt": "0.012710000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:01.379873000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495181.379873000", + "frame.time_delta": "0.005066000", + "frame.time_delta_displayed": "0.005066000", + "frame.time_relative": "1589.919187000", + "frame.number": "5709", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001059", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x00009d60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "52.219.24.27", + "ip.addr": "52.219.24.27", + "ip.dst_host": "52.219.24.27", + "ip.host": "52.219.24.27", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Wilmington, DE, 39.564499, -75.597000": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Wilmington, DE", + "ip.geoip.city": "Wilmington, DE", + "ip.geoip.dst_lat": "39.564499", + "ip.geoip.lat": "39.564499", + "ip.geoip.dst_lon": "-75.597", + "ip.geoip.lon": "-75.597" + } + }, + "tcp": { + "tcp.srcport": "49778", + "tcp.dstport": "80", + "tcp.port": "49778", + "tcp.port": "80", + "tcp.stream": "210", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00005c7f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5708", + "tcp.analysis.ack_rtt": "0.005066000", + "tcp.analysis.initial_rtt": "0.017776000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:01.861290000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495181.861290000", + "frame.time_delta": "0.481417000", + "frame.time_delta_displayed": "0.481417000", + "frame.time_relative": "1590.400604000", + "frame.number": "5710", + "frame.len": "166", + "frame.cap_len": "166", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "152", + "ip.id": "0x0000105a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x00009cef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "52.219.24.27", + "ip.addr": "52.219.24.27", + "ip.dst_host": "52.219.24.27", + "ip.host": "52.219.24.27", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Wilmington, DE, 39.564499, -75.597000": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Wilmington, DE", + "ip.geoip.city": "Wilmington, DE", + "ip.geoip.dst_lat": "39.564499", + "ip.geoip.lat": "39.564499", + "ip.geoip.dst_lon": "-75.597", + "ip.geoip.lon": "-75.597" + } + }, + "tcp": { + "tcp.srcport": "49778", + "tcp.dstport": "80", + "tcp.port": "49778", + "tcp.port": "80", + "tcp.stream": "210", + "tcp.len": "112", + "tcp.seq": "1", + "tcp.nxtseq": "113", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000018ca", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.017776000", + "tcp.analysis.bytes_in_flight": "112", + "tcp.analysis.push_bytes_sent": "112" + } + }, + "http": { + "GET \/firmware-check\/1\/2011.json?q=0.9.2011&c=ND4JQL HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/firmware-check\/1\/2011.json?q=0.9.2011&c=ND4JQL HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/firmware-check\/1\/2011.json?q=0.9.2011&c=ND4JQL", + "http.request.uri_tree": { + "http.request.uri.path": "\/firmware-check\/1\/2011.json", + "http.request.uri.query": "q=0.9.2011&c=ND4JQL", + "http.request.uri.query_tree": { + "http.request.uri.query.parameter": "q=0.9.2011", + "http.request.uri.query.parameter": "c=ND4JQL" + } + }, + "http.request.version": "HTTP\/1.1" + }, + "http.host": "updates.myblossom.com", + "http.request.line": "Host: updates.myblossom.com\r\n", + "http.user_agent": "WMSDK", + "http.request.line": "User-Agent: WMSDK\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/updates.myblossom.com\/firmware-check\/1\/2011.json?q=0.9.2011&c=ND4JQL", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:01.874060000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495181.874060000", + "frame.time_delta": "0.012770000", + "frame.time_delta_displayed": "0.012770000", + "frame.time_relative": "1590.413374000", + "frame.number": "5711", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000054b4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "236", + "ip.proto": "6", + "ip.checksum": "0x00002c05", + "ip.checksum.status": "2", + "ip.src": "52.219.24.27", + "ip.addr": "52.219.24.27", + "ip.src_host": "52.219.24.27", + "ip.host": "52.219.24.27", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, Wilmington, DE, 39.564499, -75.597000": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Wilmington, DE", + "ip.geoip.city": "Wilmington, DE", + "ip.geoip.src_lat": "39.564499", + "ip.geoip.lat": "39.564499", + "ip.geoip.src_lon": "-75.597", + "ip.geoip.lon": "-75.597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49778", + "tcp.port": "80", + "tcp.port": "49778", + "tcp.stream": "210", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "113", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000038e7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5710", + "tcp.analysis.ack_rtt": "0.012770000", + "tcp.analysis.initial_rtt": "0.017776000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:01.900450000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495181.900450000", + "frame.time_delta": "0.026390000", + "frame.time_delta_displayed": "0.026390000", + "frame.time_relative": "1590.439764000", + "frame.number": "5712", + "frame.len": "403", + "frame.cap_len": "403", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "389", + "ip.id": "0x000054b5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "236", + "ip.proto": "6", + "ip.checksum": "0x00002aa7", + "ip.checksum.status": "2", + "ip.src": "52.219.24.27", + "ip.addr": "52.219.24.27", + "ip.src_host": "52.219.24.27", + "ip.host": "52.219.24.27", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, Wilmington, DE, 39.564499, -75.597000": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Wilmington, DE", + "ip.geoip.city": "Wilmington, DE", + "ip.geoip.src_lat": "39.564499", + "ip.geoip.lat": "39.564499", + "ip.geoip.src_lon": "-75.597", + "ip.geoip.lon": "-75.597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49778", + "tcp.port": "80", + "tcp.port": "49778", + "tcp.stream": "210", + "tcp.len": "349", + "tcp.seq": "1", + "tcp.nxtseq": "350", + "tcp.ack": "113", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00007a61", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.017776000", + "tcp.analysis.bytes_in_flight": "349", + "tcp.analysis.push_bytes_sent": "349" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:78:2d:61:6d:7a:2d:69:64:2d:32:3a:20:78:51:47:35:6d:6e:68:44:54:59:6a:54:73:54:50:41:37:4b:63:50:62:39:6c:36:39:51:4b:37:63:6e:6e:68:62:6e:63:78:41:4a:74:50:31:6f:6b:7a:46:2f:58:30:55:4b:30:59:34:41:4d:66:46:46:42:35:66:67:31:41:67:41:75:58:50:4c:4f:43:75:70:41:3d:0d:0a:78:2d:61:6d:7a:2d:72:65:71:75:65:73:74:2d:69:64:3a:20:34:37:46:31:32:31:34:46:36:38:44:35:38:45:45:39:0d:0a:44:61:74:65:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:31:33:3a:30:32:20:47:4d:54:0d:0a:4c:61:73:74:2d:4d:6f:64:69:66:69:65:64:3a:20:53:61:74:2c:20:30:34:20:4a:75:6e:20:32:30:31:36:20:30:35:3a:33:35:3a:32:39:20:47:4d:54:0d:0a:45:54:61:67:3a:20:22:36:36:64:38:36:64:36:31:31:66:65:36:63:62:66:62:66:61:39:36:30:64:30:31:65:66:30:35:32:66:33:34:22:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6f:63:74:65:74:2d:73:74:72:65:61:6d:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:39:39:0d:0a:53:65:72:76:65:72:3a:20:41:6d:61:7a:6f:6e:53:33:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:01.900511000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495181.900511000", + "frame.time_delta": "0.000061000", + "frame.time_delta_displayed": "0.000061000", + "frame.time_relative": "1590.439825000", + "frame.number": "5713", + "frame.len": "253", + "frame.cap_len": "253", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "239", + "ip.id": "0x000054b6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "236", + "ip.proto": "6", + "ip.checksum": "0x00002b3c", + "ip.checksum.status": "2", + "ip.src": "52.219.24.27", + "ip.addr": "52.219.24.27", + "ip.src_host": "52.219.24.27", + "ip.host": "52.219.24.27", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, Wilmington, DE, 39.564499, -75.597000": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Wilmington, DE", + "ip.geoip.city": "Wilmington, DE", + "ip.geoip.src_lat": "39.564499", + "ip.geoip.lat": "39.564499", + "ip.geoip.src_lon": "-75.597", + "ip.geoip.lon": "-75.597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49778", + "tcp.port": "80", + "tcp.port": "49778", + "tcp.stream": "210", + "tcp.len": "199", + "tcp.seq": "350", + "tcp.nxtseq": "549", + "tcp.ack": "113", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00008640", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.017776000", + "tcp.analysis.bytes_in_flight": "548", + "tcp.analysis.push_bytes_sent": "199" + }, + "tcp.segment_data": "7b:0d:0a:20:20:22:62:75:69:6c:64:22:20:3a:20:20:20:32:30:31:31:2c:0d:0a:20:20:22:66:77:5f:75:72:6c:22:3a:20:22:68:74:74:70:3a:2f:2f:75:70:64:61:74:65:73:2e:6d:79:62:6c:6f:73:73:6f:6d:2e:63:6f:6d:2f:66:69:72:6d:77:61:72:65:2d:63:68:65:63:6b:2f:69:6d:61:67:65:73:2f:31:2f:66:77:2d:30:2e:39:2e:32:30:31:31:2e:62:69:6e:22:2c:0d:0a:20:20:22:66:74:66:73:5f:75:72:6c:22:3a:20:22:68:74:74:70:3a:2f:2f:75:70:64:61:74:65:73:2e:6d:79:62:6c:6f:73:73:6f:6d:2e:63:6f:6d:2f:66:69:72:6d:77:61:72:65:2d:63:68:65:63:6b:2f:69:6d:61:67:65:73:2f:31:2f:66:77:2d:30:2e:39:2e:32:30:31:31:2e:66:74:66:73:22:0d:0a:7d:0d:0a" + }, + "tcp.segments": { + "tcp.segment": "5712", + "tcp.segment": "5713", + "tcp.segment.count": "2", + "tcp.reassembled.length": "548", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:78:2d:61:6d:7a:2d:69:64:2d:32:3a:20:78:51:47:35:6d:6e:68:44:54:59:6a:54:73:54:50:41:37:4b:63:50:62:39:6c:36:39:51:4b:37:63:6e:6e:68:62:6e:63:78:41:4a:74:50:31:6f:6b:7a:46:2f:58:30:55:4b:30:59:34:41:4d:66:46:46:42:35:66:67:31:41:67:41:75:58:50:4c:4f:43:75:70:41:3d:0d:0a:78:2d:61:6d:7a:2d:72:65:71:75:65:73:74:2d:69:64:3a:20:34:37:46:31:32:31:34:46:36:38:44:35:38:45:45:39:0d:0a:44:61:74:65:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:31:33:3a:30:32:20:47:4d:54:0d:0a:4c:61:73:74:2d:4d:6f:64:69:66:69:65:64:3a:20:53:61:74:2c:20:30:34:20:4a:75:6e:20:32:30:31:36:20:30:35:3a:33:35:3a:32:39:20:47:4d:54:0d:0a:45:54:61:67:3a:20:22:36:36:64:38:36:64:36:31:31:66:65:36:63:62:66:62:66:61:39:36:30:64:30:31:65:66:30:35:32:66:33:34:22:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6f:63:74:65:74:2d:73:74:72:65:61:6d:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:39:39:0d:0a:53:65:72:76:65:72:3a:20:41:6d:61:7a:6f:6e:53:33:0d:0a:0d:0a:7b:0d:0a:20:20:22:62:75:69:6c:64:22:20:3a:20:20:20:32:30:31:31:2c:0d:0a:20:20:22:66:77:5f:75:72:6c:22:3a:20:22:68:74:74:70:3a:2f:2f:75:70:64:61:74:65:73:2e:6d:79:62:6c:6f:73:73:6f:6d:2e:63:6f:6d:2f:66:69:72:6d:77:61:72:65:2d:63:68:65:63:6b:2f:69:6d:61:67:65:73:2f:31:2f:66:77:2d:30:2e:39:2e:32:30:31:31:2e:62:69:6e:22:2c:0d:0a:20:20:22:66:74:66:73:5f:75:72:6c:22:3a:20:22:68:74:74:70:3a:2f:2f:75:70:64:61:74:65:73:2e:6d:79:62:6c:6f:73:73:6f:6d:2e:63:6f:6d:2f:66:69:72:6d:77:61:72:65:2d:63:68:65:63:6b:2f:69:6d:61:67:65:73:2f:31:2f:66:77:2d:30:2e:39:2e:32:30:31:31:2e:66:74:66:73:22:0d:0a:7d:0d:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.response.line": "x-amz-id-2: xQG5mnhDTYjTsTPA7KcPb9l69QK7cnnhbncxAJtP1okzF\/X0UK0Y4AMfFFB5fg1AgAuXPLOCupA=\r\n", + "http.response.line": "x-amz-request-id: 47F1214F68D58EE9\r\n", + "http.date": "Wed, 01 Nov 2017 00:13:02 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:13:02 GMT\r\n", + "http.last_modified": "Sat, 04 Jun 2016 05:35:29 GMT", + "http.response.line": "Last-Modified: Sat, 04 Jun 2016 05:35:29 GMT\r\n", + "http.response.line": "ETag: \"66d86d611fe6cbfbfa960d01ef052f34\"\r\n", + "http.content_type": "application\/octet-stream", + "http.response.line": "Content-Type: application\/octet-stream\r\n", + "http.content_length_header": "199", + "http.content_length_header_tree": { + "http.content_length": "199" + }, + "http.response.line": "Content-Length: 199\r\n", + "http.server": "AmazonS3", + "http.response.line": "Server: AmazonS3\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.039221000", + "http.request_in": "5710", + "http.file_data": "{\r\n \"build\" : 2011,\r\n \"fw_url\": \"http:\/\/updates.myblossom.com\/firmware-check\/images\/1\/fw-0.9.2011.bin\",\r\n \"ftfs_url\": \"http:\/\/updates.myblossom.com\/firmware-check\/images\/1\/fw-0.9.2011.ftfs\"\r\n}\r\n" + }, + "media": { + "media.type": "7b:0d:0a:20:20:22:62:75:69:6c:64:22:20:3a:20:20:20:32:30:31:31:2c:0d:0a:20:20:22:66:77:5f:75:72:6c:22:3a:20:22:68:74:74:70:3a:2f:2f:75:70:64:61:74:65:73:2e:6d:79:62:6c:6f:73:73:6f:6d:2e:63:6f:6d:2f:66:69:72:6d:77:61:72:65:2d:63:68:65:63:6b:2f:69:6d:61:67:65:73:2f:31:2f:66:77:2d:30:2e:39:2e:32:30:31:31:2e:62:69:6e:22:2c:0d:0a:20:20:22:66:74:66:73:5f:75:72:6c:22:3a:20:22:68:74:74:70:3a:2f:2f:75:70:64:61:74:65:73:2e:6d:79:62:6c:6f:73:73:6f:6d:2e:63:6f:6d:2f:66:69:72:6d:77:61:72:65:2d:63:68:65:63:6b:2f:69:6d:61:67:65:73:2f:31:2f:66:77:2d:30:2e:39:2e:32:30:31:31:2e:66:74:66:73:22:0d:0a:7d:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:01.906655000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495181.906655000", + "frame.time_delta": "0.006144000", + "frame.time_delta_displayed": "0.006144000", + "frame.time_relative": "1590.445969000", + "frame.number": "5714", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000105b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x00009d5e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "52.219.24.27", + "ip.addr": "52.219.24.27", + "ip.dst_host": "52.219.24.27", + "ip.host": "52.219.24.27", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Wilmington, DE, 39.564499, -75.597000": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Wilmington, DE", + "ip.geoip.city": "Wilmington, DE", + "ip.geoip.dst_lat": "39.564499", + "ip.geoip.lat": "39.564499", + "ip.geoip.dst_lon": "-75.597", + "ip.geoip.lon": "-75.597" + } + }, + "tcp": { + "tcp.srcport": "49778", + "tcp.dstport": "80", + "tcp.port": "49778", + "tcp.port": "80", + "tcp.stream": "210", + "tcp.len": "0", + "tcp.seq": "113", + "tcp.ack": "549", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5052", + "tcp.window_size": "5052", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00005c0f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5713", + "tcp.analysis.ack_rtt": "0.006144000", + "tcp.analysis.initial_rtt": "0.017776000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:01.911689000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495181.911689000", + "frame.time_delta": "0.005034000", + "frame.time_delta_displayed": "0.005034000", + "frame.time_relative": "1590.451003000", + "frame.number": "5715", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000105c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x00009d5d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "52.219.24.27", + "ip.addr": "52.219.24.27", + "ip.dst_host": "52.219.24.27", + "ip.host": "52.219.24.27", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Wilmington, DE, 39.564499, -75.597000": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Wilmington, DE", + "ip.geoip.city": "Wilmington, DE", + "ip.geoip.dst_lat": "39.564499", + "ip.geoip.lat": "39.564499", + "ip.geoip.dst_lon": "-75.597", + "ip.geoip.lon": "-75.597" + } + }, + "tcp": { + "tcp.srcport": "49778", + "tcp.dstport": "80", + "tcp.port": "49778", + "tcp.port": "80", + "tcp.stream": "210", + "tcp.len": "0", + "tcp.seq": "113", + "tcp.ack": "549", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5052", + "tcp.window_size": "5052", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00005c0e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:01.923953000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495181.923953000", + "frame.time_delta": "0.012264000", + "frame.time_delta_displayed": "0.012264000", + "frame.time_relative": "1590.463267000", + "frame.number": "5716", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000054b7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "236", + "ip.proto": "6", + "ip.checksum": "0x00002c02", + "ip.checksum.status": "2", + "ip.src": "52.219.24.27", + "ip.addr": "52.219.24.27", + "ip.src_host": "52.219.24.27", + "ip.host": "52.219.24.27", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, Wilmington, DE, 39.564499, -75.597000": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Wilmington, DE", + "ip.geoip.city": "Wilmington, DE", + "ip.geoip.src_lat": "39.564499", + "ip.geoip.lat": "39.564499", + "ip.geoip.src_lon": "-75.597", + "ip.geoip.lon": "-75.597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49778", + "tcp.port": "80", + "tcp.port": "49778", + "tcp.stream": "210", + "tcp.len": "0", + "tcp.seq": "549", + "tcp.ack": "114", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000036c1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5715", + "tcp.analysis.ack_rtt": "0.012264000", + "tcp.analysis.initial_rtt": "0.017776000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:01.930627000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495181.930627000", + "frame.time_delta": "0.006674000", + "frame.time_delta_displayed": "0.006674000", + "frame.time_relative": "1590.469941000", + "frame.number": "5717", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000105d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x00009d5c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "52.219.24.27", + "ip.addr": "52.219.24.27", + "ip.dst_host": "52.219.24.27", + "ip.host": "52.219.24.27", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Wilmington, DE, 39.564499, -75.597000": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Wilmington, DE", + "ip.geoip.city": "Wilmington, DE", + "ip.geoip.dst_lat": "39.564499", + "ip.geoip.lat": "39.564499", + "ip.geoip.dst_lon": "-75.597", + "ip.geoip.lon": "-75.597" + } + }, + "tcp": { + "tcp.srcport": "49778", + "tcp.dstport": "80", + "tcp.port": "49778", + "tcp.port": "80", + "tcp.stream": "210", + "tcp.len": "0", + "tcp.seq": "114", + "tcp.ack": "550", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5051", + "tcp.window_size": "5051", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00005c0e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5716", + "tcp.analysis.ack_rtt": "0.006674000", + "tcp.analysis.initial_rtt": "0.017776000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:02.073670000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495182.073670000", + "frame.time_delta": "0.143043000", + "frame.time_delta_displayed": "0.143043000", + "frame.time_relative": "1590.612984000", + "frame.number": "5718", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002ba2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008bbf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "138", + "http.prev_response_in": "5704" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:02.126527000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495182.126527000", + "frame.time_delta": "0.052857000", + "frame.time_delta_displayed": "0.052857000", + "frame.time_relative": "1590.665841000", + "frame.number": "5719", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002ba3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008bb5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "139", + "http.prev_response_in": "5718" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:02.179443000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495182.179443000", + "frame.time_delta": "0.052916000", + "frame.time_delta_displayed": "0.052916000", + "frame.time_relative": "1590.718757000", + "frame.number": "5720", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002ba9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008bb5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "140", + "http.prev_response_in": "5719" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:02.224213000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495182.224213000", + "frame.time_delta": "0.044770000", + "frame.time_delta_displayed": "0.044770000", + "frame.time_relative": "1590.763527000", + "frame.number": "5721", + "frame.len": "367", + "frame.cap_len": "367", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "353", + "ip.id": "0x0000812c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x00007569", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x00008086", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002ba2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008bbf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "141", + "http.prev_response_in": "5720" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:02.690193000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495182.690193000", + "frame.time_delta": "0.465980000", + "frame.time_delta_displayed": "0.465980000", + "frame.time_relative": "1591.229507000", + "frame.number": "5722", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:02.690626000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495182.690626000", + "frame.time_delta": "0.000433000", + "frame.time_delta_displayed": "0.000433000", + "frame.time_relative": "1591.229940000", + "frame.number": "5723", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:03.126295000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495183.126295000", + "frame.time_delta": "0.435669000", + "frame.time_delta_displayed": "0.435669000", + "frame.time_relative": "1591.665609000", + "frame.number": "5724", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002bc6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008b9b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "142", + "http.prev_response_in": "5721" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:03.179154000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495183.179154000", + "frame.time_delta": "0.052859000", + "frame.time_delta_displayed": "0.052859000", + "frame.time_relative": "1591.718468000", + "frame.number": "5725", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002bcc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008b8c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "143", + "http.prev_response_in": "5724" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:03.231886000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495183.231886000", + "frame.time_delta": "0.052732000", + "frame.time_delta_displayed": "0.052732000", + "frame.time_relative": "1591.771200000", + "frame.number": "5726", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002bd1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008b8d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "144", + "http.prev_response_in": "5725" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:03.246279000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495183.246279000", + "frame.time_delta": "0.014393000", + "frame.time_delta_displayed": "0.014393000", + "frame.time_relative": "1591.785593000", + "frame.number": "5727", + "frame.len": "367", + "frame.cap_len": "367", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "353", + "ip.id": "0x00008174", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x00007521", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x00008086", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002bc6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008b9b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "145", + "http.prev_response_in": "5726" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:03.494976000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495183.494976000", + "frame.time_delta": "0.248697000", + "frame.time_delta_displayed": "0.248697000", + "frame.time_relative": "1592.034290000", + "frame.number": "5728", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002bd2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008b8f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "146", + "http.prev_response_in": "5727" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:03.503402000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495183.503402000", + "frame.time_delta": "0.008426000", + "frame.time_delta_displayed": "0.008426000", + "frame.time_relative": "1592.042716000", + "frame.number": "5729", + "frame.len": "367", + "frame.cap_len": "367", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "353", + "ip.id": "0x00008184", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x00007511", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x00008086", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002bd2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008b8f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "147", + "http.prev_response_in": "5728" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:03.547761000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495183.547761000", + "frame.time_delta": "0.044359000", + "frame.time_delta_displayed": "0.044359000", + "frame.time_relative": "1592.087075000", + "frame.number": "5730", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002bd3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008b85", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "148", + "http.prev_response_in": "5729" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:03.600549000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495183.600549000", + "frame.time_delta": "0.052788000", + "frame.time_delta_displayed": "0.052788000", + "frame.time_relative": "1592.139863000", + "frame.number": "5731", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002bd8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008b86", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "149", + "http.prev_response_in": "5730" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:04.547893000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495184.547893000", + "frame.time_delta": "0.947344000", + "frame.time_delta_displayed": "0.947344000", + "frame.time_relative": "1593.087207000", + "frame.number": "5732", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002c2b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008b36", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "150", + "http.prev_response_in": "5731" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:04.600729000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495184.600729000", + "frame.time_delta": "0.052836000", + "frame.time_delta_displayed": "0.052836000", + "frame.time_relative": "1593.140043000", + "frame.number": "5733", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002c2d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008b2b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "151", + "http.prev_response_in": "5732" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:04.653521000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495184.653521000", + "frame.time_delta": "0.052792000", + "frame.time_delta_displayed": "0.052792000", + "frame.time_relative": "1593.192835000", + "frame.number": "5734", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002c2f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008b2f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "152", + "http.prev_response_in": "5733" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:04.789068000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495184.789068000", + "frame.time_delta": "0.135547000", + "frame.time_delta_displayed": "0.135547000", + "frame.time_relative": "1593.328382000", + "frame.number": "5735", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005818", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a679", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5037", + "tcp.ack": "577", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f0d2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:04.932248000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495184.932248000", + "frame.time_delta": "0.143180000", + "frame.time_delta_displayed": "0.143180000", + "frame.time_relative": "1593.471562000", + "frame.number": "5736", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000fff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd92", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "577", + "tcp.ack": "5038", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fb47", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:05.170234000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495185.170234000", + "frame.time_delta": "0.237986000", + "frame.time_delta_displayed": "0.237986000", + "frame.time_relative": "1593.709548000", + "frame.number": "5737", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.120" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:05.175619000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495185.175619000", + "frame.time_delta": "0.005385000", + "frame.time_delta_displayed": "0.005385000", + "frame.time_relative": "1593.714933000", + "frame.number": "5738", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "e4:95:6e:b0:20:39", + "arp.src.proto_ipv4": "192.168.0.120", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:05.336790000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495185.336790000", + "frame.time_delta": "0.161171000", + "frame.time_delta_displayed": "0.161171000", + "frame.time_relative": "1593.876104000", + "frame.number": "5739", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002c40", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008b21", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "153", + "http.prev_response_in": "5734" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:05.389812000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495185.389812000", + "frame.time_delta": "0.053022000", + "frame.time_delta_displayed": "0.053022000", + "frame.time_relative": "1593.929126000", + "frame.number": "5740", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002c44", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008b14", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "154", + "http.prev_response_in": "5739" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:05.442618000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495185.442618000", + "frame.time_delta": "0.052806000", + "frame.time_delta_displayed": "0.052806000", + "frame.time_relative": "1593.981932000", + "frame.number": "5741", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002c49", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008b15", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "155", + "http.prev_response_in": "5740" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:05.504354000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495185.504354000", + "frame.time_delta": "0.061736000", + "frame.time_delta_displayed": "0.061736000", + "frame.time_relative": "1594.043668000", + "frame.number": "5742", + "frame.len": "367", + "frame.cap_len": "367", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "353", + "ip.id": "0x000081e2", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x000074b3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x00008086", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002c2b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008b36", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "156", + "http.prev_response_in": "5741" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:05.504477000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495185.504477000", + "frame.time_delta": "0.000123000", + "frame.time_delta_displayed": "0.000123000", + "frame.time_relative": "1594.043791000", + "frame.number": "5743", + "frame.len": "376", + "frame.cap_len": "376", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "362", + "ip.id": "0x000081e3", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x000074a9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x0000808f", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002c2d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008b2b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "157", + "http.prev_response_in": "5742" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:05.610638000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495185.610638000", + "frame.time_delta": "0.106161000", + "frame.time_delta_displayed": "0.106161000", + "frame.time_relative": "1594.149952000", + "frame.number": "5744", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:06.389391000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495186.389391000", + "frame.time_delta": "0.778753000", + "frame.time_delta_displayed": "0.778753000", + "frame.time_relative": "1594.928705000", + "frame.number": "5745", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002c4f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008b12", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "158", + "http.prev_response_in": "5743" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:06.442289000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495186.442289000", + "frame.time_delta": "0.052898000", + "frame.time_delta_displayed": "0.052898000", + "frame.time_relative": "1594.981603000", + "frame.number": "5746", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002c52", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008b06", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "159", + "http.prev_response_in": "5745" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:06.495094000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495186.495094000", + "frame.time_delta": "0.052805000", + "frame.time_delta_displayed": "0.052805000", + "frame.time_relative": "1595.034408000", + "frame.number": "5747", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002c56", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008b08", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "160", + "http.prev_response_in": "5746" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:06.642507000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495186.642507000", + "frame.time_delta": "0.147413000", + "frame.time_delta_displayed": "0.147413000", + "frame.time_relative": "1595.181821000", + "frame.number": "5748", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005dea", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x000059ff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:07.026590000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495187.026590000", + "frame.time_delta": "0.384083000", + "frame.time_delta_displayed": "0.384083000", + "frame.time_relative": "1595.565904000", + "frame.number": "5749", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002c66", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008afb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "161", + "http.prev_response_in": "5747" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:07.079287000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495187.079287000", + "frame.time_delta": "0.052697000", + "frame.time_delta_displayed": "0.052697000", + "frame.time_relative": "1595.618601000", + "frame.number": "5750", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002c69", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008aef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "162", + "http.prev_response_in": "5749" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:07.132071000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495187.132071000", + "frame.time_delta": "0.052784000", + "frame.time_delta_displayed": "0.052784000", + "frame.time_relative": "1595.671385000", + "frame.number": "5751", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002c6b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008af3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "163", + "http.prev_response_in": "5750" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:07.196274000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495187.196274000", + "frame.time_delta": "0.064203000", + "frame.time_delta_displayed": "0.064203000", + "frame.time_relative": "1595.735588000", + "frame.number": "5752", + "frame.len": "367", + "frame.cap_len": "367", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "353", + "ip.id": "0x00008216", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x0000747f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x00008086", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002c4f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008b12", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "164", + "http.prev_response_in": "5751" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:07.659642000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495187.659642000", + "frame.time_delta": "0.463368000", + "frame.time_delta_displayed": "0.463368000", + "frame.time_relative": "1596.198956000", + "frame.number": "5753", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f82", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b86e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001571", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000284", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=644", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:07.660190000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495187.660190000", + "frame.time_delta": "0.000548000", + "frame.time_delta_displayed": "0.000548000", + "frame.time_relative": "1596.199504000", + "frame.number": "5754", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f83", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009969", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f66c", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000284", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=644", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:07.660802000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495187.660802000", + "frame.time_delta": "0.000612000", + "frame.time_delta_displayed": "0.000612000", + "frame.time_relative": "1596.200116000", + "frame.number": "5755", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008432", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000284", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=644", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:08.078666000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495188.078666000", + "frame.time_delta": "0.417864000", + "frame.time_delta_displayed": "0.417864000", + "frame.time_relative": "1596.617980000", + "frame.number": "5756", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002cb1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008ab0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "165", + "http.prev_response_in": "5752" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:08.131527000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495188.131527000", + "frame.time_delta": "0.052861000", + "frame.time_delta_displayed": "0.052861000", + "frame.time_relative": "1596.670841000", + "frame.number": "5757", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002cb7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008aa1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "166", + "http.prev_response_in": "5756" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:08.162934000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495188.162934000", + "frame.time_delta": "0.031407000", + "frame.time_delta_displayed": "0.031407000", + "frame.time_relative": "1596.702248000", + "frame.number": "5758", + "frame.len": "367", + "frame.cap_len": "367", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "353", + "ip.id": "0x0000822f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x00007466", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x00008086", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002cb1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008ab0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "167", + "http.prev_response_in": "5757" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:08.184306000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495188.184306000", + "frame.time_delta": "0.021372000", + "frame.time_delta_displayed": "0.021372000", + "frame.time_relative": "1596.723620000", + "frame.number": "5759", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002cb8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008aa6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "168", + "http.prev_response_in": "5758" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:08.394866000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495188.394866000", + "frame.time_delta": "0.210560000", + "frame.time_delta_displayed": "0.210560000", + "frame.time_relative": "1596.934180000", + "frame.number": "5760", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002ccb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008a96", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "169", + "http.prev_response_in": "5759" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:08.447754000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495188.447754000", + "frame.time_delta": "0.052888000", + "frame.time_delta_displayed": "0.052888000", + "frame.time_relative": "1596.987068000", + "frame.number": "5761", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002cce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008a8a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "170", + "http.prev_response_in": "5760" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:08.500539000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495188.500539000", + "frame.time_delta": "0.052785000", + "frame.time_delta_displayed": "0.052785000", + "frame.time_relative": "1597.039853000", + "frame.number": "5762", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002cd1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008a8d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "171", + "http.prev_response_in": "5761" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:09.188771000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495189.188771000", + "frame.time_delta": "0.688232000", + "frame.time_delta_displayed": "0.688232000", + "frame.time_relative": "1597.728085000", + "frame.number": "5763", + "frame.len": "367", + "frame.cap_len": "367", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "353", + "ip.id": "0x00008267", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x0000742e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x00008086", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002ccb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008a96", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "172", + "http.prev_response_in": "5762" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:09.361397000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495189.361397000", + "frame.time_delta": "0.172626000", + "frame.time_delta_displayed": "0.172626000", + "frame.time_relative": "1597.900711000", + "frame.number": "5764", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x000021fb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000b75e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:09.452287000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495189.452287000", + "frame.time_delta": "0.090890000", + "frame.time_delta_displayed": "0.090890000", + "frame.time_relative": "1597.991601000", + "frame.number": "5765", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002d14", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008a4d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "173", + "http.prev_response_in": "5763" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:09.505101000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495189.505101000", + "frame.time_delta": "0.052814000", + "frame.time_delta_displayed": "0.052814000", + "frame.time_relative": "1598.044415000", + "frame.number": "5766", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002d17", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008a41", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "174", + "http.prev_response_in": "5765" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:09.557863000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495189.557863000", + "frame.time_delta": "0.052762000", + "frame.time_delta_displayed": "0.052762000", + "frame.time_relative": "1598.097177000", + "frame.number": "5767", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002d19", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008a45", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "175", + "http.prev_response_in": "5766" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:09.799042000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495189.799042000", + "frame.time_delta": "0.241179000", + "frame.time_delta_displayed": "0.241179000", + "frame.time_relative": "1598.338356000", + "frame.number": "5768", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:09.799242000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495189.799242000", + "frame.time_delta": "0.000200000", + "frame.time_delta_displayed": "0.000200000", + "frame.time_relative": "1598.338556000", + "frame.number": "5769", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:10.136587000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495190.136587000", + "frame.time_delta": "0.337345000", + "frame.time_delta_displayed": "0.337345000", + "frame.time_relative": "1598.675901000", + "frame.number": "5770", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002d1b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008a46", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "176", + "http.prev_response_in": "5767" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:10.189316000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495190.189316000", + "frame.time_delta": "0.052729000", + "frame.time_delta_displayed": "0.052729000", + "frame.time_relative": "1598.728630000", + "frame.number": "5771", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002d1c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008a3c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "177", + "http.prev_response_in": "5770" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:10.242110000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495190.242110000", + "frame.time_delta": "0.052794000", + "frame.time_delta_displayed": "0.052794000", + "frame.time_relative": "1598.781424000", + "frame.number": "5772", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002d1e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008a40", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "178", + "http.prev_response_in": "5771" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:11.095125000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495191.095125000", + "frame.time_delta": "0.853015000", + "frame.time_delta_displayed": "0.853015000", + "frame.time_relative": "1599.634439000", + "frame.number": "5773", + "frame.len": "367", + "frame.cap_len": "367", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "353", + "ip.id": "0x0000830f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x00007386", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x00008086", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002d14", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008a4d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "179", + "http.prev_response_in": "5772" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:11.095245000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495191.095245000", + "frame.time_delta": "0.000120000", + "frame.time_delta_displayed": "0.000120000", + "frame.time_relative": "1599.634559000", + "frame.number": "5774", + "frame.len": "376", + "frame.cap_len": "376", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "362", + "ip.id": "0x00008310", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x0000737c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x0000808f", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002d17", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008a41", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "180", + "http.prev_response_in": "5773" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:11.141717000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495191.141717000", + "frame.time_delta": "0.046472000", + "frame.time_delta_displayed": "0.046472000", + "frame.time_relative": "1599.681031000", + "frame.number": "5775", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002d49", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008a18", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "181", + "http.prev_response_in": "5774" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:11.194476000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495191.194476000", + "frame.time_delta": "0.052759000", + "frame.time_delta_displayed": "0.052759000", + "frame.time_relative": "1599.733790000", + "frame.number": "5776", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002d4e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008a0a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "182", + "http.prev_response_in": "5775" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:11.247217000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495191.247217000", + "frame.time_delta": "0.052741000", + "frame.time_delta_displayed": "0.052741000", + "frame.time_relative": "1599.786531000", + "frame.number": "5777", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002d53", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008a0b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "183", + "http.prev_response_in": "5776" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:11.510281000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495191.510281000", + "frame.time_delta": "0.263064000", + "frame.time_delta_displayed": "0.263064000", + "frame.time_relative": "1600.049595000", + "frame.number": "5778", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002d5b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008a06", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "184", + "http.prev_response_in": "5777" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:11.563081000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495191.563081000", + "frame.time_delta": "0.052800000", + "frame.time_delta_displayed": "0.052800000", + "frame.time_relative": "1600.102395000", + "frame.number": "5779", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002d5d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000089fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "185", + "http.prev_response_in": "5778" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:11.615916000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495191.615916000", + "frame.time_delta": "0.052835000", + "frame.time_delta_displayed": "0.052835000", + "frame.time_relative": "1600.155230000", + "frame.number": "5780", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002d5f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000089ff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "186", + "http.prev_response_in": "5779" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:12.326073000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495192.326073000", + "frame.time_delta": "0.710157000", + "frame.time_delta_displayed": "0.710157000", + "frame.time_relative": "1600.865387000", + "frame.number": "5781", + "frame.len": "367", + "frame.cap_len": "367", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "353", + "ip.id": "0x00008382", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x00007313", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x00008086", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002d5b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008a06", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "187", + "http.prev_response_in": "5780" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:12.563374000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495192.563374000", + "frame.time_delta": "0.237301000", + "frame.time_delta_displayed": "0.237301000", + "frame.time_relative": "1601.102688000", + "frame.number": "5782", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002d6e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000089f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "188", + "http.prev_response_in": "5781" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:12.616170000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495192.616170000", + "frame.time_delta": "0.052796000", + "frame.time_delta_displayed": "0.052796000", + "frame.time_relative": "1601.155484000", + "frame.number": "5783", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002d72", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000089e6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "189", + "http.prev_response_in": "5782" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:12.660824000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495192.660824000", + "frame.time_delta": "0.044654000", + "frame.time_delta_displayed": "0.044654000", + "frame.time_relative": "1601.200138000", + "frame.number": "5784", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f84", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b86c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001571", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000284", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=644", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:12.661303000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495192.661303000", + "frame.time_delta": "0.000479000", + "frame.time_delta_displayed": "0.000479000", + "frame.time_relative": "1601.200617000", + "frame.number": "5785", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f85", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009967", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f66c", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000284", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=644", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:12.661817000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495192.661817000", + "frame.time_delta": "0.000514000", + "frame.time_delta_displayed": "0.000514000", + "frame.time_relative": "1601.201131000", + "frame.number": "5786", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008432", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000284", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=644", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:12.669120000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495192.669120000", + "frame.time_delta": "0.007303000", + "frame.time_delta_displayed": "0.007303000", + "frame.time_relative": "1601.208434000", + "frame.number": "5787", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002d76", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000089e8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "190", + "http.prev_response_in": "5783" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:13.281942000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495193.281942000", + "frame.time_delta": "0.612822000", + "frame.time_delta_displayed": "0.612822000", + "frame.time_relative": "1601.821256000", + "frame.number": "5788", + "frame.len": "367", + "frame.cap_len": "367", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "353", + "ip.id": "0x000083a4", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x000072f1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x00008086", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002d6e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000089f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "191", + "http.prev_response_in": "5787" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:13.352819000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495193.352819000", + "frame.time_delta": "0.070877000", + "frame.time_delta_displayed": "0.070877000", + "frame.time_relative": "1601.892133000", + "frame.number": "5789", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002daa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000089b7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "192", + "http.prev_response_in": "5788" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:13.405567000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495193.405567000", + "frame.time_delta": "0.052748000", + "frame.time_delta_displayed": "0.052748000", + "frame.time_relative": "1601.944881000", + "frame.number": "5790", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002dad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000089ab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "193", + "http.prev_response_in": "5789" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:13.415691000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495193.415691000", + "frame.time_delta": "0.010124000", + "frame.time_delta_displayed": "0.010124000", + "frame.time_relative": "1601.955005000", + "frame.number": "5791", + "frame.len": "376", + "frame.cap_len": "376", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "362", + "ip.id": "0x000083a5", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x000072e7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x0000808f", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002dad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000089ab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "194", + "http.prev_response_in": "5790" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:13.458474000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495193.458474000", + "frame.time_delta": "0.042783000", + "frame.time_delta_displayed": "0.042783000", + "frame.time_relative": "1601.997788000", + "frame.number": "5792", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002daf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000089af", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "195", + "http.prev_response_in": "5791" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:14.405202000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495194.405202000", + "frame.time_delta": "0.946728000", + "frame.time_delta_displayed": "0.946728000", + "frame.time_relative": "1602.944516000", + "frame.number": "5793", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002db5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000089ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "196", + "http.prev_response_in": "5792" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:14.458102000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495194.458102000", + "frame.time_delta": "0.052900000", + "frame.time_delta_displayed": "0.052900000", + "frame.time_relative": "1602.997416000", + "frame.number": "5794", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002db8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000089a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "197", + "http.prev_response_in": "5793" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:14.511361000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495194.511361000", + "frame.time_delta": "0.053259000", + "frame.time_delta_displayed": "0.053259000", + "frame.time_relative": "1603.050675000", + "frame.number": "5795", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002dbe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000089a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "198", + "http.prev_response_in": "5794" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:15.037400000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495195.037400000", + "frame.time_delta": "0.526039000", + "frame.time_delta_displayed": "0.526039000", + "frame.time_relative": "1603.576714000", + "frame.number": "5796", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002dd8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008989", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "199", + "http.prev_response_in": "5795" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:15.090403000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495195.090403000", + "frame.time_delta": "0.053003000", + "frame.time_delta_displayed": "0.053003000", + "frame.time_relative": "1603.629717000", + "frame.number": "5797", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002ddb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000897d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "200", + "http.prev_response_in": "5796" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:15.123446000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495195.123446000", + "frame.time_delta": "0.033043000", + "frame.time_delta_displayed": "0.033043000", + "frame.time_relative": "1603.662760000", + "frame.number": "5798", + "frame.len": "367", + "frame.cap_len": "367", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "353", + "ip.id": "0x00008449", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x0000724c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x00008086", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002db5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000089ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "201", + "http.prev_response_in": "5797" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:15.142979000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495195.142979000", + "frame.time_delta": "0.019533000", + "frame.time_delta_displayed": "0.019533000", + "frame.time_relative": "1603.682293000", + "frame.number": "5799", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002de0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000897e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "202", + "http.prev_response_in": "5798" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:16.090016000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495196.090016000", + "frame.time_delta": "0.947037000", + "frame.time_delta_displayed": "0.947037000", + "frame.time_relative": "1604.629330000", + "frame.number": "5800", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002df8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008969", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "203", + "http.prev_response_in": "5799" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:16.104360000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495196.104360000", + "frame.time_delta": "0.014344000", + "frame.time_delta_displayed": "0.014344000", + "frame.time_relative": "1604.643674000", + "frame.number": "5801", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:16.104740000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495196.104740000", + "frame.time_delta": "0.000380000", + "frame.time_delta_displayed": "0.000380000", + "frame.time_relative": "1604.644054000", + "frame.number": "5802", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "60:f1:89:96:45:f6", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:16.108920000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495196.108920000", + "frame.time_delta": "0.004180000", + "frame.time_delta_displayed": "0.004180000", + "frame.time_relative": "1604.648234000", + "frame.number": "5803", + "frame.len": "367", + "frame.cap_len": "367", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "353", + "ip.id": "0x0000845f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "1", + "ip.checksum": "0x00007236", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmp": { + "icmp.type": "3", + "icmp.code": "3", + "icmp.checksum": "0x00008086", + "icmp.checksum.status": "1", + "icmp.unused": "00:00:00:00", + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002df8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008969", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "204", + "http.prev_response_in": "5800" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:16.142809000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495196.142809000", + "frame.time_delta": "0.033889000", + "frame.time_delta_displayed": "0.033889000", + "frame.time_relative": "1604.682123000", + "frame.number": "5804", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002df9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000895f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "205", + "http.prev_response_in": "5803" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:16.195588000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495196.195588000", + "frame.time_delta": "0.052779000", + "frame.time_delta_displayed": "0.052779000", + "frame.time_relative": "1604.734902000", + "frame.number": "5805", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002dfd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008961", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "206", + "http.prev_response_in": "5804" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:17.660213000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495197.660213000", + "frame.time_delta": "1.464625000", + "frame.time_delta_displayed": "1.464625000", + "frame.time_relative": "1606.199527000", + "frame.number": "5806", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f86", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b86a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001571", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000284", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=644", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:17.660730000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495197.660730000", + "frame.time_delta": "0.000517000", + "frame.time_delta_displayed": "0.000517000", + "frame.time_relative": "1606.200044000", + "frame.number": "5807", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f87", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009965", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f66c", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000284", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=644", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:17.661340000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495197.661340000", + "frame.time_delta": "0.000610000", + "frame.time_delta_displayed": "0.000610000", + "frame.time_relative": "1606.200654000", + "frame.number": "5808", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008432", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000284", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=644", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:17.719841000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495197.719841000", + "frame.time_delta": "0.058501000", + "frame.time_delta_displayed": "0.058501000", + "frame.time_relative": "1606.259155000", + "frame.number": "5809", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ntp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000010", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "4", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x000034a9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d780", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "66.228.42.59", + "ip.addr": "66.228.42.59", + "ip.dst_host": "66.228.42.59", + "ip.host": "66.228.42.59", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS63949 Linode, LLC, Absecon, NJ, 39.489899, -74.477303": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS63949 Linode, LLC", + "ip.geoip.asnum": "AS63949 Linode, LLC", + "ip.geoip.dst_city": "Absecon, NJ", + "ip.geoip.city": "Absecon, NJ", + "ip.geoip.dst_lat": "39.489899", + "ip.geoip.lat": "39.489899", + "ip.geoip.dst_lon": "-74.477303", + "ip.geoip.lon": "-74.477303" + } + }, + "udp": { + "udp.srcport": "48446", + "udp.dstport": "123", + "udp.port": "48446", + "udp.port": "123", + "udp.length": "56", + "udp.checksum": "0x0000944a", + "udp.checksum.status": "2", + "udp.stream": "131" + }, + "ntp": { + "ntp.flags": "0x00000023", + "ntp.flags_tree": { + "ntp.flags.li": "0", + "ntp.flags.vn": "4", + "ntp.flags.mode": "3" + }, + "ntp.stratum": "0", + "ntp.ppoll": "0", + "ntp.precision": "0", + "ntp.rootdelay": "0", + "ntp.rootdispersion": "0", + "ntp.refid": "00:00:00:00", + "ntp.reftime": "Dec 31, 1969 16:00:00.000000000 PST", + "ntp.org": "Dec 31, 1969 16:00:00.000000000 PST", + "ntp.rec": "Dec 31, 1969 16:00:00.000000000 PST", + "ntp.xmt": "Jul 9, 2101 03:04:58.133193000 PDT" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:17.795676000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495197.795676000", + "frame.time_delta": "0.075835000", + "frame.time_delta_displayed": "0.075835000", + "frame.time_relative": "1606.334990000", + "frame.number": "5810", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ntp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "46", + "ip.proto": "17", + "ip.checksum": "0x00001e3a", + "ip.checksum.status": "2", + "ip.src": "66.228.42.59", + "ip.addr": "66.228.42.59", + "ip.src_host": "66.228.42.59", + "ip.host": "66.228.42.59", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS63949 Linode, LLC, Absecon, NJ, 39.489899, -74.477303": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS63949 Linode, LLC", + "ip.geoip.asnum": "AS63949 Linode, LLC", + "ip.geoip.src_city": "Absecon, NJ", + "ip.geoip.city": "Absecon, NJ", + "ip.geoip.src_lat": "39.489899", + "ip.geoip.lat": "39.489899", + "ip.geoip.src_lon": "-74.477303", + "ip.geoip.lon": "-74.477303" + }, + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "123", + "udp.dstport": "48446", + "udp.port": "123", + "udp.port": "48446", + "udp.length": "56", + "udp.checksum": "0x0000297c", + "udp.checksum.status": "2", + "udp.stream": "131" + }, + "ntp": { + "ntp.flags": "0x00000024", + "ntp.flags_tree": { + "ntp.flags.li": "0", + "ntp.flags.vn": "4", + "ntp.flags.mode": "4" + }, + "ntp.stratum": "3", + "ntp.ppoll": "3", + "ntp.precision": "-20", + "ntp.rootdelay": "0.100082397460938", + "ntp.rootdispersion": "0.120086669921875", + "ntp.refid": "6d:e5:80:28", + "ntp.reftime": "Oct 31, 2017 16:45:52.723260000 PDT", + "ntp.org": "Jul 9, 2101 03:04:58.133193000 PDT", + "ntp.rec": "Oct 31, 2017 17:13:17.766888000 PDT", + "ntp.xmt": "Oct 31, 2017 17:13:17.766957000 PDT" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:19.257758000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495199.257758000", + "frame.time_delta": "1.462082000", + "frame.time_delta_displayed": "1.462082000", + "frame.time_relative": "1607.797072000", + "frame.number": "5811", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000bce4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000fbd8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "43390", + "udp.dstport": "53", + "udp.port": "43390", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000a500", + "udp.checksum.status": "2", + "udp.stream": "132" + }, + "dns": { + "dns.id": "0x00000f39", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:19.264240000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495199.264240000", + "frame.time_delta": "0.006482000", + "frame.time_delta_displayed": "0.006482000", + "frame.time_relative": "1607.803554000", + "frame.number": "5812", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00009ea2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001866", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "43390", + "udp.port": "53", + "udp.port": "43390", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "132" + }, + "dns": { + "dns.response_to": "5811", + "dns.time": "0.006482000", + "dns.id": "0x00000f39", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "177", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "17652", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.73" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.2" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2503", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2503", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2503", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2503", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2503", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2503", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2503", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2503", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2503", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1375", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 165.254.137.96": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1706", + "dns.resp.len": "4", + "dns.a": "165.254.137.96" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.137.96": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4490", + "dns.resp.len": "4", + "dns.a": "165.254.137.96" + }, + "n3b.akamaiedge.net: type A, class IN, addr 165.254.137.88": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "682", + "dns.resp.len": "4", + "dns.a": "165.254.137.88" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1017", + "dns.resp.len": "4", + "dns.a": "173.197.192.230" + }, + "n5b.akamaiedge.net: type A, class IN, addr 165.254.137.91": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1504", + "dns.resp.len": "4", + "dns.a": "165.254.137.91" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.134.240": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1293", + "dns.resp.len": "4", + "dns.a": "165.254.134.240" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5259", + "dns.resp.len": "4", + "dns.a": "165.254.134.239" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2514", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:19.265088000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495199.265088000", + "frame.time_delta": "0.000848000", + "frame.time_delta_displayed": "0.000848000", + "frame.time_relative": "1607.804402000", + "frame.number": "5813", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000cd19", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ca39", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "173.223.52.73", + "ip.addr": "173.223.52.73", + "ip.dst_host": "173.223.52.73", + "ip.host": "173.223.52.73", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", + "ip.geoip.asnum": "AS20940 Akamai International B.V.", + "ip.geoip.dst_city": "Cambridge, MA", + "ip.geoip.city": "Cambridge, MA", + "ip.geoip.dst_lat": "42.362598", + "ip.geoip.lat": "42.362598", + "ip.geoip.dst_lon": "-71.084297", + "ip.geoip.lon": "-71.084297" + } + }, + "tcp": { + "tcp.srcport": "54164", + "tcp.dstport": "443", + "tcp.port": "54164", + "tcp.port": "443", + "tcp.stream": "211", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000dfc5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:19.268307000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495199.268307000", + "frame.time_delta": "0.003219000", + "frame.time_delta_displayed": "0.003219000", + "frame.time_relative": "1607.807621000", + "frame.number": "5814", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "56", + "ip.proto": "6", + "ip.checksum": "0x00009f53", + "ip.checksum.status": "2", + "ip.src": "173.223.52.73", + "ip.addr": "173.223.52.73", + "ip.src_host": "173.223.52.73", + "ip.host": "173.223.52.73", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS20940 Akamai International B.V.", + "ip.geoip.asnum": "AS20940 Akamai International B.V.", + "ip.geoip.src_city": "Cambridge, MA", + "ip.geoip.city": "Cambridge, MA", + "ip.geoip.src_lat": "42.362598", + "ip.geoip.lat": "42.362598", + "ip.geoip.src_lon": "-71.084297", + "ip.geoip.lon": "-71.084297" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54164", + "tcp.port": "443", + "tcp.port": "54164", + "tcp.stream": "211", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000a9f4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:05", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 5 (multiply by 32)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "5", + "tcp.options.wscale.multiplier": "32" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5813", + "tcp.analysis.ack_rtt": "0.003219000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:19.268800000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495199.268800000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "1607.808114000", + "frame.number": "5815", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cd1a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ca44", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "173.223.52.73", + "ip.addr": "173.223.52.73", + "ip.dst_host": "173.223.52.73", + "ip.host": "173.223.52.73", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", + "ip.geoip.asnum": "AS20940 Akamai International B.V.", + "ip.geoip.dst_city": "Cambridge, MA", + "ip.geoip.city": "Cambridge, MA", + "ip.geoip.dst_lat": "42.362598", + "ip.geoip.lat": "42.362598", + "ip.geoip.dst_lon": "-71.084297", + "ip.geoip.lon": "-71.084297" + } + }, + "tcp": { + "tcp.srcport": "54164", + "tcp.dstport": "443", + "tcp.port": "54164", + "tcp.port": "443", + "tcp.stream": "211", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004e93", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5814", + "tcp.analysis.ack_rtt": "0.000493000", + "tcp.analysis.initial_rtt": "0.003712000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:19.268812000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495199.268812000", + "frame.time_delta": "0.000012000", + "frame.time_delta_displayed": "0.000012000", + "frame.time_relative": "1607.808126000", + "frame.number": "5816", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cd1b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ca43", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "173.223.52.73", + "ip.addr": "173.223.52.73", + "ip.dst_host": "173.223.52.73", + "ip.host": "173.223.52.73", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", + "ip.geoip.asnum": "AS20940 Akamai International B.V.", + "ip.geoip.dst_city": "Cambridge, MA", + "ip.geoip.city": "Cambridge, MA", + "ip.geoip.dst_lat": "42.362598", + "ip.geoip.lat": "42.362598", + "ip.geoip.dst_lon": "-71.084297", + "ip.geoip.lon": "-71.084297" + } + }, + "tcp": { + "tcp.srcport": "54164", + "tcp.dstport": "443", + "tcp.port": "54164", + "tcp.port": "443", + "tcp.stream": "211", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004e92", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:19.270536000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495199.270536000", + "frame.time_delta": "0.001724000", + "frame.time_delta_displayed": "0.001724000", + "frame.time_relative": "1607.809850000", + "frame.number": "5817", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "56", + "ip.proto": "6", + "ip.checksum": "0x00009f53", + "ip.checksum.status": "2", + "ip.src": "173.223.52.73", + "ip.addr": "173.223.52.73", + "ip.src_host": "173.223.52.73", + "ip.host": "173.223.52.73", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS20940 Akamai International B.V.", + "ip.geoip.asnum": "AS20940 Akamai International B.V.", + "ip.geoip.src_city": "Cambridge, MA", + "ip.geoip.city": "Cambridge, MA", + "ip.geoip.src_lat": "42.362598", + "ip.geoip.lat": "42.362598", + "ip.geoip.src_lon": "-71.084297", + "ip.geoip.lon": "-71.084297" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54164", + "tcp.port": "443", + "tcp.port": "54164", + "tcp.stream": "211", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000a9f4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:05", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 5 (multiply by 32)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "5", + "tcp.options.wscale.multiplier": "32" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003712000", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:19.270990000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495199.270990000", + "frame.time_delta": "0.000454000", + "frame.time_delta_displayed": "0.000454000", + "frame.time_relative": "1607.810304000", + "frame.number": "5818", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cd1c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ca42", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "173.223.52.73", + "ip.addr": "173.223.52.73", + "ip.dst_host": "173.223.52.73", + "ip.host": "173.223.52.73", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", + "ip.geoip.asnum": "AS20940 Akamai International B.V.", + "ip.geoip.dst_city": "Cambridge, MA", + "ip.geoip.city": "Cambridge, MA", + "ip.geoip.dst_lat": "42.362598", + "ip.geoip.lat": "42.362598", + "ip.geoip.dst_lon": "-71.084297", + "ip.geoip.lon": "-71.084297" + } + }, + "tcp": { + "tcp.srcport": "54164", + "tcp.dstport": "443", + "tcp.port": "54164", + "tcp.port": "443", + "tcp.stream": "211", + "tcp.len": "0", + "tcp.seq": "2", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004e92", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5817", + "tcp.analysis.ack_rtt": "0.000454000", + "tcp.analysis.initial_rtt": "0.003712000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "5815", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:19.272027000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495199.272027000", + "frame.time_delta": "0.001037000", + "frame.time_delta_displayed": "0.001037000", + "frame.time_relative": "1607.811341000", + "frame.number": "5819", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cc6d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "56", + "ip.proto": "6", + "ip.checksum": "0x0000d2f1", + "ip.checksum.status": "2", + "ip.src": "173.223.52.73", + "ip.addr": "173.223.52.73", + "ip.src_host": "173.223.52.73", + "ip.host": "173.223.52.73", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS20940 Akamai International B.V.", + "ip.geoip.asnum": "AS20940 Akamai International B.V.", + "ip.geoip.src_city": "Cambridge, MA", + "ip.geoip.city": "Cambridge, MA", + "ip.geoip.src_lat": "42.362598", + "ip.geoip.lat": "42.362598", + "ip.geoip.src_lon": "-71.084297", + "ip.geoip.lon": "-71.084297" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54164", + "tcp.port": "443", + "tcp.port": "54164", + "tcp.stream": "211", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "2", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "913", + "tcp.window_size": "29216", + "tcp.window_size_scalefactor": "32", + "tcp.checksum": "0x00005942", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5816", + "tcp.analysis.ack_rtt": "0.003215000", + "tcp.analysis.initial_rtt": "0.003712000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:19.272459000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495199.272459000", + "frame.time_delta": "0.000432000", + "frame.time_delta_displayed": "0.000432000", + "frame.time_relative": "1607.811773000", + "frame.number": "5820", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cd1d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ca41", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "173.223.52.73", + "ip.addr": "173.223.52.73", + "ip.dst_host": "173.223.52.73", + "ip.host": "173.223.52.73", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", + "ip.geoip.asnum": "AS20940 Akamai International B.V.", + "ip.geoip.dst_city": "Cambridge, MA", + "ip.geoip.city": "Cambridge, MA", + "ip.geoip.dst_lat": "42.362598", + "ip.geoip.lat": "42.362598", + "ip.geoip.dst_lon": "-71.084297", + "ip.geoip.lon": "-71.084297" + } + }, + "tcp": { + "tcp.srcport": "54164", + "tcp.dstport": "443", + "tcp.port": "54164", + "tcp.port": "443", + "tcp.stream": "211", + "tcp.len": "0", + "tcp.seq": "2", + "tcp.ack": "2", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004e91", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5819", + "tcp.analysis.ack_rtt": "0.000432000", + "tcp.analysis.initial_rtt": "0.003712000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:22.800196000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495202.800196000", + "frame.time_delta": "3.527737000", + "frame.time_delta_displayed": "3.527737000", + "frame.time_relative": "1611.339510000", + "frame.number": "5821", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:22.800612000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495202.800612000", + "frame.time_delta": "0.000416000", + "frame.time_delta_displayed": "0.000416000", + "frame.time_relative": "1611.339926000", + "frame.number": "5822", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:28.707060000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495208.707060000", + "frame.time_delta": "5.906448000", + "frame.time_delta_displayed": "5.906448000", + "frame.time_relative": "1617.246374000", + "frame.number": "5823", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009682", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076cc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "76048", + "tcp.nxtseq": "76097", + "tcp.ack": "17069", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cca4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:28:ae:a7:a1:08:61", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2566318, TSecr 2812348513": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2566318", + "tcp.options.timestamp.tsecr": "2812348513" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:22:d9:44:c7:25:5d:a0:f9:ec:09:bd:05:0b:67:8c:a0:05:ef:05:84:32:28:ab:19:82:0a:99:fd:8f:79:10:4c:42:af:9b:8d:4a" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:28.767713000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495208.767713000", + "frame.time_delta": "0.060653000", + "frame.time_delta_displayed": "0.060653000", + "frame.time_relative": "1617.307027000", + "frame.number": "5824", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002d7c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037cc", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "17069", + "tcp.nxtseq": "17124", + "tcp.ack": "76097", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001596", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:26:bc:00:27:28:ae", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812356284, TSecr 2566318": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812356284", + "tcp.options.timestamp.tsecr": "2566318" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5823", + "tcp.analysis.ack_rtt": "0.060653000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:b9:0f:41:d9:54:0e:e3:38:28:a0:70:a9:77:d8:69:71:c2:76:31:7d:ec:67:5f:62:54:df:57:93:9a:13:e7:e4:f2:00:3d:4b:45:0f:63:be:93:91:d8" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:28.768209000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495208.768209000", + "frame.time_delta": "0.000496000", + "frame.time_delta_displayed": "0.000496000", + "frame.time_relative": "1617.307523000", + "frame.number": "5825", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009683", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076fc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "76097", + "tcp.ack": "17124", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ec03", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:28:b4:a7:a1:26:bc", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2566324, TSecr 2812356284": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2566324", + "tcp.options.timestamp.tsecr": "2812356284" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5824", + "tcp.analysis.ack_rtt": "0.000496000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:28.898770000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495208.898770000", + "frame.time_delta": "0.130561000", + "frame.time_delta_displayed": "0.130561000", + "frame.time_relative": "1617.438084000", + "frame.number": "5826", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:29.458859000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495209.458859000", + "frame.time_delta": "0.560089000", + "frame.time_delta_displayed": "0.560089000", + "frame.time_relative": "1617.998173000", + "frame.number": "5827", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00003918", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000a041", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:30.431433000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495210.431433000", + "frame.time_delta": "0.972574000", + "frame.time_delta_displayed": "0.972574000", + "frame.time_relative": "1618.970747000", + "frame.number": "5828", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x0000210f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e735", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52117", + "udp.dstport": "1900", + "udp.port": "52117", + "udp.port": "1900", + "udp.length": "134", + "udp.checksum": "0x00004d48", + "udp.checksum.status": "2", + "udp.stream": "10" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "14", + "http.prev_request_in": "5197" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:30.901288000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495210.901288000", + "frame.time_delta": "0.469855000", + "frame.time_delta_displayed": "0.469855000", + "frame.time_relative": "1619.440602000", + "frame.number": "5829", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002028", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009723", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "79", + "http.prev_response_in": "5259" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:30.909220000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495210.909220000", + "frame.time_delta": "0.007932000", + "frame.time_delta_displayed": "0.007932000", + "frame.time_relative": "1619.448534000", + "frame.number": "5830", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001b81", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ce6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54695", + "tcp.dstport": "80", + "tcp.port": "54695", + "tcp.port": "80", + "tcp.stream": "212", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000021ad", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:30.909760000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495210.909760000", + "frame.time_delta": "0.000540000", + "frame.time_delta_displayed": "0.000540000", + "frame.time_relative": "1619.449074000", + "frame.number": "5831", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54695", + "tcp.port": "80", + "tcp.port": "54695", + "tcp.stream": "212", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000270c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5830", + "tcp.analysis.ack_rtt": "0.000540000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:30.988991000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495210.988991000", + "frame.time_delta": "0.079231000", + "frame.time_delta_displayed": "0.079231000", + "frame.time_relative": "1619.528305000", + "frame.number": "5832", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b82", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cf1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54695", + "tcp.dstport": "80", + "tcp.port": "54695", + "tcp.port": "80", + "tcp.stream": "212", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d8ea", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5831", + "tcp.analysis.ack_rtt": "0.079231000", + "tcp.analysis.initial_rtt": "0.079771000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:30.989036000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495210.989036000", + "frame.time_delta": "0.000045000", + "frame.time_delta_displayed": "0.000045000", + "frame.time_relative": "1619.528350000", + "frame.number": "5833", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001b83", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c49", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54695", + "tcp.dstport": "80", + "tcp.port": "54695", + "tcp.port": "80", + "tcp.stream": "212", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ee63", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.079771000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:30.988925000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495210.988925000", + "frame.time_delta": "-0.000111000", + "frame.time_delta_displayed": "-0.000111000", + "frame.time_relative": "1619.528239000", + "frame.number": "5834", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000202c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009716", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "80", + "http.prev_response_in": "5829" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:30.989555000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495210.989555000", + "frame.time_delta": "0.000630000", + "frame.time_delta_displayed": "0.000630000", + "frame.time_relative": "1619.528869000", + "frame.number": "5835", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000004a7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b3cc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54695", + "tcp.port": "80", + "tcp.port": "54695", + "tcp.stream": "212", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ca7b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5833", + "tcp.analysis.ack_rtt": "0.000519000", + "tcp.analysis.initial_rtt": "0.079771000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:30.990308000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495210.990308000", + "frame.time_delta": "0.000753000", + "frame.time_delta_displayed": "0.000753000", + "frame.time_relative": "1619.529622000", + "frame.number": "5836", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000004a8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b3ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54695", + "tcp.port": "80", + "tcp.port": "54695", + "tcp.stream": "212", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000a9d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.079771000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:30.990666000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495210.990666000", + "frame.time_delta": "0.000358000", + "frame.time_delta_displayed": "0.000358000", + "frame.time_relative": "1619.529980000", + "frame.number": "5837", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000004a9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000afe7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54695", + "tcp.port": "80", + "tcp.port": "54695", + "tcp.stream": "212", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005d06", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.079771000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "5836", + "tcp.segment": "5837", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001630000", + "http.request_in": "5833", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:30.993119000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495210.993119000", + "frame.time_delta": "0.002453000", + "frame.time_delta_displayed": "0.002453000", + "frame.time_relative": "1619.532433000", + "frame.number": "5838", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001b84", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ce3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54696", + "tcp.dstport": "80", + "tcp.port": "54696", + "tcp.port": "80", + "tcp.stream": "213", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000080df", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:30.993619000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495210.993619000", + "frame.time_delta": "0.000500000", + "frame.time_delta_displayed": "0.000500000", + "frame.time_relative": "1619.532933000", + "frame.number": "5839", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54696", + "tcp.port": "80", + "tcp.port": "54696", + "tcp.stream": "213", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00001f1c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5838", + "tcp.analysis.ack_rtt": "0.000500000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:30.993781000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495210.993781000", + "frame.time_delta": "0.000162000", + "frame.time_delta_displayed": "0.000162000", + "frame.time_relative": "1619.533095000", + "frame.number": "5840", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b85", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54695", + "tcp.dstport": "80", + "tcp.port": "54695", + "tcp.port": "80", + "tcp.stream": "212", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d452", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5837", + "tcp.analysis.ack_rtt": "0.003115000", + "tcp.analysis.initial_rtt": "0.079771000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:30.995545000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495210.995545000", + "frame.time_delta": "0.001764000", + "frame.time_delta_displayed": "0.001764000", + "frame.time_relative": "1619.534859000", + "frame.number": "5841", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b86", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ced", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54695", + "tcp.dstport": "80", + "tcp.port": "54695", + "tcp.port": "80", + "tcp.stream": "212", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d451", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:30.995959000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495210.995959000", + "frame.time_delta": "0.000414000", + "frame.time_delta_displayed": "0.000414000", + "frame.time_relative": "1619.535273000", + "frame.number": "5842", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000587", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b2ec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54695", + "tcp.port": "80", + "tcp.port": "54695", + "tcp.stream": "212", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c685", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5841", + "tcp.analysis.ack_rtt": "0.000414000", + "tcp.analysis.initial_rtt": "0.079771000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:30.996103000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495210.996103000", + "frame.time_delta": "0.000144000", + "frame.time_delta_displayed": "0.000144000", + "frame.time_relative": "1619.535417000", + "frame.number": "5843", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b87", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54696", + "tcp.dstport": "80", + "tcp.port": "54696", + "tcp.port": "80", + "tcp.stream": "213", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d0fa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5839", + "tcp.analysis.ack_rtt": "0.002484000", + "tcp.analysis.initial_rtt": "0.002984000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:30.996723000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495210.996723000", + "frame.time_delta": "0.000620000", + "frame.time_delta_displayed": "0.000620000", + "frame.time_relative": "1619.536037000", + "frame.number": "5844", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001b88", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c44", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54696", + "tcp.dstport": "80", + "tcp.port": "54696", + "tcp.port": "80", + "tcp.stream": "213", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e673", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002984000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:30.997122000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495210.997122000", + "frame.time_delta": "0.000399000", + "frame.time_delta_displayed": "0.000399000", + "frame.time_relative": "1619.536436000", + "frame.number": "5845", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007de8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003a8b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54696", + "tcp.port": "80", + "tcp.port": "54696", + "tcp.stream": "213", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c28b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5844", + "tcp.analysis.ack_rtt": "0.000399000", + "tcp.analysis.initial_rtt": "0.002984000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.012199000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.012199000", + "frame.time_delta": "0.015077000", + "frame.time_delta_displayed": "0.015077000", + "frame.time_relative": "1619.551513000", + "frame.number": "5846", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000202d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000971b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "81", + "http.prev_response_in": "5834" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.013148000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.013148000", + "frame.time_delta": "0.000949000", + "frame.time_delta_displayed": "0.000949000", + "frame.time_relative": "1619.552462000", + "frame.number": "5847", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00007de9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003a79", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54696", + "tcp.port": "80", + "tcp.port": "54696", + "tcp.stream": "213", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000002ad", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002984000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.013510000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.013510000", + "frame.time_delta": "0.000362000", + "frame.time_delta_displayed": "0.000362000", + "frame.time_relative": "1619.552824000", + "frame.number": "5848", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00007dea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000036a6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54696", + "tcp.port": "80", + "tcp.port": "54696", + "tcp.stream": "213", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005516", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002984000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "5847", + "tcp.segment": "5848", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.016787000", + "http.request_in": "5844", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.015485000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.015485000", + "frame.time_delta": "0.001975000", + "frame.time_delta_displayed": "0.001975000", + "frame.time_relative": "1619.554799000", + "frame.number": "5849", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001b89", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cde", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54697", + "tcp.dstport": "80", + "tcp.port": "54697", + "tcp.port": "80", + "tcp.stream": "214", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000be80", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.016021000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.016021000", + "frame.time_delta": "0.000536000", + "frame.time_delta_displayed": "0.000536000", + "frame.time_relative": "1619.555335000", + "frame.number": "5850", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54697", + "tcp.port": "80", + "tcp.port": "54697", + "tcp.stream": "214", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00006580", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5849", + "tcp.analysis.ack_rtt": "0.000536000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.018088000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.018088000", + "frame.time_delta": "0.002067000", + "frame.time_delta_displayed": "0.002067000", + "frame.time_relative": "1619.557402000", + "frame.number": "5851", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b8a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ce9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54696", + "tcp.dstport": "80", + "tcp.port": "54696", + "tcp.port": "80", + "tcp.stream": "213", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000cc62", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5848", + "tcp.analysis.ack_rtt": "0.004578000", + "tcp.analysis.initial_rtt": "0.002984000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.018726000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.018726000", + "frame.time_delta": "0.000638000", + "frame.time_delta_displayed": "0.000638000", + "frame.time_relative": "1619.558040000", + "frame.number": "5852", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b8b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ce8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54696", + "tcp.dstport": "80", + "tcp.port": "54696", + "tcp.port": "80", + "tcp.stream": "213", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000cc61", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.019137000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.019137000", + "frame.time_delta": "0.000411000", + "frame.time_delta_displayed": "0.000411000", + "frame.time_relative": "1619.558451000", + "frame.number": "5853", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000589", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b2ea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54696", + "tcp.port": "80", + "tcp.port": "54696", + "tcp.stream": "213", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000be95", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5852", + "tcp.analysis.ack_rtt": "0.000411000", + "tcp.analysis.initial_rtt": "0.002984000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.019358000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.019358000", + "frame.time_delta": "0.000221000", + "frame.time_delta_displayed": "0.000221000", + "frame.time_relative": "1619.558672000", + "frame.number": "5854", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b8c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ce7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54697", + "tcp.dstport": "80", + "tcp.port": "54697", + "tcp.port": "80", + "tcp.stream": "214", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000175f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5850", + "tcp.analysis.ack_rtt": "0.003337000", + "tcp.analysis.initial_rtt": "0.003873000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.019949000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.019949000", + "frame.time_delta": "0.000591000", + "frame.time_delta_displayed": "0.000591000", + "frame.time_relative": "1619.559263000", + "frame.number": "5855", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001b8d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c3f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54697", + "tcp.dstport": "80", + "tcp.port": "54697", + "tcp.port": "80", + "tcp.stream": "214", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002cd8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003873000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.020368000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.020368000", + "frame.time_delta": "0.000419000", + "frame.time_delta_displayed": "0.000419000", + "frame.time_relative": "1619.559682000", + "frame.number": "5856", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f33f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c533", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54697", + "tcp.port": "80", + "tcp.port": "54697", + "tcp.stream": "214", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000008f0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5855", + "tcp.analysis.ack_rtt": "0.000419000", + "tcp.analysis.initial_rtt": "0.003873000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.024286000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.024286000", + "frame.time_delta": "0.003918000", + "frame.time_delta_displayed": "0.003918000", + "frame.time_relative": "1619.563600000", + "frame.number": "5857", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000f340", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c521", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54697", + "tcp.port": "80", + "tcp.port": "54697", + "tcp.stream": "214", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004911", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003873000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.024647000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.024647000", + "frame.time_delta": "0.000361000", + "frame.time_delta_displayed": "0.000361000", + "frame.time_relative": "1619.563961000", + "frame.number": "5858", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000f341", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c14e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54697", + "tcp.port": "80", + "tcp.port": "54697", + "tcp.stream": "214", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009b7a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003873000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "5857", + "tcp.segment": "5858", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.004698000", + "http.request_in": "5855", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.027976000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.027976000", + "frame.time_delta": "0.003329000", + "frame.time_delta_displayed": "0.003329000", + "frame.time_relative": "1619.567290000", + "frame.number": "5859", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b8e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ce5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54697", + "tcp.dstport": "80", + "tcp.port": "54697", + "tcp.port": "80", + "tcp.stream": "214", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000012c7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5858", + "tcp.analysis.ack_rtt": "0.003329000", + "tcp.analysis.initial_rtt": "0.003873000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.028601000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.028601000", + "frame.time_delta": "0.000625000", + "frame.time_delta_displayed": "0.000625000", + "frame.time_relative": "1619.567915000", + "frame.number": "5860", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b8f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ce4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54697", + "tcp.dstport": "80", + "tcp.port": "54697", + "tcp.port": "80", + "tcp.stream": "214", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000012c6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.029049000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.029049000", + "frame.time_delta": "0.000448000", + "frame.time_delta_displayed": "0.000448000", + "frame.time_relative": "1619.568363000", + "frame.number": "5861", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000058a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b2e9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54697", + "tcp.port": "80", + "tcp.port": "54697", + "tcp.stream": "214", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000004fa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5860", + "tcp.analysis.ack_rtt": "0.000448000", + "tcp.analysis.initial_rtt": "0.003873000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.955885000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.955885000", + "frame.time_delta": "0.926836000", + "frame.time_delta_displayed": "0.926836000", + "frame.time_relative": "1620.495199000", + "frame.number": "5862", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002036", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009715", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "82", + "http.prev_response_in": "5846" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.959438000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.959438000", + "frame.time_delta": "0.003553000", + "frame.time_delta_displayed": "0.003553000", + "frame.time_relative": "1620.498752000", + "frame.number": "5863", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001b90", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cd7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54698", + "tcp.dstport": "80", + "tcp.port": "54698", + "tcp.port": "80", + "tcp.stream": "215", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000074da", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.959990000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.959990000", + "frame.time_delta": "0.000552000", + "frame.time_delta_displayed": "0.000552000", + "frame.time_relative": "1620.499304000", + "frame.number": "5864", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54698", + "tcp.port": "80", + "tcp.port": "54698", + "tcp.stream": "215", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000d924", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5863", + "tcp.analysis.ack_rtt": "0.000552000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.962966000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.962966000", + "frame.time_delta": "0.002976000", + "frame.time_delta_displayed": "0.002976000", + "frame.time_relative": "1620.502280000", + "frame.number": "5865", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b91", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ce2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54698", + "tcp.dstport": "80", + "tcp.port": "54698", + "tcp.port": "80", + "tcp.stream": "215", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008b03", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5864", + "tcp.analysis.ack_rtt": "0.002976000", + "tcp.analysis.initial_rtt": "0.003528000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.963613000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.963613000", + "frame.time_delta": "0.000647000", + "frame.time_delta_displayed": "0.000647000", + "frame.time_relative": "1620.502927000", + "frame.number": "5866", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001b92", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c3a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54698", + "tcp.dstport": "80", + "tcp.port": "54698", + "tcp.port": "80", + "tcp.stream": "215", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a07c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003528000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.964100000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.964100000", + "frame.time_delta": "0.000487000", + "frame.time_delta_displayed": "0.000487000", + "frame.time_relative": "1620.503414000", + "frame.number": "5867", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007660", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004213", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54698", + "tcp.port": "80", + "tcp.port": "54698", + "tcp.stream": "215", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007c94", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5866", + "tcp.analysis.ack_rtt": "0.000487000", + "tcp.analysis.initial_rtt": "0.003528000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.964665000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.964665000", + "frame.time_delta": "0.000565000", + "frame.time_delta_displayed": "0.000565000", + "frame.time_relative": "1620.503979000", + "frame.number": "5868", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00007661", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004201", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54698", + "tcp.port": "80", + "tcp.port": "54698", + "tcp.stream": "215", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bcb5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003528000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.965015000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.965015000", + "frame.time_delta": "0.000350000", + "frame.time_delta_displayed": "0.000350000", + "frame.time_relative": "1620.504329000", + "frame.number": "5869", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00007662", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003e2e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54698", + "tcp.port": "80", + "tcp.port": "54698", + "tcp.stream": "215", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000f1f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003528000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "5868", + "tcp.segment": "5869", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001402000", + "http.request_in": "5866", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.967727000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.967727000", + "frame.time_delta": "0.002712000", + "frame.time_delta_displayed": "0.002712000", + "frame.time_relative": "1620.507041000", + "frame.number": "5870", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b93", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ce0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54698", + "tcp.dstport": "80", + "tcp.port": "54698", + "tcp.port": "80", + "tcp.stream": "215", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000866b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5869", + "tcp.analysis.ack_rtt": "0.002712000", + "tcp.analysis.initial_rtt": "0.003528000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.968313000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.968313000", + "frame.time_delta": "0.000586000", + "frame.time_delta_displayed": "0.000586000", + "frame.time_relative": "1620.507627000", + "frame.number": "5871", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b94", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cdf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54698", + "tcp.dstport": "80", + "tcp.port": "54698", + "tcp.port": "80", + "tcp.stream": "215", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000866a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:31.968757000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495211.968757000", + "frame.time_delta": "0.000444000", + "frame.time_delta_displayed": "0.000444000", + "frame.time_relative": "1620.508071000", + "frame.number": "5872", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000005c0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b2b3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54698", + "tcp.port": "80", + "tcp.port": "54698", + "tcp.stream": "215", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000789e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5871", + "tcp.analysis.ack_rtt": "0.000444000", + "tcp.analysis.initial_rtt": "0.003528000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:32.008619000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495212.008619000", + "frame.time_delta": "0.039862000", + "frame.time_delta_displayed": "0.039862000", + "frame.time_relative": "1620.547933000", + "frame.number": "5873", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002037", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000970b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "83", + "http.prev_response_in": "5862" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:32.015938000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495212.015938000", + "frame.time_delta": "0.007319000", + "frame.time_delta_displayed": "0.007319000", + "frame.time_relative": "1620.555252000", + "frame.number": "5874", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001b95", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cd2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54699", + "tcp.dstport": "80", + "tcp.port": "54699", + "tcp.port": "80", + "tcp.stream": "216", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000e141", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:32.016505000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495212.016505000", + "frame.time_delta": "0.000567000", + "frame.time_delta_displayed": "0.000567000", + "frame.time_relative": "1620.555819000", + "frame.number": "5875", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54699", + "tcp.port": "80", + "tcp.port": "54699", + "tcp.stream": "216", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000011e4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5874", + "tcp.analysis.ack_rtt": "0.000567000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:32.018840000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495212.018840000", + "frame.time_delta": "0.002335000", + "frame.time_delta_displayed": "0.002335000", + "frame.time_relative": "1620.558154000", + "frame.number": "5876", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b96", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cdd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54699", + "tcp.dstport": "80", + "tcp.port": "54699", + "tcp.port": "80", + "tcp.stream": "216", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c3c2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5875", + "tcp.analysis.ack_rtt": "0.002335000", + "tcp.analysis.initial_rtt": "0.002902000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:32.019415000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495212.019415000", + "frame.time_delta": "0.000575000", + "frame.time_delta_displayed": "0.000575000", + "frame.time_relative": "1620.558729000", + "frame.number": "5877", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001b97", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c35", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54699", + "tcp.dstport": "80", + "tcp.port": "54699", + "tcp.port": "80", + "tcp.stream": "216", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d93b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002902000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:32.019911000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495212.019911000", + "frame.time_delta": "0.000496000", + "frame.time_delta_displayed": "0.000496000", + "frame.time_relative": "1620.559225000", + "frame.number": "5878", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005033", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006840", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54699", + "tcp.port": "80", + "tcp.port": "54699", + "tcp.stream": "216", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b553", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5877", + "tcp.analysis.ack_rtt": "0.000496000", + "tcp.analysis.initial_rtt": "0.002902000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:32.020476000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495212.020476000", + "frame.time_delta": "0.000565000", + "frame.time_delta_displayed": "0.000565000", + "frame.time_relative": "1620.559790000", + "frame.number": "5879", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00005034", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000682e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54699", + "tcp.port": "80", + "tcp.port": "54699", + "tcp.stream": "216", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f574", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002902000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:32.020913000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495212.020913000", + "frame.time_delta": "0.000437000", + "frame.time_delta_displayed": "0.000437000", + "frame.time_relative": "1620.560227000", + "frame.number": "5880", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00005035", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000645b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54699", + "tcp.port": "80", + "tcp.port": "54699", + "tcp.stream": "216", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000047de", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002902000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "5879", + "tcp.segment": "5880", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001498000", + "http.request_in": "5877", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:32.023877000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495212.023877000", + "frame.time_delta": "0.002964000", + "frame.time_delta_displayed": "0.002964000", + "frame.time_relative": "1620.563191000", + "frame.number": "5881", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b98", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cdb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54699", + "tcp.dstport": "80", + "tcp.port": "54699", + "tcp.port": "80", + "tcp.stream": "216", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bf2a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5880", + "tcp.analysis.ack_rtt": "0.002964000", + "tcp.analysis.initial_rtt": "0.002902000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:32.024512000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495212.024512000", + "frame.time_delta": "0.000635000", + "frame.time_delta_displayed": "0.000635000", + "frame.time_relative": "1620.563826000", + "frame.number": "5882", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b99", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cda", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54699", + "tcp.dstport": "80", + "tcp.port": "54699", + "tcp.port": "80", + "tcp.stream": "216", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bf29", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:32.024963000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495212.024963000", + "frame.time_delta": "0.000451000", + "frame.time_delta_displayed": "0.000451000", + "frame.time_relative": "1620.564277000", + "frame.number": "5883", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000005c6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b2ad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54699", + "tcp.port": "80", + "tcp.port": "54699", + "tcp.stream": "216", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b15d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5882", + "tcp.analysis.ack_rtt": "0.000451000", + "tcp.analysis.initial_rtt": "0.002902000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:32.061708000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495212.061708000", + "frame.time_delta": "0.036745000", + "frame.time_delta_displayed": "0.036745000", + "frame.time_relative": "1620.601022000", + "frame.number": "5884", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000203c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000970c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "84", + "http.prev_response_in": "5873" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:32.076071000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495212.076071000", + "frame.time_delta": "0.014363000", + "frame.time_delta_displayed": "0.014363000", + "frame.time_relative": "1620.615385000", + "frame.number": "5885", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001b9a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ccd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54700", + "tcp.dstport": "80", + "tcp.port": "54700", + "tcp.port": "80", + "tcp.stream": "217", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000017ea", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:32.076619000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495212.076619000", + "frame.time_delta": "0.000548000", + "frame.time_delta_displayed": "0.000548000", + "frame.time_relative": "1620.615933000", + "frame.number": "5886", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54700", + "tcp.port": "80", + "tcp.port": "54700", + "tcp.stream": "217", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000fa9d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5885", + "tcp.analysis.ack_rtt": "0.000548000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:32.079187000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495212.079187000", + "frame.time_delta": "0.002568000", + "frame.time_delta_displayed": "0.002568000", + "frame.time_relative": "1620.618501000", + "frame.number": "5887", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b9b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cd8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54700", + "tcp.dstport": "80", + "tcp.port": "54700", + "tcp.port": "80", + "tcp.stream": "217", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ac7c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5886", + "tcp.analysis.ack_rtt": "0.002568000", + "tcp.analysis.initial_rtt": "0.003116000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:32.079874000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495212.079874000", + "frame.time_delta": "0.000687000", + "frame.time_delta_displayed": "0.000687000", + "frame.time_relative": "1620.619188000", + "frame.number": "5888", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001b9c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c30", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54700", + "tcp.dstport": "80", + "tcp.port": "54700", + "tcp.port": "80", + "tcp.stream": "217", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c1f5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003116000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:32.080389000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495212.080389000", + "frame.time_delta": "0.000515000", + "frame.time_delta_displayed": "0.000515000", + "frame.time_relative": "1620.619703000", + "frame.number": "5889", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000eed9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c999", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54700", + "tcp.port": "80", + "tcp.port": "54700", + "tcp.stream": "217", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009e0d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5888", + "tcp.analysis.ack_rtt": "0.000515000", + "tcp.analysis.initial_rtt": "0.003116000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:32.080954000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495212.080954000", + "frame.time_delta": "0.000565000", + "frame.time_delta_displayed": "0.000565000", + "frame.time_relative": "1620.620268000", + "frame.number": "5890", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000eeda", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c987", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54700", + "tcp.port": "80", + "tcp.port": "54700", + "tcp.stream": "217", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000de2e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003116000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:32.081353000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495212.081353000", + "frame.time_delta": "0.000399000", + "frame.time_delta_displayed": "0.000399000", + "frame.time_relative": "1620.620667000", + "frame.number": "5891", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000eedb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c5b4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54700", + "tcp.port": "80", + "tcp.port": "54700", + "tcp.stream": "217", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003098", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003116000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "5890", + "tcp.segment": "5891", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001479000", + "http.request_in": "5888", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:32.084316000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495212.084316000", + "frame.time_delta": "0.002963000", + "frame.time_delta_displayed": "0.002963000", + "frame.time_relative": "1620.623630000", + "frame.number": "5892", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b9d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cd6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54700", + "tcp.dstport": "80", + "tcp.port": "54700", + "tcp.port": "80", + "tcp.stream": "217", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a7e4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5891", + "tcp.analysis.ack_rtt": "0.002963000", + "tcp.analysis.initial_rtt": "0.003116000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:32.084999000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495212.084999000", + "frame.time_delta": "0.000683000", + "frame.time_delta_displayed": "0.000683000", + "frame.time_relative": "1620.624313000", + "frame.number": "5893", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b9e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cd5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54700", + "tcp.dstport": "80", + "tcp.port": "54700", + "tcp.port": "80", + "tcp.stream": "217", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a7e3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:32.085467000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495212.085467000", + "frame.time_delta": "0.000468000", + "frame.time_delta_displayed": "0.000468000", + "frame.time_relative": "1620.624781000", + "frame.number": "5894", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000005c8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b2ab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54700", + "tcp.port": "80", + "tcp.port": "54700", + "tcp.stream": "217", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009a17", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5893", + "tcp.analysis.ack_rtt": "0.000468000", + "tcp.analysis.initial_rtt": "0.003116000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:34.929010000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495214.929010000", + "frame.time_delta": "2.843543000", + "frame.time_delta_displayed": "2.843543000", + "frame.time_relative": "1623.468324000", + "frame.number": "5895", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005819", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a678", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5037", + "tcp.ack": "577", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f0d2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:35.147451000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495215.147451000", + "frame.time_delta": "0.218441000", + "frame.time_delta_displayed": "0.218441000", + "frame.time_relative": "1623.686765000", + "frame.number": "5896", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd91", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "577", + "tcp.ack": "5038", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fb47", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:35.705366000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495215.705366000", + "frame.time_delta": "0.557915000", + "frame.time_delta_displayed": "0.557915000", + "frame.time_relative": "1624.244680000", + "frame.number": "5897", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:36.644556000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495216.644556000", + "frame.time_delta": "0.939190000", + "frame.time_delta_displayed": "0.939190000", + "frame.time_relative": "1625.183870000", + "frame.number": "5898", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005e0f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x000059da", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:36.678136000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495216.678136000", + "frame.time_delta": "0.033580000", + "frame.time_delta_displayed": "0.033580000", + "frame.time_relative": "1625.217450000", + "frame.number": "5899", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002110", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e704", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "61381", + "udp.dstport": "1900", + "udp.port": "61381", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00005a98", + "udp.checksum.status": "2", + "udp.stream": "133" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:37.335080000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495217.335080000", + "frame.time_delta": "0.656944000", + "frame.time_delta_displayed": "0.656944000", + "frame.time_relative": "1625.874394000", + "frame.number": "5900", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000020b2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009699", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "305", + "udp.checksum": "0x0000d555", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:37.387888000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495217.387888000", + "frame.time_delta": "0.052808000", + "frame.time_delta_displayed": "0.052808000", + "frame.time_relative": "1625.927202000", + "frame.number": "5901", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000020b3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000968f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "314", + "udp.checksum": "0x0000e340", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "5900" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:37.440726000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495217.440726000", + "frame.time_delta": "0.052838000", + "frame.time_delta_displayed": "0.052838000", + "frame.time_relative": "1625.980040000", + "frame.number": "5902", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000020b9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000968f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "308", + "udp.checksum": "0x000006cb", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "5901" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:37.678733000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495217.678733000", + "frame.time_delta": "0.238007000", + "frame.time_delta_displayed": "0.238007000", + "frame.time_relative": "1626.218047000", + "frame.number": "5903", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002111", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e703", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "61381", + "udp.dstport": "1900", + "udp.port": "61381", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00005a98", + "udp.checksum.status": "2", + "udp.stream": "133" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "5899" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:38.387782000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495218.387782000", + "frame.time_delta": "0.709049000", + "frame.time_delta_displayed": "0.709049000", + "frame.time_relative": "1626.927096000", + "frame.number": "5904", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000210e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000963d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "305", + "udp.checksum": "0x0000d555", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "5902" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:38.440640000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495218.440640000", + "frame.time_delta": "0.052858000", + "frame.time_delta_displayed": "0.052858000", + "frame.time_relative": "1626.979954000", + "frame.number": "5905", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002113", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000962f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "314", + "udp.checksum": "0x0000e340", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "5904" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:38.493498000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495218.493498000", + "frame.time_delta": "0.052858000", + "frame.time_delta_displayed": "0.052858000", + "frame.time_relative": "1627.032812000", + "frame.number": "5906", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002114", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009634", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "308", + "udp.checksum": "0x000006cb", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "5905" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:38.680036000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495218.680036000", + "frame.time_delta": "0.186538000", + "frame.time_delta_displayed": "0.186538000", + "frame.time_relative": "1627.219350000", + "frame.number": "5907", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002112", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e702", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "61381", + "udp.dstport": "1900", + "udp.port": "61381", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00005a98", + "udp.checksum.status": "2", + "udp.stream": "133" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "5903" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:39.019584000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495219.019584000", + "frame.time_delta": "0.339548000", + "frame.time_delta_displayed": "0.339548000", + "frame.time_relative": "1627.558898000", + "frame.number": "5908", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000213f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000960c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "305", + "udp.checksum": "0x0000d555", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "5906" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:39.072440000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495219.072440000", + "frame.time_delta": "0.052856000", + "frame.time_delta_displayed": "0.052856000", + "frame.time_relative": "1627.611754000", + "frame.number": "5909", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002143", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000095ff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "314", + "udp.checksum": "0x0000e340", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "5908" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:39.125228000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495219.125228000", + "frame.time_delta": "0.052788000", + "frame.time_delta_displayed": "0.052788000", + "frame.time_relative": "1627.664542000", + "frame.number": "5910", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002147", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009601", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "308", + "udp.checksum": "0x000006cb", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "5909" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:39.680958000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495219.680958000", + "frame.time_delta": "0.555730000", + "frame.time_delta_displayed": "0.555730000", + "frame.time_relative": "1628.220272000", + "frame.number": "5911", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002113", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e701", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "61381", + "udp.dstport": "1900", + "udp.port": "61381", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00005a98", + "udp.checksum.status": "2", + "udp.stream": "133" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "5907" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:40.072170000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495220.072170000", + "frame.time_delta": "0.391212000", + "frame.time_delta_displayed": "0.391212000", + "frame.time_relative": "1628.611484000", + "frame.number": "5912", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000217e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000095cd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "305", + "udp.checksum": "0x0000d555", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "5910" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:40.124985000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495220.124985000", + "frame.time_delta": "0.052815000", + "frame.time_delta_displayed": "0.052815000", + "frame.time_relative": "1628.664299000", + "frame.number": "5913", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002180", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000095c2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "314", + "udp.checksum": "0x0000e340", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "5912" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:40.177747000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495220.177747000", + "frame.time_delta": "0.052762000", + "frame.time_delta_displayed": "0.052762000", + "frame.time_relative": "1628.717061000", + "frame.number": "5914", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002185", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000095c3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "308", + "udp.checksum": "0x000006cb", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "5913" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:40.203081000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495220.203081000", + "frame.time_delta": "0.025334000", + "frame.time_delta_displayed": "0.025334000", + "frame.time_relative": "1628.742395000", + "frame.number": "5915", + "frame.len": "98", + "frame.cap_len": "98", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "84", + "ip.id": "0x00000b92", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed1e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "64", + "udp.checksum": "0x000036db", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "38:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:c4:eb:49:89:e7:cd:f2:14:13:00:00:00:00:70:a6:c7:74:f0:da:13:00:00:00:00:00:00:00:00:01:00:02:00", + "data.len": "56" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:40.388208000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495220.388208000", + "frame.time_delta": "0.185127000", + "frame.time_delta_displayed": "0.185127000", + "frame.time_relative": "1628.927522000", + "frame.number": "5916", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002193", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000095b8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "305", + "udp.checksum": "0x0000d555", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "5914" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:40.440969000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495220.440969000", + "frame.time_delta": "0.052761000", + "frame.time_delta_displayed": "0.052761000", + "frame.time_relative": "1628.980283000", + "frame.number": "5917", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002199", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000095a9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "314", + "udp.checksum": "0x0000e340", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "5916" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:40.493787000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495220.493787000", + "frame.time_delta": "0.052818000", + "frame.time_delta_displayed": "0.052818000", + "frame.time_relative": "1629.033101000", + "frame.number": "5918", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000219a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000095ae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "308", + "udp.checksum": "0x000006cb", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "5917" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:40.591046000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495220.591046000", + "frame.time_delta": "0.097259000", + "frame.time_delta_displayed": "0.097259000", + "frame.time_relative": "1629.130360000", + "frame.number": "5919", + "frame.len": "728", + "frame.cap_len": "728", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "714", + "ip.id": "0x00009684", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007465", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "662", + "tcp.seq": "76097", + "tcp.nxtseq": "76759", + "tcp.ack": "17124", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005cb8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:2d:53:a7:a1:26:bc", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2567507, TSecr 2812356284": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2567507", + "tcp.options.timestamp.tsecr": "2812356284" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "662", + "tcp.analysis.push_bytes_sent": "662" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "657", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:23:15:d8:3f:fd:98:57:3f:52:2e:5c:30:2b:55:92:51:5f:ad:53:10:3b:ac:96:34:c3:a2:b1:b9:41:27:07:fc:c0:60:ce:ad:a8:bc:1b:8e:ae:a5:a2:55:56:73:d0:14:36:eb:3a:27:6f:9c:08:41:0a:20:cc:0f:dd:9b:d3:33:d2:62:3c:70:d4:a7:ff:82:78:5f:7c:61:f3:d9:6d:55:79:0b:69:3d:b0:56:fe:33:56:11:7b:1c:36:20:57:b3:1e:94:ce:6a:8f:fd:28:fd:f9:90:cd:31:76:93:6f:a4:f2:0b:95:07:7c:cc:f1:95:8c:7f:4e:5d:75:5d:d2:4f:2d:9a:6e:76:7c:e5:12:1d:13:35:47:30:0e:88:54:b7:74:33:3d:ad:29:35:3e:56:04:ea:8d:40:ca:92:74:28:c6:0d:d7:43:8e:5f:95:74:fd:11:ad:1c:43:82:0b:b9:d8:99:7e:6f:c8:ff:29:1b:6c:83:22:c6:9d:d9:3d:93:d2:b2:87:f9:06:e6:df:96:bb:58:1e:96:38:59:00:22:55:3f:2a:52:74:1c:70:08:f8:52:90:65:de:bf:b6:7d:cb:bf:00:9e:33:3e:2e:98:74:a4:ae:2a:4e:6a:ec:09:19:66:f0:e2:f3:2a:67:c8:09:14:ac:5f:fe:9e:f0:d6:fe:d0:62:c2:90:34:fe:e0:34:d7:c0:d9:36:13:f0:65:3e:94:b4:85:ab:e1:08:ae:fe:30:d2:b8:cf:d2:63:96:ea:d3:2a:59:8b:4a:8b:f2:72:4d:e6:76:82:45:d5:d3:96:f3:53:b3:68:32:9c:eb:a0:ba:3b:51:f5:29:5f:f7:b4:d8:9a:b8:65:47:d4:24:5c:d1:f4:26:94:8e:53:3a:02:15:6e:fd:30:e1:64:fb:e2:bd:f5:ab:be:68:d6:15:c1:89:4c:af:5d:ef:bf:fa:ab:bd:ce:65:79:94:73:49:00:9f:30:47:e8:97:6c:83:70:9a:2d:98:14:f5:95:fc:c7:9b:1a:93:b6:85:1b:d0:1f:96:26:82:85:b1:56:fe:85:e2:f8:e6:62:d7:0b:62:3c:2d:f6:20:ed:3d:01:7d:6a:34:f0:77:a5:d9:db:21:c9:38:0a:af:26:ae:14:f5:2d:cd:26:b8:b3:a3:e6:bd:b0:3c:96:ee:9e:70:3d:a3:6f:7b:d6:71:cb:0e:1c:6d:3f:23:65:4f:e8:ea:e1:d0:28:85:58:d8:ce:ab:eb:2e:33:23:67:38:7e:4d:57:9a:97:37:7e:35:50:f8:4c:7d:2b:4e:d9:1b:af:25:15:c3:84:65:76:3d:06:f2:a3:ba:17:f9:51:6b:9b:f0:3c:63:2d:e5:f2:00:6d:d6:74:64:aa:fd:72:bb:6d:af:ae:b5:47:8d:5f:21:84:fa:3f:e8:71:be:f7:91:c6:74:56:e3:ed:ee:24:0f:bb:5f:2f:9e:1f:78:62:ec:85:ac:92:f0:cd:97:8d:78:05:86:7e:c0:cc:95:e5:92:f6:28:a6:8a:01:2c:f1:b9:de:f7:16:2c:71:48:3e:9a:71:19:1a:98:cc:77:2c:e8:ec:ff:c0:14:89:de:95:87:66:39:94:b6:70:b7:5e:d7:39:2a:bf:59:7e:de:61:27:ce:3e:91:94:7c:10:6b:57:ef:b4:d4:38:86:2f:47:31:74:f1:86:36:19:c0:49:ac:c4:76:29:63:23:b4" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:40.652084000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495220.652084000", + "frame.time_delta": "0.061038000", + "frame.time_delta_displayed": "0.061038000", + "frame.time_relative": "1629.191398000", + "frame.number": "5920", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d7d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037d3", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "17124", + "tcp.nxtseq": "17171", + "tcp.ack": "76759", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004348", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:32:57:00:27:2d:53", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812359255, TSecr 2567507": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812359255", + "tcp.options.timestamp.tsecr": "2567507" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5919", + "tcp.analysis.ack_rtt": "0.061038000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:ba:af:2b:33:e7:e7:24:2f:00:38:83:b7:be:5a:0f:2a:2e:50:c2:2d:42:80:7d:36:05:02:08:47:e5:b8:79:a0:e8:9b:dd" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:40.652452000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495220.652452000", + "frame.time_delta": "0.000368000", + "frame.time_delta_displayed": "0.000368000", + "frame.time_relative": "1629.191766000", + "frame.number": "5921", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d7e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037d2", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "17171", + "tcp.nxtseq": "17218", + "tcp.ack": "76759", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ef1b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:32:57:00:27:2d:53", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812359255, TSecr 2567507": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812359255", + "tcp.options.timestamp.tsecr": "2567507" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "94", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:bb:de:6c:6f:3a:55:72:9a:d3:8f:fd:6f:3f:73:4d:d2:e4:54:b9:8b:52:7a:c7:77:ea:31:ed:98:25:b8:5b:15:52:f0:e3" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:40.652534000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495220.652534000", + "frame.time_delta": "0.000082000", + "frame.time_delta_displayed": "0.000082000", + "frame.time_relative": "1629.191848000", + "frame.number": "5922", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009685", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076fa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "76759", + "tcp.ack": "17171", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d8fe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:2d:59:a7:a1:32:57", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2567513, TSecr 2812359255": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2567513", + "tcp.options.timestamp.tsecr": "2812359255" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5920", + "tcp.analysis.ack_rtt": "0.000450000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:40.652827000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495220.652827000", + "frame.time_delta": "0.000293000", + "frame.time_delta_displayed": "0.000293000", + "frame.time_relative": "1629.192141000", + "frame.number": "5923", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009686", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076f9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "76759", + "tcp.ack": "17218", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d8cf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:2d:59:a7:a1:32:57", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2567513, TSecr 2812359255": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2567513", + "tcp.options.timestamp.tsecr": "2812359255" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5921", + "tcp.analysis.ack_rtt": "0.000375000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:41.440426000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495221.440426000", + "frame.time_delta": "0.787599000", + "frame.time_delta_displayed": "0.787599000", + "frame.time_relative": "1629.979740000", + "frame.number": "5924", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000021ea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009561", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "305", + "udp.checksum": "0x0000d555", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "5918" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:41.493162000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495221.493162000", + "frame.time_delta": "0.052736000", + "frame.time_delta_displayed": "0.052736000", + "frame.time_relative": "1630.032476000", + "frame.number": "5925", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000021ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009556", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "314", + "udp.checksum": "0x0000e340", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "5924" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:41.545977000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495221.545977000", + "frame.time_delta": "0.052815000", + "frame.time_delta_displayed": "0.052815000", + "frame.time_relative": "1630.085291000", + "frame.number": "5926", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000021ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000955a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "308", + "udp.checksum": "0x000006cb", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "5925" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:42.124753000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495222.124753000", + "frame.time_delta": "0.578776000", + "frame.time_delta_displayed": "0.578776000", + "frame.time_relative": "1630.664067000", + "frame.number": "5927", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000220c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000953f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "305", + "udp.checksum": "0x0000d555", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "5926" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:42.177518000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495222.177518000", + "frame.time_delta": "0.052765000", + "frame.time_delta_displayed": "0.052765000", + "frame.time_relative": "1630.716832000", + "frame.number": "5928", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000220f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009533", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "314", + "udp.checksum": "0x0000e340", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "5927" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:42.230538000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495222.230538000", + "frame.time_delta": "0.053020000", + "frame.time_delta_displayed": "0.053020000", + "frame.time_relative": "1630.769852000", + "frame.number": "5929", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002214", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009534", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "308", + "udp.checksum": "0x000006cb", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "5928" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:43.129651000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495223.129651000", + "frame.time_delta": "0.899113000", + "frame.time_delta_displayed": "0.899113000", + "frame.time_relative": "1631.668965000", + "frame.number": "5930", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000223f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000950c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "305", + "udp.checksum": "0x0000d555", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "5929" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:43.182426000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495223.182426000", + "frame.time_delta": "0.052775000", + "frame.time_delta_displayed": "0.052775000", + "frame.time_relative": "1631.721740000", + "frame.number": "5931", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00002240", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009502", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "314", + "udp.checksum": "0x0000e340", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "5930" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:43.235254000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495223.235254000", + "frame.time_delta": "0.052828000", + "frame.time_delta_displayed": "0.052828000", + "frame.time_relative": "1631.774568000", + "frame.number": "5932", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00002242", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009506", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "61381", + "udp.port": "1900", + "udp.port": "61381", + "udp.length": "308", + "udp.checksum": "0x000006cb", + "udp.checksum.status": "2", + "udp.stream": "134" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "5931" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:45.660395000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495225.660395000", + "frame.time_delta": "2.425141000", + "frame.time_delta_displayed": "2.425141000", + "frame.time_relative": "1634.199709000", + "frame.number": "5933", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:45.660831000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495225.660831000", + "frame.time_delta": "0.000436000", + "frame.time_delta_displayed": "0.000436000", + "frame.time_relative": "1634.200145000", + "frame.number": "5934", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:13:49.502801000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495229.502801000", + "frame.time_delta": "3.841970000", + "frame.time_delta_displayed": "3.841970000", + "frame.time_relative": "1638.042115000", + "frame.number": "5935", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x0000451a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000943f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:02.662910000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495242.662910000", + "frame.time_delta": "13.160109000", + "frame.time_delta_displayed": "13.160109000", + "frame.time_relative": "1651.202224000", + "frame.number": "5936", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f8d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b863", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001470", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000285", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=645", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:02.663272000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495242.663272000", + "frame.time_delta": "0.000362000", + "frame.time_delta_displayed": "0.000362000", + "frame.time_relative": "1651.202586000", + "frame.number": "5937", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f8e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000995e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f56b", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000285", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=645", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:02.664621000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495242.664621000", + "frame.time_delta": "0.001349000", + "frame.time_delta_displayed": "0.001349000", + "frame.time_relative": "1651.203935000", + "frame.number": "5938", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008331", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000285", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=645", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:03.161239000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495243.161239000", + "frame.time_delta": "0.496618000", + "frame.time_delta_displayed": "0.496618000", + "frame.time_relative": "1651.700553000", + "frame.number": "5939", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00002918", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000a03f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:03.214151000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495243.214151000", + "frame.time_delta": "0.052912000", + "frame.time_delta_displayed": "0.052912000", + "frame.time_relative": "1651.753465000", + "frame.number": "5940", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000291a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000a03d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:03.267020000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495243.267020000", + "frame.time_delta": "0.052869000", + "frame.time_delta_displayed": "0.052869000", + "frame.time_relative": "1651.806334000", + "frame.number": "5941", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000291d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000a031", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:03.320114000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495243.320114000", + "frame.time_delta": "0.053094000", + "frame.time_delta_displayed": "0.053094000", + "frame.time_relative": "1651.859428000", + "frame.number": "5942", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000291f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000a02f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:03.373038000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495243.373038000", + "frame.time_delta": "0.052924000", + "frame.time_delta_displayed": "0.052924000", + "frame.time_relative": "1651.912352000", + "frame.number": "5943", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00002920", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000a034", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:03.425867000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495243.425867000", + "frame.time_delta": "0.052829000", + "frame.time_delta_displayed": "0.052829000", + "frame.time_relative": "1651.965181000", + "frame.number": "5944", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00002923", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000a031", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:04.183576000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495244.183576000", + "frame.time_delta": "0.757709000", + "frame.time_delta_displayed": "0.757709000", + "frame.time_relative": "1652.722890000", + "frame.number": "5945", + "frame.len": "94", + "frame.cap_len": "94", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "80", + "ip.id": "0x0000581a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a64f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "40", + "tcp.seq": "5038", + "tcp.nxtseq": "5078", + "tcp.ack": "577", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000facd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "40", + "tcp.analysis.push_bytes_sent": "40" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "35", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:eb:b0:de:5b:71:e1:8a:6e:82:c9:35:97:51:72:ca:31:20:a2:7f:6b:76:3b:f7:c9:63:b6:a2:1d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:04.326851000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495244.326851000", + "frame.time_delta": "0.143275000", + "frame.time_delta_displayed": "0.143275000", + "frame.time_relative": "1652.866165000", + "frame.number": "5946", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00001001", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd6c", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "36", + "tcp.seq": "577", + "tcp.nxtseq": "613", + "tcp.ack": "5078", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000007c2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5945", + "tcp.analysis.ack_rtt": "0.143275000", + "tcp.analysis.bytes_in_flight": "36", + "tcp.analysis.push_bytes_sent": "36" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "31", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:70:b0:0d:f0:f3:99:d4:cc:39:6f:3c:35:74:11:1c:96:d0:f4:74:28:92:0f:d6:c8" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:04.327329000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495244.327329000", + "frame.time_delta": "0.000478000", + "frame.time_delta_displayed": "0.000478000", + "frame.time_relative": "1652.866643000", + "frame.number": "5947", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000581b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a676", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5078", + "tcp.ack": "613", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f085", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "5946", + "tcp.analysis.ack_rtt": "0.000478000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:06.649376000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495246.649376000", + "frame.time_delta": "2.322047000", + "frame.time_delta_displayed": "2.322047000", + "frame.time_relative": "1655.188690000", + "frame.number": "5948", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005e16", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x000059d3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:07.355914000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495247.355914000", + "frame.time_delta": "0.706538000", + "frame.time_delta_displayed": "0.706538000", + "frame.time_relative": "1655.895228000", + "frame.number": "5949", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000482d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00009161", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:07.367069000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495247.367069000", + "frame.time_delta": "0.011155000", + "frame.time_delta_displayed": "0.011155000", + "frame.time_relative": "1655.906383000", + "frame.number": "5950", + "frame.len": "211", + "frame.cap_len": "211", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "197", + "ip.id": "0x0000bb31", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001d60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "177", + "udp.checksum": "0x00009320", + "udp.checksum.status": "2", + "udp.stream": "45" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "4", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { + "dns.resp.name": "_smartthings._tcp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "19", + "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { + "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "4500", + "dns.resp.len": "38", + "dns.txt.length": "6", + "dns.txt": "path=\/", + "dns.txt.length": "19", + "dns.txt": "id=D052A8A1D7EE0001", + "dns.txt.length": "10", + "dns.txt": "type=hubv2" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { + "dns.srv.service": "D052A8A1D7EE0001", + "dns.srv.proto": "_smartthings", + "dns.srv.name": "_tcp.local", + "dns.resp.type": "33", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "25", + "dns.srv.priority": "0", + "dns.srv.weight": "0", + "dns.srv.port": "8081", + "dns.srv.target": "D052A8A1D7EE0001.local" + }, + "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { + "dns.resp.name": "D052A8A1D7EE0001.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "4", + "dns.a": "192.168.0.242" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:07.492572000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495247.492572000", + "frame.time_delta": "0.125503000", + "frame.time_delta_displayed": "0.125503000", + "frame.time_relative": "1656.031886000", + "frame.number": "5951", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000483f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000914f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:07.663000000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495247.663000000", + "frame.time_delta": "0.170428000", + "frame.time_delta_displayed": "0.170428000", + "frame.time_relative": "1656.202314000", + "frame.number": "5952", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f92", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b85e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001470", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000285", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=645", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:07.663522000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495247.663522000", + "frame.time_delta": "0.000522000", + "frame.time_delta_displayed": "0.000522000", + "frame.time_relative": "1656.202836000", + "frame.number": "5953", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f93", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009959", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f56b", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000285", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=645", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:07.665962000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495247.665962000", + "frame.time_delta": "0.002440000", + "frame.time_delta_displayed": "0.002440000", + "frame.time_relative": "1656.205276000", + "frame.number": "5954", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008331", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000285", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=645", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:07.717411000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495247.717411000", + "frame.time_delta": "0.051449000", + "frame.time_delta_displayed": "0.051449000", + "frame.time_relative": "1656.256725000", + "frame.number": "5955", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x00004859", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00009135", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:07.721028000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495247.721028000", + "frame.time_delta": "0.003617000", + "frame.time_delta_displayed": "0.003617000", + "frame.time_relative": "1656.260342000", + "frame.number": "5956", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:07.980489000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495247.980489000", + "frame.time_delta": "0.259461000", + "frame.time_delta_displayed": "0.259461000", + "frame.time_relative": "1656.519803000", + "frame.number": "5957", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:08.004706000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495248.004706000", + "frame.time_delta": "0.024217000", + "frame.time_delta_displayed": "0.024217000", + "frame.time_relative": "1656.544020000", + "frame.number": "5958", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:08.034690000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495248.034690000", + "frame.time_delta": "0.029984000", + "frame.time_delta_displayed": "0.029984000", + "frame.time_relative": "1656.574004000", + "frame.number": "5959", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:08.064724000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495248.064724000", + "frame.time_delta": "0.030034000", + "frame.time_delta_displayed": "0.030034000", + "frame.time_relative": "1656.604038000", + "frame.number": "5960", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:09.330933000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495249.330933000", + "frame.time_delta": "1.266209000", + "frame.time_delta_displayed": "1.266209000", + "frame.time_relative": "1657.870247000", + "frame.number": "5961", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:09.331332000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495249.331332000", + "frame.time_delta": "0.000399000", + "frame.time_delta_displayed": "0.000399000", + "frame.time_relative": "1657.870646000", + "frame.number": "5962", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:09.430558000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495249.430558000", + "frame.time_delta": "0.099226000", + "frame.time_delta_displayed": "0.099226000", + "frame.time_relative": "1657.969872000", + "frame.number": "5963", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x000048ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000906d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:11.679266000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495251.679266000", + "frame.time_delta": "2.248708000", + "frame.time_delta_displayed": "2.248708000", + "frame.time_relative": "1660.218580000", + "frame.number": "5964", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009687", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076c7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "76759", + "tcp.nxtseq": "76808", + "tcp.ack": "17218", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ca92", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:39:77:a7:a1:32:57", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2570615, TSecr 2812359255": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2570615", + "tcp.options.timestamp.tsecr": "2812359255" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:24:f6:98:83:7f:5c:c1:86:c1:e9:61:6c:ce:e5:38:7c:d2:de:75:b2:6a:04:78:7d:ac:31:2b:f9:72:a6:4c:bc:09:4c:7e:c2:8c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:11.740271000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495251.740271000", + "frame.time_delta": "0.061005000", + "frame.time_delta_displayed": "0.061005000", + "frame.time_relative": "1660.279585000", + "frame.number": "5965", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002d7f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037c9", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "17218", + "tcp.nxtseq": "17273", + "tcp.ack": "76808", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004f53", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:50:b3:00:27:39:77", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812367027, TSecr 2570615": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812367027", + "tcp.options.timestamp.tsecr": "2570615" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5964", + "tcp.analysis.ack_rtt": "0.061005000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:bc:d8:01:21:1c:e9:55:27:c7:60:53:96:29:0a:11:87:96:7d:0b:50:cd:9e:77:79:f5:7f:63:ba:03:33:cc:66:a6:22:34:55:81:a8:0e:b2:ba:a0:2c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:11.740841000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495251.740841000", + "frame.time_delta": "0.000570000", + "frame.time_delta_displayed": "0.000570000", + "frame.time_relative": "1660.280155000", + "frame.number": "5966", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009688", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076f7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "76808", + "tcp.ack": "17273", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ade6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:39:7e:a7:a1:50:b3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2570622, TSecr 2812367027": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2570622", + "tcp.options.timestamp.tsecr": "2812367027" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5965", + "tcp.analysis.ack_rtt": "0.000570000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:12.666361000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495252.666361000", + "frame.time_delta": "0.925520000", + "frame.time_delta_displayed": "0.925520000", + "frame.time_relative": "1661.205675000", + "frame.number": "5967", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f94", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b85c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001470", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000285", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=645", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:12.666821000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495252.666821000", + "frame.time_delta": "0.000460000", + "frame.time_delta_displayed": "0.000460000", + "frame.time_relative": "1661.206135000", + "frame.number": "5968", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f95", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009957", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f56b", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000285", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=645", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:12.667340000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495252.667340000", + "frame.time_delta": "0.000519000", + "frame.time_delta_displayed": "0.000519000", + "frame.time_relative": "1661.206654000", + "frame.number": "5969", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008331", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000285", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=645", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:13.158380000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495253.158380000", + "frame.time_delta": "0.491040000", + "frame.time_delta_displayed": "0.491040000", + "frame.time_relative": "1661.697694000", + "frame.number": "5970", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:18.841870000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495258.841870000", + "frame.time_delta": "5.683490000", + "frame.time_delta_displayed": "5.683490000", + "frame.time_relative": "1667.381184000", + "frame.number": "5971", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000fa02", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Include Mode": { + "igmp.record_type": "3", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:25.350920000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495265.350920000", + "frame.time_delta": "6.509050000", + "frame.time_delta_displayed": "6.509050000", + "frame.time_relative": "1673.890234000", + "frame.number": "5972", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00000b94", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed24", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "56", + "udp.checksum": "0x0000c092", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "30:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:04:fd:60:0c:f2:cd:f2:14:21:00:00:00:01:00:00:00:01:00:00:00:06:00:00:00", + "data.len": "48" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:26.559068000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495266.559068000", + "frame.time_delta": "1.208148000", + "frame.time_delta_displayed": "1.208148000", + "frame.time_relative": "1675.098382000", + "frame.number": "5973", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000fa02", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Include Mode": { + "igmp.record_type": "3", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:28.851940000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495268.851940000", + "frame.time_delta": "2.292872000", + "frame.time_delta_displayed": "2.292872000", + "frame.time_relative": "1677.391254000", + "frame.number": "5974", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:29.567763000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495269.567763000", + "frame.time_delta": "0.715823000", + "frame.time_delta_displayed": "0.715823000", + "frame.time_relative": "1678.107077000", + "frame.number": "5975", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:30.188518000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495270.188518000", + "frame.time_delta": "0.620755000", + "frame.time_delta_displayed": "0.620755000", + "frame.time_relative": "1678.727832000", + "frame.number": "5976", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000f902", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Exclude Mode": { + "igmp.record_type": "4", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:30.197528000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495270.197528000", + "frame.time_delta": "0.009010000", + "frame.time_delta_displayed": "0.009010000", + "frame.time_relative": "1678.736842000", + "frame.number": "5977", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x000050b1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000088a8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000001", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:30.214998000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495270.214998000", + "frame.time_delta": "0.017470000", + "frame.time_delta_displayed": "0.017470000", + "frame.time_relative": "1678.754312000", + "frame.number": "5978", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x000050b2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000088a7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000001", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:30.470297000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495270.470297000", + "frame.time_delta": "0.255299000", + "frame.time_delta_displayed": "0.255299000", + "frame.time_relative": "1679.009611000", + "frame.number": "5979", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x000050cf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000088bf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:30.470459000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495270.470459000", + "frame.time_delta": "0.000162000", + "frame.time_delta_displayed": "0.000162000", + "frame.time_relative": "1679.009773000", + "frame.number": "5980", + "frame.len": "88", + "frame.cap_len": "88", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "74", + "ip.id": "0x000050d0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000088b9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "54", + "udp.checksum": "0x0000fd7d", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_services._dns-sd._udp.local", + "dns.qry.name.len": "28", + "dns.count.labels": "4", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:30.470608000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495270.470608000", + "frame.time_delta": "0.000149000", + "frame.time_delta_displayed": "0.000149000", + "frame.time_relative": "1679.009922000", + "frame.number": "5981", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x000050d1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000088bd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:30.473768000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495270.473768000", + "frame.time_delta": "0.003160000", + "frame.time_delta_displayed": "0.003160000", + "frame.time_relative": "1679.013082000", + "frame.number": "5982", + "frame.len": "211", + "frame.cap_len": "211", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "197", + "ip.id": "0x0000be7d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001a14", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "177", + "udp.checksum": "0x00009320", + "udp.checksum.status": "2", + "udp.stream": "45" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "4", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { + "dns.resp.name": "_smartthings._tcp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "19", + "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { + "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "4500", + "dns.resp.len": "38", + "dns.txt.length": "6", + "dns.txt": "path=\/", + "dns.txt.length": "19", + "dns.txt": "id=D052A8A1D7EE0001", + "dns.txt.length": "10", + "dns.txt": "type=hubv2" + }, + "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { + "dns.srv.service": "D052A8A1D7EE0001", + "dns.srv.proto": "_smartthings", + "dns.srv.name": "_tcp.local", + "dns.resp.type": "33", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "25", + "dns.srv.priority": "0", + "dns.srv.weight": "0", + "dns.srv.port": "8081", + "dns.srv.target": "D052A8A1D7EE0001.local" + }, + "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { + "dns.resp.name": "D052A8A1D7EE0001.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "120", + "dns.resp.len": "4", + "dns.a": "192.168.0.242" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:30.487629000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495270.487629000", + "frame.time_delta": "0.013861000", + "frame.time_delta_displayed": "0.013861000", + "frame.time_relative": "1679.026943000", + "frame.number": "5983", + "frame.len": "107", + "frame.cap_len": "107", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "93", + "ip.id": "0x0000883d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00005167", + "ip.checksum.status": "2", + "ip.src": "192.168.0.71", + "ip.addr": "192.168.0.71", + "ip.src_host": "192.168.0.71", + "ip.host": "192.168.0.71", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "73", + "udp.checksum": "0x0000791d", + "udp.checksum.status": "2", + "udp.stream": "46" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _http._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "13", + "dns.ptr.domain_name": "_http._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:30.514170000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495270.514170000", + "frame.time_delta": "0.026541000", + "frame.time_delta_displayed": "0.026541000", + "frame.time_relative": "1679.053484000", + "frame.number": "5984", + "frame.len": "108", + "frame.cap_len": "108", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "c4:12:f5:e3:dc:17", + "eth.src_tree": { + "eth.src_resolved": "D-LinkIn_e3:dc:17", + "eth.addr": "c4:12:f5:e3:dc:17", + "eth.addr_resolved": "D-LinkIn_e3:dc:17", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "94", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000d963", + "ip.checksum.status": "2", + "ip.src": "192.168.0.135", + "ip.addr": "192.168.0.135", + "ip.src_host": "192.168.0.135", + "ip.host": "192.168.0.135", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "74", + "udp.checksum": "0x00009b6b", + "udp.checksum.status": "2", + "udp.stream": "48" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "14", + "dns.ptr.domain_name": "_dhnap._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:30.542638000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495270.542638000", + "frame.time_delta": "0.028468000", + "frame.time_delta_displayed": "0.028468000", + "frame.time_relative": "1679.081952000", + "frame.number": "5985", + "frame.len": "108", + "frame.cap_len": "108", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "90:8d:78:e3:81:0c", + "eth.src_tree": { + "eth.src_resolved": "D-LinkIn_e3:81:0c", + "eth.addr": "90:8d:78:e3:81:0c", + "eth.addr_resolved": "D-LinkIn_e3:81:0c", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "94", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000d8fa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.240", + "ip.addr": "192.168.0.240", + "ip.src_host": "192.168.0.240", + "ip.host": "192.168.0.240", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "74", + "udp.checksum": "0x00009b02", + "udp.checksum.status": "2", + "udp.stream": "49" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "14", + "dns.ptr.domain_name": "_dhnap._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:30.564499000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495270.564499000", + "frame.time_delta": "0.021861000", + "frame.time_delta_displayed": "0.021861000", + "frame.time_relative": "1679.103813000", + "frame.number": "5986", + "frame.len": "108", + "frame.cap_len": "108", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "c4:12:f5:de:38:20", + "eth.src_tree": { + "eth.src_resolved": "D-LinkIn_de:38:20", + "eth.addr": "c4:12:f5:de:38:20", + "eth.addr_resolved": "D-LinkIn_de:38:20", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "94", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000d995", + "ip.checksum.status": "2", + "ip.src": "192.168.0.85", + "ip.addr": "192.168.0.85", + "ip.src_host": "192.168.0.85", + "ip.host": "192.168.0.85", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "74", + "udp.checksum": "0x00009b9d", + "udp.checksum.status": "2", + "udp.stream": "50" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "14", + "dns.ptr.domain_name": "_dhnap._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:30.567953000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495270.567953000", + "frame.time_delta": "0.003454000", + "frame.time_delta_displayed": "0.003454000", + "frame.time_relative": "1679.107267000", + "frame.number": "5987", + "frame.len": "114", + "frame.cap_len": "114", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "74:da:38:0d:05:55", + "eth.src_tree": { + "eth.src_resolved": "EdimaxTe_0d:05:55", + "eth.addr": "74:da:38:0d:05:55", + "eth.addr_resolved": "EdimaxTe_0d:05:55", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "100", + "ip.id": "0x0000e5f3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000f379", + "ip.checksum.status": "2", + "ip.src": "192.168.0.119", + "ip.addr": "192.168.0.119", + "ip.src_host": "192.168.0.119", + "ip.host": "192.168.0.119", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "80", + "udp.checksum": "0x00004200", + "udp.checksum.status": "2", + "udp.stream": "47" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _workstation._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "20", + "dns.ptr.domain_name": "_workstation._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:30.651920000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495270.651920000", + "frame.time_delta": "0.083967000", + "frame.time_delta_displayed": "0.083967000", + "frame.time_relative": "1679.191234000", + "frame.number": "5988", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x000050ff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000888f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:30.652077000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495270.652077000", + "frame.time_delta": "0.000157000", + "frame.time_delta_displayed": "0.000157000", + "frame.time_relative": "1679.191391000", + "frame.number": "5989", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x00005100", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000888e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:30.652220000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495270.652220000", + "frame.time_delta": "0.000143000", + "frame.time_delta_displayed": "0.000143000", + "frame.time_relative": "1679.191534000", + "frame.number": "5990", + "frame.len": "88", + "frame.cap_len": "88", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "74", + "ip.id": "0x00005101", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008888", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "54", + "udp.checksum": "0x0000fd7d", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_services._dns-sd._udp.local", + "dns.qry.name.len": "28", + "dns.count.labels": "4", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:30.886968000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495270.886968000", + "frame.time_delta": "0.234748000", + "frame.time_delta_displayed": "0.234748000", + "frame.time_relative": "1679.426282000", + "frame.number": "5991", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000513a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008854", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:30.887130000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495270.887130000", + "frame.time_delta": "0.000162000", + "frame.time_delta_displayed": "0.000162000", + "frame.time_relative": "1679.426444000", + "frame.number": "5992", + "frame.len": "88", + "frame.cap_len": "88", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "74", + "ip.id": "0x0000513b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000884e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "54", + "udp.checksum": "0x0000fd7d", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_services._dns-sd._udp.local", + "dns.qry.name.len": "28", + "dns.count.labels": "4", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:30.887277000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495270.887277000", + "frame.time_delta": "0.000147000", + "frame.time_delta_displayed": "0.000147000", + "frame.time_relative": "1679.426591000", + "frame.number": "5993", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000513c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008852", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "49", + "udp.checksum": "0x0000edf6", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_smartthings._tcp.local", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:31.182290000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495271.182290000", + "frame.time_delta": "0.295013000", + "frame.time_delta_displayed": "0.295013000", + "frame.time_relative": "1679.721604000", + "frame.number": "5994", + "frame.len": "114", + "frame.cap_len": "114", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "74:da:38:0d:05:55", + "eth.src_tree": { + "eth.src_resolved": "EdimaxTe_0d:05:55", + "eth.addr": "74:da:38:0d:05:55", + "eth.addr_resolved": "EdimaxTe_0d:05:55", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "100", + "ip.id": "0x0000e62e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000f33e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.119", + "ip.addr": "192.168.0.119", + "ip.src_host": "192.168.0.119", + "ip.host": "192.168.0.119", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "80", + "udp.checksum": "0x00004200", + "udp.checksum.status": "2", + "udp.stream": "47" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "_services._dns-sd._udp.local: type PTR, class IN, _workstation._tcp.local": { + "dns.resp.name": "_services._dns-sd._udp.local", + "dns.resp.type": "12", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "4500", + "dns.resp.len": "20", + "dns.ptr.domain_name": "_workstation._tcp.local" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:31.202955000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495271.202955000", + "frame.time_delta": "0.020665000", + "frame.time_delta_displayed": "0.020665000", + "frame.time_relative": "1679.742269000", + "frame.number": "5995", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00005165", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000881d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "61", + "udp.checksum": "0x0000e755", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "192-168-0-117.local: type ANY, class IN, \"QM\" question": { + "dns.qry.name": "192-168-0-117.local", + "dns.qry.name.len": "19", + "dns.count.labels": "2", + "dns.qry.type": "255", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + }, + "Authoritative nameservers": { + "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "3600", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:31.215468000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495271.215468000", + "frame.time_delta": "0.012513000", + "frame.time_delta_displayed": "0.012513000", + "frame.time_relative": "1679.754782000", + "frame.number": "5996", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x00005167", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000087f2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302b", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000002", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:32.219147000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495272.219147000", + "frame.time_delta": "1.003679000", + "frame.time_delta_displayed": "1.003679000", + "frame.time_relative": "1680.758461000", + "frame.number": "5997", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x000051d5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000087ad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "61", + "udp.checksum": "0x0000e755", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "192-168-0-117.local: type ANY, class IN, \"QM\" question": { + "dns.qry.name": "192-168-0-117.local", + "dns.qry.name.len": "19", + "dns.count.labels": "2", + "dns.qry.type": "255", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + }, + "Authoritative nameservers": { + "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "3600", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:32.219309000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495272.219309000", + "frame.time_delta": "0.000162000", + "frame.time_delta_displayed": "0.000162000", + "frame.time_relative": "1680.758623000", + "frame.number": "5998", + "frame.len": "136", + "frame.cap_len": "136", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "122", + "ip.id": "0x000051d9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008780", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "102", + "udp.checksum": "0x0000302a", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", + "dns.qry.name.len": "70", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:32.332612000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495272.332612000", + "frame.time_delta": "0.113303000", + "frame.time_delta_displayed": "0.113303000", + "frame.time_relative": "1680.871926000", + "frame.number": "5999", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x00009689", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007596", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "76808", + "tcp.nxtseq": "77160", + "tcp.ack": "17273", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000002dd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:41:89:a7:a1:50:b3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2572681, TSecr 2812367027": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2572681", + "tcp.options.timestamp.tsecr": "2812367027" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "352", + "tcp.analysis.push_bytes_sent": "352" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "347", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:25:0c:78:33:5b:2a:31:99:c2:a8:58:30:3d:f1:62:a2:77:0f:f0:d3:b5:20:c8:c1:a6:7c:86:a9:72:79:40:04:42:bf:31:72:a1:d0:2e:3d:92:f1:7f:86:e0:bd:4d:e7:1a:6d:b8:98:66:b7:ed:3d:7e:b6:b6:11:29:ac:57:ce:26:3f:41:22:a8:62:b1:89:62:b0:fa:55:7c:d3:9b:5b:58:5a:6f:c8:59:9f:2a:10:27:0b:01:b6:e9:b7:d8:06:52:99:1a:15:5a:7a:14:81:d8:6c:26:c6:ae:e8:c5:f6:37:5d:d7:bb:52:f9:22:d9:f6:a1:ff:ee:ff:9c:cf:95:0b:3f:cd:80:0c:00:1d:4f:37:82:b1:17:53:c8:7e:8f:38:85:68:af:27:22:31:30:30:a9:29:95:48:97:3b:55:69:ff:95:ca:6a:d3:c6:5d:a1:08:8e:c1:bd:13:28:ae:c3:78:f6:a1:c6:5d:3e:58:ec:78:41:29:fb:15:f7:1d:1f:6b:6b:de:b4:b5:2c:88:2a:f1:67:9d:58:f9:38:ec:1c:68:ae:48:ef:cf:c1:30:b5:c4:b2:ae:aa:44:1e:3e:c3:04:d9:85:14:b8:92:c3:8f:66:50:d8:26:10:14:37:18:69:9a:26:64:b5:cc:01:26:04:a8:70:b6:f0:5e:74:60:8d:81:81:d7:a3:66:c8:4a:ca:3a:a6:6c:df:e7:f6:3c:a7:60:41:25:c2:21:93:6b:ef:1e:f3:38:e7:e7:d5:10:42:b0:3d:07:33:5b:49:5e:f4:9e:be:2b:e1:29:7c:ee:a9:75:a0:17:78:11:94:74:68:2c:66:fb:43:d1:bd:d4:34:9d:93:e7:aa:d2:09:4d:bc:09:35:62:7c:4d:10:53:05:bd:ba" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:32.393780000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495272.393780000", + "frame.time_delta": "0.061168000", + "frame.time_delta_displayed": "0.061168000", + "frame.time_relative": "1680.933094000", + "frame.number": "6000", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d80", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037d0", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "17273", + "tcp.nxtseq": "17320", + "tcp.ack": "77160", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000068c7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:64:de:00:27:41:89", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812372190, TSecr 2572681": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812372190", + "tcp.options.timestamp.tsecr": "2572681" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "5999", + "tcp.analysis.ack_rtt": "0.061168000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:bd:17:27:d1:0d:7c:c8:85:32:99:90:e3:1d:9a:19:15:7f:cf:60:04:e1:81:28:d1:a1:be:8e:4f:03:cb:6d:42:0e:26:69" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:32.394214000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495272.394214000", + "frame.time_delta": "0.000434000", + "frame.time_delta_displayed": "0.000434000", + "frame.time_relative": "1680.933528000", + "frame.number": "6001", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000968a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076f5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "77160", + "tcp.ack": "17320", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000901b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:41:8f:a7:a1:64:de", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2572687, TSecr 2812372190": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2572687", + "tcp.options.timestamp.tsecr": "2812372190" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6000", + "tcp.analysis.ack_rtt": "0.000434000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:33.206232000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495273.206232000", + "frame.time_delta": "0.812018000", + "frame.time_delta_displayed": "0.812018000", + "frame.time_relative": "1681.745546000", + "frame.number": "6002", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x0000528d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000086f5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "61", + "udp.checksum": "0x0000e855", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "192-168-0-117.local: type ANY, class IN, \"QM\" question": { + "dns.qry.name": "192-168-0-117.local", + "dns.qry.name.len": "19", + "dns.count.labels": "2", + "dns.qry.type": "255", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + }, + "Authoritative nameservers": { + "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "3599", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:34.219793000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495274.219793000", + "frame.time_delta": "1.013561000", + "frame.time_delta_displayed": "1.013561000", + "frame.time_relative": "1682.759107000", + "frame.number": "6003", + "frame.len": "89", + "frame.cap_len": "89", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "75", + "ip.id": "0x00005345", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008643", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "55", + "udp.checksum": "0x00006fa3", + "udp.checksum.status": "2", + "udp.stream": "0" + }, + "mdns": { + "dns.response_to": "6002", + "dns.time": "1.013561000", + "dns.id": "0x00000000", + "dns.flags": "0x00008400", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "1", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.recavail": "0", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "0", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Answers": { + "192-168-0-117.local: type A, class IN, cache flush, addr 192.168.0.117": { + "dns.resp.name": "192-168-0-117.local", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "1", + "dns.resp.ttl": "3600", + "dns.resp.len": "4", + "dns.a": "192.168.0.117" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:34.338920000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495274.338920000", + "frame.time_delta": "0.119127000", + "frame.time_delta_displayed": "0.119127000", + "frame.time_relative": "1682.878234000", + "frame.number": "6004", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000581c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a675", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5077", + "tcp.ack": "613", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f086", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:34.482106000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495274.482106000", + "frame.time_delta": "0.143186000", + "frame.time_delta_displayed": "0.143186000", + "frame.time_relative": "1683.021420000", + "frame.number": "6005", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001002", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd8f", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "613", + "tcp.ack": "5078", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fafb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:35.155829000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495275.155829000", + "frame.time_delta": "0.673723000", + "frame.time_delta_displayed": "0.673723000", + "frame.time_relative": "1683.695143000", + "frame.number": "6006", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000f902", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Exclude Mode": { + "igmp.record_type": "4", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:36.651515000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495276.651515000", + "frame.time_delta": "1.495686000", + "frame.time_delta_displayed": "1.495686000", + "frame.time_relative": "1685.190829000", + "frame.number": "6007", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005e1d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x000059cc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:37.400450000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495277.400450000", + "frame.time_delta": "0.748935000", + "frame.time_delta_displayed": "0.748935000", + "frame.time_relative": "1685.939764000", + "frame.number": "6008", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:37.400882000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495277.400882000", + "frame.time_delta": "0.000432000", + "frame.time_delta_displayed": "0.000432000", + "frame.time_relative": "1685.940196000", + "frame.number": "6009", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:44.013892000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495284.013892000", + "frame.time_delta": "6.613010000", + "frame.time_delta_displayed": "6.613010000", + "frame.time_relative": "1692.553206000", + "frame.number": "6010", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000fa02", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Include Mode": { + "igmp.record_type": "3", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:52.551767000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495292.551767000", + "frame.time_delta": "8.537875000", + "frame.time_delta_displayed": "8.537875000", + "frame.time_relative": "1701.091081000", + "frame.number": "6011", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "64:bc:0c:43:3f:40", + "eth.src_tree": { + "eth.src_resolved": "LgElectr_43:3f:40", + "eth.addr": "64:bc:0c:43:3f:40", + "eth.addr_resolved": "LgElectr_43:3f:40", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.117", + "ip.addr": "192.168.0.117", + "ip.src_host": "192.168.0.117", + "ip.host": "192.168.0.117", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000fa02", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Include Mode": { + "igmp.record_type": "3", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:56.288756000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495296.288756000", + "frame.time_delta": "3.736989000", + "frame.time_delta_displayed": "3.736989000", + "frame.time_relative": "1704.828070000", + "frame.number": "6012", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000380d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000914a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:56.304177000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495296.304177000", + "frame.time_delta": "0.015421000", + "frame.time_delta_displayed": "0.015421000", + "frame.time_relative": "1704.843491000", + "frame.number": "6013", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00003811", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00009146", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:56.357073000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495296.357073000", + "frame.time_delta": "0.052896000", + "frame.time_delta_displayed": "0.052896000", + "frame.time_relative": "1704.896387000", + "frame.number": "6014", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00003815", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00009139", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:56.409882000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495296.409882000", + "frame.time_delta": "0.052809000", + "frame.time_delta_displayed": "0.052809000", + "frame.time_relative": "1704.949196000", + "frame.number": "6015", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00003816", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00009138", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:56.462740000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495296.462740000", + "frame.time_delta": "0.052858000", + "frame.time_delta_displayed": "0.052858000", + "frame.time_relative": "1705.002054000", + "frame.number": "6016", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00003819", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000913b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:56.515683000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495296.515683000", + "frame.time_delta": "0.052943000", + "frame.time_delta_displayed": "0.052943000", + "frame.time_relative": "1705.054997000", + "frame.number": "6017", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000381c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00009138", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:57.665815000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495297.665815000", + "frame.time_delta": "1.150132000", + "frame.time_delta_displayed": "1.150132000", + "frame.time_relative": "1706.205129000", + "frame.number": "6018", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f9b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b855", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000136f", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000286", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=646", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:57.666332000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495297.666332000", + "frame.time_delta": "0.000517000", + "frame.time_delta_displayed": "0.000517000", + "frame.time_relative": "1706.205646000", + "frame.number": "6019", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f9c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009950", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f46a", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000286", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=646", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:14:57.666959000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495297.666959000", + "frame.time_delta": "0.000627000", + "frame.time_delta_displayed": "0.000627000", + "frame.time_relative": "1706.206273000", + "frame.number": "6020", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000286", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=646", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:02.666099000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495302.666099000", + "frame.time_delta": "4.999140000", + "frame.time_delta_displayed": "4.999140000", + "frame.time_relative": "1711.205413000", + "frame.number": "6021", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f9d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b853", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000136f", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000286", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=646", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:02.666637000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495302.666637000", + "frame.time_delta": "0.000538000", + "frame.time_delta_displayed": "0.000538000", + "frame.time_relative": "1711.205951000", + "frame.number": "6022", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f9e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000994e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f46a", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000286", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=646", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:02.667245000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495302.667245000", + "frame.time_delta": "0.000608000", + "frame.time_delta_displayed": "0.000608000", + "frame.time_relative": "1711.206559000", + "frame.number": "6023", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000286", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=646", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:03.410772000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495303.410772000", + "frame.time_delta": "0.743527000", + "frame.time_delta_displayed": "0.743527000", + "frame.time_relative": "1711.950086000", + "frame.number": "6024", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x0000968b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076c3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "77160", + "tcp.nxtseq": "77209", + "tcp.ack": "17320", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cbc5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:4d:ad:a7:a1:64:de", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2575789, TSecr 2812372190": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2575789", + "tcp.options.timestamp.tsecr": "2812372190" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:26:05:a2:15:44:7a:62:57:83:fe:33:05:1d:7f:91:d4:96:35:38:49:96:ee:ff:53:e3:84:f2:d9:32:73:43:41:42:35:0d:8f:e0" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:03.471399000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495303.471399000", + "frame.time_delta": "0.060627000", + "frame.time_delta_displayed": "0.060627000", + "frame.time_relative": "1712.010713000", + "frame.number": "6025", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002d81", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037c7", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "17320", + "tcp.nxtseq": "17375", + "tcp.ack": "77209", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004c0a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:83:38:00:27:4d:ad", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812379960, TSecr 2575789": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812379960", + "tcp.options.timestamp.tsecr": "2575789" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6024", + "tcp.analysis.ack_rtt": "0.060627000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:be:0d:25:a1:2b:6e:a2:d7:37:f8:82:a4:d6:9d:29:68:f4:c5:02:f8:7b:73:09:58:e2:4d:0c:be:06:24:be:3a:68:75:4a:c2:67:12:6c:1a:aa:65:d4" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:03.471880000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495303.471880000", + "frame.time_delta": "0.000481000", + "frame.time_delta_displayed": "0.000481000", + "frame.time_relative": "1712.011194000", + "frame.number": "6026", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000968c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "77209", + "tcp.ack": "17375", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006535", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:4d:b3:a7:a1:83:38", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2575795, TSecr 2812379960": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2575795", + "tcp.options.timestamp.tsecr": "2812379960" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6025", + "tcp.analysis.ack_rtt": "0.000481000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:04.478873000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495304.478873000", + "frame.time_delta": "1.006993000", + "frame.time_delta_displayed": "1.006993000", + "frame.time_relative": "1713.018187000", + "frame.number": "6027", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000581d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a674", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5077", + "tcp.ack": "613", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f086", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:04.624005000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495304.624005000", + "frame.time_delta": "0.145132000", + "frame.time_delta_displayed": "0.145132000", + "frame.time_relative": "1713.163319000", + "frame.number": "6028", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001003", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd8e", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "613", + "tcp.ack": "5078", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fafb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:06.652180000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495306.652180000", + "frame.time_delta": "2.028175000", + "frame.time_delta_displayed": "2.028175000", + "frame.time_relative": "1715.191494000", + "frame.number": "6029", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005e24", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x000059c5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:07.666299000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495307.666299000", + "frame.time_delta": "1.014119000", + "frame.time_delta_displayed": "1.014119000", + "frame.time_relative": "1716.205613000", + "frame.number": "6030", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001f9f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b851", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000136f", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000286", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=646", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:07.666860000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495307.666860000", + "frame.time_delta": "0.000561000", + "frame.time_delta_displayed": "0.000561000", + "frame.time_relative": "1716.206174000", + "frame.number": "6031", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fa0", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000994c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f46a", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000286", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=646", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:07.667482000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495307.667482000", + "frame.time_delta": "0.000622000", + "frame.time_delta_displayed": "0.000622000", + "frame.time_relative": "1716.206796000", + "frame.number": "6032", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000286", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=646", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:09.488799000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495309.488799000", + "frame.time_delta": "1.821317000", + "frame.time_delta_displayed": "1.821317000", + "frame.time_relative": "1718.028113000", + "frame.number": "6033", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:09.488989000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495309.488989000", + "frame.time_delta": "0.000190000", + "frame.time_delta_displayed": "0.000190000", + "frame.time_relative": "1718.028303000", + "frame.number": "6034", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:28.850522000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495328.850522000", + "frame.time_delta": "19.361533000", + "frame.time_delta_displayed": "19.361533000", + "frame.time_relative": "1737.389836000", + "frame.number": "6035", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.432441000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.432441000", + "frame.time_delta": "1.581919000", + "frame.time_delta_displayed": "1.581919000", + "frame.time_relative": "1738.971755000", + "frame.number": "6036", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x00002114", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e730", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52117", + "udp.dstport": "1900", + "udp.port": "52117", + "udp.port": "1900", + "udp.length": "134", + "udp.checksum": "0x00004d48", + "udp.checksum.status": "2", + "udp.stream": "10" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "15", + "http.prev_request_in": "5828" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.835802000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.835802000", + "frame.time_delta": "0.403361000", + "frame.time_delta_displayed": "0.403361000", + "frame.time_relative": "1739.375116000", + "frame.number": "6037", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00004c3f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006b0c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "85", + "http.prev_response_in": "5884" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.839634000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.839634000", + "frame.time_delta": "0.003832000", + "frame.time_delta_displayed": "0.003832000", + "frame.time_relative": "1739.378948000", + "frame.number": "6038", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001bbb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54722", + "tcp.dstport": "80", + "tcp.port": "54722", + "tcp.port": "80", + "tcp.stream": "218", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000f812", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.840167000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.840167000", + "frame.time_delta": "0.000533000", + "frame.time_delta_displayed": "0.000533000", + "frame.time_relative": "1739.379481000", + "frame.number": "6039", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54722", + "tcp.port": "80", + "tcp.port": "54722", + "tcp.stream": "218", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000f0e3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6038", + "tcp.analysis.ack_rtt": "0.000533000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.842939000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.842939000", + "frame.time_delta": "0.002772000", + "frame.time_delta_displayed": "0.002772000", + "frame.time_relative": "1739.382253000", + "frame.number": "6040", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001bbc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cb7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54722", + "tcp.dstport": "80", + "tcp.port": "54722", + "tcp.port": "80", + "tcp.stream": "218", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a2c2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6039", + "tcp.analysis.ack_rtt": "0.002772000", + "tcp.analysis.initial_rtt": "0.003305000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.843550000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.843550000", + "frame.time_delta": "0.000611000", + "frame.time_delta_displayed": "0.000611000", + "frame.time_relative": "1739.382864000", + "frame.number": "6041", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001bbd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c0f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54722", + "tcp.dstport": "80", + "tcp.port": "54722", + "tcp.port": "80", + "tcp.stream": "218", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b83b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003305000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.844027000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.844027000", + "frame.time_delta": "0.000477000", + "frame.time_delta_displayed": "0.000477000", + "frame.time_relative": "1739.383341000", + "frame.number": "6042", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009e16", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001a5d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54722", + "tcp.port": "80", + "tcp.port": "54722", + "tcp.stream": "218", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009453", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6041", + "tcp.analysis.ack_rtt": "0.000477000", + "tcp.analysis.initial_rtt": "0.003305000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.844679000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.844679000", + "frame.time_delta": "0.000652000", + "frame.time_delta_displayed": "0.000652000", + "frame.time_relative": "1739.383993000", + "frame.number": "6043", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00009e17", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001a4b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54722", + "tcp.port": "80", + "tcp.port": "54722", + "tcp.stream": "218", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d474", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003305000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.845037000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.845037000", + "frame.time_delta": "0.000358000", + "frame.time_delta_displayed": "0.000358000", + "frame.time_relative": "1739.384351000", + "frame.number": "6044", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00009e18", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001678", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54722", + "tcp.port": "80", + "tcp.port": "54722", + "tcp.stream": "218", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000026de", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003305000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6043", + "tcp.segment": "6044", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001487000", + "http.request_in": "6041", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.847818000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.847818000", + "frame.time_delta": "0.002781000", + "frame.time_delta_displayed": "0.002781000", + "frame.time_relative": "1739.387132000", + "frame.number": "6045", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001bbe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cb5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54722", + "tcp.dstport": "80", + "tcp.port": "54722", + "tcp.port": "80", + "tcp.stream": "218", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009e2a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6044", + "tcp.analysis.ack_rtt": "0.002781000", + "tcp.analysis.initial_rtt": "0.003305000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.848479000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.848479000", + "frame.time_delta": "0.000661000", + "frame.time_delta_displayed": "0.000661000", + "frame.time_relative": "1739.387793000", + "frame.number": "6046", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001bbf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cb4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54722", + "tcp.dstport": "80", + "tcp.port": "54722", + "tcp.port": "80", + "tcp.stream": "218", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009e29", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.848932000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.848932000", + "frame.time_delta": "0.000453000", + "frame.time_delta_displayed": "0.000453000", + "frame.time_relative": "1739.388246000", + "frame.number": "6047", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002c5f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008c14", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54722", + "tcp.port": "80", + "tcp.port": "54722", + "tcp.stream": "218", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000905d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6046", + "tcp.analysis.ack_rtt": "0.000453000", + "tcp.analysis.initial_rtt": "0.003305000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.888906000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.888906000", + "frame.time_delta": "0.039974000", + "frame.time_delta_displayed": "0.039974000", + "frame.time_relative": "1739.428220000", + "frame.number": "6048", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00004c40", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006b02", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "86", + "http.prev_response_in": "6037" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.899799000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.899799000", + "frame.time_delta": "0.010893000", + "frame.time_delta_displayed": "0.010893000", + "frame.time_relative": "1739.439113000", + "frame.number": "6049", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001bc0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ca7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54723", + "tcp.dstport": "80", + "tcp.port": "54723", + "tcp.port": "80", + "tcp.stream": "219", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00003f93", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.900543000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.900543000", + "frame.time_delta": "0.000744000", + "frame.time_delta_displayed": "0.000744000", + "frame.time_relative": "1739.439857000", + "frame.number": "6050", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54723", + "tcp.port": "80", + "tcp.port": "54723", + "tcp.stream": "219", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00006907", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6049", + "tcp.analysis.ack_rtt": "0.000744000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.903067000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.903067000", + "frame.time_delta": "0.002524000", + "frame.time_delta_displayed": "0.002524000", + "frame.time_relative": "1739.442381000", + "frame.number": "6051", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001bc1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cb2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54723", + "tcp.dstport": "80", + "tcp.port": "54723", + "tcp.port": "80", + "tcp.stream": "219", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001ae6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6050", + "tcp.analysis.ack_rtt": "0.002524000", + "tcp.analysis.initial_rtt": "0.003268000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.903703000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.903703000", + "frame.time_delta": "0.000636000", + "frame.time_delta_displayed": "0.000636000", + "frame.time_relative": "1739.443017000", + "frame.number": "6052", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001bc2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c0a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54723", + "tcp.dstport": "80", + "tcp.port": "54723", + "tcp.port": "80", + "tcp.stream": "219", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000305f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003268000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.904189000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.904189000", + "frame.time_delta": "0.000486000", + "frame.time_delta_displayed": "0.000486000", + "frame.time_relative": "1739.443503000", + "frame.number": "6053", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b807", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000006c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54723", + "tcp.port": "80", + "tcp.port": "54723", + "tcp.stream": "219", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000c77", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6052", + "tcp.analysis.ack_rtt": "0.000486000", + "tcp.analysis.initial_rtt": "0.003268000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.904779000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.904779000", + "frame.time_delta": "0.000590000", + "frame.time_delta_displayed": "0.000590000", + "frame.time_relative": "1739.444093000", + "frame.number": "6054", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000b808", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000005a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54723", + "tcp.port": "80", + "tcp.port": "54723", + "tcp.stream": "219", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004c98", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003268000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.905136000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.905136000", + "frame.time_delta": "0.000357000", + "frame.time_delta_displayed": "0.000357000", + "frame.time_relative": "1739.444450000", + "frame.number": "6055", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000b809", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fc86", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54723", + "tcp.port": "80", + "tcp.port": "54723", + "tcp.stream": "219", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009f01", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003268000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6054", + "tcp.segment": "6055", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001433000", + "http.request_in": "6052", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.907761000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.907761000", + "frame.time_delta": "0.002625000", + "frame.time_delta_displayed": "0.002625000", + "frame.time_relative": "1739.447075000", + "frame.number": "6056", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001bc3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cb0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54723", + "tcp.dstport": "80", + "tcp.port": "54723", + "tcp.port": "80", + "tcp.stream": "219", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000164e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6055", + "tcp.analysis.ack_rtt": "0.002625000", + "tcp.analysis.initial_rtt": "0.003268000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.908943000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.908943000", + "frame.time_delta": "0.001182000", + "frame.time_delta_displayed": "0.001182000", + "frame.time_relative": "1739.448257000", + "frame.number": "6057", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001bc4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005caf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54723", + "tcp.dstport": "80", + "tcp.port": "54723", + "tcp.port": "80", + "tcp.stream": "219", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000164d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.909389000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.909389000", + "frame.time_delta": "0.000446000", + "frame.time_delta_displayed": "0.000446000", + "frame.time_relative": "1739.448703000", + "frame.number": "6058", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002c65", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008c0e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54723", + "tcp.port": "80", + "tcp.port": "54723", + "tcp.stream": "219", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000881", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6057", + "tcp.analysis.ack_rtt": "0.000446000", + "tcp.analysis.initial_rtt": "0.003268000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.942297000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.942297000", + "frame.time_delta": "0.032908000", + "frame.time_delta_displayed": "0.032908000", + "frame.time_relative": "1739.481611000", + "frame.number": "6059", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00004c41", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006b07", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "87", + "http.prev_response_in": "6048" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.946718000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.946718000", + "frame.time_delta": "0.004421000", + "frame.time_delta_displayed": "0.004421000", + "frame.time_relative": "1739.486032000", + "frame.number": "6060", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001bc5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ca2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54724", + "tcp.dstport": "80", + "tcp.port": "54724", + "tcp.port": "80", + "tcp.stream": "220", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00008f15", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.947250000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.947250000", + "frame.time_delta": "0.000532000", + "frame.time_delta_displayed": "0.000532000", + "frame.time_relative": "1739.486564000", + "frame.number": "6061", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54724", + "tcp.port": "80", + "tcp.port": "54724", + "tcp.stream": "220", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00001d61", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6060", + "tcp.analysis.ack_rtt": "0.000532000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.949851000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.949851000", + "frame.time_delta": "0.002601000", + "frame.time_delta_displayed": "0.002601000", + "frame.time_relative": "1739.489165000", + "frame.number": "6062", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001bc6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54724", + "tcp.dstport": "80", + "tcp.port": "54724", + "tcp.port": "80", + "tcp.stream": "220", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000cf3f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6061", + "tcp.analysis.ack_rtt": "0.002601000", + "tcp.analysis.initial_rtt": "0.003133000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.950911000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.950911000", + "frame.time_delta": "0.001060000", + "frame.time_delta_displayed": "0.001060000", + "frame.time_relative": "1739.490225000", + "frame.number": "6063", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001bc7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c05", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54724", + "tcp.dstport": "80", + "tcp.port": "54724", + "tcp.port": "80", + "tcp.stream": "220", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e4b8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003133000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.951403000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.951403000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "1739.490717000", + "frame.number": "6064", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009e75", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000019fe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54724", + "tcp.port": "80", + "tcp.port": "54724", + "tcp.stream": "220", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c0d0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6063", + "tcp.analysis.ack_rtt": "0.000492000", + "tcp.analysis.initial_rtt": "0.003133000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.951977000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.951977000", + "frame.time_delta": "0.000574000", + "frame.time_delta_displayed": "0.000574000", + "frame.time_relative": "1739.491291000", + "frame.number": "6065", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00009e76", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000019ec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54724", + "tcp.port": "80", + "tcp.port": "54724", + "tcp.stream": "220", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000000f2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003133000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.952417000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.952417000", + "frame.time_delta": "0.000440000", + "frame.time_delta_displayed": "0.000440000", + "frame.time_relative": "1739.491731000", + "frame.number": "6066", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00009e77", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001619", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54724", + "tcp.port": "80", + "tcp.port": "54724", + "tcp.stream": "220", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000535b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003133000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6065", + "tcp.segment": "6066", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001506000", + "http.request_in": "6063", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.955212000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.955212000", + "frame.time_delta": "0.002795000", + "frame.time_delta_displayed": "0.002795000", + "frame.time_relative": "1739.494526000", + "frame.number": "6067", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001bc8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005cab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54724", + "tcp.dstport": "80", + "tcp.port": "54724", + "tcp.port": "80", + "tcp.stream": "220", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000caa7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6066", + "tcp.analysis.ack_rtt": "0.002795000", + "tcp.analysis.initial_rtt": "0.003133000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.956237000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.956237000", + "frame.time_delta": "0.001025000", + "frame.time_delta_displayed": "0.001025000", + "frame.time_relative": "1739.495551000", + "frame.number": "6068", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001bc9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005caa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54724", + "tcp.dstport": "80", + "tcp.port": "54724", + "tcp.port": "80", + "tcp.stream": "220", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000caa6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:30.956675000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495330.956675000", + "frame.time_delta": "0.000438000", + "frame.time_delta_displayed": "0.000438000", + "frame.time_relative": "1739.495989000", + "frame.number": "6069", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002c69", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008c0a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54724", + "tcp.port": "80", + "tcp.port": "54724", + "tcp.stream": "220", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bcda", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6068", + "tcp.analysis.ack_rtt": "0.000438000", + "tcp.analysis.initial_rtt": "0.003133000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.224328000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.224328000", + "frame.time_delta": "0.267653000", + "frame.time_delta_displayed": "0.267653000", + "frame.time_relative": "1739.763642000", + "frame.number": "6070", + "frame.len": "416", + "frame.cap_len": "416", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "402", + "ip.id": "0x0000968d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007594", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "350", + "tcp.seq": "77209", + "tcp.nxtseq": "77559", + "tcp.ack": "17375", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fa17", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:58:8a:a7:a1:83:38", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2578570, TSecr 2812379960": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2578570", + "tcp.options.timestamp.tsecr": "2812379960" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "350", + "tcp.analysis.push_bytes_sent": "350" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "345", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:27:f1:94:95:47:b8:df:b5:ae:80:46:c9:df:b1:f7:f0:61:2f:98:17:ea:03:98:77:b0:a9:1e:cf:e2:b4:f6:f0:27:25:4f:74:9b:1d:3a:6c:fd:c6:7c:b0:fd:ca:6f:5e:23:4d:6f:d4:cb:51:ff:3a:2f:01:bb:fe:df:ef:8f:85:36:e8:4b:57:9a:0f:72:b7:2b:77:10:5e:94:f0:ef:b6:e5:0a:4b:10:79:2d:ad:c9:59:86:53:44:fe:c4:ef:11:21:3d:a0:a0:99:2d:0c:bd:6f:cc:64:62:5b:9c:7a:7f:54:c2:6e:2e:fc:9a:0e:32:c5:58:7d:2a:2f:09:b3:bb:e9:ab:0d:62:80:fd:1b:6e:06:ab:1c:6e:d8:c5:f7:87:ee:1e:d0:59:76:e0:64:4c:73:d5:3b:80:71:43:37:34:76:44:df:df:b3:af:dc:03:91:20:58:bf:b9:c8:ed:9a:aa:86:da:4e:23:eb:bc:62:3f:fc:42:06:9b:1e:9d:73:dd:f6:6f:24:31:83:6e:b9:ad:12:87:69:95:e4:fa:ac:b7:a6:2b:50:1f:33:71:cf:3d:9b:33:2c:02:38:f1:40:dd:cc:7c:4f:8d:a2:eb:f5:bc:54:9e:e5:f1:d2:a9:c6:65:a8:2a:c8:b1:13:cc:1f:cd:db:2c:51:15:21:95:fb:54:92:ff:46:13:30:a6:83:97:9d:c3:5a:bc:3d:5e:30:95:9d:86:41:3c:d8:94:81:b2:2d:a0:d6:ba:9e:44:68:99:cf:ef:d4:f3:c8:fa:13:bf:0d:c9:b2:a5:a7:71:1a:cc:03:84:06:ba:e6:7b:e2:81:96:dd:1b:28:91:e0:1c:5f:f5:b4:8c:94:49:75:b9:f4:e8:31:fe:40:4c:62:93:60:ca" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.285374000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.285374000", + "frame.time_delta": "0.061046000", + "frame.time_delta_displayed": "0.061046000", + "frame.time_relative": "1739.824688000", + "frame.number": "6071", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d82", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037ce", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "17375", + "tcp.nxtseq": "17422", + "tcp.ack": "77559", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003476", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:9e:61:00:27:58:8a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812386913, TSecr 2578570": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812386913", + "tcp.options.timestamp.tsecr": "2578570" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6070", + "tcp.analysis.ack_rtt": "0.061046000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:bf:07:94:1d:fa:94:c8:f0:8e:26:36:f7:d9:27:f2:de:cd:1b:2d:94:7a:2e:af:f2:18:43:b1:15:df:29:2d:48:6a:eb:8c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.285822000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.285822000", + "frame.time_delta": "0.000448000", + "frame.time_delta_displayed": "0.000448000", + "frame.time_relative": "1739.825136000", + "frame.number": "6072", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000968e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076f1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "77559", + "tcp.ack": "17422", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003da2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:58:90:a7:a1:9e:61", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2578576, TSecr 2812386913": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2578576", + "tcp.options.timestamp.tsecr": "2812386913" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6071", + "tcp.analysis.ack_rtt": "0.000448000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.888464000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.888464000", + "frame.time_delta": "0.602642000", + "frame.time_delta_displayed": "0.602642000", + "frame.time_relative": "1740.427778000", + "frame.number": "6073", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00004c6e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006add", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "88", + "http.prev_response_in": "6059" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.891919000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.891919000", + "frame.time_delta": "0.003455000", + "frame.time_delta_displayed": "0.003455000", + "frame.time_relative": "1740.431233000", + "frame.number": "6074", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001bca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c9d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54725", + "tcp.dstport": "80", + "tcp.port": "54725", + "tcp.port": "80", + "tcp.stream": "221", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00006fa6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.892450000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.892450000", + "frame.time_delta": "0.000531000", + "frame.time_delta_displayed": "0.000531000", + "frame.time_relative": "1740.431764000", + "frame.number": "6075", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54725", + "tcp.port": "80", + "tcp.port": "54725", + "tcp.stream": "221", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00000883", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6074", + "tcp.analysis.ack_rtt": "0.000531000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.896320000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.896320000", + "frame.time_delta": "0.003870000", + "frame.time_delta_displayed": "0.003870000", + "frame.time_relative": "1740.435634000", + "frame.number": "6076", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001bcb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ca8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54725", + "tcp.dstport": "80", + "tcp.port": "54725", + "tcp.port": "80", + "tcp.stream": "221", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ba61", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6075", + "tcp.analysis.ack_rtt": "0.003870000", + "tcp.analysis.initial_rtt": "0.004401000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.896998000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.896998000", + "frame.time_delta": "0.000678000", + "frame.time_delta_displayed": "0.000678000", + "frame.time_relative": "1740.436312000", + "frame.number": "6077", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001bcc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c00", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54725", + "tcp.dstport": "80", + "tcp.port": "54725", + "tcp.port": "80", + "tcp.stream": "221", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000cfda", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004401000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.897492000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.897492000", + "frame.time_delta": "0.000494000", + "frame.time_delta_displayed": "0.000494000", + "frame.time_relative": "1740.436806000", + "frame.number": "6078", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f233", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c63f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54725", + "tcp.port": "80", + "tcp.port": "54725", + "tcp.stream": "221", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000abf2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6077", + "tcp.analysis.ack_rtt": "0.000494000", + "tcp.analysis.initial_rtt": "0.004401000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.898054000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.898054000", + "frame.time_delta": "0.000562000", + "frame.time_delta_displayed": "0.000562000", + "frame.time_relative": "1740.437368000", + "frame.number": "6079", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000f234", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c62d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54725", + "tcp.port": "80", + "tcp.port": "54725", + "tcp.stream": "221", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ec13", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004401000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.898486000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.898486000", + "frame.time_delta": "0.000432000", + "frame.time_delta_displayed": "0.000432000", + "frame.time_relative": "1740.437800000", + "frame.number": "6080", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000f235", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c25a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54725", + "tcp.port": "80", + "tcp.port": "54725", + "tcp.stream": "221", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003e7d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004401000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6079", + "tcp.segment": "6080", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001488000", + "http.request_in": "6077", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.898904000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.898904000", + "frame.time_delta": "0.000418000", + "frame.time_delta_displayed": "0.000418000", + "frame.time_relative": "1740.438218000", + "frame.number": "6081", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000f236", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c259", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54725", + "tcp.port": "80", + "tcp.port": "54725", + "tcp.stream": "221", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003e7d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004401000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.901464000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.901464000", + "frame.time_delta": "0.002560000", + "frame.time_delta_displayed": "0.002560000", + "frame.time_relative": "1740.440778000", + "frame.number": "6082", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001bcd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c9a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54725", + "tcp.dstport": "80", + "tcp.port": "54725", + "tcp.port": "80", + "tcp.stream": "221", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009bbb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:07:40:e8:c9:07:40:ec:ac", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6080", + "tcp.analysis.ack_rtt": "0.002978000", + "tcp.analysis.initial_rtt": "0.004401000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.902431000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.902431000", + "frame.time_delta": "0.000967000", + "frame.time_delta_displayed": "0.000967000", + "frame.time_relative": "1740.441745000", + "frame.number": "6083", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001bce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ca5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54725", + "tcp.dstport": "80", + "tcp.port": "54725", + "tcp.port": "80", + "tcp.stream": "221", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b5c8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.902874000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.902874000", + "frame.time_delta": "0.000443000", + "frame.time_delta_displayed": "0.000443000", + "frame.time_relative": "1740.442188000", + "frame.number": "6084", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002c82", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008bf1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54725", + "tcp.port": "80", + "tcp.port": "54725", + "tcp.stream": "221", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a7fc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6083", + "tcp.analysis.ack_rtt": "0.000443000", + "tcp.analysis.initial_rtt": "0.004401000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.941410000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.941410000", + "frame.time_delta": "0.038536000", + "frame.time_delta_displayed": "0.038536000", + "frame.time_relative": "1740.480724000", + "frame.number": "6085", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00004c70", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006ad2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "89", + "http.prev_response_in": "6073" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.948670000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.948670000", + "frame.time_delta": "0.007260000", + "frame.time_delta_displayed": "0.007260000", + "frame.time_relative": "1740.487984000", + "frame.number": "6086", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001bcf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c98", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54726", + "tcp.dstport": "80", + "tcp.port": "54726", + "tcp.port": "80", + "tcp.stream": "222", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000167b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.949212000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.949212000", + "frame.time_delta": "0.000542000", + "frame.time_delta_displayed": "0.000542000", + "frame.time_relative": "1740.488526000", + "frame.number": "6087", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54726", + "tcp.port": "80", + "tcp.port": "54726", + "tcp.stream": "222", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000d25a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6086", + "tcp.analysis.ack_rtt": "0.000542000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.956229000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.956229000", + "frame.time_delta": "0.007017000", + "frame.time_delta_displayed": "0.007017000", + "frame.time_relative": "1740.495543000", + "frame.number": "6088", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001bd0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ca3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54726", + "tcp.dstport": "80", + "tcp.port": "54726", + "tcp.port": "80", + "tcp.stream": "222", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008439", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6087", + "tcp.analysis.ack_rtt": "0.007017000", + "tcp.analysis.initial_rtt": "0.007559000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.956850000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.956850000", + "frame.time_delta": "0.000621000", + "frame.time_delta_displayed": "0.000621000", + "frame.time_relative": "1740.496164000", + "frame.number": "6089", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001bd1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bfb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54726", + "tcp.dstport": "80", + "tcp.port": "54726", + "tcp.port": "80", + "tcp.stream": "222", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000099b2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007559000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.957534000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.957534000", + "frame.time_delta": "0.000684000", + "frame.time_delta_displayed": "0.000684000", + "frame.time_relative": "1740.496848000", + "frame.number": "6090", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000dad9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dd99", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54726", + "tcp.port": "80", + "tcp.port": "54726", + "tcp.stream": "222", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000075ca", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6089", + "tcp.analysis.ack_rtt": "0.000684000", + "tcp.analysis.initial_rtt": "0.007559000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.958104000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.958104000", + "frame.time_delta": "0.000570000", + "frame.time_delta_displayed": "0.000570000", + "frame.time_relative": "1740.497418000", + "frame.number": "6091", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000dada", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dd87", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54726", + "tcp.port": "80", + "tcp.port": "54726", + "tcp.stream": "222", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b5eb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007559000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.958454000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.958454000", + "frame.time_delta": "0.000350000", + "frame.time_delta_displayed": "0.000350000", + "frame.time_relative": "1740.497768000", + "frame.number": "6092", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000dadb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d9b4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54726", + "tcp.port": "80", + "tcp.port": "54726", + "tcp.stream": "222", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000855", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007559000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6091", + "tcp.segment": "6092", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001604000", + "http.request_in": "6089", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.959071000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.959071000", + "frame.time_delta": "0.000617000", + "frame.time_delta_displayed": "0.000617000", + "frame.time_relative": "1740.498385000", + "frame.number": "6093", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000dadc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d9b3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54726", + "tcp.port": "80", + "tcp.port": "54726", + "tcp.stream": "222", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000855", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007559000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.960844000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.960844000", + "frame.time_delta": "0.001773000", + "frame.time_delta_displayed": "0.001773000", + "frame.time_relative": "1740.500158000", + "frame.number": "6094", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001bd2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ca1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54726", + "tcp.dstport": "80", + "tcp.port": "54726", + "tcp.port": "80", + "tcp.stream": "222", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007fa1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6092", + "tcp.analysis.ack_rtt": "0.002390000", + "tcp.analysis.initial_rtt": "0.007559000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.961495000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.961495000", + "frame.time_delta": "0.000651000", + "frame.time_delta_displayed": "0.000651000", + "frame.time_relative": "1740.500809000", + "frame.number": "6095", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001bd3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ca0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54726", + "tcp.dstport": "80", + "tcp.port": "54726", + "tcp.port": "80", + "tcp.stream": "222", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007fa0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.961944000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.961944000", + "frame.time_delta": "0.000449000", + "frame.time_delta_displayed": "0.000449000", + "frame.time_relative": "1740.501258000", + "frame.number": "6096", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002c87", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008bec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54726", + "tcp.port": "80", + "tcp.port": "54726", + "tcp.stream": "222", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000071d4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6095", + "tcp.analysis.ack_rtt": "0.000449000", + "tcp.analysis.initial_rtt": "0.007559000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.964345000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.964345000", + "frame.time_delta": "0.002401000", + "frame.time_delta_displayed": "0.002401000", + "frame.time_relative": "1740.503659000", + "frame.number": "6097", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001bd4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c93", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54726", + "tcp.dstport": "80", + "tcp.port": "54726", + "tcp.port": "80", + "tcp.stream": "222", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ab98", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:0c:ad:c0:59:0c:ad:c4:3c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007559000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "6094", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.995402000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.995402000", + "frame.time_delta": "0.031057000", + "frame.time_delta_displayed": "0.031057000", + "frame.time_relative": "1740.534716000", + "frame.number": "6098", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00004c74", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006ad4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "90", + "http.prev_response_in": "6085" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.999284000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.999284000", + "frame.time_delta": "0.003882000", + "frame.time_delta_displayed": "0.003882000", + "frame.time_relative": "1740.538598000", + "frame.number": "6099", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001bd5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c92", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54727", + "tcp.dstport": "80", + "tcp.port": "54727", + "tcp.port": "80", + "tcp.stream": "223", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00008ee1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:31.999835000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495331.999835000", + "frame.time_delta": "0.000551000", + "frame.time_delta_displayed": "0.000551000", + "frame.time_relative": "1740.539149000", + "frame.number": "6100", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54727", + "tcp.port": "80", + "tcp.port": "54727", + "tcp.stream": "223", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000b585", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6099", + "tcp.analysis.ack_rtt": "0.000551000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:32.002743000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495332.002743000", + "frame.time_delta": "0.002908000", + "frame.time_delta_displayed": "0.002908000", + "frame.time_relative": "1740.542057000", + "frame.number": "6101", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001bd6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c9d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54727", + "tcp.dstport": "80", + "tcp.port": "54727", + "tcp.port": "80", + "tcp.stream": "223", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006764", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6100", + "tcp.analysis.ack_rtt": "0.002908000", + "tcp.analysis.initial_rtt": "0.003459000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:32.003685000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495332.003685000", + "frame.time_delta": "0.000942000", + "frame.time_delta_displayed": "0.000942000", + "frame.time_relative": "1740.542999000", + "frame.number": "6102", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001bd7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bf5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54727", + "tcp.dstport": "80", + "tcp.port": "54727", + "tcp.port": "80", + "tcp.stream": "223", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007cdd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003459000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:32.004168000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495332.004168000", + "frame.time_delta": "0.000483000", + "frame.time_delta_displayed": "0.000483000", + "frame.time_relative": "1740.543482000", + "frame.number": "6103", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a0e5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000178e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54727", + "tcp.port": "80", + "tcp.port": "54727", + "tcp.stream": "223", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000058f5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6102", + "tcp.analysis.ack_rtt": "0.000483000", + "tcp.analysis.initial_rtt": "0.003459000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:32.004738000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495332.004738000", + "frame.time_delta": "0.000570000", + "frame.time_delta_displayed": "0.000570000", + "frame.time_relative": "1740.544052000", + "frame.number": "6104", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000a0e6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000177c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54727", + "tcp.port": "80", + "tcp.port": "54727", + "tcp.stream": "223", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009916", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003459000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:32.005183000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495332.005183000", + "frame.time_delta": "0.000445000", + "frame.time_delta_displayed": "0.000445000", + "frame.time_relative": "1740.544497000", + "frame.number": "6105", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000a0e7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000013a9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54727", + "tcp.port": "80", + "tcp.port": "54727", + "tcp.stream": "223", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000eb7f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003459000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6104", + "tcp.segment": "6105", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001498000", + "http.request_in": "6102", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:32.008605000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495332.008605000", + "frame.time_delta": "0.003422000", + "frame.time_delta_displayed": "0.003422000", + "frame.time_relative": "1740.547919000", + "frame.number": "6106", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001bd8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c9b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54727", + "tcp.dstport": "80", + "tcp.port": "54727", + "tcp.port": "80", + "tcp.stream": "223", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000062cc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6105", + "tcp.analysis.ack_rtt": "0.003422000", + "tcp.analysis.initial_rtt": "0.003459000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:32.008912000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495332.008912000", + "frame.time_delta": "0.000307000", + "frame.time_delta_displayed": "0.000307000", + "frame.time_relative": "1740.548226000", + "frame.number": "6107", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000a0e8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000013a8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54727", + "tcp.port": "80", + "tcp.port": "54727", + "tcp.stream": "223", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000eb7f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003459000", + "tcp.analysis.bytes_in_flight": "996", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.spurious_retransmission": "", + "_ws.expert.message": "This frame is a (suspected) spurious retransmission", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + }, + "_ws.expert": { + "tcp.analysis.retransmission": "", + "_ws.expert.message": "This frame is a (suspected) retransmission", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:32.009291000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495332.009291000", + "frame.time_delta": "0.000379000", + "frame.time_delta_displayed": "0.000379000", + "frame.time_relative": "1740.548605000", + "frame.number": "6108", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001bd9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c9a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54727", + "tcp.dstport": "80", + "tcp.port": "54727", + "tcp.port": "80", + "tcp.stream": "223", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000062cb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6107", + "tcp.analysis.ack_rtt": "0.000379000", + "tcp.analysis.initial_rtt": "0.003459000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:32.009719000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495332.009719000", + "frame.time_delta": "0.000428000", + "frame.time_delta_displayed": "0.000428000", + "frame.time_relative": "1740.549033000", + "frame.number": "6109", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002c8a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008be9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54727", + "tcp.port": "80", + "tcp.port": "54727", + "tcp.stream": "223", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000054ff", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6108", + "tcp.analysis.ack_rtt": "0.000428000", + "tcp.analysis.initial_rtt": "0.003459000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:32.011858000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495332.011858000", + "frame.time_delta": "0.002139000", + "frame.time_delta_displayed": "0.002139000", + "frame.time_relative": "1740.551172000", + "frame.number": "6110", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001bda", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c8d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54727", + "tcp.dstport": "80", + "tcp.port": "54727", + "tcp.port": "80", + "tcp.stream": "223", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000644c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:a7:bd:ba:84:a7:bd:be:67", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003459000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "6106", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:33.096204000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495333.096204000", + "frame.time_delta": "1.084346000", + "frame.time_delta_displayed": "1.084346000", + "frame.time_relative": "1741.635518000", + "frame.number": "6111", + "frame.len": "171", + "frame.cap_len": "171", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "157", + "ip.id": "0x00009bfb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00002c5c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "137", + "udp.checksum": "0x00007fb2", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "31", + "http.prev_request_in": "5506" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:33.096362000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495333.096362000", + "frame.time_delta": "0.000158000", + "frame.time_delta_displayed": "0.000158000", + "frame.time_relative": "1741.635676000", + "frame.number": "6112", + "frame.len": "171", + "frame.cap_len": "171", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "157", + "ip.id": "0x00009bfc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00002c5b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "137", + "udp.checksum": "0x00007fb2", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "32", + "http.prev_request_in": "6111" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:33.096571000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495333.096571000", + "frame.time_delta": "0.000209000", + "frame.time_delta_displayed": "0.000209000", + "frame.time_relative": "1741.635885000", + "frame.number": "6113", + "frame.len": "171", + "frame.cap_len": "171", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "157", + "ip.id": "0x00009bfd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00002c5a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "137", + "udp.checksum": "0x00007fb2", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "33", + "http.prev_request_in": "6112" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:33.096714000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495333.096714000", + "frame.time_delta": "0.000143000", + "frame.time_delta_displayed": "0.000143000", + "frame.time_relative": "1741.636028000", + "frame.number": "6114", + "frame.len": "171", + "frame.cap_len": "171", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "157", + "ip.id": "0x00009bfe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00002c59", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "137", + "udp.checksum": "0x00007fb2", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "34", + "http.prev_request_in": "6113" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:33.096912000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495333.096912000", + "frame.time_delta": "0.000198000", + "frame.time_delta_displayed": "0.000198000", + "frame.time_relative": "1741.636226000", + "frame.number": "6115", + "frame.len": "171", + "frame.cap_len": "171", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "157", + "ip.id": "0x00009bff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00002c58", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "137", + "udp.checksum": "0x00007fb2", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "35", + "http.prev_request_in": "6114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:33.097613000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495333.097613000", + "frame.time_delta": "0.000701000", + "frame.time_delta_displayed": "0.000701000", + "frame.time_relative": "1741.636927000", + "frame.number": "6116", + "frame.len": "169", + "frame.cap_len": "169", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "155", + "ip.id": "0x00009c00", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00002c59", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "135", + "udp.checksum": "0x0000e016", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "36", + "http.prev_request_in": "6115" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:33.097767000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495333.097767000", + "frame.time_delta": "0.000154000", + "frame.time_delta_displayed": "0.000154000", + "frame.time_relative": "1741.637081000", + "frame.number": "6117", + "frame.len": "169", + "frame.cap_len": "169", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "155", + "ip.id": "0x00009c01", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00002c58", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "135", + "udp.checksum": "0x0000e016", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "37", + "http.prev_request_in": "6116" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:33.098179000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495333.098179000", + "frame.time_delta": "0.000412000", + "frame.time_delta_displayed": "0.000412000", + "frame.time_relative": "1741.637493000", + "frame.number": "6118", + "frame.len": "169", + "frame.cap_len": "169", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "155", + "ip.id": "0x00009c02", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00002c57", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "135", + "udp.checksum": "0x0000e016", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "38", + "http.prev_request_in": "6117" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:33.098320000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495333.098320000", + "frame.time_delta": "0.000141000", + "frame.time_delta_displayed": "0.000141000", + "frame.time_relative": "1741.637634000", + "frame.number": "6119", + "frame.len": "169", + "frame.cap_len": "169", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "155", + "ip.id": "0x00009c03", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00002c56", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "135", + "udp.checksum": "0x0000e016", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "39", + "http.prev_request_in": "6118" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:33.099105000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495333.099105000", + "frame.time_delta": "0.000785000", + "frame.time_delta_displayed": "0.000785000", + "frame.time_relative": "1741.638419000", + "frame.number": "6120", + "frame.len": "169", + "frame.cap_len": "169", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "155", + "ip.id": "0x00009c04", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00002c55", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "135", + "udp.checksum": "0x0000e016", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "40", + "http.prev_request_in": "6119" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:33.099250000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495333.099250000", + "frame.time_delta": "0.000145000", + "frame.time_delta_displayed": "0.000145000", + "frame.time_relative": "1741.638564000", + "frame.number": "6121", + "frame.len": "166", + "frame.cap_len": "166", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "152", + "ip.id": "0x00009c05", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00002c57", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "132", + "udp.checksum": "0x00005fa7", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "41", + "http.prev_request_in": "6120" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:33.099446000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495333.099446000", + "frame.time_delta": "0.000196000", + "frame.time_delta_displayed": "0.000196000", + "frame.time_relative": "1741.638760000", + "frame.number": "6122", + "frame.len": "166", + "frame.cap_len": "166", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "152", + "ip.id": "0x00009c06", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00002c56", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "132", + "udp.checksum": "0x00005fa7", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "42", + "http.prev_request_in": "6121" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:33.099589000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495333.099589000", + "frame.time_delta": "0.000143000", + "frame.time_delta_displayed": "0.000143000", + "frame.time_relative": "1741.638903000", + "frame.number": "6123", + "frame.len": "166", + "frame.cap_len": "166", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "152", + "ip.id": "0x00009c07", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00002c55", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "132", + "udp.checksum": "0x00005fa7", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "43", + "http.prev_request_in": "6122" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:33.100302000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495333.100302000", + "frame.time_delta": "0.000713000", + "frame.time_delta_displayed": "0.000713000", + "frame.time_relative": "1741.639616000", + "frame.number": "6124", + "frame.len": "166", + "frame.cap_len": "166", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "152", + "ip.id": "0x00009c08", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00002c54", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "132", + "udp.checksum": "0x00005fa7", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "44", + "http.prev_request_in": "6123" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:33.100452000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495333.100452000", + "frame.time_delta": "0.000150000", + "frame.time_delta_displayed": "0.000150000", + "frame.time_relative": "1741.639766000", + "frame.number": "6125", + "frame.len": "166", + "frame.cap_len": "166", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "152", + "ip.id": "0x00009c09", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00002c53", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3942", + "udp.dstport": "1900", + "udp.port": "3942", + "udp.port": "1900", + "udp.length": "132", + "udp.checksum": "0x00005fa7", + "udp.checksum.status": "2", + "udp.stream": "37" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "45", + "http.prev_request_in": "6124" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:33.111728000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495333.111728000", + "frame.time_delta": "0.011276000", + "frame.time_delta_displayed": "0.011276000", + "frame.time_relative": "1741.651042000", + "frame.number": "6126", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000ea03", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 239.255.255.250 Change To Exclude Mode": { + "igmp.record_type": "4", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "239.255.255.250" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:33.169438000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495333.169438000", + "frame.time_delta": "0.057710000", + "frame.time_delta_displayed": "0.057710000", + "frame.time_relative": "1741.708752000", + "frame.number": "6127", + "frame.len": "103", + "frame.cap_len": "103", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "89", + "ip.id": "0x0000537d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000861c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "69", + "udp.checksum": "0x00000e5b", + "udp.checksum.status": "2", + "udp.stream": "38" + }, + "mdns": { + "dns.id": "0x00000001", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", + "dns.qry.name.len": "37", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:33.176245000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495333.176245000", + "frame.time_delta": "0.006807000", + "frame.time_delta_displayed": "0.006807000", + "frame.time_relative": "1741.715559000", + "frame.number": "6128", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x00000507", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "2", + "Group Record : 224.0.0.251 Change To Exclude Mode": { + "igmp.record_type": "4", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + }, + "Group Record : 239.255.255.250 Change To Exclude Mode": { + "igmp.record_type": "4", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "239.255.255.250" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:33.416102000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495333.416102000", + "frame.time_delta": "0.239857000", + "frame.time_delta_displayed": "0.239857000", + "frame.time_relative": "1741.955416000", + "frame.number": "6129", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000f902", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Exclude Mode": { + "igmp.record_type": "4", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:34.099292000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495334.099292000", + "frame.time_delta": "0.683190000", + "frame.time_delta_displayed": "0.683190000", + "frame.time_relative": "1742.638606000", + "frame.number": "6130", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000528c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000064d5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "207", + "http.prev_response_in": "5805" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:34.152048000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495334.152048000", + "frame.time_delta": "0.052756000", + "frame.time_delta_displayed": "0.052756000", + "frame.time_relative": "1742.691362000", + "frame.number": "6131", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000528d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000064cb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "208", + "http.prev_response_in": "6130" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:34.195254000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495334.195254000", + "frame.time_delta": "0.043206000", + "frame.time_delta_displayed": "0.043206000", + "frame.time_relative": "1742.734568000", + "frame.number": "6132", + "frame.len": "103", + "frame.cap_len": "103", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "89", + "ip.id": "0x000053d0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000085c9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "69", + "udp.checksum": "0x00000f5a", + "udp.checksum.status": "2", + "udp.stream": "38" + }, + "mdns": { + "dns.id": "0x00000002", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", + "dns.qry.name.len": "37", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:34.204822000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495334.204822000", + "frame.time_delta": "0.009568000", + "frame.time_delta_displayed": "0.009568000", + "frame.time_relative": "1742.744136000", + "frame.number": "6133", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000528e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000064d0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "209", + "http.prev_response_in": "6131" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:34.208003000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495334.208003000", + "frame.time_delta": "0.003181000", + "frame.time_delta_displayed": "0.003181000", + "frame.time_relative": "1742.747317000", + "frame.number": "6134", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000fd19", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bb5b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47533", + "tcp.dstport": "80", + "tcp.port": "47533", + "tcp.port": "80", + "tcp.stream": "224", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000d8d9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7b:2b:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949035, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949035", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:34.208542000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495334.208542000", + "frame.time_delta": "0.000539000", + "frame.time_delta_displayed": "0.000539000", + "frame.time_relative": "1742.747856000", + "frame.number": "6135", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47533", + "tcp.port": "80", + "tcp.port": "47533", + "tcp.stream": "224", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00003fd8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6134", + "tcp.analysis.ack_rtt": "0.000539000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:34.214589000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495334.214589000", + "frame.time_delta": "0.006047000", + "frame.time_delta_displayed": "0.006047000", + "frame.time_relative": "1742.753903000", + "frame.number": "6136", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fd1a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bb6e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47533", + "tcp.dstport": "80", + "tcp.port": "47533", + "tcp.port": "80", + "tcp.stream": "224", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f15f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6135", + "tcp.analysis.ack_rtt": "0.006047000", + "tcp.analysis.initial_rtt": "0.006586000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:34.215170000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495334.215170000", + "frame.time_delta": "0.000581000", + "frame.time_delta_displayed": "0.000581000", + "frame.time_relative": "1742.754484000", + "frame.number": "6137", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000fd1b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000baad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47533", + "tcp.dstport": "80", + "tcp.port": "47533", + "tcp.port": "80", + "tcp.stream": "224", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000050da", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006586000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:34.215708000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495334.215708000", + "frame.time_delta": "0.000538000", + "frame.time_delta_displayed": "0.000538000", + "frame.time_relative": "1742.755022000", + "frame.number": "6138", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000051c5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000066c4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47533", + "tcp.port": "80", + "tcp.port": "47533", + "tcp.stream": "224", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e32e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6137", + "tcp.analysis.ack_rtt": "0.000538000", + "tcp.analysis.initial_rtt": "0.006586000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:34.216451000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495334.216451000", + "frame.time_delta": "0.000743000", + "frame.time_delta_displayed": "0.000743000", + "frame.time_relative": "1742.755765000", + "frame.number": "6139", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000051c6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000066b2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47533", + "tcp.port": "80", + "tcp.port": "47533", + "tcp.stream": "224", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002350", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006586000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:34.216793000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495334.216793000", + "frame.time_delta": "0.000342000", + "frame.time_delta_displayed": "0.000342000", + "frame.time_relative": "1742.756107000", + "frame.number": "6140", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000051c7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000062df", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47533", + "tcp.port": "80", + "tcp.port": "47533", + "tcp.stream": "224", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000075b9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006586000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6139", + "tcp.segment": "6140", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001623000", + "http.request_in": "6137", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:34.220637000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495334.220637000", + "frame.time_delta": "0.003844000", + "frame.time_delta_displayed": "0.003844000", + "frame.time_relative": "1742.759951000", + "frame.number": "6141", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fd1c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bb6c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47533", + "tcp.dstport": "80", + "tcp.port": "47533", + "tcp.port": "80", + "tcp.stream": "224", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f08e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6139", + "tcp.analysis.ack_rtt": "0.004186000", + "tcp.analysis.initial_rtt": "0.006586000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:34.220814000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495334.220814000", + "frame.time_delta": "0.000177000", + "frame.time_delta_displayed": "0.000177000", + "frame.time_relative": "1742.760128000", + "frame.number": "6142", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fd1d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bb6b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47533", + "tcp.dstport": "80", + "tcp.port": "47533", + "tcp.port": "80", + "tcp.stream": "224", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000eca3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6140", + "tcp.analysis.ack_rtt": "0.004021000", + "tcp.analysis.initial_rtt": "0.006586000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:34.226363000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495334.226363000", + "frame.time_delta": "0.005549000", + "frame.time_delta_displayed": "0.005549000", + "frame.time_relative": "1742.765677000", + "frame.number": "6143", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fd1e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bb6a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47533", + "tcp.dstport": "80", + "tcp.port": "47533", + "tcp.port": "80", + "tcp.stream": "224", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000eca2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:34.226834000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495334.226834000", + "frame.time_delta": "0.000471000", + "frame.time_delta_displayed": "0.000471000", + "frame.time_relative": "1742.766148000", + "frame.number": "6144", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000126a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a61f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47533", + "tcp.port": "80", + "tcp.port": "47533", + "tcp.stream": "224", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000df38", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6143", + "tcp.analysis.ack_rtt": "0.000471000", + "tcp.analysis.initial_rtt": "0.006586000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:34.230816000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495334.230816000", + "frame.time_delta": "0.003982000", + "frame.time_delta_displayed": "0.003982000", + "frame.time_relative": "1742.770130000", + "frame.number": "6145", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001fa1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000098e8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47533", + "tcp.dstport": "80", + "tcp.port": "47533", + "tcp.port": "80", + "tcp.stream": "224", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bb32", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:34.618819000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495334.618819000", + "frame.time_delta": "0.388003000", + "frame.time_delta_displayed": "0.388003000", + "frame.time_relative": "1743.158133000", + "frame.number": "6146", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000581e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a673", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5077", + "tcp.ack": "613", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f086", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:34.762069000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495334.762069000", + "frame.time_delta": "0.143250000", + "frame.time_delta_displayed": "0.143250000", + "frame.time_relative": "1743.301383000", + "frame.number": "6147", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001004", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd8d", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "613", + "tcp.ack": "5078", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fafb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.152129000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.152129000", + "frame.time_delta": "0.390060000", + "frame.time_delta_displayed": "0.390060000", + "frame.time_relative": "1743.691443000", + "frame.number": "6148", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000052a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000064c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "210", + "http.prev_response_in": "6133" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.204403000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.204403000", + "frame.time_delta": "0.052274000", + "frame.time_delta_displayed": "0.052274000", + "frame.time_relative": "1743.743717000", + "frame.number": "6149", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000052a2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000064b6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "211", + "http.prev_response_in": "6148" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.243076000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.243076000", + "frame.time_delta": "0.038673000", + "frame.time_delta_displayed": "0.038673000", + "frame.time_relative": "1743.782390000", + "frame.number": "6150", + "frame.len": "103", + "frame.cap_len": "103", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "89", + "ip.id": "0x00005404", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008595", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "69", + "udp.checksum": "0x00000f59", + "udp.checksum.status": "2", + "udp.stream": "38" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", + "dns.qry.name.len": "37", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.249927000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.249927000", + "frame.time_delta": "0.006851000", + "frame.time_delta_displayed": "0.006851000", + "frame.time_relative": "1743.789241000", + "frame.number": "6151", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000c908", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ef6c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47536", + "tcp.dstport": "80", + "tcp.port": "47536", + "tcp.port": "80", + "tcp.stream": "225", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00009be5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7b:93:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949139, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949139", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.250487000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.250487000", + "frame.time_delta": "0.000560000", + "frame.time_delta_displayed": "0.000560000", + "frame.time_relative": "1743.789801000", + "frame.number": "6152", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47536", + "tcp.port": "80", + "tcp.port": "47536", + "tcp.stream": "225", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000099b7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6151", + "tcp.analysis.ack_rtt": "0.000560000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.253215000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.253215000", + "frame.time_delta": "0.002728000", + "frame.time_delta_displayed": "0.002728000", + "frame.time_relative": "1743.792529000", + "frame.number": "6153", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c909", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ef7f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47536", + "tcp.dstport": "80", + "tcp.port": "47536", + "tcp.port": "80", + "tcp.stream": "225", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004b3f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6152", + "tcp.analysis.ack_rtt": "0.002728000", + "tcp.analysis.initial_rtt": "0.003288000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.255312000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.255312000", + "frame.time_delta": "0.002097000", + "frame.time_delta_displayed": "0.002097000", + "frame.time_relative": "1743.794626000", + "frame.number": "6154", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000c90a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eebe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47536", + "tcp.dstport": "80", + "tcp.port": "47536", + "tcp.port": "80", + "tcp.stream": "225", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000aab9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003288000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.255810000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.255810000", + "frame.time_delta": "0.000498000", + "frame.time_delta_displayed": "0.000498000", + "frame.time_relative": "1743.795124000", + "frame.number": "6155", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f17e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c70a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47536", + "tcp.port": "80", + "tcp.port": "47536", + "tcp.stream": "225", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003d0e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6154", + "tcp.analysis.ack_rtt": "0.000498000", + "tcp.analysis.initial_rtt": "0.003288000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.256456000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.256456000", + "frame.time_delta": "0.000646000", + "frame.time_delta_displayed": "0.000646000", + "frame.time_relative": "1743.795770000", + "frame.number": "6156", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000f17f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c6f8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47536", + "tcp.port": "80", + "tcp.port": "47536", + "tcp.stream": "225", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007d2f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003288000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.256810000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.256810000", + "frame.time_delta": "0.000354000", + "frame.time_delta_displayed": "0.000354000", + "frame.time_relative": "1743.796124000", + "frame.number": "6157", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000f180", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c325", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47536", + "tcp.port": "80", + "tcp.port": "47536", + "tcp.stream": "225", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000cf98", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003288000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6156", + "tcp.segment": "6157", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001498000", + "http.request_in": "6154", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.257205000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.257205000", + "frame.time_delta": "0.000395000", + "frame.time_delta_displayed": "0.000395000", + "frame.time_relative": "1743.796519000", + "frame.number": "6158", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000052a7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000064b7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "212", + "http.prev_response_in": "6149" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.258898000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.258898000", + "frame.time_delta": "0.001693000", + "frame.time_delta_displayed": "0.001693000", + "frame.time_relative": "1743.798212000", + "frame.number": "6159", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000f181", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c324", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47536", + "tcp.port": "80", + "tcp.port": "47536", + "tcp.stream": "225", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000cf98", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003288000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.260687000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.260687000", + "frame.time_delta": "0.001789000", + "frame.time_delta_displayed": "0.001789000", + "frame.time_relative": "1743.800001000", + "frame.number": "6160", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c90b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ef7d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47536", + "tcp.dstport": "80", + "tcp.port": "47536", + "tcp.port": "80", + "tcp.stream": "225", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004a6e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6156", + "tcp.analysis.ack_rtt": "0.004231000", + "tcp.analysis.initial_rtt": "0.003288000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.260885000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.260885000", + "frame.time_delta": "0.000198000", + "frame.time_delta_displayed": "0.000198000", + "frame.time_relative": "1743.800199000", + "frame.number": "6161", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c90c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ef7c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47536", + "tcp.dstport": "80", + "tcp.port": "47536", + "tcp.port": "80", + "tcp.stream": "225", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004683", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6157", + "tcp.analysis.ack_rtt": "0.004075000", + "tcp.analysis.initial_rtt": "0.003288000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.261315000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.261315000", + "frame.time_delta": "0.000430000", + "frame.time_delta_displayed": "0.000430000", + "frame.time_relative": "1743.800629000", + "frame.number": "6162", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c90d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ef7b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47536", + "tcp.dstport": "80", + "tcp.port": "47536", + "tcp.port": "80", + "tcp.stream": "225", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004682", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.261757000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.261757000", + "frame.time_delta": "0.000442000", + "frame.time_delta_displayed": "0.000442000", + "frame.time_relative": "1743.801071000", + "frame.number": "6163", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000012b2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a5d7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47536", + "tcp.port": "80", + "tcp.port": "47536", + "tcp.stream": "225", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003918", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6162", + "tcp.analysis.ack_rtt": "0.000442000", + "tcp.analysis.initial_rtt": "0.003288000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.262087000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.262087000", + "frame.time_delta": "0.000330000", + "frame.time_delta_displayed": "0.000330000", + "frame.time_relative": "1743.801401000", + "frame.number": "6164", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001fcb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000098be", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47536", + "tcp.dstport": "80", + "tcp.port": "47536", + "tcp.port": "80", + "tcp.stream": "225", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007ea7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.265270000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.265270000", + "frame.time_delta": "0.003183000", + "frame.time_delta_displayed": "0.003183000", + "frame.time_relative": "1743.804584000", + "frame.number": "6165", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001fcc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000098bd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47536", + "tcp.dstport": "80", + "tcp.port": "47536", + "tcp.port": "80", + "tcp.stream": "225", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007ea6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.520444000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.520444000", + "frame.time_delta": "0.255174000", + "frame.time_delta_displayed": "0.255174000", + "frame.time_relative": "1744.059758000", + "frame.number": "6166", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000052ba", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000064a7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "213", + "http.prev_response_in": "6158" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.573230000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.573230000", + "frame.time_delta": "0.052786000", + "frame.time_delta_displayed": "0.052786000", + "frame.time_relative": "1744.112544000", + "frame.number": "6167", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000052bf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006499", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "214", + "http.prev_response_in": "6166" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.626059000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.626059000", + "frame.time_delta": "0.052829000", + "frame.time_delta_displayed": "0.052829000", + "frame.time_relative": "1744.165373000", + "frame.number": "6168", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000052c2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000649c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "215", + "http.prev_response_in": "6167" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.628465000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.628465000", + "frame.time_delta": "0.002406000", + "frame.time_delta_displayed": "0.002406000", + "frame.time_relative": "1744.167779000", + "frame.number": "6169", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000add7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000a9e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47537", + "tcp.dstport": "80", + "tcp.port": "47537", + "tcp.port": "80", + "tcp.stream": "226", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00002cce", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7b:b9:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949177, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949177", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.629009000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.629009000", + "frame.time_delta": "0.000544000", + "frame.time_delta_displayed": "0.000544000", + "frame.time_relative": "1744.168323000", + "frame.number": "6170", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47537", + "tcp.port": "80", + "tcp.port": "47537", + "tcp.stream": "226", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00005026", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6169", + "tcp.analysis.ack_rtt": "0.000544000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.631951000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.631951000", + "frame.time_delta": "0.002942000", + "frame.time_delta_displayed": "0.002942000", + "frame.time_relative": "1744.171265000", + "frame.number": "6171", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000add8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000ab1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47537", + "tcp.dstport": "80", + "tcp.port": "47537", + "tcp.port": "80", + "tcp.stream": "226", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000001ae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6170", + "tcp.analysis.ack_rtt": "0.002942000", + "tcp.analysis.initial_rtt": "0.003486000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.635490000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.635490000", + "frame.time_delta": "0.003539000", + "frame.time_delta_displayed": "0.003539000", + "frame.time_relative": "1744.174804000", + "frame.number": "6172", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000add9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000009f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47537", + "tcp.dstport": "80", + "tcp.port": "47537", + "tcp.port": "80", + "tcp.stream": "226", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006128", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003486000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.635982000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.635982000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "1744.175296000", + "frame.number": "6173", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000be8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000aca1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47537", + "tcp.port": "80", + "tcp.port": "47537", + "tcp.stream": "226", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f37c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6172", + "tcp.analysis.ack_rtt": "0.000492000", + "tcp.analysis.initial_rtt": "0.003486000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.636711000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.636711000", + "frame.time_delta": "0.000729000", + "frame.time_delta_displayed": "0.000729000", + "frame.time_relative": "1744.176025000", + "frame.number": "6174", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00000be9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ac8f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47537", + "tcp.port": "80", + "tcp.port": "47537", + "tcp.stream": "226", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000339e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003486000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.637068000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.637068000", + "frame.time_delta": "0.000357000", + "frame.time_delta_displayed": "0.000357000", + "frame.time_relative": "1744.176382000", + "frame.number": "6175", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00000bea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a8bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47537", + "tcp.port": "80", + "tcp.port": "47537", + "tcp.stream": "226", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008607", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003486000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6174", + "tcp.segment": "6175", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001578000", + "http.request_in": "6172", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.638895000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.638895000", + "frame.time_delta": "0.001827000", + "frame.time_delta_displayed": "0.001827000", + "frame.time_relative": "1744.178209000", + "frame.number": "6176", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00000beb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a8bb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47537", + "tcp.port": "80", + "tcp.port": "47537", + "tcp.stream": "226", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008607", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003486000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.642604000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.642604000", + "frame.time_delta": "0.003709000", + "frame.time_delta_displayed": "0.003709000", + "frame.time_relative": "1744.181918000", + "frame.number": "6177", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000adda", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000aaf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47537", + "tcp.dstport": "80", + "tcp.port": "47537", + "tcp.port": "80", + "tcp.stream": "226", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000000dd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6174", + "tcp.analysis.ack_rtt": "0.005893000", + "tcp.analysis.initial_rtt": "0.003486000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.643276000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.643276000", + "frame.time_delta": "0.000672000", + "frame.time_delta_displayed": "0.000672000", + "frame.time_relative": "1744.182590000", + "frame.number": "6178", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000addb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000aae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47537", + "tcp.dstport": "80", + "tcp.port": "47537", + "tcp.port": "80", + "tcp.stream": "226", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000fcf1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6175", + "tcp.analysis.ack_rtt": "0.006208000", + "tcp.analysis.initial_rtt": "0.003486000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.643404000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.643404000", + "frame.time_delta": "0.000128000", + "frame.time_delta_displayed": "0.000128000", + "frame.time_relative": "1744.182718000", + "frame.number": "6179", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000addc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000aa1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47537", + "tcp.dstport": "80", + "tcp.port": "47537", + "tcp.port": "80", + "tcp.stream": "226", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a80a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:f5:7b:17:fa:f5:7b:1b:de", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003486000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "6178", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.644425000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.644425000", + "frame.time_delta": "0.001021000", + "frame.time_delta_displayed": "0.001021000", + "frame.time_relative": "1744.183739000", + "frame.number": "6180", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000addd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000aac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47537", + "tcp.dstport": "80", + "tcp.port": "47537", + "tcp.port": "80", + "tcp.stream": "226", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000fcf0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.644871000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.644871000", + "frame.time_delta": "0.000446000", + "frame.time_delta_displayed": "0.000446000", + "frame.time_relative": "1744.184185000", + "frame.number": "6181", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000012b8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a5d1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47537", + "tcp.port": "80", + "tcp.port": "47537", + "tcp.stream": "226", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ef86", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6180", + "tcp.analysis.ack_rtt": "0.000446000", + "tcp.analysis.initial_rtt": "0.003486000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:35.648864000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495335.648864000", + "frame.time_delta": "0.003993000", + "frame.time_delta_displayed": "0.003993000", + "frame.time_relative": "1744.188178000", + "frame.number": "6182", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001feb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000989e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47537", + "tcp.dstport": "80", + "tcp.port": "47537", + "tcp.port": "80", + "tcp.stream": "226", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000fb5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.188391000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.188391000", + "frame.time_delta": "0.539527000", + "frame.time_delta_displayed": "0.539527000", + "frame.time_relative": "1744.727705000", + "frame.number": "6183", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.290717000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.290717000", + "frame.time_delta": "0.102326000", + "frame.time_delta_displayed": "0.102326000", + "frame.time_relative": "1744.830031000", + "frame.number": "6184", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.291162000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.291162000", + "frame.time_delta": "0.000445000", + "frame.time_delta_displayed": "0.000445000", + "frame.time_relative": "1744.830476000", + "frame.number": "6185", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.574065000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.574065000", + "frame.time_delta": "0.282903000", + "frame.time_delta_displayed": "0.282903000", + "frame.time_relative": "1745.113379000", + "frame.number": "6186", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000052f5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000646c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "216", + "http.prev_response_in": "6168" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.579313000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.579313000", + "frame.time_delta": "0.005248000", + "frame.time_delta_displayed": "0.005248000", + "frame.time_relative": "1745.118627000", + "frame.number": "6187", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000247c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000093f9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47538", + "tcp.dstport": "80", + "tcp.port": "47538", + "tcp.port": "80", + "tcp.stream": "227", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000f777", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7c:18:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949272, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949272", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.579860000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.579860000", + "frame.time_delta": "0.000547000", + "frame.time_delta_displayed": "0.000547000", + "frame.time_relative": "1745.119174000", + "frame.number": "6188", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47538", + "tcp.port": "80", + "tcp.port": "47538", + "tcp.stream": "227", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000c2e5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6187", + "tcp.analysis.ack_rtt": "0.000547000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.582440000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.582440000", + "frame.time_delta": "0.002580000", + "frame.time_delta_displayed": "0.002580000", + "frame.time_relative": "1745.121754000", + "frame.number": "6189", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000247d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000940c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47538", + "tcp.dstport": "80", + "tcp.port": "47538", + "tcp.port": "80", + "tcp.stream": "227", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000746d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6188", + "tcp.analysis.ack_rtt": "0.002580000", + "tcp.analysis.initial_rtt": "0.003127000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.582578000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.582578000", + "frame.time_delta": "0.000138000", + "frame.time_delta_displayed": "0.000138000", + "frame.time_relative": "1745.121892000", + "frame.number": "6190", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000247e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000934b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47538", + "tcp.dstport": "80", + "tcp.port": "47538", + "tcp.port": "80", + "tcp.stream": "227", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d3e7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003127000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.583023000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.583023000", + "frame.time_delta": "0.000445000", + "frame.time_delta_displayed": "0.000445000", + "frame.time_relative": "1745.122337000", + "frame.number": "6191", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000063ef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000549a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47538", + "tcp.port": "80", + "tcp.port": "47538", + "tcp.stream": "227", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000663c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6190", + "tcp.analysis.ack_rtt": "0.000445000", + "tcp.analysis.initial_rtt": "0.003127000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.583700000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.583700000", + "frame.time_delta": "0.000677000", + "frame.time_delta_displayed": "0.000677000", + "frame.time_relative": "1745.123014000", + "frame.number": "6192", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000063f0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005488", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47538", + "tcp.port": "80", + "tcp.port": "47538", + "tcp.stream": "227", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a65d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003127000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.584055000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.584055000", + "frame.time_delta": "0.000355000", + "frame.time_delta_displayed": "0.000355000", + "frame.time_relative": "1745.123369000", + "frame.number": "6193", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000063f1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000050b5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47538", + "tcp.port": "80", + "tcp.port": "47538", + "tcp.stream": "227", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f8c6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003127000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6192", + "tcp.segment": "6193", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001477000", + "http.request_in": "6190", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.586260000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.586260000", + "frame.time_delta": "0.002205000", + "frame.time_delta_displayed": "0.002205000", + "frame.time_relative": "1745.125574000", + "frame.number": "6194", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000247f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000940a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47538", + "tcp.dstport": "80", + "tcp.port": "47538", + "tcp.port": "80", + "tcp.stream": "227", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000739c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6192", + "tcp.analysis.ack_rtt": "0.002560000", + "tcp.analysis.initial_rtt": "0.003127000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.626982000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.626982000", + "frame.time_delta": "0.040722000", + "frame.time_delta_displayed": "0.040722000", + "frame.time_relative": "1745.166296000", + "frame.number": "6195", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000052f8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006460", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "217", + "http.prev_response_in": "6186" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.654057000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.654057000", + "frame.time_delta": "0.027075000", + "frame.time_delta_displayed": "0.027075000", + "frame.time_relative": "1745.193371000", + "frame.number": "6196", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005e4b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x0000599e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.674668000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.674668000", + "frame.time_delta": "0.020611000", + "frame.time_delta_displayed": "0.020611000", + "frame.time_relative": "1745.213982000", + "frame.number": "6197", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002115", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6ff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49741", + "udp.dstport": "1900", + "udp.port": "49741", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00008810", + "udp.checksum.status": "2", + "udp.stream": "135" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.679955000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.679955000", + "frame.time_delta": "0.005287000", + "frame.time_delta_displayed": "0.005287000", + "frame.time_relative": "1745.219269000", + "frame.number": "6198", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000052fa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006464", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "218", + "http.prev_response_in": "6195" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.771465000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.771465000", + "frame.time_delta": "0.091510000", + "frame.time_delta_displayed": "0.091510000", + "frame.time_relative": "1745.310779000", + "frame.number": "6199", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002480", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009409", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47538", + "tcp.dstport": "80", + "tcp.port": "47538", + "tcp.port": "80", + "tcp.stream": "227", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006fb1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6193", + "tcp.analysis.ack_rtt": "0.187410000", + "tcp.analysis.initial_rtt": "0.003127000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.771600000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.771600000", + "frame.time_delta": "0.000135000", + "frame.time_delta_displayed": "0.000135000", + "frame.time_relative": "1745.310914000", + "frame.number": "6200", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002481", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009408", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47538", + "tcp.dstport": "80", + "tcp.port": "47538", + "tcp.port": "80", + "tcp.stream": "227", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006fb0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.772042000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.772042000", + "frame.time_delta": "0.000442000", + "frame.time_delta_displayed": "0.000442000", + "frame.time_relative": "1745.311356000", + "frame.number": "6201", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000012c3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a5c6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47538", + "tcp.port": "80", + "tcp.port": "47538", + "tcp.stream": "227", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006246", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6200", + "tcp.analysis.ack_rtt": "0.000442000", + "tcp.analysis.initial_rtt": "0.003127000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.774236000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.774236000", + "frame.time_delta": "0.002194000", + "frame.time_delta_displayed": "0.002194000", + "frame.time_relative": "1745.313550000", + "frame.number": "6202", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00005392", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000064e3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47539", + "tcp.dstport": "80", + "tcp.port": "47539", + "tcp.port": "80", + "tcp.stream": "228", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00003f72", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7c:2c:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949292, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949292", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.774757000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.774757000", + "frame.time_delta": "0.000521000", + "frame.time_delta_displayed": "0.000521000", + "frame.time_relative": "1745.314071000", + "frame.number": "6203", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47539", + "tcp.port": "80", + "tcp.port": "47539", + "tcp.stream": "228", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000b2e8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6202", + "tcp.analysis.ack_rtt": "0.000521000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.775139000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.775139000", + "frame.time_delta": "0.000382000", + "frame.time_delta_displayed": "0.000382000", + "frame.time_relative": "1745.314453000", + "frame.number": "6204", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002059", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009830", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47538", + "tcp.dstport": "80", + "tcp.port": "47538", + "tcp.port": "80", + "tcp.stream": "227", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000dabd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.778484000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.778484000", + "frame.time_delta": "0.003345000", + "frame.time_delta_displayed": "0.003345000", + "frame.time_relative": "1745.317798000", + "frame.number": "6205", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005393", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000064f6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47539", + "tcp.dstport": "80", + "tcp.port": "47539", + "tcp.port": "80", + "tcp.stream": "228", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006470", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6203", + "tcp.analysis.ack_rtt": "0.003727000", + "tcp.analysis.initial_rtt": "0.004248000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.780555000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.780555000", + "frame.time_delta": "0.002071000", + "frame.time_delta_displayed": "0.002071000", + "frame.time_relative": "1745.319869000", + "frame.number": "6206", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00005394", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006435", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47539", + "tcp.dstport": "80", + "tcp.port": "47539", + "tcp.port": "80", + "tcp.stream": "228", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c3ea", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004248000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.781074000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.781074000", + "frame.time_delta": "0.000519000", + "frame.time_delta_displayed": "0.000519000", + "frame.time_relative": "1745.320388000", + "frame.number": "6207", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000eca6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cbe2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47539", + "tcp.port": "80", + "tcp.port": "47539", + "tcp.stream": "228", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000563f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6206", + "tcp.analysis.ack_rtt": "0.000519000", + "tcp.analysis.initial_rtt": "0.004248000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.781786000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.781786000", + "frame.time_delta": "0.000712000", + "frame.time_delta_displayed": "0.000712000", + "frame.time_relative": "1745.321100000", + "frame.number": "6208", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000eca7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cbd0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47539", + "tcp.port": "80", + "tcp.port": "47539", + "tcp.stream": "228", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009660", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004248000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.782142000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.782142000", + "frame.time_delta": "0.000356000", + "frame.time_delta_displayed": "0.000356000", + "frame.time_relative": "1745.321456000", + "frame.number": "6209", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000eca8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c7fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47539", + "tcp.port": "80", + "tcp.port": "47539", + "tcp.stream": "228", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e8c9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004248000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6208", + "tcp.segment": "6209", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001587000", + "http.request_in": "6206", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.785028000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.785028000", + "frame.time_delta": "0.002886000", + "frame.time_delta_displayed": "0.002886000", + "frame.time_relative": "1745.324342000", + "frame.number": "6210", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005395", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000064f4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47539", + "tcp.dstport": "80", + "tcp.port": "47539", + "tcp.port": "80", + "tcp.stream": "228", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000639f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6208", + "tcp.analysis.ack_rtt": "0.003242000", + "tcp.analysis.initial_rtt": "0.004248000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.785141000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.785141000", + "frame.time_delta": "0.000113000", + "frame.time_delta_displayed": "0.000113000", + "frame.time_relative": "1745.324455000", + "frame.number": "6211", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005396", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000064f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47539", + "tcp.dstport": "80", + "tcp.port": "47539", + "tcp.port": "80", + "tcp.stream": "228", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005fb4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6209", + "tcp.analysis.ack_rtt": "0.002999000", + "tcp.analysis.initial_rtt": "0.004248000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.790200000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.790200000", + "frame.time_delta": "0.005059000", + "frame.time_delta_displayed": "0.005059000", + "frame.time_relative": "1745.329514000", + "frame.number": "6212", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005397", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000064f2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47539", + "tcp.dstport": "80", + "tcp.port": "47539", + "tcp.port": "80", + "tcp.stream": "228", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005fb3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.790673000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.790673000", + "frame.time_delta": "0.000473000", + "frame.time_delta_displayed": "0.000473000", + "frame.time_relative": "1745.329987000", + "frame.number": "6213", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000012c4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a5c5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47539", + "tcp.port": "80", + "tcp.port": "47539", + "tcp.stream": "228", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005249", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6212", + "tcp.analysis.ack_rtt": "0.000473000", + "tcp.analysis.initial_rtt": "0.004248000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:36.793866000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495336.793866000", + "frame.time_delta": "0.003193000", + "frame.time_delta_displayed": "0.003193000", + "frame.time_relative": "1745.333180000", + "frame.number": "6214", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000205a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000982f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47539", + "tcp.dstport": "80", + "tcp.port": "47539", + "tcp.port": "80", + "tcp.stream": "228", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000022cc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:37.364397000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495337.364397000", + "frame.time_delta": "0.570531000", + "frame.time_delta_displayed": "0.570531000", + "frame.time_relative": "1745.903711000", + "frame.number": "6215", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000530d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006454", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "219", + "http.prev_response_in": "6198" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:37.417171000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495337.417171000", + "frame.time_delta": "0.052774000", + "frame.time_delta_displayed": "0.052774000", + "frame.time_relative": "1745.956485000", + "frame.number": "6216", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000530f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006449", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "220", + "http.prev_response_in": "6215" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:37.470087000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495337.470087000", + "frame.time_delta": "0.052916000", + "frame.time_delta_displayed": "0.052916000", + "frame.time_relative": "1746.009401000", + "frame.number": "6217", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00005311", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000644d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "221", + "http.prev_response_in": "6216" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:37.472429000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495337.472429000", + "frame.time_delta": "0.002342000", + "frame.time_delta_displayed": "0.002342000", + "frame.time_relative": "1746.011743000", + "frame.number": "6218", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000163e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a237", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47540", + "tcp.dstport": "80", + "tcp.port": "47540", + "tcp.port": "80", + "tcp.stream": "229", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00007d0e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7c:68:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949352, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949352", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:37.473071000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495337.473071000", + "frame.time_delta": "0.000642000", + "frame.time_delta_displayed": "0.000642000", + "frame.time_relative": "1746.012385000", + "frame.number": "6219", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47540", + "tcp.port": "80", + "tcp.port": "47540", + "tcp.stream": "229", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000c3b2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6218", + "tcp.analysis.ack_rtt": "0.000642000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:37.475454000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495337.475454000", + "frame.time_delta": "0.002383000", + "frame.time_delta_displayed": "0.002383000", + "frame.time_relative": "1746.014768000", + "frame.number": "6220", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000163f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a24a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47540", + "tcp.dstport": "80", + "tcp.port": "47540", + "tcp.port": "80", + "tcp.stream": "229", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000753a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6219", + "tcp.analysis.ack_rtt": "0.002383000", + "tcp.analysis.initial_rtt": "0.003025000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:37.475581000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495337.475581000", + "frame.time_delta": "0.000127000", + "frame.time_delta_displayed": "0.000127000", + "frame.time_relative": "1746.014895000", + "frame.number": "6221", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00001640", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a189", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47540", + "tcp.dstport": "80", + "tcp.port": "47540", + "tcp.port": "80", + "tcp.stream": "229", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d4b4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003025000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:37.476041000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495337.476041000", + "frame.time_delta": "0.000460000", + "frame.time_delta_displayed": "0.000460000", + "frame.time_relative": "1746.015355000", + "frame.number": "6222", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007136", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004753", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47540", + "tcp.port": "80", + "tcp.port": "47540", + "tcp.stream": "229", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006709", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6221", + "tcp.analysis.ack_rtt": "0.000460000", + "tcp.analysis.initial_rtt": "0.003025000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:37.476774000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495337.476774000", + "frame.time_delta": "0.000733000", + "frame.time_delta_displayed": "0.000733000", + "frame.time_relative": "1746.016088000", + "frame.number": "6223", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00007137", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004741", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47540", + "tcp.port": "80", + "tcp.port": "47540", + "tcp.stream": "229", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a72a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003025000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:37.477157000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495337.477157000", + "frame.time_delta": "0.000383000", + "frame.time_delta_displayed": "0.000383000", + "frame.time_relative": "1746.016471000", + "frame.number": "6224", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00007138", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000436e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47540", + "tcp.port": "80", + "tcp.port": "47540", + "tcp.stream": "229", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f993", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003025000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6223", + "tcp.segment": "6224", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001576000", + "http.request_in": "6221", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:37.478892000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495337.478892000", + "frame.time_delta": "0.001735000", + "frame.time_delta_displayed": "0.001735000", + "frame.time_relative": "1746.018206000", + "frame.number": "6225", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00007139", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000436d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47540", + "tcp.port": "80", + "tcp.port": "47540", + "tcp.stream": "229", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f993", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003025000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:37.484492000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495337.484492000", + "frame.time_delta": "0.005600000", + "frame.time_delta_displayed": "0.005600000", + "frame.time_relative": "1746.023806000", + "frame.number": "6226", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001641", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a248", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47540", + "tcp.dstport": "80", + "tcp.port": "47540", + "tcp.port": "80", + "tcp.stream": "229", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007469", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6223", + "tcp.analysis.ack_rtt": "0.007718000", + "tcp.analysis.initial_rtt": "0.003025000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:37.484542000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495337.484542000", + "frame.time_delta": "0.000050000", + "frame.time_delta_displayed": "0.000050000", + "frame.time_relative": "1746.023856000", + "frame.number": "6227", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001642", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a247", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47540", + "tcp.dstport": "80", + "tcp.port": "47540", + "tcp.port": "80", + "tcp.stream": "229", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000707e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6224", + "tcp.analysis.ack_rtt": "0.007385000", + "tcp.analysis.initial_rtt": "0.003025000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:37.485180000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495337.485180000", + "frame.time_delta": "0.000638000", + "frame.time_delta_displayed": "0.000638000", + "frame.time_relative": "1746.024494000", + "frame.number": "6228", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001643", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a246", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47540", + "tcp.dstport": "80", + "tcp.port": "47540", + "tcp.port": "80", + "tcp.stream": "229", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000707d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:37.485223000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495337.485223000", + "frame.time_delta": "0.000043000", + "frame.time_delta_displayed": "0.000043000", + "frame.time_relative": "1746.024537000", + "frame.number": "6229", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002063", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009826", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47540", + "tcp.dstport": "80", + "tcp.port": "47540", + "tcp.port": "80", + "tcp.stream": "229", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000060a5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:37.485639000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495337.485639000", + "frame.time_delta": "0.000416000", + "frame.time_delta_displayed": "0.000416000", + "frame.time_relative": "1746.024953000", + "frame.number": "6230", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000012c6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a5c3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47540", + "tcp.port": "80", + "tcp.port": "47540", + "tcp.stream": "229", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006313", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6228", + "tcp.analysis.ack_rtt": "0.000459000", + "tcp.analysis.initial_rtt": "0.003025000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:37.489134000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495337.489134000", + "frame.time_delta": "0.003495000", + "frame.time_delta_displayed": "0.003495000", + "frame.time_relative": "1746.028448000", + "frame.number": "6231", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002064", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009825", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47540", + "tcp.dstport": "80", + "tcp.port": "47540", + "tcp.port": "80", + "tcp.stream": "229", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000060a4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:37.675817000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495337.675817000", + "frame.time_delta": "0.186683000", + "frame.time_delta_displayed": "0.186683000", + "frame.time_relative": "1746.215131000", + "frame.number": "6232", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002116", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6fe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49741", + "udp.dstport": "1900", + "udp.port": "49741", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00008810", + "udp.checksum.status": "2", + "udp.stream": "135" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "6197" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:37.953475000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495337.953475000", + "frame.time_delta": "0.277658000", + "frame.time_delta_displayed": "0.277658000", + "frame.time_relative": "1746.492789000", + "frame.number": "6233", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.416651000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.416651000", + "frame.time_delta": "0.463176000", + "frame.time_delta_displayed": "0.463176000", + "frame.time_relative": "1746.955965000", + "frame.number": "6234", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005358", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006409", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "222", + "http.prev_response_in": "6217" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.446948000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.446948000", + "frame.time_delta": "0.030297000", + "frame.time_delta_displayed": "0.030297000", + "frame.time_relative": "1746.986262000", + "frame.number": "6235", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00008fbd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000028b8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47542", + "tcp.dstport": "80", + "tcp.port": "47542", + "tcp.port": "80", + "tcp.stream": "230", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00000460", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7c:d3:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949459, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949459", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.447500000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.447500000", + "frame.time_delta": "0.000552000", + "frame.time_delta_displayed": "0.000552000", + "frame.time_relative": "1746.986814000", + "frame.number": "6236", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47542", + "tcp.port": "80", + "tcp.port": "47542", + "tcp.stream": "230", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000a85b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6235", + "tcp.analysis.ack_rtt": "0.000552000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.451243000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.451243000", + "frame.time_delta": "0.003743000", + "frame.time_delta_displayed": "0.003743000", + "frame.time_relative": "1746.990557000", + "frame.number": "6237", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008fbe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000028cb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47542", + "tcp.dstport": "80", + "tcp.port": "47542", + "tcp.port": "80", + "tcp.stream": "230", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000059e3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6236", + "tcp.analysis.ack_rtt": "0.003743000", + "tcp.analysis.initial_rtt": "0.004295000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.451378000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.451378000", + "frame.time_delta": "0.000135000", + "frame.time_delta_displayed": "0.000135000", + "frame.time_relative": "1746.990692000", + "frame.number": "6238", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00008fbf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000280a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47542", + "tcp.dstport": "80", + "tcp.port": "47542", + "tcp.port": "80", + "tcp.stream": "230", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b95d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004295000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.451819000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.451819000", + "frame.time_delta": "0.000441000", + "frame.time_delta_displayed": "0.000441000", + "frame.time_relative": "1746.991133000", + "frame.number": "6239", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005dcf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005aba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47542", + "tcp.port": "80", + "tcp.port": "47542", + "tcp.stream": "230", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004bb2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6238", + "tcp.analysis.ack_rtt": "0.000441000", + "tcp.analysis.initial_rtt": "0.004295000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.452586000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.452586000", + "frame.time_delta": "0.000767000", + "frame.time_delta_displayed": "0.000767000", + "frame.time_relative": "1746.991900000", + "frame.number": "6240", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00005dd0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005aa8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47542", + "tcp.port": "80", + "tcp.port": "47542", + "tcp.stream": "230", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008bd3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004295000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.452945000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.452945000", + "frame.time_delta": "0.000359000", + "frame.time_delta_displayed": "0.000359000", + "frame.time_relative": "1746.992259000", + "frame.number": "6241", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00005dd1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000056d5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47542", + "tcp.port": "80", + "tcp.port": "47542", + "tcp.stream": "230", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000de3c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004295000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6240", + "tcp.segment": "6241", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001567000", + "http.request_in": "6238", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.455188000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.455188000", + "frame.time_delta": "0.002243000", + "frame.time_delta_displayed": "0.002243000", + "frame.time_relative": "1746.994502000", + "frame.number": "6242", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008fc0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000028c9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47542", + "tcp.dstport": "80", + "tcp.port": "47542", + "tcp.port": "80", + "tcp.stream": "230", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005912", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6240", + "tcp.analysis.ack_rtt": "0.002602000", + "tcp.analysis.initial_rtt": "0.004295000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.456831000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.456831000", + "frame.time_delta": "0.001643000", + "frame.time_delta_displayed": "0.001643000", + "frame.time_relative": "1746.996145000", + "frame.number": "6243", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008fc1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000028c8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47542", + "tcp.dstport": "80", + "tcp.port": "47542", + "tcp.port": "80", + "tcp.stream": "230", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005527", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6241", + "tcp.analysis.ack_rtt": "0.003886000", + "tcp.analysis.initial_rtt": "0.004295000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.461774000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.461774000", + "frame.time_delta": "0.004943000", + "frame.time_delta_displayed": "0.004943000", + "frame.time_relative": "1747.001088000", + "frame.number": "6244", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008fc2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000028c7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47542", + "tcp.dstport": "80", + "tcp.port": "47542", + "tcp.port": "80", + "tcp.stream": "230", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005526", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.462254000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.462254000", + "frame.time_delta": "0.000480000", + "frame.time_delta_displayed": "0.000480000", + "frame.time_relative": "1747.001568000", + "frame.number": "6245", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000012d5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a5b4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47542", + "tcp.port": "80", + "tcp.port": "47542", + "tcp.stream": "230", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000047bc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6244", + "tcp.analysis.ack_rtt": "0.000480000", + "tcp.analysis.initial_rtt": "0.004295000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.465210000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.465210000", + "frame.time_delta": "0.002956000", + "frame.time_delta_displayed": "0.002956000", + "frame.time_relative": "1747.004524000", + "frame.number": "6246", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000020c5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000097c4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47542", + "tcp.dstport": "80", + "tcp.port": "47542", + "tcp.port": "80", + "tcp.stream": "230", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e860", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.469581000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.469581000", + "frame.time_delta": "0.004371000", + "frame.time_delta_displayed": "0.004371000", + "frame.time_relative": "1747.008895000", + "frame.number": "6247", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000535b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000063fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "223", + "http.prev_response_in": "6234" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.481659000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.481659000", + "frame.time_delta": "0.012078000", + "frame.time_delta_displayed": "0.012078000", + "frame.time_relative": "1747.020973000", + "frame.number": "6248", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00002ce7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008b8e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47543", + "tcp.dstport": "80", + "tcp.port": "47543", + "tcp.port": "80", + "tcp.stream": "231", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x000090d9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7c:d7:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949463, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949463", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.482237000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.482237000", + "frame.time_delta": "0.000578000", + "frame.time_delta_displayed": "0.000578000", + "frame.time_relative": "1747.021551000", + "frame.number": "6249", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47543", + "tcp.port": "80", + "tcp.port": "47543", + "tcp.stream": "231", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00000b5b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6248", + "tcp.analysis.ack_rtt": "0.000578000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.485135000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.485135000", + "frame.time_delta": "0.002898000", + "frame.time_delta_displayed": "0.002898000", + "frame.time_relative": "1747.024449000", + "frame.number": "6250", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002ce8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008ba1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47543", + "tcp.dstport": "80", + "tcp.port": "47543", + "tcp.port": "80", + "tcp.stream": "231", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bce2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6249", + "tcp.analysis.ack_rtt": "0.002898000", + "tcp.analysis.initial_rtt": "0.003476000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.486548000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.486548000", + "frame.time_delta": "0.001413000", + "frame.time_delta_displayed": "0.001413000", + "frame.time_relative": "1747.025862000", + "frame.number": "6251", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00002ce9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008ae0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47543", + "tcp.dstport": "80", + "tcp.port": "47543", + "tcp.port": "80", + "tcp.stream": "231", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001c5d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003476000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.487073000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.487073000", + "frame.time_delta": "0.000525000", + "frame.time_delta_displayed": "0.000525000", + "frame.time_relative": "1747.026387000", + "frame.number": "6252", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000086be", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000031cb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47543", + "tcp.port": "80", + "tcp.port": "47543", + "tcp.stream": "231", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000aeb1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6251", + "tcp.analysis.ack_rtt": "0.000525000", + "tcp.analysis.initial_rtt": "0.003476000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.487758000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.487758000", + "frame.time_delta": "0.000685000", + "frame.time_delta_displayed": "0.000685000", + "frame.time_relative": "1747.027072000", + "frame.number": "6253", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000086bf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000031b9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47543", + "tcp.port": "80", + "tcp.port": "47543", + "tcp.stream": "231", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000eed2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003476000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.488184000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.488184000", + "frame.time_delta": "0.000426000", + "frame.time_delta_displayed": "0.000426000", + "frame.time_relative": "1747.027498000", + "frame.number": "6254", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000086c0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002de6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47543", + "tcp.port": "80", + "tcp.port": "47543", + "tcp.stream": "231", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000413c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003476000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6253", + "tcp.segment": "6254", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001636000", + "http.request_in": "6251", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.488900000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.488900000", + "frame.time_delta": "0.000716000", + "frame.time_delta_displayed": "0.000716000", + "frame.time_relative": "1747.028214000", + "frame.number": "6255", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000086c1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002de5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47543", + "tcp.port": "80", + "tcp.port": "47543", + "tcp.stream": "231", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000413c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003476000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.490493000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.490493000", + "frame.time_delta": "0.001593000", + "frame.time_delta_displayed": "0.001593000", + "frame.time_relative": "1747.029807000", + "frame.number": "6256", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002cea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008b9f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47543", + "tcp.dstport": "80", + "tcp.port": "47543", + "tcp.port": "80", + "tcp.stream": "231", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bc11", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6253", + "tcp.analysis.ack_rtt": "0.002735000", + "tcp.analysis.initial_rtt": "0.003476000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.491857000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.491857000", + "frame.time_delta": "0.001364000", + "frame.time_delta_displayed": "0.001364000", + "frame.time_relative": "1747.031171000", + "frame.number": "6257", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002ceb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008b9e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47543", + "tcp.dstport": "80", + "tcp.port": "47543", + "tcp.port": "80", + "tcp.stream": "231", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b826", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6254", + "tcp.analysis.ack_rtt": "0.003673000", + "tcp.analysis.initial_rtt": "0.003476000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.491898000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.491898000", + "frame.time_delta": "0.000041000", + "frame.time_delta_displayed": "0.000041000", + "frame.time_relative": "1747.031212000", + "frame.number": "6258", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002cec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008b91", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47543", + "tcp.dstport": "80", + "tcp.port": "47543", + "tcp.port": "80", + "tcp.stream": "231", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000f56", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:1b:b9:9b:b1:1b:b9:9f:95", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003476000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "6257", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.495691000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.495691000", + "frame.time_delta": "0.003793000", + "frame.time_delta_displayed": "0.003793000", + "frame.time_relative": "1747.035005000", + "frame.number": "6259", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002ced", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008b9c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47543", + "tcp.dstport": "80", + "tcp.port": "47543", + "tcp.port": "80", + "tcp.stream": "231", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b825", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.496171000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.496171000", + "frame.time_delta": "0.000480000", + "frame.time_delta_displayed": "0.000480000", + "frame.time_relative": "1747.035485000", + "frame.number": "6260", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000012d6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a5b3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47543", + "tcp.port": "80", + "tcp.port": "47543", + "tcp.stream": "231", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000aabb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6259", + "tcp.analysis.ack_rtt": "0.000480000", + "tcp.analysis.initial_rtt": "0.003476000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.500293000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.500293000", + "frame.time_delta": "0.004122000", + "frame.time_delta_displayed": "0.004122000", + "frame.time_relative": "1747.039607000", + "frame.number": "6261", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000020c6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000097c3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47543", + "tcp.dstport": "80", + "tcp.port": "47543", + "tcp.port": "80", + "tcp.stream": "231", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000074de", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.522904000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.522904000", + "frame.time_delta": "0.022611000", + "frame.time_delta_displayed": "0.022611000", + "frame.time_relative": "1747.062218000", + "frame.number": "6262", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000535f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000063ff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "224", + "http.prev_response_in": "6247" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.538136000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.538136000", + "frame.time_delta": "0.015232000", + "frame.time_delta_displayed": "0.015232000", + "frame.time_relative": "1747.077450000", + "frame.number": "6263", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000004a9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b3cc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47546", + "tcp.dstport": "80", + "tcp.port": "47546", + "tcp.port": "80", + "tcp.stream": "232", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00005053", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7c:dc:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949468, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949468", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.538682000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.538682000", + "frame.time_delta": "0.000546000", + "frame.time_delta_displayed": "0.000546000", + "frame.time_relative": "1747.077996000", + "frame.number": "6264", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47546", + "tcp.port": "80", + "tcp.port": "47546", + "tcp.stream": "232", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000096d0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6263", + "tcp.analysis.ack_rtt": "0.000546000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.541889000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.541889000", + "frame.time_delta": "0.003207000", + "frame.time_delta_displayed": "0.003207000", + "frame.time_relative": "1747.081203000", + "frame.number": "6265", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000004aa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b3df", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47546", + "tcp.dstport": "80", + "tcp.port": "47546", + "tcp.port": "80", + "tcp.stream": "232", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004858", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6264", + "tcp.analysis.ack_rtt": "0.003207000", + "tcp.analysis.initial_rtt": "0.003753000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.542402000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.542402000", + "frame.time_delta": "0.000513000", + "frame.time_delta_displayed": "0.000513000", + "frame.time_relative": "1747.081716000", + "frame.number": "6266", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000004ab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b31e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47546", + "tcp.dstport": "80", + "tcp.port": "47546", + "tcp.port": "80", + "tcp.stream": "232", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a7d2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003753000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.542904000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.542904000", + "frame.time_delta": "0.000502000", + "frame.time_delta_displayed": "0.000502000", + "frame.time_relative": "1747.082218000", + "frame.number": "6267", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b1a3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000006e6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47546", + "tcp.port": "80", + "tcp.port": "47546", + "tcp.stream": "232", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003a27", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6266", + "tcp.analysis.ack_rtt": "0.000502000", + "tcp.analysis.initial_rtt": "0.003753000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.543605000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.543605000", + "frame.time_delta": "0.000701000", + "frame.time_delta_displayed": "0.000701000", + "frame.time_relative": "1747.082919000", + "frame.number": "6268", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000b1a4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000006d4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47546", + "tcp.port": "80", + "tcp.port": "47546", + "tcp.stream": "232", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007a48", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003753000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.543991000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.543991000", + "frame.time_delta": "0.000386000", + "frame.time_delta_displayed": "0.000386000", + "frame.time_relative": "1747.083305000", + "frame.number": "6269", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000b1a5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000301", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47546", + "tcp.port": "80", + "tcp.port": "47546", + "tcp.stream": "232", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ccb1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003753000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6268", + "tcp.segment": "6269", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001589000", + "http.request_in": "6266", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.546550000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.546550000", + "frame.time_delta": "0.002559000", + "frame.time_delta_displayed": "0.002559000", + "frame.time_relative": "1747.085864000", + "frame.number": "6270", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000004ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b3dd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47546", + "tcp.dstport": "80", + "tcp.port": "47546", + "tcp.port": "80", + "tcp.stream": "232", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004787", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6268", + "tcp.analysis.ack_rtt": "0.002945000", + "tcp.analysis.initial_rtt": "0.003753000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.546662000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.546662000", + "frame.time_delta": "0.000112000", + "frame.time_delta_displayed": "0.000112000", + "frame.time_relative": "1747.085976000", + "frame.number": "6271", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000004ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b3dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47546", + "tcp.dstport": "80", + "tcp.port": "47546", + "tcp.port": "80", + "tcp.stream": "232", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000439c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6269", + "tcp.analysis.ack_rtt": "0.002671000", + "tcp.analysis.initial_rtt": "0.003753000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.548578000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.548578000", + "frame.time_delta": "0.001916000", + "frame.time_delta_displayed": "0.001916000", + "frame.time_relative": "1747.087892000", + "frame.number": "6272", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000004ae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b3db", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47546", + "tcp.dstport": "80", + "tcp.port": "47546", + "tcp.port": "80", + "tcp.stream": "232", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000439b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.549062000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.549062000", + "frame.time_delta": "0.000484000", + "frame.time_delta_displayed": "0.000484000", + "frame.time_relative": "1747.088376000", + "frame.number": "6273", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000012dc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a5ad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47546", + "tcp.port": "80", + "tcp.port": "47546", + "tcp.stream": "232", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003631", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6272", + "tcp.analysis.ack_rtt": "0.000484000", + "tcp.analysis.initial_rtt": "0.003753000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.551822000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.551822000", + "frame.time_delta": "0.002760000", + "frame.time_delta_displayed": "0.002760000", + "frame.time_relative": "1747.091136000", + "frame.number": "6274", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000020ca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000097bf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47546", + "tcp.dstport": "80", + "tcp.port": "47546", + "tcp.port": "80", + "tcp.stream": "232", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000345d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:38.675973000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495338.675973000", + "frame.time_delta": "0.124151000", + "frame.time_delta_displayed": "0.124151000", + "frame.time_relative": "1747.215287000", + "frame.number": "6275", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002117", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49741", + "udp.dstport": "1900", + "udp.port": "49741", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00008810", + "udp.checksum.status": "2", + "udp.stream": "135" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "6232" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.049838000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.049838000", + "frame.time_delta": "0.373865000", + "frame.time_delta_displayed": "0.373865000", + "frame.time_relative": "1747.589152000", + "frame.number": "6276", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000537b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000063e6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "225", + "http.prev_response_in": "6262" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.054760000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.054760000", + "frame.time_delta": "0.004922000", + "frame.time_delta_displayed": "0.004922000", + "frame.time_relative": "1747.594074000", + "frame.number": "6277", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00005c6f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005c06", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47553", + "tcp.dstport": "80", + "tcp.port": "47553", + "tcp.port": "80", + "tcp.stream": "233", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000d7c3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7d:10:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949520, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949520", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.055306000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.055306000", + "frame.time_delta": "0.000546000", + "frame.time_delta_displayed": "0.000546000", + "frame.time_relative": "1747.594620000", + "frame.number": "6278", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47553", + "tcp.port": "80", + "tcp.port": "47553", + "tcp.stream": "233", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000a8d6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6277", + "tcp.analysis.ack_rtt": "0.000546000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.058763000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.058763000", + "frame.time_delta": "0.003457000", + "frame.time_delta_displayed": "0.003457000", + "frame.time_relative": "1747.598077000", + "frame.number": "6279", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005c70", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005c19", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47553", + "tcp.dstport": "80", + "tcp.port": "47553", + "tcp.port": "80", + "tcp.stream": "233", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005a5e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6278", + "tcp.analysis.ack_rtt": "0.003457000", + "tcp.analysis.initial_rtt": "0.004003000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.058891000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.058891000", + "frame.time_delta": "0.000128000", + "frame.time_delta_displayed": "0.000128000", + "frame.time_relative": "1747.598205000", + "frame.number": "6280", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00005c71", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005b58", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47553", + "tcp.dstport": "80", + "tcp.port": "47553", + "tcp.port": "80", + "tcp.stream": "233", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b9d8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004003000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.059320000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.059320000", + "frame.time_delta": "0.000429000", + "frame.time_delta_displayed": "0.000429000", + "frame.time_relative": "1747.598634000", + "frame.number": "6281", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006b46", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004d43", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47553", + "tcp.port": "80", + "tcp.port": "47553", + "tcp.stream": "233", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004c2d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6280", + "tcp.analysis.ack_rtt": "0.000429000", + "tcp.analysis.initial_rtt": "0.004003000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.060314000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.060314000", + "frame.time_delta": "0.000994000", + "frame.time_delta_displayed": "0.000994000", + "frame.time_relative": "1747.599628000", + "frame.number": "6282", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00006b47", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004d31", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47553", + "tcp.port": "80", + "tcp.port": "47553", + "tcp.stream": "233", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008c4e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004003000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.060325000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.060325000", + "frame.time_delta": "0.000011000", + "frame.time_delta_displayed": "0.000011000", + "frame.time_relative": "1747.599639000", + "frame.number": "6283", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00006b48", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000495e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47553", + "tcp.port": "80", + "tcp.port": "47553", + "tcp.stream": "233", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000deb7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004003000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6282", + "tcp.segment": "6283", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001434000", + "http.request_in": "6280", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.062979000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.062979000", + "frame.time_delta": "0.002654000", + "frame.time_delta_displayed": "0.002654000", + "frame.time_relative": "1747.602293000", + "frame.number": "6284", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005c72", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005c17", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47553", + "tcp.dstport": "80", + "tcp.port": "47553", + "tcp.port": "80", + "tcp.stream": "233", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000598d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6282", + "tcp.analysis.ack_rtt": "0.002665000", + "tcp.analysis.initial_rtt": "0.004003000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.063155000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.063155000", + "frame.time_delta": "0.000176000", + "frame.time_delta_displayed": "0.000176000", + "frame.time_relative": "1747.602469000", + "frame.number": "6285", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005c73", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005c16", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47553", + "tcp.dstport": "80", + "tcp.port": "47553", + "tcp.port": "80", + "tcp.stream": "233", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000055a2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6283", + "tcp.analysis.ack_rtt": "0.002830000", + "tcp.analysis.initial_rtt": "0.004003000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.063609000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.063609000", + "frame.time_delta": "0.000454000", + "frame.time_delta_displayed": "0.000454000", + "frame.time_relative": "1747.602923000", + "frame.number": "6286", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005c74", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005c15", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47553", + "tcp.dstport": "80", + "tcp.port": "47553", + "tcp.port": "80", + "tcp.stream": "233", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000055a1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.064060000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.064060000", + "frame.time_delta": "0.000451000", + "frame.time_delta_displayed": "0.000451000", + "frame.time_relative": "1747.603374000", + "frame.number": "6287", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000012f1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a598", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47553", + "tcp.port": "80", + "tcp.port": "47553", + "tcp.stream": "233", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004837", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6286", + "tcp.analysis.ack_rtt": "0.000451000", + "tcp.analysis.initial_rtt": "0.004003000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.067205000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.067205000", + "frame.time_delta": "0.003145000", + "frame.time_delta_displayed": "0.003145000", + "frame.time_relative": "1747.606519000", + "frame.number": "6288", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000020f9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009790", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47553", + "tcp.dstport": "80", + "tcp.port": "47553", + "tcp.port": "80", + "tcp.stream": "233", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bc01", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.102967000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.102967000", + "frame.time_delta": "0.035762000", + "frame.time_delta_displayed": "0.035762000", + "frame.time_relative": "1747.642281000", + "frame.number": "6289", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000537d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000063db", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "226", + "http.prev_response_in": "6276" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.109049000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.109049000", + "frame.time_delta": "0.006082000", + "frame.time_delta_displayed": "0.006082000", + "frame.time_relative": "1747.648363000", + "frame.number": "6290", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00001441", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a434", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47554", + "tcp.dstport": "80", + "tcp.port": "47554", + "tcp.port": "80", + "tcp.stream": "234", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000ce23", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7d:15:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949525, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949525", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.109590000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.109590000", + "frame.time_delta": "0.000541000", + "frame.time_delta_displayed": "0.000541000", + "frame.time_relative": "1747.648904000", + "frame.number": "6291", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47554", + "tcp.port": "80", + "tcp.port": "47554", + "tcp.stream": "234", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00009c3d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6290", + "tcp.analysis.ack_rtt": "0.000541000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.112895000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.112895000", + "frame.time_delta": "0.003305000", + "frame.time_delta_displayed": "0.003305000", + "frame.time_relative": "1747.652209000", + "frame.number": "6292", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001442", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a447", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47554", + "tcp.dstport": "80", + "tcp.port": "47554", + "tcp.port": "80", + "tcp.stream": "234", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004dc5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6291", + "tcp.analysis.ack_rtt": "0.003305000", + "tcp.analysis.initial_rtt": "0.003846000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.123859000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.123859000", + "frame.time_delta": "0.010964000", + "frame.time_delta_displayed": "0.010964000", + "frame.time_relative": "1747.663173000", + "frame.number": "6293", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00001443", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a386", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47554", + "tcp.dstport": "80", + "tcp.port": "47554", + "tcp.port": "80", + "tcp.stream": "234", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ad3f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003846000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.124461000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.124461000", + "frame.time_delta": "0.000602000", + "frame.time_delta_displayed": "0.000602000", + "frame.time_relative": "1747.663775000", + "frame.number": "6294", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000036bf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000081ca", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47554", + "tcp.port": "80", + "tcp.port": "47554", + "tcp.stream": "234", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003f94", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6293", + "tcp.analysis.ack_rtt": "0.000602000", + "tcp.analysis.initial_rtt": "0.003846000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.125157000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.125157000", + "frame.time_delta": "0.000696000", + "frame.time_delta_displayed": "0.000696000", + "frame.time_relative": "1747.664471000", + "frame.number": "6295", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000036c0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000081b8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47554", + "tcp.port": "80", + "tcp.port": "47554", + "tcp.stream": "234", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007fb5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003846000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.125516000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.125516000", + "frame.time_delta": "0.000359000", + "frame.time_delta_displayed": "0.000359000", + "frame.time_relative": "1747.664830000", + "frame.number": "6296", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000036c1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007de5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47554", + "tcp.port": "80", + "tcp.port": "47554", + "tcp.stream": "234", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d21e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003846000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6295", + "tcp.segment": "6296", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001657000", + "http.request_in": "6293", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.128881000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.128881000", + "frame.time_delta": "0.003365000", + "frame.time_delta_displayed": "0.003365000", + "frame.time_relative": "1747.668195000", + "frame.number": "6297", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000036c2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007de4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47554", + "tcp.port": "80", + "tcp.port": "47554", + "tcp.stream": "234", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d21e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003846000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.129369000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.129369000", + "frame.time_delta": "0.000488000", + "frame.time_delta_displayed": "0.000488000", + "frame.time_relative": "1747.668683000", + "frame.number": "6298", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001444", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a445", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47554", + "tcp.dstport": "80", + "tcp.port": "47554", + "tcp.port": "80", + "tcp.stream": "234", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004cf4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6295", + "tcp.analysis.ack_rtt": "0.004212000", + "tcp.analysis.initial_rtt": "0.003846000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.129846000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.129846000", + "frame.time_delta": "0.000477000", + "frame.time_delta_displayed": "0.000477000", + "frame.time_relative": "1747.669160000", + "frame.number": "6299", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001445", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a444", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47554", + "tcp.dstport": "80", + "tcp.port": "47554", + "tcp.port": "80", + "tcp.stream": "234", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004909", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6296", + "tcp.analysis.ack_rtt": "0.004330000", + "tcp.analysis.initial_rtt": "0.003846000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.130880000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.130880000", + "frame.time_delta": "0.001034000", + "frame.time_delta_displayed": "0.001034000", + "frame.time_relative": "1747.670194000", + "frame.number": "6300", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001446", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a443", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47554", + "tcp.dstport": "80", + "tcp.port": "47554", + "tcp.port": "80", + "tcp.stream": "234", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004908", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.131306000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.131306000", + "frame.time_delta": "0.000426000", + "frame.time_delta_displayed": "0.000426000", + "frame.time_relative": "1747.670620000", + "frame.number": "6301", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000012f7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a592", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47554", + "tcp.port": "80", + "tcp.port": "47554", + "tcp.stream": "234", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003b9e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6300", + "tcp.analysis.ack_rtt": "0.000426000", + "tcp.analysis.initial_rtt": "0.003846000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.131920000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.131920000", + "frame.time_delta": "0.000614000", + "frame.time_delta_displayed": "0.000614000", + "frame.time_relative": "1747.671234000", + "frame.number": "6302", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000020fa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000978f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47554", + "tcp.dstport": "80", + "tcp.port": "47554", + "tcp.port": "80", + "tcp.stream": "234", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b267", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.134228000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.134228000", + "frame.time_delta": "0.002308000", + "frame.time_delta_displayed": "0.002308000", + "frame.time_relative": "1747.673542000", + "frame.number": "6303", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000020fb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000978e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47554", + "tcp.dstport": "80", + "tcp.port": "47554", + "tcp.port": "80", + "tcp.stream": "234", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b266", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.155910000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.155910000", + "frame.time_delta": "0.021682000", + "frame.time_delta_displayed": "0.021682000", + "frame.time_relative": "1747.695224000", + "frame.number": "6304", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00005382", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000063dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "227", + "http.prev_response_in": "6289" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.160353000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.160353000", + "frame.time_delta": "0.004443000", + "frame.time_delta_displayed": "0.004443000", + "frame.time_relative": "1747.699667000", + "frame.number": "6305", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000da8b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dde9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47555", + "tcp.dstport": "80", + "tcp.port": "47555", + "tcp.port": "80", + "tcp.stream": "235", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00002853", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7d:1a:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949530, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949530", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.160895000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.160895000", + "frame.time_delta": "0.000542000", + "frame.time_delta_displayed": "0.000542000", + "frame.time_relative": "1747.700209000", + "frame.number": "6306", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47555", + "tcp.port": "80", + "tcp.port": "47555", + "tcp.stream": "235", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000d005", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6305", + "tcp.analysis.ack_rtt": "0.000542000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.163834000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.163834000", + "frame.time_delta": "0.002939000", + "frame.time_delta_displayed": "0.002939000", + "frame.time_relative": "1747.703148000", + "frame.number": "6307", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000da8c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ddfc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47555", + "tcp.dstport": "80", + "tcp.port": "47555", + "tcp.port": "80", + "tcp.stream": "235", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000818d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6306", + "tcp.analysis.ack_rtt": "0.002939000", + "tcp.analysis.initial_rtt": "0.003481000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.163984000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.163984000", + "frame.time_delta": "0.000150000", + "frame.time_delta_displayed": "0.000150000", + "frame.time_relative": "1747.703298000", + "frame.number": "6308", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000da8d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dd3b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47555", + "tcp.dstport": "80", + "tcp.port": "47555", + "tcp.port": "80", + "tcp.stream": "235", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e107", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003481000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.164450000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.164450000", + "frame.time_delta": "0.000466000", + "frame.time_delta_displayed": "0.000466000", + "frame.time_relative": "1747.703764000", + "frame.number": "6309", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003b52", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007d37", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47555", + "tcp.port": "80", + "tcp.port": "47555", + "tcp.stream": "235", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000735c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6308", + "tcp.analysis.ack_rtt": "0.000466000", + "tcp.analysis.initial_rtt": "0.003481000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.165250000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.165250000", + "frame.time_delta": "0.000800000", + "frame.time_delta_displayed": "0.000800000", + "frame.time_relative": "1747.704564000", + "frame.number": "6310", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00003b53", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007d25", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47555", + "tcp.port": "80", + "tcp.port": "47555", + "tcp.stream": "235", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b37d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003481000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.165607000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.165607000", + "frame.time_delta": "0.000357000", + "frame.time_delta_displayed": "0.000357000", + "frame.time_relative": "1747.704921000", + "frame.number": "6311", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00003b54", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007952", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47555", + "tcp.port": "80", + "tcp.port": "47555", + "tcp.stream": "235", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000005e7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003481000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6310", + "tcp.segment": "6311", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001623000", + "http.request_in": "6308", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.167905000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.167905000", + "frame.time_delta": "0.002298000", + "frame.time_delta_displayed": "0.002298000", + "frame.time_relative": "1747.707219000", + "frame.number": "6312", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000da8e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ddfa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47555", + "tcp.dstport": "80", + "tcp.port": "47555", + "tcp.port": "80", + "tcp.stream": "235", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000080bc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6310", + "tcp.analysis.ack_rtt": "0.002655000", + "tcp.analysis.initial_rtt": "0.003481000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.168908000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.168908000", + "frame.time_delta": "0.001003000", + "frame.time_delta_displayed": "0.001003000", + "frame.time_relative": "1747.708222000", + "frame.number": "6313", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000da8f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ddf9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47555", + "tcp.dstport": "80", + "tcp.port": "47555", + "tcp.port": "80", + "tcp.stream": "235", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007cd1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6311", + "tcp.analysis.ack_rtt": "0.003301000", + "tcp.analysis.initial_rtt": "0.003481000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.169015000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.169015000", + "frame.time_delta": "0.000107000", + "frame.time_delta_displayed": "0.000107000", + "frame.time_relative": "1747.708329000", + "frame.number": "6314", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000da90", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ddf8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47555", + "tcp.dstport": "80", + "tcp.port": "47555", + "tcp.port": "80", + "tcp.stream": "235", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007cd0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.169470000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.169470000", + "frame.time_delta": "0.000455000", + "frame.time_delta_displayed": "0.000455000", + "frame.time_relative": "1747.708784000", + "frame.number": "6315", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000012fa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a58f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47555", + "tcp.port": "80", + "tcp.port": "47555", + "tcp.stream": "235", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006f66", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6314", + "tcp.analysis.ack_rtt": "0.000455000", + "tcp.analysis.initial_rtt": "0.003481000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.172232000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.172232000", + "frame.time_delta": "0.002762000", + "frame.time_delta_displayed": "0.002762000", + "frame.time_relative": "1747.711546000", + "frame.number": "6316", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000020fe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000978b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47555", + "tcp.dstport": "80", + "tcp.port": "47555", + "tcp.port": "80", + "tcp.stream": "235", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000c9b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.676687000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.676687000", + "frame.time_delta": "0.504455000", + "frame.time_delta_displayed": "0.504455000", + "frame.time_relative": "1748.216001000", + "frame.number": "6317", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002118", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6fc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49741", + "udp.dstport": "1900", + "udp.port": "49741", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00008810", + "udp.checksum.status": "2", + "udp.stream": "135" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "6275" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.770227000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.770227000", + "frame.time_delta": "0.093540000", + "frame.time_delta_displayed": "0.093540000", + "frame.time_relative": "1748.309541000", + "frame.number": "6318", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:39.770634000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495339.770634000", + "frame.time_delta": "0.000407000", + "frame.time_delta_displayed": "0.000407000", + "frame.time_relative": "1748.309948000", + "frame.number": "6319", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.102616000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.102616000", + "frame.time_delta": "0.331982000", + "frame.time_delta_displayed": "0.331982000", + "frame.time_relative": "1748.641930000", + "frame.number": "6320", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000053cb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006396", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "228", + "http.prev_response_in": "6304" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.108791000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.108791000", + "frame.time_delta": "0.006175000", + "frame.time_delta_displayed": "0.006175000", + "frame.time_relative": "1748.648105000", + "frame.number": "6321", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00004e68", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006a0d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47566", + "tcp.dstport": "80", + "tcp.port": "47566", + "tcp.port": "80", + "tcp.stream": "236", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000b9c4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7d:79:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949625, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949625", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.109331000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.109331000", + "frame.time_delta": "0.000540000", + "frame.time_delta_displayed": "0.000540000", + "frame.time_relative": "1748.648645000", + "frame.number": "6322", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47566", + "tcp.port": "80", + "tcp.port": "47566", + "tcp.stream": "236", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000a3c0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6321", + "tcp.analysis.ack_rtt": "0.000540000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.116795000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.116795000", + "frame.time_delta": "0.007464000", + "frame.time_delta_displayed": "0.007464000", + "frame.time_relative": "1748.656109000", + "frame.number": "6323", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004e69", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006a20", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47566", + "tcp.dstport": "80", + "tcp.port": "47566", + "tcp.port": "80", + "tcp.stream": "236", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005548", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6322", + "tcp.analysis.ack_rtt": "0.007464000", + "tcp.analysis.initial_rtt": "0.008004000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.116836000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.116836000", + "frame.time_delta": "0.000041000", + "frame.time_delta_displayed": "0.000041000", + "frame.time_relative": "1748.656150000", + "frame.number": "6324", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00004e6a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000695f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47566", + "tcp.dstport": "80", + "tcp.port": "47566", + "tcp.port": "80", + "tcp.stream": "236", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b4c2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008004000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.117353000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.117353000", + "frame.time_delta": "0.000517000", + "frame.time_delta_displayed": "0.000517000", + "frame.time_relative": "1748.656667000", + "frame.number": "6325", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008997", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002ef2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47566", + "tcp.port": "80", + "tcp.port": "47566", + "tcp.stream": "236", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004717", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6324", + "tcp.analysis.ack_rtt": "0.000517000", + "tcp.analysis.initial_rtt": "0.008004000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.118106000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.118106000", + "frame.time_delta": "0.000753000", + "frame.time_delta_displayed": "0.000753000", + "frame.time_relative": "1748.657420000", + "frame.number": "6326", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00008998", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002ee0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47566", + "tcp.port": "80", + "tcp.port": "47566", + "tcp.stream": "236", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008738", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008004000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.118495000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.118495000", + "frame.time_delta": "0.000389000", + "frame.time_delta_displayed": "0.000389000", + "frame.time_relative": "1748.657809000", + "frame.number": "6327", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00008999", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002b0d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47566", + "tcp.port": "80", + "tcp.port": "47566", + "tcp.stream": "236", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d9a1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008004000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6326", + "tcp.segment": "6327", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001659000", + "http.request_in": "6324", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.118889000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.118889000", + "frame.time_delta": "0.000394000", + "frame.time_delta_displayed": "0.000394000", + "frame.time_relative": "1748.658203000", + "frame.number": "6328", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000899a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002b0c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47566", + "tcp.port": "80", + "tcp.port": "47566", + "tcp.stream": "236", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d9a1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008004000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.121171000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.121171000", + "frame.time_delta": "0.002282000", + "frame.time_delta_displayed": "0.002282000", + "frame.time_relative": "1748.660485000", + "frame.number": "6329", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004e6b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006a1e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47566", + "tcp.dstport": "80", + "tcp.port": "47566", + "tcp.port": "80", + "tcp.stream": "236", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005477", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6326", + "tcp.analysis.ack_rtt": "0.003065000", + "tcp.analysis.initial_rtt": "0.008004000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.121208000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.121208000", + "frame.time_delta": "0.000037000", + "frame.time_delta_displayed": "0.000037000", + "frame.time_relative": "1748.660522000", + "frame.number": "6330", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004e6c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006a1d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47566", + "tcp.dstport": "80", + "tcp.port": "47566", + "tcp.port": "80", + "tcp.stream": "236", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000508c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6327", + "tcp.analysis.ack_rtt": "0.002713000", + "tcp.analysis.initial_rtt": "0.008004000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.123369000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.123369000", + "frame.time_delta": "0.002161000", + "frame.time_delta_displayed": "0.002161000", + "frame.time_relative": "1748.662683000", + "frame.number": "6331", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00004e6d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006a10", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47566", + "tcp.dstport": "80", + "tcp.port": "47566", + "tcp.port": "80", + "tcp.stream": "236", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000856c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:b4:2a:94:67:b4:2a:98:4b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008004000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "6330", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.135000000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.135000000", + "frame.time_delta": "0.011631000", + "frame.time_delta_displayed": "0.011631000", + "frame.time_relative": "1748.674314000", + "frame.number": "6332", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004e6e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006a1b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47566", + "tcp.dstport": "80", + "tcp.port": "47566", + "tcp.port": "80", + "tcp.stream": "236", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000508b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.135499000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.135499000", + "frame.time_delta": "0.000499000", + "frame.time_delta_displayed": "0.000499000", + "frame.time_relative": "1748.674813000", + "frame.number": "6333", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001349", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a540", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47566", + "tcp.port": "80", + "tcp.port": "47566", + "tcp.stream": "236", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004321", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6332", + "tcp.analysis.ack_rtt": "0.000499000", + "tcp.analysis.initial_rtt": "0.008004000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.138588000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.138588000", + "frame.time_delta": "0.003089000", + "frame.time_delta_displayed": "0.003089000", + "frame.time_relative": "1748.677902000", + "frame.number": "6334", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002107", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009782", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47566", + "tcp.dstport": "80", + "tcp.port": "47566", + "tcp.port": "80", + "tcp.stream": "236", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009e6b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.155786000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.155786000", + "frame.time_delta": "0.017198000", + "frame.time_delta_displayed": "0.017198000", + "frame.time_relative": "1748.695100000", + "frame.number": "6335", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000053d0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006388", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "229", + "http.prev_response_in": "6320" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.164203000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.164203000", + "frame.time_delta": "0.008417000", + "frame.time_delta_displayed": "0.008417000", + "frame.time_relative": "1748.703517000", + "frame.number": "6336", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000b87d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fff7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47567", + "tcp.dstport": "80", + "tcp.port": "47567", + "tcp.port": "80", + "tcp.stream": "237", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00005f39", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7d:7f:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949631, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949631", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.164755000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.164755000", + "frame.time_delta": "0.000552000", + "frame.time_delta_displayed": "0.000552000", + "frame.time_relative": "1748.704069000", + "frame.number": "6337", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47567", + "tcp.port": "80", + "tcp.port": "47567", + "tcp.stream": "237", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000036d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6336", + "tcp.analysis.ack_rtt": "0.000552000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.167915000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.167915000", + "frame.time_delta": "0.003160000", + "frame.time_delta_displayed": "0.003160000", + "frame.time_relative": "1748.707229000", + "frame.number": "6338", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b87e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000000b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47567", + "tcp.dstport": "80", + "tcp.port": "47567", + "tcp.port": "80", + "tcp.stream": "237", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e858", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6337", + "tcp.analysis.ack_rtt": "0.003160000", + "tcp.analysis.initial_rtt": "0.003712000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.168372000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.168372000", + "frame.time_delta": "0.000457000", + "frame.time_delta_displayed": "0.000457000", + "frame.time_relative": "1748.707686000", + "frame.number": "6339", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000b87f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ff49", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47567", + "tcp.dstport": "80", + "tcp.port": "47567", + "tcp.port": "80", + "tcp.stream": "237", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000047d3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003712000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.168910000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.168910000", + "frame.time_delta": "0.000538000", + "frame.time_delta_displayed": "0.000538000", + "frame.time_relative": "1748.708224000", + "frame.number": "6340", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c359", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f52f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47567", + "tcp.port": "80", + "tcp.port": "47567", + "tcp.stream": "237", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000da27", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6339", + "tcp.analysis.ack_rtt": "0.000538000", + "tcp.analysis.initial_rtt": "0.003712000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.169565000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.169565000", + "frame.time_delta": "0.000655000", + "frame.time_delta_displayed": "0.000655000", + "frame.time_relative": "1748.708879000", + "frame.number": "6341", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000c35a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f51d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47567", + "tcp.port": "80", + "tcp.port": "47567", + "tcp.stream": "237", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001a49", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003712000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.169918000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.169918000", + "frame.time_delta": "0.000353000", + "frame.time_delta_displayed": "0.000353000", + "frame.time_relative": "1748.709232000", + "frame.number": "6342", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000c35b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f14a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47567", + "tcp.port": "80", + "tcp.port": "47567", + "tcp.stream": "237", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006cb2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003712000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6341", + "tcp.segment": "6342", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001546000", + "http.request_in": "6339", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.173719000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.173719000", + "frame.time_delta": "0.003801000", + "frame.time_delta_displayed": "0.003801000", + "frame.time_relative": "1748.713033000", + "frame.number": "6343", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b880", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000009", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47567", + "tcp.dstport": "80", + "tcp.port": "47567", + "tcp.port": "80", + "tcp.stream": "237", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e787", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6341", + "tcp.analysis.ack_rtt": "0.004154000", + "tcp.analysis.initial_rtt": "0.003712000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.173823000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.173823000", + "frame.time_delta": "0.000104000", + "frame.time_delta_displayed": "0.000104000", + "frame.time_relative": "1748.713137000", + "frame.number": "6344", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b881", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000008", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47567", + "tcp.dstport": "80", + "tcp.port": "47567", + "tcp.port": "80", + "tcp.stream": "237", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e39c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6342", + "tcp.analysis.ack_rtt": "0.003905000", + "tcp.analysis.initial_rtt": "0.003712000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.175033000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.175033000", + "frame.time_delta": "0.001210000", + "frame.time_delta_displayed": "0.001210000", + "frame.time_relative": "1748.714347000", + "frame.number": "6345", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b882", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000007", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47567", + "tcp.dstport": "80", + "tcp.port": "47567", + "tcp.port": "80", + "tcp.stream": "237", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e39b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.175489000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.175489000", + "frame.time_delta": "0.000456000", + "frame.time_delta_displayed": "0.000456000", + "frame.time_relative": "1748.714803000", + "frame.number": "6346", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000134c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a53d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47567", + "tcp.port": "80", + "tcp.port": "47567", + "tcp.stream": "237", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d631", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6345", + "tcp.analysis.ack_rtt": "0.000456000", + "tcp.analysis.initial_rtt": "0.003712000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.178865000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.178865000", + "frame.time_delta": "0.003376000", + "frame.time_delta_displayed": "0.003376000", + "frame.time_relative": "1748.718179000", + "frame.number": "6347", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000210b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000977e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47567", + "tcp.dstport": "80", + "tcp.port": "47567", + "tcp.port": "80", + "tcp.stream": "237", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000043e6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.208680000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.208680000", + "frame.time_delta": "0.029815000", + "frame.time_delta_displayed": "0.029815000", + "frame.time_relative": "1748.747994000", + "frame.number": "6348", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000053d2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000638c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "230", + "http.prev_response_in": "6335" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.220352000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.220352000", + "frame.time_delta": "0.011672000", + "frame.time_delta_displayed": "0.011672000", + "frame.time_relative": "1748.759666000", + "frame.number": "6349", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000e773", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d101", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47568", + "tcp.dstport": "80", + "tcp.port": "47568", + "tcp.port": "80", + "tcp.stream": "238", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x000008ba", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7d:84:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949636, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949636", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.220914000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.220914000", + "frame.time_delta": "0.000562000", + "frame.time_delta_displayed": "0.000562000", + "frame.time_relative": "1748.760228000", + "frame.number": "6350", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47568", + "tcp.port": "80", + "tcp.port": "47568", + "tcp.stream": "238", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000659d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6349", + "tcp.analysis.ack_rtt": "0.000562000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.224268000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.224268000", + "frame.time_delta": "0.003354000", + "frame.time_delta_displayed": "0.003354000", + "frame.time_relative": "1748.763582000", + "frame.number": "6351", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e774", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d114", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47568", + "tcp.dstport": "80", + "tcp.port": "47568", + "tcp.port": "80", + "tcp.stream": "238", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001725", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6350", + "tcp.analysis.ack_rtt": "0.003354000", + "tcp.analysis.initial_rtt": "0.003916000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.224790000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.224790000", + "frame.time_delta": "0.000522000", + "frame.time_delta_displayed": "0.000522000", + "frame.time_relative": "1748.764104000", + "frame.number": "6352", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000e775", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d053", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47568", + "tcp.dstport": "80", + "tcp.port": "47568", + "tcp.port": "80", + "tcp.stream": "238", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000769f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003916000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.225284000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.225284000", + "frame.time_delta": "0.000494000", + "frame.time_delta_displayed": "0.000494000", + "frame.time_relative": "1748.764598000", + "frame.number": "6353", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b67a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000020f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47568", + "tcp.port": "80", + "tcp.port": "47568", + "tcp.stream": "238", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000008f4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6352", + "tcp.analysis.ack_rtt": "0.000494000", + "tcp.analysis.initial_rtt": "0.003916000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.226006000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.226006000", + "frame.time_delta": "0.000722000", + "frame.time_delta_displayed": "0.000722000", + "frame.time_relative": "1748.765320000", + "frame.number": "6354", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000b67b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000001fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47568", + "tcp.port": "80", + "tcp.port": "47568", + "tcp.stream": "238", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004915", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003916000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.226361000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.226361000", + "frame.time_delta": "0.000355000", + "frame.time_delta_displayed": "0.000355000", + "frame.time_relative": "1748.765675000", + "frame.number": "6355", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000b67c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fe29", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47568", + "tcp.port": "80", + "tcp.port": "47568", + "tcp.stream": "238", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009b7e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003916000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6354", + "tcp.segment": "6355", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001571000", + "http.request_in": "6352", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.228485000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.228485000", + "frame.time_delta": "0.002124000", + "frame.time_delta_displayed": "0.002124000", + "frame.time_relative": "1748.767799000", + "frame.number": "6356", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e776", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d112", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47568", + "tcp.dstport": "80", + "tcp.port": "47568", + "tcp.port": "80", + "tcp.stream": "238", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001654", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6354", + "tcp.analysis.ack_rtt": "0.002479000", + "tcp.analysis.initial_rtt": "0.003916000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.228897000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.228897000", + "frame.time_delta": "0.000412000", + "frame.time_delta_displayed": "0.000412000", + "frame.time_relative": "1748.768211000", + "frame.number": "6357", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000b67d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fe28", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47568", + "tcp.port": "80", + "tcp.port": "47568", + "tcp.stream": "238", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009b7e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003916000", + "tcp.analysis.bytes_in_flight": "996", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.229465000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.229465000", + "frame.time_delta": "0.000568000", + "frame.time_delta_displayed": "0.000568000", + "frame.time_relative": "1748.768779000", + "frame.number": "6358", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e777", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d111", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47568", + "tcp.dstport": "80", + "tcp.port": "47568", + "tcp.port": "80", + "tcp.stream": "238", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001269", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6355", + "tcp.analysis.ack_rtt": "0.003104000", + "tcp.analysis.initial_rtt": "0.003916000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.230457000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.230457000", + "frame.time_delta": "0.000992000", + "frame.time_delta_displayed": "0.000992000", + "frame.time_relative": "1748.769771000", + "frame.number": "6359", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e778", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d110", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47568", + "tcp.dstport": "80", + "tcp.port": "47568", + "tcp.port": "80", + "tcp.stream": "238", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001268", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.230892000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.230892000", + "frame.time_delta": "0.000435000", + "frame.time_delta_displayed": "0.000435000", + "frame.time_relative": "1748.770206000", + "frame.number": "6360", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000134d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a53c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47568", + "tcp.port": "80", + "tcp.port": "47568", + "tcp.stream": "238", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000004fe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6359", + "tcp.analysis.ack_rtt": "0.000435000", + "tcp.analysis.initial_rtt": "0.003916000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.232487000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.232487000", + "frame.time_delta": "0.001595000", + "frame.time_delta_displayed": "0.001595000", + "frame.time_relative": "1748.771801000", + "frame.number": "6361", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002111", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009778", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47568", + "tcp.dstport": "80", + "tcp.port": "47568", + "tcp.port": "80", + "tcp.stream": "238", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ed6c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.235835000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.235835000", + "frame.time_delta": "0.003348000", + "frame.time_delta_displayed": "0.003348000", + "frame.time_relative": "1748.775149000", + "frame.number": "6362", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002112", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009777", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47568", + "tcp.dstport": "80", + "tcp.port": "47568", + "tcp.port": "80", + "tcp.stream": "238", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ed6b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.419516000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.419516000", + "frame.time_delta": "0.183681000", + "frame.time_delta_displayed": "0.183681000", + "frame.time_relative": "1748.958830000", + "frame.number": "6363", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000053da", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006387", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "231", + "http.prev_response_in": "6348" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.434406000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.434406000", + "frame.time_delta": "0.014890000", + "frame.time_delta_displayed": "0.014890000", + "frame.time_relative": "1748.973720000", + "frame.number": "6364", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00009dd4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001aa1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47570", + "tcp.dstport": "80", + "tcp.port": "47570", + "tcp.port": "80", + "tcp.stream": "239", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000cb09", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7d:9a:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949658, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949658", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.434962000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.434962000", + "frame.time_delta": "0.000556000", + "frame.time_delta_displayed": "0.000556000", + "frame.time_relative": "1748.974276000", + "frame.number": "6365", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47570", + "tcp.port": "80", + "tcp.port": "47570", + "tcp.stream": "239", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000040c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6364", + "tcp.analysis.ack_rtt": "0.000556000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.438351000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.438351000", + "frame.time_delta": "0.003389000", + "frame.time_delta_displayed": "0.003389000", + "frame.time_relative": "1748.977665000", + "frame.number": "6366", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009dd5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001ab4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47570", + "tcp.dstport": "80", + "tcp.port": "47570", + "tcp.port": "80", + "tcp.stream": "239", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b593", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6365", + "tcp.analysis.ack_rtt": "0.003389000", + "tcp.analysis.initial_rtt": "0.003945000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.441061000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.441061000", + "frame.time_delta": "0.002710000", + "frame.time_delta_displayed": "0.002710000", + "frame.time_relative": "1748.980375000", + "frame.number": "6367", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00009dd6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000019f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47570", + "tcp.dstport": "80", + "tcp.port": "47570", + "tcp.port": "80", + "tcp.stream": "239", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000150e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003945000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.441567000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.441567000", + "frame.time_delta": "0.000506000", + "frame.time_delta_displayed": "0.000506000", + "frame.time_relative": "1748.980881000", + "frame.number": "6368", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009e3a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001a4f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47570", + "tcp.port": "80", + "tcp.port": "47570", + "tcp.stream": "239", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a762", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6367", + "tcp.analysis.ack_rtt": "0.000506000", + "tcp.analysis.initial_rtt": "0.003945000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.442212000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.442212000", + "frame.time_delta": "0.000645000", + "frame.time_delta_displayed": "0.000645000", + "frame.time_relative": "1748.981526000", + "frame.number": "6369", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00009e3b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001a3d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47570", + "tcp.port": "80", + "tcp.port": "47570", + "tcp.stream": "239", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e783", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003945000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.442560000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.442560000", + "frame.time_delta": "0.000348000", + "frame.time_delta_displayed": "0.000348000", + "frame.time_relative": "1748.981874000", + "frame.number": "6370", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00009e3c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000166a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47570", + "tcp.port": "80", + "tcp.port": "47570", + "tcp.stream": "239", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000039ed", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003945000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6369", + "tcp.segment": "6370", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001499000", + "http.request_in": "6367", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.446535000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.446535000", + "frame.time_delta": "0.003975000", + "frame.time_delta_displayed": "0.003975000", + "frame.time_relative": "1748.985849000", + "frame.number": "6371", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009dd7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001ab2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47570", + "tcp.dstport": "80", + "tcp.port": "47570", + "tcp.port": "80", + "tcp.stream": "239", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b4c2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6369", + "tcp.analysis.ack_rtt": "0.004323000", + "tcp.analysis.initial_rtt": "0.003945000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.446645000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.446645000", + "frame.time_delta": "0.000110000", + "frame.time_delta_displayed": "0.000110000", + "frame.time_relative": "1748.985959000", + "frame.number": "6372", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009dd8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001ab1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47570", + "tcp.dstport": "80", + "tcp.port": "47570", + "tcp.port": "80", + "tcp.stream": "239", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b0d7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6370", + "tcp.analysis.ack_rtt": "0.004085000", + "tcp.analysis.initial_rtt": "0.003945000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.448143000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.448143000", + "frame.time_delta": "0.001498000", + "frame.time_delta_displayed": "0.001498000", + "frame.time_relative": "1748.987457000", + "frame.number": "6373", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009dd9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001ab0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47570", + "tcp.dstport": "80", + "tcp.port": "47570", + "tcp.port": "80", + "tcp.stream": "239", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b0d6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.448590000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.448590000", + "frame.time_delta": "0.000447000", + "frame.time_delta_displayed": "0.000447000", + "frame.time_relative": "1748.987904000", + "frame.number": "6374", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001350", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a539", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47570", + "tcp.port": "80", + "tcp.port": "47570", + "tcp.stream": "239", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a36c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6373", + "tcp.analysis.ack_rtt": "0.000447000", + "tcp.analysis.initial_rtt": "0.003945000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.454977000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.454977000", + "frame.time_delta": "0.006387000", + "frame.time_delta_displayed": "0.006387000", + "frame.time_relative": "1748.994291000", + "frame.number": "6375", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000211e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000976b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47570", + "tcp.dstport": "80", + "tcp.port": "47570", + "tcp.port": "80", + "tcp.stream": "239", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000afd1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.472415000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.472415000", + "frame.time_delta": "0.017438000", + "frame.time_delta_displayed": "0.017438000", + "frame.time_relative": "1749.011729000", + "frame.number": "6376", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000053df", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006379", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "232", + "http.prev_response_in": "6363" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.483388000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.483388000", + "frame.time_delta": "0.010973000", + "frame.time_delta_displayed": "0.010973000", + "frame.time_relative": "1749.022702000", + "frame.number": "6377", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00002113", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009762", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47572", + "tcp.dstport": "80", + "tcp.port": "47572", + "tcp.port": "80", + "tcp.stream": "240", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000cd40", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7d:9f:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949663, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949663", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.483957000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.483957000", + "frame.time_delta": "0.000569000", + "frame.time_delta_displayed": "0.000569000", + "frame.time_relative": "1749.023271000", + "frame.number": "6378", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47572", + "tcp.port": "80", + "tcp.port": "47572", + "tcp.stream": "240", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00004865", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6377", + "tcp.analysis.ack_rtt": "0.000569000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.488083000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.488083000", + "frame.time_delta": "0.004126000", + "frame.time_delta_displayed": "0.004126000", + "frame.time_relative": "1749.027397000", + "frame.number": "6379", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002114", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009775", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47572", + "tcp.dstport": "80", + "tcp.port": "47572", + "tcp.port": "80", + "tcp.stream": "240", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f9ec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6378", + "tcp.analysis.ack_rtt": "0.004126000", + "tcp.analysis.initial_rtt": "0.004695000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.488799000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.488799000", + "frame.time_delta": "0.000716000", + "frame.time_delta_displayed": "0.000716000", + "frame.time_relative": "1749.028113000", + "frame.number": "6380", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00002115", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000096b4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47572", + "tcp.dstport": "80", + "tcp.port": "47572", + "tcp.port": "80", + "tcp.stream": "240", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005967", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004695000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.489296000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.489296000", + "frame.time_delta": "0.000497000", + "frame.time_delta_displayed": "0.000497000", + "frame.time_relative": "1749.028610000", + "frame.number": "6381", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f56f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c319", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47572", + "tcp.port": "80", + "tcp.port": "47572", + "tcp.stream": "240", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ebbb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6380", + "tcp.analysis.ack_rtt": "0.000497000", + "tcp.analysis.initial_rtt": "0.004695000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.490025000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.490025000", + "frame.time_delta": "0.000729000", + "frame.time_delta_displayed": "0.000729000", + "frame.time_relative": "1749.029339000", + "frame.number": "6382", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000f570", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c307", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47572", + "tcp.port": "80", + "tcp.port": "47572", + "tcp.stream": "240", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002bdd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004695000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.490378000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.490378000", + "frame.time_delta": "0.000353000", + "frame.time_delta_displayed": "0.000353000", + "frame.time_relative": "1749.029692000", + "frame.number": "6383", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000f571", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bf34", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47572", + "tcp.port": "80", + "tcp.port": "47572", + "tcp.stream": "240", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007e46", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004695000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6382", + "tcp.segment": "6383", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001579000", + "http.request_in": "6380", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.493681000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.493681000", + "frame.time_delta": "0.003303000", + "frame.time_delta_displayed": "0.003303000", + "frame.time_relative": "1749.032995000", + "frame.number": "6384", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002116", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009773", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47572", + "tcp.dstport": "80", + "tcp.port": "47572", + "tcp.port": "80", + "tcp.stream": "240", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f91b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6382", + "tcp.analysis.ack_rtt": "0.003656000", + "tcp.analysis.initial_rtt": "0.004695000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.494337000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.494337000", + "frame.time_delta": "0.000656000", + "frame.time_delta_displayed": "0.000656000", + "frame.time_relative": "1749.033651000", + "frame.number": "6385", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002117", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009772", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47572", + "tcp.dstport": "80", + "tcp.port": "47572", + "tcp.port": "80", + "tcp.stream": "240", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f530", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6383", + "tcp.analysis.ack_rtt": "0.003959000", + "tcp.analysis.initial_rtt": "0.004695000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.496196000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.496196000", + "frame.time_delta": "0.001859000", + "frame.time_delta_displayed": "0.001859000", + "frame.time_relative": "1749.035510000", + "frame.number": "6386", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002118", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009771", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47572", + "tcp.dstport": "80", + "tcp.port": "47572", + "tcp.port": "80", + "tcp.stream": "240", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f52f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.496650000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.496650000", + "frame.time_delta": "0.000454000", + "frame.time_delta_displayed": "0.000454000", + "frame.time_relative": "1749.035964000", + "frame.number": "6387", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001352", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a537", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47572", + "tcp.port": "80", + "tcp.port": "47572", + "tcp.stream": "240", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e7c5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6386", + "tcp.analysis.ack_rtt": "0.000454000", + "tcp.analysis.initial_rtt": "0.004695000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.500122000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.500122000", + "frame.time_delta": "0.003472000", + "frame.time_delta_displayed": "0.003472000", + "frame.time_relative": "1749.039436000", + "frame.number": "6388", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002121", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009768", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47572", + "tcp.dstport": "80", + "tcp.port": "47572", + "tcp.port": "80", + "tcp.stream": "240", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b20d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.525245000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.525245000", + "frame.time_delta": "0.025123000", + "frame.time_delta_displayed": "0.025123000", + "frame.time_relative": "1749.064559000", + "frame.number": "6389", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000053e4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000637a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "233", + "http.prev_response_in": "6376" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.537317000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.537317000", + "frame.time_delta": "0.012072000", + "frame.time_delta_displayed": "0.012072000", + "frame.time_relative": "1749.076631000", + "frame.number": "6390", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000d983", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000def1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47573", + "tcp.dstport": "80", + "tcp.port": "47573", + "tcp.port": "80", + "tcp.stream": "241", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000ff71", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7d:a4:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949668, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949668", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.537867000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.537867000", + "frame.time_delta": "0.000550000", + "frame.time_delta_displayed": "0.000550000", + "frame.time_relative": "1749.077181000", + "frame.number": "6391", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47573", + "tcp.port": "80", + "tcp.port": "47573", + "tcp.stream": "241", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008e90", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6390", + "tcp.analysis.ack_rtt": "0.000550000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.543950000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.543950000", + "frame.time_delta": "0.006083000", + "frame.time_delta_displayed": "0.006083000", + "frame.time_relative": "1749.083264000", + "frame.number": "6392", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d984", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000df04", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47573", + "tcp.dstport": "80", + "tcp.port": "47573", + "tcp.port": "80", + "tcp.stream": "241", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004018", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6391", + "tcp.analysis.ack_rtt": "0.006083000", + "tcp.analysis.initial_rtt": "0.006633000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.544003000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.544003000", + "frame.time_delta": "0.000053000", + "frame.time_delta_displayed": "0.000053000", + "frame.time_relative": "1749.083317000", + "frame.number": "6393", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000d985", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000de43", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47573", + "tcp.dstport": "80", + "tcp.port": "47573", + "tcp.port": "80", + "tcp.stream": "241", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009f92", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006633000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.544523000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.544523000", + "frame.time_delta": "0.000520000", + "frame.time_delta_displayed": "0.000520000", + "frame.time_relative": "1749.083837000", + "frame.number": "6394", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000088ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002f9d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47573", + "tcp.port": "80", + "tcp.port": "47573", + "tcp.stream": "241", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000031e7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6393", + "tcp.analysis.ack_rtt": "0.000520000", + "tcp.analysis.initial_rtt": "0.006633000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.545257000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.545257000", + "frame.time_delta": "0.000734000", + "frame.time_delta_displayed": "0.000734000", + "frame.time_relative": "1749.084571000", + "frame.number": "6395", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000088ed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002f8b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47573", + "tcp.port": "80", + "tcp.port": "47573", + "tcp.stream": "241", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007208", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006633000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.545614000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.545614000", + "frame.time_delta": "0.000357000", + "frame.time_delta_displayed": "0.000357000", + "frame.time_relative": "1749.084928000", + "frame.number": "6396", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000088ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002bb8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47573", + "tcp.port": "80", + "tcp.port": "47573", + "tcp.stream": "241", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c471", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006633000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6395", + "tcp.segment": "6396", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001611000", + "http.request_in": "6393", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.553752000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.553752000", + "frame.time_delta": "0.008138000", + "frame.time_delta_displayed": "0.008138000", + "frame.time_relative": "1749.093066000", + "frame.number": "6397", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d986", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000df02", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47573", + "tcp.dstport": "80", + "tcp.port": "47573", + "tcp.port": "80", + "tcp.stream": "241", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003f47", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6395", + "tcp.analysis.ack_rtt": "0.008495000", + "tcp.analysis.initial_rtt": "0.006633000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.565987000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.565987000", + "frame.time_delta": "0.012235000", + "frame.time_delta_displayed": "0.012235000", + "frame.time_relative": "1749.105301000", + "frame.number": "6398", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d987", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000df01", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47573", + "tcp.dstport": "80", + "tcp.port": "47573", + "tcp.port": "80", + "tcp.stream": "241", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003b5c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6396", + "tcp.analysis.ack_rtt": "0.020373000", + "tcp.analysis.initial_rtt": "0.006633000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.568235000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.568235000", + "frame.time_delta": "0.002248000", + "frame.time_delta_displayed": "0.002248000", + "frame.time_relative": "1749.107549000", + "frame.number": "6399", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d988", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000df00", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47573", + "tcp.dstport": "80", + "tcp.port": "47573", + "tcp.port": "80", + "tcp.stream": "241", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003b5b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.568707000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.568707000", + "frame.time_delta": "0.000472000", + "frame.time_delta_displayed": "0.000472000", + "frame.time_relative": "1749.108021000", + "frame.number": "6400", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001356", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a533", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47573", + "tcp.port": "80", + "tcp.port": "47573", + "tcp.stream": "241", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002df1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6399", + "tcp.analysis.ack_rtt": "0.000472000", + "tcp.analysis.initial_rtt": "0.006633000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:40.572558000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495340.572558000", + "frame.time_delta": "0.003851000", + "frame.time_delta_displayed": "0.003851000", + "frame.time_relative": "1749.111872000", + "frame.number": "6401", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002128", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009761", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47573", + "tcp.dstport": "80", + "tcp.port": "47573", + "tcp.port": "80", + "tcp.stream": "241", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e443", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:41.471924000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495341.471924000", + "frame.time_delta": "0.899366000", + "frame.time_delta_displayed": "0.899366000", + "frame.time_relative": "1750.011238000", + "frame.number": "6402", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000540f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006352", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "234", + "http.prev_response_in": "6389" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:41.524690000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495341.524690000", + "frame.time_delta": "0.052766000", + "frame.time_delta_displayed": "0.052766000", + "frame.time_relative": "1750.064004000", + "frame.number": "6403", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005412", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006346", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "235", + "http.prev_response_in": "6402" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:41.577535000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495341.577535000", + "frame.time_delta": "0.052845000", + "frame.time_delta_displayed": "0.052845000", + "frame.time_relative": "1750.116849000", + "frame.number": "6404", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00005416", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006348", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "236", + "http.prev_response_in": "6403" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:41.977265000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495341.977265000", + "frame.time_delta": "0.399730000", + "frame.time_delta_displayed": "0.399730000", + "frame.time_relative": "1750.516579000", + "frame.number": "6405", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00003c82", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007bf3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47574", + "tcp.dstport": "80", + "tcp.port": "47574", + "tcp.port": "80", + "tcp.stream": "242", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000958e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7e:34:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949812, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949812", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:41.977843000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495341.977843000", + "frame.time_delta": "0.000578000", + "frame.time_delta_displayed": "0.000578000", + "frame.time_relative": "1750.517157000", + "frame.number": "6406", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47574", + "tcp.port": "80", + "tcp.port": "47574", + "tcp.stream": "242", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000ab43", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6405", + "tcp.analysis.ack_rtt": "0.000578000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:41.983428000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495341.983428000", + "frame.time_delta": "0.005585000", + "frame.time_delta_displayed": "0.005585000", + "frame.time_relative": "1750.522742000", + "frame.number": "6407", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003c83", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007c06", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47574", + "tcp.dstport": "80", + "tcp.port": "47574", + "tcp.port": "80", + "tcp.stream": "242", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005ccb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6406", + "tcp.analysis.ack_rtt": "0.005585000", + "tcp.analysis.initial_rtt": "0.006163000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:41.992549000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495341.992549000", + "frame.time_delta": "0.009121000", + "frame.time_delta_displayed": "0.009121000", + "frame.time_relative": "1750.531863000", + "frame.number": "6408", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00003c84", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007b45", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47574", + "tcp.dstport": "80", + "tcp.port": "47574", + "tcp.port": "80", + "tcp.stream": "242", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bc45", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006163000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:41.993106000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495341.993106000", + "frame.time_delta": "0.000557000", + "frame.time_delta_displayed": "0.000557000", + "frame.time_relative": "1750.532420000", + "frame.number": "6409", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000e9b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a9ee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47574", + "tcp.port": "80", + "tcp.port": "47574", + "tcp.stream": "242", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004e9a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6408", + "tcp.analysis.ack_rtt": "0.000557000", + "tcp.analysis.initial_rtt": "0.006163000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:41.993813000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495341.993813000", + "frame.time_delta": "0.000707000", + "frame.time_delta_displayed": "0.000707000", + "frame.time_relative": "1750.533127000", + "frame.number": "6410", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00000e9c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a9dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47574", + "tcp.port": "80", + "tcp.port": "47574", + "tcp.stream": "242", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008ebb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006163000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:41.994196000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495341.994196000", + "frame.time_delta": "0.000383000", + "frame.time_delta_displayed": "0.000383000", + "frame.time_relative": "1750.533510000", + "frame.number": "6411", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00000e9d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a609", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47574", + "tcp.port": "80", + "tcp.port": "47574", + "tcp.stream": "242", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e124", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006163000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6410", + "tcp.segment": "6411", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001647000", + "http.request_in": "6408", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:41.999187000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495341.999187000", + "frame.time_delta": "0.004991000", + "frame.time_delta_displayed": "0.004991000", + "frame.time_relative": "1750.538501000", + "frame.number": "6412", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003c85", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007c04", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47574", + "tcp.dstport": "80", + "tcp.port": "47574", + "tcp.port": "80", + "tcp.stream": "242", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005bfa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6410", + "tcp.analysis.ack_rtt": "0.005374000", + "tcp.analysis.initial_rtt": "0.006163000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:41.999845000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495341.999845000", + "frame.time_delta": "0.000658000", + "frame.time_delta_displayed": "0.000658000", + "frame.time_relative": "1750.539159000", + "frame.number": "6413", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003c86", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007c03", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47574", + "tcp.dstport": "80", + "tcp.port": "47574", + "tcp.port": "80", + "tcp.stream": "242", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000580f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6411", + "tcp.analysis.ack_rtt": "0.005649000", + "tcp.analysis.initial_rtt": "0.006163000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.003032000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.003032000", + "frame.time_delta": "0.003187000", + "frame.time_delta_displayed": "0.003187000", + "frame.time_relative": "1750.542346000", + "frame.number": "6414", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003c87", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007c02", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47574", + "tcp.dstport": "80", + "tcp.port": "47574", + "tcp.port": "80", + "tcp.stream": "242", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000580e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.003501000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.003501000", + "frame.time_delta": "0.000469000", + "frame.time_delta_displayed": "0.000469000", + "frame.time_relative": "1750.542815000", + "frame.number": "6415", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000013b7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a4d2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47574", + "tcp.port": "80", + "tcp.port": "47574", + "tcp.stream": "242", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004aa4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6414", + "tcp.analysis.ack_rtt": "0.000469000", + "tcp.analysis.initial_rtt": "0.006163000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.007600000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.007600000", + "frame.time_delta": "0.004099000", + "frame.time_delta_displayed": "0.004099000", + "frame.time_relative": "1750.546914000", + "frame.number": "6416", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002157", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009732", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47574", + "tcp.dstport": "80", + "tcp.port": "47574", + "tcp.port": "80", + "tcp.stream": "242", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007af0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.157567000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.157567000", + "frame.time_delta": "0.149967000", + "frame.time_delta_displayed": "0.149967000", + "frame.time_relative": "1750.696881000", + "frame.number": "6417", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005450", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006311", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "237", + "http.prev_response_in": "6404" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.168634000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.168634000", + "frame.time_delta": "0.011067000", + "frame.time_delta_displayed": "0.011067000", + "frame.time_relative": "1750.707948000", + "frame.number": "6418", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00006efd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004978", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47575", + "tcp.dstport": "80", + "tcp.port": "47575", + "tcp.port": "80", + "tcp.stream": "243", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000d7c7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7e:47:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949831, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949831", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.169180000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.169180000", + "frame.time_delta": "0.000546000", + "frame.time_delta_displayed": "0.000546000", + "frame.time_relative": "1750.708494000", + "frame.number": "6419", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47575", + "tcp.port": "80", + "tcp.port": "47575", + "tcp.stream": "243", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000181b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6418", + "tcp.analysis.ack_rtt": "0.000546000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.173784000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.173784000", + "frame.time_delta": "0.004604000", + "frame.time_delta_displayed": "0.004604000", + "frame.time_relative": "1750.713098000", + "frame.number": "6420", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006efe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000498b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47575", + "tcp.dstport": "80", + "tcp.port": "47575", + "tcp.port": "80", + "tcp.stream": "243", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c9a2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6419", + "tcp.analysis.ack_rtt": "0.004604000", + "tcp.analysis.initial_rtt": "0.005150000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.174715000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.174715000", + "frame.time_delta": "0.000931000", + "frame.time_delta_displayed": "0.000931000", + "frame.time_relative": "1750.714029000", + "frame.number": "6421", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00006eff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000048ca", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47575", + "tcp.dstport": "80", + "tcp.port": "47575", + "tcp.port": "80", + "tcp.stream": "243", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000291d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005150000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.175194000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.175194000", + "frame.time_delta": "0.000479000", + "frame.time_delta_displayed": "0.000479000", + "frame.time_relative": "1750.714508000", + "frame.number": "6422", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ae09", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000a80", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47575", + "tcp.port": "80", + "tcp.port": "47575", + "tcp.stream": "243", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bb71", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6421", + "tcp.analysis.ack_rtt": "0.000479000", + "tcp.analysis.initial_rtt": "0.005150000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.175873000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.175873000", + "frame.time_delta": "0.000679000", + "frame.time_delta_displayed": "0.000679000", + "frame.time_relative": "1750.715187000", + "frame.number": "6423", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000ae0a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000a6e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47575", + "tcp.port": "80", + "tcp.port": "47575", + "tcp.stream": "243", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000fb92", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005150000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.176302000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.176302000", + "frame.time_delta": "0.000429000", + "frame.time_delta_displayed": "0.000429000", + "frame.time_relative": "1750.715616000", + "frame.number": "6424", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000ae0b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000069b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47575", + "tcp.port": "80", + "tcp.port": "47575", + "tcp.stream": "243", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004dfc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005150000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6423", + "tcp.segment": "6424", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001587000", + "http.request_in": "6421", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.178877000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.178877000", + "frame.time_delta": "0.002575000", + "frame.time_delta_displayed": "0.002575000", + "frame.time_relative": "1750.718191000", + "frame.number": "6425", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000ae0c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000069a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47575", + "tcp.port": "80", + "tcp.port": "47575", + "tcp.stream": "243", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004dfc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005150000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.182619000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.182619000", + "frame.time_delta": "0.003742000", + "frame.time_delta_displayed": "0.003742000", + "frame.time_relative": "1750.721933000", + "frame.number": "6426", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006f00", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004989", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47575", + "tcp.dstport": "80", + "tcp.port": "47575", + "tcp.port": "80", + "tcp.stream": "243", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c8d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6423", + "tcp.analysis.ack_rtt": "0.006746000", + "tcp.analysis.initial_rtt": "0.005150000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.182668000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.182668000", + "frame.time_delta": "0.000049000", + "frame.time_delta_displayed": "0.000049000", + "frame.time_relative": "1750.721982000", + "frame.number": "6427", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006f01", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004988", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47575", + "tcp.dstport": "80", + "tcp.port": "47575", + "tcp.port": "80", + "tcp.stream": "243", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c4e6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6424", + "tcp.analysis.ack_rtt": "0.006366000", + "tcp.analysis.initial_rtt": "0.005150000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.183518000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.183518000", + "frame.time_delta": "0.000850000", + "frame.time_delta_displayed": "0.000850000", + "frame.time_relative": "1750.722832000", + "frame.number": "6428", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006f02", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004987", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47575", + "tcp.dstport": "80", + "tcp.port": "47575", + "tcp.port": "80", + "tcp.stream": "243", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c4e5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.183970000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.183970000", + "frame.time_delta": "0.000452000", + "frame.time_delta_displayed": "0.000452000", + "frame.time_relative": "1750.723284000", + "frame.number": "6429", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000013c5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a4c4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47575", + "tcp.port": "80", + "tcp.port": "47575", + "tcp.stream": "243", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b77b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6428", + "tcp.analysis.ack_rtt": "0.000452000", + "tcp.analysis.initial_rtt": "0.005150000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.184338000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.184338000", + "frame.time_delta": "0.000368000", + "frame.time_delta_displayed": "0.000368000", + "frame.time_relative": "1750.723652000", + "frame.number": "6430", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002169", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009720", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47575", + "tcp.dstport": "80", + "tcp.port": "47575", + "tcp.port": "80", + "tcp.stream": "243", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bd3d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.188470000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.188470000", + "frame.time_delta": "0.004132000", + "frame.time_delta_displayed": "0.004132000", + "frame.time_relative": "1750.727784000", + "frame.number": "6431", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000216a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000971f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47575", + "tcp.dstport": "80", + "tcp.port": "47575", + "tcp.port": "80", + "tcp.stream": "243", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bd3c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.210700000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.210700000", + "frame.time_delta": "0.022230000", + "frame.time_delta_displayed": "0.022230000", + "frame.time_relative": "1750.750014000", + "frame.number": "6432", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005456", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006302", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "238", + "http.prev_response_in": "6417" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.234833000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.234833000", + "frame.time_delta": "0.024133000", + "frame.time_delta_displayed": "0.024133000", + "frame.time_relative": "1750.774147000", + "frame.number": "6433", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000cd50", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eb24", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47576", + "tcp.dstport": "80", + "tcp.port": "47576", + "tcp.port": "80", + "tcp.stream": "244", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x000028d6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7e:4e:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949838, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949838", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.235394000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.235394000", + "frame.time_delta": "0.000561000", + "frame.time_delta_displayed": "0.000561000", + "frame.time_relative": "1750.774708000", + "frame.number": "6434", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47576", + "tcp.port": "80", + "tcp.port": "47576", + "tcp.stream": "244", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000e579", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6433", + "tcp.analysis.ack_rtt": "0.000561000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.239668000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.239668000", + "frame.time_delta": "0.004274000", + "frame.time_delta_displayed": "0.004274000", + "frame.time_relative": "1750.778982000", + "frame.number": "6435", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cd51", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eb37", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47576", + "tcp.dstport": "80", + "tcp.port": "47576", + "tcp.port": "80", + "tcp.stream": "244", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009701", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6434", + "tcp.analysis.ack_rtt": "0.004274000", + "tcp.analysis.initial_rtt": "0.004835000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.239712000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.239712000", + "frame.time_delta": "0.000044000", + "frame.time_delta_displayed": "0.000044000", + "frame.time_relative": "1750.779026000", + "frame.number": "6436", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000cd52", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ea76", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47576", + "tcp.dstport": "80", + "tcp.port": "47576", + "tcp.port": "80", + "tcp.stream": "244", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f67b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004835000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.240222000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.240222000", + "frame.time_delta": "0.000510000", + "frame.time_delta_displayed": "0.000510000", + "frame.time_relative": "1750.779536000", + "frame.number": "6437", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f177", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c711", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47576", + "tcp.port": "80", + "tcp.port": "47576", + "tcp.stream": "244", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000088d0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6436", + "tcp.analysis.ack_rtt": "0.000510000", + "tcp.analysis.initial_rtt": "0.004835000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.240915000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.240915000", + "frame.time_delta": "0.000693000", + "frame.time_delta_displayed": "0.000693000", + "frame.time_relative": "1750.780229000", + "frame.number": "6438", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000f178", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c6ff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47576", + "tcp.port": "80", + "tcp.port": "47576", + "tcp.stream": "244", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c8f1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004835000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.241373000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.241373000", + "frame.time_delta": "0.000458000", + "frame.time_delta_displayed": "0.000458000", + "frame.time_relative": "1750.780687000", + "frame.number": "6439", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000f179", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c32c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47576", + "tcp.port": "80", + "tcp.port": "47576", + "tcp.stream": "244", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001b5b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004835000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6438", + "tcp.segment": "6439", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001661000", + "http.request_in": "6436", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.246178000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.246178000", + "frame.time_delta": "0.004805000", + "frame.time_delta_displayed": "0.004805000", + "frame.time_relative": "1750.785492000", + "frame.number": "6440", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cd53", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eb35", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47576", + "tcp.dstport": "80", + "tcp.port": "47576", + "tcp.port": "80", + "tcp.stream": "244", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009630", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6438", + "tcp.analysis.ack_rtt": "0.005263000", + "tcp.analysis.initial_rtt": "0.004835000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.246310000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.246310000", + "frame.time_delta": "0.000132000", + "frame.time_delta_displayed": "0.000132000", + "frame.time_relative": "1750.785624000", + "frame.number": "6441", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cd54", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eb34", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47576", + "tcp.dstport": "80", + "tcp.port": "47576", + "tcp.port": "80", + "tcp.stream": "244", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009245", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6439", + "tcp.analysis.ack_rtt": "0.004937000", + "tcp.analysis.initial_rtt": "0.004835000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.248264000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.248264000", + "frame.time_delta": "0.001954000", + "frame.time_delta_displayed": "0.001954000", + "frame.time_relative": "1750.787578000", + "frame.number": "6442", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cd55", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eb33", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47576", + "tcp.dstport": "80", + "tcp.port": "47576", + "tcp.port": "80", + "tcp.stream": "244", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009244", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.248758000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.248758000", + "frame.time_delta": "0.000494000", + "frame.time_delta_displayed": "0.000494000", + "frame.time_relative": "1750.788072000", + "frame.number": "6443", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000013c9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a4c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47576", + "tcp.port": "80", + "tcp.port": "47576", + "tcp.stream": "244", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000084da", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6442", + "tcp.analysis.ack_rtt": "0.000494000", + "tcp.analysis.initial_rtt": "0.004835000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.253142000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.253142000", + "frame.time_delta": "0.004384000", + "frame.time_delta_displayed": "0.004384000", + "frame.time_relative": "1750.792456000", + "frame.number": "6444", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000216f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000971a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47576", + "tcp.dstport": "80", + "tcp.port": "47576", + "tcp.port": "80", + "tcp.stream": "244", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000e52", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.263593000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.263593000", + "frame.time_delta": "0.010451000", + "frame.time_delta_displayed": "0.010451000", + "frame.time_relative": "1750.802907000", + "frame.number": "6445", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00005459", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006305", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "239", + "http.prev_response_in": "6432" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.278879000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.278879000", + "frame.time_delta": "0.015286000", + "frame.time_delta_displayed": "0.015286000", + "frame.time_relative": "1750.818193000", + "frame.number": "6446", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00002580", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000092f5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47577", + "tcp.dstport": "80", + "tcp.port": "47577", + "tcp.port": "80", + "tcp.stream": "245", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000c0ff", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7e:52:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949842, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949842", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.279436000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.279436000", + "frame.time_delta": "0.000557000", + "frame.time_delta_displayed": "0.000557000", + "frame.time_relative": "1750.818750000", + "frame.number": "6447", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47577", + "tcp.port": "80", + "tcp.port": "47577", + "tcp.stream": "245", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000a40d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6446", + "tcp.analysis.ack_rtt": "0.000557000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.284456000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.284456000", + "frame.time_delta": "0.005020000", + "frame.time_delta_displayed": "0.005020000", + "frame.time_relative": "1750.823770000", + "frame.number": "6448", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002581", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009308", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47577", + "tcp.dstport": "80", + "tcp.port": "47577", + "tcp.port": "80", + "tcp.stream": "245", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005595", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6447", + "tcp.analysis.ack_rtt": "0.005020000", + "tcp.analysis.initial_rtt": "0.005577000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.286207000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.286207000", + "frame.time_delta": "0.001751000", + "frame.time_delta_displayed": "0.001751000", + "frame.time_relative": "1750.825521000", + "frame.number": "6449", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00002582", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009247", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47577", + "tcp.dstport": "80", + "tcp.port": "47577", + "tcp.port": "80", + "tcp.stream": "245", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b50f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005577000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.286738000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.286738000", + "frame.time_delta": "0.000531000", + "frame.time_delta_displayed": "0.000531000", + "frame.time_relative": "1750.826052000", + "frame.number": "6450", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000aa85", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000e04", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47577", + "tcp.port": "80", + "tcp.port": "47577", + "tcp.stream": "245", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004764", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6449", + "tcp.analysis.ack_rtt": "0.000531000", + "tcp.analysis.initial_rtt": "0.005577000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.287376000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.287376000", + "frame.time_delta": "0.000638000", + "frame.time_delta_displayed": "0.000638000", + "frame.time_relative": "1750.826690000", + "frame.number": "6451", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000aa86", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000df2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47577", + "tcp.port": "80", + "tcp.port": "47577", + "tcp.stream": "245", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008785", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005577000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.287727000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.287727000", + "frame.time_delta": "0.000351000", + "frame.time_delta_displayed": "0.000351000", + "frame.time_relative": "1750.827041000", + "frame.number": "6452", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000aa87", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000a1f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47577", + "tcp.port": "80", + "tcp.port": "47577", + "tcp.stream": "245", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d9ee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005577000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6451", + "tcp.segment": "6452", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001520000", + "http.request_in": "6449", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.288878000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.288878000", + "frame.time_delta": "0.001151000", + "frame.time_delta_displayed": "0.001151000", + "frame.time_relative": "1750.828192000", + "frame.number": "6453", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000aa88", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000a1e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47577", + "tcp.port": "80", + "tcp.port": "47577", + "tcp.stream": "245", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d9ee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005577000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.291496000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.291496000", + "frame.time_delta": "0.002618000", + "frame.time_delta_displayed": "0.002618000", + "frame.time_relative": "1750.830810000", + "frame.number": "6454", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002583", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009306", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47577", + "tcp.dstport": "80", + "tcp.port": "47577", + "tcp.port": "80", + "tcp.stream": "245", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000054c4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6451", + "tcp.analysis.ack_rtt": "0.004120000", + "tcp.analysis.initial_rtt": "0.005577000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.297734000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.297734000", + "frame.time_delta": "0.006238000", + "frame.time_delta_displayed": "0.006238000", + "frame.time_relative": "1750.837048000", + "frame.number": "6455", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002584", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009305", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47577", + "tcp.dstport": "80", + "tcp.port": "47577", + "tcp.port": "80", + "tcp.stream": "245", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000050d9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6452", + "tcp.analysis.ack_rtt": "0.010007000", + "tcp.analysis.initial_rtt": "0.005577000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.297777000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.297777000", + "frame.time_delta": "0.000043000", + "frame.time_delta_displayed": "0.000043000", + "frame.time_relative": "1750.837091000", + "frame.number": "6456", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002585", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000092f8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47577", + "tcp.dstport": "80", + "tcp.port": "47577", + "tcp.port": "80", + "tcp.stream": "245", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000762b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:9c:28:b4:30:9c:28:b8:14", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005577000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "6455", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.298405000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.298405000", + "frame.time_delta": "0.000628000", + "frame.time_delta_displayed": "0.000628000", + "frame.time_relative": "1750.837719000", + "frame.number": "6457", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002586", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009303", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47577", + "tcp.dstport": "80", + "tcp.port": "47577", + "tcp.port": "80", + "tcp.stream": "245", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000050d8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.298857000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.298857000", + "frame.time_delta": "0.000452000", + "frame.time_delta_displayed": "0.000452000", + "frame.time_relative": "1750.838171000", + "frame.number": "6458", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000013ce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a4bb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47577", + "tcp.port": "80", + "tcp.port": "47577", + "tcp.stream": "245", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000436e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6457", + "tcp.analysis.ack_rtt": "0.000452000", + "tcp.analysis.initial_rtt": "0.005577000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:42.305627000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495342.305627000", + "frame.time_delta": "0.006770000", + "frame.time_delta_displayed": "0.006770000", + "frame.time_relative": "1750.844941000", + "frame.number": "6459", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002170", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009719", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47577", + "tcp.dstport": "80", + "tcp.port": "47577", + "tcp.port": "80", + "tcp.stream": "245", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a67f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.210618000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.210618000", + "frame.time_delta": "0.904991000", + "frame.time_delta_displayed": "0.904991000", + "frame.time_relative": "1751.749932000", + "frame.number": "6460", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005460", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006301", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "240", + "http.prev_response_in": "6445" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.263355000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.263355000", + "frame.time_delta": "0.052737000", + "frame.time_delta_displayed": "0.052737000", + "frame.time_relative": "1751.802669000", + "frame.number": "6461", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005462", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000062f6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "241", + "http.prev_response_in": "6460" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.298587000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.298587000", + "frame.time_delta": "0.035232000", + "frame.time_delta_displayed": "0.035232000", + "frame.time_relative": "1751.837901000", + "frame.number": "6462", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000a421", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001454", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47578", + "tcp.dstport": "80", + "tcp.port": "47578", + "tcp.port": "80", + "tcp.stream": "246", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000d86a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7e:b8:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949944, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949944", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.299147000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.299147000", + "frame.time_delta": "0.000560000", + "frame.time_delta_displayed": "0.000560000", + "frame.time_relative": "1751.838461000", + "frame.number": "6463", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47578", + "tcp.port": "80", + "tcp.port": "47578", + "tcp.stream": "246", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00006990", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6462", + "tcp.analysis.ack_rtt": "0.000560000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.302668000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.302668000", + "frame.time_delta": "0.003521000", + "frame.time_delta_displayed": "0.003521000", + "frame.time_relative": "1751.841982000", + "frame.number": "6464", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a422", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001467", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47578", + "tcp.dstport": "80", + "tcp.port": "47578", + "tcp.port": "80", + "tcp.stream": "246", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001b18", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6463", + "tcp.analysis.ack_rtt": "0.003521000", + "tcp.analysis.initial_rtt": "0.004081000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.303178000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.303178000", + "frame.time_delta": "0.000510000", + "frame.time_delta_displayed": "0.000510000", + "frame.time_relative": "1751.842492000", + "frame.number": "6465", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000a423", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000013a6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47578", + "tcp.dstport": "80", + "tcp.port": "47578", + "tcp.port": "80", + "tcp.stream": "246", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007a92", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004081000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.303759000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.303759000", + "frame.time_delta": "0.000581000", + "frame.time_delta_displayed": "0.000581000", + "frame.time_relative": "1751.843073000", + "frame.number": "6466", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c890", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eff8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47578", + "tcp.port": "80", + "tcp.port": "47578", + "tcp.stream": "246", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000ce7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6465", + "tcp.analysis.ack_rtt": "0.000581000", + "tcp.analysis.initial_rtt": "0.004081000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.304304000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.304304000", + "frame.time_delta": "0.000545000", + "frame.time_delta_displayed": "0.000545000", + "frame.time_relative": "1751.843618000", + "frame.number": "6467", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000c891", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000efe6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47578", + "tcp.port": "80", + "tcp.port": "47578", + "tcp.stream": "246", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004d08", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004081000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.304654000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.304654000", + "frame.time_delta": "0.000350000", + "frame.time_delta_displayed": "0.000350000", + "frame.time_relative": "1751.843968000", + "frame.number": "6468", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000c892", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ec13", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47578", + "tcp.port": "80", + "tcp.port": "47578", + "tcp.stream": "246", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009f71", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004081000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6467", + "tcp.segment": "6468", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001476000", + "http.request_in": "6465", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.308884000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.308884000", + "frame.time_delta": "0.004230000", + "frame.time_delta_displayed": "0.004230000", + "frame.time_relative": "1751.848198000", + "frame.number": "6469", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000c893", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ec12", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47578", + "tcp.port": "80", + "tcp.port": "47578", + "tcp.stream": "246", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009f71", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004081000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.retransmission": "", + "_ws.expert.message": "This frame is a (suspected) retransmission", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + }, + "tcp.analysis.rto": "0.004230000", + "tcp.analysis.rto_frame": "6468" + } + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.309120000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.309120000", + "frame.time_delta": "0.000236000", + "frame.time_delta_displayed": "0.000236000", + "frame.time_relative": "1751.848434000", + "frame.number": "6470", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a424", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001465", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47578", + "tcp.dstport": "80", + "tcp.port": "47578", + "tcp.port": "80", + "tcp.stream": "246", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001a47", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6467", + "tcp.analysis.ack_rtt": "0.004816000", + "tcp.analysis.initial_rtt": "0.004081000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.309273000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.309273000", + "frame.time_delta": "0.000153000", + "frame.time_delta_displayed": "0.000153000", + "frame.time_relative": "1751.848587000", + "frame.number": "6471", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a425", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001464", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47578", + "tcp.dstport": "80", + "tcp.port": "47578", + "tcp.port": "80", + "tcp.stream": "246", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000165c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6468", + "tcp.analysis.ack_rtt": "0.004619000", + "tcp.analysis.initial_rtt": "0.004081000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.310408000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.310408000", + "frame.time_delta": "0.001135000", + "frame.time_delta_displayed": "0.001135000", + "frame.time_relative": "1751.849722000", + "frame.number": "6472", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a426", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001463", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47578", + "tcp.dstport": "80", + "tcp.port": "47578", + "tcp.port": "80", + "tcp.stream": "246", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000165b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.310858000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.310858000", + "frame.time_delta": "0.000450000", + "frame.time_delta_displayed": "0.000450000", + "frame.time_relative": "1751.850172000", + "frame.number": "6473", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000141b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a46e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47578", + "tcp.port": "80", + "tcp.port": "47578", + "tcp.stream": "246", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000008f1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6472", + "tcp.analysis.ack_rtt": "0.000450000", + "tcp.analysis.initial_rtt": "0.004081000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.313898000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.313898000", + "frame.time_delta": "0.003040000", + "frame.time_delta_displayed": "0.003040000", + "frame.time_relative": "1751.853212000", + "frame.number": "6474", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002178", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009711", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47578", + "tcp.dstport": "80", + "tcp.port": "47578", + "tcp.port": "80", + "tcp.stream": "246", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000be51", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.313939000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.313939000", + "frame.time_delta": "0.000041000", + "frame.time_delta_displayed": "0.000041000", + "frame.time_relative": "1751.853253000", + "frame.number": "6475", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002179", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009710", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47578", + "tcp.dstport": "80", + "tcp.port": "47578", + "tcp.port": "80", + "tcp.stream": "246", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000be50", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.316423000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.316423000", + "frame.time_delta": "0.002484000", + "frame.time_delta_displayed": "0.002484000", + "frame.time_relative": "1751.855737000", + "frame.number": "6476", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00005466", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000062f8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "242", + "http.prev_response_in": "6461" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.327214000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.327214000", + "frame.time_delta": "0.010791000", + "frame.time_delta_displayed": "0.010791000", + "frame.time_relative": "1751.866528000", + "frame.number": "6477", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000051ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000066c9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47579", + "tcp.dstport": "80", + "tcp.port": "47579", + "tcp.port": "80", + "tcp.stream": "247", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00005328", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7e:bb:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949947, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949947", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.327757000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.327757000", + "frame.time_delta": "0.000543000", + "frame.time_delta_displayed": "0.000543000", + "frame.time_relative": "1751.867071000", + "frame.number": "6478", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47579", + "tcp.port": "80", + "tcp.port": "47579", + "tcp.stream": "247", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000a406", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6477", + "tcp.analysis.ack_rtt": "0.000543000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.331114000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.331114000", + "frame.time_delta": "0.003357000", + "frame.time_delta_displayed": "0.003357000", + "frame.time_relative": "1751.870428000", + "frame.number": "6479", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000051ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000066dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47579", + "tcp.dstport": "80", + "tcp.port": "47579", + "tcp.port": "80", + "tcp.stream": "247", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000558e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6478", + "tcp.analysis.ack_rtt": "0.003357000", + "tcp.analysis.initial_rtt": "0.003900000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.331779000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.331779000", + "frame.time_delta": "0.000665000", + "frame.time_delta_displayed": "0.000665000", + "frame.time_relative": "1751.871093000", + "frame.number": "6480", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000051ae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000661b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47579", + "tcp.dstport": "80", + "tcp.port": "47579", + "tcp.port": "80", + "tcp.stream": "247", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b508", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003900000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.332494000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.332494000", + "frame.time_delta": "0.000715000", + "frame.time_delta_displayed": "0.000715000", + "frame.time_relative": "1751.871808000", + "frame.number": "6481", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cfb1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e8d7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47579", + "tcp.port": "80", + "tcp.port": "47579", + "tcp.stream": "247", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000475d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6480", + "tcp.analysis.ack_rtt": "0.000715000", + "tcp.analysis.initial_rtt": "0.003900000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.333153000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.333153000", + "frame.time_delta": "0.000659000", + "frame.time_delta_displayed": "0.000659000", + "frame.time_relative": "1751.872467000", + "frame.number": "6482", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000cfb2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e8c5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47579", + "tcp.port": "80", + "tcp.port": "47579", + "tcp.stream": "247", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000877e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003900000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.333596000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.333596000", + "frame.time_delta": "0.000443000", + "frame.time_delta_displayed": "0.000443000", + "frame.time_relative": "1751.872910000", + "frame.number": "6483", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000cfb3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e4f2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47579", + "tcp.port": "80", + "tcp.port": "47579", + "tcp.stream": "247", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d9e7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003900000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6482", + "tcp.segment": "6483", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001817000", + "http.request_in": "6480", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.336511000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.336511000", + "frame.time_delta": "0.002915000", + "frame.time_delta_displayed": "0.002915000", + "frame.time_relative": "1751.875825000", + "frame.number": "6484", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000051af", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000066da", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47579", + "tcp.dstport": "80", + "tcp.port": "47579", + "tcp.port": "80", + "tcp.stream": "247", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000054bd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6482", + "tcp.analysis.ack_rtt": "0.003358000", + "tcp.analysis.initial_rtt": "0.003900000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.336628000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.336628000", + "frame.time_delta": "0.000117000", + "frame.time_delta_displayed": "0.000117000", + "frame.time_relative": "1751.875942000", + "frame.number": "6485", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000051b0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000066d9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47579", + "tcp.dstport": "80", + "tcp.port": "47579", + "tcp.port": "80", + "tcp.stream": "247", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000050d2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6483", + "tcp.analysis.ack_rtt": "0.003032000", + "tcp.analysis.initial_rtt": "0.003900000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.337235000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.337235000", + "frame.time_delta": "0.000607000", + "frame.time_delta_displayed": "0.000607000", + "frame.time_relative": "1751.876549000", + "frame.number": "6486", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000051b1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000066d8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47579", + "tcp.dstport": "80", + "tcp.port": "47579", + "tcp.port": "80", + "tcp.stream": "247", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000050d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.337685000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.337685000", + "frame.time_delta": "0.000450000", + "frame.time_delta_displayed": "0.000450000", + "frame.time_relative": "1751.876999000", + "frame.number": "6487", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000141c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a46d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47579", + "tcp.port": "80", + "tcp.port": "47579", + "tcp.stream": "247", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004367", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6486", + "tcp.analysis.ack_rtt": "0.000450000", + "tcp.analysis.initial_rtt": "0.003900000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.342096000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.342096000", + "frame.time_delta": "0.004411000", + "frame.time_delta_displayed": "0.004411000", + "frame.time_relative": "1751.881410000", + "frame.number": "6488", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000217c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000970d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47579", + "tcp.dstport": "80", + "tcp.port": "47579", + "tcp.port": "80", + "tcp.stream": "247", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003911", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.633770000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.633770000", + "frame.time_delta": "0.291674000", + "frame.time_delta_displayed": "0.291674000", + "frame.time_relative": "1752.173084000", + "frame.number": "6489", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005474", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000062ed", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "243", + "http.prev_response_in": "6476" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.686656000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.686656000", + "frame.time_delta": "0.052886000", + "frame.time_delta_displayed": "0.052886000", + "frame.time_relative": "1752.225970000", + "frame.number": "6490", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005476", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000062e2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "244", + "http.prev_response_in": "6489" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.713894000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.713894000", + "frame.time_delta": "0.027238000", + "frame.time_delta_displayed": "0.027238000", + "frame.time_relative": "1752.253208000", + "frame.number": "6491", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000074cc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000043a9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47580", + "tcp.dstport": "80", + "tcp.port": "47580", + "tcp.port": "80", + "tcp.stream": "248", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00005ca5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7e:e1:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949985, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949985", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.714443000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.714443000", + "frame.time_delta": "0.000549000", + "frame.time_delta_displayed": "0.000549000", + "frame.time_relative": "1752.253757000", + "frame.number": "6492", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47580", + "tcp.port": "80", + "tcp.port": "47580", + "tcp.stream": "248", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000d79e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6491", + "tcp.analysis.ack_rtt": "0.000549000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.721838000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.721838000", + "frame.time_delta": "0.007395000", + "frame.time_delta_displayed": "0.007395000", + "frame.time_relative": "1752.261152000", + "frame.number": "6493", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000074cd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000043bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47580", + "tcp.dstport": "80", + "tcp.port": "47580", + "tcp.port": "80", + "tcp.stream": "248", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008926", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6492", + "tcp.analysis.ack_rtt": "0.007395000", + "tcp.analysis.initial_rtt": "0.007944000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.721941000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.721941000", + "frame.time_delta": "0.000103000", + "frame.time_delta_displayed": "0.000103000", + "frame.time_relative": "1752.261255000", + "frame.number": "6494", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000074ce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000042fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47580", + "tcp.dstport": "80", + "tcp.port": "47580", + "tcp.port": "80", + "tcp.stream": "248", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e8a0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007944000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.722454000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.722454000", + "frame.time_delta": "0.000513000", + "frame.time_delta_displayed": "0.000513000", + "frame.time_relative": "1752.261768000", + "frame.number": "6495", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006a8b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004dfe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47580", + "tcp.port": "80", + "tcp.port": "47580", + "tcp.stream": "248", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007af5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6494", + "tcp.analysis.ack_rtt": "0.000513000", + "tcp.analysis.initial_rtt": "0.007944000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.723114000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.723114000", + "frame.time_delta": "0.000660000", + "frame.time_delta_displayed": "0.000660000", + "frame.time_relative": "1752.262428000", + "frame.number": "6496", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00006a8c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004dec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47580", + "tcp.port": "80", + "tcp.port": "47580", + "tcp.stream": "248", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bb16", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007944000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.723486000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.723486000", + "frame.time_delta": "0.000372000", + "frame.time_delta_displayed": "0.000372000", + "frame.time_relative": "1752.262800000", + "frame.number": "6497", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00006a8d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004a19", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47580", + "tcp.port": "80", + "tcp.port": "47580", + "tcp.stream": "248", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000d80", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007944000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6496", + "tcp.segment": "6497", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001545000", + "http.request_in": "6494", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.731453000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.731453000", + "frame.time_delta": "0.007967000", + "frame.time_delta_displayed": "0.007967000", + "frame.time_relative": "1752.270767000", + "frame.number": "6498", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000074cf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000043ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47580", + "tcp.dstport": "80", + "tcp.port": "47580", + "tcp.port": "80", + "tcp.stream": "248", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008855", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6496", + "tcp.analysis.ack_rtt": "0.008339000", + "tcp.analysis.initial_rtt": "0.007944000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.731501000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.731501000", + "frame.time_delta": "0.000048000", + "frame.time_delta_displayed": "0.000048000", + "frame.time_relative": "1752.270815000", + "frame.number": "6499", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000074d0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000043b9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47580", + "tcp.dstport": "80", + "tcp.port": "47580", + "tcp.port": "80", + "tcp.stream": "248", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000846a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6497", + "tcp.analysis.ack_rtt": "0.008015000", + "tcp.analysis.initial_rtt": "0.007944000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.732127000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.732127000", + "frame.time_delta": "0.000626000", + "frame.time_delta_displayed": "0.000626000", + "frame.time_relative": "1752.271441000", + "frame.number": "6500", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000074d1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000043b8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47580", + "tcp.dstport": "80", + "tcp.port": "47580", + "tcp.port": "80", + "tcp.stream": "248", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008469", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.732577000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.732577000", + "frame.time_delta": "0.000450000", + "frame.time_delta_displayed": "0.000450000", + "frame.time_relative": "1752.271891000", + "frame.number": "6501", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000141f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a46a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47580", + "tcp.port": "80", + "tcp.port": "47580", + "tcp.stream": "248", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000076ff", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6500", + "tcp.analysis.ack_rtt": "0.000450000", + "tcp.analysis.initial_rtt": "0.007944000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.736578000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.736578000", + "frame.time_delta": "0.004001000", + "frame.time_delta_displayed": "0.004001000", + "frame.time_relative": "1752.275892000", + "frame.number": "6502", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002187", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009702", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47580", + "tcp.dstport": "80", + "tcp.port": "47580", + "tcp.port": "80", + "tcp.stream": "248", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000042b4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.739640000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.739640000", + "frame.time_delta": "0.003062000", + "frame.time_delta_displayed": "0.003062000", + "frame.time_relative": "1752.278954000", + "frame.number": "6503", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000547a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000062e4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "245", + "http.prev_response_in": "6490" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.751666000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.751666000", + "frame.time_delta": "0.012026000", + "frame.time_delta_displayed": "0.012026000", + "frame.time_relative": "1752.290980000", + "frame.number": "6504", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000048b2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006fc3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47581", + "tcp.dstport": "80", + "tcp.port": "47581", + "tcp.port": "80", + "tcp.stream": "249", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x000033b3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7e:e6:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 949990, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "949990", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.752200000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.752200000", + "frame.time_delta": "0.000534000", + "frame.time_delta_displayed": "0.000534000", + "frame.time_relative": "1752.291514000", + "frame.number": "6505", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47581", + "tcp.port": "80", + "tcp.port": "47581", + "tcp.stream": "249", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00000764", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6504", + "tcp.analysis.ack_rtt": "0.000534000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.760634000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.760634000", + "frame.time_delta": "0.008434000", + "frame.time_delta_displayed": "0.008434000", + "frame.time_relative": "1752.299948000", + "frame.number": "6506", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000048b3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006fd6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47581", + "tcp.dstport": "80", + "tcp.port": "47581", + "tcp.port": "80", + "tcp.stream": "249", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b8eb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6505", + "tcp.analysis.ack_rtt": "0.008434000", + "tcp.analysis.initial_rtt": "0.008968000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.760685000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.760685000", + "frame.time_delta": "0.000051000", + "frame.time_delta_displayed": "0.000051000", + "frame.time_relative": "1752.299999000", + "frame.number": "6507", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000048b4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006f15", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47581", + "tcp.dstport": "80", + "tcp.port": "47581", + "tcp.port": "80", + "tcp.stream": "249", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001866", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008968000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.761195000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.761195000", + "frame.time_delta": "0.000510000", + "frame.time_delta_displayed": "0.000510000", + "frame.time_relative": "1752.300509000", + "frame.number": "6508", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004a0a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006e7f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47581", + "tcp.port": "80", + "tcp.port": "47581", + "tcp.stream": "249", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000aaba", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6507", + "tcp.analysis.ack_rtt": "0.000510000", + "tcp.analysis.initial_rtt": "0.008968000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.761970000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.761970000", + "frame.time_delta": "0.000775000", + "frame.time_delta_displayed": "0.000775000", + "frame.time_relative": "1752.301284000", + "frame.number": "6509", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00004a0b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006e6d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47581", + "tcp.port": "80", + "tcp.port": "47581", + "tcp.stream": "249", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000eadb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008968000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.762326000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.762326000", + "frame.time_delta": "0.000356000", + "frame.time_delta_displayed": "0.000356000", + "frame.time_relative": "1752.301640000", + "frame.number": "6510", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00004a0c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006a9a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47581", + "tcp.port": "80", + "tcp.port": "47581", + "tcp.stream": "249", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003d45", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008968000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6509", + "tcp.segment": "6510", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001641000", + "http.request_in": "6507", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.769257000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.769257000", + "frame.time_delta": "0.006931000", + "frame.time_delta_displayed": "0.006931000", + "frame.time_relative": "1752.308571000", + "frame.number": "6511", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000048b5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006fd4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47581", + "tcp.dstport": "80", + "tcp.port": "47581", + "tcp.port": "80", + "tcp.stream": "249", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b81a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6509", + "tcp.analysis.ack_rtt": "0.007287000", + "tcp.analysis.initial_rtt": "0.008968000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.769300000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.769300000", + "frame.time_delta": "0.000043000", + "frame.time_delta_displayed": "0.000043000", + "frame.time_relative": "1752.308614000", + "frame.number": "6512", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000048b6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006fd3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47581", + "tcp.dstport": "80", + "tcp.port": "47581", + "tcp.port": "80", + "tcp.stream": "249", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b42f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6510", + "tcp.analysis.ack_rtt": "0.006974000", + "tcp.analysis.initial_rtt": "0.008968000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.770949000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.770949000", + "frame.time_delta": "0.001649000", + "frame.time_delta_displayed": "0.001649000", + "frame.time_relative": "1752.310263000", + "frame.number": "6513", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000048b7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006fd2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47581", + "tcp.dstport": "80", + "tcp.port": "47581", + "tcp.port": "80", + "tcp.stream": "249", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b42e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.771482000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.771482000", + "frame.time_delta": "0.000533000", + "frame.time_delta_displayed": "0.000533000", + "frame.time_relative": "1752.310796000", + "frame.number": "6514", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001422", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a467", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47581", + "tcp.port": "80", + "tcp.port": "47581", + "tcp.stream": "249", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a6c4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6513", + "tcp.analysis.ack_rtt": "0.000533000", + "tcp.analysis.initial_rtt": "0.008968000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:43.775560000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495343.775560000", + "frame.time_delta": "0.004078000", + "frame.time_delta_displayed": "0.004078000", + "frame.time_relative": "1752.314874000", + "frame.number": "6515", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002188", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009701", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47581", + "tcp.dstport": "80", + "tcp.port": "47581", + "tcp.port": "80", + "tcp.stream": "249", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000019c7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.686468000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.686468000", + "frame.time_delta": "0.910908000", + "frame.time_delta_displayed": "0.910908000", + "frame.time_relative": "1753.225782000", + "frame.number": "6516", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000054d0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006291", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "246", + "http.prev_response_in": "6503" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.734101000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.734101000", + "frame.time_delta": "0.047633000", + "frame.time_delta_displayed": "0.047633000", + "frame.time_relative": "1753.273415000", + "frame.number": "6517", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00001d62", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009b13", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47582", + "tcp.dstport": "80", + "tcp.port": "47582", + "tcp.port": "80", + "tcp.stream": "250", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00001048", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7f:48:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950088, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950088", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.734646000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.734646000", + "frame.time_delta": "0.000545000", + "frame.time_delta_displayed": "0.000545000", + "frame.time_relative": "1753.273960000", + "frame.number": "6518", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47582", + "tcp.port": "80", + "tcp.port": "47582", + "tcp.stream": "250", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000d7d2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6517", + "tcp.analysis.ack_rtt": "0.000545000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.738152000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.738152000", + "frame.time_delta": "0.003506000", + "frame.time_delta_displayed": "0.003506000", + "frame.time_relative": "1753.277466000", + "frame.number": "6519", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d63", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009b26", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47582", + "tcp.dstport": "80", + "tcp.port": "47582", + "tcp.port": "80", + "tcp.stream": "250", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000895a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6518", + "tcp.analysis.ack_rtt": "0.003506000", + "tcp.analysis.initial_rtt": "0.004051000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.738280000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.738280000", + "frame.time_delta": "0.000128000", + "frame.time_delta_displayed": "0.000128000", + "frame.time_relative": "1753.277594000", + "frame.number": "6520", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00001d64", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009a65", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47582", + "tcp.dstport": "80", + "tcp.port": "47582", + "tcp.port": "80", + "tcp.stream": "250", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e8d4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004051000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.738743000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.738743000", + "frame.time_delta": "0.000463000", + "frame.time_delta_displayed": "0.000463000", + "frame.time_relative": "1753.278057000", + "frame.number": "6521", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009c82", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001c07", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47582", + "tcp.port": "80", + "tcp.port": "47582", + "tcp.stream": "250", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007b29", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6520", + "tcp.analysis.ack_rtt": "0.000463000", + "tcp.analysis.initial_rtt": "0.004051000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.739529000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.739529000", + "frame.time_delta": "0.000786000", + "frame.time_delta_displayed": "0.000786000", + "frame.time_relative": "1753.278843000", + "frame.number": "6522", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00009c83", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001bf5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47582", + "tcp.port": "80", + "tcp.port": "47582", + "tcp.stream": "250", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bb4a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004051000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.739934000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.739934000", + "frame.time_delta": "0.000405000", + "frame.time_delta_displayed": "0.000405000", + "frame.time_relative": "1753.279248000", + "frame.number": "6523", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00009c84", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001822", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47582", + "tcp.port": "80", + "tcp.port": "47582", + "tcp.stream": "250", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000db4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004051000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6522", + "tcp.segment": "6523", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001654000", + "http.request_in": "6520", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.739943000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.739943000", + "frame.time_delta": "0.000009000", + "frame.time_delta_displayed": "0.000009000", + "frame.time_relative": "1753.279257000", + "frame.number": "6524", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000054d1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006287", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "247", + "http.prev_response_in": "6516" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.743514000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.743514000", + "frame.time_delta": "0.003571000", + "frame.time_delta_displayed": "0.003571000", + "frame.time_relative": "1753.282828000", + "frame.number": "6525", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d65", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009b24", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47582", + "tcp.dstport": "80", + "tcp.port": "47582", + "tcp.port": "80", + "tcp.stream": "250", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008889", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6522", + "tcp.analysis.ack_rtt": "0.003985000", + "tcp.analysis.initial_rtt": "0.004051000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.743629000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.743629000", + "frame.time_delta": "0.000115000", + "frame.time_delta_displayed": "0.000115000", + "frame.time_relative": "1753.282943000", + "frame.number": "6526", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d66", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009b23", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47582", + "tcp.dstport": "80", + "tcp.port": "47582", + "tcp.port": "80", + "tcp.stream": "250", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000849e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6523", + "tcp.analysis.ack_rtt": "0.003695000", + "tcp.analysis.initial_rtt": "0.004051000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.744229000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.744229000", + "frame.time_delta": "0.000600000", + "frame.time_delta_displayed": "0.000600000", + "frame.time_relative": "1753.283543000", + "frame.number": "6527", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d67", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009b22", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47582", + "tcp.dstport": "80", + "tcp.port": "47582", + "tcp.port": "80", + "tcp.stream": "250", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000849d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.744657000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.744657000", + "frame.time_delta": "0.000428000", + "frame.time_delta_displayed": "0.000428000", + "frame.time_relative": "1753.283971000", + "frame.number": "6528", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000145e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a42b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47582", + "tcp.port": "80", + "tcp.port": "47582", + "tcp.stream": "250", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007733", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6527", + "tcp.analysis.ack_rtt": "0.000428000", + "tcp.analysis.initial_rtt": "0.004051000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.748978000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.748978000", + "frame.time_delta": "0.004321000", + "frame.time_delta_displayed": "0.004321000", + "frame.time_relative": "1753.288292000", + "frame.number": "6529", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000021a3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000096e6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47582", + "tcp.dstport": "80", + "tcp.port": "47582", + "tcp.port": "80", + "tcp.stream": "250", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f6bd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.749011000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.749011000", + "frame.time_delta": "0.000033000", + "frame.time_delta_displayed": "0.000033000", + "frame.time_relative": "1753.288325000", + "frame.number": "6530", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000b3fc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000479", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47583", + "tcp.dstport": "80", + "tcp.port": "47583", + "tcp.port": "80", + "tcp.stream": "251", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00006406", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7f:49:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950089, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950089", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.749533000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.749533000", + "frame.time_delta": "0.000522000", + "frame.time_delta_displayed": "0.000522000", + "frame.time_relative": "1753.288847000", + "frame.number": "6531", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47583", + "tcp.port": "80", + "tcp.port": "47583", + "tcp.stream": "251", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000e520", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6530", + "tcp.analysis.ack_rtt": "0.000522000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.755498000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.755498000", + "frame.time_delta": "0.005965000", + "frame.time_delta_displayed": "0.005965000", + "frame.time_relative": "1753.294812000", + "frame.number": "6532", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b3fd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000048c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47583", + "tcp.dstport": "80", + "tcp.port": "47583", + "tcp.port": "80", + "tcp.stream": "251", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000096a8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6531", + "tcp.analysis.ack_rtt": "0.005965000", + "tcp.analysis.initial_rtt": "0.006487000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.755539000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.755539000", + "frame.time_delta": "0.000041000", + "frame.time_delta_displayed": "0.000041000", + "frame.time_relative": "1753.294853000", + "frame.number": "6533", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000b3fe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000003cb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47583", + "tcp.dstport": "80", + "tcp.port": "47583", + "tcp.port": "80", + "tcp.stream": "251", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f622", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006487000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.756101000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.756101000", + "frame.time_delta": "0.000562000", + "frame.time_delta_displayed": "0.000562000", + "frame.time_relative": "1753.295415000", + "frame.number": "6534", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c466", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f422", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47583", + "tcp.port": "80", + "tcp.port": "47583", + "tcp.stream": "251", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008877", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6533", + "tcp.analysis.ack_rtt": "0.000562000", + "tcp.analysis.initial_rtt": "0.006487000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.756863000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.756863000", + "frame.time_delta": "0.000762000", + "frame.time_delta_displayed": "0.000762000", + "frame.time_relative": "1753.296177000", + "frame.number": "6535", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000c467", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f410", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47583", + "tcp.port": "80", + "tcp.port": "47583", + "tcp.stream": "251", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c898", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006487000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.757249000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.757249000", + "frame.time_delta": "0.000386000", + "frame.time_delta_displayed": "0.000386000", + "frame.time_relative": "1753.296563000", + "frame.number": "6536", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000c468", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f03d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47583", + "tcp.port": "80", + "tcp.port": "47583", + "tcp.stream": "251", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001b02", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006487000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6535", + "tcp.segment": "6536", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001710000", + "http.request_in": "6533", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.758870000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.758870000", + "frame.time_delta": "0.001621000", + "frame.time_delta_displayed": "0.001621000", + "frame.time_relative": "1753.298184000", + "frame.number": "6537", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000c469", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f03c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47583", + "tcp.port": "80", + "tcp.port": "47583", + "tcp.stream": "251", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001b02", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006487000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.760270000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.760270000", + "frame.time_delta": "0.001400000", + "frame.time_delta_displayed": "0.001400000", + "frame.time_relative": "1753.299584000", + "frame.number": "6538", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b3ff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000048a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47583", + "tcp.dstport": "80", + "tcp.port": "47583", + "tcp.port": "80", + "tcp.stream": "251", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000095d7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6535", + "tcp.analysis.ack_rtt": "0.003407000", + "tcp.analysis.initial_rtt": "0.006487000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.760395000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.760395000", + "frame.time_delta": "0.000125000", + "frame.time_delta_displayed": "0.000125000", + "frame.time_relative": "1753.299709000", + "frame.number": "6539", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b400", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000489", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47583", + "tcp.dstport": "80", + "tcp.port": "47583", + "tcp.port": "80", + "tcp.stream": "251", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000091ec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6536", + "tcp.analysis.ack_rtt": "0.003146000", + "tcp.analysis.initial_rtt": "0.006487000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.761424000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.761424000", + "frame.time_delta": "0.001029000", + "frame.time_delta_displayed": "0.001029000", + "frame.time_relative": "1753.300738000", + "frame.number": "6540", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b401", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000488", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47583", + "tcp.dstport": "80", + "tcp.port": "47583", + "tcp.port": "80", + "tcp.stream": "251", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000091eb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.761953000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.761953000", + "frame.time_delta": "0.000529000", + "frame.time_delta_displayed": "0.000529000", + "frame.time_relative": "1753.301267000", + "frame.number": "6541", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000021a5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000096e4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47583", + "tcp.dstport": "80", + "tcp.port": "47583", + "tcp.port": "80", + "tcp.stream": "251", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004a7e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.761915000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.761915000", + "frame.time_delta": "-0.000038000", + "frame.time_delta_displayed": "-0.000038000", + "frame.time_relative": "1753.301229000", + "frame.number": "6542", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000145f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a42a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47583", + "tcp.port": "80", + "tcp.port": "47583", + "tcp.stream": "251", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008481", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6540", + "tcp.analysis.ack_rtt": "0.000491000", + "tcp.analysis.initial_rtt": "0.006487000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.765350000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.765350000", + "frame.time_delta": "0.003435000", + "frame.time_delta_displayed": "0.003435000", + "frame.time_relative": "1753.304664000", + "frame.number": "6543", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000021a6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000096e3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47583", + "tcp.dstport": "80", + "tcp.port": "47583", + "tcp.port": "80", + "tcp.stream": "251", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004a7d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.794650000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.794650000", + "frame.time_delta": "0.029300000", + "frame.time_delta_displayed": "0.029300000", + "frame.time_relative": "1753.333964000", + "frame.number": "6544", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000054d4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000628a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "248", + "http.prev_response_in": "6524" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.801566000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.801566000", + "frame.time_delta": "0.006916000", + "frame.time_delta_displayed": "0.006916000", + "frame.time_relative": "1753.340880000", + "frame.number": "6545", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00005b70", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005d05", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47584", + "tcp.dstport": "80", + "tcp.port": "47584", + "tcp.port": "80", + "tcp.stream": "252", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x000044f5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7f:4f:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950095, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950095", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.802084000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.802084000", + "frame.time_delta": "0.000518000", + "frame.time_delta_displayed": "0.000518000", + "frame.time_relative": "1753.341398000", + "frame.number": "6546", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47584", + "tcp.port": "80", + "tcp.port": "47584", + "tcp.stream": "252", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008007", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6545", + "tcp.analysis.ack_rtt": "0.000518000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.805863000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.805863000", + "frame.time_delta": "0.003779000", + "frame.time_delta_displayed": "0.003779000", + "frame.time_relative": "1753.345177000", + "frame.number": "6547", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005b71", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005d18", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47584", + "tcp.dstport": "80", + "tcp.port": "47584", + "tcp.port": "80", + "tcp.stream": "252", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000318f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6546", + "tcp.analysis.ack_rtt": "0.003779000", + "tcp.analysis.initial_rtt": "0.004297000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.805993000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.805993000", + "frame.time_delta": "0.000130000", + "frame.time_delta_displayed": "0.000130000", + "frame.time_relative": "1753.345307000", + "frame.number": "6548", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00005b72", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005c57", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47584", + "tcp.dstport": "80", + "tcp.port": "47584", + "tcp.port": "80", + "tcp.stream": "252", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009109", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004297000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.806414000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.806414000", + "frame.time_delta": "0.000421000", + "frame.time_delta_displayed": "0.000421000", + "frame.time_relative": "1753.345728000", + "frame.number": "6549", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002a56", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008e33", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47584", + "tcp.port": "80", + "tcp.port": "47584", + "tcp.stream": "252", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000235e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6548", + "tcp.analysis.ack_rtt": "0.000421000", + "tcp.analysis.initial_rtt": "0.004297000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.807086000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.807086000", + "frame.time_delta": "0.000672000", + "frame.time_delta_displayed": "0.000672000", + "frame.time_relative": "1753.346400000", + "frame.number": "6550", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00002a57", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008e21", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47584", + "tcp.port": "80", + "tcp.port": "47584", + "tcp.stream": "252", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000637f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004297000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.807447000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.807447000", + "frame.time_delta": "0.000361000", + "frame.time_delta_displayed": "0.000361000", + "frame.time_relative": "1753.346761000", + "frame.number": "6551", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00002a58", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008a4e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47584", + "tcp.port": "80", + "tcp.port": "47584", + "tcp.stream": "252", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b5e8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004297000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6550", + "tcp.segment": "6551", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001454000", + "http.request_in": "6548", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.808872000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.808872000", + "frame.time_delta": "0.001425000", + "frame.time_delta_displayed": "0.001425000", + "frame.time_relative": "1753.348186000", + "frame.number": "6552", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00002a59", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008a4d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47584", + "tcp.port": "80", + "tcp.port": "47584", + "tcp.stream": "252", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b5e8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004297000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.810255000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.810255000", + "frame.time_delta": "0.001383000", + "frame.time_delta_displayed": "0.001383000", + "frame.time_relative": "1753.349569000", + "frame.number": "6553", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005b73", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005d16", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47584", + "tcp.dstport": "80", + "tcp.port": "47584", + "tcp.port": "80", + "tcp.stream": "252", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000030be", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6550", + "tcp.analysis.ack_rtt": "0.003169000", + "tcp.analysis.initial_rtt": "0.004297000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.812019000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.812019000", + "frame.time_delta": "0.001764000", + "frame.time_delta_displayed": "0.001764000", + "frame.time_relative": "1753.351333000", + "frame.number": "6554", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005b74", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005d15", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47584", + "tcp.dstport": "80", + "tcp.port": "47584", + "tcp.port": "80", + "tcp.stream": "252", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002cd3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6551", + "tcp.analysis.ack_rtt": "0.004572000", + "tcp.analysis.initial_rtt": "0.004297000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.813030000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.813030000", + "frame.time_delta": "0.001011000", + "frame.time_delta_displayed": "0.001011000", + "frame.time_relative": "1753.352344000", + "frame.number": "6555", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005b75", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005d14", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47584", + "tcp.dstport": "80", + "tcp.port": "47584", + "tcp.port": "80", + "tcp.stream": "252", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002cd2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.813150000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.813150000", + "frame.time_delta": "0.000120000", + "frame.time_delta_displayed": "0.000120000", + "frame.time_relative": "1753.352464000", + "frame.number": "6556", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00005b76", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005d07", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47584", + "tcp.dstport": "80", + "tcp.port": "47584", + "tcp.port": "80", + "tcp.stream": "252", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000033", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:c3:80:35:d1:c3:80:39:b5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004297000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "6554", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.813442000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.813442000", + "frame.time_delta": "0.000292000", + "frame.time_delta_displayed": "0.000292000", + "frame.time_relative": "1753.352756000", + "frame.number": "6557", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001460", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a429", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47584", + "tcp.port": "80", + "tcp.port": "47584", + "tcp.stream": "252", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001f68", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6555", + "tcp.analysis.ack_rtt": "0.000412000", + "tcp.analysis.initial_rtt": "0.004297000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:44.816735000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495344.816735000", + "frame.time_delta": "0.003293000", + "frame.time_delta_displayed": "0.003293000", + "frame.time_relative": "1753.356049000", + "frame.number": "6558", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000021ab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000096de", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47584", + "tcp.dstport": "80", + "tcp.port": "47584", + "tcp.port": "80", + "tcp.stream": "252", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002b72", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.635011000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.635011000", + "frame.time_delta": "0.818276000", + "frame.time_delta_displayed": "0.818276000", + "frame.time_relative": "1754.174325000", + "frame.number": "6559", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000054d5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000628c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "249", + "http.prev_response_in": "6544" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.663131000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.663131000", + "frame.time_delta": "0.028120000", + "frame.time_delta_displayed": "0.028120000", + "frame.time_relative": "1754.202445000", + "frame.number": "6560", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000b145", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000730", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47585", + "tcp.dstport": "80", + "tcp.port": "47585", + "tcp.port": "80", + "tcp.stream": "253", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00000977", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7f:a5:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950181, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950181", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.663694000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.663694000", + "frame.time_delta": "0.000563000", + "frame.time_delta_displayed": "0.000563000", + "frame.time_relative": "1754.203008000", + "frame.number": "6561", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47585", + "tcp.port": "80", + "tcp.port": "47585", + "tcp.stream": "253", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000bae4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6560", + "tcp.analysis.ack_rtt": "0.000563000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.668840000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.668840000", + "frame.time_delta": "0.005146000", + "frame.time_delta_displayed": "0.005146000", + "frame.time_relative": "1754.208154000", + "frame.number": "6562", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b146", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000743", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47585", + "tcp.dstport": "80", + "tcp.port": "47585", + "tcp.port": "80", + "tcp.stream": "253", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006c6c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6561", + "tcp.analysis.ack_rtt": "0.005146000", + "tcp.analysis.initial_rtt": "0.005709000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.669637000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.669637000", + "frame.time_delta": "0.000797000", + "frame.time_delta_displayed": "0.000797000", + "frame.time_relative": "1754.208951000", + "frame.number": "6563", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000b147", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000682", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47585", + "tcp.dstport": "80", + "tcp.port": "47585", + "tcp.port": "80", + "tcp.stream": "253", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000cbe6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005709000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.670246000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.670246000", + "frame.time_delta": "0.000609000", + "frame.time_delta_displayed": "0.000609000", + "frame.time_relative": "1754.209560000", + "frame.number": "6564", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007ff3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003896", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47585", + "tcp.port": "80", + "tcp.port": "47585", + "tcp.stream": "253", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005e3b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6563", + "tcp.analysis.ack_rtt": "0.000609000", + "tcp.analysis.initial_rtt": "0.005709000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.670837000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.670837000", + "frame.time_delta": "0.000591000", + "frame.time_delta_displayed": "0.000591000", + "frame.time_relative": "1754.210151000", + "frame.number": "6565", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00007ff4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003884", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47585", + "tcp.port": "80", + "tcp.port": "47585", + "tcp.stream": "253", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009e5c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005709000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.671185000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.671185000", + "frame.time_delta": "0.000348000", + "frame.time_delta_displayed": "0.000348000", + "frame.time_relative": "1754.210499000", + "frame.number": "6566", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00007ff5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000034b1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47585", + "tcp.port": "80", + "tcp.port": "47585", + "tcp.stream": "253", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f0c5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005709000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6565", + "tcp.segment": "6566", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001548000", + "http.request_in": "6563", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.679647000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.679647000", + "frame.time_delta": "0.008462000", + "frame.time_delta_displayed": "0.008462000", + "frame.time_relative": "1754.218961000", + "frame.number": "6567", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b148", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000741", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47585", + "tcp.dstport": "80", + "tcp.port": "47585", + "tcp.port": "80", + "tcp.stream": "253", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006b9b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6565", + "tcp.analysis.ack_rtt": "0.008810000", + "tcp.analysis.initial_rtt": "0.005709000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.680424000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.680424000", + "frame.time_delta": "0.000777000", + "frame.time_delta_displayed": "0.000777000", + "frame.time_relative": "1754.219738000", + "frame.number": "6568", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b149", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000740", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47585", + "tcp.dstport": "80", + "tcp.port": "47585", + "tcp.port": "80", + "tcp.stream": "253", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000067b0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6566", + "tcp.analysis.ack_rtt": "0.009239000", + "tcp.analysis.initial_rtt": "0.005709000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.683528000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.683528000", + "frame.time_delta": "0.003104000", + "frame.time_delta_displayed": "0.003104000", + "frame.time_relative": "1754.222842000", + "frame.number": "6569", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b14a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000073f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47585", + "tcp.dstport": "80", + "tcp.port": "47585", + "tcp.port": "80", + "tcp.stream": "253", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000067af", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.684023000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.684023000", + "frame.time_delta": "0.000495000", + "frame.time_delta_displayed": "0.000495000", + "frame.time_relative": "1754.223337000", + "frame.number": "6570", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000014b0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a3d9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47585", + "tcp.port": "80", + "tcp.port": "47585", + "tcp.stream": "253", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005a45", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6569", + "tcp.analysis.ack_rtt": "0.000495000", + "tcp.analysis.initial_rtt": "0.005709000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.687820000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.687820000", + "frame.time_delta": "0.003797000", + "frame.time_delta_displayed": "0.003797000", + "frame.time_relative": "1754.227134000", + "frame.number": "6571", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000054d8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006280", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "250", + "http.prev_response_in": "6559" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.689245000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.689245000", + "frame.time_delta": "0.001425000", + "frame.time_delta_displayed": "0.001425000", + "frame.time_relative": "1754.228559000", + "frame.number": "6572", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000021ff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000968a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47585", + "tcp.dstport": "80", + "tcp.port": "47585", + "tcp.port": "80", + "tcp.stream": "253", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f049", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.700097000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.700097000", + "frame.time_delta": "0.010852000", + "frame.time_delta_displayed": "0.010852000", + "frame.time_relative": "1754.239411000", + "frame.number": "6573", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000e4cf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d3a5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47586", + "tcp.dstport": "80", + "tcp.port": "47586", + "tcp.port": "80", + "tcp.stream": "254", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00003cac", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7f:a8:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950184, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950184", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.700617000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.700617000", + "frame.time_delta": "0.000520000", + "frame.time_delta_displayed": "0.000520000", + "frame.time_relative": "1754.239931000", + "frame.number": "6574", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47586", + "tcp.port": "80", + "tcp.port": "47586", + "tcp.stream": "254", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00000c5a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6573", + "tcp.analysis.ack_rtt": "0.000520000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.705905000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.705905000", + "frame.time_delta": "0.005288000", + "frame.time_delta_displayed": "0.005288000", + "frame.time_relative": "1754.245219000", + "frame.number": "6575", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e4d0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d3b8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47586", + "tcp.dstport": "80", + "tcp.port": "47586", + "tcp.port": "80", + "tcp.stream": "254", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bde1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6574", + "tcp.analysis.ack_rtt": "0.005288000", + "tcp.analysis.initial_rtt": "0.005808000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.706928000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.706928000", + "frame.time_delta": "0.001023000", + "frame.time_delta_displayed": "0.001023000", + "frame.time_relative": "1754.246242000", + "frame.number": "6576", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000e4d1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d2f7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47586", + "tcp.dstport": "80", + "tcp.port": "47586", + "tcp.port": "80", + "tcp.stream": "254", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001d5c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005808000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.707412000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.707412000", + "frame.time_delta": "0.000484000", + "frame.time_delta_displayed": "0.000484000", + "frame.time_relative": "1754.246726000", + "frame.number": "6577", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e5d9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d2af", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47586", + "tcp.port": "80", + "tcp.port": "47586", + "tcp.stream": "254", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000afb0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6576", + "tcp.analysis.ack_rtt": "0.000484000", + "tcp.analysis.initial_rtt": "0.005808000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.708053000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.708053000", + "frame.time_delta": "0.000641000", + "frame.time_delta_displayed": "0.000641000", + "frame.time_relative": "1754.247367000", + "frame.number": "6578", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000e5da", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d29d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47586", + "tcp.port": "80", + "tcp.port": "47586", + "tcp.stream": "254", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000efd1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005808000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.708408000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.708408000", + "frame.time_delta": "0.000355000", + "frame.time_delta_displayed": "0.000355000", + "frame.time_relative": "1754.247722000", + "frame.number": "6579", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000e5db", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ceca", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47586", + "tcp.port": "80", + "tcp.port": "47586", + "tcp.stream": "254", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000423b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005808000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6578", + "tcp.segment": "6579", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001480000", + "http.request_in": "6576", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.708891000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.708891000", + "frame.time_delta": "0.000483000", + "frame.time_delta_displayed": "0.000483000", + "frame.time_relative": "1754.248205000", + "frame.number": "6580", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000e5dc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cec9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47586", + "tcp.port": "80", + "tcp.port": "47586", + "tcp.stream": "254", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000423b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005808000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.712296000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.712296000", + "frame.time_delta": "0.003405000", + "frame.time_delta_displayed": "0.003405000", + "frame.time_relative": "1754.251610000", + "frame.number": "6581", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e4d2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d3b6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47586", + "tcp.dstport": "80", + "tcp.port": "47586", + "tcp.port": "80", + "tcp.stream": "254", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bd10", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6578", + "tcp.analysis.ack_rtt": "0.004243000", + "tcp.analysis.initial_rtt": "0.005808000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.712471000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.712471000", + "frame.time_delta": "0.000175000", + "frame.time_delta_displayed": "0.000175000", + "frame.time_relative": "1754.251785000", + "frame.number": "6582", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e4d3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d3b5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47586", + "tcp.dstport": "80", + "tcp.port": "47586", + "tcp.port": "80", + "tcp.stream": "254", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b925", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6579", + "tcp.analysis.ack_rtt": "0.004063000", + "tcp.analysis.initial_rtt": "0.005808000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.714769000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.714769000", + "frame.time_delta": "0.002298000", + "frame.time_delta_displayed": "0.002298000", + "frame.time_relative": "1754.254083000", + "frame.number": "6583", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e4d4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d3b4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47586", + "tcp.dstport": "80", + "tcp.port": "47586", + "tcp.port": "80", + "tcp.stream": "254", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b924", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.715220000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.715220000", + "frame.time_delta": "0.000451000", + "frame.time_delta_displayed": "0.000451000", + "frame.time_relative": "1754.254534000", + "frame.number": "6584", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000014b2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a3d7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47586", + "tcp.port": "80", + "tcp.port": "47586", + "tcp.stream": "254", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000abba", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6583", + "tcp.analysis.ack_rtt": "0.000451000", + "tcp.analysis.initial_rtt": "0.005808000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.719857000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.719857000", + "frame.time_delta": "0.004637000", + "frame.time_delta_displayed": "0.004637000", + "frame.time_relative": "1754.259171000", + "frame.number": "6585", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002200", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009689", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47586", + "tcp.dstport": "80", + "tcp.port": "47586", + "tcp.port": "80", + "tcp.stream": "254", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002383", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.720368000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.720368000", + "frame.time_delta": "0.000511000", + "frame.time_delta_displayed": "0.000511000", + "frame.time_relative": "1754.259682000", + "frame.number": "6586", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002201", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009688", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47586", + "tcp.dstport": "80", + "tcp.port": "47586", + "tcp.port": "80", + "tcp.stream": "254", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002382", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.740791000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.740791000", + "frame.time_delta": "0.020423000", + "frame.time_delta_displayed": "0.020423000", + "frame.time_relative": "1754.280105000", + "frame.number": "6587", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000054da", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006284", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "251", + "http.prev_response_in": "6571" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.751269000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.751269000", + "frame.time_delta": "0.010478000", + "frame.time_delta_displayed": "0.010478000", + "frame.time_relative": "1754.290583000", + "frame.number": "6588", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00006636", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000523f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47587", + "tcp.dstport": "80", + "tcp.port": "47587", + "tcp.port": "80", + "tcp.stream": "255", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000a39f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7f:ad:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950189, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950189", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.751816000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.751816000", + "frame.time_delta": "0.000547000", + "frame.time_delta_displayed": "0.000547000", + "frame.time_relative": "1754.291130000", + "frame.number": "6589", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47587", + "tcp.port": "80", + "tcp.port": "47587", + "tcp.stream": "255", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000a365", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6588", + "tcp.analysis.ack_rtt": "0.000547000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.756377000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.756377000", + "frame.time_delta": "0.004561000", + "frame.time_delta_displayed": "0.004561000", + "frame.time_relative": "1754.295691000", + "frame.number": "6590", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006637", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005252", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47587", + "tcp.dstport": "80", + "tcp.port": "47587", + "tcp.port": "80", + "tcp.stream": "255", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000054ed", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6589", + "tcp.analysis.ack_rtt": "0.004561000", + "tcp.analysis.initial_rtt": "0.005108000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.757144000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.757144000", + "frame.time_delta": "0.000767000", + "frame.time_delta_displayed": "0.000767000", + "frame.time_relative": "1754.296458000", + "frame.number": "6591", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00006638", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005191", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47587", + "tcp.dstport": "80", + "tcp.port": "47587", + "tcp.port": "80", + "tcp.stream": "255", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b467", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005108000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.757643000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.757643000", + "frame.time_delta": "0.000499000", + "frame.time_delta_displayed": "0.000499000", + "frame.time_relative": "1754.296957000", + "frame.number": "6592", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d33a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e54e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47587", + "tcp.port": "80", + "tcp.port": "47587", + "tcp.stream": "255", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000046bc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6591", + "tcp.analysis.ack_rtt": "0.000499000", + "tcp.analysis.initial_rtt": "0.005108000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.758341000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.758341000", + "frame.time_delta": "0.000698000", + "frame.time_delta_displayed": "0.000698000", + "frame.time_relative": "1754.297655000", + "frame.number": "6593", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000d33b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e53c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47587", + "tcp.port": "80", + "tcp.port": "47587", + "tcp.stream": "255", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000086dd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005108000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.758693000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.758693000", + "frame.time_delta": "0.000352000", + "frame.time_delta_displayed": "0.000352000", + "frame.time_relative": "1754.298007000", + "frame.number": "6594", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000d33c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e169", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47587", + "tcp.port": "80", + "tcp.port": "47587", + "tcp.stream": "255", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d946", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005108000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6593", + "tcp.segment": "6594", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001549000", + "http.request_in": "6591", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.758704000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.758704000", + "frame.time_delta": "0.000011000", + "frame.time_delta_displayed": "0.000011000", + "frame.time_relative": "1754.298018000", + "frame.number": "6595", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000d33d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e168", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47587", + "tcp.port": "80", + "tcp.port": "47587", + "tcp.stream": "255", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d946", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005108000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.762933000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.762933000", + "frame.time_delta": "0.004229000", + "frame.time_delta_displayed": "0.004229000", + "frame.time_relative": "1754.302247000", + "frame.number": "6596", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006639", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005250", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47587", + "tcp.dstport": "80", + "tcp.port": "47587", + "tcp.port": "80", + "tcp.stream": "255", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000541c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6593", + "tcp.analysis.ack_rtt": "0.004592000", + "tcp.analysis.initial_rtt": "0.005108000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.763339000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.763339000", + "frame.time_delta": "0.000406000", + "frame.time_delta_displayed": "0.000406000", + "frame.time_relative": "1754.302653000", + "frame.number": "6597", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000663a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000524f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47587", + "tcp.dstport": "80", + "tcp.port": "47587", + "tcp.port": "80", + "tcp.stream": "255", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005031", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6594", + "tcp.analysis.ack_rtt": "0.004646000", + "tcp.analysis.initial_rtt": "0.005108000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.766117000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.766117000", + "frame.time_delta": "0.002778000", + "frame.time_delta_displayed": "0.002778000", + "frame.time_relative": "1754.305431000", + "frame.number": "6598", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000663b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005242", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47587", + "tcp.dstport": "80", + "tcp.port": "47587", + "tcp.port": "80", + "tcp.stream": "255", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ac3d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:68:1b:cc:e0:68:1b:d0:c4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005108000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "6597", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.766159000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.766159000", + "frame.time_delta": "0.000042000", + "frame.time_delta_displayed": "0.000042000", + "frame.time_relative": "1754.305473000", + "frame.number": "6599", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000663c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000524d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47587", + "tcp.dstport": "80", + "tcp.port": "47587", + "tcp.port": "80", + "tcp.stream": "255", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005030", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.766588000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.766588000", + "frame.time_delta": "0.000429000", + "frame.time_delta_displayed": "0.000429000", + "frame.time_relative": "1754.305902000", + "frame.number": "6600", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000014b4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a3d5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47587", + "tcp.port": "80", + "tcp.port": "47587", + "tcp.stream": "255", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000042c6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6599", + "tcp.analysis.ack_rtt": "0.000429000", + "tcp.analysis.initial_rtt": "0.005108000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:45.770912000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495345.770912000", + "frame.time_delta": "0.004324000", + "frame.time_delta_displayed": "0.004324000", + "frame.time_relative": "1754.310226000", + "frame.number": "6601", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002205", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009684", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47587", + "tcp.dstport": "80", + "tcp.port": "47587", + "tcp.port": "80", + "tcp.stream": "255", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008a7a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.687738000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.687738000", + "frame.time_delta": "0.916826000", + "frame.time_delta_displayed": "0.916826000", + "frame.time_relative": "1755.227052000", + "frame.number": "6602", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005512", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000624f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "252", + "http.prev_response_in": "6587" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.740583000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.740583000", + "frame.time_delta": "0.052845000", + "frame.time_delta_displayed": "0.052845000", + "frame.time_relative": "1755.279897000", + "frame.number": "6603", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005517", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006241", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "253", + "http.prev_response_in": "6602" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.780981000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.780981000", + "frame.time_delta": "0.040398000", + "frame.time_delta_displayed": "0.040398000", + "frame.time_relative": "1755.320295000", + "frame.number": "6604", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000038de", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007f97", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47588", + "tcp.dstport": "80", + "tcp.port": "47588", + "tcp.port": "80", + "tcp.stream": "256", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x000096fc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:80:14:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950292, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950292", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.781533000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.781533000", + "frame.time_delta": "0.000552000", + "frame.time_delta_displayed": "0.000552000", + "frame.time_relative": "1755.320847000", + "frame.number": "6605", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47588", + "tcp.port": "80", + "tcp.port": "47588", + "tcp.stream": "256", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000a5f8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6604", + "tcp.analysis.ack_rtt": "0.000552000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.784755000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.784755000", + "frame.time_delta": "0.003222000", + "frame.time_delta_displayed": "0.003222000", + "frame.time_relative": "1755.324069000", + "frame.number": "6606", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000038df", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007faa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47588", + "tcp.dstport": "80", + "tcp.port": "47588", + "tcp.port": "80", + "tcp.stream": "256", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005780", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6605", + "tcp.analysis.ack_rtt": "0.003222000", + "tcp.analysis.initial_rtt": "0.003774000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.785291000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.785291000", + "frame.time_delta": "0.000536000", + "frame.time_delta_displayed": "0.000536000", + "frame.time_relative": "1755.324605000", + "frame.number": "6607", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000038e0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007ee9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47588", + "tcp.dstport": "80", + "tcp.port": "47588", + "tcp.port": "80", + "tcp.stream": "256", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b6fa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003774000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.785781000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.785781000", + "frame.time_delta": "0.000490000", + "frame.time_delta_displayed": "0.000490000", + "frame.time_relative": "1755.325095000", + "frame.number": "6608", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000dcac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dbdc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47588", + "tcp.port": "80", + "tcp.port": "47588", + "tcp.stream": "256", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000494f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6607", + "tcp.analysis.ack_rtt": "0.000490000", + "tcp.analysis.initial_rtt": "0.003774000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.786441000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.786441000", + "frame.time_delta": "0.000660000", + "frame.time_delta_displayed": "0.000660000", + "frame.time_relative": "1755.325755000", + "frame.number": "6609", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000dcad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dbca", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47588", + "tcp.port": "80", + "tcp.port": "47588", + "tcp.stream": "256", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008970", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003774000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.786791000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.786791000", + "frame.time_delta": "0.000350000", + "frame.time_delta_displayed": "0.000350000", + "frame.time_relative": "1755.326105000", + "frame.number": "6610", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000dcae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d7f7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47588", + "tcp.port": "80", + "tcp.port": "47588", + "tcp.stream": "256", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000dbd9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003774000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6609", + "tcp.segment": "6610", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001500000", + "http.request_in": "6607", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.788896000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.788896000", + "frame.time_delta": "0.002105000", + "frame.time_delta_displayed": "0.002105000", + "frame.time_relative": "1755.328210000", + "frame.number": "6611", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000dcaf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d7f6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47588", + "tcp.port": "80", + "tcp.port": "47588", + "tcp.stream": "256", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000dbd9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003774000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.791312000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.791312000", + "frame.time_delta": "0.002416000", + "frame.time_delta_displayed": "0.002416000", + "frame.time_relative": "1755.330626000", + "frame.number": "6612", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000038e1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007fa8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47588", + "tcp.dstport": "80", + "tcp.port": "47588", + "tcp.port": "80", + "tcp.stream": "256", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000056af", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6609", + "tcp.analysis.ack_rtt": "0.004871000", + "tcp.analysis.initial_rtt": "0.003774000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.791446000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.791446000", + "frame.time_delta": "0.000134000", + "frame.time_delta_displayed": "0.000134000", + "frame.time_relative": "1755.330760000", + "frame.number": "6613", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000038e2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007fa7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47588", + "tcp.dstport": "80", + "tcp.port": "47588", + "tcp.port": "80", + "tcp.stream": "256", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000052c4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6610", + "tcp.analysis.ack_rtt": "0.004655000", + "tcp.analysis.initial_rtt": "0.003774000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.792271000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.792271000", + "frame.time_delta": "0.000825000", + "frame.time_delta_displayed": "0.000825000", + "frame.time_relative": "1755.331585000", + "frame.number": "6614", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000038e3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007fa6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47588", + "tcp.dstport": "80", + "tcp.port": "47588", + "tcp.port": "80", + "tcp.stream": "256", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000052c3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.792720000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.792720000", + "frame.time_delta": "0.000449000", + "frame.time_delta_displayed": "0.000449000", + "frame.time_relative": "1755.332034000", + "frame.number": "6615", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000014da", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a3af", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47588", + "tcp.port": "80", + "tcp.port": "47588", + "tcp.stream": "256", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004559", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6614", + "tcp.analysis.ack_rtt": "0.000449000", + "tcp.analysis.initial_rtt": "0.003774000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.793295000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.793295000", + "frame.time_delta": "0.000575000", + "frame.time_delta_displayed": "0.000575000", + "frame.time_relative": "1755.332609000", + "frame.number": "6616", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000225f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000962a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47588", + "tcp.dstport": "80", + "tcp.port": "47588", + "tcp.port": "80", + "tcp.stream": "256", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007e3f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.793500000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.793500000", + "frame.time_delta": "0.000205000", + "frame.time_delta_displayed": "0.000205000", + "frame.time_relative": "1755.332814000", + "frame.number": "6617", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000551b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006243", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "254", + "http.prev_response_in": "6603" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.796254000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.796254000", + "frame.time_delta": "0.002754000", + "frame.time_delta_displayed": "0.002754000", + "frame.time_relative": "1755.335568000", + "frame.number": "6618", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002260", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009629", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47588", + "tcp.dstport": "80", + "tcp.port": "47588", + "tcp.port": "80", + "tcp.stream": "256", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007e3e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.804213000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.804213000", + "frame.time_delta": "0.007959000", + "frame.time_delta_displayed": "0.007959000", + "frame.time_relative": "1755.343527000", + "frame.number": "6619", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000035cb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000082aa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47589", + "tcp.dstport": "80", + "tcp.port": "47589", + "tcp.port": "80", + "tcp.stream": "257", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x000007fb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:80:16:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950294, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950294", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.804774000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.804774000", + "frame.time_delta": "0.000561000", + "frame.time_delta_displayed": "0.000561000", + "frame.time_relative": "1755.344088000", + "frame.number": "6620", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47589", + "tcp.port": "80", + "tcp.port": "47589", + "tcp.stream": "257", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00003183", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6619", + "tcp.analysis.ack_rtt": "0.000561000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.808527000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.808527000", + "frame.time_delta": "0.003753000", + "frame.time_delta_displayed": "0.003753000", + "frame.time_relative": "1755.347841000", + "frame.number": "6621", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000035cc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000082bd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47589", + "tcp.dstport": "80", + "tcp.port": "47589", + "tcp.port": "80", + "tcp.stream": "257", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e30a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6620", + "tcp.analysis.ack_rtt": "0.003753000", + "tcp.analysis.initial_rtt": "0.004314000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.808995000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.808995000", + "frame.time_delta": "0.000468000", + "frame.time_delta_displayed": "0.000468000", + "frame.time_relative": "1755.348309000", + "frame.number": "6622", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000035cd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000081fc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47589", + "tcp.dstport": "80", + "tcp.port": "47589", + "tcp.port": "80", + "tcp.stream": "257", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004285", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004314000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.809716000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.809716000", + "frame.time_delta": "0.000721000", + "frame.time_delta_displayed": "0.000721000", + "frame.time_relative": "1755.349030000", + "frame.number": "6623", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006bb6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004cd3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47589", + "tcp.port": "80", + "tcp.port": "47589", + "tcp.stream": "257", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d4d9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6622", + "tcp.analysis.ack_rtt": "0.000721000", + "tcp.analysis.initial_rtt": "0.004314000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.810448000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.810448000", + "frame.time_delta": "0.000732000", + "frame.time_delta_displayed": "0.000732000", + "frame.time_relative": "1755.349762000", + "frame.number": "6624", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00006bb7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004cc1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47589", + "tcp.port": "80", + "tcp.port": "47589", + "tcp.stream": "257", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000014fb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004314000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.810459000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.810459000", + "frame.time_delta": "0.000011000", + "frame.time_delta_displayed": "0.000011000", + "frame.time_relative": "1755.349773000", + "frame.number": "6625", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00006bb8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000048ee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47589", + "tcp.port": "80", + "tcp.port": "47589", + "tcp.stream": "257", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006764", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004314000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6624", + "tcp.segment": "6625", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001464000", + "http.request_in": "6622", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.814748000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.814748000", + "frame.time_delta": "0.004289000", + "frame.time_delta_displayed": "0.004289000", + "frame.time_relative": "1755.354062000", + "frame.number": "6626", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000035ce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000082bb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47589", + "tcp.dstport": "80", + "tcp.port": "47589", + "tcp.port": "80", + "tcp.stream": "257", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e239", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6624", + "tcp.analysis.ack_rtt": "0.004300000", + "tcp.analysis.initial_rtt": "0.004314000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.815275000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.815275000", + "frame.time_delta": "0.000527000", + "frame.time_delta_displayed": "0.000527000", + "frame.time_relative": "1755.354589000", + "frame.number": "6627", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000035cf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000082ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47589", + "tcp.dstport": "80", + "tcp.port": "47589", + "tcp.port": "80", + "tcp.stream": "257", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000de4e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6625", + "tcp.analysis.ack_rtt": "0.004816000", + "tcp.analysis.initial_rtt": "0.004314000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.816797000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.816797000", + "frame.time_delta": "0.001522000", + "frame.time_delta_displayed": "0.001522000", + "frame.time_relative": "1755.356111000", + "frame.number": "6628", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000035d0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000082b9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47589", + "tcp.dstport": "80", + "tcp.port": "47589", + "tcp.port": "80", + "tcp.stream": "257", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000de4d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.817249000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.817249000", + "frame.time_delta": "0.000452000", + "frame.time_delta_displayed": "0.000452000", + "frame.time_relative": "1755.356563000", + "frame.number": "6629", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000014db", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a3ae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47589", + "tcp.port": "80", + "tcp.port": "47589", + "tcp.stream": "257", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d0e3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6628", + "tcp.analysis.ack_rtt": "0.000452000", + "tcp.analysis.initial_rtt": "0.004314000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:46.821444000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495346.821444000", + "frame.time_delta": "0.004195000", + "frame.time_delta_displayed": "0.004195000", + "frame.time_relative": "1755.360758000", + "frame.number": "6630", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002263", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009626", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47589", + "tcp.dstport": "80", + "tcp.port": "47589", + "tcp.port": "80", + "tcp.stream": "257", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ef3e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.164998000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.164998000", + "frame.time_delta": "0.343554000", + "frame.time_delta_displayed": "0.343554000", + "frame.time_relative": "1755.704312000", + "frame.number": "6631", + "frame.len": "318", + "frame.cap_len": "318", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "304", + "ip.id": "0x0000642b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "46", + "ip.proto": "6", + "ip.checksum": "0x000031b1", + "ip.checksum.status": "2", + "ip.src": "54.219.189.240", + "ip.addr": "54.219.189.240", + "ip.src_host": "54.219.189.240", + "ip.host": "54.219.189.240", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49776", + "tcp.port": "80", + "tcp.port": "49776", + "tcp.stream": "183", + "tcp.len": "264", + "tcp.seq": "1", + "tcp.nxtseq": "265", + "tcp.ack": "258", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "15544", + "tcp.window_size": "15544", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000175c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.017905000", + "tcp.analysis.bytes_in_flight": "264", + "tcp.analysis.push_bytes_sent": "264" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.date": "Wed, 01 Nov 2017 00:15:47 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:15:47 GMT\r\n", + "http.content_type": "text\/javascript; charset=\"UTF-8\"", + "http.response.line": "Content-Type: text\/javascript; charset=\"UTF-8\"\r\n", + "http.content_length_header": "24", + "http.content_length_header_tree": { + "http.content_length": "24" + }, + "http.response.line": "Content-Length: 24\r\n", + "http.connection": "keep-alive", + "http.response.line": "Connection: keep-alive\r\n", + "http.cache_control": "no-cache", + "http.response.line": "Cache-Control: no-cache\r\n", + "http.response.line": "Access-Control-Allow-Origin: *\r\n", + "http.response.line": "Access-Control-Allow-Methods: GET\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "280.017487000", + "http.request_in": "5029", + "http.file_data": "[[],\"15094945528362978\"]" + }, + "data-text-lines": { + "[[],\"15094945528362978\"]": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.198808000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.198808000", + "frame.time_delta": "0.033810000", + "frame.time_delta_displayed": "0.033810000", + "frame.time_relative": "1755.738122000", + "frame.number": "6632", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000105e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f585", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.189.240", + "ip.addr": "54.219.189.240", + "ip.dst_host": "54.219.189.240", + "ip.host": "54.219.189.240", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49776", + "tcp.dstport": "80", + "tcp.port": "49776", + "tcp.port": "80", + "tcp.stream": "183", + "tcp.len": "0", + "tcp.seq": "258", + "tcp.ack": "265", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5336", + "tcp.window_size": "5336", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003157", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6631", + "tcp.analysis.ack_rtt": "0.033810000", + "tcp.analysis.initial_rtt": "0.017905000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.212506000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.212506000", + "frame.time_delta": "0.013698000", + "frame.time_delta_displayed": "0.013698000", + "frame.time_relative": "1755.751820000", + "frame.number": "6633", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000642c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "46", + "ip.proto": "6", + "ip.checksum": "0x000032b8", + "ip.checksum.status": "2", + "ip.src": "54.219.189.240", + "ip.addr": "54.219.189.240", + "ip.src_host": "54.219.189.240", + "ip.host": "54.219.189.240", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49776", + "tcp.port": "80", + "tcp.port": "49776", + "tcp.stream": "183", + "tcp.len": "0", + "tcp.seq": "265", + "tcp.ack": "259", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "15544", + "tcp.window_size": "15544", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00000976", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6632", + "tcp.analysis.ack_rtt": "0.013698000", + "tcp.analysis.initial_rtt": "0.017905000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.217665000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.217665000", + "frame.time_delta": "0.005159000", + "frame.time_delta_displayed": "0.005159000", + "frame.time_relative": "1755.756979000", + "frame.number": "6634", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000105f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f584", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.189.240", + "ip.addr": "54.219.189.240", + "ip.dst_host": "54.219.189.240", + "ip.host": "54.219.189.240", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49776", + "tcp.dstport": "80", + "tcp.port": "49776", + "tcp.port": "80", + "tcp.stream": "183", + "tcp.len": "0", + "tcp.seq": "259", + "tcp.ack": "266", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5335", + "tcp.window_size": "5335", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003157", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6633", + "tcp.analysis.ack_rtt": "0.005159000", + "tcp.analysis.initial_rtt": "0.017905000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.636219000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.636219000", + "frame.time_delta": "0.418554000", + "frame.time_delta_displayed": "0.418554000", + "frame.time_relative": "1756.175533000", + "frame.number": "6635", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005542", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000621f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "255", + "http.prev_response_in": "6617" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.689099000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.689099000", + "frame.time_delta": "0.052880000", + "frame.time_delta_displayed": "0.052880000", + "frame.time_relative": "1756.228413000", + "frame.number": "6636", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005547", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006211", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "256", + "http.prev_response_in": "6635" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.701513000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.701513000", + "frame.time_delta": "0.012414000", + "frame.time_delta_displayed": "0.012414000", + "frame.time_relative": "1756.240827000", + "frame.number": "6637", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00008442", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003433", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47590", + "tcp.dstport": "80", + "tcp.port": "47590", + "tcp.port": "80", + "tcp.stream": "258", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000f596", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:80:71:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950385, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950385", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.702059000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.702059000", + "frame.time_delta": "0.000546000", + "frame.time_delta_displayed": "0.000546000", + "frame.time_relative": "1756.241373000", + "frame.number": "6638", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47590", + "tcp.port": "80", + "tcp.port": "47590", + "tcp.stream": "258", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000046d6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6637", + "tcp.analysis.ack_rtt": "0.000546000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.705474000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.705474000", + "frame.time_delta": "0.003415000", + "frame.time_delta_displayed": "0.003415000", + "frame.time_relative": "1756.244788000", + "frame.number": "6639", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008443", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003446", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47590", + "tcp.dstport": "80", + "tcp.port": "47590", + "tcp.port": "80", + "tcp.stream": "258", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f85d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6638", + "tcp.analysis.ack_rtt": "0.003415000", + "tcp.analysis.initial_rtt": "0.003961000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.708471000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.708471000", + "frame.time_delta": "0.002997000", + "frame.time_delta_displayed": "0.002997000", + "frame.time_relative": "1756.247785000", + "frame.number": "6640", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00008444", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003385", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47590", + "tcp.dstport": "80", + "tcp.port": "47590", + "tcp.port": "80", + "tcp.stream": "258", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000057d8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003961000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.709252000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.709252000", + "frame.time_delta": "0.000781000", + "frame.time_delta_displayed": "0.000781000", + "frame.time_relative": "1756.248566000", + "frame.number": "6641", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b73f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000014a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47590", + "tcp.port": "80", + "tcp.port": "47590", + "tcp.stream": "258", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ea2c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6640", + "tcp.analysis.ack_rtt": "0.000781000", + "tcp.analysis.initial_rtt": "0.003961000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.709902000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.709902000", + "frame.time_delta": "0.000650000", + "frame.time_delta_displayed": "0.000650000", + "frame.time_relative": "1756.249216000", + "frame.number": "6642", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000b740", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000138", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47590", + "tcp.port": "80", + "tcp.port": "47590", + "tcp.stream": "258", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002a4e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003961000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.710287000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.710287000", + "frame.time_delta": "0.000385000", + "frame.time_delta_displayed": "0.000385000", + "frame.time_relative": "1756.249601000", + "frame.number": "6643", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000b741", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fd64", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47590", + "tcp.port": "80", + "tcp.port": "47590", + "tcp.stream": "258", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007cb7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003961000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6642", + "tcp.segment": "6643", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001816000", + "http.request_in": "6640", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.718874000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.718874000", + "frame.time_delta": "0.008587000", + "frame.time_delta_displayed": "0.008587000", + "frame.time_relative": "1756.258188000", + "frame.number": "6644", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000b742", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fd63", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47590", + "tcp.port": "80", + "tcp.port": "47590", + "tcp.stream": "258", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007cb7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003961000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.retransmission": "", + "_ws.expert.message": "This frame is a (suspected) retransmission", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + }, + "tcp.analysis.rto": "0.008587000", + "tcp.analysis.rto_frame": "6643" + } + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.725073000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.725073000", + "frame.time_delta": "0.006199000", + "frame.time_delta_displayed": "0.006199000", + "frame.time_relative": "1756.264387000", + "frame.number": "6645", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008445", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003444", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47590", + "tcp.dstport": "80", + "tcp.port": "47590", + "tcp.port": "80", + "tcp.stream": "258", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f78c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6642", + "tcp.analysis.ack_rtt": "0.015171000", + "tcp.analysis.initial_rtt": "0.003961000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.725124000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.725124000", + "frame.time_delta": "0.000051000", + "frame.time_delta_displayed": "0.000051000", + "frame.time_relative": "1756.264438000", + "frame.number": "6646", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008446", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003443", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47590", + "tcp.dstport": "80", + "tcp.port": "47590", + "tcp.port": "80", + "tcp.stream": "258", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f3a1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6643", + "tcp.analysis.ack_rtt": "0.014837000", + "tcp.analysis.initial_rtt": "0.003961000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.725739000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.725739000", + "frame.time_delta": "0.000615000", + "frame.time_delta_displayed": "0.000615000", + "frame.time_relative": "1756.265053000", + "frame.number": "6647", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00008447", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003436", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47590", + "tcp.dstport": "80", + "tcp.port": "47590", + "tcp.port": "80", + "tcp.stream": "258", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f118", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:4c:ae:97:98:4c:ae:9b:7c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003961000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "6646", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.725854000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.725854000", + "frame.time_delta": "0.000115000", + "frame.time_delta_displayed": "0.000115000", + "frame.time_relative": "1756.265168000", + "frame.number": "6648", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008448", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003441", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47590", + "tcp.dstport": "80", + "tcp.port": "47590", + "tcp.port": "80", + "tcp.stream": "258", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f3a0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.726285000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.726285000", + "frame.time_delta": "0.000431000", + "frame.time_delta_displayed": "0.000431000", + "frame.time_relative": "1756.265599000", + "frame.number": "6649", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001526", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a363", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47590", + "tcp.port": "80", + "tcp.port": "47590", + "tcp.stream": "258", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e636", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6648", + "tcp.analysis.ack_rtt": "0.000431000", + "tcp.analysis.initial_rtt": "0.003961000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.729071000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.729071000", + "frame.time_delta": "0.002786000", + "frame.time_delta_displayed": "0.002786000", + "frame.time_relative": "1756.268385000", + "frame.number": "6650", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002264", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009625", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47590", + "tcp.dstport": "80", + "tcp.port": "47590", + "tcp.port": "80", + "tcp.stream": "258", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000dd35", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.742421000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.742421000", + "frame.time_delta": "0.013350000", + "frame.time_delta_displayed": "0.013350000", + "frame.time_relative": "1756.281735000", + "frame.number": "6651", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000554a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006214", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "257", + "http.prev_response_in": "6636" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.749153000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.749153000", + "frame.time_delta": "0.006732000", + "frame.time_delta_displayed": "0.006732000", + "frame.time_relative": "1756.288467000", + "frame.number": "6652", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000413f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007736", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47591", + "tcp.dstport": "80", + "tcp.port": "47591", + "tcp.port": "80", + "tcp.stream": "259", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000707e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:80:75:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950389, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950389", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.749684000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.749684000", + "frame.time_delta": "0.000531000", + "frame.time_delta_displayed": "0.000531000", + "frame.time_relative": "1756.288998000", + "frame.number": "6653", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47591", + "tcp.port": "80", + "tcp.port": "47591", + "tcp.stream": "259", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00002f48", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6652", + "tcp.analysis.ack_rtt": "0.000531000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.752920000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.752920000", + "frame.time_delta": "0.003236000", + "frame.time_delta_displayed": "0.003236000", + "frame.time_relative": "1756.292234000", + "frame.number": "6654", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004140", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007749", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47591", + "tcp.dstport": "80", + "tcp.port": "47591", + "tcp.port": "80", + "tcp.stream": "259", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e0cf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6653", + "tcp.analysis.ack_rtt": "0.003236000", + "tcp.analysis.initial_rtt": "0.003767000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.753050000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.753050000", + "frame.time_delta": "0.000130000", + "frame.time_delta_displayed": "0.000130000", + "frame.time_relative": "1756.292364000", + "frame.number": "6655", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00004141", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007688", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47591", + "tcp.dstport": "80", + "tcp.port": "47591", + "tcp.port": "80", + "tcp.stream": "259", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000404a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003767000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.753485000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.753485000", + "frame.time_delta": "0.000435000", + "frame.time_delta_displayed": "0.000435000", + "frame.time_relative": "1756.292799000", + "frame.number": "6656", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000babd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fdcb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47591", + "tcp.port": "80", + "tcp.port": "47591", + "tcp.stream": "259", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d29e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6655", + "tcp.analysis.ack_rtt": "0.000435000", + "tcp.analysis.initial_rtt": "0.003767000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.754163000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.754163000", + "frame.time_delta": "0.000678000", + "frame.time_delta_displayed": "0.000678000", + "frame.time_relative": "1756.293477000", + "frame.number": "6657", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000babe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fdb9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47591", + "tcp.port": "80", + "tcp.port": "47591", + "tcp.stream": "259", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000012c0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003767000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.754517000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.754517000", + "frame.time_delta": "0.000354000", + "frame.time_delta_displayed": "0.000354000", + "frame.time_relative": "1756.293831000", + "frame.number": "6658", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000babf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f9e6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47591", + "tcp.port": "80", + "tcp.port": "47591", + "tcp.stream": "259", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006529", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003767000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6657", + "tcp.segment": "6658", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001467000", + "http.request_in": "6655", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.758860000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.758860000", + "frame.time_delta": "0.004343000", + "frame.time_delta_displayed": "0.004343000", + "frame.time_relative": "1756.298174000", + "frame.number": "6659", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004142", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007747", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47591", + "tcp.dstport": "80", + "tcp.port": "47591", + "tcp.port": "80", + "tcp.stream": "259", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000dffe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6657", + "tcp.analysis.ack_rtt": "0.004697000", + "tcp.analysis.initial_rtt": "0.003767000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.758871000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.758871000", + "frame.time_delta": "0.000011000", + "frame.time_delta_displayed": "0.000011000", + "frame.time_relative": "1756.298185000", + "frame.number": "6660", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000bac0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f9e5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47591", + "tcp.port": "80", + "tcp.port": "47591", + "tcp.stream": "259", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006529", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003767000", + "tcp.analysis.bytes_in_flight": "996", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.retransmission": "", + "_ws.expert.message": "This frame is a (suspected) retransmission", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + }, + "tcp.analysis.rto": "0.004354000", + "tcp.analysis.rto_frame": "6658" + } + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.759685000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.759685000", + "frame.time_delta": "0.000814000", + "frame.time_delta_displayed": "0.000814000", + "frame.time_relative": "1756.298999000", + "frame.number": "6661", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004143", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007746", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47591", + "tcp.dstport": "80", + "tcp.port": "47591", + "tcp.port": "80", + "tcp.stream": "259", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000dc13", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6658", + "tcp.analysis.ack_rtt": "0.005168000", + "tcp.analysis.initial_rtt": "0.003767000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.760663000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.760663000", + "frame.time_delta": "0.000978000", + "frame.time_delta_displayed": "0.000978000", + "frame.time_relative": "1756.299977000", + "frame.number": "6662", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004144", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007745", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47591", + "tcp.dstport": "80", + "tcp.port": "47591", + "tcp.port": "80", + "tcp.stream": "259", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000dc12", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.761093000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.761093000", + "frame.time_delta": "0.000430000", + "frame.time_delta_displayed": "0.000430000", + "frame.time_relative": "1756.300407000", + "frame.number": "6663", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001528", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a361", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47591", + "tcp.port": "80", + "tcp.port": "47591", + "tcp.stream": "259", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000cea8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6662", + "tcp.analysis.ack_rtt": "0.000430000", + "tcp.analysis.initial_rtt": "0.003767000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.762630000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.762630000", + "frame.time_delta": "0.001537000", + "frame.time_delta_displayed": "0.001537000", + "frame.time_relative": "1756.301944000", + "frame.number": "6664", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002268", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009621", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47591", + "tcp.dstport": "80", + "tcp.port": "47591", + "tcp.port": "80", + "tcp.stream": "259", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005822", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:47.765312000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495347.765312000", + "frame.time_delta": "0.002682000", + "frame.time_delta_displayed": "0.002682000", + "frame.time_relative": "1756.304626000", + "frame.number": "6665", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002269", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009620", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47591", + "tcp.dstport": "80", + "tcp.port": "47591", + "tcp.port": "80", + "tcp.stream": "259", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005821", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.205397000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.205397000", + "frame.time_delta": "0.440085000", + "frame.time_delta_displayed": "0.440085000", + "frame.time_relative": "1756.744711000", + "frame.number": "6666", + "frame.len": "77", + "frame.cap_len": "77", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "63", + "ip.id": "0x00001060", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00002984", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49153", + "udp.dstport": "53", + "udp.port": "49153", + "udp.port": "53", + "udp.length": "43", + "udp.checksum": "0x0000ae31", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "pubsub.pubnub.com: type A, class IN": { + "dns.qry.name": "pubsub.pubnub.com", + "dns.qry.name.len": "17", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.207330000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.207330000", + "frame.time_delta": "0.001933000", + "frame.time_delta_displayed": "0.001933000", + "frame.time_relative": "1756.746644000", + "frame.number": "6667", + "frame.len": "540", + "frame.cap_len": "540", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "526", + "ip.id": "0x0000f48d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c287", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49153", + "udp.port": "53", + "udp.port": "49153", + "udp.length": "506", + "udp.checksum": "0x000083d5", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.response_to": "6666", + "dns.time": "0.001933000", + "dns.id": "0x00000000", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "2", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "11", + "Queries": { + "pubsub.pubnub.com: type A, class IN": { + "dns.qry.name": "pubsub.pubnub.com", + "dns.qry.name.len": "17", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "pubsub.pubnub.com: type A, class IN, addr 54.219.189.243": { + "dns.resp.name": "pubsub.pubnub.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "107", + "dns.resp.len": "4", + "dns.a": "54.219.189.243" + }, + "pubsub.pubnub.com: type A, class IN, addr 52.9.63.131": { + "dns.resp.name": "pubsub.pubnub.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "107", + "dns.resp.len": "4", + "dns.a": "52.9.63.131" + } + }, + "Authoritative nameservers": { + "pubnub.com: type NS, class IN, ns ns4.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "52211", + "dns.resp.len": "20", + "dns.ns": "ns4.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns-22.awsdns-02.com": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "52211", + "dns.resp.len": "18", + "dns.ns": "ns-22.awsdns-02.com" + }, + "pubnub.com: type NS, class IN, ns ns1.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "52211", + "dns.resp.len": "6", + "dns.ns": "ns1.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns-1979.awsdns-55.co.uk": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "52211", + "dns.resp.len": "25", + "dns.ns": "ns-1979.awsdns-55.co.uk" + }, + "pubnub.com: type NS, class IN, ns ns-907.awsdns-49.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "52211", + "dns.resp.len": "19", + "dns.ns": "ns-907.awsdns-49.net" + }, + "pubnub.com: type NS, class IN, ns ns2.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "52211", + "dns.resp.len": "6", + "dns.ns": "ns2.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns3.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "52211", + "dns.resp.len": "6", + "dns.ns": "ns3.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns-1127.awsdns-12.org": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "52211", + "dns.resp.len": "23", + "dns.ns": "ns-1127.awsdns-12.org" + } + }, + "Additional records": { + "ns1.p19.dynect.net: type A, class IN, addr 208.78.70.19": { + "dns.resp.name": "ns1.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4502", + "dns.resp.len": "4", + "dns.a": "208.78.70.19" + }, + "ns2.p19.dynect.net: type A, class IN, addr 204.13.250.19": { + "dns.resp.name": "ns2.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56462", + "dns.resp.len": "4", + "dns.a": "204.13.250.19" + }, + "ns3.p19.dynect.net: type A, class IN, addr 208.78.71.19": { + "dns.resp.name": "ns3.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2772", + "dns.resp.len": "4", + "dns.a": "208.78.71.19" + }, + "ns4.p19.dynect.net: type A, class IN, addr 204.13.251.19": { + "dns.resp.name": "ns4.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56463", + "dns.resp.len": "4", + "dns.a": "204.13.251.19" + }, + "ns-22.awsdns-02.com: type A, class IN, addr 205.251.192.22": { + "dns.resp.name": "ns-22.awsdns-02.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57204", + "dns.resp.len": "4", + "dns.a": "205.251.192.22" + }, + "ns-907.awsdns-49.net: type A, class IN, addr 205.251.195.139": { + "dns.resp.name": "ns-907.awsdns-49.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57312", + "dns.resp.len": "4", + "dns.a": "205.251.195.139" + }, + "ns-1127.awsdns-12.org: type A, class IN, addr 205.251.196.103": { + "dns.resp.name": "ns-1127.awsdns-12.org", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56854", + "dns.resp.len": "4", + "dns.a": "205.251.196.103" + }, + "ns-1979.awsdns-55.co.uk: type A, class IN, addr 205.251.199.187": { + "dns.resp.name": "ns-1979.awsdns-55.co.uk", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56655", + "dns.resp.len": "4", + "dns.a": "205.251.199.187" + }, + "ns-22.awsdns-02.com: type AAAA, class IN, addr 2600:9000:5300:1600::1": { + "dns.resp.name": "ns-22.awsdns-02.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57204", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5300:1600::1" + }, + "ns-907.awsdns-49.net: type AAAA, class IN, addr 2600:9000:5303:8b00::1": { + "dns.resp.name": "ns-907.awsdns-49.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57312", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5303:8b00::1" + }, + "ns-1127.awsdns-12.org: type AAAA, class IN, addr 2600:9000:5304:6700::1": { + "dns.resp.name": "ns-1127.awsdns-12.org", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56854", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5304:6700::1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.214121000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.214121000", + "frame.time_delta": "0.006791000", + "frame.time_delta_displayed": "0.006791000", + "frame.time_relative": "1756.753435000", + "frame.number": "6668", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00001061", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f57b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.189.243", + "ip.addr": "54.219.189.243", + "ip.dst_host": "54.219.189.243", + "ip.host": "54.219.189.243", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49779", + "tcp.dstport": "80", + "tcp.port": "49779", + "tcp.port": "80", + "tcp.stream": "260", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.checksum": "0x00004ecb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:78", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1400" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.225837000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.225837000", + "frame.time_delta": "0.011716000", + "frame.time_delta_displayed": "0.011716000", + "frame.time_relative": "1756.765151000", + "frame.number": "6669", + "frame.len": "58", + "frame.cap_len": "58", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x000095dd", + "ip.checksum.status": "2", + "ip.src": "54.219.189.243", + "ip.addr": "54.219.189.243", + "ip.src_host": "54.219.189.243", + "ip.host": "54.219.189.243", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49779", + "tcp.port": "80", + "tcp.port": "49779", + "tcp.stream": "260", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x0000fdde", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6668", + "tcp.analysis.ack_rtt": "0.011716000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.231114000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.231114000", + "frame.time_delta": "0.005277000", + "frame.time_delta_displayed": "0.005277000", + "frame.time_relative": "1756.770428000", + "frame.number": "6670", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001062", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f57e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.189.243", + "ip.addr": "54.219.189.243", + "ip.dst_host": "54.219.189.243", + "ip.host": "54.219.189.243", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49779", + "tcp.dstport": "80", + "tcp.port": "49779", + "tcp.port": "80", + "tcp.stream": "260", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000038c4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6669", + "tcp.analysis.ack_rtt": "0.005277000", + "tcp.analysis.initial_rtt": "0.016993000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.250366000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.250366000", + "frame.time_delta": "0.019252000", + "frame.time_delta_displayed": "0.019252000", + "frame.time_relative": "1756.789680000", + "frame.number": "6671", + "frame.len": "69", + "frame.cap_len": "69", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "55", + "ip.id": "0x00001063", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f56e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.189.243", + "ip.addr": "54.219.189.243", + "ip.dst_host": "54.219.189.243", + "ip.host": "54.219.189.243", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49779", + "tcp.dstport": "80", + "tcp.port": "49779", + "tcp.port": "80", + "tcp.stream": "260", + "tcp.len": "15", + "tcp.seq": "1", + "tcp.nxtseq": "16", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000813f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.016993000", + "tcp.analysis.bytes_in_flight": "15", + "tcp.analysis.push_bytes_sent": "15" + }, + "tcp.segment_data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.262140000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.262140000", + "frame.time_delta": "0.011774000", + "frame.time_delta_displayed": "0.011774000", + "frame.time_relative": "1756.801454000", + "frame.number": "6672", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b01c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x0000e5c4", + "ip.checksum.status": "2", + "ip.src": "54.219.189.243", + "ip.addr": "54.219.189.243", + "ip.src_host": "54.219.189.243", + "ip.host": "54.219.189.243", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49779", + "tcp.port": "80", + "tcp.port": "49779", + "tcp.stream": "260", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "16", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000158d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6671", + "tcp.analysis.ack_rtt": "0.011774000", + "tcp.analysis.initial_rtt": "0.016993000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.268058000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.268058000", + "frame.time_delta": "0.005918000", + "frame.time_delta_displayed": "0.005918000", + "frame.time_relative": "1756.807372000", + "frame.number": "6673", + "frame.len": "296", + "frame.cap_len": "296", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "282", + "ip.id": "0x00001064", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f48a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.189.243", + "ip.addr": "54.219.189.243", + "ip.dst_host": "54.219.189.243", + "ip.host": "54.219.189.243", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49779", + "tcp.dstport": "80", + "tcp.port": "49779", + "tcp.port": "80", + "tcp.stream": "260", + "tcp.len": "242", + "tcp.seq": "16", + "tcp.nxtseq": "258", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000b7d2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.016993000", + "tcp.analysis.bytes_in_flight": "242", + "tcp.analysis.push_bytes_sent": "242" + }, + "tcp.segment_data": "73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" + }, + "tcp.segments": { + "tcp.segment": "6671", + "tcp.segment": "6673", + "tcp.segment.count": "2", + "tcp.reassembled.length": "257", + "tcp.reassembled.data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f:73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" + }, + "http": { + "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "pubsub.pubnub.com", + "http.request.line": "Host: pubsub.pubnub.com\r\n", + "http.user_agent": "lwsockets\/0.1", + "http.request.line": "User-Agent: lwsockets\/0.1\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.cache_control": "no-cache, no-store, max-age=0", + "http.request.line": "Cache-Control: no-cache, no-store, max-age=0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/pubsub.pubnub.com\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.280375000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.280375000", + "frame.time_delta": "0.012317000", + "frame.time_delta_displayed": "0.012317000", + "frame.time_relative": "1756.819689000", + "frame.number": "6674", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b01d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x0000e5c3", + "ip.checksum.status": "2", + "ip.src": "54.219.189.243", + "ip.addr": "54.219.189.243", + "ip.src_host": "54.219.189.243", + "ip.host": "54.219.189.243", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49779", + "tcp.port": "80", + "tcp.port": "49779", + "tcp.stream": "260", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "258", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "15544", + "tcp.window_size": "15544", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000010eb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6673", + "tcp.analysis.ack_rtt": "0.012317000", + "tcp.analysis.initial_rtt": "0.016993000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.689339000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.689339000", + "frame.time_delta": "0.408964000", + "frame.time_delta_displayed": "0.408964000", + "frame.time_relative": "1757.228653000", + "frame.number": "6675", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005595", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000061cc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "258", + "http.prev_response_in": "6651" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.700088000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.700088000", + "frame.time_delta": "0.010749000", + "frame.time_delta_displayed": "0.010749000", + "frame.time_relative": "1757.239402000", + "frame.number": "6676", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00007f0e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003967", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47592", + "tcp.dstport": "80", + "tcp.port": "47592", + "tcp.port": "80", + "tcp.stream": "261", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000e4eb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:80:d4:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950484, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950484", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.700632000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.700632000", + "frame.time_delta": "0.000544000", + "frame.time_delta_displayed": "0.000544000", + "frame.time_relative": "1757.239946000", + "frame.number": "6677", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47592", + "tcp.port": "80", + "tcp.port": "47592", + "tcp.stream": "261", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00009981", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6676", + "tcp.analysis.ack_rtt": "0.000544000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.704725000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.704725000", + "frame.time_delta": "0.004093000", + "frame.time_delta_displayed": "0.004093000", + "frame.time_relative": "1757.244039000", + "frame.number": "6678", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007f0f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000397a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47592", + "tcp.dstport": "80", + "tcp.port": "47592", + "tcp.port": "80", + "tcp.stream": "261", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004b09", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6677", + "tcp.analysis.ack_rtt": "0.004093000", + "tcp.analysis.initial_rtt": "0.004637000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.707962000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.707962000", + "frame.time_delta": "0.003237000", + "frame.time_delta_displayed": "0.003237000", + "frame.time_relative": "1757.247276000", + "frame.number": "6679", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00007f10", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000038b9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47592", + "tcp.dstport": "80", + "tcp.port": "47592", + "tcp.port": "80", + "tcp.stream": "261", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000aa83", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004637000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.708461000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.708461000", + "frame.time_delta": "0.000499000", + "frame.time_delta_displayed": "0.000499000", + "frame.time_relative": "1757.247775000", + "frame.number": "6680", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002da0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008ae9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47592", + "tcp.port": "80", + "tcp.port": "47592", + "tcp.stream": "261", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003cd8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6679", + "tcp.analysis.ack_rtt": "0.000499000", + "tcp.analysis.initial_rtt": "0.004637000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.709238000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.709238000", + "frame.time_delta": "0.000777000", + "frame.time_delta_displayed": "0.000777000", + "frame.time_relative": "1757.248552000", + "frame.number": "6681", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00002da1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008ad7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47592", + "tcp.port": "80", + "tcp.port": "47592", + "tcp.stream": "261", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007cf9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004637000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.709555000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.709555000", + "frame.time_delta": "0.000317000", + "frame.time_delta_displayed": "0.000317000", + "frame.time_relative": "1757.248869000", + "frame.number": "6682", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00002da2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008704", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47592", + "tcp.port": "80", + "tcp.port": "47592", + "tcp.stream": "261", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000cf62", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004637000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6681", + "tcp.segment": "6682", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001593000", + "http.request_in": "6679", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.712568000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.712568000", + "frame.time_delta": "0.003013000", + "frame.time_delta_displayed": "0.003013000", + "frame.time_relative": "1757.251882000", + "frame.number": "6683", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007f11", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003978", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47592", + "tcp.dstport": "80", + "tcp.port": "47592", + "tcp.port": "80", + "tcp.stream": "261", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004a38", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6681", + "tcp.analysis.ack_rtt": "0.003330000", + "tcp.analysis.initial_rtt": "0.004637000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.718814000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.718814000", + "frame.time_delta": "0.006246000", + "frame.time_delta_displayed": "0.006246000", + "frame.time_relative": "1757.258128000", + "frame.number": "6684", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007f12", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003977", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47592", + "tcp.dstport": "80", + "tcp.port": "47592", + "tcp.port": "80", + "tcp.stream": "261", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000464d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6682", + "tcp.analysis.ack_rtt": "0.009259000", + "tcp.analysis.initial_rtt": "0.004637000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.718854000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.718854000", + "frame.time_delta": "0.000040000", + "frame.time_delta_displayed": "0.000040000", + "frame.time_relative": "1757.258168000", + "frame.number": "6685", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007f13", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003976", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47592", + "tcp.dstport": "80", + "tcp.port": "47592", + "tcp.port": "80", + "tcp.stream": "261", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000464c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.719333000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.719333000", + "frame.time_delta": "0.000479000", + "frame.time_delta_displayed": "0.000479000", + "frame.time_relative": "1757.258647000", + "frame.number": "6686", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001588", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a301", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47592", + "tcp.port": "80", + "tcp.port": "47592", + "tcp.stream": "261", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000038e2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6685", + "tcp.analysis.ack_rtt": "0.000479000", + "tcp.analysis.initial_rtt": "0.004637000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.724434000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.724434000", + "frame.time_delta": "0.005101000", + "frame.time_delta_displayed": "0.005101000", + "frame.time_relative": "1757.263748000", + "frame.number": "6687", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000022c6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000095c3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47592", + "tcp.dstport": "80", + "tcp.port": "47592", + "tcp.port": "80", + "tcp.stream": "261", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000cced", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.742544000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.742544000", + "frame.time_delta": "0.018110000", + "frame.time_delta_displayed": "0.018110000", + "frame.time_relative": "1757.281858000", + "frame.number": "6688", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005597", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000061c1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "259", + "http.prev_response_in": "6675" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.750737000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.750737000", + "frame.time_delta": "0.008193000", + "frame.time_delta_displayed": "0.008193000", + "frame.time_relative": "1757.290051000", + "frame.number": "6689", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00004058", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000781d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47593", + "tcp.dstport": "80", + "tcp.port": "47593", + "tcp.port": "80", + "tcp.stream": "262", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000f7c5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:80:d9:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950489, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950489", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.751281000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.751281000", + "frame.time_delta": "0.000544000", + "frame.time_delta_displayed": "0.000544000", + "frame.time_relative": "1757.290595000", + "frame.number": "6690", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47593", + "tcp.port": "80", + "tcp.port": "47593", + "tcp.stream": "262", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000dfb5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6689", + "tcp.analysis.ack_rtt": "0.000544000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.754806000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.754806000", + "frame.time_delta": "0.003525000", + "frame.time_delta_displayed": "0.003525000", + "frame.time_relative": "1757.294120000", + "frame.number": "6691", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004059", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007830", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47593", + "tcp.dstport": "80", + "tcp.port": "47593", + "tcp.port": "80", + "tcp.stream": "262", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000913d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6690", + "tcp.analysis.ack_rtt": "0.003525000", + "tcp.analysis.initial_rtt": "0.004069000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.760190000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.760190000", + "frame.time_delta": "0.005384000", + "frame.time_delta_displayed": "0.005384000", + "frame.time_relative": "1757.299504000", + "frame.number": "6692", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000405a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000776f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47593", + "tcp.dstport": "80", + "tcp.port": "47593", + "tcp.port": "80", + "tcp.stream": "262", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f0b7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004069000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.760696000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.760696000", + "frame.time_delta": "0.000506000", + "frame.time_delta_displayed": "0.000506000", + "frame.time_relative": "1757.300010000", + "frame.number": "6693", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000719f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000046ea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47593", + "tcp.port": "80", + "tcp.port": "47593", + "tcp.stream": "262", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000830c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6692", + "tcp.analysis.ack_rtt": "0.000506000", + "tcp.analysis.initial_rtt": "0.004069000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.761430000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.761430000", + "frame.time_delta": "0.000734000", + "frame.time_delta_displayed": "0.000734000", + "frame.time_relative": "1757.300744000", + "frame.number": "6694", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000071a0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000046d8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47593", + "tcp.port": "80", + "tcp.port": "47593", + "tcp.stream": "262", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c32d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004069000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.761793000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.761793000", + "frame.time_delta": "0.000363000", + "frame.time_delta_displayed": "0.000363000", + "frame.time_relative": "1757.301107000", + "frame.number": "6695", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000071a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004305", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47593", + "tcp.port": "80", + "tcp.port": "47593", + "tcp.stream": "262", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001597", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004069000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6694", + "tcp.segment": "6695", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001603000", + "http.request_in": "6692", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.765647000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.765647000", + "frame.time_delta": "0.003854000", + "frame.time_delta_displayed": "0.003854000", + "frame.time_relative": "1757.304961000", + "frame.number": "6696", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000405b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000782e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47593", + "tcp.dstport": "80", + "tcp.port": "47593", + "tcp.port": "80", + "tcp.stream": "262", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000906c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6694", + "tcp.analysis.ack_rtt": "0.004217000", + "tcp.analysis.initial_rtt": "0.004069000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.766101000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.766101000", + "frame.time_delta": "0.000454000", + "frame.time_delta_displayed": "0.000454000", + "frame.time_relative": "1757.305415000", + "frame.number": "6697", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000405c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000782d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47593", + "tcp.dstport": "80", + "tcp.port": "47593", + "tcp.port": "80", + "tcp.stream": "262", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008c81", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6695", + "tcp.analysis.ack_rtt": "0.004308000", + "tcp.analysis.initial_rtt": "0.004069000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.766955000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.766955000", + "frame.time_delta": "0.000854000", + "frame.time_delta_displayed": "0.000854000", + "frame.time_relative": "1757.306269000", + "frame.number": "6698", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000405d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000782c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47593", + "tcp.dstport": "80", + "tcp.port": "47593", + "tcp.port": "80", + "tcp.stream": "262", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008c80", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.767385000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.767385000", + "frame.time_delta": "0.000430000", + "frame.time_delta_displayed": "0.000430000", + "frame.time_relative": "1757.306699000", + "frame.number": "6699", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000158c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a2fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47593", + "tcp.port": "80", + "tcp.port": "47593", + "tcp.stream": "262", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007f16", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6698", + "tcp.analysis.ack_rtt": "0.000430000", + "tcp.analysis.initial_rtt": "0.004069000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.772091000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.772091000", + "frame.time_delta": "0.004706000", + "frame.time_delta_displayed": "0.004706000", + "frame.time_relative": "1757.311405000", + "frame.number": "6700", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000022ca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000095bf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47593", + "tcp.dstport": "80", + "tcp.port": "47593", + "tcp.port": "80", + "tcp.stream": "262", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000dfcc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.795486000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.795486000", + "frame.time_delta": "0.023395000", + "frame.time_delta_displayed": "0.023395000", + "frame.time_relative": "1757.334800000", + "frame.number": "6701", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000559c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000061c2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "260", + "http.prev_response_in": "6688" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.807095000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.807095000", + "frame.time_delta": "0.011609000", + "frame.time_delta_displayed": "0.011609000", + "frame.time_relative": "1757.346409000", + "frame.number": "6702", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00005e07", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005a6e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47594", + "tcp.dstport": "80", + "tcp.port": "47594", + "tcp.port": "80", + "tcp.stream": "263", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00000951", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:80:df:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950495, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950495", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.807637000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.807637000", + "frame.time_delta": "0.000542000", + "frame.time_delta_displayed": "0.000542000", + "frame.time_relative": "1757.346951000", + "frame.number": "6703", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47594", + "tcp.port": "80", + "tcp.port": "47594", + "tcp.stream": "263", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008a0a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6702", + "tcp.analysis.ack_rtt": "0.000542000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.811564000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.811564000", + "frame.time_delta": "0.003927000", + "frame.time_delta_displayed": "0.003927000", + "frame.time_relative": "1757.350878000", + "frame.number": "6704", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005e08", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005a81", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47594", + "tcp.dstport": "80", + "tcp.port": "47594", + "tcp.port": "80", + "tcp.stream": "263", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003b92", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6703", + "tcp.analysis.ack_rtt": "0.003927000", + "tcp.analysis.initial_rtt": "0.004469000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.812554000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.812554000", + "frame.time_delta": "0.000990000", + "frame.time_delta_displayed": "0.000990000", + "frame.time_relative": "1757.351868000", + "frame.number": "6705", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00005e09", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000059c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47594", + "tcp.dstport": "80", + "tcp.port": "47594", + "tcp.port": "80", + "tcp.stream": "263", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009b0c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004469000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.813049000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.813049000", + "frame.time_delta": "0.000495000", + "frame.time_delta_displayed": "0.000495000", + "frame.time_relative": "1757.352363000", + "frame.number": "6706", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cc4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009bc5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47594", + "tcp.port": "80", + "tcp.port": "47594", + "tcp.stream": "263", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002d61", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6705", + "tcp.analysis.ack_rtt": "0.000495000", + "tcp.analysis.initial_rtt": "0.004469000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.813698000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.813698000", + "frame.time_delta": "0.000649000", + "frame.time_delta_displayed": "0.000649000", + "frame.time_relative": "1757.353012000", + "frame.number": "6707", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00001cc5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009bb3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47594", + "tcp.port": "80", + "tcp.port": "47594", + "tcp.stream": "263", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006d82", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004469000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.814046000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.814046000", + "frame.time_delta": "0.000348000", + "frame.time_delta_displayed": "0.000348000", + "frame.time_relative": "1757.353360000", + "frame.number": "6708", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00001cc6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000097e0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47594", + "tcp.port": "80", + "tcp.port": "47594", + "tcp.stream": "263", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bfeb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004469000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6707", + "tcp.segment": "6708", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001492000", + "http.request_in": "6705", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.820769000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.820769000", + "frame.time_delta": "0.006723000", + "frame.time_delta_displayed": "0.006723000", + "frame.time_relative": "1757.360083000", + "frame.number": "6709", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005e0a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005a7f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47594", + "tcp.dstport": "80", + "tcp.port": "47594", + "tcp.port": "80", + "tcp.stream": "263", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003ac1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6707", + "tcp.analysis.ack_rtt": "0.007071000", + "tcp.analysis.initial_rtt": "0.004469000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.820818000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.820818000", + "frame.time_delta": "0.000049000", + "frame.time_delta_displayed": "0.000049000", + "frame.time_relative": "1757.360132000", + "frame.number": "6710", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005e0b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005a7e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47594", + "tcp.dstport": "80", + "tcp.port": "47594", + "tcp.port": "80", + "tcp.stream": "263", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000036d6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6708", + "tcp.analysis.ack_rtt": "0.006772000", + "tcp.analysis.initial_rtt": "0.004469000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.821445000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.821445000", + "frame.time_delta": "0.000627000", + "frame.time_delta_displayed": "0.000627000", + "frame.time_relative": "1757.360759000", + "frame.number": "6711", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005e0c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005a7d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47594", + "tcp.dstport": "80", + "tcp.port": "47594", + "tcp.port": "80", + "tcp.stream": "263", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000036d5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.821901000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.821901000", + "frame.time_delta": "0.000456000", + "frame.time_delta_displayed": "0.000456000", + "frame.time_relative": "1757.361215000", + "frame.number": "6712", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001590", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a2f9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47594", + "tcp.port": "80", + "tcp.port": "47594", + "tcp.stream": "263", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000296b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6711", + "tcp.analysis.ack_rtt": "0.000456000", + "tcp.analysis.initial_rtt": "0.004469000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:48.826137000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495348.826137000", + "frame.time_delta": "0.004236000", + "frame.time_delta_displayed": "0.004236000", + "frame.time_relative": "1757.365451000", + "frame.number": "6713", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000022cb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000095be", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47594", + "tcp.dstport": "80", + "tcp.port": "47594", + "tcp.port": "80", + "tcp.stream": "263", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f15d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:49.636896000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495349.636896000", + "frame.time_delta": "0.810759000", + "frame.time_delta_displayed": "0.810759000", + "frame.time_relative": "1758.176210000", + "frame.number": "6714", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000055db", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006186", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "261", + "http.prev_response_in": "6701" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:49.640056000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495349.640056000", + "frame.time_delta": "0.003160000", + "frame.time_delta_displayed": "0.003160000", + "frame.time_relative": "1758.179370000", + "frame.number": "6715", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:49.689566000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495349.689566000", + "frame.time_delta": "0.049510000", + "frame.time_delta_displayed": "0.049510000", + "frame.time_relative": "1758.228880000", + "frame.number": "6716", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000055dc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000617c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "262", + "http.prev_response_in": "6714" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:49.742342000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495349.742342000", + "frame.time_delta": "0.052776000", + "frame.time_delta_displayed": "0.052776000", + "frame.time_relative": "1758.281656000", + "frame.number": "6717", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000055de", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006180", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "263", + "http.prev_response_in": "6716" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:49.751593000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495349.751593000", + "frame.time_delta": "0.009251000", + "frame.time_delta_displayed": "0.009251000", + "frame.time_relative": "1758.290907000", + "frame.number": "6718", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00007714", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004161", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47595", + "tcp.dstport": "80", + "tcp.port": "47595", + "tcp.port": "80", + "tcp.stream": "264", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00006bd9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:81:3d:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950589, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950589", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:49.752138000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495349.752138000", + "frame.time_delta": "0.000545000", + "frame.time_delta_displayed": "0.000545000", + "frame.time_relative": "1758.291452000", + "frame.number": "6719", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47595", + "tcp.port": "80", + "tcp.port": "47595", + "tcp.stream": "264", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00004114", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6718", + "tcp.analysis.ack_rtt": "0.000545000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:49.755664000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495349.755664000", + "frame.time_delta": "0.003526000", + "frame.time_delta_displayed": "0.003526000", + "frame.time_relative": "1758.294978000", + "frame.number": "6720", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007715", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004174", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47595", + "tcp.dstport": "80", + "tcp.port": "47595", + "tcp.port": "80", + "tcp.stream": "264", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f29b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6719", + "tcp.analysis.ack_rtt": "0.003526000", + "tcp.analysis.initial_rtt": "0.004071000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:49.756179000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495349.756179000", + "frame.time_delta": "0.000515000", + "frame.time_delta_displayed": "0.000515000", + "frame.time_relative": "1758.295493000", + "frame.number": "6721", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00007716", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000040b3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47595", + "tcp.dstport": "80", + "tcp.port": "47595", + "tcp.port": "80", + "tcp.stream": "264", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005216", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004071000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:49.756656000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495349.756656000", + "frame.time_delta": "0.000477000", + "frame.time_delta_displayed": "0.000477000", + "frame.time_relative": "1758.295970000", + "frame.number": "6722", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e0b9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d7cf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47595", + "tcp.port": "80", + "tcp.port": "47595", + "tcp.stream": "264", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e46a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6721", + "tcp.analysis.ack_rtt": "0.000477000", + "tcp.analysis.initial_rtt": "0.004071000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:49.757325000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495349.757325000", + "frame.time_delta": "0.000669000", + "frame.time_delta_displayed": "0.000669000", + "frame.time_relative": "1758.296639000", + "frame.number": "6723", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000e0ba", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d7bd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47595", + "tcp.port": "80", + "tcp.port": "47595", + "tcp.stream": "264", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000248c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004071000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:49.757674000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495349.757674000", + "frame.time_delta": "0.000349000", + "frame.time_delta_displayed": "0.000349000", + "frame.time_relative": "1758.296988000", + "frame.number": "6724", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000e0bb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d3ea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47595", + "tcp.port": "80", + "tcp.port": "47595", + "tcp.stream": "264", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000076f5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004071000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6723", + "tcp.segment": "6724", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001495000", + "http.request_in": "6721", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:49.758864000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495349.758864000", + "frame.time_delta": "0.001190000", + "frame.time_delta_displayed": "0.001190000", + "frame.time_relative": "1758.298178000", + "frame.number": "6725", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000e0bc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d3e9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47595", + "tcp.port": "80", + "tcp.port": "47595", + "tcp.stream": "264", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000076f5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004071000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:49.763527000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495349.763527000", + "frame.time_delta": "0.004663000", + "frame.time_delta_displayed": "0.004663000", + "frame.time_relative": "1758.302841000", + "frame.number": "6726", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007717", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004172", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47595", + "tcp.dstport": "80", + "tcp.port": "47595", + "tcp.port": "80", + "tcp.stream": "264", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f1ca", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6723", + "tcp.analysis.ack_rtt": "0.006202000", + "tcp.analysis.initial_rtt": "0.004071000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:49.763578000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495349.763578000", + "frame.time_delta": "0.000051000", + "frame.time_delta_displayed": "0.000051000", + "frame.time_relative": "1758.302892000", + "frame.number": "6727", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007718", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004171", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47595", + "tcp.dstport": "80", + "tcp.port": "47595", + "tcp.port": "80", + "tcp.stream": "264", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000eddf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6724", + "tcp.analysis.ack_rtt": "0.005904000", + "tcp.analysis.initial_rtt": "0.004071000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:49.778679000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495349.778679000", + "frame.time_delta": "0.015101000", + "frame.time_delta_displayed": "0.015101000", + "frame.time_relative": "1758.317993000", + "frame.number": "6728", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007719", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004170", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47595", + "tcp.dstport": "80", + "tcp.port": "47595", + "tcp.port": "80", + "tcp.stream": "264", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000edde", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:49.779174000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495349.779174000", + "frame.time_delta": "0.000495000", + "frame.time_delta_displayed": "0.000495000", + "frame.time_relative": "1758.318488000", + "frame.number": "6729", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000015b5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a2d4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47595", + "tcp.port": "80", + "tcp.port": "47595", + "tcp.stream": "264", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e074", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6728", + "tcp.analysis.ack_rtt": "0.000495000", + "tcp.analysis.initial_rtt": "0.004071000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:49.784664000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495349.784664000", + "frame.time_delta": "0.005490000", + "frame.time_delta_displayed": "0.005490000", + "frame.time_relative": "1758.323978000", + "frame.number": "6730", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000230b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000957e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47595", + "tcp.dstport": "80", + "tcp.port": "47595", + "tcp.port": "80", + "tcp.stream": "264", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005445", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:49.784705000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495349.784705000", + "frame.time_delta": "0.000041000", + "frame.time_delta_displayed": "0.000041000", + "frame.time_relative": "1758.324019000", + "frame.number": "6731", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000230c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000957d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47595", + "tcp.dstport": "80", + "tcp.port": "47595", + "tcp.port": "80", + "tcp.stream": "264", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005444", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:49.876395000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495349.876395000", + "frame.time_delta": "0.091690000", + "frame.time_delta_displayed": "0.091690000", + "frame.time_relative": "1758.415709000", + "frame.number": "6732", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:49.900532000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495349.900532000", + "frame.time_delta": "0.024137000", + "frame.time_delta_displayed": "0.024137000", + "frame.time_relative": "1758.439846000", + "frame.number": "6733", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:49.954579000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495349.954579000", + "frame.time_delta": "0.054047000", + "frame.time_delta_displayed": "0.054047000", + "frame.time_relative": "1758.493893000", + "frame.number": "6734", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.079718000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.079718000", + "frame.time_delta": "0.125139000", + "frame.time_delta_displayed": "0.125139000", + "frame.time_relative": "1758.619032000", + "frame.number": "6735", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.689912000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.689912000", + "frame.time_delta": "0.610194000", + "frame.time_delta_displayed": "0.610194000", + "frame.time_relative": "1759.229226000", + "frame.number": "6736", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000560f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006152", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "264", + "http.prev_response_in": "6717" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.742782000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.742782000", + "frame.time_delta": "0.052870000", + "frame.time_delta_displayed": "0.052870000", + "frame.time_relative": "1759.282096000", + "frame.number": "6737", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005614", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006144", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "265", + "http.prev_response_in": "6736" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.784698000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.784698000", + "frame.time_delta": "0.041916000", + "frame.time_delta_displayed": "0.041916000", + "frame.time_relative": "1759.324012000", + "frame.number": "6738", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00003f2c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007949", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47596", + "tcp.dstport": "80", + "tcp.port": "47596", + "tcp.port": "80", + "tcp.stream": "265", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000a244", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:81:a5:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950693, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950693", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.785255000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.785255000", + "frame.time_delta": "0.000557000", + "frame.time_delta_displayed": "0.000557000", + "frame.time_relative": "1759.324569000", + "frame.number": "6739", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47596", + "tcp.port": "80", + "tcp.port": "47596", + "tcp.stream": "265", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000c84a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6738", + "tcp.analysis.ack_rtt": "0.000557000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.790490000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.790490000", + "frame.time_delta": "0.005235000", + "frame.time_delta_displayed": "0.005235000", + "frame.time_relative": "1759.329804000", + "frame.number": "6740", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003f2d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000795c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47596", + "tcp.dstport": "80", + "tcp.port": "47596", + "tcp.port": "80", + "tcp.stream": "265", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000079d2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6739", + "tcp.analysis.ack_rtt": "0.005235000", + "tcp.analysis.initial_rtt": "0.005792000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.791430000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.791430000", + "frame.time_delta": "0.000940000", + "frame.time_delta_displayed": "0.000940000", + "frame.time_relative": "1759.330744000", + "frame.number": "6741", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00003f2e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000789b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47596", + "tcp.dstport": "80", + "tcp.port": "47596", + "tcp.port": "80", + "tcp.stream": "265", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d94c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005792000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.791934000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.791934000", + "frame.time_delta": "0.000504000", + "frame.time_delta_displayed": "0.000504000", + "frame.time_relative": "1759.331248000", + "frame.number": "6742", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000033e0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000084a9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47596", + "tcp.port": "80", + "tcp.port": "47596", + "tcp.stream": "265", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006ba1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6741", + "tcp.analysis.ack_rtt": "0.000504000", + "tcp.analysis.initial_rtt": "0.005792000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.792601000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.792601000", + "frame.time_delta": "0.000667000", + "frame.time_delta_displayed": "0.000667000", + "frame.time_relative": "1759.331915000", + "frame.number": "6743", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000033e1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008497", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47596", + "tcp.port": "80", + "tcp.port": "47596", + "tcp.stream": "265", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000abc2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005792000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.792949000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.792949000", + "frame.time_delta": "0.000348000", + "frame.time_delta_displayed": "0.000348000", + "frame.time_relative": "1759.332263000", + "frame.number": "6744", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000033e2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000080c4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47596", + "tcp.port": "80", + "tcp.port": "47596", + "tcp.stream": "265", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000fe2b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005792000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6743", + "tcp.segment": "6744", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001519000", + "http.request_in": "6741", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.795376000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.795376000", + "frame.time_delta": "0.002427000", + "frame.time_delta_displayed": "0.002427000", + "frame.time_relative": "1759.334690000", + "frame.number": "6745", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00005618", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006146", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "266", + "http.prev_response_in": "6737" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.800377000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.800377000", + "frame.time_delta": "0.005001000", + "frame.time_delta_displayed": "0.005001000", + "frame.time_relative": "1759.339691000", + "frame.number": "6746", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003f2f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000795a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47596", + "tcp.dstport": "80", + "tcp.port": "47596", + "tcp.port": "80", + "tcp.stream": "265", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007901", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6743", + "tcp.analysis.ack_rtt": "0.007776000", + "tcp.analysis.initial_rtt": "0.005792000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.800952000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.800952000", + "frame.time_delta": "0.000575000", + "frame.time_delta_displayed": "0.000575000", + "frame.time_relative": "1759.340266000", + "frame.number": "6747", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003f30", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007959", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47596", + "tcp.dstport": "80", + "tcp.port": "47596", + "tcp.port": "80", + "tcp.stream": "265", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007516", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6744", + "tcp.analysis.ack_rtt": "0.008003000", + "tcp.analysis.initial_rtt": "0.005792000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.802697000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.802697000", + "frame.time_delta": "0.001745000", + "frame.time_delta_displayed": "0.001745000", + "frame.time_relative": "1759.342011000", + "frame.number": "6748", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003f31", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007958", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47596", + "tcp.dstport": "80", + "tcp.port": "47596", + "tcp.port": "80", + "tcp.stream": "265", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007515", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.803155000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.803155000", + "frame.time_delta": "0.000458000", + "frame.time_delta_displayed": "0.000458000", + "frame.time_relative": "1759.342469000", + "frame.number": "6749", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000015df", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a2aa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47596", + "tcp.port": "80", + "tcp.port": "47596", + "tcp.stream": "265", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000067ab", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6748", + "tcp.analysis.ack_rtt": "0.000458000", + "tcp.analysis.initial_rtt": "0.005792000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.810728000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.810728000", + "frame.time_delta": "0.007573000", + "frame.time_delta_displayed": "0.007573000", + "frame.time_relative": "1759.350042000", + "frame.number": "6750", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000050ba", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000067bb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47597", + "tcp.dstport": "80", + "tcp.port": "47597", + "tcp.port": "80", + "tcp.stream": "266", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000cc4b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:81:a7:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950695, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950695", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.811285000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.811285000", + "frame.time_delta": "0.000557000", + "frame.time_delta_displayed": "0.000557000", + "frame.time_relative": "1759.350599000", + "frame.number": "6751", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47597", + "tcp.port": "80", + "tcp.port": "47597", + "tcp.stream": "266", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00009896", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6750", + "tcp.analysis.ack_rtt": "0.000557000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.813762000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.813762000", + "frame.time_delta": "0.002477000", + "frame.time_delta_displayed": "0.002477000", + "frame.time_relative": "1759.353076000", + "frame.number": "6752", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002326", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009563", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47596", + "tcp.dstport": "80", + "tcp.port": "47596", + "tcp.port": "80", + "tcp.stream": "265", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008b17", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.816180000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.816180000", + "frame.time_delta": "0.002418000", + "frame.time_delta_displayed": "0.002418000", + "frame.time_relative": "1759.355494000", + "frame.number": "6753", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000050bb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000067ce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47597", + "tcp.dstport": "80", + "tcp.port": "47597", + "tcp.port": "80", + "tcp.stream": "266", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004a1e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6751", + "tcp.analysis.ack_rtt": "0.004895000", + "tcp.analysis.initial_rtt": "0.005452000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.816224000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.816224000", + "frame.time_delta": "0.000044000", + "frame.time_delta_displayed": "0.000044000", + "frame.time_relative": "1759.355538000", + "frame.number": "6754", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000050bc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000670d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47597", + "tcp.dstport": "80", + "tcp.port": "47597", + "tcp.port": "80", + "tcp.stream": "266", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a998", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005452000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.816736000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.816736000", + "frame.time_delta": "0.000512000", + "frame.time_delta_displayed": "0.000512000", + "frame.time_relative": "1759.356050000", + "frame.number": "6755", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007c06", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003c83", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47597", + "tcp.port": "80", + "tcp.port": "47597", + "tcp.stream": "266", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003bed", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6754", + "tcp.analysis.ack_rtt": "0.000512000", + "tcp.analysis.initial_rtt": "0.005452000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.817745000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.817745000", + "frame.time_delta": "0.001009000", + "frame.time_delta_displayed": "0.001009000", + "frame.time_relative": "1759.357059000", + "frame.number": "6756", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00007c07", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003c71", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47597", + "tcp.port": "80", + "tcp.port": "47597", + "tcp.stream": "266", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007c0e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005452000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.818099000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.818099000", + "frame.time_delta": "0.000354000", + "frame.time_delta_displayed": "0.000354000", + "frame.time_relative": "1759.357413000", + "frame.number": "6757", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00007c08", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000389e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47597", + "tcp.port": "80", + "tcp.port": "47597", + "tcp.stream": "266", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ce77", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005452000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6756", + "tcp.segment": "6757", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001875000", + "http.request_in": "6754", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.818856000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.818856000", + "frame.time_delta": "0.000757000", + "frame.time_delta_displayed": "0.000757000", + "frame.time_relative": "1759.358170000", + "frame.number": "6758", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00007c09", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000389d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47597", + "tcp.port": "80", + "tcp.port": "47597", + "tcp.stream": "266", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ce77", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005452000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.821295000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.821295000", + "frame.time_delta": "0.002439000", + "frame.time_delta_displayed": "0.002439000", + "frame.time_relative": "1759.360609000", + "frame.number": "6759", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000050bd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000067cc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47597", + "tcp.dstport": "80", + "tcp.port": "47597", + "tcp.port": "80", + "tcp.stream": "266", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000494d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6756", + "tcp.analysis.ack_rtt": "0.003550000", + "tcp.analysis.initial_rtt": "0.005452000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.822323000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.822323000", + "frame.time_delta": "0.001028000", + "frame.time_delta_displayed": "0.001028000", + "frame.time_relative": "1759.361637000", + "frame.number": "6760", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000050be", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000067cb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47597", + "tcp.dstport": "80", + "tcp.port": "47597", + "tcp.port": "80", + "tcp.stream": "266", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004562", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6757", + "tcp.analysis.ack_rtt": "0.004224000", + "tcp.analysis.initial_rtt": "0.005452000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.822447000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.822447000", + "frame.time_delta": "0.000124000", + "frame.time_delta_displayed": "0.000124000", + "frame.time_relative": "1759.361761000", + "frame.number": "6761", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000050bf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000067be", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47597", + "tcp.dstport": "80", + "tcp.port": "47597", + "tcp.port": "80", + "tcp.stream": "266", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003684", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:0c:77:5d:fa:0c:77:61:de", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005452000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "6760", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.823897000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.823897000", + "frame.time_delta": "0.001450000", + "frame.time_delta_displayed": "0.001450000", + "frame.time_relative": "1759.363211000", + "frame.number": "6762", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000050c0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000067c9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47597", + "tcp.dstport": "80", + "tcp.port": "47597", + "tcp.port": "80", + "tcp.stream": "266", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004561", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.824334000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.824334000", + "frame.time_delta": "0.000437000", + "frame.time_delta_displayed": "0.000437000", + "frame.time_relative": "1759.363648000", + "frame.number": "6763", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000015e1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a2a8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47597", + "tcp.port": "80", + "tcp.port": "47597", + "tcp.stream": "266", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000037f7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6762", + "tcp.analysis.ack_rtt": "0.000437000", + "tcp.analysis.initial_rtt": "0.005452000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:50.828065000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495350.828065000", + "frame.time_delta": "0.003731000", + "frame.time_delta_displayed": "0.003731000", + "frame.time_relative": "1759.367379000", + "frame.number": "6764", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002327", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009562", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47597", + "tcp.dstport": "80", + "tcp.port": "47597", + "tcp.port": "80", + "tcp.stream": "266", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b520", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.638542000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.638542000", + "frame.time_delta": "0.810477000", + "frame.time_delta_displayed": "0.810477000", + "frame.time_relative": "1760.177856000", + "frame.number": "6765", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005636", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000612b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "267", + "http.prev_response_in": "6745" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.691349000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.691349000", + "frame.time_delta": "0.052807000", + "frame.time_delta_displayed": "0.052807000", + "frame.time_relative": "1760.230663000", + "frame.number": "6766", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000563c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000611c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "268", + "http.prev_response_in": "6765" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.698808000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.698808000", + "frame.time_delta": "0.007459000", + "frame.time_delta_displayed": "0.007459000", + "frame.time_relative": "1760.238122000", + "frame.number": "6767", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000ca81", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000edf3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47598", + "tcp.dstport": "80", + "tcp.port": "47598", + "tcp.port": "80", + "tcp.stream": "267", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x000027a0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:82:00:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950784, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950784", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.699343000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.699343000", + "frame.time_delta": "0.000535000", + "frame.time_delta_displayed": "0.000535000", + "frame.time_relative": "1760.238657000", + "frame.number": "6768", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47598", + "tcp.port": "80", + "tcp.port": "47598", + "tcp.stream": "267", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000f459", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6767", + "tcp.analysis.ack_rtt": "0.000535000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.704893000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.704893000", + "frame.time_delta": "0.005550000", + "frame.time_delta_displayed": "0.005550000", + "frame.time_relative": "1760.244207000", + "frame.number": "6769", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ca82", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ee06", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47598", + "tcp.dstport": "80", + "tcp.port": "47598", + "tcp.port": "80", + "tcp.stream": "267", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a5e1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6768", + "tcp.analysis.ack_rtt": "0.005550000", + "tcp.analysis.initial_rtt": "0.006085000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.704943000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.704943000", + "frame.time_delta": "0.000050000", + "frame.time_delta_displayed": "0.000050000", + "frame.time_relative": "1760.244257000", + "frame.number": "6770", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000ca83", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ed45", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47598", + "tcp.dstport": "80", + "tcp.port": "47598", + "tcp.port": "80", + "tcp.stream": "267", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000055c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006085000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.705455000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.705455000", + "frame.time_delta": "0.000512000", + "frame.time_delta_displayed": "0.000512000", + "frame.time_relative": "1760.244769000", + "frame.number": "6771", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000026c7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000091c2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47598", + "tcp.port": "80", + "tcp.port": "47598", + "tcp.stream": "267", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000097b0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6770", + "tcp.analysis.ack_rtt": "0.000512000", + "tcp.analysis.initial_rtt": "0.006085000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.706136000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.706136000", + "frame.time_delta": "0.000681000", + "frame.time_delta_displayed": "0.000681000", + "frame.time_relative": "1760.245450000", + "frame.number": "6772", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000026c8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000091b0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47598", + "tcp.port": "80", + "tcp.port": "47598", + "tcp.stream": "267", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d7d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006085000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.706497000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.706497000", + "frame.time_delta": "0.000361000", + "frame.time_delta_displayed": "0.000361000", + "frame.time_relative": "1760.245811000", + "frame.number": "6773", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000026c9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008ddd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47598", + "tcp.port": "80", + "tcp.port": "47598", + "tcp.stream": "267", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002a3b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006085000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6772", + "tcp.segment": "6773", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001554000", + "http.request_in": "6770", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.708866000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.708866000", + "frame.time_delta": "0.002369000", + "frame.time_delta_displayed": "0.002369000", + "frame.time_relative": "1760.248180000", + "frame.number": "6774", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000026ca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008ddc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47598", + "tcp.port": "80", + "tcp.port": "47598", + "tcp.stream": "267", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002a3b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006085000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.710508000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.710508000", + "frame.time_delta": "0.001642000", + "frame.time_delta_displayed": "0.001642000", + "frame.time_relative": "1760.249822000", + "frame.number": "6775", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ca84", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ee04", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47598", + "tcp.dstport": "80", + "tcp.port": "47598", + "tcp.port": "80", + "tcp.stream": "267", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a510", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6772", + "tcp.analysis.ack_rtt": "0.004372000", + "tcp.analysis.initial_rtt": "0.006085000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.711437000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.711437000", + "frame.time_delta": "0.000929000", + "frame.time_delta_displayed": "0.000929000", + "frame.time_relative": "1760.250751000", + "frame.number": "6776", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ca85", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ee03", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47598", + "tcp.dstport": "80", + "tcp.port": "47598", + "tcp.port": "80", + "tcp.stream": "267", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a125", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6773", + "tcp.analysis.ack_rtt": "0.004940000", + "tcp.analysis.initial_rtt": "0.006085000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.714280000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.714280000", + "frame.time_delta": "0.002843000", + "frame.time_delta_displayed": "0.002843000", + "frame.time_relative": "1760.253594000", + "frame.number": "6777", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ca86", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ee02", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47598", + "tcp.dstport": "80", + "tcp.port": "47598", + "tcp.port": "80", + "tcp.stream": "267", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a124", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.714733000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.714733000", + "frame.time_delta": "0.000453000", + "frame.time_delta_displayed": "0.000453000", + "frame.time_relative": "1760.254047000", + "frame.number": "6778", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000015e4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a2a5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47598", + "tcp.port": "80", + "tcp.port": "47598", + "tcp.stream": "267", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000093ba", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6777", + "tcp.analysis.ack_rtt": "0.000453000", + "tcp.analysis.initial_rtt": "0.006085000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.714975000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.714975000", + "frame.time_delta": "0.000242000", + "frame.time_delta_displayed": "0.000242000", + "frame.time_relative": "1760.254289000", + "frame.number": "6779", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000233b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000954e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47598", + "tcp.dstport": "80", + "tcp.port": "47598", + "tcp.port": "80", + "tcp.stream": "267", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000010cf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.718232000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.718232000", + "frame.time_delta": "0.003257000", + "frame.time_delta_displayed": "0.003257000", + "frame.time_relative": "1760.257546000", + "frame.number": "6780", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000233c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000954d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47598", + "tcp.dstport": "80", + "tcp.port": "47598", + "tcp.port": "80", + "tcp.stream": "267", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000010ce", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.744214000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.744214000", + "frame.time_delta": "0.025982000", + "frame.time_delta_displayed": "0.025982000", + "frame.time_relative": "1760.283528000", + "frame.number": "6781", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000563d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006121", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "269", + "http.prev_response_in": "6766" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.756883000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.756883000", + "frame.time_delta": "0.012669000", + "frame.time_delta_displayed": "0.012669000", + "frame.time_relative": "1760.296197000", + "frame.number": "6782", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000660d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005268", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47599", + "tcp.dstport": "80", + "tcp.port": "47599", + "tcp.port": "80", + "tcp.stream": "268", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000ee6d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:82:06:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950790, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950790", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.757438000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.757438000", + "frame.time_delta": "0.000555000", + "frame.time_delta_displayed": "0.000555000", + "frame.time_relative": "1760.296752000", + "frame.number": "6783", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47599", + "tcp.port": "80", + "tcp.port": "47599", + "tcp.stream": "268", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00003612", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6782", + "tcp.analysis.ack_rtt": "0.000555000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.763796000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.763796000", + "frame.time_delta": "0.006358000", + "frame.time_delta_displayed": "0.006358000", + "frame.time_relative": "1760.303110000", + "frame.number": "6784", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000660e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000527b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47599", + "tcp.dstport": "80", + "tcp.port": "47599", + "tcp.port": "80", + "tcp.stream": "268", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e799", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6783", + "tcp.analysis.ack_rtt": "0.006358000", + "tcp.analysis.initial_rtt": "0.006913000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.766627000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.766627000", + "frame.time_delta": "0.002831000", + "frame.time_delta_displayed": "0.002831000", + "frame.time_relative": "1760.305941000", + "frame.number": "6785", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000660f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000051ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47599", + "tcp.dstport": "80", + "tcp.port": "47599", + "tcp.port": "80", + "tcp.stream": "268", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004714", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006913000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.767116000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.767116000", + "frame.time_delta": "0.000489000", + "frame.time_delta_displayed": "0.000489000", + "frame.time_relative": "1760.306430000", + "frame.number": "6786", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000221b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000966e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47599", + "tcp.port": "80", + "tcp.port": "47599", + "tcp.stream": "268", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d968", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6785", + "tcp.analysis.ack_rtt": "0.000489000", + "tcp.analysis.initial_rtt": "0.006913000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.767842000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.767842000", + "frame.time_delta": "0.000726000", + "frame.time_delta_displayed": "0.000726000", + "frame.time_relative": "1760.307156000", + "frame.number": "6787", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000221c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000965c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47599", + "tcp.port": "80", + "tcp.port": "47599", + "tcp.stream": "268", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000198a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006913000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.768194000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.768194000", + "frame.time_delta": "0.000352000", + "frame.time_delta_displayed": "0.000352000", + "frame.time_relative": "1760.307508000", + "frame.number": "6788", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000221d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009289", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47599", + "tcp.port": "80", + "tcp.port": "47599", + "tcp.stream": "268", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006bf3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006913000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6787", + "tcp.segment": "6788", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001567000", + "http.request_in": "6785", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.772468000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.772468000", + "frame.time_delta": "0.004274000", + "frame.time_delta_displayed": "0.004274000", + "frame.time_relative": "1760.311782000", + "frame.number": "6789", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006610", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005279", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47599", + "tcp.dstport": "80", + "tcp.port": "47599", + "tcp.port": "80", + "tcp.stream": "268", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e6c8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6787", + "tcp.analysis.ack_rtt": "0.004626000", + "tcp.analysis.initial_rtt": "0.006913000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.772669000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.772669000", + "frame.time_delta": "0.000201000", + "frame.time_delta_displayed": "0.000201000", + "frame.time_relative": "1760.311983000", + "frame.number": "6790", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006611", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005278", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47599", + "tcp.dstport": "80", + "tcp.port": "47599", + "tcp.port": "80", + "tcp.stream": "268", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e2dd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6788", + "tcp.analysis.ack_rtt": "0.004475000", + "tcp.analysis.initial_rtt": "0.006913000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.776439000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.776439000", + "frame.time_delta": "0.003770000", + "frame.time_delta_displayed": "0.003770000", + "frame.time_relative": "1760.315753000", + "frame.number": "6791", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006612", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005277", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47599", + "tcp.dstport": "80", + "tcp.port": "47599", + "tcp.port": "80", + "tcp.stream": "268", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e2dc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.776900000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.776900000", + "frame.time_delta": "0.000461000", + "frame.time_delta_displayed": "0.000461000", + "frame.time_relative": "1760.316214000", + "frame.number": "6792", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000015e5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a2a4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47599", + "tcp.port": "80", + "tcp.port": "47599", + "tcp.stream": "268", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d572", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6791", + "tcp.analysis.ack_rtt": "0.000461000", + "tcp.analysis.initial_rtt": "0.006913000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:51.780499000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495351.780499000", + "frame.time_delta": "0.003599000", + "frame.time_delta_displayed": "0.003599000", + "frame.time_relative": "1760.319813000", + "frame.number": "6793", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002341", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009548", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47599", + "tcp.dstport": "80", + "tcp.port": "47599", + "tcp.port": "80", + "tcp.stream": "268", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d7a1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.170036000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.170036000", + "frame.time_delta": "0.389537000", + "frame.time_delta_displayed": "0.389537000", + "frame.time_relative": "1760.709350000", + "frame.number": "6794", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.120" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.175911000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.175911000", + "frame.time_delta": "0.005875000", + "frame.time_delta_displayed": "0.005875000", + "frame.time_relative": "1760.715225000", + "frame.number": "6795", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "e4:95:6e:b0:20:39", + "arp.src.proto_ipv4": "192.168.0.120", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.672088000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.672088000", + "frame.time_delta": "0.496177000", + "frame.time_delta_displayed": "0.496177000", + "frame.time_relative": "1761.211402000", + "frame.number": "6796", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fa6", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b84a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000126e", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000287", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=647", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.674641000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.674641000", + "frame.time_delta": "0.002553000", + "frame.time_delta_displayed": "0.002553000", + "frame.time_relative": "1761.213955000", + "frame.number": "6797", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fa7", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009945", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f369", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000287", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=647", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.675022000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.675022000", + "frame.time_delta": "0.000381000", + "frame.time_delta_displayed": "0.000381000", + "frame.time_relative": "1761.214336000", + "frame.number": "6798", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000812f", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000287", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=647", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.691270000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.691270000", + "frame.time_delta": "0.016248000", + "frame.time_delta_displayed": "0.016248000", + "frame.time_relative": "1761.230584000", + "frame.number": "6799", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005685", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000060dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "270", + "http.prev_response_in": "6781" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.725203000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.725203000", + "frame.time_delta": "0.033933000", + "frame.time_delta_displayed": "0.033933000", + "frame.time_relative": "1761.264517000", + "frame.number": "6800", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000f8a2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bfd2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47600", + "tcp.dstport": "80", + "tcp.port": "47600", + "tcp.port": "80", + "tcp.stream": "269", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000e8c0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:82:67:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950887, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950887", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.725749000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.725749000", + "frame.time_delta": "0.000546000", + "frame.time_delta_displayed": "0.000546000", + "frame.time_relative": "1761.265063000", + "frame.number": "6801", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47600", + "tcp.port": "80", + "tcp.port": "47600", + "tcp.stream": "269", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000012eb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6800", + "tcp.analysis.ack_rtt": "0.000546000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.731809000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.731809000", + "frame.time_delta": "0.006060000", + "frame.time_delta_displayed": "0.006060000", + "frame.time_relative": "1761.271123000", + "frame.number": "6802", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f8a3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bfe5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47600", + "tcp.dstport": "80", + "tcp.port": "47600", + "tcp.port": "80", + "tcp.stream": "269", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c472", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6801", + "tcp.analysis.ack_rtt": "0.006060000", + "tcp.analysis.initial_rtt": "0.006606000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.732762000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.732762000", + "frame.time_delta": "0.000953000", + "frame.time_delta_displayed": "0.000953000", + "frame.time_relative": "1761.272076000", + "frame.number": "6803", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000f8a4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bf24", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47600", + "tcp.dstport": "80", + "tcp.port": "47600", + "tcp.port": "80", + "tcp.stream": "269", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000023ed", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006606000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.733262000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.733262000", + "frame.time_delta": "0.000500000", + "frame.time_delta_displayed": "0.000500000", + "frame.time_relative": "1761.272576000", + "frame.number": "6804", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000022a0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000095e9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47600", + "tcp.port": "80", + "tcp.port": "47600", + "tcp.stream": "269", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b641", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6803", + "tcp.analysis.ack_rtt": "0.000500000", + "tcp.analysis.initial_rtt": "0.006606000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.734049000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.734049000", + "frame.time_delta": "0.000787000", + "frame.time_delta_displayed": "0.000787000", + "frame.time_relative": "1761.273363000", + "frame.number": "6805", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000022a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000095d7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47600", + "tcp.port": "80", + "tcp.port": "47600", + "tcp.stream": "269", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f662", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006606000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.734345000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.734345000", + "frame.time_delta": "0.000296000", + "frame.time_delta_displayed": "0.000296000", + "frame.time_relative": "1761.273659000", + "frame.number": "6806", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000022a2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009204", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47600", + "tcp.port": "80", + "tcp.port": "47600", + "tcp.stream": "269", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000048cc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006606000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6805", + "tcp.segment": "6806", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001583000", + "http.request_in": "6803", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.737272000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.737272000", + "frame.time_delta": "0.002927000", + "frame.time_delta_displayed": "0.002927000", + "frame.time_relative": "1761.276586000", + "frame.number": "6807", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f8a5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bfe3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47600", + "tcp.dstport": "80", + "tcp.port": "47600", + "tcp.port": "80", + "tcp.stream": "269", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c3a1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6805", + "tcp.analysis.ack_rtt": "0.003223000", + "tcp.analysis.initial_rtt": "0.006606000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.744936000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.744936000", + "frame.time_delta": "0.007664000", + "frame.time_delta_displayed": "0.007664000", + "frame.time_relative": "1761.284250000", + "frame.number": "6808", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f8a6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bfe2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47600", + "tcp.dstport": "80", + "tcp.port": "47600", + "tcp.port": "80", + "tcp.stream": "269", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bfb6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6806", + "tcp.analysis.ack_rtt": "0.010591000", + "tcp.analysis.initial_rtt": "0.006606000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.745247000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.745247000", + "frame.time_delta": "0.000311000", + "frame.time_delta_displayed": "0.000311000", + "frame.time_relative": "1761.284561000", + "frame.number": "6809", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005689", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000060cf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "271", + "http.prev_response_in": "6799" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.746092000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.746092000", + "frame.time_delta": "0.000845000", + "frame.time_delta_displayed": "0.000845000", + "frame.time_relative": "1761.285406000", + "frame.number": "6810", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f8a7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bfe1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47600", + "tcp.dstport": "80", + "tcp.port": "47600", + "tcp.port": "80", + "tcp.stream": "269", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bfb5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.746537000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.746537000", + "frame.time_delta": "0.000445000", + "frame.time_delta_displayed": "0.000445000", + "frame.time_relative": "1761.285851000", + "frame.number": "6811", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000015f8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a291", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47600", + "tcp.port": "80", + "tcp.port": "47600", + "tcp.stream": "269", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b24b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6810", + "tcp.analysis.ack_rtt": "0.000445000", + "tcp.analysis.initial_rtt": "0.006606000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.750620000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.750620000", + "frame.time_delta": "0.004083000", + "frame.time_delta_displayed": "0.004083000", + "frame.time_relative": "1761.289934000", + "frame.number": "6812", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002392", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000094f7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47600", + "tcp.dstport": "80", + "tcp.port": "47600", + "tcp.port": "80", + "tcp.stream": "269", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d255", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.762140000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.762140000", + "frame.time_delta": "0.011520000", + "frame.time_delta_displayed": "0.011520000", + "frame.time_relative": "1761.301454000", + "frame.number": "6813", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000bc63", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fc11", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47601", + "tcp.dstport": "80", + "tcp.port": "47601", + "tcp.port": "80", + "tcp.stream": "270", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000814a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:82:6b:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950891, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950891", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.762682000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.762682000", + "frame.time_delta": "0.000542000", + "frame.time_delta_displayed": "0.000542000", + "frame.time_relative": "1761.301996000", + "frame.number": "6814", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47601", + "tcp.port": "80", + "tcp.port": "47601", + "tcp.stream": "270", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000fcd3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6813", + "tcp.analysis.ack_rtt": "0.000542000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.766339000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.766339000", + "frame.time_delta": "0.003657000", + "frame.time_delta_displayed": "0.003657000", + "frame.time_relative": "1761.305653000", + "frame.number": "6815", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000bc64", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fc24", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47601", + "tcp.dstport": "80", + "tcp.port": "47601", + "tcp.port": "80", + "tcp.stream": "270", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ae5b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6814", + "tcp.analysis.ack_rtt": "0.003657000", + "tcp.analysis.initial_rtt": "0.004199000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.766805000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.766805000", + "frame.time_delta": "0.000466000", + "frame.time_delta_displayed": "0.000466000", + "frame.time_relative": "1761.306119000", + "frame.number": "6816", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000bc65", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fb63", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47601", + "tcp.dstport": "80", + "tcp.port": "47601", + "tcp.port": "80", + "tcp.stream": "270", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000dd6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004199000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.767282000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.767282000", + "frame.time_delta": "0.000477000", + "frame.time_delta_displayed": "0.000477000", + "frame.time_relative": "1761.306596000", + "frame.number": "6817", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000072d7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000045b2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47601", + "tcp.port": "80", + "tcp.port": "47601", + "tcp.stream": "270", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a02a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6816", + "tcp.analysis.ack_rtt": "0.000477000", + "tcp.analysis.initial_rtt": "0.004199000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.767935000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.767935000", + "frame.time_delta": "0.000653000", + "frame.time_delta_displayed": "0.000653000", + "frame.time_relative": "1761.307249000", + "frame.number": "6818", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000072d8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000045a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47601", + "tcp.port": "80", + "tcp.port": "47601", + "tcp.stream": "270", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e04b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004199000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.768282000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.768282000", + "frame.time_delta": "0.000347000", + "frame.time_delta_displayed": "0.000347000", + "frame.time_relative": "1761.307596000", + "frame.number": "6819", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000072d9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000041cd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47601", + "tcp.port": "80", + "tcp.port": "47601", + "tcp.stream": "270", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000032b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004199000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6818", + "tcp.segment": "6819", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001477000", + "http.request_in": "6816", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.768866000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.768866000", + "frame.time_delta": "0.000584000", + "frame.time_delta_displayed": "0.000584000", + "frame.time_relative": "1761.308180000", + "frame.number": "6820", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000072da", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000041cc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47601", + "tcp.port": "80", + "tcp.port": "47601", + "tcp.stream": "270", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000032b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004199000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.771700000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.771700000", + "frame.time_delta": "0.002834000", + "frame.time_delta_displayed": "0.002834000", + "frame.time_relative": "1761.311014000", + "frame.number": "6821", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000bc66", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fc22", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47601", + "tcp.dstport": "80", + "tcp.port": "47601", + "tcp.port": "80", + "tcp.stream": "270", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ad8a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6818", + "tcp.analysis.ack_rtt": "0.003765000", + "tcp.analysis.initial_rtt": "0.004199000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.771828000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.771828000", + "frame.time_delta": "0.000128000", + "frame.time_delta_displayed": "0.000128000", + "frame.time_relative": "1761.311142000", + "frame.number": "6822", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000bc67", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fc21", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47601", + "tcp.dstport": "80", + "tcp.port": "47601", + "tcp.port": "80", + "tcp.stream": "270", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a99f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6819", + "tcp.analysis.ack_rtt": "0.003546000", + "tcp.analysis.initial_rtt": "0.004199000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.772835000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.772835000", + "frame.time_delta": "0.001007000", + "frame.time_delta_displayed": "0.001007000", + "frame.time_relative": "1761.312149000", + "frame.number": "6823", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000bc68", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fc20", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47601", + "tcp.dstport": "80", + "tcp.port": "47601", + "tcp.port": "80", + "tcp.stream": "270", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a99e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.772963000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.772963000", + "frame.time_delta": "0.000128000", + "frame.time_delta_displayed": "0.000128000", + "frame.time_relative": "1761.312277000", + "frame.number": "6824", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000bc69", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fc13", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47601", + "tcp.dstport": "80", + "tcp.port": "47601", + "tcp.port": "80", + "tcp.stream": "270", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f7b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:6b:80:50:76:6b:80:54:5a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004199000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "6822", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.773299000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.773299000", + "frame.time_delta": "0.000336000", + "frame.time_delta_displayed": "0.000336000", + "frame.time_relative": "1761.312613000", + "frame.number": "6825", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000015fa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a28f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47601", + "tcp.port": "80", + "tcp.port": "47601", + "tcp.stream": "270", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009c34", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6823", + "tcp.analysis.ack_rtt": "0.000464000", + "tcp.analysis.initial_rtt": "0.004199000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.777806000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.777806000", + "frame.time_delta": "0.004507000", + "frame.time_delta_displayed": "0.004507000", + "frame.time_relative": "1761.317120000", + "frame.number": "6826", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002393", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000094f6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47601", + "tcp.dstport": "80", + "tcp.port": "47601", + "tcp.port": "80", + "tcp.stream": "270", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006ae3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.798680000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.798680000", + "frame.time_delta": "0.020874000", + "frame.time_delta_displayed": "0.020874000", + "frame.time_relative": "1761.337994000", + "frame.number": "6827", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000568e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000060d0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "272", + "http.prev_response_in": "6809" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.806525000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.806525000", + "frame.time_delta": "0.007845000", + "frame.time_delta_displayed": "0.007845000", + "frame.time_relative": "1761.345839000", + "frame.number": "6828", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00005efd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005978", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47602", + "tcp.dstport": "80", + "tcp.port": "47602", + "tcp.port": "80", + "tcp.stream": "271", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000bfab", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:82:6f:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950895, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950895", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.807067000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.807067000", + "frame.time_delta": "0.000542000", + "frame.time_delta_displayed": "0.000542000", + "frame.time_relative": "1761.346381000", + "frame.number": "6829", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47602", + "tcp.port": "80", + "tcp.port": "47602", + "tcp.stream": "271", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00003ba3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6828", + "tcp.analysis.ack_rtt": "0.000542000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.821825000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.821825000", + "frame.time_delta": "0.014758000", + "frame.time_delta_displayed": "0.014758000", + "frame.time_relative": "1761.361139000", + "frame.number": "6830", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005efe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000598b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47602", + "tcp.dstport": "80", + "tcp.port": "47602", + "tcp.port": "80", + "tcp.stream": "271", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ed2a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6829", + "tcp.analysis.ack_rtt": "0.014758000", + "tcp.analysis.initial_rtt": "0.015300000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.821877000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.821877000", + "frame.time_delta": "0.000052000", + "frame.time_delta_displayed": "0.000052000", + "frame.time_relative": "1761.361191000", + "frame.number": "6831", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00005eff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000058ca", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47602", + "tcp.dstport": "80", + "tcp.port": "47602", + "tcp.port": "80", + "tcp.stream": "271", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004ca5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.015300000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.822420000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.822420000", + "frame.time_delta": "0.000543000", + "frame.time_delta_displayed": "0.000543000", + "frame.time_relative": "1761.361734000", + "frame.number": "6832", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d34b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e53d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47602", + "tcp.port": "80", + "tcp.port": "47602", + "tcp.stream": "271", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000def9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6831", + "tcp.analysis.ack_rtt": "0.000543000", + "tcp.analysis.initial_rtt": "0.015300000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.823146000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.823146000", + "frame.time_delta": "0.000726000", + "frame.time_delta_displayed": "0.000726000", + "frame.time_relative": "1761.362460000", + "frame.number": "6833", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000d34c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e52b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47602", + "tcp.port": "80", + "tcp.port": "47602", + "tcp.stream": "271", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001f1b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.015300000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.823590000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.823590000", + "frame.time_delta": "0.000444000", + "frame.time_delta_displayed": "0.000444000", + "frame.time_relative": "1761.362904000", + "frame.number": "6834", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000d34d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e158", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47602", + "tcp.port": "80", + "tcp.port": "47602", + "tcp.stream": "271", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007184", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.015300000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6833", + "tcp.segment": "6834", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001713000", + "http.request_in": "6831", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.827418000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.827418000", + "frame.time_delta": "0.003828000", + "frame.time_delta_displayed": "0.003828000", + "frame.time_relative": "1761.366732000", + "frame.number": "6835", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005f00", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005989", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47602", + "tcp.dstport": "80", + "tcp.port": "47602", + "tcp.port": "80", + "tcp.stream": "271", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ec59", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6833", + "tcp.analysis.ack_rtt": "0.004272000", + "tcp.analysis.initial_rtt": "0.015300000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.827849000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.827849000", + "frame.time_delta": "0.000431000", + "frame.time_delta_displayed": "0.000431000", + "frame.time_relative": "1761.367163000", + "frame.number": "6836", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005f01", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005988", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47602", + "tcp.dstport": "80", + "tcp.port": "47602", + "tcp.port": "80", + "tcp.stream": "271", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e86e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6834", + "tcp.analysis.ack_rtt": "0.004259000", + "tcp.analysis.initial_rtt": "0.015300000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.831183000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.831183000", + "frame.time_delta": "0.003334000", + "frame.time_delta_displayed": "0.003334000", + "frame.time_relative": "1761.370497000", + "frame.number": "6837", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005f02", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005987", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47602", + "tcp.dstport": "80", + "tcp.port": "47602", + "tcp.port": "80", + "tcp.stream": "271", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e86d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.831652000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.831652000", + "frame.time_delta": "0.000469000", + "frame.time_delta_displayed": "0.000469000", + "frame.time_relative": "1761.370966000", + "frame.number": "6838", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000015fc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a28d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47602", + "tcp.port": "80", + "tcp.port": "47602", + "tcp.stream": "271", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000db03", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6837", + "tcp.analysis.ack_rtt": "0.000469000", + "tcp.analysis.initial_rtt": "0.015300000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:52.835285000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495352.835285000", + "frame.time_delta": "0.003633000", + "frame.time_delta_displayed": "0.003633000", + "frame.time_relative": "1761.374599000", + "frame.number": "6839", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002395", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000094f4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47602", + "tcp.dstport": "80", + "tcp.port": "47602", + "tcp.port": "80", + "tcp.stream": "271", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a948", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.639838000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.639838000", + "frame.time_delta": "0.804553000", + "frame.time_delta_displayed": "0.804553000", + "frame.time_relative": "1762.179152000", + "frame.number": "6840", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000569d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000060c4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "273", + "http.prev_response_in": "6827" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.664765000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.664765000", + "frame.time_delta": "0.024927000", + "frame.time_delta_displayed": "0.024927000", + "frame.time_relative": "1762.204079000", + "frame.number": "6841", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000b713", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000162", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47603", + "tcp.dstport": "80", + "tcp.port": "47603", + "tcp.port": "80", + "tcp.stream": "272", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00002156", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:82:c5:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950981, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950981", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.665333000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.665333000", + "frame.time_delta": "0.000568000", + "frame.time_delta_displayed": "0.000568000", + "frame.time_relative": "1762.204647000", + "frame.number": "6842", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47603", + "tcp.port": "80", + "tcp.port": "47603", + "tcp.stream": "272", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000eed9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6841", + "tcp.analysis.ack_rtt": "0.000568000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.669668000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.669668000", + "frame.time_delta": "0.004335000", + "frame.time_delta_displayed": "0.004335000", + "frame.time_relative": "1762.208982000", + "frame.number": "6843", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b714", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000175", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47603", + "tcp.dstport": "80", + "tcp.port": "47603", + "tcp.port": "80", + "tcp.stream": "272", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a061", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6842", + "tcp.analysis.ack_rtt": "0.004335000", + "tcp.analysis.initial_rtt": "0.004903000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.670205000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.670205000", + "frame.time_delta": "0.000537000", + "frame.time_delta_displayed": "0.000537000", + "frame.time_relative": "1762.209519000", + "frame.number": "6844", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000b715", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000000b4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47603", + "tcp.dstport": "80", + "tcp.port": "47603", + "tcp.port": "80", + "tcp.stream": "272", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ffdb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004903000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.670691000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.670691000", + "frame.time_delta": "0.000486000", + "frame.time_delta_displayed": "0.000486000", + "frame.time_relative": "1762.210005000", + "frame.number": "6845", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f251", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c637", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47603", + "tcp.port": "80", + "tcp.port": "47603", + "tcp.stream": "272", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009230", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6844", + "tcp.analysis.ack_rtt": "0.000486000", + "tcp.analysis.initial_rtt": "0.004903000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.671448000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.671448000", + "frame.time_delta": "0.000757000", + "frame.time_delta_displayed": "0.000757000", + "frame.time_relative": "1762.210762000", + "frame.number": "6846", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000f252", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c625", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47603", + "tcp.port": "80", + "tcp.port": "47603", + "tcp.stream": "272", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d251", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004903000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.671825000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.671825000", + "frame.time_delta": "0.000377000", + "frame.time_delta_displayed": "0.000377000", + "frame.time_relative": "1762.211139000", + "frame.number": "6847", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000f253", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c252", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47603", + "tcp.port": "80", + "tcp.port": "47603", + "tcp.stream": "272", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000024bb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004903000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6846", + "tcp.segment": "6847", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001620000", + "http.request_in": "6844", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.675943000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.675943000", + "frame.time_delta": "0.004118000", + "frame.time_delta_displayed": "0.004118000", + "frame.time_relative": "1762.215257000", + "frame.number": "6848", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b716", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000173", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47603", + "tcp.dstport": "80", + "tcp.port": "47603", + "tcp.port": "80", + "tcp.stream": "272", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009f90", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6846", + "tcp.analysis.ack_rtt": "0.004495000", + "tcp.analysis.initial_rtt": "0.004903000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.679706000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.679706000", + "frame.time_delta": "0.003763000", + "frame.time_delta_displayed": "0.003763000", + "frame.time_relative": "1762.219020000", + "frame.number": "6849", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b717", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000172", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47603", + "tcp.dstport": "80", + "tcp.port": "47603", + "tcp.port": "80", + "tcp.stream": "272", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009ba5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6847", + "tcp.analysis.ack_rtt": "0.007881000", + "tcp.analysis.initial_rtt": "0.004903000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.682711000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.682711000", + "frame.time_delta": "0.003005000", + "frame.time_delta_displayed": "0.003005000", + "frame.time_relative": "1762.222025000", + "frame.number": "6850", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b718", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000171", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47603", + "tcp.dstport": "80", + "tcp.port": "47603", + "tcp.port": "80", + "tcp.stream": "272", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009ba4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.683210000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.683210000", + "frame.time_delta": "0.000499000", + "frame.time_delta_displayed": "0.000499000", + "frame.time_relative": "1762.222524000", + "frame.number": "6851", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001627", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a262", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47603", + "tcp.port": "80", + "tcp.port": "47603", + "tcp.stream": "272", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008e3a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6850", + "tcp.analysis.ack_rtt": "0.000499000", + "tcp.analysis.initial_rtt": "0.004903000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.687094000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.687094000", + "frame.time_delta": "0.003884000", + "frame.time_delta_displayed": "0.003884000", + "frame.time_relative": "1762.226408000", + "frame.number": "6852", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000023aa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000094df", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47603", + "tcp.dstport": "80", + "tcp.port": "47603", + "tcp.port": "80", + "tcp.stream": "272", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000b49", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.693313000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.693313000", + "frame.time_delta": "0.006219000", + "frame.time_delta_displayed": "0.006219000", + "frame.time_relative": "1762.232627000", + "frame.number": "6853", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000569e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000060ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "274", + "http.prev_response_in": "6840" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.699736000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.699736000", + "frame.time_delta": "0.006423000", + "frame.time_delta_displayed": "0.006423000", + "frame.time_relative": "1762.239050000", + "frame.number": "6854", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000017ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a089", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47604", + "tcp.dstport": "80", + "tcp.port": "47604", + "tcp.port": "80", + "tcp.stream": "273", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000a104", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:82:c8:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950984, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950984", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.700267000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.700267000", + "frame.time_delta": "0.000531000", + "frame.time_delta_displayed": "0.000531000", + "frame.time_relative": "1762.239581000", + "frame.number": "6855", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47604", + "tcp.port": "80", + "tcp.port": "47604", + "tcp.stream": "273", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00002d03", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6854", + "tcp.analysis.ack_rtt": "0.000531000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.703707000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.703707000", + "frame.time_delta": "0.003440000", + "frame.time_delta_displayed": "0.003440000", + "frame.time_relative": "1762.243021000", + "frame.number": "6856", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000017ed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a09c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47604", + "tcp.dstport": "80", + "tcp.port": "47604", + "tcp.port": "80", + "tcp.stream": "273", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000de8a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6855", + "tcp.analysis.ack_rtt": "0.003440000", + "tcp.analysis.initial_rtt": "0.003971000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.705284000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.705284000", + "frame.time_delta": "0.001577000", + "frame.time_delta_displayed": "0.001577000", + "frame.time_relative": "1762.244598000", + "frame.number": "6857", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000017ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009fdb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47604", + "tcp.dstport": "80", + "tcp.port": "47604", + "tcp.port": "80", + "tcp.stream": "273", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003e05", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003971000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.705778000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.705778000", + "frame.time_delta": "0.000494000", + "frame.time_delta_displayed": "0.000494000", + "frame.time_relative": "1762.245092000", + "frame.number": "6858", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003ee3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000079a6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47604", + "tcp.port": "80", + "tcp.port": "47604", + "tcp.stream": "273", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d059", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6857", + "tcp.analysis.ack_rtt": "0.000494000", + "tcp.analysis.initial_rtt": "0.003971000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.706427000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.706427000", + "frame.time_delta": "0.000649000", + "frame.time_delta_displayed": "0.000649000", + "frame.time_relative": "1762.245741000", + "frame.number": "6859", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00003ee4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007994", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47604", + "tcp.port": "80", + "tcp.port": "47604", + "tcp.stream": "273", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000107b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003971000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.706779000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.706779000", + "frame.time_delta": "0.000352000", + "frame.time_delta_displayed": "0.000352000", + "frame.time_relative": "1762.246093000", + "frame.number": "6860", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00003ee5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075c1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47604", + "tcp.port": "80", + "tcp.port": "47604", + "tcp.stream": "273", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000062e4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003971000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6859", + "tcp.segment": "6860", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001495000", + "http.request_in": "6857", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.708854000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.708854000", + "frame.time_delta": "0.002075000", + "frame.time_delta_displayed": "0.002075000", + "frame.time_relative": "1762.248168000", + "frame.number": "6861", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00003ee6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47604", + "tcp.port": "80", + "tcp.port": "47604", + "tcp.stream": "273", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000062e4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003971000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.715634000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.715634000", + "frame.time_delta": "0.006780000", + "frame.time_delta_displayed": "0.006780000", + "frame.time_relative": "1762.254948000", + "frame.number": "6862", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000017ef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a09a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47604", + "tcp.dstport": "80", + "tcp.port": "47604", + "tcp.port": "80", + "tcp.stream": "273", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ddb9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6859", + "tcp.analysis.ack_rtt": "0.009207000", + "tcp.analysis.initial_rtt": "0.003971000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.715682000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.715682000", + "frame.time_delta": "0.000048000", + "frame.time_delta_displayed": "0.000048000", + "frame.time_relative": "1762.254996000", + "frame.number": "6863", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000017f0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a099", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47604", + "tcp.dstport": "80", + "tcp.port": "47604", + "tcp.port": "80", + "tcp.stream": "273", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d9ce", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6860", + "tcp.analysis.ack_rtt": "0.008903000", + "tcp.analysis.initial_rtt": "0.003971000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.716667000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.716667000", + "frame.time_delta": "0.000985000", + "frame.time_delta_displayed": "0.000985000", + "frame.time_relative": "1762.255981000", + "frame.number": "6864", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000017f1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a098", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47604", + "tcp.dstport": "80", + "tcp.port": "47604", + "tcp.port": "80", + "tcp.stream": "273", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d9cd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.717146000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.717146000", + "frame.time_delta": "0.000479000", + "frame.time_delta_displayed": "0.000479000", + "frame.time_relative": "1762.256460000", + "frame.number": "6865", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000162a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a25f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47604", + "tcp.port": "80", + "tcp.port": "47604", + "tcp.stream": "273", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000cc63", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6864", + "tcp.analysis.ack_rtt": "0.000479000", + "tcp.analysis.initial_rtt": "0.003971000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.721099000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.721099000", + "frame.time_delta": "0.003953000", + "frame.time_delta_displayed": "0.003953000", + "frame.time_relative": "1762.260413000", + "frame.number": "6866", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000023ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000094dd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47604", + "tcp.dstport": "80", + "tcp.port": "47604", + "tcp.port": "80", + "tcp.stream": "273", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008afb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.725120000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.725120000", + "frame.time_delta": "0.004021000", + "frame.time_delta_displayed": "0.004021000", + "frame.time_relative": "1762.264434000", + "frame.number": "6867", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000023ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000094dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47604", + "tcp.dstport": "80", + "tcp.port": "47604", + "tcp.port": "80", + "tcp.stream": "273", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008afa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.746146000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.746146000", + "frame.time_delta": "0.021026000", + "frame.time_delta_displayed": "0.021026000", + "frame.time_relative": "1762.285460000", + "frame.number": "6868", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000056a0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000060be", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "275", + "http.prev_response_in": "6853" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.755573000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.755573000", + "frame.time_delta": "0.009427000", + "frame.time_delta_displayed": "0.009427000", + "frame.time_relative": "1762.294887000", + "frame.number": "6869", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000d107", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e76d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47605", + "tcp.dstport": "80", + "tcp.port": "47605", + "tcp.port": "80", + "tcp.stream": "274", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00005e95", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:82:ce:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 950990, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "950990", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.756109000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.756109000", + "frame.time_delta": "0.000536000", + "frame.time_delta_displayed": "0.000536000", + "frame.time_relative": "1762.295423000", + "frame.number": "6870", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47605", + "tcp.port": "80", + "tcp.port": "47605", + "tcp.stream": "274", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000e7c5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6869", + "tcp.analysis.ack_rtt": "0.000536000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.760030000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.760030000", + "frame.time_delta": "0.003921000", + "frame.time_delta_displayed": "0.003921000", + "frame.time_relative": "1762.299344000", + "frame.number": "6871", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d108", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e780", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47605", + "tcp.dstport": "80", + "tcp.port": "47605", + "tcp.port": "80", + "tcp.stream": "274", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000994d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6870", + "tcp.analysis.ack_rtt": "0.003921000", + "tcp.analysis.initial_rtt": "0.004457000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.761053000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.761053000", + "frame.time_delta": "0.001023000", + "frame.time_delta_displayed": "0.001023000", + "frame.time_relative": "1762.300367000", + "frame.number": "6872", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000d109", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e6bf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47605", + "tcp.dstport": "80", + "tcp.port": "47605", + "tcp.port": "80", + "tcp.stream": "274", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f8c7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004457000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.761559000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.761559000", + "frame.time_delta": "0.000506000", + "frame.time_delta_displayed": "0.000506000", + "frame.time_relative": "1762.300873000", + "frame.number": "6873", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003f74", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007915", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47605", + "tcp.port": "80", + "tcp.port": "47605", + "tcp.stream": "274", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008b1c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6872", + "tcp.analysis.ack_rtt": "0.000506000", + "tcp.analysis.initial_rtt": "0.004457000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.762226000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.762226000", + "frame.time_delta": "0.000667000", + "frame.time_delta_displayed": "0.000667000", + "frame.time_relative": "1762.301540000", + "frame.number": "6874", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00003f75", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007903", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47605", + "tcp.port": "80", + "tcp.port": "47605", + "tcp.stream": "274", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000cb3d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004457000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.762601000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.762601000", + "frame.time_delta": "0.000375000", + "frame.time_delta_displayed": "0.000375000", + "frame.time_relative": "1762.301915000", + "frame.number": "6875", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00003f76", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007530", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47605", + "tcp.port": "80", + "tcp.port": "47605", + "tcp.stream": "274", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001da7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004457000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6874", + "tcp.segment": "6875", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001548000", + "http.request_in": "6872", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.769630000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.769630000", + "frame.time_delta": "0.007029000", + "frame.time_delta_displayed": "0.007029000", + "frame.time_relative": "1762.308944000", + "frame.number": "6876", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d10a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e77e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47605", + "tcp.dstport": "80", + "tcp.port": "47605", + "tcp.port": "80", + "tcp.stream": "274", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000987c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6874", + "tcp.analysis.ack_rtt": "0.007404000", + "tcp.analysis.initial_rtt": "0.004457000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:53.978874000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495353.978874000", + "frame.time_delta": "0.209244000", + "frame.time_delta_displayed": "0.209244000", + "frame.time_relative": "1762.518188000", + "frame.number": "6877", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00003f77", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000752f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47605", + "tcp.port": "80", + "tcp.port": "47605", + "tcp.stream": "274", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001da7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004457000", + "tcp.analysis.bytes_in_flight": "996", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.retransmission": "", + "_ws.expert.message": "This frame is a (suspected) retransmission", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + }, + "tcp.analysis.rto": "0.216273000", + "tcp.analysis.rto_frame": "6875" + } + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.049657000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.049657000", + "frame.time_delta": "0.070783000", + "frame.time_delta_displayed": "0.070783000", + "frame.time_relative": "1762.588971000", + "frame.number": "6878", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d10b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e77d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47605", + "tcp.dstport": "80", + "tcp.port": "47605", + "tcp.port": "80", + "tcp.stream": "274", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009491", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6875", + "tcp.analysis.ack_rtt": "0.287056000", + "tcp.analysis.initial_rtt": "0.004457000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.049711000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.049711000", + "frame.time_delta": "0.000054000", + "frame.time_delta_displayed": "0.000054000", + "frame.time_relative": "1762.589025000", + "frame.number": "6879", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000d10c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e770", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47605", + "tcp.dstport": "80", + "tcp.port": "47605", + "tcp.port": "80", + "tcp.stream": "274", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000fd30", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:92:3f:1c:73:92:3f:20:57", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004457000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "6878", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.050377000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.050377000", + "frame.time_delta": "0.000666000", + "frame.time_delta_displayed": "0.000666000", + "frame.time_relative": "1762.589691000", + "frame.number": "6880", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d10d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e77b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47605", + "tcp.dstport": "80", + "tcp.port": "47605", + "tcp.port": "80", + "tcp.stream": "274", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009490", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.050802000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.050802000", + "frame.time_delta": "0.000425000", + "frame.time_delta_displayed": "0.000425000", + "frame.time_relative": "1762.590116000", + "frame.number": "6881", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001639", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a250", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47605", + "tcp.port": "80", + "tcp.port": "47605", + "tcp.stream": "274", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008726", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6880", + "tcp.analysis.ack_rtt": "0.000425000", + "tcp.analysis.initial_rtt": "0.004457000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.054936000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.054936000", + "frame.time_delta": "0.004134000", + "frame.time_delta_displayed": "0.004134000", + "frame.time_relative": "1762.594250000", + "frame.number": "6882", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000023c6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000094c3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47605", + "tcp.dstport": "80", + "tcp.port": "47605", + "tcp.port": "80", + "tcp.stream": "274", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004891", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.694469000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.694469000", + "frame.time_delta": "0.639533000", + "frame.time_delta_displayed": "0.639533000", + "frame.time_relative": "1763.233783000", + "frame.number": "6883", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000056f5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000606c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "276", + "http.prev_response_in": "6868" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.747299000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.747299000", + "frame.time_delta": "0.052830000", + "frame.time_delta_displayed": "0.052830000", + "frame.time_relative": "1763.286613000", + "frame.number": "6884", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000056f9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000605f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "277", + "http.prev_response_in": "6883" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.775435000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.775435000", + "frame.time_delta": "0.028136000", + "frame.time_delta_displayed": "0.028136000", + "frame.time_relative": "1763.314749000", + "frame.number": "6885", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00002eb8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000089bd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47606", + "tcp.dstport": "80", + "tcp.port": "47606", + "tcp.port": "80", + "tcp.stream": "275", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x000009fc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:83:34:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 951092, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "951092", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.775989000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.775989000", + "frame.time_delta": "0.000554000", + "frame.time_delta_displayed": "0.000554000", + "frame.time_relative": "1763.315303000", + "frame.number": "6886", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47606", + "tcp.port": "80", + "tcp.port": "47606", + "tcp.stream": "275", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000862d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6885", + "tcp.analysis.ack_rtt": "0.000554000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.781727000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.781727000", + "frame.time_delta": "0.005738000", + "frame.time_delta_displayed": "0.005738000", + "frame.time_relative": "1763.321041000", + "frame.number": "6887", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002eb9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000089d0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47606", + "tcp.dstport": "80", + "tcp.port": "47606", + "tcp.port": "80", + "tcp.stream": "275", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000037b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6886", + "tcp.analysis.ack_rtt": "0.005738000", + "tcp.analysis.initial_rtt": "0.006292000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.782200000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.782200000", + "frame.time_delta": "0.000473000", + "frame.time_delta_displayed": "0.000473000", + "frame.time_relative": "1763.321514000", + "frame.number": "6888", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00002eba", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000890f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47606", + "tcp.dstport": "80", + "tcp.port": "47606", + "tcp.port": "80", + "tcp.stream": "275", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000972f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006292000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.782684000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.782684000", + "frame.time_delta": "0.000484000", + "frame.time_delta_displayed": "0.000484000", + "frame.time_relative": "1763.321998000", + "frame.number": "6889", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cf9d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e8eb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47606", + "tcp.port": "80", + "tcp.port": "47606", + "tcp.stream": "275", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002984", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6888", + "tcp.analysis.ack_rtt": "0.000484000", + "tcp.analysis.initial_rtt": "0.006292000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.783396000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.783396000", + "frame.time_delta": "0.000712000", + "frame.time_delta_displayed": "0.000712000", + "frame.time_relative": "1763.322710000", + "frame.number": "6890", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000cf9e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e8d9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47606", + "tcp.port": "80", + "tcp.port": "47606", + "tcp.stream": "275", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000069a5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006292000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.783751000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.783751000", + "frame.time_delta": "0.000355000", + "frame.time_delta_displayed": "0.000355000", + "frame.time_relative": "1763.323065000", + "frame.number": "6891", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000cf9f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e506", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47606", + "tcp.port": "80", + "tcp.port": "47606", + "tcp.stream": "275", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bc0e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006292000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6890", + "tcp.segment": "6891", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001551000", + "http.request_in": "6888", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.788358000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.788358000", + "frame.time_delta": "0.004607000", + "frame.time_delta_displayed": "0.004607000", + "frame.time_relative": "1763.327672000", + "frame.number": "6892", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002ebb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000089ce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47606", + "tcp.dstport": "80", + "tcp.port": "47606", + "tcp.port": "80", + "tcp.stream": "275", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000036e4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6890", + "tcp.analysis.ack_rtt": "0.004962000", + "tcp.analysis.initial_rtt": "0.006292000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.788404000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.788404000", + "frame.time_delta": "0.000046000", + "frame.time_delta_displayed": "0.000046000", + "frame.time_relative": "1763.327718000", + "frame.number": "6893", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002ebc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000089cd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47606", + "tcp.dstport": "80", + "tcp.port": "47606", + "tcp.port": "80", + "tcp.stream": "275", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000032f9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6891", + "tcp.analysis.ack_rtt": "0.004653000", + "tcp.analysis.initial_rtt": "0.006292000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.791919000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.791919000", + "frame.time_delta": "0.003515000", + "frame.time_delta_displayed": "0.003515000", + "frame.time_relative": "1763.331233000", + "frame.number": "6894", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002ebd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000089cc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47606", + "tcp.dstport": "80", + "tcp.port": "47606", + "tcp.port": "80", + "tcp.stream": "275", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000032f8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.792382000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.792382000", + "frame.time_delta": "0.000463000", + "frame.time_delta_displayed": "0.000463000", + "frame.time_relative": "1763.331696000", + "frame.number": "6895", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001683", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a206", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47606", + "tcp.port": "80", + "tcp.port": "47606", + "tcp.stream": "275", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000258e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6894", + "tcp.analysis.ack_rtt": "0.000463000", + "tcp.analysis.initial_rtt": "0.006292000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.796619000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.796619000", + "frame.time_delta": "0.004237000", + "frame.time_delta_displayed": "0.004237000", + "frame.time_relative": "1763.335933000", + "frame.number": "6896", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000023d4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000094b5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47606", + "tcp.dstport": "80", + "tcp.port": "47606", + "tcp.port": "80", + "tcp.stream": "275", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f45d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.800230000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.800230000", + "frame.time_delta": "0.003611000", + "frame.time_delta_displayed": "0.003611000", + "frame.time_relative": "1763.339544000", + "frame.number": "6897", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000056fd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006061", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "278", + "http.prev_response_in": "6884" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.818991000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.818991000", + "frame.time_delta": "0.018761000", + "frame.time_delta_displayed": "0.018761000", + "frame.time_relative": "1763.358305000", + "frame.number": "6898", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000009eb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ae8a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47607", + "tcp.dstport": "80", + "tcp.port": "47607", + "tcp.port": "80", + "tcp.stream": "276", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00007958", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:83:38:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 951096, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "951096", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.819546000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.819546000", + "frame.time_delta": "0.000555000", + "frame.time_delta_displayed": "0.000555000", + "frame.time_relative": "1763.358860000", + "frame.number": "6899", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47607", + "tcp.port": "80", + "tcp.port": "47607", + "tcp.stream": "276", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000842c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6898", + "tcp.analysis.ack_rtt": "0.000555000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.824576000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.824576000", + "frame.time_delta": "0.005030000", + "frame.time_delta_displayed": "0.005030000", + "frame.time_relative": "1763.363890000", + "frame.number": "6900", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000009ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ae9d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47607", + "tcp.dstport": "80", + "tcp.port": "47607", + "tcp.port": "80", + "tcp.stream": "276", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000035b4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6899", + "tcp.analysis.ack_rtt": "0.005030000", + "tcp.analysis.initial_rtt": "0.005585000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.825744000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.825744000", + "frame.time_delta": "0.001168000", + "frame.time_delta_displayed": "0.001168000", + "frame.time_relative": "1763.365058000", + "frame.number": "6901", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000009ed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000addc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47607", + "tcp.dstport": "80", + "tcp.port": "47607", + "tcp.port": "80", + "tcp.stream": "276", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000952e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005585000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.826216000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.826216000", + "frame.time_delta": "0.000472000", + "frame.time_delta_displayed": "0.000472000", + "frame.time_relative": "1763.365530000", + "frame.number": "6902", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000dcc2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dbc6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47607", + "tcp.port": "80", + "tcp.port": "47607", + "tcp.stream": "276", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002783", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6901", + "tcp.analysis.ack_rtt": "0.000472000", + "tcp.analysis.initial_rtt": "0.005585000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.826901000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.826901000", + "frame.time_delta": "0.000685000", + "frame.time_delta_displayed": "0.000685000", + "frame.time_relative": "1763.366215000", + "frame.number": "6903", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000dcc3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dbb4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47607", + "tcp.port": "80", + "tcp.port": "47607", + "tcp.stream": "276", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000067a4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005585000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.827276000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.827276000", + "frame.time_delta": "0.000375000", + "frame.time_delta_displayed": "0.000375000", + "frame.time_relative": "1763.366590000", + "frame.number": "6904", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000dcc4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d7e1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47607", + "tcp.port": "80", + "tcp.port": "47607", + "tcp.stream": "276", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ba0d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005585000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6903", + "tcp.segment": "6904", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001532000", + "http.request_in": "6901", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.828854000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.828854000", + "frame.time_delta": "0.001578000", + "frame.time_delta_displayed": "0.001578000", + "frame.time_relative": "1763.368168000", + "frame.number": "6905", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000dcc5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d7e0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47607", + "tcp.port": "80", + "tcp.port": "47607", + "tcp.stream": "276", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ba0d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005585000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.833626000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.833626000", + "frame.time_delta": "0.004772000", + "frame.time_delta_displayed": "0.004772000", + "frame.time_relative": "1763.372940000", + "frame.number": "6906", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000009ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ae9b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47607", + "tcp.dstport": "80", + "tcp.port": "47607", + "tcp.port": "80", + "tcp.stream": "276", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000034e3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6903", + "tcp.analysis.ack_rtt": "0.006725000", + "tcp.analysis.initial_rtt": "0.005585000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.833673000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.833673000", + "frame.time_delta": "0.000047000", + "frame.time_delta_displayed": "0.000047000", + "frame.time_relative": "1763.372987000", + "frame.number": "6907", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000009ef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ae9a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47607", + "tcp.dstport": "80", + "tcp.port": "47607", + "tcp.port": "80", + "tcp.stream": "276", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000030f8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6904", + "tcp.analysis.ack_rtt": "0.006397000", + "tcp.analysis.initial_rtt": "0.005585000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.834813000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.834813000", + "frame.time_delta": "0.001140000", + "frame.time_delta_displayed": "0.001140000", + "frame.time_relative": "1763.374127000", + "frame.number": "6908", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000009f0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ae8d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47607", + "tcp.dstport": "80", + "tcp.port": "47607", + "tcp.port": "80", + "tcp.stream": "276", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009c0a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:2e:25:ff:53:2e:26:03:37", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1014": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1014", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005585000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "6907", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.834853000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.834853000", + "frame.time_delta": "0.000040000", + "frame.time_delta_displayed": "0.000040000", + "frame.time_relative": "1763.374167000", + "frame.number": "6909", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000009f1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ae98", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47607", + "tcp.dstport": "80", + "tcp.port": "47607", + "tcp.port": "80", + "tcp.stream": "276", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000030f7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.835284000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.835284000", + "frame.time_delta": "0.000431000", + "frame.time_delta_displayed": "0.000431000", + "frame.time_relative": "1763.374598000", + "frame.number": "6910", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001687", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a202", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47607", + "tcp.port": "80", + "tcp.port": "47607", + "tcp.stream": "276", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000238d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6909", + "tcp.analysis.ack_rtt": "0.000431000", + "tcp.analysis.initial_rtt": "0.005585000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:54.839652000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495354.839652000", + "frame.time_delta": "0.004368000", + "frame.time_delta_displayed": "0.004368000", + "frame.time_relative": "1763.378966000", + "frame.number": "6911", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000023d5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000094b4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47607", + "tcp.dstport": "80", + "tcp.port": "47607", + "tcp.port": "80", + "tcp.stream": "276", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000063be", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.165290000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.165290000", + "frame.time_delta": "0.325638000", + "frame.time_delta_displayed": "0.325638000", + "frame.time_relative": "1763.704604000", + "frame.number": "6912", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.169005000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.169005000", + "frame.time_delta": "0.003715000", + "frame.time_delta_displayed": "0.003715000", + "frame.time_relative": "1763.708319000", + "frame.number": "6913", + "frame.len": "103", + "frame.cap_len": "103", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "89", + "ip.id": "0x00005806", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008193", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "69", + "udp.checksum": "0x00000f59", + "udp.checksum.status": "2", + "udp.stream": "38" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", + "dns.qry.name.len": "37", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.400132000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.400132000", + "frame.time_delta": "0.231127000", + "frame.time_delta_displayed": "0.231127000", + "frame.time_relative": "1763.939446000", + "frame.number": "6914", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b99", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ecf7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x0000de15", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:04:6d:a8:03:07:ce:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.642813000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.642813000", + "frame.time_delta": "0.242681000", + "frame.time_delta_displayed": "0.242681000", + "frame.time_relative": "1764.182127000", + "frame.number": "6915", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005701", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006060", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "279", + "http.prev_response_in": "6897" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.653626000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.653626000", + "frame.time_delta": "0.010813000", + "frame.time_delta_displayed": "0.010813000", + "frame.time_relative": "1764.192940000", + "frame.number": "6916", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000106a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a80b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47608", + "tcp.dstport": "80", + "tcp.port": "47608", + "tcp.port": "80", + "tcp.stream": "277", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x000073af", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:83:8c:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 951180, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "951180", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.654232000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.654232000", + "frame.time_delta": "0.000606000", + "frame.time_delta_displayed": "0.000606000", + "frame.time_relative": "1764.193546000", + "frame.number": "6917", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47608", + "tcp.port": "80", + "tcp.port": "47608", + "tcp.stream": "277", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008859", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6916", + "tcp.analysis.ack_rtt": "0.000606000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.661377000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.661377000", + "frame.time_delta": "0.007145000", + "frame.time_delta_displayed": "0.007145000", + "frame.time_relative": "1764.200691000", + "frame.number": "6918", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000106b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a81e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47608", + "tcp.dstport": "80", + "tcp.port": "47608", + "tcp.port": "80", + "tcp.stream": "277", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000039e1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6917", + "tcp.analysis.ack_rtt": "0.007145000", + "tcp.analysis.initial_rtt": "0.007751000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.661838000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.661838000", + "frame.time_delta": "0.000461000", + "frame.time_delta_displayed": "0.000461000", + "frame.time_relative": "1764.201152000", + "frame.number": "6919", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000106c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a75d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47608", + "tcp.dstport": "80", + "tcp.port": "47608", + "tcp.port": "80", + "tcp.stream": "277", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000995b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007751000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.662318000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.662318000", + "frame.time_delta": "0.000480000", + "frame.time_delta_displayed": "0.000480000", + "frame.time_relative": "1764.201632000", + "frame.number": "6920", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006fc7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000048c2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47608", + "tcp.port": "80", + "tcp.port": "47608", + "tcp.stream": "277", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002bb0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6919", + "tcp.analysis.ack_rtt": "0.000480000", + "tcp.analysis.initial_rtt": "0.007751000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.663047000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.663047000", + "frame.time_delta": "0.000729000", + "frame.time_delta_displayed": "0.000729000", + "frame.time_relative": "1764.202361000", + "frame.number": "6921", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00006fc8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000048b0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47608", + "tcp.port": "80", + "tcp.port": "47608", + "tcp.stream": "277", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006bd1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007751000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.663400000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.663400000", + "frame.time_delta": "0.000353000", + "frame.time_delta_displayed": "0.000353000", + "frame.time_relative": "1764.202714000", + "frame.number": "6922", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00006fc9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000044dd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47608", + "tcp.port": "80", + "tcp.port": "47608", + "tcp.stream": "277", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000be3a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007751000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6921", + "tcp.segment": "6922", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001562000", + "http.request_in": "6919", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.667948000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.667948000", + "frame.time_delta": "0.004548000", + "frame.time_delta_displayed": "0.004548000", + "frame.time_relative": "1764.207262000", + "frame.number": "6923", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000106d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a81c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47608", + "tcp.dstport": "80", + "tcp.port": "47608", + "tcp.port": "80", + "tcp.stream": "277", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003910", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6921", + "tcp.analysis.ack_rtt": "0.004901000", + "tcp.analysis.initial_rtt": "0.007751000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.667991000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.667991000", + "frame.time_delta": "0.000043000", + "frame.time_delta_displayed": "0.000043000", + "frame.time_relative": "1764.207305000", + "frame.number": "6924", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000106e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a81b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47608", + "tcp.dstport": "80", + "tcp.port": "47608", + "tcp.port": "80", + "tcp.stream": "277", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003525", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6922", + "tcp.analysis.ack_rtt": "0.004591000", + "tcp.analysis.initial_rtt": "0.007751000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.668892000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.668892000", + "frame.time_delta": "0.000901000", + "frame.time_delta_displayed": "0.000901000", + "frame.time_relative": "1764.208206000", + "frame.number": "6925", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000106f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a81a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47608", + "tcp.dstport": "80", + "tcp.port": "47608", + "tcp.port": "80", + "tcp.stream": "277", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003524", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.669350000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.669350000", + "frame.time_delta": "0.000458000", + "frame.time_delta_displayed": "0.000458000", + "frame.time_relative": "1764.208664000", + "frame.number": "6926", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000016ca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a1bf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47608", + "tcp.port": "80", + "tcp.port": "47608", + "tcp.stream": "277", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000027ba", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6925", + "tcp.analysis.ack_rtt": "0.000458000", + "tcp.analysis.initial_rtt": "0.007751000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.671958000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.671958000", + "frame.time_delta": "0.002608000", + "frame.time_delta_displayed": "0.002608000", + "frame.time_relative": "1764.211272000", + "frame.number": "6927", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002400", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009489", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47608", + "tcp.dstport": "80", + "tcp.port": "47608", + "tcp.port": "80", + "tcp.stream": "277", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005e69", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.695852000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.695852000", + "frame.time_delta": "0.023894000", + "frame.time_delta_displayed": "0.023894000", + "frame.time_relative": "1764.235166000", + "frame.number": "6928", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005702", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006056", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "280", + "http.prev_response_in": "6915" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.738096000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.738096000", + "frame.time_delta": "0.042244000", + "frame.time_delta_displayed": "0.042244000", + "frame.time_relative": "1764.277410000", + "frame.number": "6929", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00003871", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008004", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47609", + "tcp.dstport": "80", + "tcp.port": "47609", + "tcp.port": "80", + "tcp.stream": "278", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000917f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:83:93:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 951187, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "951187", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.738647000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.738647000", + "frame.time_delta": "0.000551000", + "frame.time_delta_displayed": "0.000551000", + "frame.time_relative": "1764.277961000", + "frame.number": "6930", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47609", + "tcp.port": "80", + "tcp.port": "47609", + "tcp.stream": "278", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000af22", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6929", + "tcp.analysis.ack_rtt": "0.000551000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.743187000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.743187000", + "frame.time_delta": "0.004540000", + "frame.time_delta_displayed": "0.004540000", + "frame.time_relative": "1764.282501000", + "frame.number": "6931", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003872", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008017", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47609", + "tcp.dstport": "80", + "tcp.port": "47609", + "tcp.port": "80", + "tcp.stream": "278", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000060aa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6930", + "tcp.analysis.ack_rtt": "0.004540000", + "tcp.analysis.initial_rtt": "0.005091000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.743239000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.743239000", + "frame.time_delta": "0.000052000", + "frame.time_delta_displayed": "0.000052000", + "frame.time_relative": "1764.282553000", + "frame.number": "6932", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00003873", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007f56", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47609", + "tcp.dstport": "80", + "tcp.port": "47609", + "tcp.port": "80", + "tcp.stream": "278", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c024", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005091000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.743765000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.743765000", + "frame.time_delta": "0.000526000", + "frame.time_delta_displayed": "0.000526000", + "frame.time_relative": "1764.283079000", + "frame.number": "6933", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007c35", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003c54", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47609", + "tcp.port": "80", + "tcp.port": "47609", + "tcp.stream": "278", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005279", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6932", + "tcp.analysis.ack_rtt": "0.000526000", + "tcp.analysis.initial_rtt": "0.005091000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.744521000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.744521000", + "frame.time_delta": "0.000756000", + "frame.time_delta_displayed": "0.000756000", + "frame.time_relative": "1764.283835000", + "frame.number": "6934", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00007c36", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003c42", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47609", + "tcp.port": "80", + "tcp.port": "47609", + "tcp.stream": "278", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000929a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005091000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.744878000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.744878000", + "frame.time_delta": "0.000357000", + "frame.time_delta_displayed": "0.000357000", + "frame.time_relative": "1764.284192000", + "frame.number": "6935", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00007c37", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000386f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47609", + "tcp.port": "80", + "tcp.port": "47609", + "tcp.stream": "278", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e503", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005091000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6934", + "tcp.segment": "6935", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001639000", + "http.request_in": "6932", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.748729000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.748729000", + "frame.time_delta": "0.003851000", + "frame.time_delta_displayed": "0.003851000", + "frame.time_relative": "1764.288043000", + "frame.number": "6936", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00005705", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006059", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "281", + "http.prev_response_in": "6928" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.756853000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.756853000", + "frame.time_delta": "0.008124000", + "frame.time_delta_displayed": "0.008124000", + "frame.time_relative": "1764.296167000", + "frame.number": "6937", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003874", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008015", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47609", + "tcp.dstport": "80", + "tcp.port": "47609", + "tcp.port": "80", + "tcp.stream": "278", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005fd9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6934", + "tcp.analysis.ack_rtt": "0.012332000", + "tcp.analysis.initial_rtt": "0.005091000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.758572000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.758572000", + "frame.time_delta": "0.001719000", + "frame.time_delta_displayed": "0.001719000", + "frame.time_relative": "1764.297886000", + "frame.number": "6938", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003875", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008014", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47609", + "tcp.dstport": "80", + "tcp.port": "47609", + "tcp.port": "80", + "tcp.stream": "278", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005bee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6935", + "tcp.analysis.ack_rtt": "0.013694000", + "tcp.analysis.initial_rtt": "0.005091000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.759285000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.759285000", + "frame.time_delta": "0.000713000", + "frame.time_delta_displayed": "0.000713000", + "frame.time_relative": "1764.298599000", + "frame.number": "6939", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003876", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008013", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47609", + "tcp.dstport": "80", + "tcp.port": "47609", + "tcp.port": "80", + "tcp.stream": "278", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005bed", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.759739000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.759739000", + "frame.time_delta": "0.000454000", + "frame.time_delta_displayed": "0.000454000", + "frame.time_relative": "1764.299053000", + "frame.number": "6940", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000016cd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a1bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47609", + "tcp.port": "80", + "tcp.port": "47609", + "tcp.stream": "278", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004e83", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6939", + "tcp.analysis.ack_rtt": "0.000454000", + "tcp.analysis.initial_rtt": "0.005091000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.771258000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.771258000", + "frame.time_delta": "0.011519000", + "frame.time_delta_displayed": "0.011519000", + "frame.time_relative": "1764.310572000", + "frame.number": "6941", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000b6a4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000001d1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47610", + "tcp.dstport": "80", + "tcp.port": "47610", + "tcp.port": "80", + "tcp.stream": "279", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000d925", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:83:97:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 951191, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "951191", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.771693000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.771693000", + "frame.time_delta": "0.000435000", + "frame.time_delta_displayed": "0.000435000", + "frame.time_relative": "1764.311007000", + "frame.number": "6942", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002409", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009480", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47609", + "tcp.dstport": "80", + "tcp.port": "47609", + "tcp.port": "80", + "tcp.stream": "278", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007c40", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.771795000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.771795000", + "frame.time_delta": "0.000102000", + "frame.time_delta_displayed": "0.000102000", + "frame.time_relative": "1764.311109000", + "frame.number": "6943", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47610", + "tcp.port": "80", + "tcp.port": "47610", + "tcp.stream": "279", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000e3f3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6941", + "tcp.analysis.ack_rtt": "0.000537000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.789699000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.789699000", + "frame.time_delta": "0.017904000", + "frame.time_delta_displayed": "0.017904000", + "frame.time_relative": "1764.329013000", + "frame.number": "6944", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b6a5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000001e4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47610", + "tcp.dstport": "80", + "tcp.port": "47610", + "tcp.port": "80", + "tcp.stream": "279", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000957b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6943", + "tcp.analysis.ack_rtt": "0.017904000", + "tcp.analysis.initial_rtt": "0.018441000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.789880000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.789880000", + "frame.time_delta": "0.000181000", + "frame.time_delta_displayed": "0.000181000", + "frame.time_relative": "1764.329194000", + "frame.number": "6945", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000b6a6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000123", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47610", + "tcp.dstport": "80", + "tcp.port": "47610", + "tcp.port": "80", + "tcp.stream": "279", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f4f5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018441000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.790342000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.790342000", + "frame.time_delta": "0.000462000", + "frame.time_delta_displayed": "0.000462000", + "frame.time_relative": "1764.329656000", + "frame.number": "6946", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000091f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000af6a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47610", + "tcp.port": "80", + "tcp.port": "47610", + "tcp.stream": "279", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000874a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6945", + "tcp.analysis.ack_rtt": "0.000462000", + "tcp.analysis.initial_rtt": "0.018441000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.791112000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.791112000", + "frame.time_delta": "0.000770000", + "frame.time_delta_displayed": "0.000770000", + "frame.time_relative": "1764.330426000", + "frame.number": "6947", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00000920", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000af58", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47610", + "tcp.port": "80", + "tcp.port": "47610", + "tcp.stream": "279", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c76b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018441000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.791468000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.791468000", + "frame.time_delta": "0.000356000", + "frame.time_delta_displayed": "0.000356000", + "frame.time_relative": "1764.330782000", + "frame.number": "6948", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00000921", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ab85", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47610", + "tcp.port": "80", + "tcp.port": "47610", + "tcp.stream": "279", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000019d5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018441000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6947", + "tcp.segment": "6948", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001588000", + "http.request_in": "6945", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.807249000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.807249000", + "frame.time_delta": "0.015781000", + "frame.time_delta_displayed": "0.015781000", + "frame.time_relative": "1764.346563000", + "frame.number": "6949", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b6a7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000001e2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47610", + "tcp.dstport": "80", + "tcp.port": "47610", + "tcp.port": "80", + "tcp.stream": "279", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000094aa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6947", + "tcp.analysis.ack_rtt": "0.016137000", + "tcp.analysis.initial_rtt": "0.018441000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.807426000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.807426000", + "frame.time_delta": "0.000177000", + "frame.time_delta_displayed": "0.000177000", + "frame.time_relative": "1764.346740000", + "frame.number": "6950", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b6a8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000001e1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47610", + "tcp.dstport": "80", + "tcp.port": "47610", + "tcp.port": "80", + "tcp.stream": "279", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000090bf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6948", + "tcp.analysis.ack_rtt": "0.015958000", + "tcp.analysis.initial_rtt": "0.018441000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.808318000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.808318000", + "frame.time_delta": "0.000892000", + "frame.time_delta_displayed": "0.000892000", + "frame.time_relative": "1764.347632000", + "frame.number": "6951", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b6a9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000001e0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47610", + "tcp.dstport": "80", + "tcp.port": "47610", + "tcp.port": "80", + "tcp.stream": "279", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000090be", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.808795000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.808795000", + "frame.time_delta": "0.000477000", + "frame.time_delta_displayed": "0.000477000", + "frame.time_relative": "1764.348109000", + "frame.number": "6952", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000016d1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a1b8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47610", + "tcp.port": "80", + "tcp.port": "47610", + "tcp.stream": "279", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008354", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6951", + "tcp.analysis.ack_rtt": "0.000477000", + "tcp.analysis.initial_rtt": "0.018441000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:55.817701000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495355.817701000", + "frame.time_delta": "0.008906000", + "frame.time_delta_displayed": "0.008906000", + "frame.time_relative": "1764.357015000", + "frame.number": "6953", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000240a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000947f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47610", + "tcp.dstport": "80", + "tcp.port": "47610", + "tcp.port": "80", + "tcp.stream": "279", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c3ea", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.596717000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.596717000", + "frame.time_delta": "0.779016000", + "frame.time_delta_displayed": "0.779016000", + "frame.time_relative": "1765.136031000", + "frame.number": "6954", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x0000968f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007590", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "77559", + "tcp.nxtseq": "77911", + "tcp.ack": "17422", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000aafb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:62:74:a7:a1:9e:61", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2581108, TSecr 2812386913": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2581108", + "tcp.options.timestamp.tsecr": "2812386913" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "352", + "tcp.analysis.push_bytes_sent": "352" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "347", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:28:b3:49:7e:04:8f:59:a3:0a:6f:5e:53:29:83:5d:51:90:ad:59:91:ee:bc:c3:71:cb:77:89:30:b0:85:d1:9e:71:3b:ac:bb:8a:f1:44:a6:c8:71:86:58:a0:b3:19:a4:76:c8:a4:18:59:4d:28:7d:a7:07:e7:1a:b0:e3:22:69:f4:83:68:3a:4d:03:33:73:b0:08:f0:fd:cc:b0:28:8a:12:e1:d1:8a:70:23:c5:ae:54:93:78:b4:a7:9b:2b:4c:bb:64:99:ea:61:9d:37:93:69:76:8b:07:56:d5:65:e3:66:d5:3b:8f:e6:60:2e:2f:8f:80:fb:28:0a:7e:40:86:3c:92:20:09:f9:80:b7:9a:54:7c:4b:41:d0:e5:f0:0d:24:fd:28:f8:cd:38:82:c1:20:40:73:bd:03:df:20:69:ad:66:c5:48:9f:ca:4d:ab:75:43:6e:b0:97:41:c0:76:a6:77:8c:60:c6:fb:35:4e:ee:c9:7a:9c:87:b1:92:a7:37:7b:aa:4c:84:5d:34:73:62:a1:e9:7b:77:1c:b1:5f:85:09:98:46:a0:d5:49:df:29:34:b9:1e:ce:5b:bb:ae:31:f4:b2:7a:59:90:4f:17:6d:40:15:46:f6:95:e1:11:73:83:a5:ac:2e:40:fb:28:de:fd:8a:be:bf:68:43:13:42:66:bd:4a:1e:2a:60:49:f5:e5:d6:37:2b:93:70:42:9b:5b:42:9d:11:ea:09:56:05:8c:29:4a:3d:3e:5f:ab:01:91:2d:ef:03:0f:61:35:96:66:5e:fb:d9:86:95:ce:76:a5:cd:d1:bf:a2:ee:43:0a:3b:a0:90:ad:67:7b:2f:00:be:ca:60:b4:50:89:96:28:f5:f4:cd:81:57:2c:a9:36:70:32:76" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.670007000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.670007000", + "frame.time_delta": "0.073290000", + "frame.time_delta_displayed": "0.073290000", + "frame.time_relative": "1765.209321000", + "frame.number": "6955", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002d83", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037cd", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "17422", + "tcp.nxtseq": "17469", + "tcp.ack": "77911", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ac08", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:b7:28:00:27:62:74", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812393256, TSecr 2581108": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812393256", + "tcp.options.timestamp.tsecr": "2581108" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6954", + "tcp.analysis.ack_rtt": "0.073290000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:c0:dc:31:ab:94:ac:90:46:af:0e:36:ca:be:c0:d7:e4:48:62:33:11:e8:7c:25:a0:db:11:7b:bd:31:0e:7c:40:e4:db:f7" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.670464000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.670464000", + "frame.time_delta": "0.000457000", + "frame.time_delta_displayed": "0.000457000", + "frame.time_relative": "1765.209778000", + "frame.number": "6956", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009690", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076ef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "77911", + "tcp.ack": "17469", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001961", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:62:7b:a7:a1:b7:28", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2581115, TSecr 2812393256": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2581115", + "tcp.options.timestamp.tsecr": "2812393256" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6955", + "tcp.analysis.ack_rtt": "0.000457000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.671900000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.671900000", + "frame.time_delta": "0.001436000", + "frame.time_delta_displayed": "0.001436000", + "frame.time_relative": "1765.211214000", + "frame.number": "6957", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005731", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006030", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "282", + "http.prev_response_in": "6936" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.713837000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.713837000", + "frame.time_delta": "0.041937000", + "frame.time_delta_displayed": "0.041937000", + "frame.time_relative": "1765.253151000", + "frame.number": "6958", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00005607", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000626e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47611", + "tcp.dstport": "80", + "tcp.port": "47611", + "tcp.port": "80", + "tcp.stream": "280", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000297f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:83:f6:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 951286, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "951286", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.714366000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.714366000", + "frame.time_delta": "0.000529000", + "frame.time_delta_displayed": "0.000529000", + "frame.time_relative": "1765.253680000", + "frame.number": "6959", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47611", + "tcp.port": "80", + "tcp.port": "47611", + "tcp.stream": "280", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00002ff4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6958", + "tcp.analysis.ack_rtt": "0.000529000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.718515000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.718515000", + "frame.time_delta": "0.004149000", + "frame.time_delta_displayed": "0.004149000", + "frame.time_relative": "1765.257829000", + "frame.number": "6960", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005608", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006281", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47611", + "tcp.dstport": "80", + "tcp.port": "47611", + "tcp.port": "80", + "tcp.stream": "280", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e17b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6959", + "tcp.analysis.ack_rtt": "0.004149000", + "tcp.analysis.initial_rtt": "0.004678000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.718946000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.718946000", + "frame.time_delta": "0.000431000", + "frame.time_delta_displayed": "0.000431000", + "frame.time_relative": "1765.258260000", + "frame.number": "6961", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00005609", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000061c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47611", + "tcp.dstport": "80", + "tcp.port": "47611", + "tcp.port": "80", + "tcp.stream": "280", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000040f6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004678000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.719374000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.719374000", + "frame.time_delta": "0.000428000", + "frame.time_delta_displayed": "0.000428000", + "frame.time_relative": "1765.258688000", + "frame.number": "6962", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ecca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cbbe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47611", + "tcp.port": "80", + "tcp.port": "47611", + "tcp.stream": "280", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d34a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6961", + "tcp.analysis.ack_rtt": "0.000428000", + "tcp.analysis.initial_rtt": "0.004678000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.720162000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.720162000", + "frame.time_delta": "0.000788000", + "frame.time_delta_displayed": "0.000788000", + "frame.time_relative": "1765.259476000", + "frame.number": "6963", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000eccb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cbac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47611", + "tcp.port": "80", + "tcp.port": "47611", + "tcp.stream": "280", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000136c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004678000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.720459000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.720459000", + "frame.time_delta": "0.000297000", + "frame.time_delta_displayed": "0.000297000", + "frame.time_relative": "1765.259773000", + "frame.number": "6964", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000eccc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c7d9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47611", + "tcp.port": "80", + "tcp.port": "47611", + "tcp.stream": "280", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000065d5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004678000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6963", + "tcp.segment": "6964", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001513000", + "http.request_in": "6961", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.725900000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.725900000", + "frame.time_delta": "0.005441000", + "frame.time_delta_displayed": "0.005441000", + "frame.time_relative": "1765.265214000", + "frame.number": "6965", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000560a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000627f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47611", + "tcp.dstport": "80", + "tcp.port": "47611", + "tcp.port": "80", + "tcp.stream": "280", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e0aa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6963", + "tcp.analysis.ack_rtt": "0.005738000", + "tcp.analysis.initial_rtt": "0.004678000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.726042000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.726042000", + "frame.time_delta": "0.000142000", + "frame.time_delta_displayed": "0.000142000", + "frame.time_relative": "1765.265356000", + "frame.number": "6966", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005732", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006026", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "283", + "http.prev_response_in": "6957" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.726402000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.726402000", + "frame.time_delta": "0.000360000", + "frame.time_delta_displayed": "0.000360000", + "frame.time_relative": "1765.265716000", + "frame.number": "6967", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000560b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000627e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47611", + "tcp.dstport": "80", + "tcp.port": "47611", + "tcp.port": "80", + "tcp.stream": "280", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000dcbf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6964", + "tcp.analysis.ack_rtt": "0.005943000", + "tcp.analysis.initial_rtt": "0.004678000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.726513000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.726513000", + "frame.time_delta": "0.000111000", + "frame.time_delta_displayed": "0.000111000", + "frame.time_relative": "1765.265827000", + "frame.number": "6968", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000560c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000627d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47611", + "tcp.dstport": "80", + "tcp.port": "47611", + "tcp.port": "80", + "tcp.stream": "280", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000dcbe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.726897000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.726897000", + "frame.time_delta": "0.000384000", + "frame.time_delta_displayed": "0.000384000", + "frame.time_relative": "1765.266211000", + "frame.number": "6969", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001705", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a184", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47611", + "tcp.port": "80", + "tcp.port": "47611", + "tcp.stream": "280", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000cf54", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6968", + "tcp.analysis.ack_rtt": "0.000384000", + "tcp.analysis.initial_rtt": "0.004678000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.730636000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.730636000", + "frame.time_delta": "0.003739000", + "frame.time_delta_displayed": "0.003739000", + "frame.time_relative": "1765.269950000", + "frame.number": "6970", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002441", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009448", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47611", + "tcp.dstport": "80", + "tcp.port": "47611", + "tcp.port": "80", + "tcp.stream": "280", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000014a3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.735841000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.735841000", + "frame.time_delta": "0.005205000", + "frame.time_delta_displayed": "0.005205000", + "frame.time_relative": "1765.275155000", + "frame.number": "6971", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000985e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002017", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47612", + "tcp.dstport": "80", + "tcp.port": "47612", + "tcp.port": "80", + "tcp.stream": "281", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00002d42", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:83:f8:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 951288, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "951288", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.736370000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.736370000", + "frame.time_delta": "0.000529000", + "frame.time_delta_displayed": "0.000529000", + "frame.time_relative": "1765.275684000", + "frame.number": "6972", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47612", + "tcp.port": "80", + "tcp.port": "47612", + "tcp.stream": "281", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000c34e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6971", + "tcp.analysis.ack_rtt": "0.000529000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.741368000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.741368000", + "frame.time_delta": "0.004998000", + "frame.time_delta_displayed": "0.004998000", + "frame.time_relative": "1765.280682000", + "frame.number": "6973", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000985f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000202a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47612", + "tcp.dstport": "80", + "tcp.port": "47612", + "tcp.port": "80", + "tcp.stream": "281", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000074d6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6972", + "tcp.analysis.ack_rtt": "0.004998000", + "tcp.analysis.initial_rtt": "0.005527000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.741762000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.741762000", + "frame.time_delta": "0.000394000", + "frame.time_delta_displayed": "0.000394000", + "frame.time_relative": "1765.281076000", + "frame.number": "6974", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00009860", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001f69", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47612", + "tcp.dstport": "80", + "tcp.port": "47612", + "tcp.port": "80", + "tcp.stream": "281", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d450", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005527000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.742222000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.742222000", + "frame.time_delta": "0.000460000", + "frame.time_delta_displayed": "0.000460000", + "frame.time_relative": "1765.281536000", + "frame.number": "6975", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d686", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e202", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47612", + "tcp.port": "80", + "tcp.port": "47612", + "tcp.stream": "281", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000066a5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6974", + "tcp.analysis.ack_rtt": "0.000460000", + "tcp.analysis.initial_rtt": "0.005527000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.743058000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.743058000", + "frame.time_delta": "0.000836000", + "frame.time_delta_displayed": "0.000836000", + "frame.time_relative": "1765.282372000", + "frame.number": "6976", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000d687", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e1f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47612", + "tcp.port": "80", + "tcp.port": "47612", + "tcp.stream": "281", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a6c6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005527000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.743392000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.743392000", + "frame.time_delta": "0.000334000", + "frame.time_delta_displayed": "0.000334000", + "frame.time_relative": "1765.282706000", + "frame.number": "6977", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000d688", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000de1d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47612", + "tcp.port": "80", + "tcp.port": "47612", + "tcp.stream": "281", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f92f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005527000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6976", + "tcp.segment": "6977", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001630000", + "http.request_in": "6974", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.746195000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.746195000", + "frame.time_delta": "0.002803000", + "frame.time_delta_displayed": "0.002803000", + "frame.time_relative": "1765.285509000", + "frame.number": "6978", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009861", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002028", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47612", + "tcp.dstport": "80", + "tcp.port": "47612", + "tcp.port": "80", + "tcp.stream": "281", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007405", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6976", + "tcp.analysis.ack_rtt": "0.003137000", + "tcp.analysis.initial_rtt": "0.005527000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.747282000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.747282000", + "frame.time_delta": "0.001087000", + "frame.time_delta_displayed": "0.001087000", + "frame.time_relative": "1765.286596000", + "frame.number": "6979", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009862", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002027", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47612", + "tcp.dstport": "80", + "tcp.port": "47612", + "tcp.port": "80", + "tcp.stream": "281", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000701a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6977", + "tcp.analysis.ack_rtt": "0.003890000", + "tcp.analysis.initial_rtt": "0.005527000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.748406000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.748406000", + "frame.time_delta": "0.001124000", + "frame.time_delta_displayed": "0.001124000", + "frame.time_relative": "1765.287720000", + "frame.number": "6980", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009863", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002026", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47612", + "tcp.dstport": "80", + "tcp.port": "47612", + "tcp.port": "80", + "tcp.stream": "281", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007019", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.748878000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.748878000", + "frame.time_delta": "0.000472000", + "frame.time_delta_displayed": "0.000472000", + "frame.time_relative": "1765.288192000", + "frame.number": "6981", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001708", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a181", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47612", + "tcp.port": "80", + "tcp.port": "47612", + "tcp.stream": "281", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000062af", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6980", + "tcp.analysis.ack_rtt": "0.000472000", + "tcp.analysis.initial_rtt": "0.005527000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.752966000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.752966000", + "frame.time_delta": "0.004088000", + "frame.time_delta_displayed": "0.004088000", + "frame.time_relative": "1765.292280000", + "frame.number": "6982", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002443", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009446", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47612", + "tcp.dstport": "80", + "tcp.port": "47612", + "tcp.port": "80", + "tcp.stream": "281", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001868", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.780402000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.780402000", + "frame.time_delta": "0.027436000", + "frame.time_delta_displayed": "0.027436000", + "frame.time_relative": "1765.319716000", + "frame.number": "6983", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00005733", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000602b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "284", + "http.prev_response_in": "6966" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.785923000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.785923000", + "frame.time_delta": "0.005521000", + "frame.time_delta_displayed": "0.005521000", + "frame.time_relative": "1765.325237000", + "frame.number": "6984", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000d6f5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e17f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47613", + "tcp.dstport": "80", + "tcp.port": "47613", + "tcp.port": "80", + "tcp.stream": "282", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00009294", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:83:fd:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 951293, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "951293", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.786454000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.786454000", + "frame.time_delta": "0.000531000", + "frame.time_delta_displayed": "0.000531000", + "frame.time_relative": "1765.325768000", + "frame.number": "6985", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47613", + "tcp.port": "80", + "tcp.port": "47613", + "tcp.stream": "282", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00002e24", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6984", + "tcp.analysis.ack_rtt": "0.000531000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.793237000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.793237000", + "frame.time_delta": "0.006783000", + "frame.time_delta_displayed": "0.006783000", + "frame.time_relative": "1765.332551000", + "frame.number": "6986", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d6f6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e192", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47613", + "tcp.dstport": "80", + "tcp.port": "47613", + "tcp.port": "80", + "tcp.stream": "282", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000dfab", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6985", + "tcp.analysis.ack_rtt": "0.006783000", + "tcp.analysis.initial_rtt": "0.007314000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.793353000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.793353000", + "frame.time_delta": "0.000116000", + "frame.time_delta_displayed": "0.000116000", + "frame.time_relative": "1765.332667000", + "frame.number": "6987", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000d6f7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e0d1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47613", + "tcp.dstport": "80", + "tcp.port": "47613", + "tcp.port": "80", + "tcp.stream": "282", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003f26", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007314000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.793809000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.793809000", + "frame.time_delta": "0.000456000", + "frame.time_delta_displayed": "0.000456000", + "frame.time_relative": "1765.333123000", + "frame.number": "6988", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d577", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e311", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47613", + "tcp.port": "80", + "tcp.port": "47613", + "tcp.stream": "282", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d17a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6987", + "tcp.analysis.ack_rtt": "0.000456000", + "tcp.analysis.initial_rtt": "0.007314000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.794497000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.794497000", + "frame.time_delta": "0.000688000", + "frame.time_delta_displayed": "0.000688000", + "frame.time_relative": "1765.333811000", + "frame.number": "6989", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000d578", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e2ff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47613", + "tcp.port": "80", + "tcp.port": "47613", + "tcp.stream": "282", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000119c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007314000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.794962000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.794962000", + "frame.time_delta": "0.000465000", + "frame.time_delta_displayed": "0.000465000", + "frame.time_relative": "1765.334276000", + "frame.number": "6990", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000d579", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000df2c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47613", + "tcp.port": "80", + "tcp.port": "47613", + "tcp.stream": "282", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006405", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007314000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "6989", + "tcp.segment": "6990", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001609000", + "http.request_in": "6987", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.798678000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.798678000", + "frame.time_delta": "0.003716000", + "frame.time_delta_displayed": "0.003716000", + "frame.time_relative": "1765.337992000", + "frame.number": "6991", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d6f8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e190", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47613", + "tcp.dstport": "80", + "tcp.port": "47613", + "tcp.port": "80", + "tcp.stream": "282", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000deda", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6989", + "tcp.analysis.ack_rtt": "0.004181000", + "tcp.analysis.initial_rtt": "0.007314000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.799352000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.799352000", + "frame.time_delta": "0.000674000", + "frame.time_delta_displayed": "0.000674000", + "frame.time_relative": "1765.338666000", + "frame.number": "6992", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d6f9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e18f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47613", + "tcp.dstport": "80", + "tcp.port": "47613", + "tcp.port": "80", + "tcp.stream": "282", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000daef", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6990", + "tcp.analysis.ack_rtt": "0.004390000", + "tcp.analysis.initial_rtt": "0.007314000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.800119000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.800119000", + "frame.time_delta": "0.000767000", + "frame.time_delta_displayed": "0.000767000", + "frame.time_relative": "1765.339433000", + "frame.number": "6993", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d6fa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e18e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47613", + "tcp.dstport": "80", + "tcp.port": "47613", + "tcp.port": "80", + "tcp.stream": "282", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000daee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.800557000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.800557000", + "frame.time_delta": "0.000438000", + "frame.time_delta_displayed": "0.000438000", + "frame.time_relative": "1765.339871000", + "frame.number": "6994", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000170a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a17f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47613", + "tcp.port": "80", + "tcp.port": "47613", + "tcp.stream": "282", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000cd84", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6993", + "tcp.analysis.ack_rtt": "0.000438000", + "tcp.analysis.initial_rtt": "0.007314000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:56.808923000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495356.808923000", + "frame.time_delta": "0.008366000", + "frame.time_delta_displayed": "0.008366000", + "frame.time_relative": "1765.348237000", + "frame.number": "6995", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002448", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009441", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47613", + "tcp.dstport": "80", + "tcp.port": "47613", + "tcp.port": "80", + "tcp.stream": "282", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007dbf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.569567000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.569567000", + "frame.time_delta": "0.760644000", + "frame.time_delta_displayed": "0.760644000", + "frame.time_relative": "1766.108881000", + "frame.number": "6996", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000575c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006005", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "285", + "http.prev_response_in": "6983" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.622360000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.622360000", + "frame.time_delta": "0.052793000", + "frame.time_delta_displayed": "0.052793000", + "frame.time_relative": "1766.161674000", + "frame.number": "6997", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005760", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005ff8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "286", + "http.prev_response_in": "6996" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.634151000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.634151000", + "frame.time_delta": "0.011791000", + "frame.time_delta_displayed": "0.011791000", + "frame.time_relative": "1766.173465000", + "frame.number": "6998", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00001015", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a860", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47614", + "tcp.dstport": "80", + "tcp.port": "47614", + "tcp.port": "80", + "tcp.stream": "283", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00003250", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:84:52:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 951378, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "951378", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.634703000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.634703000", + "frame.time_delta": "0.000552000", + "frame.time_delta_displayed": "0.000552000", + "frame.time_relative": "1766.174017000", + "frame.number": "6999", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47614", + "tcp.port": "80", + "tcp.port": "47614", + "tcp.stream": "283", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008dd2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "6998", + "tcp.analysis.ack_rtt": "0.000552000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.637809000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.637809000", + "frame.time_delta": "0.003106000", + "frame.time_delta_displayed": "0.003106000", + "frame.time_relative": "1766.177123000", + "frame.number": "7000", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001016", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a873", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47614", + "tcp.dstport": "80", + "tcp.port": "47614", + "tcp.port": "80", + "tcp.stream": "283", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003f5a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "6999", + "tcp.analysis.ack_rtt": "0.003106000", + "tcp.analysis.initial_rtt": "0.003658000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.639329000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.639329000", + "frame.time_delta": "0.001520000", + "frame.time_delta_displayed": "0.001520000", + "frame.time_relative": "1766.178643000", + "frame.number": "7001", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00001017", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a7b2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47614", + "tcp.dstport": "80", + "tcp.port": "47614", + "tcp.port": "80", + "tcp.stream": "283", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009ed4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003658000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.639836000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.639836000", + "frame.time_delta": "0.000507000", + "frame.time_delta_displayed": "0.000507000", + "frame.time_relative": "1766.179150000", + "frame.number": "7002", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000098f0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001f99", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47614", + "tcp.port": "80", + "tcp.port": "47614", + "tcp.stream": "283", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003129", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7001", + "tcp.analysis.ack_rtt": "0.000507000", + "tcp.analysis.initial_rtt": "0.003658000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.640561000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.640561000", + "frame.time_delta": "0.000725000", + "frame.time_delta_displayed": "0.000725000", + "frame.time_relative": "1766.179875000", + "frame.number": "7003", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000098f1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001f87", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47614", + "tcp.port": "80", + "tcp.port": "47614", + "tcp.stream": "283", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000714a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003658000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.640912000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.640912000", + "frame.time_delta": "0.000351000", + "frame.time_delta_displayed": "0.000351000", + "frame.time_relative": "1766.180226000", + "frame.number": "7004", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000098f2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001bb4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47614", + "tcp.port": "80", + "tcp.port": "47614", + "tcp.stream": "283", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c3b3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003658000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7003", + "tcp.segment": "7004", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001583000", + "http.request_in": "7001", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.644744000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.644744000", + "frame.time_delta": "0.003832000", + "frame.time_delta_displayed": "0.003832000", + "frame.time_relative": "1766.184058000", + "frame.number": "7005", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001018", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a871", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47614", + "tcp.dstport": "80", + "tcp.port": "47614", + "tcp.port": "80", + "tcp.stream": "283", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003e89", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7003", + "tcp.analysis.ack_rtt": "0.004183000", + "tcp.analysis.initial_rtt": "0.003658000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.644795000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.644795000", + "frame.time_delta": "0.000051000", + "frame.time_delta_displayed": "0.000051000", + "frame.time_relative": "1766.184109000", + "frame.number": "7006", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001019", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a870", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47614", + "tcp.dstport": "80", + "tcp.port": "47614", + "tcp.port": "80", + "tcp.stream": "283", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003a9e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7004", + "tcp.analysis.ack_rtt": "0.003883000", + "tcp.analysis.initial_rtt": "0.003658000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.646189000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.646189000", + "frame.time_delta": "0.001394000", + "frame.time_delta_displayed": "0.001394000", + "frame.time_relative": "1766.185503000", + "frame.number": "7007", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000101a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a86f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47614", + "tcp.dstport": "80", + "tcp.port": "47614", + "tcp.port": "80", + "tcp.stream": "283", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003a9d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.646644000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.646644000", + "frame.time_delta": "0.000455000", + "frame.time_delta_displayed": "0.000455000", + "frame.time_relative": "1766.185958000", + "frame.number": "7008", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001740", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a149", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47614", + "tcp.port": "80", + "tcp.port": "47614", + "tcp.stream": "283", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002d33", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7007", + "tcp.analysis.ack_rtt": "0.000455000", + "tcp.analysis.initial_rtt": "0.003658000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.649921000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.649921000", + "frame.time_delta": "0.003277000", + "frame.time_delta_displayed": "0.003277000", + "frame.time_relative": "1766.189235000", + "frame.number": "7009", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002494", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000093f5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47614", + "tcp.dstport": "80", + "tcp.port": "47614", + "tcp.port": "80", + "tcp.stream": "283", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001dd0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.669172000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.669172000", + "frame.time_delta": "0.019251000", + "frame.time_delta_displayed": "0.019251000", + "frame.time_relative": "1766.208486000", + "frame.number": "7010", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fa8", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b848", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000126e", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000287", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=647", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.670019000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.670019000", + "frame.time_delta": "0.000847000", + "frame.time_delta_displayed": "0.000847000", + "frame.time_relative": "1766.209333000", + "frame.number": "7011", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fa9", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009943", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f369", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000287", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=647", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.670532000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.670532000", + "frame.time_delta": "0.000513000", + "frame.time_delta_displayed": "0.000513000", + "frame.time_relative": "1766.209846000", + "frame.number": "7012", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000812f", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000287", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=647", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.675543000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.675543000", + "frame.time_delta": "0.005011000", + "frame.time_delta_displayed": "0.005011000", + "frame.time_relative": "1766.214857000", + "frame.number": "7013", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00005761", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005ffd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "287", + "http.prev_response_in": "6997" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.723455000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.723455000", + "frame.time_delta": "0.047912000", + "frame.time_delta_displayed": "0.047912000", + "frame.time_relative": "1766.262769000", + "frame.number": "7014", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000545c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006419", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47617", + "tcp.dstport": "80", + "tcp.port": "47617", + "tcp.port": "80", + "tcp.stream": "284", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000d588", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:84:5b:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 951387, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "951387", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.724018000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.724018000", + "frame.time_delta": "0.000563000", + "frame.time_delta_displayed": "0.000563000", + "frame.time_relative": "1766.263332000", + "frame.number": "7015", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47617", + "tcp.port": "80", + "tcp.port": "47617", + "tcp.stream": "284", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00002b1b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7014", + "tcp.analysis.ack_rtt": "0.000563000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.740289000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.740289000", + "frame.time_delta": "0.016271000", + "frame.time_delta_displayed": "0.016271000", + "frame.time_relative": "1766.279603000", + "frame.number": "7016", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000545d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000642c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47617", + "tcp.dstport": "80", + "tcp.port": "47617", + "tcp.port": "80", + "tcp.stream": "284", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000dca2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7015", + "tcp.analysis.ack_rtt": "0.016271000", + "tcp.analysis.initial_rtt": "0.016834000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.741177000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.741177000", + "frame.time_delta": "0.000888000", + "frame.time_delta_displayed": "0.000888000", + "frame.time_relative": "1766.280491000", + "frame.number": "7017", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000545e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000636b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47617", + "tcp.dstport": "80", + "tcp.port": "47617", + "tcp.port": "80", + "tcp.stream": "284", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003c1d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.016834000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.741638000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.741638000", + "frame.time_delta": "0.000461000", + "frame.time_delta_displayed": "0.000461000", + "frame.time_relative": "1766.280952000", + "frame.number": "7018", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000bb86", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fd02", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47617", + "tcp.port": "80", + "tcp.port": "47617", + "tcp.stream": "284", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ce71", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7017", + "tcp.analysis.ack_rtt": "0.000461000", + "tcp.analysis.initial_rtt": "0.016834000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.742320000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.742320000", + "frame.time_delta": "0.000682000", + "frame.time_delta_displayed": "0.000682000", + "frame.time_relative": "1766.281634000", + "frame.number": "7019", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000bb87", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000fcf0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47617", + "tcp.port": "80", + "tcp.port": "47617", + "tcp.stream": "284", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000e93", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.016834000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.742747000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.742747000", + "frame.time_delta": "0.000427000", + "frame.time_delta_displayed": "0.000427000", + "frame.time_relative": "1766.282061000", + "frame.number": "7020", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000bb88", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f91d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47617", + "tcp.port": "80", + "tcp.port": "47617", + "tcp.stream": "284", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000060fc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.016834000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7019", + "tcp.segment": "7020", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001570000", + "http.request_in": "7017", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.749008000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.749008000", + "frame.time_delta": "0.006261000", + "frame.time_delta_displayed": "0.006261000", + "frame.time_relative": "1766.288322000", + "frame.number": "7021", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000545f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000642a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47617", + "tcp.dstport": "80", + "tcp.port": "47617", + "tcp.port": "80", + "tcp.stream": "284", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000dbd1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7019", + "tcp.analysis.ack_rtt": "0.006688000", + "tcp.analysis.initial_rtt": "0.016834000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.749112000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.749112000", + "frame.time_delta": "0.000104000", + "frame.time_delta_displayed": "0.000104000", + "frame.time_relative": "1766.288426000", + "frame.number": "7022", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005460", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006429", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47617", + "tcp.dstport": "80", + "tcp.port": "47617", + "tcp.port": "80", + "tcp.stream": "284", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d7e6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7020", + "tcp.analysis.ack_rtt": "0.006365000", + "tcp.analysis.initial_rtt": "0.016834000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.749768000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.749768000", + "frame.time_delta": "0.000656000", + "frame.time_delta_displayed": "0.000656000", + "frame.time_relative": "1766.289082000", + "frame.number": "7023", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005461", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006428", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47617", + "tcp.dstport": "80", + "tcp.port": "47617", + "tcp.port": "80", + "tcp.stream": "284", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d7e5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.750231000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.750231000", + "frame.time_delta": "0.000463000", + "frame.time_delta_displayed": "0.000463000", + "frame.time_relative": "1766.289545000", + "frame.number": "7024", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001745", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a144", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47617", + "tcp.port": "80", + "tcp.port": "47617", + "tcp.stream": "284", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ca7b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7023", + "tcp.analysis.ack_rtt": "0.000463000", + "tcp.analysis.initial_rtt": "0.016834000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:57.753376000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495357.753376000", + "frame.time_delta": "0.003145000", + "frame.time_delta_displayed": "0.003145000", + "frame.time_relative": "1766.292690000", + "frame.number": "7025", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000249f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000093ea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47617", + "tcp.dstport": "80", + "tcp.port": "47617", + "tcp.port": "80", + "tcp.stream": "284", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c111", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.622565000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.622565000", + "frame.time_delta": "0.869189000", + "frame.time_delta_displayed": "0.869189000", + "frame.time_relative": "1767.161879000", + "frame.number": "7026", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000057a0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005fc1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "288", + "http.prev_response_in": "7013" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.628898000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.628898000", + "frame.time_delta": "0.006333000", + "frame.time_delta_displayed": "0.006333000", + "frame.time_relative": "1767.168212000", + "frame.number": "7027", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000a89a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000fdb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47618", + "tcp.dstport": "80", + "tcp.port": "47618", + "tcp.port": "80", + "tcp.stream": "285", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000a536", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:84:b5:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 951477, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "951477", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.629459000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.629459000", + "frame.time_delta": "0.000561000", + "frame.time_delta_displayed": "0.000561000", + "frame.time_relative": "1767.168773000", + "frame.number": "7028", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47618", + "tcp.port": "80", + "tcp.port": "47618", + "tcp.stream": "285", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000a75e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7027", + "tcp.analysis.ack_rtt": "0.000561000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.632862000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.632862000", + "frame.time_delta": "0.003403000", + "frame.time_delta_displayed": "0.003403000", + "frame.time_relative": "1767.172176000", + "frame.number": "7029", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a89b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000fee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47618", + "tcp.dstport": "80", + "tcp.port": "47618", + "tcp.port": "80", + "tcp.stream": "285", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000058e6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7028", + "tcp.analysis.ack_rtt": "0.003403000", + "tcp.analysis.initial_rtt": "0.003964000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.633301000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.633301000", + "frame.time_delta": "0.000439000", + "frame.time_delta_displayed": "0.000439000", + "frame.time_relative": "1767.172615000", + "frame.number": "7030", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000a89c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000f2d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47618", + "tcp.dstport": "80", + "tcp.port": "47618", + "tcp.port": "80", + "tcp.stream": "285", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b860", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003964000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.633788000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.633788000", + "frame.time_delta": "0.000487000", + "frame.time_delta_displayed": "0.000487000", + "frame.time_relative": "1767.173102000", + "frame.number": "7031", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e032", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d856", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47618", + "tcp.port": "80", + "tcp.port": "47618", + "tcp.stream": "285", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004ab5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7030", + "tcp.analysis.ack_rtt": "0.000487000", + "tcp.analysis.initial_rtt": "0.003964000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.634430000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.634430000", + "frame.time_delta": "0.000642000", + "frame.time_delta_displayed": "0.000642000", + "frame.time_relative": "1767.173744000", + "frame.number": "7032", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000e033", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d844", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47618", + "tcp.port": "80", + "tcp.port": "47618", + "tcp.stream": "285", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008ad6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003964000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.634780000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.634780000", + "frame.time_delta": "0.000350000", + "frame.time_delta_displayed": "0.000350000", + "frame.time_relative": "1767.174094000", + "frame.number": "7033", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000e034", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d471", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47618", + "tcp.port": "80", + "tcp.port": "47618", + "tcp.stream": "285", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000dd3f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003964000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7032", + "tcp.segment": "7033", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001479000", + "http.request_in": "7030", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.638019000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.638019000", + "frame.time_delta": "0.003239000", + "frame.time_delta_displayed": "0.003239000", + "frame.time_relative": "1767.177333000", + "frame.number": "7034", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a89d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000fec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47618", + "tcp.dstport": "80", + "tcp.port": "47618", + "tcp.port": "80", + "tcp.stream": "285", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005815", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7032", + "tcp.analysis.ack_rtt": "0.003589000", + "tcp.analysis.initial_rtt": "0.003964000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.638484000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.638484000", + "frame.time_delta": "0.000465000", + "frame.time_delta_displayed": "0.000465000", + "frame.time_relative": "1767.177798000", + "frame.number": "7035", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a89e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000feb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47618", + "tcp.dstport": "80", + "tcp.port": "47618", + "tcp.port": "80", + "tcp.stream": "285", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000542a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7033", + "tcp.analysis.ack_rtt": "0.003704000", + "tcp.analysis.initial_rtt": "0.003964000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.639426000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.639426000", + "frame.time_delta": "0.000942000", + "frame.time_delta_displayed": "0.000942000", + "frame.time_relative": "1767.178740000", + "frame.number": "7036", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a89f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000fea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47618", + "tcp.dstport": "80", + "tcp.port": "47618", + "tcp.port": "80", + "tcp.stream": "285", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005429", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.639878000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.639878000", + "frame.time_delta": "0.000452000", + "frame.time_delta_displayed": "0.000452000", + "frame.time_relative": "1767.179192000", + "frame.number": "7037", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000176f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a11a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47618", + "tcp.port": "80", + "tcp.port": "47618", + "tcp.stream": "285", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000046bf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7036", + "tcp.analysis.ack_rtt": "0.000452000", + "tcp.analysis.initial_rtt": "0.003964000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.644489000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.644489000", + "frame.time_delta": "0.004611000", + "frame.time_delta_displayed": "0.004611000", + "frame.time_relative": "1767.183803000", + "frame.number": "7038", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000024f6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009393", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47618", + "tcp.dstport": "80", + "tcp.port": "47618", + "tcp.port": "80", + "tcp.stream": "285", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009119", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.675708000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.675708000", + "frame.time_delta": "0.031219000", + "frame.time_delta_displayed": "0.031219000", + "frame.time_relative": "1767.215022000", + "frame.number": "7039", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000057a3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005fb5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "289", + "http.prev_response_in": "7026" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.748264000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.748264000", + "frame.time_delta": "0.072556000", + "frame.time_delta_displayed": "0.072556000", + "frame.time_relative": "1767.287578000", + "frame.number": "7040", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00007aac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003dc9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47619", + "tcp.dstport": "80", + "tcp.port": "47619", + "tcp.port": "80", + "tcp.stream": "286", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00002093", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:84:bb:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 951483, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "951483", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.748200000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.748200000", + "frame.time_delta": "-0.000064000", + "frame.time_delta_displayed": "-0.000064000", + "frame.time_relative": "1767.287514000", + "frame.number": "7041", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000057a5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005fb9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "290", + "http.prev_response_in": "7039" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.748823000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.748823000", + "frame.time_delta": "0.000623000", + "frame.time_delta_displayed": "0.000623000", + "frame.time_relative": "1767.288137000", + "frame.number": "7042", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47619", + "tcp.port": "80", + "tcp.port": "47619", + "tcp.stream": "286", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000013be", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7040", + "tcp.analysis.ack_rtt": "0.000559000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.760627000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.760627000", + "frame.time_delta": "0.011804000", + "frame.time_delta_displayed": "0.011804000", + "frame.time_relative": "1767.299941000", + "frame.number": "7043", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007aad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003ddc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47619", + "tcp.dstport": "80", + "tcp.port": "47619", + "tcp.port": "80", + "tcp.stream": "286", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c545", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7042", + "tcp.analysis.ack_rtt": "0.011804000", + "tcp.analysis.initial_rtt": "0.012363000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.761377000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.761377000", + "frame.time_delta": "0.000750000", + "frame.time_delta_displayed": "0.000750000", + "frame.time_relative": "1767.300691000", + "frame.number": "7044", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00007aae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003d1b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47619", + "tcp.dstport": "80", + "tcp.port": "47619", + "tcp.port": "80", + "tcp.stream": "286", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000024c0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.012363000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.761841000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.761841000", + "frame.time_delta": "0.000464000", + "frame.time_delta_displayed": "0.000464000", + "frame.time_relative": "1767.301155000", + "frame.number": "7045", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000001dc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b6ad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47619", + "tcp.port": "80", + "tcp.port": "47619", + "tcp.stream": "286", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b714", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7044", + "tcp.analysis.ack_rtt": "0.000464000", + "tcp.analysis.initial_rtt": "0.012363000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.762495000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.762495000", + "frame.time_delta": "0.000654000", + "frame.time_delta_displayed": "0.000654000", + "frame.time_relative": "1767.301809000", + "frame.number": "7046", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000001dd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b69b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47619", + "tcp.port": "80", + "tcp.port": "47619", + "tcp.stream": "286", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f735", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.012363000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.762846000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.762846000", + "frame.time_delta": "0.000351000", + "frame.time_delta_displayed": "0.000351000", + "frame.time_relative": "1767.302160000", + "frame.number": "7047", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000001de", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b2c8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47619", + "tcp.port": "80", + "tcp.port": "47619", + "tcp.stream": "286", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000499f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.012363000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7046", + "tcp.segment": "7047", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001469000", + "http.request_in": "7044", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.770342000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.770342000", + "frame.time_delta": "0.007496000", + "frame.time_delta_displayed": "0.007496000", + "frame.time_relative": "1767.309656000", + "frame.number": "7048", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007aaf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003dda", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47619", + "tcp.dstport": "80", + "tcp.port": "47619", + "tcp.port": "80", + "tcp.stream": "286", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c474", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7046", + "tcp.analysis.ack_rtt": "0.007847000", + "tcp.analysis.initial_rtt": "0.012363000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.770380000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.770380000", + "frame.time_delta": "0.000038000", + "frame.time_delta_displayed": "0.000038000", + "frame.time_relative": "1767.309694000", + "frame.number": "7049", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007ab0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003dd9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47619", + "tcp.dstport": "80", + "tcp.port": "47619", + "tcp.port": "80", + "tcp.stream": "286", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c089", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7047", + "tcp.analysis.ack_rtt": "0.007534000", + "tcp.analysis.initial_rtt": "0.012363000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.773074000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.773074000", + "frame.time_delta": "0.002694000", + "frame.time_delta_displayed": "0.002694000", + "frame.time_relative": "1767.312388000", + "frame.number": "7050", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007ab1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003dd8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47619", + "tcp.dstport": "80", + "tcp.port": "47619", + "tcp.port": "80", + "tcp.stream": "286", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c088", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.773539000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.773539000", + "frame.time_delta": "0.000465000", + "frame.time_delta_displayed": "0.000465000", + "frame.time_relative": "1767.312853000", + "frame.number": "7051", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000177b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a10e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47619", + "tcp.port": "80", + "tcp.port": "47619", + "tcp.stream": "286", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b31e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7050", + "tcp.analysis.ack_rtt": "0.000465000", + "tcp.analysis.initial_rtt": "0.012363000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:58.777780000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495358.777780000", + "frame.time_delta": "0.004241000", + "frame.time_delta_displayed": "0.004241000", + "frame.time_relative": "1767.317094000", + "frame.number": "7052", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000024fe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000938b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47619", + "tcp.dstport": "80", + "tcp.port": "47619", + "tcp.port": "80", + "tcp.stream": "286", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000c7c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:59.464765000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495359.464765000", + "frame.time_delta": "0.686985000", + "frame.time_delta_displayed": "0.686985000", + "frame.time_relative": "1768.004079000", + "frame.number": "7053", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000057cc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005f95", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "291", + "http.prev_response_in": "7041" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:59.517637000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495359.517637000", + "frame.time_delta": "0.052872000", + "frame.time_delta_displayed": "0.052872000", + "frame.time_relative": "1768.056951000", + "frame.number": "7054", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000057d0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005f88", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "292", + "http.prev_response_in": "7053" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:59.570455000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495359.570455000", + "frame.time_delta": "0.052818000", + "frame.time_delta_displayed": "0.052818000", + "frame.time_relative": "1768.109769000", + "frame.number": "7055", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000057d6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005f88", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "293", + "http.prev_response_in": "7054" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:59.583472000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495359.583472000", + "frame.time_delta": "0.013017000", + "frame.time_delta_displayed": "0.013017000", + "frame.time_relative": "1768.122786000", + "frame.number": "7056", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000717b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000046fa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47621", + "tcp.dstport": "80", + "tcp.port": "47621", + "tcp.port": "80", + "tcp.stream": "287", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000cb6a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:85:15:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 951573, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "951573", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:59.584016000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495359.584016000", + "frame.time_delta": "0.000544000", + "frame.time_delta_displayed": "0.000544000", + "frame.time_relative": "1768.123330000", + "frame.number": "7057", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47621", + "tcp.port": "80", + "tcp.port": "47621", + "tcp.stream": "287", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00005a4f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7056", + "tcp.analysis.ack_rtt": "0.000544000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:59.590144000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495359.590144000", + "frame.time_delta": "0.006128000", + "frame.time_delta_displayed": "0.006128000", + "frame.time_relative": "1768.129458000", + "frame.number": "7058", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000717c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000470d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47621", + "tcp.dstport": "80", + "tcp.port": "47621", + "tcp.port": "80", + "tcp.stream": "287", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000bd7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7057", + "tcp.analysis.ack_rtt": "0.006128000", + "tcp.analysis.initial_rtt": "0.006672000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:59.591519000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495359.591519000", + "frame.time_delta": "0.001375000", + "frame.time_delta_displayed": "0.001375000", + "frame.time_relative": "1768.130833000", + "frame.number": "7059", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000717d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000464c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47621", + "tcp.dstport": "80", + "tcp.port": "47621", + "tcp.port": "80", + "tcp.stream": "287", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006b51", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006672000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:59.592022000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495359.592022000", + "frame.time_delta": "0.000503000", + "frame.time_delta_displayed": "0.000503000", + "frame.time_relative": "1768.131336000", + "frame.number": "7060", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009150", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002739", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47621", + "tcp.port": "80", + "tcp.port": "47621", + "tcp.stream": "287", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000fda5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7059", + "tcp.analysis.ack_rtt": "0.000503000", + "tcp.analysis.initial_rtt": "0.006672000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:59.592672000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495359.592672000", + "frame.time_delta": "0.000650000", + "frame.time_delta_displayed": "0.000650000", + "frame.time_relative": "1768.131986000", + "frame.number": "7061", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00009151", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002727", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47621", + "tcp.port": "80", + "tcp.port": "47621", + "tcp.stream": "287", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003dc7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006672000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:59.593106000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495359.593106000", + "frame.time_delta": "0.000434000", + "frame.time_delta_displayed": "0.000434000", + "frame.time_relative": "1768.132420000", + "frame.number": "7062", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00009152", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002354", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47621", + "tcp.port": "80", + "tcp.port": "47621", + "tcp.stream": "287", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009030", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006672000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7061", + "tcp.segment": "7062", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001587000", + "http.request_in": "7059", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:59.596062000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495359.596062000", + "frame.time_delta": "0.002956000", + "frame.time_delta_displayed": "0.002956000", + "frame.time_relative": "1768.135376000", + "frame.number": "7063", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000717e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000470b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47621", + "tcp.dstport": "80", + "tcp.port": "47621", + "tcp.port": "80", + "tcp.stream": "287", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000b06", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7061", + "tcp.analysis.ack_rtt": "0.003390000", + "tcp.analysis.initial_rtt": "0.006672000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:59.597116000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495359.597116000", + "frame.time_delta": "0.001054000", + "frame.time_delta_displayed": "0.001054000", + "frame.time_relative": "1768.136430000", + "frame.number": "7064", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000717f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000470a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47621", + "tcp.dstport": "80", + "tcp.port": "47621", + "tcp.port": "80", + "tcp.stream": "287", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000071b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7062", + "tcp.analysis.ack_rtt": "0.004010000", + "tcp.analysis.initial_rtt": "0.006672000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:59.603159000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495359.603159000", + "frame.time_delta": "0.006043000", + "frame.time_delta_displayed": "0.006043000", + "frame.time_relative": "1768.142473000", + "frame.number": "7065", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007180", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004709", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47621", + "tcp.dstport": "80", + "tcp.port": "47621", + "tcp.port": "80", + "tcp.stream": "287", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000071a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:59.603666000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495359.603666000", + "frame.time_delta": "0.000507000", + "frame.time_delta_displayed": "0.000507000", + "frame.time_relative": "1768.142980000", + "frame.number": "7066", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000017c4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a0c5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47621", + "tcp.port": "80", + "tcp.port": "47621", + "tcp.stream": "287", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f9af", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7065", + "tcp.analysis.ack_rtt": "0.000507000", + "tcp.analysis.initial_rtt": "0.006672000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:15:59.607890000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495359.607890000", + "frame.time_delta": "0.004224000", + "frame.time_delta_displayed": "0.004224000", + "frame.time_relative": "1768.147204000", + "frame.number": "7067", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002539", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009350", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47621", + "tcp.dstport": "80", + "tcp.port": "47621", + "tcp.port": "80", + "tcp.stream": "287", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b7ad", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.514009000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.514009000", + "frame.time_delta": "0.906119000", + "frame.time_delta_displayed": "0.906119000", + "frame.time_relative": "1769.053323000", + "frame.number": "7068", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005822", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005f3f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "305", + "udp.checksum": "0x0000b5cb", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "294", + "http.prev_response_in": "7055" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.566747000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.566747000", + "frame.time_delta": "0.052738000", + "frame.time_delta_displayed": "0.052738000", + "frame.time_relative": "1769.106061000", + "frame.number": "7069", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005825", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005f33", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "314", + "udp.checksum": "0x0000c3b6", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "295", + "http.prev_response_in": "7068" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.614794000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.614794000", + "frame.time_delta": "0.048047000", + "frame.time_delta_displayed": "0.048047000", + "frame.time_relative": "1769.154108000", + "frame.number": "7070", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00000e93", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a9e2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47622", + "tcp.dstport": "80", + "tcp.port": "47622", + "tcp.port": "80", + "tcp.stream": "288", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00007bcf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:85:7c:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 951676, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "951676", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.615350000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.615350000", + "frame.time_delta": "0.000556000", + "frame.time_delta_displayed": "0.000556000", + "frame.time_relative": "1769.154664000", + "frame.number": "7071", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47622", + "tcp.port": "80", + "tcp.port": "47622", + "tcp.stream": "288", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00000c81", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7070", + "tcp.analysis.ack_rtt": "0.000556000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.619493000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.619493000", + "frame.time_delta": "0.004143000", + "frame.time_delta_displayed": "0.004143000", + "frame.time_relative": "1769.158807000", + "frame.number": "7072", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000582b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005f33", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "3942", + "udp.port": "1900", + "udp.port": "3942", + "udp.length": "308", + "udp.checksum": "0x0000e740", + "udp.checksum.status": "2", + "udp.stream": "39" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "296", + "http.prev_response_in": "7069" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.619672000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.619672000", + "frame.time_delta": "0.000179000", + "frame.time_delta_displayed": "0.000179000", + "frame.time_relative": "1769.158986000", + "frame.number": "7073", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000e94", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a9f5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47622", + "tcp.dstport": "80", + "tcp.port": "47622", + "tcp.port": "80", + "tcp.stream": "288", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000be08", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7071", + "tcp.analysis.ack_rtt": "0.004322000", + "tcp.analysis.initial_rtt": "0.004878000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.620166000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.620166000", + "frame.time_delta": "0.000494000", + "frame.time_delta_displayed": "0.000494000", + "frame.time_relative": "1769.159480000", + "frame.number": "7074", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00000e95", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a934", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47622", + "tcp.dstport": "80", + "tcp.port": "47622", + "tcp.port": "80", + "tcp.stream": "288", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001d83", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004878000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.620731000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.620731000", + "frame.time_delta": "0.000565000", + "frame.time_delta_displayed": "0.000565000", + "frame.time_relative": "1769.160045000", + "frame.number": "7075", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000ed90", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000caf8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47622", + "tcp.port": "80", + "tcp.port": "47622", + "tcp.stream": "288", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000afd7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7074", + "tcp.analysis.ack_rtt": "0.000565000", + "tcp.analysis.initial_rtt": "0.004878000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.621310000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.621310000", + "frame.time_delta": "0.000579000", + "frame.time_delta_displayed": "0.000579000", + "frame.time_relative": "1769.160624000", + "frame.number": "7076", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000ed91", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cae6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47622", + "tcp.port": "80", + "tcp.port": "47622", + "tcp.stream": "288", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000eff8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004878000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.621659000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.621659000", + "frame.time_delta": "0.000349000", + "frame.time_delta_displayed": "0.000349000", + "frame.time_relative": "1769.160973000", + "frame.number": "7077", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000ed92", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c713", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47622", + "tcp.port": "80", + "tcp.port": "47622", + "tcp.stream": "288", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004262", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004878000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7076", + "tcp.segment": "7077", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001493000", + "http.request_in": "7074", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.627905000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.627905000", + "frame.time_delta": "0.006246000", + "frame.time_delta_displayed": "0.006246000", + "frame.time_relative": "1769.167219000", + "frame.number": "7078", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000e96", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a9f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47622", + "tcp.dstport": "80", + "tcp.port": "47622", + "tcp.port": "80", + "tcp.stream": "288", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bd37", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7076", + "tcp.analysis.ack_rtt": "0.006595000", + "tcp.analysis.initial_rtt": "0.004878000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.628035000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.628035000", + "frame.time_delta": "0.000130000", + "frame.time_delta_displayed": "0.000130000", + "frame.time_relative": "1769.167349000", + "frame.number": "7079", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000e97", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a9f2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47622", + "tcp.dstport": "80", + "tcp.port": "47622", + "tcp.port": "80", + "tcp.stream": "288", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b94c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7077", + "tcp.analysis.ack_rtt": "0.006376000", + "tcp.analysis.initial_rtt": "0.004878000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.628518000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.628518000", + "frame.time_delta": "0.000483000", + "frame.time_delta_displayed": "0.000483000", + "frame.time_relative": "1769.167832000", + "frame.number": "7080", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000e98", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a9f1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47622", + "tcp.dstport": "80", + "tcp.port": "47622", + "tcp.port": "80", + "tcp.stream": "288", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b94b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.628981000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.628981000", + "frame.time_delta": "0.000463000", + "frame.time_delta_displayed": "0.000463000", + "frame.time_relative": "1769.168295000", + "frame.number": "7081", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000017f8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a091", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47622", + "tcp.port": "80", + "tcp.port": "47622", + "tcp.stream": "288", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000abe1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7080", + "tcp.analysis.ack_rtt": "0.000463000", + "tcp.analysis.initial_rtt": "0.004878000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.630579000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.630579000", + "frame.time_delta": "0.001598000", + "frame.time_delta_displayed": "0.001598000", + "frame.time_relative": "1769.169893000", + "frame.number": "7082", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00001926", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009f4f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47623", + "tcp.dstport": "80", + "tcp.port": "47623", + "tcp.port": "80", + "tcp.stream": "289", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000efcc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:85:7d:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 951677, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "951677", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.631086000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.631086000", + "frame.time_delta": "0.000507000", + "frame.time_delta_displayed": "0.000507000", + "frame.time_relative": "1769.170400000", + "frame.number": "7083", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47623", + "tcp.port": "80", + "tcp.port": "47623", + "tcp.stream": "289", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008031", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7082", + "tcp.analysis.ack_rtt": "0.000507000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.632937000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.632937000", + "frame.time_delta": "0.001851000", + "frame.time_delta_displayed": "0.001851000", + "frame.time_relative": "1769.172251000", + "frame.number": "7084", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000256d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000931c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47622", + "tcp.dstport": "80", + "tcp.port": "47622", + "tcp.port": "80", + "tcp.stream": "288", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006879", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.634598000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.634598000", + "frame.time_delta": "0.001661000", + "frame.time_delta_displayed": "0.001661000", + "frame.time_relative": "1769.173912000", + "frame.number": "7085", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001927", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009f62", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47623", + "tcp.dstport": "80", + "tcp.port": "47623", + "tcp.port": "80", + "tcp.stream": "289", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000031b9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7083", + "tcp.analysis.ack_rtt": "0.003512000", + "tcp.analysis.initial_rtt": "0.004019000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.634729000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.634729000", + "frame.time_delta": "0.000131000", + "frame.time_delta_displayed": "0.000131000", + "frame.time_relative": "1769.174043000", + "frame.number": "7086", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00001928", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009ea1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47623", + "tcp.dstport": "80", + "tcp.port": "47623", + "tcp.port": "80", + "tcp.stream": "289", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009133", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004019000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.635191000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.635191000", + "frame.time_delta": "0.000462000", + "frame.time_delta_displayed": "0.000462000", + "frame.time_relative": "1769.174505000", + "frame.number": "7087", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000155a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a32f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47623", + "tcp.port": "80", + "tcp.port": "47623", + "tcp.stream": "289", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002388", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7086", + "tcp.analysis.ack_rtt": "0.000462000", + "tcp.analysis.initial_rtt": "0.004019000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.635878000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.635878000", + "frame.time_delta": "0.000687000", + "frame.time_delta_displayed": "0.000687000", + "frame.time_relative": "1769.175192000", + "frame.number": "7088", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000155b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a31d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47623", + "tcp.port": "80", + "tcp.port": "47623", + "tcp.stream": "289", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000063a9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004019000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.636231000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.636231000", + "frame.time_delta": "0.000353000", + "frame.time_delta_displayed": "0.000353000", + "frame.time_relative": "1769.175545000", + "frame.number": "7089", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000155c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009f4a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47623", + "tcp.port": "80", + "tcp.port": "47623", + "tcp.stream": "289", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b612", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004019000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7088", + "tcp.segment": "7089", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001502000", + "http.request_in": "7086", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.638858000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.638858000", + "frame.time_delta": "0.002627000", + "frame.time_delta_displayed": "0.002627000", + "frame.time_relative": "1769.178172000", + "frame.number": "7090", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000155d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009f49", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47623", + "tcp.port": "80", + "tcp.port": "47623", + "tcp.stream": "289", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b612", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004019000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.642631000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.642631000", + "frame.time_delta": "0.003773000", + "frame.time_delta_displayed": "0.003773000", + "frame.time_relative": "1769.181945000", + "frame.number": "7091", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001929", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009f60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47623", + "tcp.dstport": "80", + "tcp.port": "47623", + "tcp.port": "80", + "tcp.stream": "289", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000030e8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7088", + "tcp.analysis.ack_rtt": "0.006753000", + "tcp.analysis.initial_rtt": "0.004019000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.642681000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.642681000", + "frame.time_delta": "0.000050000", + "frame.time_delta_displayed": "0.000050000", + "frame.time_relative": "1769.181995000", + "frame.number": "7092", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000192a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009f5f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47623", + "tcp.dstport": "80", + "tcp.port": "47623", + "tcp.port": "80", + "tcp.stream": "289", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002cfd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7089", + "tcp.analysis.ack_rtt": "0.006450000", + "tcp.analysis.initial_rtt": "0.004019000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.643515000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.643515000", + "frame.time_delta": "0.000834000", + "frame.time_delta_displayed": "0.000834000", + "frame.time_relative": "1769.182829000", + "frame.number": "7093", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000192b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009f5e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47623", + "tcp.dstport": "80", + "tcp.port": "47623", + "tcp.port": "80", + "tcp.stream": "289", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002cfc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.643942000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.643942000", + "frame.time_delta": "0.000427000", + "frame.time_delta_displayed": "0.000427000", + "frame.time_relative": "1769.183256000", + "frame.number": "7094", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000017f9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a090", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47623", + "tcp.port": "80", + "tcp.port": "47623", + "tcp.stream": "289", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001f92", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7093", + "tcp.analysis.ack_rtt": "0.000427000", + "tcp.analysis.initial_rtt": "0.004019000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.647683000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.647683000", + "frame.time_delta": "0.003741000", + "frame.time_delta_displayed": "0.003741000", + "frame.time_relative": "1769.186997000", + "frame.number": "7095", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000256e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000931b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47623", + "tcp.dstport": "80", + "tcp.port": "47623", + "tcp.port": "80", + "tcp.stream": "289", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000dc78", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:00.647809000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495360.647809000", + "frame.time_delta": "0.000126000", + "frame.time_delta_displayed": "0.000126000", + "frame.time_relative": "1769.187123000", + "frame.number": "7096", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000256f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000931a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47623", + "tcp.dstport": "80", + "tcp.port": "47623", + "tcp.port": "80", + "tcp.stream": "289", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000dc77", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:01.251856000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495361.251856000", + "frame.time_delta": "0.604047000", + "frame.time_delta_displayed": "0.604047000", + "frame.time_relative": "1769.791170000", + "frame.number": "7097", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000545c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000062ef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "305", + "udp.checksum": "0x000002ce", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:01.304667000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495361.304667000", + "frame.time_delta": "0.052811000", + "frame.time_delta_displayed": "0.052811000", + "frame.time_relative": "1769.843981000", + "frame.number": "7098", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005461", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000062e1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "314", + "udp.checksum": "0x000010b9", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "7097" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:01.357411000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495361.357411000", + "frame.time_delta": "0.052744000", + "frame.time_delta_displayed": "0.052744000", + "frame.time_relative": "1769.896725000", + "frame.number": "7099", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00005463", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000062e5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "308", + "udp.checksum": "0x00003443", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "7098" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:02.304218000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495362.304218000", + "frame.time_delta": "0.946807000", + "frame.time_delta_displayed": "0.946807000", + "frame.time_relative": "1770.843532000", + "frame.number": "7100", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000054c1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000628a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "305", + "udp.checksum": "0x000002ce", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "7099" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:02.356977000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495362.356977000", + "frame.time_delta": "0.052759000", + "frame.time_delta_displayed": "0.052759000", + "frame.time_relative": "1770.896291000", + "frame.number": "7101", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000054c6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000627c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "314", + "udp.checksum": "0x000010b9", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "7100" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:02.409771000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495362.409771000", + "frame.time_delta": "0.052794000", + "frame.time_delta_displayed": "0.052794000", + "frame.time_relative": "1770.949085000", + "frame.number": "7102", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000054c7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006281", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "308", + "udp.checksum": "0x00003443", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "7101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:02.669474000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495362.669474000", + "frame.time_delta": "0.259703000", + "frame.time_delta_displayed": "0.259703000", + "frame.time_relative": "1771.208788000", + "frame.number": "7103", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001faa", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b846", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000126e", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000287", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=647", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:02.669997000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495362.669997000", + "frame.time_delta": "0.000523000", + "frame.time_delta_displayed": "0.000523000", + "frame.time_relative": "1771.209311000", + "frame.number": "7104", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fab", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009941", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f369", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000287", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=647", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:02.670614000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495362.670614000", + "frame.time_delta": "0.000617000", + "frame.time_delta_displayed": "0.000617000", + "frame.time_relative": "1771.209928000", + "frame.number": "7105", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000812f", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000287", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=647", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:02.831071000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495362.831071000", + "frame.time_delta": "0.160457000", + "frame.time_delta_displayed": "0.160457000", + "frame.time_relative": "1771.370385000", + "frame.number": "7106", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000054d2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006279", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "305", + "udp.checksum": "0x000002ce", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "7102" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:02.883913000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495362.883913000", + "frame.time_delta": "0.052842000", + "frame.time_delta_displayed": "0.052842000", + "frame.time_relative": "1771.423227000", + "frame.number": "7107", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000054d3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000626f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "314", + "udp.checksum": "0x000010b9", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "7106" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:02.936651000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495362.936651000", + "frame.time_delta": "0.052738000", + "frame.time_delta_displayed": "0.052738000", + "frame.time_relative": "1771.475965000", + "frame.number": "7108", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000054d7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006271", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "308", + "udp.checksum": "0x00003443", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "7107" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:03.883038000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495363.883038000", + "frame.time_delta": "0.946387000", + "frame.time_delta_displayed": "0.946387000", + "frame.time_relative": "1772.422352000", + "frame.number": "7109", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005525", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006226", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "305", + "udp.checksum": "0x000002ce", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "7108" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:03.935892000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495363.935892000", + "frame.time_delta": "0.052854000", + "frame.time_delta_displayed": "0.052854000", + "frame.time_relative": "1772.475206000", + "frame.number": "7110", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005529", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006219", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "314", + "udp.checksum": "0x000010b9", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "7109" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:03.988612000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495363.988612000", + "frame.time_delta": "0.052720000", + "frame.time_delta_displayed": "0.052720000", + "frame.time_relative": "1772.527926000", + "frame.number": "7111", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000552d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000621b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "308", + "udp.checksum": "0x00003443", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "7110" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:04.009400000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495364.009400000", + "frame.time_delta": "0.020788000", + "frame.time_delta_displayed": "0.020788000", + "frame.time_relative": "1772.548714000", + "frame.number": "7112", + "frame.len": "94", + "frame.cap_len": "94", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "80", + "ip.id": "0x0000581f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a64a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "40", + "tcp.seq": "5078", + "tcp.nxtseq": "5118", + "tcp.ack": "613", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cc12", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "40", + "tcp.analysis.push_bytes_sent": "40" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "35", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:ec:c3:95:d8:10:d3:55:5f:21:9f:69:94:03:3e:ee:25:e2:2f:56:33:a3:9d:6f:75:ca:f7:60:e3" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:04.152730000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495364.152730000", + "frame.time_delta": "0.143330000", + "frame.time_delta_displayed": "0.143330000", + "frame.time_relative": "1772.692044000", + "frame.number": "7113", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00001005", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd68", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "36", + "tcp.seq": "613", + "tcp.nxtseq": "649", + "tcp.ack": "5118", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009cf2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7112", + "tcp.analysis.ack_rtt": "0.143330000", + "tcp.analysis.bytes_in_flight": "36", + "tcp.analysis.push_bytes_sent": "36" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "31", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:71:f4:ac:23:9a:b3:48:80:2b:1d:c0:32:4c:94:7b:86:73:bc:ea:74:19:67:39:7d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:04.153253000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495364.153253000", + "frame.time_delta": "0.000523000", + "frame.time_delta_displayed": "0.000523000", + "frame.time_relative": "1772.692567000", + "frame.number": "7114", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005820", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a671", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5118", + "tcp.ack": "649", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f039", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7113", + "tcp.analysis.ack_rtt": "0.000523000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:04.988576000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495364.988576000", + "frame.time_delta": "0.835323000", + "frame.time_delta_displayed": "0.835323000", + "frame.time_relative": "1773.527890000", + "frame.number": "7115", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005578", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000061d3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "305", + "udp.checksum": "0x000002ce", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "7111" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:05.041407000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495365.041407000", + "frame.time_delta": "0.052831000", + "frame.time_delta_displayed": "0.052831000", + "frame.time_relative": "1773.580721000", + "frame.number": "7116", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000557a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000061c8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "314", + "udp.checksum": "0x000010b9", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "7115" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:05.094213000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495365.094213000", + "frame.time_delta": "0.052806000", + "frame.time_delta_displayed": "0.052806000", + "frame.time_relative": "1773.633527000", + "frame.number": "7117", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000557f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000061c9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "308", + "udp.checksum": "0x00003443", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "7116" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:06.040927000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495366.040927000", + "frame.time_delta": "0.946714000", + "frame.time_delta_displayed": "0.946714000", + "frame.time_relative": "1774.580241000", + "frame.number": "7118", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000055d2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006179", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "305", + "udp.checksum": "0x000002ce", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "7117" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:06.093671000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495366.093671000", + "frame.time_delta": "0.052744000", + "frame.time_delta_displayed": "0.052744000", + "frame.time_relative": "1774.632985000", + "frame.number": "7119", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000055d7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000616b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "314", + "udp.checksum": "0x000010b9", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "7118" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:06.146404000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495366.146404000", + "frame.time_delta": "0.052733000", + "frame.time_delta_displayed": "0.052733000", + "frame.time_relative": "1774.685718000", + "frame.number": "7120", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000055db", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000616d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "308", + "udp.checksum": "0x00003443", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "7119" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:06.304264000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495366.304264000", + "frame.time_delta": "0.157860000", + "frame.time_delta_displayed": "0.157860000", + "frame.time_relative": "1774.843578000", + "frame.number": "7121", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000055e1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000616a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "305", + "udp.checksum": "0x000002ce", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "7120" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:06.357066000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495366.357066000", + "frame.time_delta": "0.052802000", + "frame.time_delta_displayed": "0.052802000", + "frame.time_relative": "1774.896380000", + "frame.number": "7122", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000055e5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000615d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "314", + "udp.checksum": "0x000010b9", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "7121" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:06.409778000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495366.409778000", + "frame.time_delta": "0.052712000", + "frame.time_delta_displayed": "0.052712000", + "frame.time_relative": "1774.949092000", + "frame.number": "7123", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000055e6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006162", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "308", + "udp.checksum": "0x00003443", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "7122" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:06.671758000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495366.671758000", + "frame.time_delta": "0.261980000", + "frame.time_delta_displayed": "0.261980000", + "frame.time_relative": "1775.211072000", + "frame.number": "7124", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005e52", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005997", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:07.356201000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495367.356201000", + "frame.time_delta": "0.684443000", + "frame.time_delta_displayed": "0.684443000", + "frame.time_relative": "1775.895515000", + "frame.number": "7125", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00005614", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006137", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "305", + "udp.checksum": "0x000002ce", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "7123" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:07.409002000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495367.409002000", + "frame.time_delta": "0.052801000", + "frame.time_delta_displayed": "0.052801000", + "frame.time_relative": "1775.948316000", + "frame.number": "7126", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00005615", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000612d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "314", + "udp.checksum": "0x000010b9", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "7125" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:07.461862000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495367.461862000", + "frame.time_delta": "0.052860000", + "frame.time_delta_displayed": "0.052860000", + "frame.time_relative": "1776.001176000", + "frame.number": "7127", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000561a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000612e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "49741", + "udp.port": "1900", + "udp.port": "49741", + "udp.length": "308", + "udp.checksum": "0x00003443", + "udp.checksum.status": "2", + "udp.stream": "136" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "7126" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:08.008772000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495368.008772000", + "frame.time_delta": "0.546910000", + "frame.time_delta_displayed": "0.546910000", + "frame.time_relative": "1776.548086000", + "frame.number": "7128", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:08.172515000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495368.172515000", + "frame.time_delta": "0.163743000", + "frame.time_delta_displayed": "0.163743000", + "frame.time_relative": "1776.711829000", + "frame.number": "7129", + "frame.len": "151", + "frame.cap_len": "151", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "137", + "ip.id": "0x00002d84", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037a6", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "85", + "tcp.seq": "17469", + "tcp.nxtseq": "17554", + "tcp.ack": "77911", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cd55", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c2:67:00:27:62:7b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812396135, TSecr 2581115": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812396135", + "tcp.options.timestamp.tsecr": "2581115" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "85", + "tcp.analysis.push_bytes_sent": "85" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "80", + "ssl.app_data": "34:cd:34:17:47:48:0e:c1:5b:f7:72:45:a1:13:bf:83:64:96:c2:ee:6d:cb:73:8f:07:ac:11:82:ff:73:48:08:20:25:2f:2a:9b:ca:83:b7:2a:26:58:fd:c1:ce:58:42:63:69:cd:5a:6e:40:c3:59:11:e0:3a:ab:0a:d4:15:15:16:b1:38:ac:0d:b5:31:26:39:0a:df:6e:6c:d5:15:2b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:08.172991000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495368.172991000", + "frame.time_delta": "0.000476000", + "frame.time_delta_displayed": "0.000476000", + "frame.time_relative": "1776.712305000", + "frame.number": "7130", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009691", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076ee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "77911", + "tcp.ack": "17554", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000094f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:66:f9:a7:a1:c2:67", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582265, TSecr 2812396135": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582265", + "tcp.options.timestamp.tsecr": "2812396135" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7129", + "tcp.analysis.ack_rtt": "0.000476000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:08.176602000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495368.176602000", + "frame.time_delta": "0.003611000", + "frame.time_delta_displayed": "0.003611000", + "frame.time_relative": "1776.715916000", + "frame.number": "7131", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00009692", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076be", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "77911", + "tcp.nxtseq": "77958", + "tcp.ack": "17554", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009978", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:66:fa:a7:a1:c2:67", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582266, TSecr 2812396135": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582266", + "tcp.options.timestamp.tsecr": "2812396135" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:29:09:21:63:9b:c7:b9:2d:75:b2:95:e4:57:5a:44:e9:1b:0a:7f:c2:2a:19:01:d2:49:82:05:27:64:c3:8d:e8:5e:33:c2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:08.190507000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495368.190507000", + "frame.time_delta": "0.013905000", + "frame.time_delta_displayed": "0.013905000", + "frame.time_relative": "1776.729821000", + "frame.number": "7132", + "frame.len": "162", + "frame.cap_len": "162", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "148", + "ip.id": "0x0000df03", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000eabf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "10023", + "udp.dstport": "1900", + "udp.port": "10023", + "udp.port": "1900", + "udp.length": "128", + "udp.checksum": "0x0000e91a", + "udp.checksum.status": "2", + "udp.stream": "88" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "MX: 4\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST:239.255.255.250:1900\r\n", + "http.request.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "5", + "http.prev_request_in": "3404" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:08.275813000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495368.275813000", + "frame.time_delta": "0.085306000", + "frame.time_delta_displayed": "0.085306000", + "frame.time_relative": "1776.815127000", + "frame.number": "7133", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d85", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037fa", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17554", + "tcp.ack": "77958", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000009f4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c2:81:00:27:66:fa", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812396161, TSecr 2582266": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812396161", + "tcp.options.timestamp.tsecr": "2582266" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7131", + "tcp.analysis.ack_rtt": "0.099211000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:08.276306000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495368.276306000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "1776.815620000", + "frame.number": "7134", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "160", + "ip.id": "0x00009693", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007680", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "108", + "tcp.seq": "77958", + "tcp.nxtseq": "78066", + "tcp.ack": "17554", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009e11", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:67:04:a7:a1:c2:81", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582276, TSecr 2812396161": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582276", + "tcp.options.timestamp.tsecr": "2812396161" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "108", + "tcp.analysis.push_bytes_sent": "108" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:2a:0d:1c:3f:d7:95:27:a4:c6:2e:ed:d7:72:f1:c6:54:35:2c:d5:ef:0a:82:49:8f:58:c5:e2:09:24:67:53:1c:d9:7c:02:27:11:be:9c:ca:73:e2" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:2b:f2:f8:00:5d:4f:6a:3e:ff:53:f9:92:a5:5e:88:ac:7f:b9:d9:94:78:8a:cf:89:68:00:1e:86:8c:c0:77:9c:cb:4b:07:f0:7a:7c:3b:ef:51:70" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:08.336393000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495368.336393000", + "frame.time_delta": "0.060087000", + "frame.time_delta_displayed": "0.060087000", + "frame.time_relative": "1776.875707000", + "frame.number": "7135", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d86", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037f9", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17554", + "tcp.ack": "78066", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000096f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c2:90:00:27:67:04", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812396176, TSecr 2582276": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812396176", + "tcp.options.timestamp.tsecr": "2582276" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7134", + "tcp.analysis.ack_rtt": "0.060087000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:08.336888000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495368.336888000", + "frame.time_delta": "0.000495000", + "frame.time_delta_displayed": "0.000495000", + "frame.time_relative": "1776.876202000", + "frame.number": "7136", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x00009694", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007653", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "78066", + "tcp.nxtseq": "78218", + "tcp.ack": "17554", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ce9f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:67:0a:a7:a1:c2:90", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582282, TSecr 2812396176": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582282", + "tcp.options.timestamp.tsecr": "2812396176" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:2c:56:d9:0c:8e:b9:2d:f5:77:32:49:31:91:3a:45:da:ba:34:25:1c:69:64:e9:ca:7f:08:e2:b6:f5:c9:3d:87:d7:49:b5:4a:37:c8:16:c2:b9:e4:9d:d7:96:ca:1f:6e:d2:a9:6a:c6:cf:df:03:c5:7e:96:a0:a5:a9:13:ca:0e:13:08:1e:a1:e1:dd:27:3f:ff:01:fe:26:e2:e4:e0:8e:11:a9:8f:54:a4:2c:ed:b1:30:57:48:97:62:90:51:d5:73:5f:70:98:ca:c5:5e:49:62:ea:fe:84:ef:6d:3a:82:a3:32:b2:30:9d:7c:1b:1e:b2:1c:e8:c7:72:90:cd:48:fc:b3:f7:df:a0:e2:a6:d0:27:d4:e1:a4" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:08.397379000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495368.397379000", + "frame.time_delta": "0.060491000", + "frame.time_delta_displayed": "0.060491000", + "frame.time_relative": "1776.936693000", + "frame.number": "7137", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d87", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037f8", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17554", + "tcp.ack": "78218", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000008c2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c2:9f:00:27:67:0a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812396191, TSecr 2582282": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812396191", + "tcp.options.timestamp.tsecr": "2582282" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7136", + "tcp.analysis.ack_rtt": "0.060491000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:08.397871000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495368.397871000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "1776.937185000", + "frame.number": "7138", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x00009695", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007649", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "78218", + "tcp.nxtseq": "78379", + "tcp.ack": "17554", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006a4d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:67:10:a7:a1:c2:9f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582288, TSecr 2812396191": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582288", + "tcp.options.timestamp.tsecr": "2812396191" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:2d:8c:01:28:1b:bd:1e:4f:19:ed:0c:4b:e3:7e:24:fa:18:a5:65:5b:28:4c:f5:24:76:27:02:25:38:c0:20:71:44:df:68:fa:f0:d9:22:c0:47:95:ad:bb:12:00:9e:7b:a0:6c:53:9b:f3:cc:56:bf:7d:24:8b:5b:4d:71:a7:3e:36:25:2a:29:4a:80:67:8e:14:48:e8:b9:76:84:00:7e:9b:40:72:99:d0:ed:ce:c8:48:0b:f1:6a:0a:16:2a:0b:72:57:3c:5c:39:d3:96:b5:5b:5d:71:d4:9f:7d:89:cb:ec:43:d5:c2:a8:99:49:36:fd:41:5d:6a:92:e8:d9:50:5e:b9:03:7d:2a:fb:cf:14:4f:cb:22:a2:48:cc:ef:7c:7c:5f:b3:f4:ba" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:08.458112000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495368.458112000", + "frame.time_delta": "0.060241000", + "frame.time_delta_displayed": "0.060241000", + "frame.time_relative": "1776.997426000", + "frame.number": "7139", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d88", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037f7", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17554", + "tcp.ack": "78379", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000080c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c2:ae:00:27:67:10", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812396206, TSecr 2582288": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812396206", + "tcp.options.timestamp.tsecr": "2582288" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7138", + "tcp.analysis.ack_rtt": "0.060241000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:08.458607000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495368.458607000", + "frame.time_delta": "0.000495000", + "frame.time_delta_displayed": "0.000495000", + "frame.time_relative": "1776.997921000", + "frame.number": "7140", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00009696", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000764e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "78379", + "tcp.nxtseq": "78534", + "tcp.ack": "17554", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e6fc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:67:16:a7:a1:c2:ae", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582294, TSecr 2812396206": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582294", + "tcp.options.timestamp.tsecr": "2812396206" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:2e:9f:a9:d1:96:09:69:1c:ad:2c:48:15:93:77:40:28:cd:6b:fa:da:4e:5b:5a:2a:6d:e1:35:5d:f4:07:95:d2:55:76:20:0e:5e:ef:9d:10:fe:73:11:cb:3f:c7:2e:ad:02:a8:5c:5a:fb:8a:9c:33:a2:96:a4:19:95:ec:ba:ae:46:dc:dc:9a:f9:e3:09:a9:b7:1b:0e:64:09:38:1e:b0:ba:04:a2:ea:12:28:22:22:7b:6c:4f:bc:d8:e6:34:8b:56:12:64:5c:57:3c:91:d6:9e:ef:af:e4:ff:b4:05:58:f3:75:de:0a:04:b0:13:d5:61:6c:02:ff:0d:b1:a1:f6:a0:36:c8:73:4a:d6:17:36:fe:23:19:fb:77:20:29" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:08.518672000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495368.518672000", + "frame.time_delta": "0.060065000", + "frame.time_delta_displayed": "0.060065000", + "frame.time_relative": "1777.057986000", + "frame.number": "7141", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d89", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037f6", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17554", + "tcp.ack": "78534", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000075b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c2:be:00:27:67:16", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812396222, TSecr 2582294": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812396222", + "tcp.options.timestamp.tsecr": "2582294" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7140", + "tcp.analysis.ack_rtt": "0.060065000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:09.375573000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495369.375573000", + "frame.time_delta": "0.856901000", + "frame.time_delta_displayed": "0.856901000", + "frame.time_relative": "1777.914887000", + "frame.number": "7142", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x00009697", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007650", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "78534", + "tcp.nxtseq": "78686", + "tcp.ack": "17554", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000038a9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:67:72:a7:a1:c2:be", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582386, TSecr 2812396222": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582386", + "tcp.options.timestamp.tsecr": "2812396222" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:2f:cc:5a:fa:2d:01:b0:49:fc:a5:a2:2a:50:9a:48:27:13:bf:48:05:85:04:02:be:6c:7a:0e:73:76:8e:1b:0e:30:3d:27:f2:ad:b2:54:73:45:55:6e:9e:b2:2a:88:56:94:29:98:f6:f3:04:36:b0:51:0f:89:92:57:d2:7d:4c:89:3f:dd:38:9e:f8:03:20:e3:08:2d:6b:b0:75:67:81:f2:04:85:ae:85:1c:3a:f2:8c:95:8e:eb:38:64:8a:c4:38:98:45:85:9d:e4:65:b9:e2:91:1c:0f:af:c0:c9:ad:91:f0:0a:f5:5e:76:45:92:e0:31:a7:e1:3e:70:b1:43:c9:cd:ae:77:f6:47:8b:31:60:1a:30:ce" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:09.435791000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495369.435791000", + "frame.time_delta": "0.060218000", + "frame.time_delta_displayed": "0.060218000", + "frame.time_relative": "1777.975105000", + "frame.number": "7143", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d8a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037f5", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17554", + "tcp.ack": "78686", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000582", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c3:a3:00:27:67:72", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812396451, TSecr 2582386": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812396451", + "tcp.options.timestamp.tsecr": "2582386" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7142", + "tcp.analysis.ack_rtt": "0.060218000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:09.436284000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495369.436284000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "1777.975598000", + "frame.number": "7144", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x00009698", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007646", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "78686", + "tcp.nxtseq": "78847", + "tcp.ack": "17554", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000397e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:67:78:a7:a1:c3:a3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582392, TSecr 2812396451": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582392", + "tcp.options.timestamp.tsecr": "2812396451" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:30:b4:e4:2c:66:4b:7a:17:17:31:be:43:f5:68:bd:20:11:a5:00:81:85:ab:85:72:c5:83:81:40:cd:c2:52:4f:10:10:64:8e:fa:b8:1f:5a:06:bc:6c:e4:5e:31:61:4e:e2:f4:94:d8:2a:d4:4c:03:f1:67:67:48:4d:ba:bb:aa:b0:cb:5d:b9:a7:53:b8:06:a9:d8:08:09:54:5c:37:60:fb:fd:13:c9:59:1a:1c:ee:f7:2f:5c:dc:65:8a:02:40:65:58:42:99:c8:74:53:8d:ed:62:e8:a0:a4:4f:6e:7b:67:b2:2d:54:44:f0:c2:87:20:5c:17:25:d3:bd:b1:fc:51:f6:86:4d:bf:30:39:60:22:d6:ca:7e:04:4a:fc:37:db:eb:79:22:3d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:09.496381000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495369.496381000", + "frame.time_delta": "0.060097000", + "frame.time_delta_displayed": "0.060097000", + "frame.time_relative": "1778.035695000", + "frame.number": "7145", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d8b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037f4", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17554", + "tcp.ack": "78847", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000004cc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c3:b2:00:27:67:78", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812396466, TSecr 2582392": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812396466", + "tcp.options.timestamp.tsecr": "2582392" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7144", + "tcp.analysis.ack_rtt": "0.060097000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:09.496884000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495369.496884000", + "frame.time_delta": "0.000503000", + "frame.time_delta_displayed": "0.000503000", + "frame.time_relative": "1778.036198000", + "frame.number": "7146", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00009699", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000764b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "78847", + "tcp.nxtseq": "79002", + "tcp.ack": "17554", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b101", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:67:7e:a7:a1:c3:b2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582398, TSecr 2812396466": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582398", + "tcp.options.timestamp.tsecr": "2812396466" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:31:95:0a:35:e0:25:fe:dc:78:68:d5:ff:c3:41:98:4c:7e:22:8d:b4:3c:0c:f7:48:ab:49:69:d3:46:c7:72:a6:b1:cf:92:51:33:85:42:c1:e0:86:26:98:94:ef:de:fc:19:d6:7c:14:da:16:4a:bb:9d:da:44:25:09:82:b1:50:3c:43:d7:f0:b2:94:6e:02:9f:4a:10:b4:a8:5f:53:6f:52:5d:6d:7c:7e:ed:d9:e4:0f:16:6d:e7:0a:6c:17:68:1e:45:79:55:57:76:3a:60:b3:db:1f:61:d0:65:69:86:90:91:51:3d:c6:91:c5:a7:32:7b:15:c3:ba:c2:af:29:d6:0e:a0:b9:fc:dc:66:1d:08:b4:ec:5d:aa:da:1e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:09.556943000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495369.556943000", + "frame.time_delta": "0.060059000", + "frame.time_delta_displayed": "0.060059000", + "frame.time_relative": "1778.096257000", + "frame.number": "7147", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d8c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037f3", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17554", + "tcp.ack": "79002", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000041c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c3:c1:00:27:67:7e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812396481, TSecr 2582398": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812396481", + "tcp.options.timestamp.tsecr": "2582398" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7146", + "tcp.analysis.ack_rtt": "0.060059000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:11.172852000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495371.172852000", + "frame.time_delta": "1.615909000", + "frame.time_delta_displayed": "1.615909000", + "frame.time_relative": "1779.712166000", + "frame.number": "7148", + "frame.len": "156", + "frame.cap_len": "156", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "142", + "ip.id": "0x00002d8d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003798", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "90", + "tcp.seq": "17554", + "tcp.nxtseq": "17644", + "tcp.ack": "79002", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c46b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c5:55:00:27:67:7e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812396885, TSecr 2582398": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812396885", + "tcp.options.timestamp.tsecr": "2582398" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "90", + "tcp.analysis.push_bytes_sent": "90" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "85", + "ssl.app_data": "34:cd:34:17:47:48:0e:c2:49:ed:9b:9b:c4:bc:57:1a:32:d2:f6:54:ac:ed:8f:40:1a:75:01:b5:f0:40:a7:f4:e2:d5:6a:02:02:21:df:f4:6a:35:cf:b5:e1:1f:31:ef:c1:c0:54:8e:8a:17:65:71:79:a3:3d:5d:e7:8a:01:1b:e2:d1:2b:37:c8:52:36:9f:d0:9d:2a:21:43:17:02:1a:69:4d:1c:2a:e9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:11.176929000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495371.176929000", + "frame.time_delta": "0.004077000", + "frame.time_delta_displayed": "0.004077000", + "frame.time_relative": "1779.716243000", + "frame.number": "7149", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x0000969a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076b6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "79002", + "tcp.nxtseq": "79049", + "tcp.ack": "17644", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000c63", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:68:26:a7:a1:c5:55", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582566, TSecr 2812396885": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582566", + "tcp.options.timestamp.tsecr": "2812396885" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7148", + "tcp.analysis.ack_rtt": "0.004077000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:32:1d:91:e8:84:0e:28:55:96:a0:f4:89:73:80:a3:fa:42:df:cc:50:18:5b:eb:cd:e0:cd:49:ba:02:f4:57:d0:43:27:05" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:11.190910000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495371.190910000", + "frame.time_delta": "0.013981000", + "frame.time_delta_displayed": "0.013981000", + "frame.time_relative": "1779.730224000", + "frame.number": "7150", + "frame.len": "167", + "frame.cap_len": "167", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "153", + "ip.id": "0x0000df1f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ea9e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "10024", + "udp.dstport": "1900", + "udp.port": "10024", + "udp.port": "1900", + "udp.length": "133", + "udp.checksum": "0x00009659", + "udp.checksum.status": "2", + "udp.stream": "89" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "MX: 4\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST:239.255.255.250:1900\r\n", + "http.request.line": "ST: urn:schemas-upnp-org:device:ZonePlayer:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "5", + "http.prev_request_in": "3431" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:11.237082000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495371.237082000", + "frame.time_delta": "0.046172000", + "frame.time_delta_displayed": "0.046172000", + "frame.time_relative": "1779.776396000", + "frame.number": "7151", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d8e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037f1", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17644", + "tcp.ack": "79049", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000147", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c5:65:00:27:68:26", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812396901, TSecr 2582566": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812396901", + "tcp.options.timestamp.tsecr": "2582566" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7149", + "tcp.analysis.ack_rtt": "0.060153000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:11.237566000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495371.237566000", + "frame.time_delta": "0.000484000", + "frame.time_delta_displayed": "0.000484000", + "frame.time_relative": "1779.776880000", + "frame.number": "7152", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "160", + "ip.id": "0x0000969b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007678", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "108", + "tcp.seq": "79049", + "tcp.nxtseq": "79157", + "tcp.ack": "17644", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001ff7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:68:2c:a7:a1:c5:65", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582572, TSecr 2812396901": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582572", + "tcp.options.timestamp.tsecr": "2812396901" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "108", + "tcp.analysis.push_bytes_sent": "108" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:33:4d:80:6c:57:07:66:75:40:3f:80:66:a4:8e:d7:33:26:e9:07:63:bd:8d:02:3e:db:f9:b6:01:b6:2f:70:cd:d2:94:90:4b:a1:73:62:22:7e:de" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:34:90:9b:c2:5a:05:ce:82:10:38:e3:4b:3a:56:bf:2c:f7:4a:24:d2:97:1f:53:a5:91:f1:67:f7:69:5a:41:1e:71:9d:1b:aa:e0:85:d9:79:bf:33" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:11.297629000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495371.297629000", + "frame.time_delta": "0.060063000", + "frame.time_delta_displayed": "0.060063000", + "frame.time_relative": "1779.836943000", + "frame.number": "7153", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d8f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037f0", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17644", + "tcp.ack": "79157", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000000c6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c5:74:00:27:68:2c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812396916, TSecr 2582572": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812396916", + "tcp.options.timestamp.tsecr": "2582572" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7152", + "tcp.analysis.ack_rtt": "0.060063000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:11.321689000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495371.321689000", + "frame.time_delta": "0.024060000", + "frame.time_delta_displayed": "0.024060000", + "frame.time_relative": "1779.861003000", + "frame.number": "7154", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x0000969c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000764b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "79157", + "tcp.nxtseq": "79309", + "tcp.ack": "17644", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000334f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:68:34:a7:a1:c5:74", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582580, TSecr 2812396916": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582580", + "tcp.options.timestamp.tsecr": "2812396916" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:35:3b:08:c8:4b:7c:7b:c3:bd:d5:71:bb:3f:6f:5d:82:39:eb:a0:b4:58:72:ca:32:b2:ef:63:ca:ff:1e:2a:1d:a5:a0:81:78:02:e7:96:95:f3:81:5a:2d:97:70:f4:ae:85:64:7b:0c:4a:62:8f:c0:82:89:9c:73:03:e0:c4:7a:13:e7:4f:1f:b9:a0:ec:26:23:ce:4d:d7:61:3c:99:6c:13:dc:a5:eb:ae:97:7a:40:de:07:38:7f:30:16:17:74:09:31:9d:34:73:48:72:40:a0:a3:03:3c:f1:a9:5b:0d:1e:bc:d8:69:9f:ee:80:ea:d0:88:74:aa:cc:de:8a:f2:4b:59:bd:4d:9c:b2:b8:0a:e7:62:cb:4e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:11.358681000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495371.358681000", + "frame.time_delta": "0.036992000", + "frame.time_delta_displayed": "0.036992000", + "frame.time_relative": "1779.897995000", + "frame.number": "7155", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.108" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:11.361494000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495371.361494000", + "frame.time_delta": "0.002813000", + "frame.time_delta_displayed": "0.002813000", + "frame.time_relative": "1779.900808000", + "frame.number": "7156", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "60:57:18:8e:aa:94", + "arp.src.proto_ipv4": "192.168.0.108", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:11.381878000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495371.381878000", + "frame.time_delta": "0.020384000", + "frame.time_delta_displayed": "0.020384000", + "frame.time_relative": "1779.921192000", + "frame.number": "7157", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d90", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037ef", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17644", + "tcp.ack": "79309", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000011", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c5:89:00:27:68:34", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812396937, TSecr 2582580": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812396937", + "tcp.options.timestamp.tsecr": "2582580" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7154", + "tcp.analysis.ack_rtt": "0.060189000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:11.382377000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495371.382377000", + "frame.time_delta": "0.000499000", + "frame.time_delta_displayed": "0.000499000", + "frame.time_relative": "1779.921691000", + "frame.number": "7158", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x0000969d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007641", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "79309", + "tcp.nxtseq": "79470", + "tcp.ack": "17644", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000065ff", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:68:3a:a7:a1:c5:89", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582586, TSecr 2812396937": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582586", + "tcp.options.timestamp.tsecr": "2812396937" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:36:ce:d5:b8:54:ab:c6:08:b9:4d:d5:48:33:5c:2a:d8:75:63:88:e2:ad:a5:16:68:5b:8d:b4:7c:e3:4d:70:c6:fa:48:a3:49:bb:b0:4f:2a:eb:51:df:36:da:c0:54:d7:89:d5:49:1e:e9:77:7a:8a:ae:83:b7:3f:0b:c3:bb:90:f8:ad:09:1d:84:09:8e:07:ef:02:f0:2d:e2:7b:7c:9d:4b:13:58:6a:76:17:d7:d3:90:37:36:cd:88:63:8b:5f:6b:93:71:6c:20:a5:1d:7b:d8:18:4b:aa:55:76:7f:b9:98:48:cd:1f:4a:88:95:4b:ac:43:89:17:da:ad:49:a9:30:f1:21:1e:f9:05:4a:78:e1:5e:a3:38:be:47:2d:80:60:bd:0f:3a:9e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:11.442471000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495371.442471000", + "frame.time_delta": "0.060094000", + "frame.time_delta_displayed": "0.060094000", + "frame.time_relative": "1779.981785000", + "frame.number": "7159", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d91", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037ee", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17644", + "tcp.ack": "79470", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ff59", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c5:99:00:27:68:3a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812396953, TSecr 2582586": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812396953", + "tcp.options.timestamp.tsecr": "2582586" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7158", + "tcp.analysis.ack_rtt": "0.060094000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:11.442964000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495371.442964000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "1779.982278000", + "frame.number": "7160", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x0000969e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007646", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "79470", + "tcp.nxtseq": "79625", + "tcp.ack": "17644", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005a0d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:68:40:a7:a1:c5:99", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582592, TSecr 2812396953": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582592", + "tcp.options.timestamp.tsecr": "2812396953" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:37:5e:76:ac:1f:b1:06:42:ab:7d:43:75:67:16:f2:bb:c0:47:3b:2a:3c:35:eb:ab:a4:ae:f9:da:64:f0:e0:e4:36:12:95:5f:b1:9f:aa:c9:d1:54:76:23:41:a4:74:65:21:33:14:bd:73:3a:ed:1a:ea:71:2f:e6:1c:46:4d:27:59:a6:ae:15:7b:24:d6:e8:c7:dc:0c:d6:f0:95:36:57:64:47:00:1c:44:91:4a:93:b8:15:d7:71:7b:44:88:33:c1:fa:59:19:ce:de:22:f9:f4:a8:f9:d8:13:8f:de:38:cd:ab:4d:e9:e7:5a:2f:ad:d2:80:d3:60:1e:a4:49:04:60:7e:ac:cf:20:5a:33:71:a3:9d:43:50:50:60:32" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:11.503202000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495371.503202000", + "frame.time_delta": "0.060238000", + "frame.time_delta_displayed": "0.060238000", + "frame.time_relative": "1780.042516000", + "frame.number": "7161", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d92", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037ed", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17644", + "tcp.ack": "79625", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fea9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c5:a8:00:27:68:40", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812396968, TSecr 2582592": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812396968", + "tcp.options.timestamp.tsecr": "2582592" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7160", + "tcp.analysis.ack_rtt": "0.060238000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:12.371964000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495372.371964000", + "frame.time_delta": "0.868762000", + "frame.time_delta_displayed": "0.868762000", + "frame.time_relative": "1780.911278000", + "frame.number": "7162", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x0000969f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007648", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "79625", + "tcp.nxtseq": "79777", + "tcp.ack": "17644", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c28c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:68:9d:a7:a1:c5:a8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582685, TSecr 2812396968": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582685", + "tcp.options.timestamp.tsecr": "2812396968" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:38:b6:e1:ad:54:33:5d:bb:05:24:12:12:ae:59:65:d6:cb:ad:d8:13:b8:22:5f:28:00:30:62:59:3c:75:71:79:78:23:f8:77:f8:73:be:1b:95:d4:01:31:bb:78:3a:08:03:6d:89:a2:9c:9e:e8:a8:b8:c4:29:e0:90:87:d8:4f:ef:3a:31:54:a9:ec:b7:fa:a3:69:37:79:3b:f1:ca:02:48:c6:6d:c2:5a:75:f9:ea:b5:72:5e:8e:2b:7c:ba:b2:75:70:b2:7f:4c:b7:bd:8c:5a:de:d3:c1:41:75:0b:31:a8:91:7b:ea:db:f0:73:fe:30:96:72:e8:f5:04:56:11:1c:69:9e:c3:30:9a:50:db:34:fa:11:cf" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:12.432061000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495372.432061000", + "frame.time_delta": "0.060097000", + "frame.time_delta_displayed": "0.060097000", + "frame.time_relative": "1780.971375000", + "frame.number": "7163", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d93", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037ec", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17644", + "tcp.ack": "79777", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fccc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c6:90:00:27:68:9d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812397200, TSecr 2582685": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812397200", + "tcp.options.timestamp.tsecr": "2582685" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7162", + "tcp.analysis.ack_rtt": "0.060097000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:12.432554000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495372.432554000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "1780.971868000", + "frame.number": "7164", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000096a0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000763e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "79777", + "tcp.nxtseq": "79938", + "tcp.ack": "17644", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000009cb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:68:a3:a7:a1:c6:90", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582691, TSecr 2812397200": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582691", + "tcp.options.timestamp.tsecr": "2812397200" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:39:33:da:d0:70:1a:d7:4b:ee:9d:e8:56:71:15:cb:83:e1:c0:03:e6:f9:63:e8:dc:6d:a6:22:2d:a0:1d:5d:75:fe:b2:85:5d:e9:7d:8f:12:dd:29:a2:1d:8b:53:ba:b1:f6:66:20:c0:68:0c:1f:ec:91:28:78:e5:58:99:f5:b7:de:63:1d:61:9b:44:f2:2c:16:c7:ea:76:bf:00:d8:b1:8a:59:61:8b:30:40:68:18:d7:8a:e1:86:26:c3:4d:33:08:27:a0:ee:58:da:c9:a9:d2:c2:37:01:2a:ee:26:56:2d:2d:13:06:5f:03:e6:e5:7d:3f:07:e2:70:d3:84:e3:4e:07:15:44:ef:65:e9:67:9f:0e:21:30:1b:79:c4:6e:77:83:17:c7:9b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:12.492686000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495372.492686000", + "frame.time_delta": "0.060132000", + "frame.time_delta_displayed": "0.060132000", + "frame.time_relative": "1781.032000000", + "frame.number": "7165", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d94", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037eb", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17644", + "tcp.ack": "79938", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fc16", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c6:9f:00:27:68:a3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812397215, TSecr 2582691": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812397215", + "tcp.options.timestamp.tsecr": "2582691" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7164", + "tcp.analysis.ack_rtt": "0.060132000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:12.493164000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495372.493164000", + "frame.time_delta": "0.000478000", + "frame.time_delta_displayed": "0.000478000", + "frame.time_relative": "1781.032478000", + "frame.number": "7166", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000096a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007643", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "79938", + "tcp.nxtseq": "80093", + "tcp.ack": "17644", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005bde", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:68:a9:a7:a1:c6:9f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582697, TSecr 2812397215": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582697", + "tcp.options.timestamp.tsecr": "2812397215" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:3a:02:3c:ff:72:de:7c:4d:28:a2:bb:69:93:e2:83:04:03:4e:ba:be:84:ab:26:58:68:da:8d:ee:43:69:ed:ec:50:3d:82:8b:64:3d:7d:05:f2:0c:11:64:36:f1:73:9d:90:24:71:13:93:07:cb:c5:7c:3b:bc:cb:f9:f9:64:7b:2b:5c:1e:6a:e7:d6:50:a0:d5:82:83:6a:1f:f5:ae:7c:76:dc:38:f1:cb:59:2c:03:e3:20:60:8c:21:22:44:6b:9b:5d:fd:5b:bb:50:1d:e7:ae:71:f1:f8:72:72:af:2a:eb:1d:5c:e0:40:b4:4c:81:c9:b9:92:27:6f:d2:51:cc:09:09:f6:4a:b9:cb:70:63:7a:09:be:9f:02:c6:61" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:12.553236000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495372.553236000", + "frame.time_delta": "0.060072000", + "frame.time_delta_displayed": "0.060072000", + "frame.time_relative": "1781.092550000", + "frame.number": "7167", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d95", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037ea", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17644", + "tcp.ack": "80093", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fb66", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c6:ae:00:27:68:a9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812397230, TSecr 2582697": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812397230", + "tcp.options.timestamp.tsecr": "2582697" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7166", + "tcp.analysis.ack_rtt": "0.060072000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:13.212974000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495373.212974000", + "frame.time_delta": "0.659738000", + "frame.time_delta_displayed": "0.659738000", + "frame.time_relative": "1781.752288000", + "frame.number": "7168", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000096a2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076a7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "80093", + "tcp.nxtseq": "80147", + "tcp.ack": "17644", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009741", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:68:f1:a7:a1:c6:ae", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582769, TSecr 2812397230": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582769", + "tcp.options.timestamp.tsecr": "2812397230" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:3b:ad:4b:2c:7c:37:f9:12:f4:be:1f:58:63:bc:c1:ad:26:e7:7f:e6:8d:d7:95:87:50:ef:8b:ea:39:e9:dd:2b:14:c6:45:16:14:c9:f5:ef:03:39" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:13.327661000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495373.327661000", + "frame.time_delta": "0.114687000", + "frame.time_delta_displayed": "0.114687000", + "frame.time_relative": "1781.866975000", + "frame.number": "7169", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d96", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037e9", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17644", + "tcp.ack": "80147", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fa34", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c7:62:00:27:68:f1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812397410, TSecr 2582769": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812397410", + "tcp.options.timestamp.tsecr": "2582769" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7168", + "tcp.analysis.ack_rtt": "0.114687000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:13.520890000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495373.520890000", + "frame.time_delta": "0.193229000", + "frame.time_delta_displayed": "0.193229000", + "frame.time_relative": "1782.060204000", + "frame.number": "7170", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:13.521322000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495373.521322000", + "frame.time_delta": "0.000432000", + "frame.time_delta_displayed": "0.000432000", + "frame.time_relative": "1782.060636000", + "frame.number": "7171", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:14.172610000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495374.172610000", + "frame.time_delta": "0.651288000", + "frame.time_delta_displayed": "0.651288000", + "frame.time_relative": "1782.711924000", + "frame.number": "7172", + "frame.len": "162", + "frame.cap_len": "162", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "148", + "ip.id": "0x00002d97", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003788", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "96", + "tcp.seq": "17644", + "tcp.nxtseq": "17740", + "tcp.ack": "80147", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000046ce", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c8:43:00:27:68:f1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812397635, TSecr 2582769": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812397635", + "tcp.options.timestamp.tsecr": "2582769" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "96", + "tcp.analysis.push_bytes_sent": "96" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "91", + "ssl.app_data": "34:cd:34:17:47:48:0e:c3:4b:47:cd:5d:3d:f6:4b:4f:4d:f0:09:79:9d:cc:4e:29:d0:ad:f0:ee:26:da:42:91:4f:fe:18:a9:23:33:9d:0d:1f:82:74:e1:80:5e:22:b8:92:7d:64:e6:a2:59:66:77:13:d5:50:6c:72:1b:ed:24:3c:c3:e1:da:6a:9f:b7:eb:d6:f8:c7:4b:95:d1:2a:3a:18:a7:44:3e:ed:e5:76:91:64:0b:62" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:14.176681000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495374.176681000", + "frame.time_delta": "0.004071000", + "frame.time_delta_displayed": "0.004071000", + "frame.time_relative": "1782.715995000", + "frame.number": "7173", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x000096a3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076ad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "80147", + "tcp.nxtseq": "80194", + "tcp.ack": "17740", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000084ae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:69:52:a7:a1:c8:43", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582866, TSecr 2812397635": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582866", + "tcp.options.timestamp.tsecr": "2812397635" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7172", + "tcp.analysis.ack_rtt": "0.004071000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:3c:69:45:1a:cc:4e:c3:b1:6b:fb:1a:7a:9d:9f:05:39:2e:d0:ea:a6:af:78:dd:88:b9:3d:22:af:b6:43:6d:55:1e:cc:73" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:14.191366000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495374.191366000", + "frame.time_delta": "0.014685000", + "frame.time_delta_displayed": "0.014685000", + "frame.time_relative": "1782.730680000", + "frame.number": "7174", + "frame.len": "173", + "frame.cap_len": "173", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "159", + "ip.id": "0x0000e048", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e96f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "10023", + "udp.dstport": "1900", + "udp.port": "10023", + "udp.port": "1900", + "udp.length": "139", + "udp.checksum": "0x000082c4", + "udp.checksum.status": "2", + "udp.stream": "88" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "MX: 4\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST:239.255.255.250:1900\r\n", + "http.request.line": "ST: urn:samsung.com:device:RemoteControlReceiver:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "6", + "http.prev_request_in": "7132" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:14.236849000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495374.236849000", + "frame.time_delta": "0.045483000", + "frame.time_delta_displayed": "0.045483000", + "frame.time_relative": "1782.776163000", + "frame.number": "7175", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d98", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037e7", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17740", + "tcp.ack": "80194", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f853", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c8:53:00:27:69:52", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812397651, TSecr 2582866": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812397651", + "tcp.options.timestamp.tsecr": "2582866" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7173", + "tcp.analysis.ack_rtt": "0.060168000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:14.237326000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495374.237326000", + "frame.time_delta": "0.000477000", + "frame.time_delta_displayed": "0.000477000", + "frame.time_relative": "1782.776640000", + "frame.number": "7176", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "160", + "ip.id": "0x000096a4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000766f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "108", + "tcp.seq": "80194", + "tcp.nxtseq": "80302", + "tcp.ack": "17740", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000009f7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:69:58:a7:a1:c8:53", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582872, TSecr 2812397651": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582872", + "tcp.options.timestamp.tsecr": "2812397651" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "108", + "tcp.analysis.push_bytes_sent": "108" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:3d:a3:ff:fb:b0:54:7f:bb:8b:d8:5f:f2:fd:0c:a0:7b:54:e7:ff:8b:a1:b2:e9:ba:e5:b9:25:7c:12:9b:cc:e1:ef:c8:f7:3f:95:b9:cd:be:de:30" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:3e:04:c2:ea:fc:03:10:3e:2e:b0:3d:3d:b9:35:77:a6:b8:60:b3:a3:e5:88:09:8e:7e:15:2b:fd:89:27:2c:25:41:49:aa:9f:a5:63:bc:24:42:82" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:14.297622000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495374.297622000", + "frame.time_delta": "0.060296000", + "frame.time_delta_displayed": "0.060296000", + "frame.time_relative": "1782.836936000", + "frame.number": "7177", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d99", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037e6", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17740", + "tcp.ack": "80302", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f7d2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c8:62:00:27:69:58", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812397666, TSecr 2582872": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812397666", + "tcp.options.timestamp.tsecr": "2582872" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7176", + "tcp.analysis.ack_rtt": "0.060296000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:14.316675000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495374.316675000", + "frame.time_delta": "0.019053000", + "frame.time_delta_displayed": "0.019053000", + "frame.time_relative": "1782.855989000", + "frame.number": "7178", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000096a5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007642", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "80302", + "tcp.nxtseq": "80454", + "tcp.ack": "17740", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006d94", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:69:60:a7:a1:c8:62", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582880, TSecr 2812397666": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582880", + "tcp.options.timestamp.tsecr": "2812397666" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:3f:9a:95:c9:5c:f6:73:1c:16:eb:58:f8:1a:64:45:0b:60:04:f4:68:39:6e:4d:41:8d:61:be:d3:2f:9f:27:d1:15:36:17:8c:a6:4c:54:9c:d9:02:ee:2b:4e:d4:76:ad:82:43:ab:6a:44:9a:ae:aa:ed:70:10:01:c9:a1:72:9f:ba:1c:84:49:8b:a5:6f:4d:57:43:99:a0:2c:33:da:58:58:12:1d:d6:93:e7:26:84:bc:e4:e9:88:bf:c0:da:9a:fd:e7:d7:ee:4e:3a:2d:0c:b9:b4:a8:ae:ce:7a:5b:90:62:0b:88:0a:d0:0e:0c:47:20:b4:99:7d:f8:6c:9c:4d:f6:82:60:4a:52:33:99:7d:ff:35:46:79" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:14.376858000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495374.376858000", + "frame.time_delta": "0.060183000", + "frame.time_delta_displayed": "0.060183000", + "frame.time_relative": "1782.916172000", + "frame.number": "7179", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d9a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037e5", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17740", + "tcp.ack": "80454", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f71e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c8:76:00:27:69:60", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812397686, TSecr 2582880": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812397686", + "tcp.options.timestamp.tsecr": "2582880" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7178", + "tcp.analysis.ack_rtt": "0.060183000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:14.377334000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495374.377334000", + "frame.time_delta": "0.000476000", + "frame.time_delta_displayed": "0.000476000", + "frame.time_relative": "1782.916648000", + "frame.number": "7180", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000096a6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007638", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "80454", + "tcp.nxtseq": "80615", + "tcp.ack": "17740", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007c3f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:69:66:a7:a1:c8:76", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582886, TSecr 2812397686": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582886", + "tcp.options.timestamp.tsecr": "2812397686" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:40:ee:10:7d:45:d8:63:7f:d1:4b:d1:7d:9f:86:9a:c0:3b:22:59:ff:e0:d7:0f:28:65:fb:79:5b:79:21:b5:ac:54:f4:5a:ea:bb:db:d6:0c:ce:72:6e:13:a3:15:2d:42:ed:dd:f6:ec:f4:fd:97:65:25:0d:69:74:06:97:36:be:79:7d:16:5c:a0:ed:d5:52:2b:b3:15:21:dd:b7:6f:0d:bc:d3:da:63:98:3f:15:7b:b3:4c:a0:50:98:75:16:83:c0:1a:bf:cd:e2:5d:5d:18:57:e2:cf:e4:8d:21:bd:29:7b:f1:90:5e:8f:0b:e2:32:38:d4:17:ca:57:d9:fe:b9:c3:0b:9c:94:12:b5:b1:88:7b:b2:c4:4e:cb:7e:32:cd:d2:91:59:30:51" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:14.437438000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495374.437438000", + "frame.time_delta": "0.060104000", + "frame.time_delta_displayed": "0.060104000", + "frame.time_relative": "1782.976752000", + "frame.number": "7181", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d9b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037e4", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17740", + "tcp.ack": "80615", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f668", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c8:85:00:27:69:66", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812397701, TSecr 2582886": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812397701", + "tcp.options.timestamp.tsecr": "2582886" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7180", + "tcp.analysis.ack_rtt": "0.060104000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:14.437920000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495374.437920000", + "frame.time_delta": "0.000482000", + "frame.time_delta_displayed": "0.000482000", + "frame.time_relative": "1782.977234000", + "frame.number": "7182", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000096a7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000763d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "80615", + "tcp.nxtseq": "80770", + "tcp.ack": "17740", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000013f4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:69:6c:a7:a1:c8:85", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582892, TSecr 2812397701": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582892", + "tcp.options.timestamp.tsecr": "2812397701" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:41:c4:55:0b:51:34:91:78:5d:f5:19:91:1a:76:08:b4:d9:f4:4a:71:8e:56:fa:fa:f0:c8:cf:10:f0:6f:1f:df:39:7b:ea:6c:b5:3c:08:2a:59:21:83:93:0b:30:19:71:a4:78:3e:86:94:1f:36:85:97:ca:1d:26:15:26:59:c0:97:b4:d7:3a:9c:e2:6c:ba:b3:5c:9b:71:ef:10:f3:7b:39:6d:76:fb:77:d3:28:16:e4:0c:57:95:53:c1:e4:af:15:bc:9c:71:b8:39:cf:42:51:bf:7c:2d:36:4a:4f:ae:45:6c:8e:6e:d4:95:36:52:71:da:05:22:d6:34:a0:7c:dd:f3:84:7d:cc:cc:e1:42:9f:93:bd:47:48:e3:b0" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:14.494037000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495374.494037000", + "frame.time_delta": "0.056117000", + "frame.time_delta_displayed": "0.056117000", + "frame.time_relative": "1783.033351000", + "frame.number": "7183", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "50:c7:bf:59:d5:84", + "eth.src_tree": { + "eth.src_resolved": "Tp-LinkT_59:d5:84", + "eth.addr": "50:c7:bf:59:d5:84", + "eth.addr_resolved": "Tp-LinkT_59:d5:84", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "50:c7:bf:59:d5:84", + "arp.src.proto_ipv4": "192.168.0.221", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:14.498062000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495374.498062000", + "frame.time_delta": "0.004025000", + "frame.time_delta_displayed": "0.004025000", + "frame.time_relative": "1783.037376000", + "frame.number": "7184", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d9c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037e3", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17740", + "tcp.ack": "80770", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f5b8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c8:94:00:27:69:6c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812397716, TSecr 2582892": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812397716", + "tcp.options.timestamp.tsecr": "2582892" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7182", + "tcp.analysis.ack_rtt": "0.060142000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:15.162939000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495375.162939000", + "frame.time_delta": "0.664877000", + "frame.time_delta_displayed": "0.664877000", + "frame.time_relative": "1783.702253000", + "frame.number": "7185", + "frame.len": "103", + "frame.cap_len": "103", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "89", + "ip.id": "0x000059c5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007fd4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "69", + "udp.checksum": "0x00000f59", + "udp.checksum.status": "2", + "udp.stream": "38" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", + "dns.qry.name.len": "37", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:15.408887000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495375.408887000", + "frame.time_delta": "0.245948000", + "frame.time_delta_displayed": "0.245948000", + "frame.time_relative": "1783.948201000", + "frame.number": "7186", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000096a8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000763f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "80770", + "tcp.nxtseq": "80922", + "tcp.ack": "17740", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e503", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:69:ca:a7:a1:c8:94", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582986, TSecr 2812397716": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582986", + "tcp.options.timestamp.tsecr": "2812397716" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:42:24:64:93:df:06:96:fc:61:f1:81:1d:96:80:be:09:be:46:cc:46:6e:d2:6e:9a:9b:ef:60:e0:94:05:eb:d6:90:6f:6a:55:00:10:36:5d:57:11:c2:70:7b:fb:28:4d:8d:4d:20:f8:73:9e:82:4a:0d:f1:93:ce:88:34:e2:2a:e2:bc:30:19:b6:71:7c:b0:36:9d:fd:d6:f6:56:d3:35:cb:b8:71:dc:5b:b5:c8:c2:8a:29:59:72:de:da:18:68:a3:23:bb:a3:fc:c0:98:1d:33:d1:7f:ff:fb:ef:df:d5:d6:7a:6a:98:a5:2a:06:9d:f3:5b:7a:a6:bf:66:04:8a:de:56:fe:d0:af:ed:46:2f:e7:2f:ef:fb" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:15.469047000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495375.469047000", + "frame.time_delta": "0.060160000", + "frame.time_delta_displayed": "0.060160000", + "frame.time_relative": "1784.008361000", + "frame.number": "7187", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d9d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037e2", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17740", + "tcp.ack": "80922", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f3cf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c9:87:00:27:69:ca", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812397959, TSecr 2582986": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812397959", + "tcp.options.timestamp.tsecr": "2582986" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7186", + "tcp.analysis.ack_rtt": "0.060160000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:15.469551000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495375.469551000", + "frame.time_delta": "0.000504000", + "frame.time_delta_displayed": "0.000504000", + "frame.time_relative": "1784.008865000", + "frame.number": "7188", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000096a9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007635", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "80922", + "tcp.nxtseq": "81083", + "tcp.ack": "17740", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007468", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:69:d3:a7:a1:c9:87", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2582995, TSecr 2812397959": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2582995", + "tcp.options.timestamp.tsecr": "2812397959" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:43:7a:33:c0:9a:13:b1:f2:8c:24:72:a5:96:c6:6b:7a:f8:2a:5f:87:c3:d0:85:bd:83:ca:3a:9e:1c:4a:f5:bf:ec:5f:60:c7:bc:13:65:d8:01:47:32:dd:db:a0:4e:d6:1e:45:5f:76:3e:11:4c:05:de:59:50:85:37:75:67:45:a1:97:0c:90:21:77:8e:2a:54:11:ef:b6:eb:7c:b2:8a:bc:0e:8c:ed:71:67:a0:88:98:78:97:c4:1b:bd:a4:36:20:49:f1:d2:0f:84:5b:33:0f:5b:92:07:61:a4:68:1a:91:7f:39:45:8c:9b:f8:1c:d2:98:ac:be:b9:31:3b:6e:3d:01:9b:61:94:97:d8:3e:20:cd:e3:5d:3c:35:c9:27:59:be:47:eb:0c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:15.529805000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495375.529805000", + "frame.time_delta": "0.060254000", + "frame.time_delta_displayed": "0.060254000", + "frame.time_relative": "1784.069119000", + "frame.number": "7189", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d9e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037e1", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17740", + "tcp.ack": "81083", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f316", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c9:96:00:27:69:d3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812397974, TSecr 2582995": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812397974", + "tcp.options.timestamp.tsecr": "2582995" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7188", + "tcp.analysis.ack_rtt": "0.060254000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:15.530298000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495375.530298000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "1784.069612000", + "frame.number": "7190", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000096aa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000763a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "81083", + "tcp.nxtseq": "81238", + "tcp.ack": "17740", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000caf4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:69:d9:a7:a1:c9:96", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583001, TSecr 2812397974": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583001", + "tcp.options.timestamp.tsecr": "2812397974" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:44:9f:80:e0:e8:a2:d7:7a:44:b1:4b:ed:1e:9f:3e:88:e6:99:86:2a:06:03:28:bb:ff:9d:2e:39:f8:46:4a:a8:ef:08:96:ff:09:31:ce:b2:9e:f5:9f:2a:76:fd:18:e9:97:fc:b1:72:06:ee:2b:bf:19:6e:92:a2:15:29:8f:4c:2c:9c:a3:cd:e3:c2:21:7a:67:49:8f:3d:12:80:b8:db:13:a7:c5:8d:73:17:64:cd:2e:a2:74:3e:bf:eb:a1:11:f3:a3:e4:d8:1b:ce:7c:3b:79:82:fd:05:74:5d:ed:63:e2:35:c7:dd:28:05:18:2c:47:41:f0:c4:03:6a:2d:7b:52:05:5a:60:52:d1:d7:fd:98:24:52:15:1f:35:79" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:15.590545000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495375.590545000", + "frame.time_delta": "0.060247000", + "frame.time_delta_displayed": "0.060247000", + "frame.time_relative": "1784.129859000", + "frame.number": "7191", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002d9f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037e0", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17740", + "tcp.ack": "81238", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f265", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:c9:a6:00:27:69:d9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812397990, TSecr 2583001": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812397990", + "tcp.options.timestamp.tsecr": "2583001" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7190", + "tcp.analysis.ack_rtt": "0.060247000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:16.208189000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495376.208189000", + "frame.time_delta": "0.617644000", + "frame.time_delta_displayed": "0.617644000", + "frame.time_relative": "1784.747503000", + "frame.number": "7192", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000096ab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000769e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "81238", + "tcp.nxtseq": "81292", + "tcp.ack": "17740", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004dc0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6a:1d:a7:a1:c9:a6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583069, TSecr 2812397990": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583069", + "tcp.options.timestamp.tsecr": "2812397990" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:45:5a:17:87:0d:02:4c:79:bb:7c:82:9c:93:ff:31:b5:95:62:35:ee:2c:e6:fd:26:7a:e5:47:58:3f:9f:9d:da:0b:df:bb:9f:8c:ba:dc:1a:1c:7f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:16.268314000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495376.268314000", + "frame.time_delta": "0.060125000", + "frame.time_delta_displayed": "0.060125000", + "frame.time_relative": "1784.807628000", + "frame.number": "7193", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002da0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037df", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17740", + "tcp.ack": "81292", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f142", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:ca:4f:00:27:6a:1d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812398159, TSecr 2583069": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812398159", + "tcp.options.timestamp.tsecr": "2583069" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7192", + "tcp.analysis.ack_rtt": "0.060125000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:17.173105000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495377.173105000", + "frame.time_delta": "0.904791000", + "frame.time_delta_displayed": "0.904791000", + "frame.time_relative": "1785.712419000", + "frame.number": "7194", + "frame.len": "159", + "frame.cap_len": "159", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "145", + "ip.id": "0x00002da1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003781", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "93", + "tcp.seq": "17740", + "tcp.nxtseq": "17833", + "tcp.ack": "81292", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d907", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:cb:31:00:27:6a:1d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812398385, TSecr 2583069": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812398385", + "tcp.options.timestamp.tsecr": "2583069" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "93", + "tcp.analysis.push_bytes_sent": "93" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "88", + "ssl.app_data": "34:cd:34:17:47:48:0e:c4:3d:23:7f:a5:20:57:74:be:52:13:a8:fe:ce:f5:f9:89:88:2d:8f:97:50:e2:12:a3:fc:26:26:e9:96:76:f9:77:24:1f:9d:8d:64:86:60:13:cb:c1:62:fd:4b:aa:0d:3a:e8:34:1f:51:d6:97:ae:69:45:21:4b:69:d1:14:a2:97:97:b6:57:86:16:bd:51:8b:65:49:f5:e5:56:59:46:44" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:17.175475000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495377.175475000", + "frame.time_delta": "0.002370000", + "frame.time_delta_displayed": "0.002370000", + "frame.time_relative": "1785.714789000", + "frame.number": "7195", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x000096ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076a4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "81292", + "tcp.nxtseq": "81339", + "tcp.ack": "17833", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000138f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6a:7e:a7:a1:cb:31", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583166, TSecr 2812398385": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583166", + "tcp.options.timestamp.tsecr": "2812398385" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7194", + "tcp.analysis.ack_rtt": "0.002370000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:46:c1:8f:8a:e2:2a:ad:87:b4:a7:33:37:33:44:de:b4:bc:bd:13:8c:b8:f8:e8:e3:94:57:30:99:5b:03:07:f3:4e:e8:92" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:17.189834000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495377.189834000", + "frame.time_delta": "0.014359000", + "frame.time_delta_displayed": "0.014359000", + "frame.time_relative": "1785.729148000", + "frame.number": "7196", + "frame.len": "170", + "frame.cap_len": "170", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "156", + "ip.id": "0x0000e0c7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e8f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "10024", + "udp.dstport": "1900", + "udp.port": "10024", + "udp.port": "1900", + "udp.length": "136", + "udp.checksum": "0x00005981", + "udp.checksum.status": "2", + "udp.stream": "89" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "MX: 4\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST:239.255.255.250:1900\r\n", + "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "6", + "http.prev_request_in": "7150" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:17.236055000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495377.236055000", + "frame.time_delta": "0.046221000", + "frame.time_delta_displayed": "0.046221000", + "frame.time_relative": "1785.775369000", + "frame.number": "7197", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002da2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037dd", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17833", + "tcp.ack": "81339", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ef63", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:cb:41:00:27:6a:7e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812398401, TSecr 2583166": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812398401", + "tcp.options.timestamp.tsecr": "2583166" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7195", + "tcp.analysis.ack_rtt": "0.060580000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:17.236537000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495377.236537000", + "frame.time_delta": "0.000482000", + "frame.time_delta_displayed": "0.000482000", + "frame.time_relative": "1785.775851000", + "frame.number": "7198", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "160", + "ip.id": "0x000096ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007666", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "108", + "tcp.seq": "81339", + "tcp.nxtseq": "81447", + "tcp.ack": "17833", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bcc7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6a:84:a7:a1:cb:41", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583172, TSecr 2812398401": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583172", + "tcp.options.timestamp.tsecr": "2812398401" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "108", + "tcp.analysis.push_bytes_sent": "108" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:47:78:71:f9:72:5c:60:56:d7:1e:b1:80:ae:01:84:0b:6f:c5:1a:3f:6e:3b:08:bf:b8:1c:8e:73:39:04:4e:b9:7b:c0:0a:0d:85:95:bd:b0:46:e7" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:48:04:f3:0b:4d:59:82:35:0a:df:eb:9d:b2:d9:70:f4:ce:f7:c8:18:e7:95:e6:65:33:59:84:c3:bd:50:cf:ba:bf:81:cf:5c:93:93:b9:6f:51:d7" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:17.296864000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495377.296864000", + "frame.time_delta": "0.060327000", + "frame.time_delta_displayed": "0.060327000", + "frame.time_relative": "1785.836178000", + "frame.number": "7199", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002da3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037dc", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17833", + "tcp.ack": "81447", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000eee2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:cb:50:00:27:6a:84", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812398416, TSecr 2583172": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812398416", + "tcp.options.timestamp.tsecr": "2583172" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7198", + "tcp.analysis.ack_rtt": "0.060327000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:17.318543000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495377.318543000", + "frame.time_delta": "0.021679000", + "frame.time_delta_displayed": "0.021679000", + "frame.time_relative": "1785.857857000", + "frame.number": "7200", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000096ae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007639", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "81447", + "tcp.nxtseq": "81599", + "tcp.ack": "17833", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000034e5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6a:8c:a7:a1:cb:50", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583180, TSecr 2812398416": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583180", + "tcp.options.timestamp.tsecr": "2812398416" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:49:fc:77:c5:3c:94:9d:45:8e:8a:93:6f:88:d6:d6:33:23:f5:98:8a:72:79:8d:e4:df:ee:79:e2:56:5e:c4:50:03:60:d9:46:b4:d7:5d:ce:ab:43:51:b2:ba:f0:f3:f7:39:8c:3e:49:cc:3b:8c:31:c5:35:8c:dd:4a:90:ec:0d:03:b1:55:cb:22:61:f8:18:58:82:08:a9:54:ec:96:04:32:93:3f:23:cf:b8:70:a4:ad:a7:41:f4:bd:a0:c1:59:04:95:58:4d:51:72:c6:14:25:a9:18:59:4f:3b:95:4b:ef:e2:04:d4:e5:cf:38:a6:71:a5:1e:d5:9a:5c:b5:28:85:96:20:19:33:2c:28:89:8c:90:14:55" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:17.379049000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495377.379049000", + "frame.time_delta": "0.060506000", + "frame.time_delta_displayed": "0.060506000", + "frame.time_relative": "1785.918363000", + "frame.number": "7201", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002da4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037db", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17833", + "tcp.ack": "81599", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ee2d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:cb:65:00:27:6a:8c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812398437, TSecr 2583180": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812398437", + "tcp.options.timestamp.tsecr": "2583180" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7200", + "tcp.analysis.ack_rtt": "0.060506000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:17.379564000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495377.379564000", + "frame.time_delta": "0.000515000", + "frame.time_delta_displayed": "0.000515000", + "frame.time_relative": "1785.918878000", + "frame.number": "7202", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000096af", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000762f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "81599", + "tcp.nxtseq": "81760", + "tcp.ack": "17833", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002c07", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6a:92:a7:a1:cb:65", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583186, TSecr 2812398437": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583186", + "tcp.options.timestamp.tsecr": "2812398437" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:4a:28:c9:67:56:cc:3f:39:8a:bc:10:86:76:b1:78:e8:a5:ea:51:97:d5:e5:75:85:c1:08:60:66:76:5d:27:30:a5:b3:be:8b:2c:3e:56:a6:2c:e7:8a:a5:80:2f:61:50:ff:89:55:2a:bb:dc:33:3a:c3:9f:9f:0e:03:16:9d:89:27:f2:cb:45:c8:1d:f3:c2:aa:44:43:46:15:c2:cd:5c:68:bf:c3:46:b8:9d:1c:3c:c5:d3:9f:f0:cd:d1:59:ea:fa:2b:fa:71:0a:51:55:22:8b:8a:96:f0:7a:d2:15:a9:55:b2:52:51:bb:96:40:ab:6d:01:73:24:0f:1f:c1:13:96:23:0c:4a:9b:9a:82:6f:e8:9d:1a:cb:4e:aa:26:23:aa:68:6a:e0:99" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:17.488962000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495377.488962000", + "frame.time_delta": "0.109398000", + "frame.time_delta_displayed": "0.109398000", + "frame.time_relative": "1786.028276000", + "frame.number": "7203", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002da5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037da", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17833", + "tcp.ack": "81760", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ed77", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:cb:74:00:27:6a:92", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812398452, TSecr 2583186": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812398452", + "tcp.options.timestamp.tsecr": "2583186" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7202", + "tcp.analysis.ack_rtt": "0.109398000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:17.489455000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495377.489455000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "1786.028769000", + "frame.number": "7204", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000096b0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007634", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "81760", + "tcp.nxtseq": "81915", + "tcp.ack": "17833", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c7b4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6a:9d:a7:a1:cb:74", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583197, TSecr 2812398452": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583197", + "tcp.options.timestamp.tsecr": "2812398452" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:4b:8b:13:22:91:d0:9b:80:74:0b:af:07:7c:d9:93:05:63:6e:8b:36:f2:cd:c0:cc:65:63:60:d1:5f:76:45:6a:13:2c:aa:d6:82:7f:7b:7e:cc:ef:ce:4b:f4:b0:7b:2c:fa:fa:34:31:e9:e4:b9:49:5f:b7:9a:d2:53:02:95:b9:96:04:c7:cd:76:1f:d2:52:c6:70:ca:48:a7:8a:b9:6f:48:50:20:3c:3c:cb:b0:29:f4:69:6f:f0:cf:dc:e7:8d:e9:ec:5c:6c:d0:a6:17:45:31:de:2d:27:41:24:01:6d:78:17:ec:f7:58:f0:20:cb:94:06:59:47:71:a4:48:39:67:12:d7:a4:ac:30:ad:ed:82:66:ba:de:d7:d7:62" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:17.549524000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495377.549524000", + "frame.time_delta": "0.060069000", + "frame.time_delta_displayed": "0.060069000", + "frame.time_relative": "1786.088838000", + "frame.number": "7205", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002da6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037d9", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17833", + "tcp.ack": "81915", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ecb6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:cb:8f:00:27:6a:9d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812398479, TSecr 2583197": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812398479", + "tcp.options.timestamp.tsecr": "2583197" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7204", + "tcp.analysis.ack_rtt": "0.060069000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:18.374858000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495378.374858000", + "frame.time_delta": "0.825334000", + "frame.time_delta_displayed": "0.825334000", + "frame.time_relative": "1786.914172000", + "frame.number": "7206", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000096b1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007636", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "81915", + "tcp.nxtseq": "82067", + "tcp.ack": "17833", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f950", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6a:f6:a7:a1:cb:8f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583286, TSecr 2812398479": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583286", + "tcp.options.timestamp.tsecr": "2812398479" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:4c:71:f6:78:4c:bd:e9:f0:21:39:84:24:fc:96:28:7e:b8:42:54:aa:ce:38:a3:bc:ed:15:49:00:c6:4d:c9:67:af:b5:f4:f2:55:69:4a:cc:3e:33:22:8e:1d:00:c1:2a:b0:ed:83:4e:03:aa:ff:a2:9c:8e:64:ae:41:0e:4d:5e:b0:c7:4a:f7:6a:aa:a4:c2:e1:82:3d:65:32:e1:85:cd:4c:75:2c:04:ec:f6:9b:b3:8b:96:47:28:15:0e:d0:ce:a2:69:56:f7:58:e7:97:9e:27:59:5b:eb:35:6c:ef:84:9c:72:a0:6c:f0:6c:5b:ce:1d:a7:1e:91:46:a2:36:6e:44:f0:e0:37:83:3b:dc:26:bf:fc:ff:1b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:18.435025000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495378.435025000", + "frame.time_delta": "0.060167000", + "frame.time_delta_displayed": "0.060167000", + "frame.time_relative": "1786.974339000", + "frame.number": "7207", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002da7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037d8", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17833", + "tcp.ack": "82067", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000eae7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:cc:6d:00:27:6a:f6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812398701, TSecr 2583286": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812398701", + "tcp.options.timestamp.tsecr": "2583286" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7206", + "tcp.analysis.ack_rtt": "0.060167000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:18.435509000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495378.435509000", + "frame.time_delta": "0.000484000", + "frame.time_delta_displayed": "0.000484000", + "frame.time_relative": "1786.974823000", + "frame.number": "7208", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000096b2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000762c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "82067", + "tcp.nxtseq": "82228", + "tcp.ack": "17833", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003be3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6a:fc:a7:a1:cc:6d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583292, TSecr 2812398701": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583292", + "tcp.options.timestamp.tsecr": "2812398701" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:4d:6b:8b:1f:ff:06:34:fc:53:e1:eb:92:cd:ad:01:76:37:64:db:90:66:ef:5f:d6:eb:68:d1:15:aa:2a:c0:7d:c8:ea:74:72:23:7b:f4:cd:c3:e5:41:c7:0a:9e:ba:21:27:ac:17:c5:7f:d9:9e:bd:ec:d1:f0:eb:dc:c9:5b:c8:4e:c3:cd:eb:5e:27:bb:9b:ae:1a:61:ec:1a:b4:1f:a1:f3:c3:88:5e:5f:5e:db:a5:dc:27:07:94:58:de:19:a6:cd:8c:c7:55:8d:61:c3:fc:33:d7:4e:8b:38:0e:a6:25:2b:5a:86:62:35:92:b5:76:a0:00:b0:06:e1:e4:ef:d9:71:91:92:4e:45:c5:c5:f3:4a:f5:b5:53:d3:31:78:33:26:87:d8:69:9d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:18.495637000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495378.495637000", + "frame.time_delta": "0.060128000", + "frame.time_delta_displayed": "0.060128000", + "frame.time_relative": "1787.034951000", + "frame.number": "7209", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002da8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037d7", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17833", + "tcp.ack": "82228", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ea31", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:cc:7c:00:27:6a:fc", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812398716, TSecr 2583292": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812398716", + "tcp.options.timestamp.tsecr": "2583292" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7208", + "tcp.analysis.ack_rtt": "0.060128000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:18.496168000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495378.496168000", + "frame.time_delta": "0.000531000", + "frame.time_delta_displayed": "0.000531000", + "frame.time_relative": "1787.035482000", + "frame.number": "7210", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000096b3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007631", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "82228", + "tcp.nxtseq": "82383", + "tcp.ack": "17833", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000078d8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6b:02:a7:a1:cc:7c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583298, TSecr 2812398716": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583298", + "tcp.options.timestamp.tsecr": "2812398716" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:4e:74:e9:37:bc:d7:7d:4f:d9:9e:24:ee:f6:1b:10:cd:f6:68:0f:b3:28:ab:38:46:f9:8a:aa:71:d0:3b:4f:f6:e8:ad:0e:a4:02:40:a9:8f:7e:90:fa:41:c8:0b:7b:ca:98:06:c5:85:9d:b5:c5:47:40:fc:2a:98:52:08:c0:01:d7:aa:c3:52:b6:e1:33:64:16:35:88:71:c2:87:27:02:2a:33:51:f5:d3:b8:1c:7e:56:3e:99:35:55:d9:62:bb:b2:3d:be:eb:d6:6d:b1:47:58:a4:5d:05:c3:8c:82:5d:be:2d:b7:06:82:68:fc:11:a2:a2:22:fd:49:18:a5:59:a8:5a:a8:d5:21:15:7b:f5:77:b6:23:7e:a9:a7:d2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:18.556298000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495378.556298000", + "frame.time_delta": "0.060130000", + "frame.time_delta_displayed": "0.060130000", + "frame.time_relative": "1787.095612000", + "frame.number": "7211", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002da9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037d6", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17833", + "tcp.ack": "82383", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e981", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:cc:8b:00:27:6b:02", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812398731, TSecr 2583298": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812398731", + "tcp.options.timestamp.tsecr": "2583298" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7210", + "tcp.analysis.ack_rtt": "0.060130000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:19.219199000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495379.219199000", + "frame.time_delta": "0.662901000", + "frame.time_delta_displayed": "0.662901000", + "frame.time_relative": "1787.758513000", + "frame.number": "7212", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000096b4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007695", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "82383", + "tcp.nxtseq": "82437", + "tcp.ack": "17833", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fd49", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6b:4a:a7:a1:cc:8b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583370, TSecr 2812398731": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583370", + "tcp.options.timestamp.tsecr": "2812398731" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:4f:22:bb:af:55:7d:33:2d:38:81:29:56:09:c0:01:f9:ee:25:24:67:ec:ee:f5:87:e1:19:94:8d:f7:37:56:40:04:b1:96:bc:cd:31:81:73:40:5e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:19.279475000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495379.279475000", + "frame.time_delta": "0.060276000", + "frame.time_delta_displayed": "0.060276000", + "frame.time_relative": "1787.818789000", + "frame.number": "7213", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002daa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037d5", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17833", + "tcp.ack": "82437", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e84e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:cd:40:00:27:6b:4a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812398912, TSecr 2583370": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812398912", + "tcp.options.timestamp.tsecr": "2583370" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7212", + "tcp.analysis.ack_rtt": "0.060276000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:20.173112000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495380.173112000", + "frame.time_delta": "0.893637000", + "frame.time_delta_displayed": "0.893637000", + "frame.time_relative": "1788.712426000", + "frame.number": "7214", + "frame.len": "143", + "frame.cap_len": "143", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "129", + "ip.id": "0x00002dab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003787", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "77", + "tcp.seq": "17833", + "tcp.nxtseq": "17910", + "tcp.ack": "82437", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000054e7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:ce:1f:00:27:6b:4a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812399135, TSecr 2583370": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812399135", + "tcp.options.timestamp.tsecr": "2583370" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "77", + "tcp.analysis.push_bytes_sent": "77" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "72", + "ssl.app_data": "34:cd:34:17:47:48:0e:c5:4a:cf:6b:7f:2a:b2:0d:4e:70:75:8f:3c:f8:0b:32:04:78:7f:2c:b8:1e:e9:45:e0:6d:eb:76:db:92:70:f1:86:43:5d:31:dc:d0:d3:60:2e:7f:23:54:5f:29:17:0e:e9:6d:3d:0d:f6:6c:c1:b5:95:ec:40:e3:f5:93:90:33:5d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:20.175890000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495380.175890000", + "frame.time_delta": "0.002778000", + "frame.time_delta_displayed": "0.002778000", + "frame.time_relative": "1788.715204000", + "frame.number": "7215", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x000096b5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000769b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "82437", + "tcp.nxtseq": "82484", + "tcp.ack": "17910", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006469", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6b:aa:a7:a1:ce:1f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583466, TSecr 2812399135": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583466", + "tcp.options.timestamp.tsecr": "2812399135" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7214", + "tcp.analysis.ack_rtt": "0.002778000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:50:dd:23:4d:97:d7:b7:5d:5e:db:5d:bb:bd:fc:aa:82:09:a2:3c:74:31:83:ed:6a:7e:cc:9a:32:08:37:14:46:4a:1b:b4" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:20.188313000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495380.188313000", + "frame.time_delta": "0.012423000", + "frame.time_delta_displayed": "0.012423000", + "frame.time_relative": "1788.727627000", + "frame.number": "7216", + "frame.len": "154", + "frame.cap_len": "154", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "140", + "ip.id": "0x0000e101", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e8c9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "10023", + "udp.dstport": "1900", + "udp.port": "10023", + "udp.port": "1900", + "udp.length": "120", + "udp.checksum": "0x000043d3", + "udp.checksum.status": "2", + "udp.stream": "88" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "MX: 4\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST:239.255.255.250:1900\r\n", + "http.request.line": "ST: urn:Belkin:device:insight:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "7", + "http.prev_request_in": "7174" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:20.236216000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495380.236216000", + "frame.time_delta": "0.047903000", + "frame.time_delta_displayed": "0.047903000", + "frame.time_relative": "1788.775530000", + "frame.number": "7217", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037d3", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17910", + "tcp.ack": "82484", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e683", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:ce:2f:00:27:6b:aa", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812399151, TSecr 2583466": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812399151", + "tcp.options.timestamp.tsecr": "2583466" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7215", + "tcp.analysis.ack_rtt": "0.060326000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:20.236650000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495380.236650000", + "frame.time_delta": "0.000434000", + "frame.time_delta_displayed": "0.000434000", + "frame.time_relative": "1788.775964000", + "frame.number": "7218", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "160", + "ip.id": "0x000096b6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000765d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "108", + "tcp.seq": "82484", + "tcp.nxtseq": "82592", + "tcp.ack": "17910", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002b40", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6b:b0:a7:a1:ce:2f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583472, TSecr 2812399151": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583472", + "tcp.options.timestamp.tsecr": "2812399151" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "108", + "tcp.analysis.push_bytes_sent": "108" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:51:1a:58:2d:7c:0c:2e:5b:89:0a:87:39:9a:3b:b5:b8:80:32:65:4d:43:59:b9:40:16:00:07:24:69:a5:64:37:f4:30:9e:d2:4f:d0:92:ea:b2:3a" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:52:d9:d5:21:77:5d:95:3e:0f:9e:f1:eb:1f:a9:92:57:aa:7e:49:6f:e5:b7:04:0f:49:81:b4:18:99:4d:a5:b0:3c:45:09:60:d8:23:96:02:4c:62" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:20.296896000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495380.296896000", + "frame.time_delta": "0.060246000", + "frame.time_delta_displayed": "0.060246000", + "frame.time_relative": "1788.836210000", + "frame.number": "7219", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037d2", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17910", + "tcp.ack": "82592", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e602", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:ce:3e:00:27:6b:b0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812399166, TSecr 2583472": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812399166", + "tcp.options.timestamp.tsecr": "2583472" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7218", + "tcp.analysis.ack_rtt": "0.060246000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:20.323945000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495380.323945000", + "frame.time_delta": "0.027049000", + "frame.time_delta_displayed": "0.027049000", + "frame.time_relative": "1788.863259000", + "frame.number": "7220", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000096b7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007630", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "82592", + "tcp.nxtseq": "82744", + "tcp.ack": "17910", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c3dd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6b:b8:a7:a1:ce:3e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583480, TSecr 2812399166": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583480", + "tcp.options.timestamp.tsecr": "2812399166" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:53:90:51:4b:63:86:62:33:0f:8b:73:40:04:83:3f:52:aa:59:92:45:29:7c:e0:2f:a1:98:6a:2a:f2:76:20:f8:3c:61:7c:96:0f:db:7e:2b:a6:9f:eb:29:2f:f1:a2:c8:15:22:c9:5e:63:ae:e2:25:35:91:08:f5:a9:ae:22:ce:c6:98:99:4b:3c:b9:0a:9c:a9:f7:b1:33:0a:d8:0a:83:99:6f:75:c4:4d:85:1c:6c:28:9c:ed:e9:b0:36:88:0e:f7:8e:3a:3e:da:e1:a5:5f:3a:cc:18:db:f9:ab:78:82:6c:4a:49:ed:67:f7:35:cc:79:82:7e:ed:00:fe:0c:c8:17:85:c6:d6:3f:80:c7:3a:4c:09:62:f8" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:20.384113000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495380.384113000", + "frame.time_delta": "0.060168000", + "frame.time_delta_displayed": "0.060168000", + "frame.time_relative": "1788.923427000", + "frame.number": "7221", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037d1", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17910", + "tcp.ack": "82744", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e54c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:ce:54:00:27:6b:b8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812399188, TSecr 2583480": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812399188", + "tcp.options.timestamp.tsecr": "2583480" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7220", + "tcp.analysis.ack_rtt": "0.060168000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:20.384601000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495380.384601000", + "frame.time_delta": "0.000488000", + "frame.time_delta_displayed": "0.000488000", + "frame.time_relative": "1788.923915000", + "frame.number": "7222", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000096b8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007626", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "82744", + "tcp.nxtseq": "82905", + "tcp.ack": "17910", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007073", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6b:bf:a7:a1:ce:54", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583487, TSecr 2812399188": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583487", + "tcp.options.timestamp.tsecr": "2812399188" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:54:af:65:4b:1b:76:2d:97:3f:a1:ea:75:b5:68:4f:a4:ab:93:ad:1f:97:ac:25:38:b2:9c:19:c4:4c:aa:b0:c6:bc:54:3d:40:9e:3f:33:d4:56:0d:5f:c5:bc:22:13:98:37:b0:4c:9f:9c:8a:7f:c2:1b:38:b4:a4:92:1a:ae:27:b8:2b:63:e5:35:dd:ee:b9:a7:20:51:4d:e8:81:a3:ea:49:1b:38:2d:ed:cb:1a:15:0e:ad:3f:0a:ea:53:3e:25:5c:43:1c:6c:82:9d:c7:75:f4:5d:81:f5:02:30:7e:f7:ed:f2:da:39:c3:09:be:0a:e0:ac:fe:74:95:9c:db:cd:56:3f:1a:cb:e9:db:7c:c9:8e:17:8f:f6:f0:56:0c:0e:0b:d3:cf:b2:07" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:20.444805000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495380.444805000", + "frame.time_delta": "0.060204000", + "frame.time_delta_displayed": "0.060204000", + "frame.time_relative": "1788.984119000", + "frame.number": "7223", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002daf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037d0", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17910", + "tcp.ack": "82905", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e495", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:ce:63:00:27:6b:bf", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812399203, TSecr 2583487": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812399203", + "tcp.options.timestamp.tsecr": "2583487" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7222", + "tcp.analysis.ack_rtt": "0.060204000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:20.445289000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495380.445289000", + "frame.time_delta": "0.000484000", + "frame.time_delta_displayed": "0.000484000", + "frame.time_relative": "1788.984603000", + "frame.number": "7224", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000096b9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000762b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "82905", + "tcp.nxtseq": "83060", + "tcp.ack": "17910", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009794", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6b:c5:a7:a1:ce:63", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583493, TSecr 2812399203": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583493", + "tcp.options.timestamp.tsecr": "2812399203" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:55:bf:fb:7f:4a:51:aa:6f:33:34:5d:c4:1a:4c:ea:f0:5d:b3:66:f4:0f:bd:4e:21:7e:a8:46:9b:35:f6:24:09:9b:64:03:18:87:c7:f5:b7:ec:a3:a9:d0:67:58:12:83:ae:ae:14:21:dc:99:0d:73:21:86:22:86:8b:b2:ab:e1:3c:0c:37:72:57:78:87:fa:93:8a:eb:0a:6a:3b:e6:69:b1:04:5c:eb:dc:ea:fa:f4:ff:2d:10:12:b2:0f:bb:74:1a:7c:18:67:74:a0:f3:3a:ba:52:bd:4f:14:92:dc:7d:00:c0:09:7b:3e:b9:d7:8a:92:53:2a:f6:30:b0:65:fd:7a:e8:5f:b6:2a:53:52:51:c0:da:43:00:e0:b8:34" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:20.505441000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495380.505441000", + "frame.time_delta": "0.060152000", + "frame.time_delta_displayed": "0.060152000", + "frame.time_relative": "1789.044755000", + "frame.number": "7225", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002db0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037cf", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17910", + "tcp.ack": "83060", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e3e5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:ce:72:00:27:6b:c5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812399218, TSecr 2583493": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812399218", + "tcp.options.timestamp.tsecr": "2583493" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7224", + "tcp.analysis.ack_rtt": "0.060152000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:21.374436000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495381.374436000", + "frame.time_delta": "0.868995000", + "frame.time_delta_displayed": "0.868995000", + "frame.time_relative": "1789.913750000", + "frame.number": "7226", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000096ba", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000762d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "83060", + "tcp.nxtseq": "83212", + "tcp.ack": "17910", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000067d3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6c:22:a7:a1:ce:72", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583586, TSecr 2812399218": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583586", + "tcp.options.timestamp.tsecr": "2812399218" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:56:bd:6d:c1:56:f3:3e:9d:7f:a8:19:7a:87:43:2b:20:46:d6:bf:4b:6f:40:6b:75:1c:31:2d:42:62:73:aa:b9:b7:21:74:04:e0:e0:94:10:d7:bc:b5:d6:da:59:57:14:01:81:41:fe:87:26:4e:77:c8:b3:65:93:a0:bb:56:7a:77:2a:df:9c:cc:a2:39:6c:a7:4d:d5:61:7c:6e:03:49:22:2e:57:0d:43:07:94:12:55:96:67:91:63:08:87:92:5c:bb:43:14:88:0d:bf:ce:b6:3d:c1:21:bf:86:36:ba:5e:f2:1d:00:59:47:73:1a:91:ed:92:3b:83:de:89:81:43:b5:2e:b8:02:e6:7f:19:c0:1e:c1:38" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:21.434602000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495381.434602000", + "frame.time_delta": "0.060166000", + "frame.time_delta_displayed": "0.060166000", + "frame.time_relative": "1789.973916000", + "frame.number": "7227", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002db1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037ce", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17910", + "tcp.ack": "83212", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e207", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:cf:5b:00:27:6c:22", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812399451, TSecr 2583586": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812399451", + "tcp.options.timestamp.tsecr": "2583586" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7226", + "tcp.analysis.ack_rtt": "0.060166000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:21.435095000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495381.435095000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "1789.974409000", + "frame.number": "7228", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000096bb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007623", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "83212", + "tcp.nxtseq": "83373", + "tcp.ack": "17910", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008d20", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6c:28:a7:a1:cf:5b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583592, TSecr 2812399451": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583592", + "tcp.options.timestamp.tsecr": "2812399451" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:57:ce:60:91:67:9b:1b:b0:c0:45:86:f6:4f:9f:1e:a8:00:44:4f:96:c8:f2:74:6a:5b:04:c1:41:b5:9e:e7:d8:30:54:fd:6d:7b:c7:88:7c:93:b8:d5:d2:48:f2:f2:c1:29:fd:c8:07:3f:12:0e:c2:8a:41:7f:87:f7:f4:b6:a6:6c:7a:00:04:db:4e:a9:5c:34:88:95:70:03:68:ad:22:26:92:a9:9d:dd:51:17:d2:93:7f:ba:82:cf:a9:56:f2:19:64:02:fa:d6:e3:0f:a5:13:8a:cc:61:01:14:90:07:ab:22:78:3d:53:36:d8:66:da:c4:38:d5:6f:b0:1a:67:83:cd:29:c0:d1:1f:42:e3:77:06:b4:f3:b5:80:9a:e3:61:84:55:ce:de" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:21.495188000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495381.495188000", + "frame.time_delta": "0.060093000", + "frame.time_delta_displayed": "0.060093000", + "frame.time_relative": "1790.034502000", + "frame.number": "7229", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002db2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037cd", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17910", + "tcp.ack": "83373", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e151", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:cf:6a:00:27:6c:28", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812399466, TSecr 2583592": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812399466", + "tcp.options.timestamp.tsecr": "2583592" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7228", + "tcp.analysis.ack_rtt": "0.060093000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:21.495671000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495381.495671000", + "frame.time_delta": "0.000483000", + "frame.time_delta_displayed": "0.000483000", + "frame.time_relative": "1790.034985000", + "frame.number": "7230", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000096bc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007628", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "83373", + "tcp.nxtseq": "83528", + "tcp.ack": "17910", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ad22", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6c:2e:a7:a1:cf:6a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583598, TSecr 2812399466": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583598", + "tcp.options.timestamp.tsecr": "2812399466" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:58:65:ae:35:41:76:fa:f0:32:7b:12:ea:ae:da:08:1c:a6:1b:c3:89:d8:60:8a:a1:10:b5:d6:fd:6c:d5:21:12:2b:73:65:51:db:88:fe:48:ef:54:1b:7d:22:57:17:ef:97:31:de:47:3f:73:e8:06:bd:af:2e:b1:4f:cd:d0:66:ab:40:2f:00:70:57:a9:d0:7e:26:5c:a8:25:9b:da:7e:4e:a7:f9:ce:98:d5:81:75:5d:23:6a:80:78:83:52:98:56:d0:4c:ec:66:ce:ad:fd:a6:a3:a8:23:5e:2f:8b:94:14:a8:8a:f3:f7:d3:c9:e2:e6:03:a5:1d:80:55:94:66:54:4a:bc:9b:76:8a:a1:94:c8:23:c6:f5:f6:67:86" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:21.555755000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495381.555755000", + "frame.time_delta": "0.060084000", + "frame.time_delta_displayed": "0.060084000", + "frame.time_relative": "1790.095069000", + "frame.number": "7231", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002db3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037cc", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17910", + "tcp.ack": "83528", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e0a1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:cf:79:00:27:6c:2e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812399481, TSecr 2583598": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812399481", + "tcp.options.timestamp.tsecr": "2583598" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7230", + "tcp.analysis.ack_rtt": "0.060084000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:22.214839000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495382.214839000", + "frame.time_delta": "0.659084000", + "frame.time_delta_displayed": "0.659084000", + "frame.time_relative": "1790.754153000", + "frame.number": "7232", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000096bd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000768c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "83528", + "tcp.nxtseq": "83582", + "tcp.ack": "17910", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001ab1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6c:76:a7:a1:cf:79", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583670, TSecr 2812399481": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583670", + "tcp.options.timestamp.tsecr": "2812399481" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:59:98:5c:ab:14:22:d1:ac:16:27:dd:81:1a:b9:c3:bb:6c:1b:9a:1c:91:88:6f:ea:65:07:b1:bc:47:6a:c1:d1:bf:24:4b:06:b2:d7:a5:36:c5:45" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:22.275099000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495382.275099000", + "frame.time_delta": "0.060260000", + "frame.time_delta_displayed": "0.060260000", + "frame.time_relative": "1790.814413000", + "frame.number": "7233", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002db4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037cb", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17910", + "tcp.ack": "83582", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000df6f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d0:2d:00:27:6c:76", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812399661, TSecr 2583670": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812399661", + "tcp.options.timestamp.tsecr": "2583670" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7232", + "tcp.analysis.ack_rtt": "0.060260000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:23.173815000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495383.173815000", + "frame.time_delta": "0.898716000", + "frame.time_delta_displayed": "0.898716000", + "frame.time_relative": "1791.713129000", + "frame.number": "7234", + "frame.len": "146", + "frame.cap_len": "146", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "132", + "ip.id": "0x00002db5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000377a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "80", + "tcp.seq": "17910", + "tcp.nxtseq": "17990", + "tcp.ack": "83582", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b256", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d1:0d:00:27:6c:76", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812399885, TSecr 2583670": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812399885", + "tcp.options.timestamp.tsecr": "2583670" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "80", + "tcp.analysis.push_bytes_sent": "80" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "75", + "ssl.app_data": "34:cd:34:17:47:48:0e:c6:32:96:70:8d:f4:65:2c:b9:b6:97:28:00:69:8c:ff:8b:a3:d3:51:88:9b:87:91:78:35:1f:d5:d5:aa:ce:f9:9f:66:81:eb:5f:b5:8a:05:1c:86:8d:d7:83:5e:15:14:8a:39:ec:50:d4:85:98:92:32:72:b4:89:e7:9f:1c:f7:d2:83:d0:aa" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:23.177688000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495383.177688000", + "frame.time_delta": "0.003873000", + "frame.time_delta_displayed": "0.003873000", + "frame.time_relative": "1791.717002000", + "frame.number": "7235", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x000096be", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007692", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "83582", + "tcp.nxtseq": "83629", + "tcp.ack": "17990", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000025ec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6c:d6:a7:a1:d1:0d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583766, TSecr 2812399885": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583766", + "tcp.options.timestamp.tsecr": "2812399885" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7234", + "tcp.analysis.ack_rtt": "0.003873000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:5a:c9:63:69:ff:6b:26:90:9f:90:e2:f5:0d:e8:6a:50:b2:c2:03:50:75:ec:36:09:f0:9b:0a:69:d2:38:c1:db:3c:9c:aa" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:23.195317000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495383.195317000", + "frame.time_delta": "0.017629000", + "frame.time_delta_displayed": "0.017629000", + "frame.time_relative": "1791.734631000", + "frame.number": "7236", + "frame.len": "157", + "frame.cap_len": "157", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "143", + "ip.id": "0x0000e208", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e7bf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "10024", + "udp.dstport": "1900", + "udp.port": "10024", + "udp.port": "1900", + "udp.length": "123", + "udp.checksum": "0x00006e5f", + "udp.checksum.status": "2", + "udp.stream": "89" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "MX: 4\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST:239.255.255.250:1900\r\n", + "http.request.line": "ST: urn:Belkin:device:controllee:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "7", + "http.prev_request_in": "7196" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:23.237799000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495383.237799000", + "frame.time_delta": "0.042482000", + "frame.time_delta_displayed": "0.042482000", + "frame.time_relative": "1791.777113000", + "frame.number": "7237", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002db6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037c9", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17990", + "tcp.ack": "83629", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000dda0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d1:1d:00:27:6c:d6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812399901, TSecr 2583766": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812399901", + "tcp.options.timestamp.tsecr": "2583766" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7235", + "tcp.analysis.ack_rtt": "0.060111000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:23.238289000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495383.238289000", + "frame.time_delta": "0.000490000", + "frame.time_delta_displayed": "0.000490000", + "frame.time_relative": "1791.777603000", + "frame.number": "7238", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "160", + "ip.id": "0x000096bf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007654", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "108", + "tcp.seq": "83629", + "tcp.nxtseq": "83737", + "tcp.ack": "17990", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009bf3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6c:dc:a7:a1:d1:1d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583772, TSecr 2812399901": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583772", + "tcp.options.timestamp.tsecr": "2812399901" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "108", + "tcp.analysis.push_bytes_sent": "108" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:5b:36:93:20:2f:e9:a6:56:82:3a:2d:23:69:cd:ea:0a:ed:79:2c:26:4e:60:57:27:e8:59:dc:6b:58:3a:07:31:6c:80:cc:77:8a:c0:70:80:dc:11" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:5c:fb:cd:b3:42:eb:5b:56:c9:82:2b:73:03:c5:e7:03:68:dc:1b:77:d2:bb:9f:19:24:62:54:c2:b1:5c:be:a5:b0:15:fb:95:79:2c:7a:44:4f:75" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:23.298319000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495383.298319000", + "frame.time_delta": "0.060030000", + "frame.time_delta_displayed": "0.060030000", + "frame.time_relative": "1791.837633000", + "frame.number": "7239", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002db7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037c8", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17990", + "tcp.ack": "83737", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000dd1e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d1:2d:00:27:6c:dc", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812399917, TSecr 2583772": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812399917", + "tcp.options.timestamp.tsecr": "2583772" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7238", + "tcp.analysis.ack_rtt": "0.060030000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:23.338321000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495383.338321000", + "frame.time_delta": "0.040002000", + "frame.time_delta_displayed": "0.040002000", + "frame.time_relative": "1791.877635000", + "frame.number": "7240", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "94:10:3e:36:60:09", + "arp.src.proto_ipv4": "192.168.0.225", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:23.338745000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495383.338745000", + "frame.time_delta": "0.000424000", + "frame.time_delta_displayed": "0.000424000", + "frame.time_relative": "1791.878059000", + "frame.number": "7241", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "94:10:3e:36:60:09", + "arp.dst.proto_ipv4": "192.168.0.225" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:23.347520000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495383.347520000", + "frame.time_delta": "0.008775000", + "frame.time_delta_displayed": "0.008775000", + "frame.time_relative": "1791.886834000", + "frame.number": "7242", + "frame.len": "450", + "frame.cap_len": "450", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "436", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b615", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "3077", + "udp.dstport": "10024", + "udp.port": "3077", + "udp.port": "10024", + "udp.length": "416", + "udp.checksum": "0x0000f481", + "udp.checksum.status": "2", + "udp.stream": "93" + }, + "data": { + "data.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:41:43:48:45:2d:43:4f:4e:54:52:4f:4c:3a:20:6d:61:78:2d:61:67:65:3d:38:36:34:30:30:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:31:36:3a:32:33:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:4c:4f:43:41:54:49:4f:4e:3a:20:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:32:32:35:3a:34:39:31:35:33:2f:73:65:74:75:70:2e:78:6d:6c:0d:0a:4f:50:54:3a:20:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:75:70:6e:70:2e:6f:72:67:2f:75:70:6e:70:2f:31:2f:30:2f:22:3b:20:6e:73:3d:30:31:0d:0a:30:31:2d:4e:4c:53:3a:20:61:35:61:35:62:30:39:36:2d:31:64:64:31:2d:31:31:62:32:2d:62:64:62:38:2d:38:32:36:39:32:65:66:62:30:64:37:65:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:53:54:3a:20:75:72:6e:3a:42:65:6c:6b:69:6e:3a:64:65:76:69:63:65:3a:63:6f:6e:74:72:6f:6c:6c:65:65:3a:31:0d:0a:55:53:4e:3a:20:75:75:69:64:3a:53:6f:63:6b:65:74:2d:31:5f:30:2d:32:32:31:35:32:33:4b:30:31:30:30:42:31:31:3a:3a:75:72:6e:3a:42:65:6c:6b:69:6e:3a:64:65:76:69:63:65:3a:63:6f:6e:74:72:6f:6c:6c:65:65:3a:31:0d:0a:0d:0a", + "data.len": "408" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:23.361438000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495383.361438000", + "frame.time_delta": "0.013918000", + "frame.time_delta_displayed": "0.013918000", + "frame.time_relative": "1791.900752000", + "frame.number": "7243", + "frame.len": "231", + "frame.cap_len": "231", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "217", + "ip.id": "0x000096c0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000761a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "165", + "tcp.seq": "83737", + "tcp.nxtseq": "83902", + "tcp.ack": "17990", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005923", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6c:e8:a7:a1:d1:2d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583784, TSecr 2812399917": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583784", + "tcp.options.timestamp.tsecr": "2812399917" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "165", + "tcp.analysis.push_bytes_sent": "165" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "160", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:5d:3c:d5:a4:a3:b4:5c:13:de:9c:be:09:8d:e8:16:b1:ed:fc:af:28:f0:fd:c5:78:9a:1d:b9:f8:08:95:20:31:e3:61:ee:9c:2e:e4:87:10:ce:ba:b7:78:4f:53:90:8c:35:25:40:ab:7d:88:c1:7b:dc:12:d0:1e:a3:2c:34:fd:05:31:b6:c0:95:a4:2c:f5:af:07:14:17:98:78:bb:bb:27:78:b5:63:78:5e:90:30:b1:8d:87:13:f9:4a:8d:56:d7:84:e1:cc:36:81:f2:ef:a0:8d:cb:c9:44:87:33:2f:3f:ae:f7:0e:d5:44:65:57:35:3a:e2:20:49:58:52:f4:e3:4b:55:29:49:99:03:85:c8:39:01:97:12:3b:91:5c:54:f2:50:38:ba:65:55:ad:d2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:23.421636000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495383.421636000", + "frame.time_delta": "0.060198000", + "frame.time_delta_displayed": "0.060198000", + "frame.time_relative": "1791.960950000", + "frame.number": "7244", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002db8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037c7", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17990", + "tcp.ack": "83902", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000dc4f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d1:4b:00:27:6c:e8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812399947, TSecr 2583784": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812399947", + "tcp.options.timestamp.tsecr": "2583784" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7243", + "tcp.analysis.ack_rtt": "0.060198000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:23.422123000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495383.422123000", + "frame.time_delta": "0.000487000", + "frame.time_delta_displayed": "0.000487000", + "frame.time_relative": "1791.961437000", + "frame.number": "7245", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000096c1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007626", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "83902", + "tcp.nxtseq": "84054", + "tcp.ack": "17990", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000a76", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6c:ee:a7:a1:d1:4b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583790, TSecr 2812399947": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583790", + "tcp.options.timestamp.tsecr": "2812399947" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:5e:b6:9c:1c:11:24:43:73:fc:8b:ea:6a:ea:d3:18:7d:ee:67:9b:cd:c5:7c:ce:97:68:12:6e:fe:da:9e:49:b6:96:4d:46:f2:e9:d9:dd:8e:19:b2:95:2c:85:e6:05:d9:c0:92:4a:57:2e:f7:37:39:f5:d8:94:2e:32:3f:b3:6f:13:63:cd:41:48:65:f5:25:c8:f8:5b:d2:a4:05:fc:d8:58:d5:26:63:af:94:62:99:9b:35:5e:8e:b4:80:a0:98:be:b2:7b:6b:cb:f8:58:05:75:3a:d4:5f:85:a8:68:be:44:02:70:0c:82:a3:72:f1:a2:42:a4:21:20:bc:29:38:bc:68:62:a9:1c:25:44:71:c0:de:7e:ea" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:23.482346000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495383.482346000", + "frame.time_delta": "0.060223000", + "frame.time_delta_displayed": "0.060223000", + "frame.time_relative": "1792.021660000", + "frame.number": "7246", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002db9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037c6", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17990", + "tcp.ack": "84054", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000dba1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d1:5b:00:27:6c:ee", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812399963, TSecr 2583790": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812399963", + "tcp.options.timestamp.tsecr": "2583790" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7245", + "tcp.analysis.ack_rtt": "0.060223000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:23.482840000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495383.482840000", + "frame.time_delta": "0.000494000", + "frame.time_delta_displayed": "0.000494000", + "frame.time_relative": "1792.022154000", + "frame.number": "7247", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000096c2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000761c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "84054", + "tcp.nxtseq": "84215", + "tcp.ack": "17990", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cd02", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6c:f4:a7:a1:d1:5b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583796, TSecr 2812399963": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583796", + "tcp.options.timestamp.tsecr": "2812399963" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:5f:03:b0:1d:95:29:b7:49:83:ef:cf:08:89:a0:84:51:3c:5f:a6:b0:ed:09:4b:33:5d:e9:7e:b1:33:61:27:8f:14:9a:f7:e8:57:72:46:47:69:92:4a:97:9f:ba:49:ce:fc:38:90:1c:80:dc:b3:f6:66:43:8f:60:02:ee:af:5e:86:74:92:14:32:3f:1b:7e:14:2a:97:62:06:11:89:1d:96:43:78:7a:45:22:54:31:78:eb:5b:37:ad:5f:1a:16:be:10:8d:66:7b:74:14:8a:66:c9:65:6b:9a:43:eb:3a:0b:84:32:ee:b2:ee:0b:18:ef:da:fe:0e:8b:8e:26:8d:a6:c9:2f:9c:ca:e4:4b:54:57:70:ac:30:f7:39:3d:9f:88:b3:80:5e:fe" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:23.542948000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495383.542948000", + "frame.time_delta": "0.060108000", + "frame.time_delta_displayed": "0.060108000", + "frame.time_relative": "1792.082262000", + "frame.number": "7248", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dba", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037c5", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17990", + "tcp.ack": "84215", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000daeb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d1:6a:00:27:6c:f4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812399978, TSecr 2583796": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812399978", + "tcp.options.timestamp.tsecr": "2583796" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7247", + "tcp.analysis.ack_rtt": "0.060108000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:23.543440000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495383.543440000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "1792.082754000", + "frame.number": "7249", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000096c3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007621", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "84215", + "tcp.nxtseq": "84370", + "tcp.ack": "17990", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000527a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6c:fa:a7:a1:d1:6a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583802, TSecr 2812399978": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583802", + "tcp.options.timestamp.tsecr": "2812399978" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:60:a5:24:f5:f2:f3:ba:99:57:e6:db:40:a2:65:88:ca:54:7c:85:e7:53:13:80:dc:10:e7:2a:8c:34:cf:4e:8b:ba:df:d8:7b:6c:68:9e:c6:61:cb:23:ae:9a:38:67:9b:ed:d7:45:55:61:8f:91:3d:31:92:b3:c7:e2:30:99:7b:29:48:e6:45:11:75:c6:18:da:21:23:89:21:0d:24:82:48:82:28:2d:f4:1e:dc:c3:47:5c:83:51:3e:35:6c:4a:b2:ea:c4:2d:26:1d:65:b3:ac:85:03:aa:ad:4c:0f:5a:e3:85:e8:e5:f2:1e:68:7b:e9:28:b3:a7:01:1f:1d:af:c5:b4:15:d2:c4:12:e2:6f:cf:ab:05:1b:71:f3:73" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:23.604226000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495383.604226000", + "frame.time_delta": "0.060786000", + "frame.time_delta_displayed": "0.060786000", + "frame.time_relative": "1792.143540000", + "frame.number": "7250", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dbb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037c4", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17990", + "tcp.ack": "84370", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000da3b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d1:79:00:27:6c:fa", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812399993, TSecr 2583802": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812399993", + "tcp.options.timestamp.tsecr": "2583802" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7249", + "tcp.analysis.ack_rtt": "0.060786000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:24.467661000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495384.467661000", + "frame.time_delta": "0.863435000", + "frame.time_delta_displayed": "0.863435000", + "frame.time_relative": "1793.006975000", + "frame.number": "7251", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000096c4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007623", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "84370", + "tcp.nxtseq": "84522", + "tcp.ack": "17990", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009f8c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6d:57:a7:a1:d1:79", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583895, TSecr 2812399993": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583895", + "tcp.options.timestamp.tsecr": "2812399993" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:61:07:7d:c3:a2:ab:3d:b7:e8:79:f3:65:67:a8:99:a7:2b:81:49:32:95:e7:c5:60:8d:08:ac:4d:72:7f:b1:f9:3c:87:4b:93:f5:8f:14:5e:eb:00:cf:6d:87:56:98:f5:5a:d0:01:00:5b:3d:61:d5:c9:5b:2b:98:42:23:90:c2:c3:5b:a5:34:83:01:f0:ff:ff:23:ed:f7:f0:a3:46:82:77:a7:b8:bf:d0:0b:15:85:eb:5a:b2:a2:42:ce:5c:9b:b5:3f:28:d9:b4:db:5b:50:bc:a2:b9:01:d3:d3:c4:62:5a:52:45:88:38:f7:6a:ea:23:0e:13:81:df:ff:1d:b4:50:c0:99:33:b2:d2:c2:00:6d:3b:23:a3" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:24.527916000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495384.527916000", + "frame.time_delta": "0.060255000", + "frame.time_delta_displayed": "0.060255000", + "frame.time_relative": "1793.067230000", + "frame.number": "7252", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dbc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037c3", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17990", + "tcp.ack": "84522", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d85f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d2:60:00:27:6d:57", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812400224, TSecr 2583895": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812400224", + "tcp.options.timestamp.tsecr": "2583895" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7251", + "tcp.analysis.ack_rtt": "0.060255000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:24.528406000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495384.528406000", + "frame.time_delta": "0.000490000", + "frame.time_delta_displayed": "0.000490000", + "frame.time_relative": "1793.067720000", + "frame.number": "7253", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000096c5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007619", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "84522", + "tcp.nxtseq": "84683", + "tcp.ack": "17990", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001382", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6d:5d:a7:a1:d2:60", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583901, TSecr 2812400224": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583901", + "tcp.options.timestamp.tsecr": "2812400224" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:62:c5:ae:c0:75:76:35:ed:97:09:90:0a:ff:16:b0:84:47:08:11:75:9e:17:19:89:33:f7:75:38:ed:c3:32:b2:ca:ce:7c:36:c1:4a:12:66:78:c6:0f:76:ff:02:a9:e2:01:8d:11:7c:8f:1d:60:bc:b2:aa:19:02:5d:f4:e1:01:aa:f0:1d:5f:b2:ef:cc:9b:28:59:61:a3:63:fb:2a:0e:8d:50:61:97:68:e0:ae:45:ab:aa:96:5a:39:3f:4b:c1:16:94:0a:d3:bc:29:b3:22:bb:d6:4d:46:e1:83:75:c8:3c:52:f9:91:a9:4c:92:55:45:ff:0a:78:25:25:bd:a3:53:92:de:69:a8:e7:64:29:26:37:d7:5d:3d:3f:b0:0a:6d:a8:7a:f4:b5" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:24.588804000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495384.588804000", + "frame.time_delta": "0.060398000", + "frame.time_delta_displayed": "0.060398000", + "frame.time_relative": "1793.128118000", + "frame.number": "7254", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dbd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037c2", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17990", + "tcp.ack": "84683", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d7a9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d2:6f:00:27:6d:5d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812400239, TSecr 2583901": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812400239", + "tcp.options.timestamp.tsecr": "2583901" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7253", + "tcp.analysis.ack_rtt": "0.060398000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:24.589287000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495384.589287000", + "frame.time_delta": "0.000483000", + "frame.time_delta_displayed": "0.000483000", + "frame.time_relative": "1793.128601000", + "frame.number": "7255", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000096c6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000761e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "84683", + "tcp.nxtseq": "84838", + "tcp.ack": "17990", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c4cb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6d:63:a7:a1:d2:6f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583907, TSecr 2812400239": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583907", + "tcp.options.timestamp.tsecr": "2812400239" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:63:f6:db:37:f8:b0:92:bf:2d:54:b0:73:c7:2d:27:02:87:bf:24:19:71:cc:b0:a7:08:96:91:b8:2d:db:0d:1b:22:29:42:c4:bb:4e:be:52:f0:71:67:f3:7c:e5:07:af:16:95:bc:ef:7a:75:b7:3a:80:c2:3d:cd:69:bf:af:af:73:3c:72:0f:33:24:ff:a8:9b:56:53:97:a7:76:4c:7a:65:f9:7f:77:f1:be:8a:16:46:71:94:4c:7f:b9:89:18:06:a1:b7:5c:e7:80:e0:e5:5d:e5:0f:77:2f:51:34:4e:ae:7d:96:72:bc:8e:11:37:d8:ec:cf:cd:d9:b5:6c:d1:68:cf:04:fe:d6:a9:77:8c:7a:40:74:fd:f2:d6:9b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:24.649885000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495384.649885000", + "frame.time_delta": "0.060598000", + "frame.time_delta_displayed": "0.060598000", + "frame.time_relative": "1793.189199000", + "frame.number": "7256", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dbe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037c1", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17990", + "tcp.ack": "84838", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d6f9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d2:7e:00:27:6d:63", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812400254, TSecr 2583907": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812400254", + "tcp.options.timestamp.tsecr": "2583907" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7255", + "tcp.analysis.ack_rtt": "0.060598000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:25.213193000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495385.213193000", + "frame.time_delta": "0.563308000", + "frame.time_delta_displayed": "0.563308000", + "frame.time_relative": "1793.752507000", + "frame.number": "7257", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000096c7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007682", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "84838", + "tcp.nxtseq": "84892", + "tcp.ack": "17990", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001c26", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6d:a1:a7:a1:d2:7e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2583969, TSecr 2812400254": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2583969", + "tcp.options.timestamp.tsecr": "2812400254" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:64:94:7b:a0:5b:60:28:3c:a3:94:7f:ae:fe:63:a8:bc:2d:fb:58:d9:4c:78:f8:fb:97:f7:70:b2:e8:81:d4:ee:13:0d:5e:1c:d2:67:1d:63:90:ba" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:25.273819000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495385.273819000", + "frame.time_delta": "0.060626000", + "frame.time_delta_displayed": "0.060626000", + "frame.time_relative": "1793.813133000", + "frame.number": "7258", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dbf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037c0", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "17990", + "tcp.ack": "84892", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d5e9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d3:1a:00:27:6d:a1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812400410, TSecr 2583969": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812400410", + "tcp.options.timestamp.tsecr": "2583969" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7257", + "tcp.analysis.ack_rtt": "0.060626000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:26.174946000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495386.174946000", + "frame.time_delta": "0.901127000", + "frame.time_delta_displayed": "0.901127000", + "frame.time_relative": "1794.714260000", + "frame.number": "7259", + "frame.len": "142", + "frame.cap_len": "142", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "128", + "ip.id": "0x00002dc0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003773", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "76", + "tcp.seq": "17990", + "tcp.nxtseq": "18066", + "tcp.ack": "84892", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fcb3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d3:fc:00:27:6d:a1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812400636, TSecr 2583969": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812400636", + "tcp.options.timestamp.tsecr": "2583969" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "76", + "tcp.analysis.push_bytes_sent": "76" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "71", + "ssl.app_data": "34:cd:34:17:47:48:0e:c7:cb:7a:db:61:dc:9c:47:f3:15:da:82:dc:94:fa:52:92:92:02:af:d7:a1:7a:dd:95:e2:7a:28:69:41:b3:72:a3:f9:39:1c:e0:d4:94:bd:05:3e:8a:39:15:1d:a4:72:aa:98:57:3f:4b:70:4e:17:00:76:84:af:59:2b:3b:12" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:26.178889000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495386.178889000", + "frame.time_delta": "0.003943000", + "frame.time_delta_displayed": "0.003943000", + "frame.time_relative": "1794.718203000", + "frame.number": "7260", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x000096c8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007688", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "84892", + "tcp.nxtseq": "84939", + "tcp.ack": "18066", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c954", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6e:02:a7:a1:d3:fc", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2584066, TSecr 2812400636": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2584066", + "tcp.options.timestamp.tsecr": "2812400636" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7259", + "tcp.analysis.ack_rtt": "0.003943000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:65:cf:e0:99:3c:37:75:6d:76:00:21:c9:16:f4:04:c4:d5:a8:95:ef:e4:eb:52:b9:1d:64:16:ec:0e:63:3d:1f:6e:1e:cd" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:26.193888000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495386.193888000", + "frame.time_delta": "0.014999000", + "frame.time_delta_displayed": "0.014999000", + "frame.time_relative": "1794.733202000", + "frame.number": "7261", + "frame.len": "153", + "frame.cap_len": "153", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "139", + "ip.id": "0x0000e301", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e6ca", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "10023", + "udp.dstport": "1900", + "udp.port": "10023", + "udp.port": "1900", + "udp.length": "119", + "udp.checksum": "0x0000482d", + "udp.checksum.status": "2", + "udp.stream": "88" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "MX: 4\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST:239.255.255.250:1900\r\n", + "http.request.line": "ST: urn:Belkin:device:sensor:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "8", + "http.prev_request_in": "7216" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:26.239077000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495386.239077000", + "frame.time_delta": "0.045189000", + "frame.time_delta_displayed": "0.045189000", + "frame.time_relative": "1794.778391000", + "frame.number": "7262", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dc1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037be", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18066", + "tcp.ack": "84939", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d41b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d4:0c:00:27:6e:02", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812400652, TSecr 2584066": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812400652", + "tcp.options.timestamp.tsecr": "2584066" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7260", + "tcp.analysis.ack_rtt": "0.060188000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:26.239560000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495386.239560000", + "frame.time_delta": "0.000483000", + "frame.time_delta_displayed": "0.000483000", + "frame.time_relative": "1794.778874000", + "frame.number": "7263", + "frame.len": "145", + "frame.cap_len": "145", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "131", + "ip.id": "0x000096c9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007667", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "79", + "tcp.seq": "84939", + "tcp.nxtseq": "85018", + "tcp.ack": "18066", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008d9a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6e:08:a7:a1:d4:0c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2584072, TSecr 2812400652": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2584072", + "tcp.options.timestamp.tsecr": "2812400652" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "79", + "tcp.analysis.push_bytes_sent": "79" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "74", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:66:c2:87:45:34:da:87:af:cd:94:e6:74:16:22:16:55:65:50:8f:3d:24:44:37:b4:70:6f:9e:77:62:99:a6:42:cc:42:da:47:99:2a:65:c2:b3:5b:54:eb:8d:1b:0e:ef:14:53:83:d2:57:da:ee:87:61:e1:92:51:66:53:86:9f:51:40:d7" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:26.299909000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495386.299909000", + "frame.time_delta": "0.060349000", + "frame.time_delta_displayed": "0.060349000", + "frame.time_relative": "1794.839223000", + "frame.number": "7264", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dc2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037bd", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18066", + "tcp.ack": "85018", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d3b7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d4:1b:00:27:6e:08", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812400667, TSecr 2584072": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812400667", + "tcp.options.timestamp.tsecr": "2584072" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7263", + "tcp.analysis.ack_rtt": "0.060349000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:26.320591000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495386.320591000", + "frame.time_delta": "0.020682000", + "frame.time_delta_displayed": "0.020682000", + "frame.time_relative": "1794.859905000", + "frame.number": "7265", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000096ca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000761d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "85018", + "tcp.nxtseq": "85170", + "tcp.ack": "18066", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001769", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6e:10:a7:a1:d4:1b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2584080, TSecr 2812400667": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2584080", + "tcp.options.timestamp.tsecr": "2812400667" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:67:09:28:57:a4:6d:80:a4:23:fa:42:24:a5:35:0f:13:ef:60:a2:6c:ed:18:76:39:0d:c6:30:de:37:14:e6:f1:84:0b:39:7d:d0:97:32:07:11:fc:a0:c6:09:68:26:55:30:bd:ba:cc:e6:a7:6c:c9:db:7d:4f:7f:3f:5d:64:f5:68:3d:44:b5:5a:eb:ca:de:fd:ec:91:6a:f3:5f:67:a7:46:2b:21:17:9d:3b:cb:bd:bd:7f:99:0b:f4:c3:5b:2f:fd:94:e2:08:ac:0d:8c:d5:3c:d8:e3:ac:8a:b5:a6:bf:63:c0:7f:fe:46:aa:ff:a1:49:e0:09:18:19:a4:e2:06:7d:90:01:08:2b:44:5a:be:4d:fe:16:66" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:26.380694000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495386.380694000", + "frame.time_delta": "0.060103000", + "frame.time_delta_displayed": "0.060103000", + "frame.time_relative": "1794.920008000", + "frame.number": "7266", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dc3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037bc", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18066", + "tcp.ack": "85170", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d303", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d4:2f:00:27:6e:10", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812400687, TSecr 2584080": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812400687", + "tcp.options.timestamp.tsecr": "2584080" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7265", + "tcp.analysis.ack_rtt": "0.060103000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:26.381135000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495386.381135000", + "frame.time_delta": "0.000441000", + "frame.time_delta_displayed": "0.000441000", + "frame.time_relative": "1794.920449000", + "frame.number": "7267", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000096cb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007613", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "85170", + "tcp.nxtseq": "85331", + "tcp.ack": "18066", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d4ef", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6e:16:a7:a1:d4:2f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2584086, TSecr 2812400687": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2584086", + "tcp.options.timestamp.tsecr": "2812400687" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:68:43:6e:e8:fa:8e:3d:bb:35:03:76:11:47:97:e7:3f:74:9c:a4:7a:0e:43:64:6d:33:86:9a:95:a6:f2:3f:99:ed:0c:53:4b:17:87:2d:c2:e6:d0:ca:1f:b9:bb:fd:72:6e:b0:25:0e:1d:fc:09:17:1a:b7:dc:37:07:02:9d:f2:a4:9c:e5:91:c6:91:d5:cd:31:48:91:fe:61:6f:6f:61:c5:71:98:99:f6:01:4d:a8:5a:14:fb:5f:4a:1e:e4:1d:99:93:1f:35:ec:bf:21:25:33:d5:63:e8:d8:bf:29:9b:18:7b:6b:cd:01:86:bd:55:41:f0:6e:17:6b:53:99:2e:05:49:70:cf:32:18:86:a6:09:19:55:20:75:82:4f:ed:57:6d:9d:9e:9c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:26.441466000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495386.441466000", + "frame.time_delta": "0.060331000", + "frame.time_delta_displayed": "0.060331000", + "frame.time_relative": "1794.980780000", + "frame.number": "7268", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dc4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037bb", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18066", + "tcp.ack": "85331", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d24d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d4:3e:00:27:6e:16", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812400702, TSecr 2584086": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812400702", + "tcp.options.timestamp.tsecr": "2584086" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7267", + "tcp.analysis.ack_rtt": "0.060331000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:26.441955000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495386.441955000", + "frame.time_delta": "0.000489000", + "frame.time_delta_displayed": "0.000489000", + "frame.time_relative": "1794.981269000", + "frame.number": "7269", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000096cc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007618", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "85331", + "tcp.nxtseq": "85486", + "tcp.ack": "18066", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c279", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6e:1c:a7:a1:d4:3e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2584092, TSecr 2812400702": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2584092", + "tcp.options.timestamp.tsecr": "2812400702" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:69:40:58:51:86:cc:79:dd:54:50:98:d3:81:da:e3:8a:0c:c6:18:f3:2c:72:d9:07:41:24:d3:b1:76:6e:5c:ab:90:05:64:75:c6:9c:37:df:ad:60:9c:d3:f8:44:0e:89:8e:29:fe:6e:8d:69:0d:3c:62:3d:61:d4:ed:b2:fd:9f:2d:05:10:d5:fe:47:18:d6:0b:5e:4f:3c:8c:64:55:ea:41:6a:0f:43:91:58:a9:ac:c9:4b:ab:9d:c0:e9:43:2f:87:9c:fa:06:57:fb:35:7f:b6:8c:ba:f2:80:30:8d:5a:d0:21:13:35:b1:45:22:7d:9c:2f:97:e6:ea:45:92:65:1b:89:a2:8b:2b:2d:53:da:b3:36:25:ba:2c:ee:90" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:26.502213000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495386.502213000", + "frame.time_delta": "0.060258000", + "frame.time_delta_displayed": "0.060258000", + "frame.time_relative": "1795.041527000", + "frame.number": "7270", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dc5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037ba", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18066", + "tcp.ack": "85486", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d19d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d4:4d:00:27:6e:1c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812400717, TSecr 2584092": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812400717", + "tcp.options.timestamp.tsecr": "2584092" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7269", + "tcp.analysis.ack_rtt": "0.060258000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:27.381871000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495387.381871000", + "frame.time_delta": "0.879658000", + "frame.time_delta_displayed": "0.879658000", + "frame.time_relative": "1795.921185000", + "frame.number": "7271", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000096cd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000761a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "85486", + "tcp.nxtseq": "85638", + "tcp.ack": "18066", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000dd0e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6e:7a:a7:a1:d4:4d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2584186, TSecr 2812400717": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2584186", + "tcp.options.timestamp.tsecr": "2812400717" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:6a:e2:a5:c6:cf:6a:a8:eb:12:29:47:09:ea:a7:cc:d9:89:31:2d:98:35:b8:2c:d3:cc:06:c1:5c:2a:8a:4b:dc:ee:77:0f:6a:00:34:59:e0:30:65:e1:35:be:90:8b:24:74:7d:76:38:0d:55:2f:97:d4:1e:41:de:3f:a5:44:1a:42:73:56:62:81:4c:9a:0c:c6:d1:64:3a:24:58:ff:91:28:1d:1f:ce:93:15:58:f4:8f:6d:98:1d:ca:4b:49:7f:66:99:42:7a:38:4e:b4:59:8d:12:79:ec:5d:41:3d:0a:63:06:7d:d4:b5:fe:96:43:e0:2a:e8:4d:ba:8f:17:2b:ef:bd:69:de:e0:2b:f7:70:57:43:64:c4" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:27.442082000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495387.442082000", + "frame.time_delta": "0.060211000", + "frame.time_delta_displayed": "0.060211000", + "frame.time_relative": "1795.981396000", + "frame.number": "7272", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dc6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037b9", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18066", + "tcp.ack": "85638", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cfbc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d5:38:00:27:6e:7a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812400952, TSecr 2584186": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812400952", + "tcp.options.timestamp.tsecr": "2584186" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7271", + "tcp.analysis.ack_rtt": "0.060211000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:27.442573000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495387.442573000", + "frame.time_delta": "0.000491000", + "frame.time_delta_displayed": "0.000491000", + "frame.time_relative": "1795.981887000", + "frame.number": "7273", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000096ce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007610", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "85638", + "tcp.nxtseq": "85799", + "tcp.ack": "18066", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d3c4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6e:80:a7:a1:d5:38", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2584192, TSecr 2812400952": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2584192", + "tcp.options.timestamp.tsecr": "2812400952" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:6b:b2:23:68:88:19:9d:ec:93:a0:62:d8:91:fd:0b:8b:a3:83:39:88:05:f7:f4:4c:37:30:14:1e:33:50:9e:44:b7:f7:7c:bb:53:e5:a4:b2:e2:18:e4:82:a6:10:7d:7c:4d:2a:93:ee:5b:91:57:bd:63:3b:fe:2d:d4:84:36:06:1a:8b:91:d0:15:2a:a4:aa:5a:80:49:3d:92:c5:20:23:57:82:20:be:6e:52:63:77:e1:fb:31:c5:6c:90:d5:57:ba:25:20:01:19:00:aa:b3:a9:a1:06:ff:67:e4:51:c3:02:94:37:aa:99:2a:d7:c2:4c:52:45:5c:31:41:54:b0:00:56:12:5b:c8:bb:b9:d9:b9:95:37:8a:b8:8a:2f:41:ca:f7:c4:6f:0e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:27.502797000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495387.502797000", + "frame.time_delta": "0.060224000", + "frame.time_delta_displayed": "0.060224000", + "frame.time_relative": "1796.042111000", + "frame.number": "7274", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dc7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037b8", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18066", + "tcp.ack": "85799", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cf05", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d5:48:00:27:6e:80", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812400968, TSecr 2584192": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812400968", + "tcp.options.timestamp.tsecr": "2584192" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7273", + "tcp.analysis.ack_rtt": "0.060224000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:27.503316000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495387.503316000", + "frame.time_delta": "0.000519000", + "frame.time_delta_displayed": "0.000519000", + "frame.time_relative": "1796.042630000", + "frame.number": "7275", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000096cf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007615", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "85799", + "tcp.nxtseq": "85954", + "tcp.ack": "18066", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004c32", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6e:86:a7:a1:d5:48", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2584198, TSecr 2812400968": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2584198", + "tcp.options.timestamp.tsecr": "2812400968" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:6c:1a:46:45:c9:ea:d1:4a:08:39:db:cf:68:75:06:b7:17:f1:a7:67:1e:a5:b7:03:72:02:82:03:4a:d5:f2:dc:2a:80:d3:dc:db:e8:95:73:af:6f:d5:44:5c:8b:9f:b9:08:bf:b0:6e:f1:5f:55:11:1f:8d:a6:6f:eb:d0:42:48:c9:17:fe:e0:4e:50:92:7d:54:63:8d:ee:cb:c7:ce:db:af:da:50:24:aa:14:c2:85:7d:99:d8:e8:1c:0c:3a:ac:bb:03:81:44:51:5c:56:86:a0:c5:eb:cb:e4:45:f9:40:01:5c:6d:c9:c7:bf:0e:c7:0f:df:f2:63:d3:c7:d2:38:81:02:7f:70:60:31:72:ea:7a:50:b8:78:c4:11:83" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:27.563458000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495387.563458000", + "frame.time_delta": "0.060142000", + "frame.time_delta_displayed": "0.060142000", + "frame.time_relative": "1796.102772000", + "frame.number": "7276", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dc8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037b7", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18066", + "tcp.ack": "85954", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ce55", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d5:57:00:27:6e:86", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812400983, TSecr 2584198": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812400983", + "tcp.options.timestamp.tsecr": "2584198" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7275", + "tcp.analysis.ack_rtt": "0.060142000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:28.217866000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495388.217866000", + "frame.time_delta": "0.654408000", + "frame.time_delta_displayed": "0.654408000", + "frame.time_relative": "1796.757180000", + "frame.number": "7277", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000096d0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007679", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "85954", + "tcp.nxtseq": "86008", + "tcp.ack": "18066", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008035", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6e:ce:a7:a1:d5:57", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2584270, TSecr 2812400983": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2584270", + "tcp.options.timestamp.tsecr": "2812400983" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:6d:29:d5:f3:e7:5b:13:b4:80:02:9f:31:b0:88:89:bf:f4:b6:f0:34:38:24:08:ba:03:00:a8:1e:52:60:a9:f3:eb:1c:77:e6:41:79:59:7f:e2:a7" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:28.278184000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495388.278184000", + "frame.time_delta": "0.060318000", + "frame.time_delta_displayed": "0.060318000", + "frame.time_relative": "1796.817498000", + "frame.number": "7278", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dc9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037b6", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18066", + "tcp.ack": "86008", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cd25", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d6:09:00:27:6e:ce", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812401161, TSecr 2584270": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812401161", + "tcp.options.timestamp.tsecr": "2584270" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7277", + "tcp.analysis.ack_rtt": "0.060318000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:28.348051000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495388.348051000", + "frame.time_delta": "0.069867000", + "frame.time_delta_displayed": "0.069867000", + "frame.time_relative": "1796.887365000", + "frame.number": "7279", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "94:10:3e:36:60:09", + "arp.src.proto_ipv4": "192.168.0.225", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:28.348479000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495388.348479000", + "frame.time_delta": "0.000428000", + "frame.time_delta_displayed": "0.000428000", + "frame.time_relative": "1796.887793000", + "frame.number": "7280", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "94:10:3e:36:60:09", + "arp.dst.proto_ipv4": "192.168.0.225" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:28.850702000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495388.850702000", + "frame.time_delta": "0.502223000", + "frame.time_delta_displayed": "0.502223000", + "frame.time_relative": "1797.390016000", + "frame.number": "7281", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:29.135750000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495389.135750000", + "frame.time_delta": "0.285048000", + "frame.time_delta_displayed": "0.285048000", + "frame.time_relative": "1797.675064000", + "frame.number": "7282", + "frame.len": "413", + "frame.cap_len": "413", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "399", + "ip.id": "0x000096d1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007553", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "347", + "tcp.seq": "86008", + "tcp.nxtseq": "86355", + "tcp.ack": "18066", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000066b8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6f:2a:a7:a1:d6:09", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2584362, TSecr 2812401161": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2584362", + "tcp.options.timestamp.tsecr": "2812401161" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "347", + "tcp.analysis.push_bytes_sent": "347" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "342", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:6e:00:7c:9f:65:9a:91:2a:73:5b:3c:15:01:24:aa:19:03:74:17:22:9c:90:4b:a2:5b:6f:88:a5:8c:29:7e:17:1b:41:a2:66:68:1a:a8:c2:13:cc:b1:47:61:f6:66:6e:0f:d2:fe:64:17:87:54:4b:69:ec:5a:6e:73:46:5c:9f:4b:25:98:b9:bc:dd:15:2d:5e:9a:95:7e:99:f5:e1:93:8b:0b:98:64:15:eb:1b:a8:b0:6f:91:1e:76:f8:e3:fa:c2:24:52:36:cc:98:2a:67:e3:dc:89:79:77:7f:8c:9a:44:4c:41:21:f9:09:67:45:59:4d:69:b1:10:77:20:43:12:73:6d:52:4b:17:92:10:1e:de:b8:d4:53:ab:46:dc:ef:d3:74:75:55:b2:2a:bc:b0:28:a5:15:cd:86:47:b2:b2:fe:a2:36:3f:c0:d7:8b:f9:86:e8:a5:80:09:80:89:20:0e:cf:eb:91:37:3d:a6:b6:b7:66:88:77:18:8f:a3:1d:34:6f:90:13:c8:a1:20:2b:46:12:fb:97:98:27:b8:68:12:98:8b:40:0e:de:a0:db:3b:93:4d:5a:db:82:09:ad:b0:72:9f:bf:c6:06:cd:c4:44:e8:b8:40:9c:ed:9e:3a:62:b4:d2:b0:82:8d:6e:5c:46:43:16:e0:99:1e:3a:a4:cb:d8:93:73:23:80:69:73:11:08:0a:8a:96:cd:17:df:58:79:4e:65:5f:77:b0:2a:4e:6d:74:a2:d2:dc:69:49:6c:e3:83:54:46:02:3b:7d:c4:46:5c:62:f3:34:1b:41:08:a9:a9:2c:aa:27:eb:c0:1c:2d:e3:8f:ee:7d:1e:ec:4a:c1:eb:65:bc:76:87:13:0a:9d:8f:d3:7f:f3" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:29.186586000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495389.186586000", + "frame.time_delta": "0.050836000", + "frame.time_delta_displayed": "0.050836000", + "frame.time_relative": "1797.725900000", + "frame.number": "7283", + "frame.len": "147", + "frame.cap_len": "147", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "133", + "ip.id": "0x00002dca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003764", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "81", + "tcp.seq": "18066", + "tcp.nxtseq": "18147", + "tcp.ack": "86008", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000eb3d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d6:ed:00:27:6e:ce", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812401389, TSecr 2584270": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812401389", + "tcp.options.timestamp.tsecr": "2584270" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "81", + "tcp.analysis.push_bytes_sent": "81" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "76", + "ssl.app_data": "34:cd:34:17:47:48:0e:c8:e0:17:d7:1b:cb:33:8d:18:63:18:b3:10:9b:88:90:a8:67:05:01:93:82:48:1a:cb:09:50:b5:ca:39:88:8d:1d:4d:67:b4:9b:9c:d8:ee:f1:48:30:18:ba:7d:8f:b8:8a:6f:42:c6:db:c8:35:86:3f:e7:b8:48:1d:30:b1:d9:11:ea:cc:3d:73" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:29.195964000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495389.195964000", + "frame.time_delta": "0.009378000", + "frame.time_delta_displayed": "0.009378000", + "frame.time_relative": "1797.735278000", + "frame.number": "7284", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dcb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037b4", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18147", + "tcp.ack": "86355", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ca37", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d6:ef:00:27:6f:2a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812401391, TSecr 2584362": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812401391", + "tcp.options.timestamp.tsecr": "2584362" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7282", + "tcp.analysis.ack_rtt": "0.060214000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:29.196396000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495389.196396000", + "frame.time_delta": "0.000432000", + "frame.time_delta_displayed": "0.000432000", + "frame.time_relative": "1797.735710000", + "frame.number": "7285", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x000096d2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000767e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "86355", + "tcp.nxtseq": "86402", + "tcp.ack": "18147", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a186", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6f:30:a7:a1:d6:ed", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2584368, TSecr 2812401389": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2584368", + "tcp.options.timestamp.tsecr": "2812401389" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7283", + "tcp.analysis.ack_rtt": "0.009810000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:6f:80:7b:2b:7d:b7:2b:dc:5d:b4:bb:90:88:9d:f0:fd:34:42:c4:7d:56:dd:23:a3:66:2e:20:0e:61:6f:e8:c4:7e:94:3e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:29.201712000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495389.201712000", + "frame.time_delta": "0.005316000", + "frame.time_delta_displayed": "0.005316000", + "frame.time_relative": "1797.741026000", + "frame.number": "7286", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "144", + "ip.id": "0x0000e33a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e68c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "10024", + "udp.dstport": "1900", + "udp.port": "10024", + "udp.port": "1900", + "udp.length": "124", + "udp.checksum": "0x000071e6", + "udp.checksum.status": "2", + "udp.stream": "89" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "MX: 4\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST:239.255.255.250:1900\r\n", + "http.request.line": "ST: urn:Belkin:device:lightswitch:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "8", + "http.prev_request_in": "7236" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:29.206824000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495389.206824000", + "frame.time_delta": "0.005112000", + "frame.time_delta_displayed": "0.005112000", + "frame.time_relative": "1797.746138000", + "frame.number": "7287", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002dcc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003784", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "18147", + "tcp.nxtseq": "18194", + "tcp.ack": "86355", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001a15", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d6:f2:00:27:6f:2a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812401394, TSecr 2584362": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812401394", + "tcp.options.timestamp.tsecr": "2584362" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:c9:73:83:6e:3a:a2:82:b9:2b:ec:3c:44:35:90:6d:d3:0c:63:f2:c0:75:52:e6:be:23:45:fc:7b:2f:05:40:e0:6d:78:d1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:29.243716000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495389.243716000", + "frame.time_delta": "0.036892000", + "frame.time_delta_displayed": "0.036892000", + "frame.time_relative": "1797.783030000", + "frame.number": "7288", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000096d3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "86402", + "tcp.ack": "18194", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c8dc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6f:35:a7:a1:d6:f2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2584373, TSecr 2812401394": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2584373", + "tcp.options.timestamp.tsecr": "2812401394" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7287", + "tcp.analysis.ack_rtt": "0.036892000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:29.294263000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495389.294263000", + "frame.time_delta": "0.050547000", + "frame.time_delta_displayed": "0.050547000", + "frame.time_relative": "1797.833577000", + "frame.number": "7289", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dcd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037b2", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18194", + "tcp.ack": "86402", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c9ba", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d7:08:00:27:6f:30", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812401416, TSecr 2584368": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812401416", + "tcp.options.timestamp.tsecr": "2584368" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7285", + "tcp.analysis.ack_rtt": "0.097867000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:29.294732000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495389.294732000", + "frame.time_delta": "0.000469000", + "frame.time_delta_displayed": "0.000469000", + "frame.time_relative": "1797.834046000", + "frame.number": "7290", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "160", + "ip.id": "0x000096d4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000763f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "108", + "tcp.seq": "86402", + "tcp.nxtseq": "86510", + "tcp.ack": "18194", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000960f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6f:3a:a7:a1:d7:08", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2584378, TSecr 2812401416": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2584378", + "tcp.options.timestamp.tsecr": "2812401416" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "108", + "tcp.analysis.push_bytes_sent": "108" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:70:74:b7:70:62:8f:94:ff:9c:33:59:97:15:5d:86:38:61:43:68:ec:9f:7d:8d:76:f6:f7:38:ea:9e:bf:4a:3e:7d:3c:45:fc:bb:82:31:c7:fc:70" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:71:8f:f6:2b:fc:b2:9e:1c:7e:0a:09:25:42:73:a7:ed:6f:c9:15:9a:a0:bf:aa:38:c1:56:c2:5a:f4:7f:4c:dc:7d:65:30:cd:23:26:e6:2a:f5:26" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:29.354821000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495389.354821000", + "frame.time_delta": "0.060089000", + "frame.time_delta_displayed": "0.060089000", + "frame.time_relative": "1797.894135000", + "frame.number": "7291", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037b1", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18194", + "tcp.ack": "86510", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c935", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d7:17:00:27:6f:3a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812401431, TSecr 2584378": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812401431", + "tcp.options.timestamp.tsecr": "2584378" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7290", + "tcp.analysis.ack_rtt": "0.060089000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:29.355318000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495389.355318000", + "frame.time_delta": "0.000497000", + "frame.time_delta_displayed": "0.000497000", + "frame.time_relative": "1797.894632000", + "frame.number": "7292", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000096d5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007612", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "86510", + "tcp.nxtseq": "86662", + "tcp.ack": "18194", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007e02", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6f:40:a7:a1:d7:17", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2584384, TSecr 2812401431": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2584384", + "tcp.options.timestamp.tsecr": "2812401431" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:72:41:fd:ab:c6:48:cb:44:4d:ec:cd:fb:cf:67:17:5a:67:5b:49:36:04:39:9f:db:2d:fc:5f:5e:d5:f4:fa:13:59:83:51:63:fd:a4:bc:9d:1b:bb:5c:0d:e6:be:4e:76:f5:29:d3:37:84:f6:cb:4c:3a:1c:a7:ca:a8:7d:31:76:7d:cd:c2:79:28:45:06:bf:ac:08:8e:e0:3e:3a:92:14:4b:74:e0:3d:62:05:06:8f:78:27:04:5b:e6:5c:07:7c:af:70:2d:87:cf:33:ca:ae:00:22:dd:f5:83:f3:83:5f:e6:0b:a6:d2:64:38:da:20:11:f4:ec:3d:08:18:82:6c:3d:e2:bb:81:57:88:72:68:08:57:4e:a2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:29.415543000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495389.415543000", + "frame.time_delta": "0.060225000", + "frame.time_delta_displayed": "0.060225000", + "frame.time_relative": "1797.954857000", + "frame.number": "7293", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dcf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037b0", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18194", + "tcp.ack": "86662", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c888", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d7:26:00:27:6f:40", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812401446, TSecr 2584384": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812401446", + "tcp.options.timestamp.tsecr": "2584384" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7292", + "tcp.analysis.ack_rtt": "0.060225000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:29.415972000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495389.415972000", + "frame.time_delta": "0.000429000", + "frame.time_delta_displayed": "0.000429000", + "frame.time_relative": "1797.955286000", + "frame.number": "7294", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000096d6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007608", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "86662", + "tcp.nxtseq": "86823", + "tcp.ack": "18194", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000397e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6f:46:a7:a1:d7:26", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2584390, TSecr 2812401446": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2584390", + "tcp.options.timestamp.tsecr": "2812401446" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:73:64:8a:1b:fe:14:60:e2:ae:28:74:2b:d5:35:3c:af:ce:a7:6c:48:6a:29:6e:53:1a:a2:60:07:13:47:17:b5:af:5d:48:36:13:94:50:b8:91:46:43:c2:99:f5:ab:4a:fa:d6:fa:18:71:fa:3f:08:64:04:fa:39:7c:2e:c6:1d:ac:3b:17:22:99:28:a6:62:0c:3d:6d:66:e4:05:16:05:51:63:05:08:5e:62:65:9c:61:dd:c5:e7:ff:f8:23:eb:28:73:c8:60:7d:31:86:88:e4:3e:f8:3b:a2:e8:ac:63:2d:02:8c:7f:15:85:31:20:e4:17:2e:e2:09:d8:1e:0a:ff:2b:d5:84:ec:10:64:48:3c:a2:05:4d:61:be:84:5b:a8:e7:9e:e2:48" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:29.476085000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495389.476085000", + "frame.time_delta": "0.060113000", + "frame.time_delta_displayed": "0.060113000", + "frame.time_relative": "1798.015399000", + "frame.number": "7295", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dd0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037af", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18194", + "tcp.ack": "86823", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c7d2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d7:35:00:27:6f:46", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812401461, TSecr 2584390": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812401461", + "tcp.options.timestamp.tsecr": "2584390" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7294", + "tcp.analysis.ack_rtt": "0.060113000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:29.476528000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495389.476528000", + "frame.time_delta": "0.000443000", + "frame.time_delta_displayed": "0.000443000", + "frame.time_relative": "1798.015842000", + "frame.number": "7296", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000096d7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000760d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "86823", + "tcp.nxtseq": "86978", + "tcp.ack": "18194", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b585", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6f:4c:a7:a1:d7:35", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2584396, TSecr 2812401461": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2584396", + "tcp.options.timestamp.tsecr": "2812401461" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:74:66:ab:66:9c:e6:0d:63:ce:63:ef:a1:0d:4c:41:ef:de:c0:49:92:49:3b:9e:38:31:85:22:85:4a:0c:11:fa:a8:5c:88:fc:79:20:aa:88:ec:b7:10:67:6e:5c:90:f2:da:b7:ff:37:6a:34:aa:e5:ae:97:33:b4:1a:08:46:a6:cf:bc:ed:7a:58:ae:ec:36:2d:b6:5b:a2:b8:91:98:99:4e:32:44:1a:4b:0e:25:e2:ef:f6:d5:24:36:92:13:d2:9f:38:3f:e4:66:39:4a:17:09:d0:de:e9:21:18:df:6d:ce:0b:90:56:58:a3:bc:43:8d:06:83:42:f0:f8:a0:92:2c:f1:af:6c:d2:50:5f:28:19:41:b4:07:af:a5:82" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:29.536642000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495389.536642000", + "frame.time_delta": "0.060114000", + "frame.time_delta_displayed": "0.060114000", + "frame.time_relative": "1798.075956000", + "frame.number": "7297", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dd1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037ae", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18194", + "tcp.ack": "86978", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c722", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d7:44:00:27:6f:4c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812401476, TSecr 2584396": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812401476", + "tcp.options.timestamp.tsecr": "2584396" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7296", + "tcp.analysis.ack_rtt": "0.060114000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:30.381928000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495390.381928000", + "frame.time_delta": "0.845286000", + "frame.time_delta_displayed": "0.845286000", + "frame.time_relative": "1798.921242000", + "frame.number": "7298", + "frame.len": "218", + "frame.cap_len": "218", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "204", + "ip.id": "0x000096d8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000760f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "152", + "tcp.seq": "86978", + "tcp.nxtseq": "87130", + "tcp.ack": "18194", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009541", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6f:a6:a7:a1:d7:44", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2584486, TSecr 2812401476": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2584486", + "tcp.options.timestamp.tsecr": "2812401476" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "152", + "tcp.analysis.push_bytes_sent": "152" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "147", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:75:ca:f4:c9:48:42:4a:0d:04:10:6e:36:ea:8d:23:8e:e6:d5:03:0d:71:df:17:77:a6:49:b4:e4:70:4a:6f:91:53:43:c6:9e:02:1d:f7:a4:f3:d0:d7:f2:0e:2f:43:e8:5f:88:59:93:60:78:48:7c:58:70:b1:f7:a7:01:87:bf:e0:e4:ab:40:22:a4:11:1d:fd:5d:58:a0:8d:c1:48:c5:24:a6:da:b8:e3:fc:0e:f6:e4:8a:31:cb:6b:19:a9:78:87:8f:b6:be:f3:6b:6e:47:b2:2d:6c:24:83:93:49:2e:7c:81:bc:51:45:75:36:a1:43:ad:e0:b7:66:63:e7:f3:63:52:70:86:98:21:00:ce:11:8b:93:de" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:30.442154000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495390.442154000", + "frame.time_delta": "0.060226000", + "frame.time_delta_displayed": "0.060226000", + "frame.time_relative": "1798.981468000", + "frame.number": "7299", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dd2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037ad", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18194", + "tcp.ack": "87130", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c54e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d8:26:00:27:6f:a6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812401702, TSecr 2584486": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812401702", + "tcp.options.timestamp.tsecr": "2584486" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7298", + "tcp.analysis.ack_rtt": "0.060226000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:30.442641000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495390.442641000", + "frame.time_delta": "0.000487000", + "frame.time_delta_displayed": "0.000487000", + "frame.time_relative": "1798.981955000", + "frame.number": "7300", + "frame.len": "227", + "frame.cap_len": "227", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "213", + "ip.id": "0x000096d9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007605", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "161", + "tcp.seq": "87130", + "tcp.nxtseq": "87291", + "tcp.ack": "18194", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007a76", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6f:ac:a7:a1:d8:26", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2584492, TSecr 2812401702": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2584492", + "tcp.options.timestamp.tsecr": "2812401702" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "161", + "tcp.analysis.push_bytes_sent": "161" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "156", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:76:f7:36:eb:09:fe:52:58:e6:7c:ee:b4:73:71:7b:2b:5d:c6:e1:6d:e0:87:54:f1:e2:7a:d0:bd:23:f3:f9:49:08:4a:ce:dc:4d:87:e1:9b:2b:99:88:cb:41:c4:f9:44:ec:c0:c2:73:f3:46:b2:f6:ad:99:a2:e2:d3:b1:d8:36:d0:69:80:08:12:e4:f7:d9:61:06:d9:e0:19:56:8b:6d:19:b8:70:aa:40:f4:27:f0:80:85:d2:81:0b:93:1e:72:fd:d0:36:9a:d1:85:1b:e3:ba:a5:61:5d:61:04:b8:d1:10:9e:8c:bc:7e:f4:bc:ac:98:03:58:88:4f:67:70:6c:99:40:48:5b:14:2d:47:1d:2e:67:b8:f1:61:a7:30:b8:a5:fc:ff:8a:94" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:30.502796000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495390.502796000", + "frame.time_delta": "0.060155000", + "frame.time_delta_displayed": "0.060155000", + "frame.time_relative": "1799.042110000", + "frame.number": "7301", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dd3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037ac", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18194", + "tcp.ack": "87291", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c497", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d8:36:00:27:6f:ac", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812401718, TSecr 2584492": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812401718", + "tcp.options.timestamp.tsecr": "2584492" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7300", + "tcp.analysis.ack_rtt": "0.060155000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:30.503278000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495390.503278000", + "frame.time_delta": "0.000482000", + "frame.time_delta_displayed": "0.000482000", + "frame.time_relative": "1799.042592000", + "frame.number": "7302", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x000096da", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000760a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "155", + "tcp.seq": "87291", + "tcp.nxtseq": "87446", + "tcp.ack": "18194", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b2e7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6f:b2:a7:a1:d8:36", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2584498, TSecr 2812401718": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2584498", + "tcp.options.timestamp.tsecr": "2812401718" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "155", + "tcp.analysis.push_bytes_sent": "155" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "150", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:77:65:8e:17:9c:30:54:95:1d:5f:a7:ce:4a:8a:56:55:e7:fc:22:df:22:b3:f3:51:72:76:c4:ba:b0:bd:ba:1f:e9:4f:84:56:8e:aa:52:d9:48:08:11:24:0c:07:1d:e2:8d:69:53:5c:3a:88:1a:44:1b:27:1d:80:06:9f:8d:70:04:9e:9e:a9:e4:d8:07:34:6d:8f:63:54:28:5d:d7:fd:2a:d6:89:4b:82:3c:88:2e:98:b2:b7:dd:67:5a:5b:22:48:f3:06:e9:5b:cb:a1:12:4f:43:fa:60:bd:64:5c:01:5a:e9:8c:33:06:52:30:74:03:8c:ab:3b:9c:45:26:2b:82:84:dc:7a:ed:6a:c3:74:ee:c8:45:01:c0:76:3b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:30.563485000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495390.563485000", + "frame.time_delta": "0.060207000", + "frame.time_delta_displayed": "0.060207000", + "frame.time_relative": "1799.102799000", + "frame.number": "7303", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dd4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037ab", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18194", + "tcp.ack": "87446", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c3e7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d8:45:00:27:6f:b2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812401733, TSecr 2584498": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812401733", + "tcp.options.timestamp.tsecr": "2584498" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7302", + "tcp.analysis.ack_rtt": "0.060207000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:31.224631000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495391.224631000", + "frame.time_delta": "0.661146000", + "frame.time_delta_displayed": "0.661146000", + "frame.time_relative": "1799.763945000", + "frame.number": "7304", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000096db", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000766e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "87446", + "tcp.nxtseq": "87500", + "tcp.ack": "18194", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000297f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:6f:fb:a7:a1:d8:45", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2584571, TSecr 2812401733": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2584571", + "tcp.options.timestamp.tsecr": "2812401733" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:78:4e:db:de:b8:45:3c:3f:df:d7:30:e3:bb:14:27:4e:10:a5:d9:e3:06:86:b3:eb:d5:f0:10:02:16:6f:2d:e8:3c:c9:9f:c1:03:49:04:42:a2:a6" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:31.284741000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495391.284741000", + "frame.time_delta": "0.060110000", + "frame.time_delta_displayed": "0.060110000", + "frame.time_relative": "1799.824055000", + "frame.number": "7305", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dd5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037aa", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18194", + "tcp.ack": "87500", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c2b4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:d8:f9:00:27:6f:fb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812401913, TSecr 2584571": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812401913", + "tcp.options.timestamp.tsecr": "2584571" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7304", + "tcp.analysis.ack_rtt": "0.060110000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.178691000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.178691000", + "frame.time_delta": "2.893950000", + "frame.time_delta_displayed": "2.893950000", + "frame.time_relative": "1802.718005000", + "frame.number": "7306", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005821", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a670", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5117", + "tcp.ack": "649", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f03a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.223258000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.223258000", + "frame.time_delta": "0.044567000", + "frame.time_delta_displayed": "0.044567000", + "frame.time_relative": "1802.762572000", + "frame.number": "7307", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000096dc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000766d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "87500", + "tcp.nxtseq": "87554", + "tcp.ack": "18194", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000004e3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:71:26:a7:a1:d8:f9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2584870, TSecr 2812401913": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2584870", + "tcp.options.timestamp.tsecr": "2812401913" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:79:da:0b:9c:3e:bb:7c:31:8a:16:26:7a:72:9c:fd:97:b9:ed:25:60:66:9b:7e:65:bd:8a:e3:5d:fc:3c:ba:28:14:3a:77:fe:1e:71:51:6c:3b:7d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.283310000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.283310000", + "frame.time_delta": "0.060052000", + "frame.time_delta_displayed": "0.060052000", + "frame.time_relative": "1802.822624000", + "frame.number": "7308", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dd6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037a9", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18194", + "tcp.ack": "87554", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000be65", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:db:e7:00:27:71:26", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812402663, TSecr 2584870": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812402663", + "tcp.options.timestamp.tsecr": "2584870" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7307", + "tcp.analysis.ack_rtt": "0.060052000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.322576000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.322576000", + "frame.time_delta": "0.039266000", + "frame.time_delta_displayed": "0.039266000", + "frame.time_relative": "1802.861890000", + "frame.number": "7309", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001006", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd8b", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "649", + "tcp.ack": "5118", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000faaf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.420297000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.420297000", + "frame.time_delta": "0.097721000", + "frame.time_delta_displayed": "0.097721000", + "frame.time_relative": "1802.959611000", + "frame.number": "7310", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x000047c8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000818f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.472933000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.472933000", + "frame.time_delta": "0.052636000", + "frame.time_delta_displayed": "0.052636000", + "frame.time_relative": "1803.012247000", + "frame.number": "7311", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x000047cc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000818b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.525766000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.525766000", + "frame.time_delta": "0.052833000", + "frame.time_delta_displayed": "0.052833000", + "frame.time_relative": "1803.065080000", + "frame.number": "7312", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x000047cd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008181", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.578937000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.578937000", + "frame.time_delta": "0.053171000", + "frame.time_delta_displayed": "0.053171000", + "frame.time_relative": "1803.118251000", + "frame.number": "7313", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x000047cf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000817f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.619492000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.619492000", + "frame.time_delta": "0.040555000", + "frame.time_delta_displayed": "0.040555000", + "frame.time_relative": "1803.158806000", + "frame.number": "7314", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000fd0f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bb65", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47627", + "tcp.dstport": "80", + "tcp.port": "47627", + "tcp.port": "80", + "tcp.stream": "290", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x00001f7c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:92:c4:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 955076, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "955076", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.620052000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.620052000", + "frame.time_delta": "0.000560000", + "frame.time_delta_displayed": "0.000560000", + "frame.time_relative": "1803.159366000", + "frame.number": "7315", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47627", + "tcp.port": "80", + "tcp.port": "47627", + "tcp.stream": "290", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000b20e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7314", + "tcp.analysis.ack_rtt": "0.000560000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.628766000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.628766000", + "frame.time_delta": "0.008714000", + "frame.time_delta_displayed": "0.008714000", + "frame.time_relative": "1803.168080000", + "frame.number": "7316", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fd10", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bb78", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47627", + "tcp.dstport": "80", + "tcp.port": "47627", + "tcp.port": "80", + "tcp.stream": "290", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006396", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7315", + "tcp.analysis.ack_rtt": "0.008714000", + "tcp.analysis.initial_rtt": "0.009274000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.629635000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.629635000", + "frame.time_delta": "0.000869000", + "frame.time_delta_displayed": "0.000869000", + "frame.time_relative": "1803.168949000", + "frame.number": "7317", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000fd11", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bab7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47627", + "tcp.dstport": "80", + "tcp.port": "47627", + "tcp.port": "80", + "tcp.stream": "290", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c310", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.009274000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.630244000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.630244000", + "frame.time_delta": "0.000609000", + "frame.time_delta_displayed": "0.000609000", + "frame.time_relative": "1803.169558000", + "frame.number": "7318", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009e14", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001a75", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47627", + "tcp.port": "80", + "tcp.port": "47627", + "tcp.stream": "290", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005565", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7317", + "tcp.analysis.ack_rtt": "0.000609000", + "tcp.analysis.initial_rtt": "0.009274000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.630837000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.630837000", + "frame.time_delta": "0.000593000", + "frame.time_delta_displayed": "0.000593000", + "frame.time_relative": "1803.170151000", + "frame.number": "7319", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00009e15", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001a63", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47627", + "tcp.port": "80", + "tcp.port": "47627", + "tcp.stream": "290", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009586", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.009274000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.631222000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.631222000", + "frame.time_delta": "0.000385000", + "frame.time_delta_displayed": "0.000385000", + "frame.time_relative": "1803.170536000", + "frame.number": "7320", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00009e16", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001690", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47627", + "tcp.port": "80", + "tcp.port": "47627", + "tcp.stream": "290", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e7ef", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.009274000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7319", + "tcp.segment": "7320", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001587000", + "http.request_in": "7317", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.631847000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.631847000", + "frame.time_delta": "0.000625000", + "frame.time_delta_displayed": "0.000625000", + "frame.time_relative": "1803.171161000", + "frame.number": "7321", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x000047d2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00008182", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.635507000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.635507000", + "frame.time_delta": "0.003660000", + "frame.time_delta_displayed": "0.003660000", + "frame.time_relative": "1803.174821000", + "frame.number": "7322", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fd12", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bb76", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47627", + "tcp.dstport": "80", + "tcp.port": "47627", + "tcp.port": "80", + "tcp.stream": "290", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000062c5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7319", + "tcp.analysis.ack_rtt": "0.004670000", + "tcp.analysis.initial_rtt": "0.009274000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.684762000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.684762000", + "frame.time_delta": "0.049255000", + "frame.time_delta_displayed": "0.049255000", + "frame.time_relative": "1803.224076000", + "frame.number": "7323", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x000047d5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000817f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.805675000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.805675000", + "frame.time_delta": "0.120913000", + "frame.time_delta_displayed": "0.120913000", + "frame.time_relative": "1803.344989000", + "frame.number": "7324", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fd13", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bb75", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47627", + "tcp.dstport": "80", + "tcp.port": "47627", + "tcp.port": "80", + "tcp.stream": "290", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005eda", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7320", + "tcp.analysis.ack_rtt": "0.174453000", + "tcp.analysis.initial_rtt": "0.009274000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.806457000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.806457000", + "frame.time_delta": "0.000782000", + "frame.time_delta_displayed": "0.000782000", + "frame.time_relative": "1803.345771000", + "frame.number": "7325", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fd14", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bb74", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47627", + "tcp.dstport": "80", + "tcp.port": "47627", + "tcp.port": "80", + "tcp.stream": "290", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005ed9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.806920000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.806920000", + "frame.time_delta": "0.000463000", + "frame.time_delta_displayed": "0.000463000", + "frame.time_relative": "1803.346234000", + "frame.number": "7326", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b54", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009d35", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47627", + "tcp.port": "80", + "tcp.port": "47627", + "tcp.stream": "290", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000516f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7325", + "tcp.analysis.ack_rtt": "0.000463000", + "tcp.analysis.initial_rtt": "0.009274000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.811125000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.811125000", + "frame.time_delta": "0.004205000", + "frame.time_delta_displayed": "0.004205000", + "frame.time_relative": "1803.350439000", + "frame.number": "7327", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002eee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000899b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47627", + "tcp.dstport": "80", + "tcp.port": "47627", + "tcp.port": "80", + "tcp.stream": "290", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000196e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.817036000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.817036000", + "frame.time_delta": "0.005911000", + "frame.time_delta_displayed": "0.005911000", + "frame.time_relative": "1803.356350000", + "frame.number": "7328", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000d962", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000df12", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47628", + "tcp.dstport": "80", + "tcp.port": "47628", + "tcp.port": "80", + "tcp.stream": "291", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "65535", + "tcp.window_size": "65535", + "tcp.checksum": "0x0000f465", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:92:d8:00:00:00:00:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 955096, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "955096", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.817551000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.817551000", + "frame.time_delta": "0.000515000", + "frame.time_delta_displayed": "0.000515000", + "frame.time_relative": "1803.356865000", + "frame.number": "7329", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47628", + "tcp.port": "80", + "tcp.port": "47628", + "tcp.stream": "291", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00000eeb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7328", + "tcp.analysis.ack_rtt": "0.000515000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.821162000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.821162000", + "frame.time_delta": "0.003611000", + "frame.time_delta_displayed": "0.003611000", + "frame.time_relative": "1803.360476000", + "frame.number": "7330", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d963", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000df25", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47628", + "tcp.dstport": "80", + "tcp.port": "47628", + "tcp.port": "80", + "tcp.stream": "291", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c072", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7329", + "tcp.analysis.ack_rtt": "0.003611000", + "tcp.analysis.initial_rtt": "0.004126000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.821569000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.821569000", + "frame.time_delta": "0.000407000", + "frame.time_delta_displayed": "0.000407000", + "frame.time_relative": "1803.360883000", + "frame.number": "7331", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000d964", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000de64", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47628", + "tcp.dstport": "80", + "tcp.port": "47628", + "tcp.port": "80", + "tcp.stream": "291", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001fed", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004126000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160:80", + "http.request.line": "HOST: 192.168.0.160:80\r\n", + "http.accept_language": "en-us", + "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", + "http.connection": "Keep-Alive", + "http.request.line": "Connection: Keep-Alive\r\n", + "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", + "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.request.line": "Content-Length: 0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.822062000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.822062000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "1803.361376000", + "frame.number": "7332", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000010b1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a7d8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47628", + "tcp.port": "80", + "tcp.port": "47628", + "tcp.stream": "291", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b241", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7331", + "tcp.analysis.ack_rtt": "0.000493000", + "tcp.analysis.initial_rtt": "0.004126000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.822706000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.822706000", + "frame.time_delta": "0.000644000", + "frame.time_delta_displayed": "0.000644000", + "frame.time_relative": "1803.362020000", + "frame.number": "7333", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000010b2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a7c6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47628", + "tcp.port": "80", + "tcp.port": "47628", + "tcp.stream": "291", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f262", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004126000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.823074000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.823074000", + "frame.time_delta": "0.000368000", + "frame.time_delta_displayed": "0.000368000", + "frame.time_relative": "1803.362388000", + "frame.number": "7334", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000010b3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a3f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47628", + "tcp.port": "80", + "tcp.port": "47628", + "tcp.stream": "291", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000044cc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004126000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7333", + "tcp.segment": "7334", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001505000", + "http.request_in": "7331", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.829414000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.829414000", + "frame.time_delta": "0.006340000", + "frame.time_delta_displayed": "0.006340000", + "frame.time_relative": "1803.368728000", + "frame.number": "7335", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d965", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000df23", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47628", + "tcp.dstport": "80", + "tcp.port": "47628", + "tcp.port": "80", + "tcp.stream": "291", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "18", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "343", + "tcp.window_size": "87808", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bfa1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7333", + "tcp.analysis.ack_rtt": "0.006708000", + "tcp.analysis.initial_rtt": "0.004126000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.829542000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.829542000", + "frame.time_delta": "0.000128000", + "frame.time_delta_displayed": "0.000128000", + "frame.time_relative": "1803.368856000", + "frame.number": "7336", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d966", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000df22", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47628", + "tcp.dstport": "80", + "tcp.port": "47628", + "tcp.port": "80", + "tcp.stream": "291", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bbb6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7334", + "tcp.analysis.ack_rtt": "0.006468000", + "tcp.analysis.initial_rtt": "0.004126000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.830028000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.830028000", + "frame.time_delta": "0.000486000", + "frame.time_delta_displayed": "0.000486000", + "frame.time_relative": "1803.369342000", + "frame.number": "7337", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d967", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000df21", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47628", + "tcp.dstport": "80", + "tcp.port": "47628", + "tcp.port": "80", + "tcp.stream": "291", + "tcp.len": "0", + "tcp.seq": "193", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "350", + "tcp.window_size": "89600", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bbb5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.830462000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.830462000", + "frame.time_delta": "0.000434000", + "frame.time_delta_displayed": "0.000434000", + "frame.time_relative": "1803.369776000", + "frame.number": "7338", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:f1:89:96:45:f6", + "eth.dst_tree": { + "eth.dst_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001b56", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009d33", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.dst_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "47628", + "tcp.port": "80", + "tcp.port": "47628", + "tcp.stream": "291", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "194", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ae4b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7337", + "tcp.analysis.ack_rtt": "0.000434000", + "tcp.analysis.initial_rtt": "0.004126000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:34.833805000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495394.833805000", + "frame.time_delta": "0.003343000", + "frame.time_delta_displayed": "0.003343000", + "frame.time_relative": "1803.373119000", + "frame.number": "7339", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002ef0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008999", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "47628", + "tcp.dstport": "80", + "tcp.port": "47628", + "tcp.port": "80", + "tcp.stream": "291", + "tcp.len": "0", + "tcp.seq": "194", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ee6b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:35.175008000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495395.175008000", + "frame.time_delta": "0.341203000", + "frame.time_delta_displayed": "0.341203000", + "frame.time_relative": "1803.714322000", + "frame.number": "7340", + "frame.len": "103", + "frame.cap_len": "103", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "89", + "ip.id": "0x00005d96", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007c03", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "69", + "udp.checksum": "0x00000f59", + "udp.checksum.status": "2", + "udp.stream": "38" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", + "dns.qry.name.len": "37", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:36.717604000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495396.717604000", + "frame.time_delta": "1.542596000", + "frame.time_delta_displayed": "1.542596000", + "frame.time_relative": "1805.256918000", + "frame.number": "7341", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005e59", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005990", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:38.061467000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495398.061467000", + "frame.time_delta": "1.343863000", + "frame.time_delta_displayed": "1.343863000", + "frame.time_relative": "1806.600781000", + "frame.number": "7342", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:39.330257000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495399.330257000", + "frame.time_delta": "1.268790000", + "frame.time_delta_displayed": "1.268790000", + "frame.time_relative": "1807.869571000", + "frame.number": "7343", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:39.330655000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495399.330655000", + "frame.time_delta": "0.000398000", + "frame.time_delta_displayed": "0.000398000", + "frame.time_relative": "1807.869969000", + "frame.number": "7344", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:40.200407000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495400.200407000", + "frame.time_delta": "0.869752000", + "frame.time_delta_displayed": "0.869752000", + "frame.time_relative": "1808.739721000", + "frame.number": "7345", + "frame.len": "80", + "frame.cap_len": "80", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "66", + "ip.id": "0x00000b9c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed26", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "46", + "udp.checksum": "0x00009146", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "26:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:c4:ea:e2:71:11:ce:f2:14:6f:00:00:00:92:0c", + "data.len": "38" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:47.671970000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495407.671970000", + "frame.time_delta": "7.471563000", + "frame.time_delta_displayed": "7.471563000", + "frame.time_relative": "1816.211284000", + "frame.number": "7346", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fb1", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b83f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000116d", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000288", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=648", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:47.672513000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495407.672513000", + "frame.time_delta": "0.000543000", + "frame.time_delta_displayed": "0.000543000", + "frame.time_relative": "1816.211827000", + "frame.number": "7347", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fb2", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000993a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f268", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000288", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=648", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:47.673125000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495407.673125000", + "frame.time_delta": "0.000612000", + "frame.time_delta_displayed": "0.000612000", + "frame.time_relative": "1816.212439000", + "frame.number": "7348", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000802e", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000288", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=648", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:52.672276000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495412.672276000", + "frame.time_delta": "4.999151000", + "frame.time_delta_displayed": "4.999151000", + "frame.time_relative": "1821.211590000", + "frame.number": "7349", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fb3", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b83d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000116d", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000288", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=648", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:52.672803000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495412.672803000", + "frame.time_delta": "0.000527000", + "frame.time_delta_displayed": "0.000527000", + "frame.time_relative": "1821.212117000", + "frame.number": "7350", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fb4", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009938", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f268", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000288", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=648", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:52.673424000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495412.673424000", + "frame.time_delta": "0.000621000", + "frame.time_delta_displayed": "0.000621000", + "frame.time_relative": "1821.212738000", + "frame.number": "7351", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000802e", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000288", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=648", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:55.176508000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495415.176508000", + "frame.time_delta": "2.503084000", + "frame.time_delta_displayed": "2.503084000", + "frame.time_relative": "1823.715822000", + "frame.number": "7352", + "frame.len": "103", + "frame.cap_len": "103", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "89", + "ip.id": "0x00006138", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007861", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "5353", + "udp.dstport": "5353", + "udp.port": "5353", + "udp.port": "5353", + "udp.length": "69", + "udp.checksum": "0x00000f59", + "udp.checksum.status": "2", + "udp.stream": "38" + }, + "mdns": { + "dns.id": "0x00000003", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", + "dns.qry.name.len": "37", + "dns.count.labels": "5", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + }, + "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { + "dns.qry.name": "_googlecast._tcp.local", + "dns.qry.name.len": "22", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:57.009066000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495417.009066000", + "frame.time_delta": "1.832558000", + "frame.time_delta_displayed": "1.832558000", + "frame.time_relative": "1825.548380000", + "frame.number": "7353", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000eb03", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 239.255.255.250 Change To Include Mode": { + "igmp.record_type": "3", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "239.255.255.250" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:57.009195000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495417.009195000", + "frame.time_delta": "0.000129000", + "frame.time_delta_displayed": "0.000129000", + "frame.time_relative": "1825.548509000", + "frame.number": "7354", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x00000707", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "2", + "Group Record : 224.0.0.251 Change To Include Mode": { + "igmp.record_type": "3", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + }, + "Group Record : 239.255.255.250 Change To Include Mode": { + "igmp.record_type": "3", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "239.255.255.250" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:57.667206000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495417.667206000", + "frame.time_delta": "0.658011000", + "frame.time_delta_displayed": "0.658011000", + "frame.time_relative": "1826.206520000", + "frame.number": "7355", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x000079b8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003ea9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57862", + "udp.dstport": "53", + "udp.port": "57862", + "udp.port": "53", + "udp.length": "52", + "udp.checksum": "0x0000453d", + "udp.checksum.status": "2", + "udp.stream": "137" + }, + "dns": { + "dns.id": "0x0000ef57", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type A, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:57.667222000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495417.667222000", + "frame.time_delta": "0.000016000", + "frame.time_delta_displayed": "0.000016000", + "frame.time_relative": "1826.206536000", + "frame.number": "7356", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x000079b9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003ea8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57862", + "udp.dstport": "53", + "udp.port": "57862", + "udp.port": "53", + "udp.length": "52", + "udp.checksum": "0x0000249c", + "udp.checksum.status": "2", + "udp.stream": "137" + }, + "dns": { + "dns.id": "0x00000fde", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type AAAA, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:57.668271000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495417.668271000", + "frame.time_delta": "0.001049000", + "frame.time_delta_displayed": "0.001049000", + "frame.time_relative": "1826.207585000", + "frame.number": "7357", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00002566", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000092fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "57862", + "udp.port": "53", + "udp.port": "57862", + "udp.length": "52", + "udp.checksum": "0x00008289", + "udp.checksum.status": "2", + "udp.stream": "137" + }, + "dns": { + "dns.response_to": "7356", + "dns.time": "0.001049000", + "dns.id": "0x00000fde", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type AAAA, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:57.672567000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495417.672567000", + "frame.time_delta": "0.004296000", + "frame.time_delta_displayed": "0.004296000", + "frame.time_relative": "1826.211881000", + "frame.number": "7358", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fb5", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b83b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000116d", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000288", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=648", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:57.673061000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495417.673061000", + "frame.time_delta": "0.000494000", + "frame.time_delta_displayed": "0.000494000", + "frame.time_relative": "1826.212375000", + "frame.number": "7359", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fb6", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009936", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f268", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000288", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=648", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:57.673688000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495417.673688000", + "frame.time_delta": "0.000627000", + "frame.time_delta_displayed": "0.000627000", + "frame.time_relative": "1826.213002000", + "frame.number": "7360", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000802e", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000288", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=648", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:57.681592000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495417.681592000", + "frame.time_delta": "0.007904000", + "frame.time_delta_displayed": "0.007904000", + "frame.time_relative": "1826.220906000", + "frame.number": "7361", + "frame.len": "447", + "frame.cap_len": "447", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "433", + "ip.id": "0x00002567", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009191", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "57862", + "udp.port": "53", + "udp.port": "57862", + "udp.length": "413", + "udp.checksum": "0x000083f2", + "udp.checksum.status": "2", + "udp.stream": "137" + }, + "dns": { + "dns.response_to": "7355", + "dns.time": "0.014386000", + "dns.id": "0x0000ef57", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "3", + "dns.count.auth_rr": "4", + "dns.count.add_rr": "8", + "Queries": { + "fw-update2.smartthings.com: type A, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "fw-update2.smartthings.com: type A, class IN, addr 34.231.50.247": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60", + "dns.resp.len": "4", + "dns.a": "34.231.50.247" + }, + "fw-update2.smartthings.com: type A, class IN, addr 52.4.156.100": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60", + "dns.resp.len": "4", + "dns.a": "52.4.156.100" + }, + "fw-update2.smartthings.com: type A, class IN, addr 52.70.238.171": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60", + "dns.resp.len": "4", + "dns.a": "52.70.238.171" + } + }, + "Authoritative nameservers": { + "smartthings.com: type NS, class IN, ns ns-1275.awsdns-31.org": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "9445", + "dns.resp.len": "23", + "dns.ns": "ns-1275.awsdns-31.org" + }, + "smartthings.com: type NS, class IN, ns ns-1610.awsdns-09.co.uk": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "9445", + "dns.resp.len": "25", + "dns.ns": "ns-1610.awsdns-09.co.uk" + }, + "smartthings.com: type NS, class IN, ns ns-442.awsdns-55.com": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "9445", + "dns.resp.len": "19", + "dns.ns": "ns-442.awsdns-55.com" + }, + "smartthings.com: type NS, class IN, ns ns-779.awsdns-33.net": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "9445", + "dns.resp.len": "22", + "dns.ns": "ns-779.awsdns-33.net" + } + }, + "Additional records": { + "ns-442.awsdns-55.com: type A, class IN, addr 205.251.193.186": { + "dns.resp.name": "ns-442.awsdns-55.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "138511", + "dns.resp.len": "4", + "dns.a": "205.251.193.186" + }, + "ns-779.awsdns-33.net: type A, class IN, addr 205.251.195.11": { + "dns.resp.name": "ns-779.awsdns-33.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "10131", + "dns.resp.len": "4", + "dns.a": "205.251.195.11" + }, + "ns-1275.awsdns-31.org: type A, class IN, addr 205.251.196.251": { + "dns.resp.name": "ns-1275.awsdns-31.org", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6424", + "dns.resp.len": "4", + "dns.a": "205.251.196.251" + }, + "ns-1610.awsdns-09.co.uk: type A, class IN, addr 205.251.198.74": { + "dns.resp.name": "ns-1610.awsdns-09.co.uk", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "15026", + "dns.resp.len": "4", + "dns.a": "205.251.198.74" + }, + "ns-442.awsdns-55.com: type AAAA, class IN, addr 2600:9000:5301:ba00::1": { + "dns.resp.name": "ns-442.awsdns-55.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "138511", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5301:ba00::1" + }, + "ns-779.awsdns-33.net: type AAAA, class IN, addr 2600:9000:5303:b00::1": { + "dns.resp.name": "ns-779.awsdns-33.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "10131", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5303:b00::1" + }, + "ns-1275.awsdns-31.org: type AAAA, class IN, addr 2600:9000:5304:fb00::1": { + "dns.resp.name": "ns-1275.awsdns-31.org", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6424", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5304:fb00::1" + }, + "ns-1610.awsdns-09.co.uk: type AAAA, class IN, addr 2600:9000:5306:4a00::1": { + "dns.resp.name": "ns-1610.awsdns-09.co.uk", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "15026", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5306:4a00::1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:57.682820000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495417.682820000", + "frame.time_delta": "0.001228000", + "frame.time_delta_displayed": "0.001228000", + "frame.time_relative": "1826.222134000", + "frame.number": "7362", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000c705", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005c3e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.dst_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.dst_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.dst_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + } + }, + "tcp": { + "tcp.srcport": "54421", + "tcp.dstport": "443", + "tcp.port": "54421", + "tcp.port": "443", + "tcp.stream": "292", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x00006d2f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:27:7a:51:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 2587217, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2587217", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:57.753841000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495417.753841000", + "frame.time_delta": "0.071021000", + "frame.time_delta_displayed": "0.071021000", + "frame.time_relative": "1826.293155000", + "frame.number": "7363", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "229", + "ip.proto": "6", + "ip.checksum": "0x00007e43", + "ip.checksum.status": "2", + "ip.src": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.src_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.src_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.src_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54421", + "tcp.port": "443", + "tcp.port": "54421", + "tcp.stream": "292", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "26847", + "tcp.window_size": "26847", + "tcp.checksum": "0x0000e6d8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:4b:49:31:ef:00:27:7a:51:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 1263088111, TSecr 2587217": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263088111", + "tcp.options.timestamp.tsecr": "2587217" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7362", + "tcp.analysis.ack_rtt": "0.071021000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:57.754361000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495417.754361000", + "frame.time_delta": "0.000520000", + "frame.time_delta_displayed": "0.000520000", + "frame.time_relative": "1826.293675000", + "frame.number": "7364", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000c706", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005c45", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.dst_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.dst_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.dst_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + } + }, + "tcp": { + "tcp.srcport": "54421", + "tcp.dstport": "443", + "tcp.port": "54421", + "tcp.port": "443", + "tcp.stream": "292", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00007d99", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:7a:58:4b:49:31:ef", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2587224, TSecr 1263088111": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2587224", + "tcp.options.timestamp.tsecr": "1263088111" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7363", + "tcp.analysis.ack_rtt": "0.000520000", + "tcp.analysis.initial_rtt": "0.071541000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:57.756623000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495417.756623000", + "frame.time_delta": "0.002262000", + "frame.time_delta_displayed": "0.002262000", + "frame.time_relative": "1826.295937000", + "frame.number": "7365", + "frame.len": "373", + "frame.cap_len": "373", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "359", + "ip.id": "0x0000c707", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005b11", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.dst_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.dst_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.dst_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + } + }, + "tcp": { + "tcp.srcport": "54421", + "tcp.dstport": "443", + "tcp.port": "54421", + "tcp.port": "443", + "tcp.stream": "292", + "tcp.len": "307", + "tcp.seq": "1", + "tcp.nxtseq": "308", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000152b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:7a:58:4b:49:31:ef", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2587224, TSecr 1263088111": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2587224", + "tcp.options.timestamp.tsecr": "1263088111" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.071541000", + "tcp.analysis.bytes_in_flight": "307", + "tcp.analysis.push_bytes_sent": "307" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000301", + "ssl.record.length": "302", + "ssl.handshake": { + "ssl.handshake.type": "1", + "ssl.handshake.length": "298", + "ssl.handshake.version": "0x00000303", + "Random": { + "ssl.handshake.random_time": "Mar 2, 1985 05:02:55.000000000 PST", + "ssl.handshake.random": "28:60:ef:f9:72:91:2b:49:f7:b1:32:8f:55:1e:67:56:22:6c:b2:64:cd:7d:10:d1:63:c6:b2:48" + }, + "ssl.handshake.session_id_length": "0", + "ssl.handshake.cipher_suites_length": "148", + "ssl.handshake.ciphersuites": { + "ssl.handshake.ciphersuite": "49200", + "ssl.handshake.ciphersuite": "49196", + "ssl.handshake.ciphersuite": "49192", + "ssl.handshake.ciphersuite": "49188", + "ssl.handshake.ciphersuite": "49172", + "ssl.handshake.ciphersuite": "49162", + "ssl.handshake.ciphersuite": "163", + "ssl.handshake.ciphersuite": "159", + "ssl.handshake.ciphersuite": "107", + "ssl.handshake.ciphersuite": "106", + "ssl.handshake.ciphersuite": "57", + "ssl.handshake.ciphersuite": "56", + "ssl.handshake.ciphersuite": "136", + "ssl.handshake.ciphersuite": "135", + "ssl.handshake.ciphersuite": "49202", + "ssl.handshake.ciphersuite": "49198", + "ssl.handshake.ciphersuite": "49194", + "ssl.handshake.ciphersuite": "49190", + "ssl.handshake.ciphersuite": "49167", + "ssl.handshake.ciphersuite": "49157", + "ssl.handshake.ciphersuite": "157", + "ssl.handshake.ciphersuite": "61", + "ssl.handshake.ciphersuite": "53", + "ssl.handshake.ciphersuite": "132", + "ssl.handshake.ciphersuite": "49199", + "ssl.handshake.ciphersuite": "49195", + "ssl.handshake.ciphersuite": "49191", + "ssl.handshake.ciphersuite": "49187", + "ssl.handshake.ciphersuite": "49171", + "ssl.handshake.ciphersuite": "49161", + "ssl.handshake.ciphersuite": "162", + "ssl.handshake.ciphersuite": "158", + "ssl.handshake.ciphersuite": "103", + "ssl.handshake.ciphersuite": "64", + "ssl.handshake.ciphersuite": "51", + "ssl.handshake.ciphersuite": "50", + "ssl.handshake.ciphersuite": "154", + "ssl.handshake.ciphersuite": "153", + "ssl.handshake.ciphersuite": "69", + "ssl.handshake.ciphersuite": "68", + "ssl.handshake.ciphersuite": "49201", + "ssl.handshake.ciphersuite": "49197", + "ssl.handshake.ciphersuite": "49193", + "ssl.handshake.ciphersuite": "49189", + "ssl.handshake.ciphersuite": "49166", + "ssl.handshake.ciphersuite": "49156", + "ssl.handshake.ciphersuite": "156", + "ssl.handshake.ciphersuite": "60", + "ssl.handshake.ciphersuite": "47", + "ssl.handshake.ciphersuite": "150", + "ssl.handshake.ciphersuite": "65", + "ssl.handshake.ciphersuite": "7", + "ssl.handshake.ciphersuite": "49169", + "ssl.handshake.ciphersuite": "49159", + "ssl.handshake.ciphersuite": "49164", + "ssl.handshake.ciphersuite": "49154", + "ssl.handshake.ciphersuite": "5", + "ssl.handshake.ciphersuite": "4", + "ssl.handshake.ciphersuite": "49170", + "ssl.handshake.ciphersuite": "49160", + "ssl.handshake.ciphersuite": "22", + "ssl.handshake.ciphersuite": "19", + "ssl.handshake.ciphersuite": "49165", + "ssl.handshake.ciphersuite": "49155", + "ssl.handshake.ciphersuite": "10", + "ssl.handshake.ciphersuite": "21", + "ssl.handshake.ciphersuite": "18", + "ssl.handshake.ciphersuite": "9", + "ssl.handshake.ciphersuite": "20", + "ssl.handshake.ciphersuite": "17", + "ssl.handshake.ciphersuite": "8", + "ssl.handshake.ciphersuite": "6", + "ssl.handshake.ciphersuite": "3", + "ssl.handshake.ciphersuite": "255" + }, + "ssl.handshake.comp_methods_length": "1", + "ssl.handshake.comp_methods": { + "ssl.handshake.comp_method": "0" + }, + "ssl.handshake.extensions_length": "109", + "Extension: ec_point_formats": { + "ssl.handshake.extension.type": "0x0000000b", + "ssl.handshake.extension.len": "4", + "ssl.handshake.extensions_ec_point_formats_length": "3", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_ec_point_format": "0", + "ssl.handshake.extensions_ec_point_format": "1", + "ssl.handshake.extensions_ec_point_format": "2" + } + }, + "Extension: elliptic_curves": { + "ssl.handshake.extension.type": "0x0000000a", + "ssl.handshake.extension.len": "52", + "ssl.handshake.extensions_elliptic_curves_length": "50", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_elliptic_curve": "0x0000000e", + "ssl.handshake.extensions_elliptic_curve": "0x0000000d", + "ssl.handshake.extensions_elliptic_curve": "0x00000019", + "ssl.handshake.extensions_elliptic_curve": "0x0000000b", + "ssl.handshake.extensions_elliptic_curve": "0x0000000c", + "ssl.handshake.extensions_elliptic_curve": "0x00000018", + "ssl.handshake.extensions_elliptic_curve": "0x00000009", + "ssl.handshake.extensions_elliptic_curve": "0x0000000a", + "ssl.handshake.extensions_elliptic_curve": "0x00000016", + "ssl.handshake.extensions_elliptic_curve": "0x00000017", + "ssl.handshake.extensions_elliptic_curve": "0x00000008", + "ssl.handshake.extensions_elliptic_curve": "0x00000006", + "ssl.handshake.extensions_elliptic_curve": "0x00000007", + "ssl.handshake.extensions_elliptic_curve": "0x00000014", + "ssl.handshake.extensions_elliptic_curve": "0x00000015", + "ssl.handshake.extensions_elliptic_curve": "0x00000004", + "ssl.handshake.extensions_elliptic_curve": "0x00000005", + "ssl.handshake.extensions_elliptic_curve": "0x00000012", + "ssl.handshake.extensions_elliptic_curve": "0x00000013", + "ssl.handshake.extensions_elliptic_curve": "0x00000001", + "ssl.handshake.extensions_elliptic_curve": "0x00000002", + "ssl.handshake.extensions_elliptic_curve": "0x00000003", + "ssl.handshake.extensions_elliptic_curve": "0x0000000f", + "ssl.handshake.extensions_elliptic_curve": "0x00000010", + "ssl.handshake.extensions_elliptic_curve": "0x00000011" + } + }, + "Extension: SessionTicket TLS": { + "ssl.handshake.extension.type": "0x00000023", + "ssl.handshake.extension.len": "0", + "ssl.handshake.extension.data": "" + }, + "Extension: signature_algorithms": { + "ssl.handshake.extension.type": "0x0000000d", + "ssl.handshake.extension.len": "32", + "ssl.handshake.sig_hash_alg_len": "30", + "ssl.handshake.sig_hash_algs": { + "ssl.handshake.sig_hash_alg": "0x00000601", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000602", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000603", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000501", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000502", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000503", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000401", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000402", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000403", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000301", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000302", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000303", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000201", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000202", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000203", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "3" + } + } + }, + "Extension: Heartbeat": { + "ssl.handshake.extension.type": "0x0000000f", + "ssl.handshake.extension.len": "1", + "ssl.handshake.extension.heartbeat.mode": "1" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:57.767569000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495417.767569000", + "frame.time_delta": "0.010946000", + "frame.time_delta_displayed": "0.010946000", + "frame.time_relative": "1826.306883000", + "frame.number": "7366", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:igmp:igmp" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_16", + "eth.addr": "01:00:5e:00:00:16", + "eth.addr_resolved": "IPv4mcast_16", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "24", + "ip.dsfield": "0x000000c0", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "48", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "2", + "ip.checksum": "0x000042fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.86", + "ip.addr": "192.168.0.86", + "ip.src_host": "192.168.0.86", + "ip.host": "192.168.0.86", + "ip.dst": "224.0.0.22", + "ip.addr": "224.0.0.22", + "ip.dst_host": "224.0.0.22", + "ip.host": "224.0.0.22", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "Options: (4 bytes), Router Alert": { + "Router Alert (4 bytes): Router shall examine packet (0)": { + "ip.opt.type": "148", + "ip.opt.type_tree": { + "ip.opt.type.copy": "1", + "ip.opt.type.class": "0", + "ip.opt.type.number": "20" + }, + "ip.opt.len": "4", + "ip.opt.ra": "0" + } + } + }, + "igmp": { + "igmp.version": "3", + "igmp.type": "0x00000022", + "igmp.reserved": "00", + "igmp.checksum": "0x0000fa02", + "igmp.checksum.status": "1", + "igmp.reserved": "00:00", + "igmp.num_grp_recs": "1", + "Group Record : 224.0.0.251 Change To Include Mode": { + "igmp.record_type": "3", + "igmp.aux_data_len": "0", + "igmp.num_src": "0", + "igmp.maddr": "224.0.0.251" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:57.827648000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495417.827648000", + "frame.time_delta": "0.060079000", + "frame.time_delta_displayed": "0.060079000", + "frame.time_relative": "1826.366962000", + "frame.number": "7367", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00007e3b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "229", + "ip.proto": "6", + "ip.checksum": "0x00000010", + "ip.checksum.status": "2", + "ip.src": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.src_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.src_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.src_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54421", + "tcp.port": "443", + "tcp.port": "54421", + "tcp.stream": "292", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007ccb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:49:32:01:00:27:7a:58", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263088129, TSecr 2587224": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263088129", + "tcp.options.timestamp.tsecr": "2587224" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7365", + "tcp.analysis.ack_rtt": "0.071025000", + "tcp.analysis.initial_rtt": "0.071541000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:57.828731000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495417.828731000", + "frame.time_delta": "0.001083000", + "frame.time_delta_displayed": "0.001083000", + "frame.time_relative": "1826.368045000", + "frame.number": "7368", + "frame.len": "1514", + "frame.cap_len": "1514", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1500", + "ip.id": "0x00007e3c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "229", + "ip.proto": "6", + "ip.checksum": "0x0000fa66", + "ip.checksum.status": "2", + "ip.src": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.src_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.src_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.src_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54421", + "tcp.port": "443", + "tcp.port": "54421", + "tcp.stream": "292", + "tcp.len": "1448", + "tcp.seq": "1", + "tcp.nxtseq": "1449", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001d47", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:49:32:01:00:27:7a:58", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263088129, TSecr 2587224": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263088129", + "tcp.options.timestamp.tsecr": "2587224" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.071541000", + "tcp.analysis.bytes_in_flight": "1448", + "tcp.analysis.push_bytes_sent": "1448" + }, + "tcp.segment_data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e" + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "89", + "ssl.handshake": { + "ssl.handshake.type": "2", + "ssl.handshake.length": "85", + "ssl.handshake.version": "0x00000303", + "Random": { + "ssl.handshake.random_time": "Jan 31, 2001 12:21:18.000000000 PST", + "ssl.handshake.random": "e8:c9:bf:d8:5c:4d:fb:a7:31:b2:d4:5a:0a:15:72:5a:2a:03:c5:27:bb:69:46:59:ac:70:1e:89" + }, + "ssl.handshake.session_id_length": "32", + "ssl.handshake.session_id": "21:4d:c2:e5:4f:77:3f:2b:cb:a1:a4:50:5e:55:15:fd:51:ee:d7:98:ae:b8:51:53:20:4f:6d:bb:c1:64:93:e5", + "ssl.handshake.ciphersuite": "49199", + "ssl.handshake.comp_method": "0", + "ssl.handshake.extensions_length": "13", + "Extension: renegotiation_info": { + "ssl.handshake.extension.type": "0x0000ff01", + "ssl.handshake.extension.len": "1", + "Renegotiation Info extension": { + "ssl.handshake.extensions_reneg_info_len": "0" + } + }, + "Extension: ec_point_formats": { + "ssl.handshake.extension.type": "0x0000000b", + "ssl.handshake.extension.len": "4", + "ssl.handshake.extensions_ec_point_formats_length": "3", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_ec_point_format": "0", + "ssl.handshake.extensions_ec_point_format": "1", + "ssl.handshake.extensions_ec_point_format": "2" + } + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:57.828752000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495417.828752000", + "frame.time_delta": "0.000021000", + "frame.time_delta_displayed": "0.000021000", + "frame.time_relative": "1826.368066000", + "frame.number": "7369", + "frame.len": "289", + "frame.cap_len": "289", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:x509ce:ns_cert_exts:x509ce:x509ce:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "275", + "ip.id": "0x00007e3d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "229", + "ip.proto": "6", + "ip.checksum": "0x0000ff2e", + "ip.checksum.status": "2", + "ip.src": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.src_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.src_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.src_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54421", + "tcp.port": "443", + "tcp.port": "54421", + "tcp.stream": "292", + "tcp.len": "223", + "tcp.seq": "1449", + "tcp.nxtseq": "1672", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000187e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:49:32:01:00:27:7a:58", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263088129, TSecr 2587224": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263088129", + "tcp.options.timestamp.tsecr": "2587224" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.071541000", + "tcp.analysis.bytes_in_flight": "1671", + "tcp.analysis.push_bytes_sent": "1671" + }, + "tcp.segment_data": "3a:cd:63:9f" + }, + "tcp.segments": { + "tcp.segment": "7368", + "tcp.segment": "7369", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1358", + "tcp.reassembled.data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1353", + "ssl.handshake": { + "ssl.handshake.type": "11", + "ssl.handshake.length": "1349", + "ssl.handshake.certificates_length": "1346", + "ssl.handshake.certificates": { + "ssl.handshake.certificate_length": "777", + "ssl.handshake.certificate": "30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79", + "ssl.handshake.certificate_tree": { + "x509af.signedCertificate_element": { + "x509af.version": "2", + "x509af.serialNumber": "0", + "x509af.signature_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "x509af.issuer": "0", + "x509af.issuer_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.validity_element": { + "x509af.notBefore": "0", + "x509af.notBefore_tree": { + "x509af.utcTime": "15-03-05 21:25:44 (UTC)" + }, + "x509af.notAfter": "0", + "x509af.notAfter_tree": { + "x509af.utcTime": "25-03-02 21:25:44 (UTC)" + } + }, + "x509af.subject": "0", + "x509af.subject_tree": { + "x509af.rdnSequence": "5", + "x509af.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STFWSRV" + } + } + } + } + }, + "x509af.subjectPublicKeyInfo_element": { + "x509af.algorithm_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.1" + }, + "x509af.subjectPublicKey": "30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01", + "x509af.subjectPublicKey_tree": { + "pkcs1.modulus": "00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b", + "pkcs1.publicExponent": "65537" + } + }, + "x509af.extensions": "4", + "x509af.extensions_tree": { + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.19", + "x509ce.BasicConstraintsSyntax_element": "" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.16.840.1.113730.1.13", + "ns_cert_exts.Comment": "OpenSSL Generated Certificate" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.14", + "x509ce.SubjectKeyIdentifier": "01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.35", + "x509ce.AuthorityKeyIdentifier_element": { + "x509ce.authorityCertIssuer": "1", + "x509ce.authorityCertIssuer_tree": { + "x509ce.GeneralName": "4", + "x509ce.GeneralName_tree": { + "x509ce.directoryName": "0", + "x509ce.directoryName_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + } + } + }, + "x509ce.authorityCertSerialNumber": "-2877719464742176835" + } + } + } + }, + "x509af.algorithmIdentifier_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "ber.bitstring.padding": "0", + "x509af.encrypted": "0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79" + }, + "ssl.handshake.certificate_length": "563", + "ssl.handshake.certificate": "30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f", + "ssl.handshake.certificate_tree": { + "x509af.signedCertificate_element": { + "x509af.serialNumber": "-2877719464742176835", + "x509af.signature_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "x509af.issuer": "0", + "x509af.issuer_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.validity_element": { + "x509af.notBefore": "0", + "x509af.notBefore_tree": { + "x509af.utcTime": "15-03-05 21:25:34 (UTC)" + }, + "x509af.notAfter": "0", + "x509af.notAfter_tree": { + "x509af.utcTime": "25-03-02 21:25:34 (UTC)" + } + }, + "x509af.subject": "0", + "x509af.subject_tree": { + "x509af.rdnSequence": "5", + "x509af.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.subjectPublicKeyInfo_element": { + "x509af.algorithm_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.1" + }, + "x509af.subjectPublicKey": "30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01", + "x509af.subjectPublicKey_tree": { + "pkcs1.modulus": "00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f", + "pkcs1.publicExponent": "65537" + } + } + }, + "x509af.algorithmIdentifier_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "ber.bitstring.padding": "0", + "x509af.encrypted": "48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" + } + } + } + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "205", + "ssl.handshake": { + "ssl.handshake.type": "12", + "ssl.handshake.length": "201", + "EC Diffie-Hellman Server Params": { + "ssl.handshake.server_curve_type": "0x00000003", + "ssl.handshake.server_named_curve": "0x00000017", + "ssl.handshake.server_point_len": "65", + "ssl.handshake.server_point": "04:e8:da:00:c4:e7:ad:1e:dd:b6:c0:12:56:aa:2c:43:43:6e:a1:03:93:fc:92:31:15:09:d1:39:c5:1c:9e:27:45:af:bf:10:12:e0:c1:a2:86:8d:e3:0e:37:27:53:c4:dc:13:66:ed:42:bc:53:0e:0b:f0:8d:44:7c:a6:9f:15:bf", + "ssl.handshake.sig_hash_alg": "0x00000601", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_len": "128", + "ssl.handshake.sig": "7d:ce:53:3e:20:dd:fa:f2:15:b1:a7:b0:26:ae:b4:ca:d1:ed:79:18:e0:c9:9d:31:b6:2f:51:53:26:f2:90:cb:93:06:ad:fe:6a:22:d6:22:a5:81:68:3b:3f:cf:e9:c2:cb:2f:56:1a:07:e4:58:3f:b9:d3:8a:08:e4:38:8a:aa:78:53:db:2d:40:fd:57:1e:eb:4e:ac:3c:e5:5a:78:56:6a:e2:f8:e5:29:23:ac:50:76:3c:70:71:87:b7:16:80:0b:17:72:87:58:0c:6e:38:2e:27:e7:d4:ca:bf:f3:d5:15:12:88:bd:b9:80:d5:eb:33:a2:a1:96:86:c4:41:08" + } + } + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "4", + "ssl.handshake": { + "ssl.handshake.type": "14", + "ssl.handshake.length": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:57.829388000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495417.829388000", + "frame.time_delta": "0.000636000", + "frame.time_delta_displayed": "0.000636000", + "frame.time_relative": "1826.368702000", + "frame.number": "7370", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000c708", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005c43", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.dst_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.dst_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.dst_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + } + }, + "tcp": { + "tcp.srcport": "54421", + "tcp.dstport": "443", + "tcp.port": "54421", + "tcp.port": "443", + "tcp.stream": "292", + "tcp.len": "0", + "tcp.seq": "308", + "tcp.ack": "1672", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00007592", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:7a:5f:4b:49:32:01", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2587231, TSecr 1263088129": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2587231", + "tcp.options.timestamp.tsecr": "1263088129" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7369", + "tcp.analysis.ack_rtt": "0.000636000", + "tcp.analysis.initial_rtt": "0.071541000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:57.858874000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495417.858874000", + "frame.time_delta": "0.029486000", + "frame.time_delta_displayed": "0.029486000", + "frame.time_relative": "1826.398188000", + "frame.number": "7371", + "frame.len": "192", + "frame.cap_len": "192", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "178", + "ip.id": "0x0000c709", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005bc4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.dst_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.dst_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.dst_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + } + }, + "tcp": { + "tcp.srcport": "54421", + "tcp.dstport": "443", + "tcp.port": "54421", + "tcp.port": "443", + "tcp.stream": "292", + "tcp.len": "126", + "tcp.seq": "308", + "tcp.nxtseq": "434", + "tcp.ack": "1672", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x000078c8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:7a:62:4b:49:32:01", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2587234, TSecr 1263088129": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2587234", + "tcp.options.timestamp.tsecr": "1263088129" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.071541000", + "tcp.analysis.bytes_in_flight": "126", + "tcp.analysis.push_bytes_sent": "126" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "70", + "ssl.handshake": { + "ssl.handshake.type": "16", + "ssl.handshake.length": "66", + "EC Diffie-Hellman Client Params": { + "ssl.handshake.client_point_len": "65", + "ssl.handshake.client_point": "04:b3:20:d0:17:50:1d:60:f6:ce:03:fd:6f:3b:62:49:68:88:5a:55:d7:c3:c0:8b:78:9b:d5:09:21:52:96:bf:43:be:e6:bd:d9:a9:9e:4e:be:3b:bf:03:fc:c4:2c:11:ef:0e:18:91:13:1d:99:ed:48:75:fc:38:b1:22:b9:ec:48" + } + } + }, + "ssl.record": { + "ssl.record.content_type": "20", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1", + "ssl.change_cipher_spec": "" + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "40", + "ssl.handshake": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:57.929879000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495417.929879000", + "frame.time_delta": "0.071005000", + "frame.time_delta_displayed": "0.071005000", + "frame.time_relative": "1826.469193000", + "frame.number": "7372", + "frame.len": "117", + "frame.cap_len": "117", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "103", + "ip.id": "0x00007e3e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "229", + "ip.proto": "6", + "ip.checksum": "0x0000ffd9", + "ip.checksum.status": "2", + "ip.src": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.src_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.src_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.src_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54421", + "tcp.port": "443", + "tcp.port": "54421", + "tcp.stream": "292", + "tcp.len": "51", + "tcp.seq": "1672", + "tcp.nxtseq": "1723", + "tcp.ack": "434", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005118", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:49:32:1b:00:27:7a:62", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263088155, TSecr 2587234": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263088155", + "tcp.options.timestamp.tsecr": "2587234" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7371", + "tcp.analysis.ack_rtt": "0.071005000", + "tcp.analysis.initial_rtt": "0.071541000", + "tcp.analysis.bytes_in_flight": "51", + "tcp.analysis.push_bytes_sent": "51" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "20", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1", + "ssl.change_cipher_spec": "" + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "40", + "ssl.handshake": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:57.930898000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495417.930898000", + "frame.time_delta": "0.001019000", + "frame.time_delta_displayed": "0.001019000", + "frame.time_relative": "1826.470212000", + "frame.number": "7373", + "frame.len": "135", + "frame.cap_len": "135", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "121", + "ip.id": "0x0000c70a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005bfc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.dst_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.dst_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.dst_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + } + }, + "tcp": { + "tcp.srcport": "54421", + "tcp.dstport": "443", + "tcp.port": "54421", + "tcp.port": "443", + "tcp.stream": "292", + "tcp.len": "69", + "tcp.seq": "434", + "tcp.nxtseq": "503", + "tcp.ack": "1723", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00006091", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:7a:69:4b:49:32:1b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2587241, TSecr 1263088155": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2587241", + "tcp.options.timestamp.tsecr": "1263088155" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7372", + "tcp.analysis.ack_rtt": "0.001019000", + "tcp.analysis.initial_rtt": "0.071541000", + "tcp.analysis.bytes_in_flight": "69", + "tcp.analysis.push_bytes_sent": "69" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "64", + "ssl.app_data": "1b:08:f9:0f:03:7b:40:9d:09:94:88:16:4d:e9:9e:7b:df:e3:63:e8:c9:f9:1f:e3:b7:13:42:1b:0e:31:c3:8a:b3:20:91:f1:1a:ff:0c:95:cc:74:9f:22:c7:f2:2d:65:82:27:6c:86:c2:53:d0:53:b6:99:ff:81:8a:35:7d:a9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:58.002437000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495418.002437000", + "frame.time_delta": "0.071539000", + "frame.time_delta_displayed": "0.071539000", + "frame.time_relative": "1826.541751000", + "frame.number": "7374", + "frame.len": "135", + "frame.cap_len": "135", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "121", + "ip.id": "0x00007e3f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "229", + "ip.proto": "6", + "ip.checksum": "0x0000ffc6", + "ip.checksum.status": "2", + "ip.src": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.src_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.src_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.src_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54421", + "tcp.port": "443", + "tcp.port": "54421", + "tcp.stream": "292", + "tcp.len": "69", + "tcp.seq": "1723", + "tcp.nxtseq": "1792", + "tcp.ack": "503", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c7ce", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:49:32:2d:00:27:7a:69", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263088173, TSecr 2587241": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263088173", + "tcp.options.timestamp.tsecr": "2587241" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7373", + "tcp.analysis.ack_rtt": "0.071539000", + "tcp.analysis.initial_rtt": "0.071541000", + "tcp.analysis.bytes_in_flight": "69", + "tcp.analysis.push_bytes_sent": "69" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "64", + "ssl.app_data": "cf:45:ca:a4:d2:d5:5f:67:02:7e:6c:68:fe:13:ac:53:42:d0:39:6b:81:a6:3f:2e:d3:12:30:73:fd:98:c7:54:ab:73:e8:b3:8e:d6:89:58:71:92:8b:26:14:33:75:0a:b2:1a:e6:d0:61:e3:b9:5c:5f:c2:c6:0c:19:9b:e1:75" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:58.003358000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495418.003358000", + "frame.time_delta": "0.000921000", + "frame.time_delta_displayed": "0.000921000", + "frame.time_relative": "1826.542672000", + "frame.number": "7375", + "frame.len": "555", + "frame.cap_len": "555", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "541", + "ip.id": "0x0000c70b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005a57", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.dst_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.dst_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.dst_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + } + }, + "tcp": { + "tcp.srcport": "54421", + "tcp.dstport": "443", + "tcp.port": "54421", + "tcp.port": "443", + "tcp.stream": "292", + "tcp.len": "489", + "tcp.seq": "503", + "tcp.nxtseq": "992", + "tcp.ack": "1792", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000408b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:7a:71:4b:49:32:2d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2587249, TSecr 1263088173": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2587249", + "tcp.options.timestamp.tsecr": "1263088173" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7374", + "tcp.analysis.ack_rtt": "0.000921000", + "tcp.analysis.initial_rtt": "0.071541000", + "tcp.analysis.bytes_in_flight": "489", + "tcp.analysis.push_bytes_sent": "489" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "484", + "ssl.app_data": "1b:08:f9:0f:03:7b:40:9e:a3:60:45:93:5b:b6:69:a8:b0:9f:68:5a:14:c1:ea:fc:f6:b2:fc:a6:98:2c:66:47:8c:97:ce:5e:70:c2:9f:cb:8d:c4:08:a3:c3:3e:06:71:69:d7:f9:bb:47:f2:86:c5:d6:25:23:70:e4:5b:b9:c6:de:c2:c3:6d:c0:28:fd:c7:f8:8a:a4:8f:15:2b:a3:a2:11:bf:47:50:93:25:41:e6:b9:f6:7e:59:c5:1b:2d:c4:97:e2:83:6f:3a:04:c7:60:37:cd:44:7b:68:91:e6:e3:a5:da:d8:89:0d:44:f7:5a:1a:8d:2f:b5:91:6b:a7:a0:db:57:13:d7:12:73:f1:47:a0:c7:9d:45:3e:da:1b:37:cf:39:0c:54:bd:8f:a4:e4:bd:6d:bf:40:49:5a:02:5f:35:10:55:3e:81:7b:a7:f7:34:92:41:51:d7:ad:96:0b:a1:f8:a5:3c:72:be:c9:bc:e9:b5:3c:ea:e8:8f:7f:28:54:d3:af:e1:ba:82:cd:95:80:2d:7d:2d:06:39:24:05:b2:68:91:68:00:a0:18:09:49:85:b6:c5:b3:ff:c5:d8:db:e1:08:fb:c5:68:60:b9:8f:82:94:1e:c4:5c:2a:11:e4:07:ec:73:5e:f7:7b:7d:78:de:f1:36:a0:5b:05:99:a6:ef:43:66:be:ec:67:0e:39:3a:3b:07:61:e1:4d:63:1c:3e:75:3f:42:db:63:e0:89:da:aa:d4:6e:ec:c3:f6:b9:ae:d4:ad:f6:9d:6c:16:80:3a:1a:96:6e:30:b3:3d:a0:2f:10:b1:88:14:c2:a6:a5:9a:fe:5c:c3:a4:53:00:7a:ad:d1:10:1e:f7:33:7c:8c:2f:fb:3f:af:ed:17:21:b0:db:49:62:1b:f0:6a:71:10:79:5e:ed:40:5d:f9:a4:fc:98:e3:35:13:55:a4:f8:08:7f:93:1e:9a:94:a5:03:2d:49:96:f3:0d:33:db:24:f6:f6:4a:7f:1c:d7:a2:c2:00:29:6f:1b:08:af:70:e5:72:85:3d:3d:80:d8:a1:7e:c7:49:52:af:d9:87:f9:92:fe:0b:0e:34:3d:02:45:d2:46:59:b8:73:05:80:96:30:35:a7:85:25:c6:c2:46:60:7c:76:14:27:5b:67:0e:57:6f:11:76:4c:ff:a4:b1:38:74:be:d1:9f:7b:13:0a:a5:d8:24:a6:f0:81:65:6d:1b:e5:d6:6b:26:c6:7e:40:3b:1c:3f:12:ec:fc:c7:82:04:55:af:27:80" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:58.074879000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495418.074879000", + "frame.time_delta": "0.071521000", + "frame.time_delta_displayed": "0.071521000", + "frame.time_relative": "1826.614193000", + "frame.number": "7376", + "frame.len": "141", + "frame.cap_len": "141", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "127", + "ip.id": "0x00007e40", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "229", + "ip.proto": "6", + "ip.checksum": "0x0000ffbf", + "ip.checksum.status": "2", + "ip.src": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.src_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.src_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.src_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54421", + "tcp.port": "443", + "tcp.port": "54421", + "tcp.stream": "292", + "tcp.len": "75", + "tcp.seq": "1792", + "tcp.nxtseq": "1867", + "tcp.ack": "992", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000022db", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:49:32:3f:00:27:7a:71", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263088191, TSecr 2587249": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263088191", + "tcp.options.timestamp.tsecr": "2587249" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7375", + "tcp.analysis.ack_rtt": "0.071521000", + "tcp.analysis.initial_rtt": "0.071541000", + "tcp.analysis.bytes_in_flight": "75", + "tcp.analysis.push_bytes_sent": "75" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "70", + "ssl.app_data": "cf:45:ca:a4:d2:d5:5f:68:a0:ba:7d:ef:07:e8:05:04:12:f5:21:73:d3:c1:41:9e:6f:68:4b:c0:bc:27:ba:ac:73:e0:71:af:2e:56:d3:98:f6:a2:c9:58:8b:b2:31:10:9f:7a:2c:86:79:f9:99:98:22:b4:ba:cf:2f:bb:99:de:ac:3f:b7:98:d1:a4" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:58.075624000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495418.075624000", + "frame.time_delta": "0.000745000", + "frame.time_delta_displayed": "0.000745000", + "frame.time_relative": "1826.614938000", + "frame.number": "7377", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000c70c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005c3f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.dst_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.dst_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.dst_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + } + }, + "tcp": { + "tcp.srcport": "54421", + "tcp.dstport": "443", + "tcp.port": "54421", + "tcp.port": "443", + "tcp.stream": "292", + "tcp.len": "0", + "tcp.seq": "992", + "tcp.ack": "1867", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x000071cb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:7a:78:4b:49:32:3f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2587256, TSecr 1263088191": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2587256", + "tcp.options.timestamp.tsecr": "1263088191" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7376", + "tcp.analysis.ack_rtt": "0.000745000", + "tcp.analysis.initial_rtt": "0.071541000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:58.146389000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495418.146389000", + "frame.time_delta": "0.070765000", + "frame.time_delta_displayed": "0.070765000", + "frame.time_relative": "1826.685703000", + "frame.number": "7378", + "frame.len": "97", + "frame.cap_len": "97", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "83", + "ip.id": "0x00007e41", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "229", + "ip.proto": "6", + "ip.checksum": "0x0000ffea", + "ip.checksum.status": "2", + "ip.src": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.src_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.src_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.src_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54421", + "tcp.port": "443", + "tcp.port": "54421", + "tcp.stream": "292", + "tcp.len": "31", + "tcp.seq": "1867", + "tcp.nxtseq": "1898", + "tcp.ack": "993", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000008a7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:49:32:51:00:27:7a:78", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263088209, TSecr 2587256": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263088209", + "tcp.options.timestamp.tsecr": "2587256" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7377", + "tcp.analysis.ack_rtt": "0.070765000", + "tcp.analysis.initial_rtt": "0.071541000", + "tcp.analysis.bytes_in_flight": "31", + "tcp.analysis.push_bytes_sent": "31" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "21", + "ssl.record.version": "0x00000303", + "ssl.record.length": "26", + "ssl.alert_message": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:58.146474000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495418.146474000", + "frame.time_delta": "0.000085000", + "frame.time_delta_displayed": "0.000085000", + "frame.time_relative": "1826.685788000", + "frame.number": "7379", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00007e42", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "229", + "ip.proto": "6", + "ip.checksum": "0x00000009", + "ip.checksum.status": "2", + "ip.src": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.src_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.src_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.src_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "54421", + "tcp.port": "443", + "tcp.port": "54421", + "tcp.stream": "292", + "tcp.len": "0", + "tcp.seq": "1898", + "tcp.ack": "993", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007240", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:49:32:51:00:27:7a:78", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263088209, TSecr 2587256": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263088209", + "tcp.options.timestamp.tsecr": "2587256" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:58.146905000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495418.146905000", + "frame.time_delta": "0.000431000", + "frame.time_delta_displayed": "0.000431000", + "frame.time_relative": "1826.686219000", + "frame.number": "7380", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f0be", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003299", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.dst_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.dst_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.dst_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + } + }, + "tcp": { + "tcp.srcport": "54421", + "tcp.dstport": "443", + "tcp.port": "54421", + "tcp.port": "443", + "tcp.stream": "292", + "tcp.len": "0", + "tcp.seq": "993", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x000084ae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:16:58.146918000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495418.146918000", + "frame.time_delta": "0.000013000", + "frame.time_delta_displayed": "0.000013000", + "frame.time_relative": "1826.686232000", + "frame.number": "7381", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f0bf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003298", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "34.231.50.247", + "ip.addr": "34.231.50.247", + "ip.dst_host": "34.231.50.247", + "ip.host": "34.231.50.247", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Houston, TX", + "ip.geoip.city": "Houston, TX", + "ip.geoip.dst_lat": "29.699699", + "ip.geoip.lat": "29.699699", + "ip.geoip.dst_lon": "-95.585899", + "ip.geoip.lon": "-95.585899" + } + }, + "tcp": { + "tcp.srcport": "54421", + "tcp.dstport": "443", + "tcp.port": "54421", + "tcp.port": "443", + "tcp.stream": "292", + "tcp.len": "0", + "tcp.seq": "993", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x000084ae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:00.220840000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495420.220840000", + "frame.time_delta": "2.073922000", + "frame.time_delta_displayed": "2.073922000", + "frame.time_relative": "1828.760154000", + "frame.number": "7382", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x000096dd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007671", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "87554", + "tcp.nxtseq": "87603", + "tcp.ack": "18194", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001550", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:7b:4e:a7:a1:db:e7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2587470, TSecr 2812402663": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2587470", + "tcp.options.timestamp.tsecr": "2812402663" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:7a:97:36:cb:7b:0d:30:69:f9:8a:18:23:82:45:35:83:e0:94:77:60:af:6f:24:a3:04:fb:3a:91:76:74:8a:af:ec:65:84:35:98" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:00.280995000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495420.280995000", + "frame.time_delta": "0.060155000", + "frame.time_delta_displayed": "0.060155000", + "frame.time_relative": "1828.820309000", + "frame.number": "7383", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dd7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037a8", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18194", + "tcp.ack": "87603", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009aa9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:f5:4a:00:27:7b:4e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812409162, TSecr 2587470": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812409162", + "tcp.options.timestamp.tsecr": "2587470" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7382", + "tcp.analysis.ack_rtt": "0.060155000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:00.282384000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495420.282384000", + "frame.time_delta": "0.001389000", + "frame.time_delta_displayed": "0.001389000", + "frame.time_relative": "1828.821698000", + "frame.number": "7384", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002dd8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003770", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "18194", + "tcp.nxtseq": "18249", + "tcp.ack": "87603", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008c29", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a1:f5:4b:00:27:7b:4e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812409163, TSecr 2587470": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812409163", + "tcp.options.timestamp.tsecr": "2587470" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:ca:68:70:98:a0:71:73:14:50:8f:6c:21:f4:51:e4:9c:8a:83:58:8e:69:c9:5d:f2:b3:10:4e:f3:2d:80:47:9a:13:98:76:4b:42:85:d2:c5:99:3c:57" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:00.282782000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495420.282782000", + "frame.time_delta": "0.000398000", + "frame.time_delta_displayed": "0.000398000", + "frame.time_relative": "1828.822096000", + "frame.number": "7385", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000096de", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076a1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "87603", + "tcp.ack": "18249", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000997b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:7b:55:a7:a1:f5:4b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2587477, TSecr 2812409163": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2587477", + "tcp.options.timestamp.tsecr": "2812409163" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7384", + "tcp.analysis.ack_rtt": "0.000398000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:02.670187000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495422.670187000", + "frame.time_delta": "2.387405000", + "frame.time_delta_displayed": "2.387405000", + "frame.time_relative": "1831.209501000", + "frame.number": "7386", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:02.670619000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495422.670619000", + "frame.time_delta": "0.000432000", + "frame.time_delta_displayed": "0.000432000", + "frame.time_relative": "1831.209933000", + "frame.number": "7387", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:04.318677000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495424.318677000", + "frame.time_delta": "1.648058000", + "frame.time_delta_displayed": "1.648058000", + "frame.time_relative": "1832.857991000", + "frame.number": "7388", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005822", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a66f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5117", + "tcp.ack": "649", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f03a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:04.461895000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495424.461895000", + "frame.time_delta": "0.143218000", + "frame.time_delta_displayed": "0.143218000", + "frame.time_relative": "1833.001209000", + "frame.number": "7389", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001007", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd8a", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "649", + "tcp.ack": "5118", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000faaf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:06.721951000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495426.721951000", + "frame.time_delta": "2.260056000", + "frame.time_delta_displayed": "2.260056000", + "frame.time_relative": "1835.261265000", + "frame.number": "7390", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005e60", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005989", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:07.449801000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495427.449801000", + "frame.time_delta": "0.727850000", + "frame.time_delta_displayed": "0.727850000", + "frame.time_relative": "1835.989115000", + "frame.number": "7391", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000b9e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ecf2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x000002a0", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3b:44:eb:1c:ca:17:ce:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:09.328591000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495429.328591000", + "frame.time_delta": "1.878790000", + "frame.time_delta_displayed": "1.878790000", + "frame.time_relative": "1837.867905000", + "frame.number": "7392", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:09.328722000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495429.328722000", + "frame.time_delta": "0.000131000", + "frame.time_delta_displayed": "0.000131000", + "frame.time_relative": "1837.868036000", + "frame.number": "7393", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:10.938548000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495430.938548000", + "frame.time_delta": "1.609826000", + "frame.time_delta_displayed": "1.609826000", + "frame.time_relative": "1839.477862000", + "frame.number": "7394", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:25.398596000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495445.398596000", + "frame.time_delta": "14.460048000", + "frame.time_delta_displayed": "14.460048000", + "frame.time_relative": "1853.937910000", + "frame.number": "7395", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00000ba0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed16", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "58", + "udp.checksum": "0x000014a1", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "32:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:84:ec:f4:f7:1b:ce:f2:14:0d:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:88:12", + "data.len": "50" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:26.080758000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495446.080758000", + "frame.time_delta": "0.682162000", + "frame.time_delta_displayed": "0.682162000", + "frame.time_relative": "1854.620072000", + "frame.number": "7396", + "frame.len": "264", + "frame.cap_len": "264", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "250", + "ip.id": "0x00002dd9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000036e0", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "198", + "tcp.seq": "18249", + "tcp.nxtseq": "18447", + "tcp.ack": "87603", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000060b3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a2:0e:7c:00:27:7b:55", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812415612, TSecr 2587477": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812415612", + "tcp.options.timestamp.tsecr": "2587477" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "198", + "tcp.analysis.push_bytes_sent": "198" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "193", + "ssl.app_data": "34:cd:34:17:47:48:0e:cb:05:20:98:78:b6:f9:d9:5a:20:e5:ec:6c:3b:0e:f0:9c:2b:35:61:f0:aa:0f:c8:23:2e:04:52:40:68:88:7d:c6:89:40:e3:0e:9b:e3:4d:26:8a:d5:fb:32:24:71:d2:6e:0c:ec:4e:2d:5c:aa:c9:fc:c6:93:ab:21:85:8e:8c:f0:db:78:55:fa:ec:f3:70:44:04:74:f8:49:80:af:f2:98:c9:32:26:4f:e0:7d:cc:3f:75:ee:fa:76:bc:bc:8a:39:aa:2c:d9:77:d1:0d:9b:3f:73:d5:1f:a1:91:14:af:08:b0:0d:46:fd:76:40:a2:39:4c:51:7a:0d:b8:cf:6b:10:c5:96:6d:2d:1c:c9:a6:a5:e4:aa:5c:a3:f4:f9:59:62:17:fa:d2:23:72:29:18:4c:87:a9:49:5c:9e:dc:64:36:88:b0:2f:37:6d:60:37:02:6c:ac:de:6f:d6:c3:bf:94:e9:9d:8d:25:4d:94:cf:06:a1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:26.081233000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495446.081233000", + "frame.time_delta": "0.000475000", + "frame.time_delta_displayed": "0.000475000", + "frame.time_relative": "1854.620547000", + "frame.number": "7397", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000096df", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000076a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "87603", + "tcp.ack": "18447", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007571", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:85:68:a7:a2:0e:7c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2590056, TSecr 2812415612": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2590056", + "tcp.options.timestamp.tsecr": "2812415612" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7396", + "tcp.analysis.ack_rtt": "0.000475000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:26.087214000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495446.087214000", + "frame.time_delta": "0.005981000", + "frame.time_delta_displayed": "0.005981000", + "frame.time_relative": "1854.626528000", + "frame.number": "7398", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x000096e0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000766a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "87603", + "tcp.nxtseq": "87656", + "tcp.ack": "18447", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007b7e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:85:69:a7:a2:0e:7c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2590057, TSecr 2812415612": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2590057", + "tcp.options.timestamp.tsecr": "2812415612" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:7b:68:97:05:92:22:4b:76:3a:c3:23:6c:5d:13:1c:52:1f:f7:02:4a:db:8f:4e:58:52:b5:b7:93:2c:a4:f2:fe:f7:3f:ab:c1:54:64:e9:7b:d5" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:26.186101000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495446.186101000", + "frame.time_delta": "0.098887000", + "frame.time_delta_displayed": "0.098887000", + "frame.time_relative": "1854.725415000", + "frame.number": "7399", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dda", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037a5", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18447", + "tcp.ack": "87656", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000760f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a2:0e:97:00:27:85:69", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812415639, TSecr 2590057": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812415639", + "tcp.options.timestamp.tsecr": "2590057" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7398", + "tcp.analysis.ack_rtt": "0.098887000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:26.186689000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495446.186689000", + "frame.time_delta": "0.000588000", + "frame.time_delta_displayed": "0.000588000", + "frame.time_relative": "1854.726003000", + "frame.number": "7400", + "frame.len": "1442", + "frame.cap_len": "1442", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1428", + "ip.id": "0x000096e1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000713e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1376", + "tcp.seq": "87656", + "tcp.nxtseq": "89032", + "tcp.ack": "18447", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008034", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:85:73:a7:a2:0e:97", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2590067, TSecr 2812415639": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2590067", + "tcp.options.timestamp.tsecr": "2812415639" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1376", + "tcp.analysis.push_bytes_sent": "1376" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:7c:86:c1:7d:49:94:dd:27:4f:53:12:ba:4a:b5:b2:58:7d:5a:cd:53:64:a3:8e:9d:63:47:50:05:11:39:a0:81:f1:62:e5:f3:4a:fc:ab:c1:b8:ba" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:7d:ab:f3:8c:e4:2f:d1:0d:50:a7:df:20:eb:0b:6e:3c:1a:2c:a7:46:44:e6:da:f5:70:4c:4a:b7:82:4d:d5:91:db:57:be:5f:d0:7b:43:53:a9:fa:ed:de:fd:b4:e9:cd:37:6e:e7:ab:00:a8:65:08:07:02:b5:a8:bb:a5:f6:7d:fe:38:22:f5:bc:79:60:0c:4c:a5:f5:bd:8e:50:36:68:b7:83:58:4e:95:0d:bc:6e:c1" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1078", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:7e:db:cc:bd:47:dd:9f:10:e6:e2:3a:69:2f:e2:9c:1b:41:40:71:f2:8e:1d:5e:29:8a:73:1a:b2:8b:c7:c0:43:5a:b5:9a:19:25:68:6b:10:e7:8d:64:60:2e:93:06:52:77:9b:61:93:84:53:95:79:9c:0d:8a:71:06:df:4f:1b:d5:57:3f:db:df:0a:b9:fc:db:be:d1:f1:bb:c4:a1:61:3d:a4:09:7b:3d:f0:a0:04:b7:b7:7e:0e:5e:d7:20:30:f4:99:fd:27:f5:f9:65:7a:35:5e:d6:fb:a4:ad:9a:44:8b:3c:65:73:de:49:75:83:ec:71:a3:f4:10:9f:91:57:ea:2f:33:7b:24:38:47:d8:20:38:95:ea:e8:cf:36:7f:01:e6:65:3b:4d:0e:ea:ba:e3:33:35:8b:d5:b7:d2:8a:00:73:04:dc:b1:cb:bc:e5:b8:e0:46:12:92:ce:48:b1:99:4f:37:be:2f:27:a0:1f:08:15:be:16:1a:b7:06:bf:85:1a:bb:06:eb:2a:73:ce:fc:4c:f5:fc:0c:5b:70:03:a0:67:87:97:1c:50:1f:ee:54:c9:45:27:17:94:bd:77:ee:5d:ba:ea:c8:3c:19:8b:1b:1f:e4:cf:11:89:99:3c:1e:27:b8:51:5d:cb:1b:93:c4:a8:49:aa:5d:44:50:2a:ea:e0:e1:53:3d:e6:c5:97:36:af:74:35:23:68:ab:f0:ae:fb:2c:1c:33:48:12:73:92:74:56:ad:55:21:60:25:45:08:4e:d4:ca:f0:43:6b:64:1b:3f:26:b5:9c:7c:00:2a:8f:59:3f:15:38:b9:02:b2:04:6c:80:55:c2:24:0f:76:16:e2:ab:77:d8:6b:a1:82:ac:bd:7f:b4:9d:05:ce:2d:f8:94:fc:62:5d:2f:e2:34:07:55:01:f0:b0:6c:50:17:a5:62:b4:b8:11:14:87:2e:9b:f6:05:92:b4:c7:fe:28:c5:bb:67:0e:29:ed:ee:ee:93:13:9b:2d:c4:d1:08:c3:15:fa:d5:9b:0e:d0:60:7c:75:86:3a:cc:2e:85:70:52:1f:8f:c0:fc:4c:28:b6:27:b4:68:cc:4c:d4:02:94:47:39:ad:37:bf:2e:5c:0b:6f:86:83:e5:3c:cc:00:d7:14:3e:bc:97:61:93:6e:d4:40:e5:03:d6:8e:20:30:a6:f6:b4:29:ef:e0:15:91:c4:84:c4:97:79:32:96:af:15:6f:a9:5c:1c:3b:16:9f:6f:a9:6c:5a:fe:ba:21:e3:53:8a:2f:f1:c5:5c:cb:34:95:2d:c4:b1:68:cd:d5:1c:8b:15:c2:f5:f7:a0:f2:ed:ad:c2:e6:29:b0:16:69:42:56:e7:30:3b:65:14:0c:e5:31:2a:81:b8:cd:fe:fc:ad:52:b2:ba:8a:d5:77:69:f5:7d:1b:5c:9b:07:7d:69:5d:68:72:29:56:1c:18:72:cc:37:8d:f6:4f:8e:4f:c2:df:16:6b:31:bf:ff:47:3e:cd:66:49:f1:50:18:4f:53:7d:d7:0c:3f:69:92:21:d8:e3:3b:74:f2:c1:ce:b7:0d:3c:f6:1e:00:7f:e2:e8:ea:cc:ff:8e:32:5f:93:d2:22:66:3e:60:79:3d:44:46:94:21:df:64:3f:c8:e9:cb:1a:de:e3:26:1b:d6:9c:c7:6f:30:f5:35:b7:50:a9:d2:d3:4f:01:95:8d:0a:83:13:50:02:c7:09:42:ea:c7:da:52:af:6a:60:6e:c1:b8:84:80:c9:e1:e4:74:bb:7c:bd:25:44:11:09:9b:2d:07:77:c0:00:f7:e3:ff:14:4d:34:02:83:53:a3:9f:4b:dc:ea:d0:04:7c:81:a0:8c:e5:0c:53:1f:44:4d:ac:d4:94:71:bd:60:1c:af:18:3b:80:dd:32:3e:da:af:96:61:fc:a9:81:3d:a8:8c:54:5b:42:5e:7c:89:17:29:55:56:b6:0a:70:db:57:ab:dd:b4:72:c1:d5:9e:4d:b8:9a:f5:25:8a:58:dd:90:9f:b2:bf:e8:26:0b:41:5f:85:c8:03:44:b2:4e:43:ec:bf:c1:e1:0b:b1:4a:7f:a8:de:85:80:03:8e:3e:4c:8a:e7:ce:6d:fd:5d:92:51:d8:1e:9c:ec:64:5f:af:72:00:a3:fc:cb:ef:d7:0f:6a:c1:3d:12:13:e5:8e:e3:40:b0:7a:79:1a:79:c0:a4:ba:e5:0d:bd:b7:4d:f3:8b:f4:68:39:0f:92:36:86:30:9a:a2:91:10:69:d1:98:ab:08:16:5d:c4:e2:17:d3:da:48:82:d1:a6:4a:10:ea:1a:8c:9a:a0:5a:50:66:a2:aa:ba:c5:0d:91:ee:73:96:f2:72:0b:9f:b7:b1:46:c1:e4:ca:d1:e0:1f:1b:97:e1:27:1e:6c:2f:48:cf:81:ff:0c:ce:c6:3b:1c:98:82:cc:2b:02:36:c3:03:c5:9f:af:be:23:be:3d:c4:30:57:5a:6f:20:e9:64:77:78:c4:73:e4:3a:59:13:df:70:0a:75:12:a7:e9:84:f2:00:62:7f:f4:46:5d:9b:c8:ac:a0:3b:e7:64:0a:88:48:b8:0f:de:bd:2b:88:4e:0e:64:17:ec:a1:4e:41:a4:5d:8e:90:b7:9c:ab:69:01:ae:3d:59:6b:63:99:93:73:40:aa:1e:82:1c:06:82:85:0a:17:23:a5:75:2d:18:98:66:30:6d:8f:90:eb:d9:37:44:67:97:2e:20:b7:02:c5:da:66:ce:d7:f0:e0:d0:11:78:54:c5:8b:b4:7e:c2:d3:7a:47:cb:c2:08:22:92:2d:72:14:21:4c:3a:f6:1a:71:95:94:3e:79:30:66" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "133", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:7f:b2:71:f9:1f:b3:c9:cc:e0:28:5e:64:1e:37:da:9e:e2:da:5c:9e:72:3f:09:91:b1:5c:12:d0:6f:b5:33:76:d8:1b:c9:a9:95:4f:90:0a:49:c6:35:86:54:70:2a:99:c8:06:c8:ff:81:61:65:e7:a3:98:f5:0f:44:ed:62:85:91:d5:fa:a4:c1:57:8c:c0:f6:cd:f3:68:c9:75:27:cb:3f:d8:ef:89:4e:d3:c1:fd:5c:c7:ac:23:c8:8a:96:04:4d:96:c7:da:e3:7f:20:d1:f2:40:3f:5c:24:bd:21:54:a9:f7:aa:da:36:19:ec:91:33:2a:0c:b5:96:d9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:26.246863000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495446.246863000", + "frame.time_delta": "0.060174000", + "frame.time_delta_displayed": "0.060174000", + "frame.time_relative": "1854.786177000", + "frame.number": "7401", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ddb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037a4", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18447", + "tcp.ack": "89032", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007096", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a2:0e:a6:00:27:85:73", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812415654, TSecr 2590067": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812415654", + "tcp.options.timestamp.tsecr": "2590067" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7400", + "tcp.analysis.ack_rtt": "0.060174000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:26.506698000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495446.506698000", + "frame.time_delta": "0.259835000", + "frame.time_delta_displayed": "0.259835000", + "frame.time_relative": "1855.046012000", + "frame.number": "7402", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000096e2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007667", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "89032", + "tcp.nxtseq": "89086", + "tcp.ack": "18447", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d286", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:85:93:a7:a2:0e:a6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2590099, TSecr 2812415654": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2590099", + "tcp.options.timestamp.tsecr": "2812415654" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:80:b5:e1:62:a2:91:10:48:d5:2a:9b:37:6f:bf:38:fc:28:85:ed:e3:ec:43:53:dc:27:a1:6f:6a:46:f0:82:78:5a:e7:96:e4:a5:4e:f7:d0:21:a8" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:26.567005000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495446.567005000", + "frame.time_delta": "0.060307000", + "frame.time_delta_displayed": "0.060307000", + "frame.time_relative": "1855.106319000", + "frame.number": "7403", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ddc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037a3", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18447", + "tcp.ack": "89086", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006ff0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a2:0e:f6:00:27:85:93", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812415734, TSecr 2590099": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812415734", + "tcp.options.timestamp.tsecr": "2590099" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7402", + "tcp.analysis.ack_rtt": "0.060307000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:27.516551000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495447.516551000", + "frame.time_delta": "0.949546000", + "frame.time_delta_displayed": "0.949546000", + "frame.time_relative": "1856.055865000", + "frame.number": "7404", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x000053ea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000756d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:27.534815000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495447.534815000", + "frame.time_delta": "0.018264000", + "frame.time_delta_displayed": "0.018264000", + "frame.time_relative": "1856.074129000", + "frame.number": "7405", + "frame.len": "213", + "frame.cap_len": "213", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "199", + "ip.id": "0x000096e3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007609", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "147", + "tcp.seq": "89086", + "tcp.nxtseq": "89233", + "tcp.ack": "18447", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008fbe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:85:fa:a7:a2:0e:f6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2590202, TSecr 2812415734": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2590202", + "tcp.options.timestamp.tsecr": "2812415734" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "147", + "tcp.analysis.push_bytes_sent": "147" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "142", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:81:53:72:a7:1f:38:2d:5c:37:da:f9:69:02:83:f3:4c:e2:18:4f:a7:4b:af:b4:42:a2:bd:23:ab:56:84:9c:52:d4:15:70:d1:50:e7:8f:b8:bb:d6:09:63:1b:f0:46:4e:4d:65:96:f5:e5:8b:66:c8:ae:9d:b6:4c:2e:7a:9f:11:f6:02:45:6f:1b:12:81:56:fc:29:bf:53:16:35:57:d0:f5:3a:f2:b4:48:fd:70:b4:78:2b:53:1a:d9:ea:8f:e5:40:1a:34:a6:96:15:8c:3d:74:86:c4:19:a9:f2:66:c3:4c:73:e6:64:f2:28:f0:61:b1:a4:27:d9:27:ea:68:fb:3f:d9:1a:f9:e7:4b:fd" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:27.569444000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495447.569444000", + "frame.time_delta": "0.034629000", + "frame.time_delta_displayed": "0.034629000", + "frame.time_relative": "1856.108758000", + "frame.number": "7406", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x000053ef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007568", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:27.595002000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495447.595002000", + "frame.time_delta": "0.025558000", + "frame.time_delta_displayed": "0.025558000", + "frame.time_relative": "1856.134316000", + "frame.number": "7407", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ddd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037a2", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18447", + "tcp.ack": "89233", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006df5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a2:0f:f7:00:27:85:fa", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812415991, TSecr 2590202": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812415991", + "tcp.options.timestamp.tsecr": "2590202" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7405", + "tcp.analysis.ack_rtt": "0.060187000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:27.622286000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495447.622286000", + "frame.time_delta": "0.027284000", + "frame.time_delta_displayed": "0.027284000", + "frame.time_relative": "1856.161600000", + "frame.number": "7408", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x000053f3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000755b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:27.641639000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495447.641639000", + "frame.time_delta": "0.019353000", + "frame.time_delta_displayed": "0.019353000", + "frame.time_relative": "1856.180953000", + "frame.number": "7409", + "frame.len": "196", + "frame.cap_len": "196", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "182", + "ip.id": "0x000096e4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007619", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "130", + "tcp.seq": "89233", + "tcp.nxtseq": "89363", + "tcp.ack": "18447", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005503", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:86:05:a7:a2:0f:f7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2590213, TSecr 2812415991": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2590213", + "tcp.options.timestamp.tsecr": "2812415991" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "130", + "tcp.analysis.push_bytes_sent": "130" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "125", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:82:09:1f:92:47:54:fa:48:24:1a:78:03:ea:3f:e6:b9:17:0d:0f:3c:c1:2e:3d:6c:a9:94:26:dd:bf:42:81:7c:b9:b8:6f:e0:07:f6:bf:ed:8e:a2:58:67:d9:98:f7:9c:ad:16:93:a8:5d:ea:dd:3e:02:ec:f3:cd:3e:b7:24:84:89:8d:35:3d:d7:7d:45:8a:5c:c4:4d:f0:3c:44:33:2e:01:b5:b2:f5:08:9d:94:48:26:62:e1:3b:59:eb:82:2e:36:1e:4a:11:cf:06:ae:13:ab:58:2b:38:ac:82:e0:8d:88:05:44:a3:65:76" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:27.675182000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495447.675182000", + "frame.time_delta": "0.033543000", + "frame.time_delta_displayed": "0.033543000", + "frame.time_relative": "1856.214496000", + "frame.number": "7410", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x000053f8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007556", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:27.701870000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495447.701870000", + "frame.time_delta": "0.026688000", + "frame.time_delta_displayed": "0.026688000", + "frame.time_relative": "1856.241184000", + "frame.number": "7411", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dde", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037a1", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18447", + "tcp.ack": "89363", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006d4e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a2:10:11:00:27:86:05", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812416017, TSecr 2590213": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812416017", + "tcp.options.timestamp.tsecr": "2590213" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7409", + "tcp.analysis.ack_rtt": "0.060231000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:27.728085000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495447.728085000", + "frame.time_delta": "0.026215000", + "frame.time_delta_displayed": "0.026215000", + "frame.time_relative": "1856.267399000", + "frame.number": "7412", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x000053fc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007558", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:27.780998000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495447.780998000", + "frame.time_delta": "0.052913000", + "frame.time_delta_displayed": "0.052913000", + "frame.time_relative": "1856.320312000", + "frame.number": "7413", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00005402", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007552", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:28.436455000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495448.436455000", + "frame.time_delta": "0.655457000", + "frame.time_delta_displayed": "0.655457000", + "frame.time_relative": "1856.975769000", + "frame.number": "7414", + "frame.len": "1325", + "frame.cap_len": "1325", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1311", + "ip.id": "0x000096e5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000071af", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1259", + "tcp.seq": "89363", + "tcp.nxtseq": "90622", + "tcp.ack": "18447", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005f44", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:86:54:a7:a2:10:11", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2590292, TSecr 2812416017": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2590292", + "tcp.options.timestamp.tsecr": "2812416017" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1259", + "tcp.analysis.push_bytes_sent": "1259" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1254", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:83:94:27:7a:0a:48:69:f7:27:74:26:ff:db:7e:41:da:0a:6c:35:90:d2:1e:3f:91:4c:6e:34:40:f3:72:b0:74:32:5a:07:53:bf:2d:f3:22:3b:69:96:04:87:2b:b3:19:ec:fc:67:81:07:5b:f2:76:68:d7:bd:20:4b:e6:1b:df:1e:b7:cd:53:b9:35:91:8a:bc:5e:21:1f:94:6c:7a:08:83:d6:d7:6b:10:bf:d8:94:59:e4:3a:5d:cc:6d:87:c8:40:19:ec:84:aa:4b:a3:5c:10:69:d2:19:7d:51:90:5f:2f:b5:93:7d:6c:6b:cc:d2:23:92:47:3e:74:fc:ad:f4:1b:33:a8:92:a7:00:a2:30:5a:20:f6:1f:8f:6a:68:0b:b6:77:54:a2:f7:18:9f:ac:3a:23:be:ef:1f:88:0c:f6:2d:3d:cb:b4:d2:5a:1b:64:f1:c4:d9:8d:e3:e2:93:d0:8b:02:be:49:b1:93:24:1d:10:3b:52:40:3e:45:3d:20:71:21:85:a8:d5:e5:f3:0c:56:1e:e3:ee:04:51:cb:b1:fd:6a:76:b5:bc:87:76:78:56:0c:5b:05:c1:bf:8c:0f:7a:e8:85:4e:31:90:b2:b7:53:fd:a1:5e:ca:05:9c:e9:53:f0:94:90:c0:03:eb:fa:65:b7:8f:c8:82:92:aa:c6:2b:3e:f5:2b:eb:ee:d2:4e:c4:2c:ab:59:8e:db:35:ac:ef:af:d0:53:1a:ec:65:87:8d:24:a6:7f:7e:de:e8:fe:bf:27:a0:9e:de:0c:09:cb:a5:9d:52:2a:f9:1f:df:30:f2:8c:bc:b5:28:a7:bf:2a:a9:4c:ae:a2:be:38:be:45:34:c1:d2:93:32:af:d1:83:c3:9e:8b:96:a5:cd:5c:ed:b3:c5:ef:79:53:fd:e0:46:89:b1:a4:a3:0a:ce:85:7e:81:fc:fd:87:3d:e9:16:d1:46:99:f1:c4:b6:79:e4:80:4e:2f:57:07:bb:8b:36:ec:66:b7:bd:ce:b9:53:82:8e:de:97:38:56:90:9b:22:7c:c7:f0:e8:20:0a:83:3e:76:21:a9:57:0e:cd:f3:8e:b3:69:a7:1d:86:05:40:60:be:71:e7:18:ff:e1:8a:6c:40:7b:e8:a1:76:4a:57:50:7c:a5:fd:46:c3:c2:62:38:11:be:b7:81:ca:fb:e6:21:2d:f7:21:4a:b8:ea:24:ff:cb:7a:27:63:4c:19:19:f3:fd:09:82:cb:ef:cb:77:18:0d:ec:f1:94:36:a0:a4:d0:60:d1:81:a4:d8:09:66:c0:18:73:aa:d6:3e:90:98:e8:4a:5d:38:a2:ee:6c:a0:f9:e4:3a:c5:b9:b2:5a:b4:db:2e:12:4f:1e:35:91:d3:66:1d:6b:24:3e:24:f2:a2:94:3d:b8:7f:18:12:91:e7:7e:0f:29:85:80:ef:98:ca:4b:e7:41:de:3f:43:78:b9:fa:f6:d2:91:f1:96:13:09:bc:c0:88:47:03:43:f6:a8:0d:dc:06:20:ff:bb:fd:d8:e2:dc:93:0d:9a:81:7a:7b:40:99:a7:e3:64:b4:a8:6f:5e:f1:28:46:c2:fc:41:19:8a:42:8f:4a:e9:6c:36:1d:06:eb:4a:7a:98:a8:ed:13:f8:5b:b8:1b:d2:89:de:48:db:8c:6c:1a:a7:05:10:2f:c9:24:3b:c5:e6:36:f3:a5:20:8c:8d:06:be:32:a6:d6:79:ec:06:b1:88:c8:f0:65:a1:30:52:cd:03:34:a5:ac:6f:db:55:eb:e6:56:2f:18:9b:30:c6:16:90:6a:90:a3:60:65:80:86:b0:41:3f:55:bf:af:95:88:73:83:5a:63:36:31:e0:bf:d2:a6:70:d8:80:7e:91:1f:2b:cb:9c:cd:1d:33:7b:0f:5d:8c:2f:64:86:16:ca:92:7f:cf:ea:d6:b3:ee:10:79:43:61:9c:73:74:72:96:bb:5e:20:02:ea:1d:e7:bb:83:1d:aa:78:05:6a:9c:6c:aa:25:9f:a0:52:22:e5:ca:24:96:7f:cc:7e:c3:60:8a:f1:c6:db:25:52:d7:70:40:f9:47:c4:6b:7f:a5:d4:15:0d:17:79:68:1e:bd:07:5e:18:cd:e9:2a:98:27:29:9f:8a:95:e4:2c:16:a1:34:b9:81:5b:a8:d4:65:81:4d:61:c9:47:71:bc:fe:42:de:6a:ee:df:88:62:32:19:a8:27:6f:7c:eb:b0:57:b3:13:b4:f5:27:9f:bf:22:25:3c:14:b9:bd:fe:84:11:1b:fb:20:0d:bb:f2:a3:48:e7:fa:95:ae:67:a7:66:ed:63:d6:a1:ac:91:7a:90:4d:6e:10:0d:db:c9:06:cb:f6:11:e7:3e:7b:59:c7:9c:11:69:a7:dd:1e:73:16:43:31:d9:1e:99:cc:5c:1a:fe:98:5c:23:16:fc:ff:67:73:2c:e2:0e:84:e3:b4:e9:5d:80:be:e5:cc:4a:88:e0:1b:c0:5e:e3:b6:7b:2c:40:55:89:d8:69:6c:39:d3:02:ea:79:15:d9:2f:1f:b3:a2:9f:84:b9:b2:82:5e:5e:05:66:06:85:84:d0:9a:08:3e:b1:3b:ae:ab:ff:fb:6a:12:8d:be:58:c9:4d:a4:50:86:b9:a2:0e:9d:2d:a3:12:d3:1c:f5:9d:66:39:33:29:6b:bd:38:d6:df:12:0a:0e:a6:8b:39:f5:d2:ea:65:94:38:11:40:4c:a6:54:82:e5:22:4c:b4:0b:49:9f:24:02:05:36:de:ca:19:a8:ee:94:43:69:0e:f6:88:e7:b5:09:93:55:a3:a5:3e:c2:7f:d1:19:26:ba:69:41:97:85:e7:16:9e:e8:59:7a:e6:16:db:3f:4e:a7:7a:ef:43:f0:bb:23:bd:c5:bd:cc:41:26:51:1b:3c:17:c1:78:a2:9e:e3:1a:c2:03:09:fa:54:a8:a7:94:71:5c:4b:6c:57:6d:0c:af:a3:ae:78:61:5f:49:c6:69:c2:b1:d6:9c:8a:d1:54:5c:d6:c0:02:97:20:d2:94:04:e0:9d:71:ab:f5:3e:8f:fa:80:ee:4b:cc:99:8d:29:f0:0b:8a:76:4b:b1:34:dd:20:ea:c2:d6:12:35:3f:c4:c3:33:4e:4c:98:6a:a0:41:94:8f:37:f1:e9:48:86:af:9c:26:6a:0c:31:9f:e2:2c:80:bc:73:a8:d7:ef:92:99:9d:45:ad:c3:09:54:e9:05:e4:8a:b7:6c:d4:3e:01:4c:07:e8:74:9d:0c:c6:a7:4f:02:ad:52:77:ff:f1:02:34:d8:db:f2:24:cd:ca:a1:65:43:48:d9:19" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:28.496618000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495448.496618000", + "frame.time_delta": "0.060163000", + "frame.time_delta_displayed": "0.060163000", + "frame.time_relative": "1857.035932000", + "frame.number": "7415", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ddf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000037a0", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18447", + "tcp.ack": "90622", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000674d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a2:10:d8:00:27:86:54", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812416216, TSecr 2590292": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812416216", + "tcp.options.timestamp.tsecr": "2590292" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7414", + "tcp.analysis.ack_rtt": "0.060163000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:28.851181000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495448.851181000", + "frame.time_delta": "0.354563000", + "frame.time_delta_displayed": "0.354563000", + "frame.time_relative": "1857.390495000", + "frame.number": "7416", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.170107000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.170107000", + "frame.time_delta": "1.318926000", + "frame.time_delta_displayed": "1.318926000", + "frame.time_relative": "1858.709421000", + "frame.number": "7417", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:57:18:8e:aa:94", + "arp.src.proto_ipv4": "192.168.0.108", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.431522000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.431522000", + "frame.time_delta": "0.261415000", + "frame.time_delta_displayed": "0.261415000", + "frame.time_relative": "1858.970836000", + "frame.number": "7418", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x00002119", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e72b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52117", + "udp.dstport": "1900", + "udp.port": "52117", + "udp.port": "1900", + "udp.length": "134", + "udp.checksum": "0x00004d48", + "udp.checksum.status": "2", + "udp.stream": "10" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "16", + "http.prev_request_in": "6036" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.834701000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.834701000", + "frame.time_delta": "0.403179000", + "frame.time_delta_displayed": "0.403179000", + "frame.time_relative": "1859.374015000", + "frame.number": "7419", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000691a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004e31", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "91", + "http.prev_response_in": "6098" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.837522000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.837522000", + "frame.time_delta": "0.002821000", + "frame.time_delta_displayed": "0.002821000", + "frame.time_relative": "1859.376836000", + "frame.number": "7420", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001bf7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c70", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54738", + "tcp.dstport": "80", + "tcp.port": "54738", + "tcp.port": "80", + "tcp.stream": "293", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000089a0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.838081000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.838081000", + "frame.time_delta": "0.000559000", + "frame.time_delta_displayed": "0.000559000", + "frame.time_relative": "1859.377395000", + "frame.number": "7421", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54738", + "tcp.port": "80", + "tcp.port": "54738", + "tcp.stream": "293", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000ec60", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7420", + "tcp.analysis.ack_rtt": "0.000559000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.845419000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.845419000", + "frame.time_delta": "0.007338000", + "frame.time_delta_displayed": "0.007338000", + "frame.time_relative": "1859.384733000", + "frame.number": "7422", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001bf8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c7b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54738", + "tcp.dstport": "80", + "tcp.port": "54738", + "tcp.port": "80", + "tcp.stream": "293", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009e3f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7421", + "tcp.analysis.ack_rtt": "0.007338000", + "tcp.analysis.initial_rtt": "0.007897000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.846003000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.846003000", + "frame.time_delta": "0.000584000", + "frame.time_delta_displayed": "0.000584000", + "frame.time_relative": "1859.385317000", + "frame.number": "7423", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001bf9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bd3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54738", + "tcp.dstport": "80", + "tcp.port": "54738", + "tcp.port": "80", + "tcp.stream": "293", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b3b8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007897000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.846482000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.846482000", + "frame.time_delta": "0.000479000", + "frame.time_delta_displayed": "0.000479000", + "frame.time_relative": "1859.385796000", + "frame.number": "7424", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000b52", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ad21", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54738", + "tcp.port": "80", + "tcp.port": "54738", + "tcp.stream": "293", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008fd0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7423", + "tcp.analysis.ack_rtt": "0.000479000", + "tcp.analysis.initial_rtt": "0.007897000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.847126000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.847126000", + "frame.time_delta": "0.000644000", + "frame.time_delta_displayed": "0.000644000", + "frame.time_relative": "1859.386440000", + "frame.number": "7425", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00000b53", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ad0f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54738", + "tcp.port": "80", + "tcp.port": "54738", + "tcp.stream": "293", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000cff1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007897000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.847479000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.847479000", + "frame.time_delta": "0.000353000", + "frame.time_delta_displayed": "0.000353000", + "frame.time_relative": "1859.386793000", + "frame.number": "7426", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00000b54", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a93c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54738", + "tcp.port": "80", + "tcp.port": "54738", + "tcp.stream": "293", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000225b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007897000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7425", + "tcp.segment": "7426", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001476000", + "http.request_in": "7423", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.850310000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.850310000", + "frame.time_delta": "0.002831000", + "frame.time_delta_displayed": "0.002831000", + "frame.time_relative": "1859.389624000", + "frame.number": "7427", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001bfa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c79", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54738", + "tcp.dstport": "80", + "tcp.port": "54738", + "tcp.port": "80", + "tcp.stream": "293", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000099a7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7426", + "tcp.analysis.ack_rtt": "0.002831000", + "tcp.analysis.initial_rtt": "0.007897000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.851445000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.851445000", + "frame.time_delta": "0.001135000", + "frame.time_delta_displayed": "0.001135000", + "frame.time_relative": "1859.390759000", + "frame.number": "7428", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001bfb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c78", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54738", + "tcp.dstport": "80", + "tcp.port": "54738", + "tcp.port": "80", + "tcp.stream": "293", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000099a6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.851899000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.851899000", + "frame.time_delta": "0.000454000", + "frame.time_delta_displayed": "0.000454000", + "frame.time_relative": "1859.391213000", + "frame.number": "7429", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003b53", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007d20", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54738", + "tcp.port": "80", + "tcp.port": "54738", + "tcp.stream": "293", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008bda", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7428", + "tcp.analysis.ack_rtt": "0.000454000", + "tcp.analysis.initial_rtt": "0.007897000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.887674000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.887674000", + "frame.time_delta": "0.035775000", + "frame.time_delta_displayed": "0.035775000", + "frame.time_relative": "1859.426988000", + "frame.number": "7430", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000691c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004e26", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "92", + "http.prev_response_in": "7419" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.894709000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.894709000", + "frame.time_delta": "0.007035000", + "frame.time_delta_displayed": "0.007035000", + "frame.time_relative": "1859.434023000", + "frame.number": "7431", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001bfc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c6b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54739", + "tcp.dstport": "80", + "tcp.port": "54739", + "tcp.port": "80", + "tcp.stream": "294", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00008a61", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.895252000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.895252000", + "frame.time_delta": "0.000543000", + "frame.time_delta_displayed": "0.000543000", + "frame.time_relative": "1859.434566000", + "frame.number": "7432", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54739", + "tcp.port": "80", + "tcp.port": "54739", + "tcp.stream": "294", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000576a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7431", + "tcp.analysis.ack_rtt": "0.000543000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.897554000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.897554000", + "frame.time_delta": "0.002302000", + "frame.time_delta_displayed": "0.002302000", + "frame.time_relative": "1859.436868000", + "frame.number": "7433", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001bfd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c76", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54739", + "tcp.dstport": "80", + "tcp.port": "54739", + "tcp.port": "80", + "tcp.stream": "294", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000949", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7432", + "tcp.analysis.ack_rtt": "0.002302000", + "tcp.analysis.initial_rtt": "0.002845000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.898131000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.898131000", + "frame.time_delta": "0.000577000", + "frame.time_delta_displayed": "0.000577000", + "frame.time_relative": "1859.437445000", + "frame.number": "7434", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001bfe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54739", + "tcp.dstport": "80", + "tcp.port": "54739", + "tcp.port": "80", + "tcp.stream": "294", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001ec2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002845000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.898731000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.898731000", + "frame.time_delta": "0.000600000", + "frame.time_delta_displayed": "0.000600000", + "frame.time_relative": "1859.438045000", + "frame.number": "7435", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008bc9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002caa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54739", + "tcp.port": "80", + "tcp.port": "54739", + "tcp.stream": "294", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000fad9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7434", + "tcp.analysis.ack_rtt": "0.000600000", + "tcp.analysis.initial_rtt": "0.002845000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.899304000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.899304000", + "frame.time_delta": "0.000573000", + "frame.time_delta_displayed": "0.000573000", + "frame.time_relative": "1859.438618000", + "frame.number": "7436", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00008bca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002c98", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54739", + "tcp.port": "80", + "tcp.port": "54739", + "tcp.stream": "294", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003afb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002845000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.899651000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.899651000", + "frame.time_delta": "0.000347000", + "frame.time_delta_displayed": "0.000347000", + "frame.time_relative": "1859.438965000", + "frame.number": "7437", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00008bcb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000028c5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54739", + "tcp.port": "80", + "tcp.port": "54739", + "tcp.stream": "294", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008d64", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002845000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7436", + "tcp.segment": "7437", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001520000", + "http.request_in": "7434", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.901575000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.901575000", + "frame.time_delta": "0.001924000", + "frame.time_delta_displayed": "0.001924000", + "frame.time_relative": "1859.440889000", + "frame.number": "7438", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001bff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c74", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54739", + "tcp.dstport": "80", + "tcp.port": "54739", + "tcp.port": "80", + "tcp.stream": "294", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000004b1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7437", + "tcp.analysis.ack_rtt": "0.001924000", + "tcp.analysis.initial_rtt": "0.002845000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.902132000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.902132000", + "frame.time_delta": "0.000557000", + "frame.time_delta_displayed": "0.000557000", + "frame.time_relative": "1859.441446000", + "frame.number": "7439", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c00", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c73", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54739", + "tcp.dstport": "80", + "tcp.port": "54739", + "tcp.port": "80", + "tcp.stream": "294", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000004b0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.902582000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.902582000", + "frame.time_delta": "0.000450000", + "frame.time_delta_displayed": "0.000450000", + "frame.time_relative": "1859.441896000", + "frame.number": "7440", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003b55", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007d1e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54739", + "tcp.port": "80", + "tcp.port": "54739", + "tcp.stream": "294", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f6e3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7439", + "tcp.analysis.ack_rtt": "0.000450000", + "tcp.analysis.initial_rtt": "0.002845000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.941898000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.941898000", + "frame.time_delta": "0.039316000", + "frame.time_delta_displayed": "0.039316000", + "frame.time_relative": "1859.481212000", + "frame.number": "7441", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000691e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004e2a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "93", + "http.prev_response_in": "7430" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.952853000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.952853000", + "frame.time_delta": "0.010955000", + "frame.time_delta_displayed": "0.010955000", + "frame.time_relative": "1859.492167000", + "frame.number": "7442", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001c01", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c66", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54741", + "tcp.dstport": "80", + "tcp.port": "54741", + "tcp.port": "80", + "tcp.stream": "295", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000a3af", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.953407000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.953407000", + "frame.time_delta": "0.000554000", + "frame.time_delta_displayed": "0.000554000", + "frame.time_relative": "1859.492721000", + "frame.number": "7443", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54741", + "tcp.port": "80", + "tcp.port": "54741", + "tcp.stream": "295", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000ec74", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7442", + "tcp.analysis.ack_rtt": "0.000554000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.956271000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.956271000", + "frame.time_delta": "0.002864000", + "frame.time_delta_displayed": "0.002864000", + "frame.time_relative": "1859.495585000", + "frame.number": "7444", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c02", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c71", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54741", + "tcp.dstport": "80", + "tcp.port": "54741", + "tcp.port": "80", + "tcp.stream": "295", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009e53", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7443", + "tcp.analysis.ack_rtt": "0.002864000", + "tcp.analysis.initial_rtt": "0.003418000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.956876000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.956876000", + "frame.time_delta": "0.000605000", + "frame.time_delta_displayed": "0.000605000", + "frame.time_relative": "1859.496190000", + "frame.number": "7445", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001c03", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bc9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54741", + "tcp.dstport": "80", + "tcp.port": "54741", + "tcp.port": "80", + "tcp.stream": "295", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b3cc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003418000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.957350000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.957350000", + "frame.time_delta": "0.000474000", + "frame.time_delta_displayed": "0.000474000", + "frame.time_relative": "1859.496664000", + "frame.number": "7446", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001ab7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009dbc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54741", + "tcp.port": "80", + "tcp.port": "54741", + "tcp.stream": "295", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008fe4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7445", + "tcp.analysis.ack_rtt": "0.000474000", + "tcp.analysis.initial_rtt": "0.003418000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.958009000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.958009000", + "frame.time_delta": "0.000659000", + "frame.time_delta_displayed": "0.000659000", + "frame.time_relative": "1859.497323000", + "frame.number": "7447", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00001ab8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009daa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54741", + "tcp.port": "80", + "tcp.port": "54741", + "tcp.stream": "295", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d005", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003418000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.958389000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.958389000", + "frame.time_delta": "0.000380000", + "frame.time_delta_displayed": "0.000380000", + "frame.time_relative": "1859.497703000", + "frame.number": "7448", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00001ab9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000099d7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54741", + "tcp.port": "80", + "tcp.port": "54741", + "tcp.stream": "295", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000226f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003418000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7447", + "tcp.segment": "7448", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001513000", + "http.request_in": "7445", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.958703000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.958703000", + "frame.time_delta": "0.000314000", + "frame.time_delta_displayed": "0.000314000", + "frame.time_relative": "1859.498017000", + "frame.number": "7449", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00001aba", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000099d6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54741", + "tcp.port": "80", + "tcp.port": "54741", + "tcp.stream": "295", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000226f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003418000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.961723000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.961723000", + "frame.time_delta": "0.003020000", + "frame.time_delta_displayed": "0.003020000", + "frame.time_relative": "1859.501037000", + "frame.number": "7450", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c04", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c6f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54741", + "tcp.dstport": "80", + "tcp.port": "54741", + "tcp.port": "80", + "tcp.stream": "295", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000099bb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7448", + "tcp.analysis.ack_rtt": "0.003334000", + "tcp.analysis.initial_rtt": "0.003418000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.962332000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.962332000", + "frame.time_delta": "0.000609000", + "frame.time_delta_displayed": "0.000609000", + "frame.time_relative": "1859.501646000", + "frame.number": "7451", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c05", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c6e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54741", + "tcp.dstport": "80", + "tcp.port": "54741", + "tcp.port": "80", + "tcp.stream": "295", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000099ba", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.962760000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.962760000", + "frame.time_delta": "0.000428000", + "frame.time_delta_displayed": "0.000428000", + "frame.time_relative": "1859.502074000", + "frame.number": "7452", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003b59", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007d1a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54741", + "tcp.port": "80", + "tcp.port": "54741", + "tcp.stream": "295", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008bee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7451", + "tcp.analysis.ack_rtt": "0.000428000", + "tcp.analysis.initial_rtt": "0.003418000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:30.962996000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495450.962996000", + "frame.time_delta": "0.000236000", + "frame.time_delta_displayed": "0.000236000", + "frame.time_relative": "1859.502310000", + "frame.number": "7453", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001c06", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c61", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54741", + "tcp.dstport": "80", + "tcp.port": "54741", + "tcp.port": "80", + "tcp.stream": "295", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000df7d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:ec:55:53:cb:ec:55:57:ae", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003418000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "7450", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.679564000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.679564000", + "frame.time_delta": "0.716568000", + "frame.time_delta_displayed": "0.716568000", + "frame.time_relative": "1860.218878000", + "frame.number": "7454", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.888953000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.888953000", + "frame.time_delta": "0.209389000", + "frame.time_delta_displayed": "0.209389000", + "frame.time_relative": "1860.428267000", + "frame.number": "7455", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00006972", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004dd9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "94", + "http.prev_response_in": "7441" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.893693000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.893693000", + "frame.time_delta": "0.004740000", + "frame.time_delta_displayed": "0.004740000", + "frame.time_relative": "1860.433007000", + "frame.number": "7456", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001c07", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54742", + "tcp.dstport": "80", + "tcp.port": "54742", + "tcp.port": "80", + "tcp.stream": "296", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000e42a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.894258000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.894258000", + "frame.time_delta": "0.000565000", + "frame.time_delta_displayed": "0.000565000", + "frame.time_relative": "1860.433572000", + "frame.number": "7457", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54742", + "tcp.port": "80", + "tcp.port": "54742", + "tcp.stream": "296", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00004ed7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7456", + "tcp.analysis.ack_rtt": "0.000565000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.897160000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.897160000", + "frame.time_delta": "0.002902000", + "frame.time_delta_displayed": "0.002902000", + "frame.time_relative": "1860.436474000", + "frame.number": "7458", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c08", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c6b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54742", + "tcp.dstport": "80", + "tcp.port": "54742", + "tcp.port": "80", + "tcp.stream": "296", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000000b6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7457", + "tcp.analysis.ack_rtt": "0.002902000", + "tcp.analysis.initial_rtt": "0.003467000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.897856000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.897856000", + "frame.time_delta": "0.000696000", + "frame.time_delta_displayed": "0.000696000", + "frame.time_relative": "1860.437170000", + "frame.number": "7459", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001c09", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bc3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54742", + "tcp.dstport": "80", + "tcp.port": "54742", + "tcp.port": "80", + "tcp.stream": "296", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000162f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003467000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.898333000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.898333000", + "frame.time_delta": "0.000477000", + "frame.time_delta_displayed": "0.000477000", + "frame.time_relative": "1860.437647000", + "frame.number": "7460", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000089f3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002e80", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54742", + "tcp.port": "80", + "tcp.port": "54742", + "tcp.stream": "296", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f246", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7459", + "tcp.analysis.ack_rtt": "0.000477000", + "tcp.analysis.initial_rtt": "0.003467000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.899081000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.899081000", + "frame.time_delta": "0.000748000", + "frame.time_delta_displayed": "0.000748000", + "frame.time_relative": "1860.438395000", + "frame.number": "7461", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000089f4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002e6e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54742", + "tcp.port": "80", + "tcp.port": "54742", + "tcp.stream": "296", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003268", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003467000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.899490000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.899490000", + "frame.time_delta": "0.000409000", + "frame.time_delta_displayed": "0.000409000", + "frame.time_relative": "1860.438804000", + "frame.number": "7462", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000089f5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002a9b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54742", + "tcp.port": "80", + "tcp.port": "54742", + "tcp.stream": "296", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000084d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003467000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7461", + "tcp.segment": "7462", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001634000", + "http.request_in": "7459", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.902102000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.902102000", + "frame.time_delta": "0.002612000", + "frame.time_delta_displayed": "0.002612000", + "frame.time_relative": "1860.441416000", + "frame.number": "7463", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c0a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c69", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54742", + "tcp.dstport": "80", + "tcp.port": "54742", + "tcp.port": "80", + "tcp.stream": "296", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000fc1d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7462", + "tcp.analysis.ack_rtt": "0.002612000", + "tcp.analysis.initial_rtt": "0.003467000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.902627000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.902627000", + "frame.time_delta": "0.000525000", + "frame.time_delta_displayed": "0.000525000", + "frame.time_relative": "1860.441941000", + "frame.number": "7464", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c0b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c68", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54742", + "tcp.dstport": "80", + "tcp.port": "54742", + "tcp.port": "80", + "tcp.stream": "296", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000fc1c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.903073000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.903073000", + "frame.time_delta": "0.000446000", + "frame.time_delta_displayed": "0.000446000", + "frame.time_relative": "1860.442387000", + "frame.number": "7465", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003b81", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007cf2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54742", + "tcp.port": "80", + "tcp.port": "54742", + "tcp.stream": "296", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ee50", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7464", + "tcp.analysis.ack_rtt": "0.000446000", + "tcp.analysis.initial_rtt": "0.003467000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.924242000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.924242000", + "frame.time_delta": "0.021169000", + "frame.time_delta_displayed": "0.021169000", + "frame.time_relative": "1860.463556000", + "frame.number": "7466", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.942057000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.942057000", + "frame.time_delta": "0.017815000", + "frame.time_delta_displayed": "0.017815000", + "frame.time_relative": "1860.481371000", + "frame.number": "7467", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00006977", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004dcb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "95", + "http.prev_response_in": "7455" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.946642000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.946642000", + "frame.time_delta": "0.004585000", + "frame.time_delta_displayed": "0.004585000", + "frame.time_relative": "1860.485956000", + "frame.number": "7468", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001c0c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c5b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54743", + "tcp.dstport": "80", + "tcp.port": "54743", + "tcp.port": "80", + "tcp.stream": "297", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00002a8d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.947176000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.947176000", + "frame.time_delta": "0.000534000", + "frame.time_delta_displayed": "0.000534000", + "frame.time_relative": "1860.486490000", + "frame.number": "7469", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54743", + "tcp.port": "80", + "tcp.port": "54743", + "tcp.stream": "297", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00006ddc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7468", + "tcp.analysis.ack_rtt": "0.000534000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.949946000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.949946000", + "frame.time_delta": "0.002770000", + "frame.time_delta_displayed": "0.002770000", + "frame.time_relative": "1860.489260000", + "frame.number": "7470", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c0d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c66", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54743", + "tcp.dstport": "80", + "tcp.port": "54743", + "tcp.port": "80", + "tcp.stream": "297", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001fbb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7469", + "tcp.analysis.ack_rtt": "0.002770000", + "tcp.analysis.initial_rtt": "0.003304000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.950599000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.950599000", + "frame.time_delta": "0.000653000", + "frame.time_delta_displayed": "0.000653000", + "frame.time_relative": "1860.489913000", + "frame.number": "7471", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001c0e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bbe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54743", + "tcp.dstport": "80", + "tcp.port": "54743", + "tcp.port": "80", + "tcp.stream": "297", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003534", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003304000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.951081000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.951081000", + "frame.time_delta": "0.000482000", + "frame.time_delta_displayed": "0.000482000", + "frame.time_relative": "1860.490395000", + "frame.number": "7472", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005d11", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005b62", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54743", + "tcp.port": "80", + "tcp.port": "54743", + "tcp.stream": "297", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000114c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7471", + "tcp.analysis.ack_rtt": "0.000482000", + "tcp.analysis.initial_rtt": "0.003304000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.951724000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.951724000", + "frame.time_delta": "0.000643000", + "frame.time_delta_displayed": "0.000643000", + "frame.time_relative": "1860.491038000", + "frame.number": "7473", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00005d12", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005b50", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54743", + "tcp.port": "80", + "tcp.port": "54743", + "tcp.stream": "297", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000516d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003304000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.952077000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.952077000", + "frame.time_delta": "0.000353000", + "frame.time_delta_displayed": "0.000353000", + "frame.time_relative": "1860.491391000", + "frame.number": "7474", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00005d13", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000577d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54743", + "tcp.port": "80", + "tcp.port": "54743", + "tcp.stream": "297", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a3d6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003304000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7473", + "tcp.segment": "7474", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001478000", + "http.request_in": "7471", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.956135000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.956135000", + "frame.time_delta": "0.004058000", + "frame.time_delta_displayed": "0.004058000", + "frame.time_relative": "1860.495449000", + "frame.number": "7475", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c0f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c64", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54743", + "tcp.dstport": "80", + "tcp.port": "54743", + "tcp.port": "80", + "tcp.stream": "297", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001b23", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7474", + "tcp.analysis.ack_rtt": "0.004058000", + "tcp.analysis.initial_rtt": "0.003304000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.956795000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.956795000", + "frame.time_delta": "0.000660000", + "frame.time_delta_displayed": "0.000660000", + "frame.time_relative": "1860.496109000", + "frame.number": "7476", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c10", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c63", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54743", + "tcp.dstport": "80", + "tcp.port": "54743", + "tcp.port": "80", + "tcp.stream": "297", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001b22", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.957227000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.957227000", + "frame.time_delta": "0.000432000", + "frame.time_delta_displayed": "0.000432000", + "frame.time_relative": "1860.496541000", + "frame.number": "7477", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003b83", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007cf0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54743", + "tcp.port": "80", + "tcp.port": "54743", + "tcp.stream": "297", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000d56", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7476", + "tcp.analysis.ack_rtt": "0.000432000", + "tcp.analysis.initial_rtt": "0.003304000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.971414000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.971414000", + "frame.time_delta": "0.014187000", + "frame.time_delta_displayed": "0.014187000", + "frame.time_relative": "1860.510728000", + "frame.number": "7478", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.986353000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.986353000", + "frame.time_delta": "0.014939000", + "frame.time_delta_displayed": "0.014939000", + "frame.time_relative": "1860.525667000", + "frame.number": "7479", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.995003000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.995003000", + "frame.time_delta": "0.008650000", + "frame.time_delta_displayed": "0.008650000", + "frame.time_relative": "1860.534317000", + "frame.number": "7480", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000697c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004dcc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "96", + "http.prev_response_in": "7467" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:31.999841000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495451.999841000", + "frame.time_delta": "0.004838000", + "frame.time_delta_displayed": "0.004838000", + "frame.time_relative": "1860.539155000", + "frame.number": "7481", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001c11", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c56", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54744", + "tcp.dstport": "80", + "tcp.port": "54744", + "tcp.port": "80", + "tcp.stream": "298", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000137c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:32.000379000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495452.000379000", + "frame.time_delta": "0.000538000", + "frame.time_delta_displayed": "0.000538000", + "frame.time_relative": "1860.539693000", + "frame.number": "7482", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54744", + "tcp.port": "80", + "tcp.port": "54744", + "tcp.stream": "298", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000865a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7481", + "tcp.analysis.ack_rtt": "0.000538000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:32.003161000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495452.003161000", + "frame.time_delta": "0.002782000", + "frame.time_delta_displayed": "0.002782000", + "frame.time_relative": "1860.542475000", + "frame.number": "7483", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c12", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c61", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54744", + "tcp.dstport": "80", + "tcp.port": "54744", + "tcp.port": "80", + "tcp.stream": "298", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003839", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7482", + "tcp.analysis.ack_rtt": "0.002782000", + "tcp.analysis.initial_rtt": "0.003320000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:32.003758000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495452.003758000", + "frame.time_delta": "0.000597000", + "frame.time_delta_displayed": "0.000597000", + "frame.time_relative": "1860.543072000", + "frame.number": "7484", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001c13", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bb9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54744", + "tcp.dstport": "80", + "tcp.port": "54744", + "tcp.port": "80", + "tcp.stream": "298", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004db2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003320000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:32.004278000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495452.004278000", + "frame.time_delta": "0.000520000", + "frame.time_delta_displayed": "0.000520000", + "frame.time_relative": "1860.543592000", + "frame.number": "7485", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006731", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005142", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54744", + "tcp.port": "80", + "tcp.port": "54744", + "tcp.stream": "298", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000029ca", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7484", + "tcp.analysis.ack_rtt": "0.000520000", + "tcp.analysis.initial_rtt": "0.003320000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:32.004847000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495452.004847000", + "frame.time_delta": "0.000569000", + "frame.time_delta_displayed": "0.000569000", + "frame.time_relative": "1860.544161000", + "frame.number": "7486", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00006732", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005130", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54744", + "tcp.port": "80", + "tcp.port": "54744", + "tcp.stream": "298", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000069eb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003320000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:32.005199000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495452.005199000", + "frame.time_delta": "0.000352000", + "frame.time_delta_displayed": "0.000352000", + "frame.time_relative": "1860.544513000", + "frame.number": "7487", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00006733", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004d5d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54744", + "tcp.port": "80", + "tcp.port": "54744", + "tcp.stream": "298", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bc54", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003320000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7486", + "tcp.segment": "7487", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001441000", + "http.request_in": "7484", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:32.007378000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495452.007378000", + "frame.time_delta": "0.002179000", + "frame.time_delta_displayed": "0.002179000", + "frame.time_relative": "1860.546692000", + "frame.number": "7488", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c14", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c5f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54744", + "tcp.dstport": "80", + "tcp.port": "54744", + "tcp.port": "80", + "tcp.stream": "298", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000033a1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7487", + "tcp.analysis.ack_rtt": "0.002179000", + "tcp.analysis.initial_rtt": "0.003320000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:32.008033000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495452.008033000", + "frame.time_delta": "0.000655000", + "frame.time_delta_displayed": "0.000655000", + "frame.time_relative": "1860.547347000", + "frame.number": "7489", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c15", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c5e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54744", + "tcp.dstport": "80", + "tcp.port": "54744", + "tcp.port": "80", + "tcp.stream": "298", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000033a0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:32.008479000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495452.008479000", + "frame.time_delta": "0.000446000", + "frame.time_delta_displayed": "0.000446000", + "frame.time_relative": "1860.547793000", + "frame.number": "7490", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003b85", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007cee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54744", + "tcp.port": "80", + "tcp.port": "54744", + "tcp.stream": "298", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000025d4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7489", + "tcp.analysis.ack_rtt": "0.000446000", + "tcp.analysis.initial_rtt": "0.003320000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:32.039183000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495452.039183000", + "frame.time_delta": "0.030704000", + "frame.time_delta_displayed": "0.030704000", + "frame.time_relative": "1860.578497000", + "frame.number": "7491", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:34.459278000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495454.459278000", + "frame.time_delta": "2.420095000", + "frame.time_delta_displayed": "2.420095000", + "frame.time_relative": "1862.998592000", + "frame.number": "7492", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005823", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a66e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5117", + "tcp.ack": "649", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f03a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:34.603618000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495454.603618000", + "frame.time_delta": "0.144340000", + "frame.time_delta_displayed": "0.144340000", + "frame.time_relative": "1863.142932000", + "frame.number": "7493", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001008", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd89", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "649", + "tcp.ack": "5118", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000faaf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:36.682209000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495456.682209000", + "frame.time_delta": "2.078591000", + "frame.time_delta_displayed": "2.078591000", + "frame.time_relative": "1865.221523000", + "frame.number": "7494", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x0000211a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6fa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50925", + "udp.dstport": "1900", + "udp.port": "50925", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00008370", + "udp.checksum.status": "2", + "udp.stream": "138" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:36.726584000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495456.726584000", + "frame.time_delta": "0.044375000", + "frame.time_delta_displayed": "0.044375000", + "frame.time_relative": "1865.265898000", + "frame.number": "7495", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005e86", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005963", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:37.159727000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495457.159727000", + "frame.time_delta": "0.433143000", + "frame.time_delta_displayed": "0.433143000", + "frame.time_relative": "1865.699041000", + "frame.number": "7496", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:37.370513000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495457.370513000", + "frame.time_delta": "0.210786000", + "frame.time_delta_displayed": "0.210786000", + "frame.time_relative": "1865.909827000", + "frame.number": "7497", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00006ac2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004c89", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "305", + "udp.checksum": "0x0000fe2d", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:37.423265000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495457.423265000", + "frame.time_delta": "0.052752000", + "frame.time_delta_displayed": "0.052752000", + "frame.time_relative": "1865.962579000", + "frame.number": "7498", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00006ac6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004c7c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "314", + "udp.checksum": "0x00000c19", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "7497" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:37.476064000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495457.476064000", + "frame.time_delta": "0.052799000", + "frame.time_delta_displayed": "0.052799000", + "frame.time_relative": "1866.015378000", + "frame.number": "7499", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00006ac7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004c81", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "308", + "udp.checksum": "0x00002fa3", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "7498" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:37.679491000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495457.679491000", + "frame.time_delta": "0.203427000", + "frame.time_delta_displayed": "0.203427000", + "frame.time_relative": "1866.218805000", + "frame.number": "7500", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x0000211b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6f9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50925", + "udp.dstport": "1900", + "udp.port": "50925", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00008370", + "udp.checksum.status": "2", + "udp.stream": "138" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "7494" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:38.422821000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495458.422821000", + "frame.time_delta": "0.743330000", + "frame.time_delta_displayed": "0.743330000", + "frame.time_relative": "1866.962135000", + "frame.number": "7501", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00006b08", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004c43", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "305", + "udp.checksum": "0x0000fe2d", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "7499" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:38.475718000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495458.475718000", + "frame.time_delta": "0.052897000", + "frame.time_delta_displayed": "0.052897000", + "frame.time_relative": "1867.015032000", + "frame.number": "7502", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00006b09", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004c39", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "314", + "udp.checksum": "0x00000c19", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "7501" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:38.528549000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495458.528549000", + "frame.time_delta": "0.052831000", + "frame.time_delta_displayed": "0.052831000", + "frame.time_relative": "1867.067863000", + "frame.number": "7503", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00006b0a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004c3e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "308", + "udp.checksum": "0x00002fa3", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "7502" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:38.680037000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495458.680037000", + "frame.time_delta": "0.151488000", + "frame.time_delta_displayed": "0.151488000", + "frame.time_relative": "1867.219351000", + "frame.number": "7504", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x0000211c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6f8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50925", + "udp.dstport": "1900", + "udp.port": "50925", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00008370", + "udp.checksum.status": "2", + "udp.stream": "138" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "7500" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:39.107617000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495459.107617000", + "frame.time_delta": "0.427580000", + "frame.time_delta_displayed": "0.427580000", + "frame.time_relative": "1867.646931000", + "frame.number": "7505", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00006b21", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004c2a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "305", + "udp.checksum": "0x0000fe2d", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "7503" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:39.160441000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495459.160441000", + "frame.time_delta": "0.052824000", + "frame.time_delta_displayed": "0.052824000", + "frame.time_relative": "1867.699755000", + "frame.number": "7506", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00006b27", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004c1b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "314", + "udp.checksum": "0x00000c19", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "7505" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:39.213143000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495459.213143000", + "frame.time_delta": "0.052702000", + "frame.time_delta_displayed": "0.052702000", + "frame.time_relative": "1867.752457000", + "frame.number": "7507", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00006b28", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004c20", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "308", + "udp.checksum": "0x00002fa3", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "7506" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:39.610230000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495459.610230000", + "frame.time_delta": "0.397087000", + "frame.time_delta_displayed": "0.397087000", + "frame.time_relative": "1868.149544000", + "frame.number": "7508", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:39.610631000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495459.610631000", + "frame.time_delta": "0.000401000", + "frame.time_delta_displayed": "0.000401000", + "frame.time_relative": "1868.149945000", + "frame.number": "7509", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:39.680555000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495459.680555000", + "frame.time_delta": "0.069924000", + "frame.time_delta_displayed": "0.069924000", + "frame.time_relative": "1868.219869000", + "frame.number": "7510", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x0000211d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6f7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50925", + "udp.dstport": "1900", + "udp.port": "50925", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00008370", + "udp.checksum.status": "2", + "udp.stream": "138" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "7504" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:40.159637000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495460.159637000", + "frame.time_delta": "0.479082000", + "frame.time_delta_displayed": "0.479082000", + "frame.time_relative": "1868.698951000", + "frame.number": "7511", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00006b7b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004bd0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "305", + "udp.checksum": "0x0000fe2d", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "7507" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:40.212407000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495460.212407000", + "frame.time_delta": "0.052770000", + "frame.time_delta_displayed": "0.052770000", + "frame.time_relative": "1868.751721000", + "frame.number": "7512", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00006b7c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004bc6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "314", + "udp.checksum": "0x00000c19", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "7511" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:40.231950000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495460.231950000", + "frame.time_delta": "0.019543000", + "frame.time_delta_displayed": "0.019543000", + "frame.time_relative": "1868.771264000", + "frame.number": "7513", + "frame.len": "411", + "frame.cap_len": "411", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "397", + "ip.id": "0x000096e6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007540", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "345", + "tcp.seq": "90622", + "tcp.nxtseq": "90967", + "tcp.ack": "18447", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000057a7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:8a:f0:a7:a2:10:d8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2591472, TSecr 2812416216": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2591472", + "tcp.options.timestamp.tsecr": "2812416216" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "345", + "tcp.analysis.push_bytes_sent": "345" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "340", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:84:d8:4c:6f:46:48:e7:d4:54:b2:f8:e7:87:3b:4a:64:85:8f:67:de:3c:3f:7c:9f:0a:05:bb:b8:93:23:1e:ef:cf:7b:d0:68:01:d9:0f:7c:c2:65:d0:ec:ef:86:4e:1b:8d:75:b7:5a:f5:67:c6:75:b7:f9:ec:38:fd:10:12:e4:f3:65:14:18:a8:77:ac:99:7c:92:7e:25:24:ca:c5:23:26:42:4b:c8:6b:3b:e9:f4:24:42:f2:50:2a:aa:01:e2:0a:f8:9a:14:53:bb:55:63:a2:54:5e:2c:7f:73:54:f6:db:d0:14:48:21:7c:dc:e2:47:31:95:94:f6:71:3b:33:09:1e:e3:b5:c1:94:25:c3:2b:04:03:23:a3:34:5a:b3:cf:ca:df:b7:a6:7d:29:25:9d:3b:5d:07:77:e9:2e:61:8b:0d:cb:28:a9:87:15:f2:e4:f8:b6:55:d4:f2:93:f2:9e:d4:46:9c:58:e7:4a:0d:85:c2:5f:33:6a:82:bb:7b:48:c1:65:c0:cd:49:ea:c6:c5:1c:83:92:28:53:98:b6:c0:30:33:22:a8:35:27:17:67:5e:75:6d:68:28:9d:e9:db:1a:62:8e:61:56:77:96:63:9b:c5:71:fb:5d:6e:cd:1c:2f:e5:3a:c8:f5:b6:48:67:3a:a4:21:0d:d8:e9:57:14:fa:a5:be:70:d4:61:6e:bc:9a:d4:6d:10:8f:50:43:1e:74:9c:11:06:93:36:bc:ee:58:9d:1d:5e:fa:9b:4b:12:f2:a2:f2:49:a1:71:b9:d6:e8:4b:e7:24:7d:c0:61:a6:e5:df:d5:67:ad:8d:35:29:f1:5b:14:5a:94:b9:40:31:97:b8:c9:47:45:d7:36:76:51:3a:58:ac" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:40.265127000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495460.265127000", + "frame.time_delta": "0.033177000", + "frame.time_delta_displayed": "0.033177000", + "frame.time_relative": "1868.804441000", + "frame.number": "7514", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00006b80", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004bc8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "308", + "udp.checksum": "0x00002fa3", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "7512" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:40.292303000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495460.292303000", + "frame.time_delta": "0.027176000", + "frame.time_delta_displayed": "0.027176000", + "frame.time_relative": "1868.831617000", + "frame.number": "7515", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002de0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000379f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "18447", + "tcp.ack": "90967", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000055d3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a2:1c:5d:00:27:8a:f0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812419165, TSecr 2591472": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812419165", + "tcp.options.timestamp.tsecr": "2591472" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7513", + "tcp.analysis.ack_rtt": "0.060353000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:40.326517000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495460.326517000", + "frame.time_delta": "0.034214000", + "frame.time_delta_displayed": "0.034214000", + "frame.time_relative": "1868.865831000", + "frame.number": "7516", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002de1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000376f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "18447", + "tcp.nxtseq": "18494", + "tcp.ack": "90967", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009dc6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a2:1c:65:00:27:8a:f0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812419173, TSecr 2591472": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812419173", + "tcp.options.timestamp.tsecr": "2591472" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:cc:57:c8:35:9b:ec:64:8c:64:af:59:c0:b5:99:7d:44:87:99:a4:30:85:ff:47:fd:d6:c7:9a:55:00:9c:ac:b6:16:80:92" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:40.360724000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495460.360724000", + "frame.time_delta": "0.034207000", + "frame.time_delta_displayed": "0.034207000", + "frame.time_relative": "1868.900038000", + "frame.number": "7517", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000096e7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007698", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "90967", + "tcp.ack": "18494", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000054a0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:8a:fd:a7:a2:1c:65", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2591485, TSecr 2812419173": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2591485", + "tcp.options.timestamp.tsecr": "2812419173" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7516", + "tcp.analysis.ack_rtt": "0.034207000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:40.528220000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495460.528220000", + "frame.time_delta": "0.167496000", + "frame.time_delta_displayed": "0.167496000", + "frame.time_relative": "1869.067534000", + "frame.number": "7518", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00006b98", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004bb3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "305", + "udp.checksum": "0x0000fe2d", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "7514" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:40.580997000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495460.580997000", + "frame.time_delta": "0.052777000", + "frame.time_delta_displayed": "0.052777000", + "frame.time_relative": "1869.120311000", + "frame.number": "7519", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00006b9e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004ba4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "314", + "udp.checksum": "0x00000c19", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "7518" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:40.697931000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495460.697931000", + "frame.time_delta": "0.116934000", + "frame.time_delta_displayed": "0.116934000", + "frame.time_relative": "1869.237245000", + "frame.number": "7520", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00006ba3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004ba5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "308", + "udp.checksum": "0x00002fa3", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "7519" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:41.585634000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495461.585634000", + "frame.time_delta": "0.887703000", + "frame.time_delta_displayed": "0.887703000", + "frame.time_relative": "1870.124948000", + "frame.number": "7521", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00006be7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004b64", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "305", + "udp.checksum": "0x0000fe2d", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "7520" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:41.638446000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495461.638446000", + "frame.time_delta": "0.052812000", + "frame.time_delta_displayed": "0.052812000", + "frame.time_relative": "1870.177760000", + "frame.number": "7522", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00006be9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004b59", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "314", + "udp.checksum": "0x00000c19", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "7521" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:41.691276000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495461.691276000", + "frame.time_delta": "0.052830000", + "frame.time_delta_displayed": "0.052830000", + "frame.time_relative": "1870.230590000", + "frame.number": "7523", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00006bef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004b59", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "308", + "udp.checksum": "0x00002fa3", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "7522" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:42.428064000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495462.428064000", + "frame.time_delta": "0.736788000", + "frame.time_delta_displayed": "0.736788000", + "frame.time_relative": "1870.967378000", + "frame.number": "7524", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00006bfc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004b4f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "305", + "udp.checksum": "0x0000fe2d", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "7523" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:42.480866000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495462.480866000", + "frame.time_delta": "0.052802000", + "frame.time_delta_displayed": "0.052802000", + "frame.time_relative": "1871.020180000", + "frame.number": "7525", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00006c02", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004b40", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "314", + "udp.checksum": "0x00000c19", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "7524" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:42.533678000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495462.533678000", + "frame.time_delta": "0.052812000", + "frame.time_delta_displayed": "0.052812000", + "frame.time_relative": "1871.072992000", + "frame.number": "7526", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00006c03", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004b45", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "308", + "udp.checksum": "0x00002fa3", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "7525" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:42.675076000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495462.675076000", + "frame.time_delta": "0.141398000", + "frame.time_delta_displayed": "0.141398000", + "frame.time_relative": "1871.214390000", + "frame.number": "7527", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fbf", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b831", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000106c", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000289", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=649", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:42.675610000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495462.675610000", + "frame.time_delta": "0.000534000", + "frame.time_delta_displayed": "0.000534000", + "frame.time_relative": "1871.214924000", + "frame.number": "7528", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fc0", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000992c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f167", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000289", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=649", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:42.676207000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495462.676207000", + "frame.time_delta": "0.000597000", + "frame.time_delta_displayed": "0.000597000", + "frame.time_relative": "1871.215521000", + "frame.number": "7529", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007f2d", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000289", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=649", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:43.485304000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495463.485304000", + "frame.time_delta": "0.809097000", + "frame.time_delta_displayed": "0.809097000", + "frame.time_relative": "1872.024618000", + "frame.number": "7530", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00006c5c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004aef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "305", + "udp.checksum": "0x0000fe2d", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "7526" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:43.538068000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495463.538068000", + "frame.time_delta": "0.052764000", + "frame.time_delta_displayed": "0.052764000", + "frame.time_relative": "1872.077382000", + "frame.number": "7531", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00006c61", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004ae1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "314", + "udp.checksum": "0x00000c19", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "7530" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:43.590880000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495463.590880000", + "frame.time_delta": "0.052812000", + "frame.time_delta_displayed": "0.052812000", + "frame.time_relative": "1872.130194000", + "frame.number": "7532", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00006c65", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004ae3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "50925", + "udp.port": "1900", + "udp.port": "50925", + "udp.length": "308", + "udp.checksum": "0x00002fa3", + "udp.checksum.status": "2", + "udp.stream": "139" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "7531" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:45.300196000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495465.300196000", + "frame.time_delta": "1.709316000", + "frame.time_delta_displayed": "1.709316000", + "frame.time_relative": "1873.839510000", + "frame.number": "7533", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:45.300623000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495465.300623000", + "frame.time_delta": "0.000427000", + "frame.time_delta_displayed": "0.000427000", + "frame.time_relative": "1873.839937000", + "frame.number": "7534", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:45.930575000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495465.930575000", + "frame.time_delta": "0.629952000", + "frame.time_delta_displayed": "0.629952000", + "frame.time_relative": "1874.469889000", + "frame.number": "7535", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:45.933219000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495465.933219000", + "frame.time_delta": "0.002644000", + "frame.time_delta_displayed": "0.002644000", + "frame.time_relative": "1874.472533000", + "frame.number": "7536", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:45.933448000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495465.933448000", + "frame.time_delta": "0.000229000", + "frame.time_delta_displayed": "0.000229000", + "frame.time_relative": "1874.472762000", + "frame.number": "7537", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:46.101473000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495466.101473000", + "frame.time_delta": "0.168025000", + "frame.time_delta_displayed": "0.168025000", + "frame.time_relative": "1874.640787000", + "frame.number": "7538", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:46.758880000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495466.758880000", + "frame.time_delta": "0.657407000", + "frame.time_delta_displayed": "0.657407000", + "frame.time_relative": "1875.298194000", + "frame.number": "7539", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x00008b2d", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x001f9190", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:46.766439000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495466.766439000", + "frame.time_delta": "0.007559000", + "frame.time_delta_displayed": "0.007559000", + "frame.time_relative": "1875.305753000", + "frame.number": "7540", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x00001972", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x0046f85c", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:46.774151000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495466.774151000", + "frame.time_delta": "0.007712000", + "frame.time_delta_displayed": "0.007712000", + "frame.time_relative": "1875.313465000", + "frame.number": "7541", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:46.791790000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495466.791790000", + "frame.time_delta": "0.017639000", + "frame.time_delta_displayed": "0.017639000", + "frame.time_relative": "1875.331104000", + "frame.number": "7542", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:47.676494000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495467.676494000", + "frame.time_delta": "0.884704000", + "frame.time_delta_displayed": "0.884704000", + "frame.time_relative": "1876.215808000", + "frame.number": "7543", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fc2", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b82e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000106c", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000289", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=649", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:47.676877000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495467.676877000", + "frame.time_delta": "0.000383000", + "frame.time_delta_displayed": "0.000383000", + "frame.time_relative": "1876.216191000", + "frame.number": "7544", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fc3", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009929", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f167", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000289", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=649", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:47.677347000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495467.677347000", + "frame.time_delta": "0.000470000", + "frame.time_delta_displayed": "0.000470000", + "frame.time_relative": "1876.216661000", + "frame.number": "7545", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007f2d", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000289", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=649", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:47.787929000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495467.787929000", + "frame.time_delta": "0.110582000", + "frame.time_delta_displayed": "0.110582000", + "frame.time_relative": "1876.327243000", + "frame.number": "7546", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:47.791154000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495467.791154000", + "frame.time_delta": "0.003225000", + "frame.time_delta_displayed": "0.003225000", + "frame.time_relative": "1876.330468000", + "frame.number": "7547", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:47.804977000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495467.804977000", + "frame.time_delta": "0.013823000", + "frame.time_delta_displayed": "0.013823000", + "frame.time_relative": "1876.344291000", + "frame.number": "7548", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:47.950466000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495467.950466000", + "frame.time_delta": "0.145489000", + "frame.time_delta_displayed": "0.145489000", + "frame.time_relative": "1876.489780000", + "frame.number": "7549", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:48.342421000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495468.342421000", + "frame.time_delta": "0.391955000", + "frame.time_delta_displayed": "0.391955000", + "frame.time_relative": "1876.881735000", + "frame.number": "7550", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x0000afc0", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x00086d14", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:48.347896000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495468.347896000", + "frame.time_delta": "0.005475000", + "frame.time_delta_displayed": "0.005475000", + "frame.time_relative": "1876.887210000", + "frame.number": "7551", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x0000b032", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x005a6188", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:48.368584000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495468.368584000", + "frame.time_delta": "0.020688000", + "frame.time_delta_displayed": "0.020688000", + "frame.time_relative": "1876.907898000", + "frame.number": "7552", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:48.380500000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495468.380500000", + "frame.time_delta": "0.011916000", + "frame.time_delta_displayed": "0.011916000", + "frame.time_relative": "1876.919814000", + "frame.number": "7553", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:49.388985000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495469.388985000", + "frame.time_delta": "1.008485000", + "frame.time_delta_displayed": "1.008485000", + "frame.time_relative": "1877.928299000", + "frame.number": "7554", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:49.391594000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495469.391594000", + "frame.time_delta": "0.002609000", + "frame.time_delta_displayed": "0.002609000", + "frame.time_relative": "1877.930908000", + "frame.number": "7555", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:49.392133000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495469.392133000", + "frame.time_delta": "0.000539000", + "frame.time_delta_displayed": "0.000539000", + "frame.time_relative": "1877.931447000", + "frame.number": "7556", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:49.583664000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495469.583664000", + "frame.time_delta": "0.191531000", + "frame.time_delta_displayed": "0.191531000", + "frame.time_relative": "1878.122978000", + "frame.number": "7557", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:50.014847000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495470.014847000", + "frame.time_delta": "0.431183000", + "frame.time_delta_displayed": "0.431183000", + "frame.time_relative": "1878.554161000", + "frame.number": "7558", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x00009652", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x003a8650", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:50.023170000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495470.023170000", + "frame.time_delta": "0.008323000", + "frame.time_delta_displayed": "0.008323000", + "frame.time_relative": "1878.562484000", + "frame.number": "7559", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x0000c923", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x001c48d5", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:50.063938000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495470.063938000", + "frame.time_delta": "0.040768000", + "frame.time_delta_displayed": "0.040768000", + "frame.time_relative": "1878.603252000", + "frame.number": "7560", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:50.070483000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495470.070483000", + "frame.time_delta": "0.006545000", + "frame.time_delta_displayed": "0.006545000", + "frame.time_relative": "1878.609797000", + "frame.number": "7561", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:51.089285000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495471.089285000", + "frame.time_delta": "1.018802000", + "frame.time_delta_displayed": "1.018802000", + "frame.time_relative": "1879.628599000", + "frame.number": "7562", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:51.090316000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495471.090316000", + "frame.time_delta": "0.001031000", + "frame.time_delta_displayed": "0.001031000", + "frame.time_relative": "1879.629630000", + "frame.number": "7563", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:51.091474000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495471.091474000", + "frame.time_delta": "0.001158000", + "frame.time_delta_displayed": "0.001158000", + "frame.time_relative": "1879.630788000", + "frame.number": "7564", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:51.221464000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495471.221464000", + "frame.time_delta": "0.129990000", + "frame.time_delta_displayed": "0.129990000", + "frame.time_relative": "1879.760778000", + "frame.number": "7565", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:51.305192000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495471.305192000", + "frame.time_delta": "0.083728000", + "frame.time_delta_displayed": "0.083728000", + "frame.time_relative": "1879.844506000", + "frame.number": "7566", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x000081bf", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x00119b0c", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:51.313568000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495471.313568000", + "frame.time_delta": "0.008376000", + "frame.time_delta_displayed": "0.008376000", + "frame.time_relative": "1879.852882000", + "frame.number": "7567", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x00009a49", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x00c57706", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:51.329189000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495471.329189000", + "frame.time_delta": "0.015621000", + "frame.time_delta_displayed": "0.015621000", + "frame.time_relative": "1879.868503000", + "frame.number": "7568", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:51.340461000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495471.340461000", + "frame.time_delta": "0.011272000", + "frame.time_delta_displayed": "0.011272000", + "frame.time_relative": "1879.879775000", + "frame.number": "7569", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:52.350259000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495472.350259000", + "frame.time_delta": "1.009798000", + "frame.time_delta_displayed": "1.009798000", + "frame.time_relative": "1880.889573000", + "frame.number": "7570", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:52.351432000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495472.351432000", + "frame.time_delta": "0.001173000", + "frame.time_delta_displayed": "0.001173000", + "frame.time_relative": "1880.890746000", + "frame.number": "7571", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:52.352611000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495472.352611000", + "frame.time_delta": "0.001179000", + "frame.time_delta_displayed": "0.001179000", + "frame.time_relative": "1880.891925000", + "frame.number": "7572", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:52.451862000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495472.451862000", + "frame.time_delta": "0.099251000", + "frame.time_delta_displayed": "0.099251000", + "frame.time_relative": "1880.991176000", + "frame.number": "7573", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:52.675589000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495472.675589000", + "frame.time_delta": "0.223727000", + "frame.time_delta_displayed": "0.223727000", + "frame.time_relative": "1881.214903000", + "frame.number": "7574", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fc6", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b82a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000106c", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x00000289", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=649", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:52.676135000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495472.676135000", + "frame.time_delta": "0.000546000", + "frame.time_delta_displayed": "0.000546000", + "frame.time_relative": "1881.215449000", + "frame.number": "7575", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fc7", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009925", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f167", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x00000289", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=649", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:52.676762000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495472.676762000", + "frame.time_delta": "0.000627000", + "frame.time_delta_displayed": "0.000627000", + "frame.time_relative": "1881.216076000", + "frame.number": "7576", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007f2d", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x00000289", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=649", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:53.189933000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495473.189933000", + "frame.time_delta": "0.513171000", + "frame.time_delta_displayed": "0.513171000", + "frame.time_relative": "1881.729247000", + "frame.number": "7577", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x0000f875", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x00312436", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:53.193852000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495473.193852000", + "frame.time_delta": "0.003919000", + "frame.time_delta_displayed": "0.003919000", + "frame.time_relative": "1881.733166000", + "frame.number": "7578", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x0000497b", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x00e8c7b1", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:59.629420000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495479.629420000", + "frame.time_delta": "6.435568000", + "frame.time_delta_displayed": "6.435568000", + "frame.time_relative": "1888.168734000", + "frame.number": "7579", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x000096e8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007537", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "90967", + "tcp.nxtseq": "91319", + "tcp.ack": "18494", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000019cc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:92:83:a7:a2:1c:65", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2593411, TSecr 2812419173": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2593411", + "tcp.options.timestamp.tsecr": "2812419173" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "352", + "tcp.analysis.push_bytes_sent": "352" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "347", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:85:31:e4:57:76:a1:fb:22:45:d0:82:ba:d7:0f:71:78:2c:25:f7:a8:be:04:29:1c:3b:05:43:6f:ec:89:83:63:aa:55:e0:a8:0c:a6:1d:2d:d7:97:bd:b8:5d:97:4a:c1:8e:e0:37:b6:71:6a:98:d8:ae:c7:1f:1f:f0:e6:be:2f:b1:16:87:18:10:9c:60:22:72:9b:ad:df:c2:c8:31:0c:22:5a:1f:e9:9d:58:8f:ce:43:7a:f3:fa:91:1d:19:0c:25:59:d9:c1:c2:b8:65:77:d6:e7:1f:3e:ff:22:92:d0:8a:b3:1d:4c:aa:54:a9:38:aa:ff:d5:54:7b:4b:1d:79:cd:0b:85:96:03:5b:89:1a:8f:ea:7a:d5:29:1b:cb:84:79:c3:68:79:3b:88:07:47:9b:9e:64:48:23:b0:03:18:78:fc:14:28:40:a4:17:4b:7f:07:ee:a9:2f:33:bc:ef:e5:d1:7a:5a:96:fa:c1:e3:01:90:67:99:61:43:93:66:4a:6f:db:f7:86:b0:88:ab:24:f1:57:7f:0c:64:c8:19:45:e8:e0:aa:f2:b2:44:f3:6a:f9:56:35:0c:8a:5f:e3:df:75:dd:a3:ee:fe:76:16:43:5d:3d:1b:d6:44:15:02:79:0f:f7:96:29:ea:f1:ba:58:63:a8:95:4a:cf:99:70:72:2f:ab:62:01:56:75:3a:03:92:00:ea:01:6f:db:42:59:be:e5:4a:08:dc:d8:4b:e1:b4:dc:f1:2f:69:c1:0f:a1:ae:e7:6d:bc:db:26:e2:26:6f:3e:9c:29:f3:66:36:50:ec:88:eb:26:1c:c6:a2:30:a6:97:77:73:6b:ba:fa:59:aa:37:4b:47:2f:d5:f0:9c:85:72:2e:9c:aa:e8:4a:0a:48:c6:a7" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:59.692153000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495479.692153000", + "frame.time_delta": "0.062733000", + "frame.time_delta_displayed": "0.062733000", + "frame.time_relative": "1888.231467000", + "frame.number": "7580", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002de2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000376e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "18494", + "tcp.nxtseq": "18541", + "tcp.ack": "91319", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ad39", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a2:2f:4f:00:27:92:83", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812424015, TSecr 2593411": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812424015", + "tcp.options.timestamp.tsecr": "2593411" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7579", + "tcp.analysis.ack_rtt": "0.062733000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:cd:cf:a1:d9:8d:01:44:1d:3c:43:61:41:cf:6a:5c:3d:cc:06:8c:4d:2d:90:46:81:cf:54:ce:f9:be:99:56:d7:5e:72:33" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:17:59.692590000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495479.692590000", + "frame.time_delta": "0.000437000", + "frame.time_delta_displayed": "0.000437000", + "frame.time_relative": "1888.231904000", + "frame.number": "7581", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000096e9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007696", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "91319", + "tcp.ack": "18541", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000389a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:92:8a:a7:a2:2f:4f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2593418, TSecr 2812424015": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2593418", + "tcp.options.timestamp.tsecr": "2812424015" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7580", + "tcp.analysis.ack_rtt": "0.000437000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:04.334345000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495484.334345000", + "frame.time_delta": "4.641755000", + "frame.time_delta_displayed": "4.641755000", + "frame.time_relative": "1892.873659000", + "frame.number": "7582", + "frame.len": "94", + "frame.cap_len": "94", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "80", + "ip.id": "0x00005824", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a645", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "40", + "tcp.seq": "5118", + "tcp.nxtseq": "5158", + "tcp.ack": "649", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002c7c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "40", + "tcp.analysis.push_bytes_sent": "40" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "35", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:ed:fd:1a:c4:0c:32:10:4c:e9:6a:60:67:ee:65:33:fb:f7:84:71:86:33:56:e3:09:63:f1:07:32" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:04.477626000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495484.477626000", + "frame.time_delta": "0.143281000", + "frame.time_delta_displayed": "0.143281000", + "frame.time_relative": "1893.016940000", + "frame.number": "7583", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00001009", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd64", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "36", + "tcp.seq": "649", + "tcp.nxtseq": "685", + "tcp.ack": "5158", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b1ae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7582", + "tcp.analysis.ack_rtt": "0.143281000", + "tcp.analysis.bytes_in_flight": "36", + "tcp.analysis.push_bytes_sent": "36" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "31", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:72:ca:3b:d3:c3:51:42:c1:65:29:3d:48:07:8f:db:b8:da:b5:a7:8c:38:e4:5b:33" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:04.478148000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495484.478148000", + "frame.time_delta": "0.000522000", + "frame.time_delta_displayed": "0.000522000", + "frame.time_relative": "1893.017462000", + "frame.number": "7584", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005825", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a66c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5158", + "tcp.ack": "685", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000efed", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7583", + "tcp.analysis.ack_rtt": "0.000522000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:06.729033000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495486.729033000", + "frame.time_delta": "2.250885000", + "frame.time_delta_displayed": "2.250885000", + "frame.time_relative": "1895.268347000", + "frame.number": "7585", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005e8d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x0000595c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:10.198012000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495490.198012000", + "frame.time_delta": "3.468979000", + "frame.time_delta_displayed": "3.468979000", + "frame.time_relative": "1898.737326000", + "frame.number": "7586", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00000ba3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed13", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "58", + "udp.checksum": "0x00002028", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "32:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:84:ac:3e:66:26:ce:f2:14:11:00:00:00:2a:43:4e:3c:ce:39:02:00:da:a3:01:00:00:00", + "data.len": "50" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:28.822696000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495508.822696000", + "frame.time_delta": "18.624684000", + "frame.time_delta_displayed": "18.624684000", + "frame.time_relative": "1917.362010000", + "frame.number": "7587", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x000058ed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000706a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:28.850987000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495508.850987000", + "frame.time_delta": "0.028291000", + "frame.time_delta_displayed": "0.028291000", + "frame.time_relative": "1917.390301000", + "frame.number": "7588", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:28.875697000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495508.875697000", + "frame.time_delta": "0.024710000", + "frame.time_delta_displayed": "0.024710000", + "frame.time_relative": "1917.415011000", + "frame.number": "7589", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x000058f2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007065", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:28.928547000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495508.928547000", + "frame.time_delta": "0.052850000", + "frame.time_delta_displayed": "0.052850000", + "frame.time_relative": "1917.467861000", + "frame.number": "7590", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x000058f5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007059", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:28.981450000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495508.981450000", + "frame.time_delta": "0.052903000", + "frame.time_delta_displayed": "0.052903000", + "frame.time_relative": "1917.520764000", + "frame.number": "7591", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x000058fb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007053", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:29.034696000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495509.034696000", + "frame.time_delta": "0.053246000", + "frame.time_delta_displayed": "0.053246000", + "frame.time_relative": "1917.574010000", + "frame.number": "7592", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x000058fc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007058", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:29.087583000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495509.087583000", + "frame.time_delta": "0.052887000", + "frame.time_delta_displayed": "0.052887000", + "frame.time_relative": "1917.626897000", + "frame.number": "7593", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x000058ff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00007055", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:30.706679000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495510.706679000", + "frame.time_delta": "1.619096000", + "frame.time_delta_displayed": "1.619096000", + "frame.time_relative": "1919.245993000", + "frame.number": "7594", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x000096ea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007664", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "91319", + "tcp.nxtseq": "91368", + "tcp.ack": "18541", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fd03", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:9e:a7:a7:a2:2f:4f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2596519, TSecr 2812424015": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2596519", + "tcp.options.timestamp.tsecr": "2812424015" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:86:dc:04:f7:83:cf:75:c5:93:e6:75:84:b3:d6:b3:5f:eb:bf:d8:a2:5d:09:2f:d1:89:1a:6c:62:cd:80:5a:49:b7:65:e0:2a:31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:30.767503000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495510.767503000", + "frame.time_delta": "0.060824000", + "frame.time_delta_displayed": "0.060824000", + "frame.time_relative": "1919.306817000", + "frame.number": "7595", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002de3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003765", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "18541", + "tcp.nxtseq": "18596", + "tcp.ack": "91368", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002608", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a2:4d:a8:00:27:9e:a7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812431784, TSecr 2596519": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812431784", + "tcp.options.timestamp.tsecr": "2596519" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7594", + "tcp.analysis.ack_rtt": "0.060824000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:ce:dd:f7:31:29:f4:a3:b1:0e:24:86:6b:80:25:86:de:9d:b2:db:4f:ed:5b:1f:9c:cc:63:37:bc:9d:f9:b1:d3:74:ef:64:0f:55:96:ae:dd:d6:34:b3" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:30.768011000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495510.768011000", + "frame.time_delta": "0.000508000", + "frame.time_delta_displayed": "0.000508000", + "frame.time_relative": "1919.307325000", + "frame.number": "7596", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000096eb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007694", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "91368", + "tcp.ack": "18596", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000db6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:9e:ad:a7:a2:4d:a8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2596525, TSecr 2812431784": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2596525", + "tcp.options.timestamp.tsecr": "2812431784" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7595", + "tcp.analysis.ack_rtt": "0.000508000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:34.498491000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495514.498491000", + "frame.time_delta": "3.730480000", + "frame.time_delta_displayed": "3.730480000", + "frame.time_relative": "1923.037805000", + "frame.number": "7597", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005826", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a66b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5157", + "tcp.ack": "685", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000efee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:34.641544000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495514.641544000", + "frame.time_delta": "0.143053000", + "frame.time_delta_displayed": "0.143053000", + "frame.time_relative": "1923.180858000", + "frame.number": "7598", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000100a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd87", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "685", + "tcp.ack": "5158", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fa63", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:35.770169000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495515.770169000", + "frame.time_delta": "1.128625000", + "frame.time_delta_displayed": "1.128625000", + "frame.time_relative": "1924.309483000", + "frame.number": "7599", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:35.770592000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495515.770592000", + "frame.time_delta": "0.000423000", + "frame.time_delta_displayed": "0.000423000", + "frame.time_relative": "1924.309906000", + "frame.number": "7600", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:36.761398000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495516.761398000", + "frame.time_delta": "0.990806000", + "frame.time_delta_displayed": "0.990806000", + "frame.time_relative": "1925.300712000", + "frame.number": "7601", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005e94", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005955", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:37.678732000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495517.678732000", + "frame.time_delta": "0.917334000", + "frame.time_delta_displayed": "0.917334000", + "frame.time_relative": "1926.218046000", + "frame.number": "7602", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fd0", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b820", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000196a", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000028a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=650", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:37.679068000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495517.679068000", + "frame.time_delta": "0.000336000", + "frame.time_delta_displayed": "0.000336000", + "frame.time_relative": "1926.218382000", + "frame.number": "7603", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fd1", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000991b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000fa65", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000028a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=650", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:37.679565000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495517.679565000", + "frame.time_delta": "0.000497000", + "frame.time_delta_displayed": "0.000497000", + "frame.time_relative": "1926.218879000", + "frame.number": "7604", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000882b", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000028a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=650", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:39.650181000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495519.650181000", + "frame.time_delta": "1.970616000", + "frame.time_delta_displayed": "1.970616000", + "frame.time_relative": "1928.189495000", + "frame.number": "7605", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:39.650579000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495519.650579000", + "frame.time_delta": "0.000398000", + "frame.time_delta_displayed": "0.000398000", + "frame.time_relative": "1928.189893000", + "frame.number": "7606", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:42.678430000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495522.678430000", + "frame.time_delta": "3.027851000", + "frame.time_delta_displayed": "3.027851000", + "frame.time_relative": "1931.217744000", + "frame.number": "7607", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fd2", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b81e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000196a", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000028a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=650", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:42.678959000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495522.678959000", + "frame.time_delta": "0.000529000", + "frame.time_delta_displayed": "0.000529000", + "frame.time_relative": "1931.218273000", + "frame.number": "7608", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fd3", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009919", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000fa65", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000028a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=650", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:42.679587000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495522.679587000", + "frame.time_delta": "0.000628000", + "frame.time_delta_displayed": "0.000628000", + "frame.time_relative": "1931.218901000", + "frame.number": "7609", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000882b", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000028a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=650", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:47.679349000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495527.679349000", + "frame.time_delta": "4.999762000", + "frame.time_delta_displayed": "4.999762000", + "frame.time_relative": "1936.218663000", + "frame.number": "7610", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fd4", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b81c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000196a", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000028a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=650", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:47.679816000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495527.679816000", + "frame.time_delta": "0.000467000", + "frame.time_delta_displayed": "0.000467000", + "frame.time_relative": "1936.219130000", + "frame.number": "7611", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fd5", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009917", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000fa65", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000028a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=650", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:47.680295000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495527.680295000", + "frame.time_delta": "0.000479000", + "frame.time_delta_displayed": "0.000479000", + "frame.time_relative": "1936.219609000", + "frame.number": "7612", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000882b", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000028a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=650", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:18:55.348269000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495535.348269000", + "frame.time_delta": "7.667974000", + "frame.time_delta_displayed": "7.667974000", + "frame.time_relative": "1943.887583000", + "frame.number": "7613", + "frame.len": "82", + "frame.cap_len": "82", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "68", + "ip.id": "0x00000ba9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ed17", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "48", + "udp.checksum": "0x00000381", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "28:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:04:3a:26:e4:30:ce:f2:14:96:01:00:00:54:0b:00:00", + "data.len": "40" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:00.598793000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495540.598793000", + "frame.time_delta": "5.250524000", + "frame.time_delta_displayed": "5.250524000", + "frame.time_relative": "1949.138107000", + "frame.number": "7614", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:01.590412000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495541.590412000", + "frame.time_delta": "0.991619000", + "frame.time_delta_displayed": "0.991619000", + "frame.time_relative": "1950.129726000", + "frame.number": "7615", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:01.828984000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495541.828984000", + "frame.time_delta": "0.238572000", + "frame.time_delta_displayed": "0.238572000", + "frame.time_relative": "1950.368298000", + "frame.number": "7616", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x000096ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007662", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "91368", + "tcp.nxtseq": "91417", + "tcp.ack": "18596", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000dd68", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:aa:cb:a7:a2:4d:a8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2599627, TSecr 2812431784": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2599627", + "tcp.options.timestamp.tsecr": "2812431784" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:87:3c:47:43:ab:a8:84:8c:98:a8:64:ce:9f:67:bc:04:bd:23:0e:3e:6e:b6:2f:c7:00:4c:c3:3c:14:83:a0:b4:a4:a2:48:f9:fa" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:01.890469000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495541.890469000", + "frame.time_delta": "0.061485000", + "frame.time_delta_displayed": "0.061485000", + "frame.time_relative": "1950.429783000", + "frame.number": "7617", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002de4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003764", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "18596", + "tcp.nxtseq": "18651", + "tcp.ack": "91417", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000327c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a2:6c:0c:00:27:aa:cb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812439564, TSecr 2599627": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812439564", + "tcp.options.timestamp.tsecr": "2599627" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7616", + "tcp.analysis.ack_rtt": "0.061485000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:cf:a3:5c:d9:bf:ed:5b:0d:4f:52:c5:b7:bd:82:e7:4f:24:0f:77:4d:37:cc:33:7f:f4:12:ff:6c:6f:1d:58:fa:0e:c7:cf:8f:ab:45:bf:53:e7:ef:44" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:01.890933000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495541.890933000", + "frame.time_delta": "0.000464000", + "frame.time_delta_displayed": "0.000464000", + "frame.time_relative": "1950.430247000", + "frame.number": "7618", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000096ed", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007692", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "91417", + "tcp.ack": "18651", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e2c0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:aa:d6:a7:a2:6c:0c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2599638, TSecr 2812439564": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2599638", + "tcp.options.timestamp.tsecr": "2812439564" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7617", + "tcp.analysis.ack_rtt": "0.000464000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:02.590290000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495542.590290000", + "frame.time_delta": "0.699357000", + "frame.time_delta_displayed": "0.699357000", + "frame.time_relative": "1951.129604000", + "frame.number": "7619", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:03.593533000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495543.593533000", + "frame.time_delta": "1.003243000", + "frame.time_delta_displayed": "1.003243000", + "frame.time_relative": "1952.132847000", + "frame.number": "7620", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:04.590581000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495544.590581000", + "frame.time_delta": "0.997048000", + "frame.time_delta_displayed": "0.997048000", + "frame.time_relative": "1953.129895000", + "frame.number": "7621", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:04.638436000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495544.638436000", + "frame.time_delta": "0.047855000", + "frame.time_delta_displayed": "0.047855000", + "frame.time_relative": "1953.177750000", + "frame.number": "7622", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005827", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a66a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5157", + "tcp.ack": "685", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000efee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:04.812582000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495544.812582000", + "frame.time_delta": "0.174146000", + "frame.time_delta_displayed": "0.174146000", + "frame.time_relative": "1953.351896000", + "frame.number": "7623", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000100b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd86", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "685", + "tcp.ack": "5158", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fa63", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:05.590321000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495545.590321000", + "frame.time_delta": "0.777739000", + "frame.time_delta_displayed": "0.777739000", + "frame.time_relative": "1954.129635000", + "frame.number": "7624", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:06.593480000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495546.593480000", + "frame.time_delta": "1.003159000", + "frame.time_delta_displayed": "1.003159000", + "frame.time_relative": "1955.132794000", + "frame.number": "7625", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:06.940669000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495546.940669000", + "frame.time_delta": "0.347189000", + "frame.time_delta_displayed": "0.347189000", + "frame.time_relative": "1955.479983000", + "frame.number": "7626", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005e9b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x0000594e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:07.590334000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495547.590334000", + "frame.time_delta": "0.649665000", + "frame.time_delta_displayed": "0.649665000", + "frame.time_relative": "1956.129648000", + "frame.number": "7627", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:08.590347000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495548.590347000", + "frame.time_delta": "1.000013000", + "frame.time_delta_displayed": "1.000013000", + "frame.time_relative": "1957.129661000", + "frame.number": "7628", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:09.594001000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495549.594001000", + "frame.time_delta": "1.003654000", + "frame.time_delta_displayed": "1.003654000", + "frame.time_relative": "1958.133315000", + "frame.number": "7629", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:10.590296000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495550.590296000", + "frame.time_delta": "0.996295000", + "frame.time_delta_displayed": "0.996295000", + "frame.time_relative": "1959.129610000", + "frame.number": "7630", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:11.590343000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495551.590343000", + "frame.time_delta": "1.000047000", + "frame.time_delta_displayed": "1.000047000", + "frame.time_relative": "1960.129657000", + "frame.number": "7631", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:12.594570000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495552.594570000", + "frame.time_delta": "1.004227000", + "frame.time_delta_displayed": "1.004227000", + "frame.time_relative": "1961.133884000", + "frame.number": "7632", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:13.590551000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495553.590551000", + "frame.time_delta": "0.995981000", + "frame.time_delta_displayed": "0.995981000", + "frame.time_relative": "1962.129865000", + "frame.number": "7633", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:13.824139000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495553.824139000", + "frame.time_delta": "0.233588000", + "frame.time_delta_displayed": "0.233588000", + "frame.time_relative": "1962.363453000", + "frame.number": "7634", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:14.073507000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495554.073507000", + "frame.time_delta": "0.249368000", + "frame.time_delta_displayed": "0.249368000", + "frame.time_relative": "1962.612821000", + "frame.number": "7635", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:14.089490000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495554.089490000", + "frame.time_delta": "0.015983000", + "frame.time_delta_displayed": "0.015983000", + "frame.time_relative": "1962.628804000", + "frame.number": "7636", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:14.142945000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495554.142945000", + "frame.time_delta": "0.053455000", + "frame.time_delta_displayed": "0.053455000", + "frame.time_relative": "1962.682259000", + "frame.number": "7637", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:14.441961000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495554.441961000", + "frame.time_delta": "0.299016000", + "frame.time_delta_displayed": "0.299016000", + "frame.time_relative": "1962.981275000", + "frame.number": "7638", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:14.590595000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495554.590595000", + "frame.time_delta": "0.148634000", + "frame.time_delta_displayed": "0.148634000", + "frame.time_relative": "1963.129909000", + "frame.number": "7639", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:15.593411000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495555.593411000", + "frame.time_delta": "1.002816000", + "frame.time_delta_displayed": "1.002816000", + "frame.time_relative": "1964.132725000", + "frame.number": "7640", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:16.590344000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495556.590344000", + "frame.time_delta": "0.996933000", + "frame.time_delta_displayed": "0.996933000", + "frame.time_relative": "1965.129658000", + "frame.number": "7641", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:17.590816000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495557.590816000", + "frame.time_delta": "1.000472000", + "frame.time_delta_displayed": "1.000472000", + "frame.time_relative": "1966.130130000", + "frame.number": "7642", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:18.593814000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495558.593814000", + "frame.time_delta": "1.002998000", + "frame.time_delta_displayed": "1.002998000", + "frame.time_relative": "1967.133128000", + "frame.number": "7643", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:19.150333000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495559.150333000", + "frame.time_delta": "0.556519000", + "frame.time_delta_displayed": "0.556519000", + "frame.time_relative": "1967.689647000", + "frame.number": "7644", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:19.590330000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495559.590330000", + "frame.time_delta": "0.439997000", + "frame.time_delta_displayed": "0.439997000", + "frame.time_relative": "1968.129644000", + "frame.number": "7645", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:20.590695000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495560.590695000", + "frame.time_delta": "1.000365000", + "frame.time_delta_displayed": "1.000365000", + "frame.time_relative": "1969.130009000", + "frame.number": "7646", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:21.594615000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495561.594615000", + "frame.time_delta": "1.003920000", + "frame.time_delta_displayed": "1.003920000", + "frame.time_relative": "1970.133929000", + "frame.number": "7647", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:21.925715000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495561.925715000", + "frame.time_delta": "0.331100000", + "frame.time_delta_displayed": "0.331100000", + "frame.time_relative": "1970.465029000", + "frame.number": "7648", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000678d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000061ca", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:21.978565000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495561.978565000", + "frame.time_delta": "0.052850000", + "frame.time_delta_displayed": "0.052850000", + "frame.time_relative": "1970.517879000", + "frame.number": "7649", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000678e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000061c9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:22.031451000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495562.031451000", + "frame.time_delta": "0.052886000", + "frame.time_delta_displayed": "0.052886000", + "frame.time_relative": "1970.570765000", + "frame.number": "7650", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00006792", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000061bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:22.084376000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495562.084376000", + "frame.time_delta": "0.052925000", + "frame.time_delta_displayed": "0.052925000", + "frame.time_relative": "1970.623690000", + "frame.number": "7651", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00006795", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000061b9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:22.137340000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495562.137340000", + "frame.time_delta": "0.052964000", + "frame.time_delta_displayed": "0.052964000", + "frame.time_relative": "1970.676654000", + "frame.number": "7652", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00006797", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000061bd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:22.190194000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495562.190194000", + "frame.time_delta": "0.052854000", + "frame.time_delta_displayed": "0.052854000", + "frame.time_relative": "1970.729508000", + "frame.number": "7653", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00006798", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000061bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:22.638688000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495562.638688000", + "frame.time_delta": "0.448494000", + "frame.time_delta_displayed": "0.448494000", + "frame.time_relative": "1971.178002000", + "frame.number": "7654", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:23.630364000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495563.630364000", + "frame.time_delta": "0.991676000", + "frame.time_delta_displayed": "0.991676000", + "frame.time_relative": "1972.169678000", + "frame.number": "7655", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.86" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:24.590690000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495564.590690000", + "frame.time_delta": "0.960326000", + "frame.time_delta_displayed": "0.960326000", + "frame.time_relative": "1973.130004000", + "frame.number": "7656", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:24.640455000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495564.640455000", + "frame.time_delta": "0.049765000", + "frame.time_delta_displayed": "0.049765000", + "frame.time_relative": "1973.179769000", + "frame.number": "7657", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:00:01", + "eth.addr": "33:33:ff:00:00:01", + "eth.addr_resolved": "IPv6mcast_ff:00:00:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "32", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fd1e:4e89:3b7b:0:9c50:1137:e47d:55a4", + "ipv6.addr": "fd1e:4e89:3b7b:0:9c50:1137:e47d:55a4", + "ipv6.src_host": "fd1e:4e89:3b7b:0:9c50:1137:e47d:55a4", + "ipv6.host": "fd1e:4e89:3b7b:0:9c50:1137:e47d:55a4", + "ipv6.dst": "ff02::1:ff00:1", + "ipv6.addr": "ff02::1:ff00:1", + "ipv6.dst_host": "ff02::1:ff00:1", + "ipv6.host": "ff02::1:ff00:1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000532e", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::1", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "60:f1:89:96:45:f6", + "icmpv6.opt.src_linkaddr": "60:f1:89:96:45:f6" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:28.850753000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495568.850753000", + "frame.time_delta": "4.210298000", + "frame.time_delta_displayed": "4.210298000", + "frame.time_relative": "1977.390067000", + "frame.number": "7658", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:29.150365000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495569.150365000", + "frame.time_delta": "0.299612000", + "frame.time_delta_displayed": "0.299612000", + "frame.time_relative": "1977.689679000", + "frame.number": "7659", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:00:01", + "eth.addr": "33:33:ff:00:00:01", + "eth.addr_resolved": "IPv6mcast_ff:00:00:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "32", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fd1e:4e89:3b7b:0:9c50:1137:e47d:55a4", + "ipv6.addr": "fd1e:4e89:3b7b:0:9c50:1137:e47d:55a4", + "ipv6.src_host": "fd1e:4e89:3b7b:0:9c50:1137:e47d:55a4", + "ipv6.host": "fd1e:4e89:3b7b:0:9c50:1137:e47d:55a4", + "ipv6.dst": "ff02::1:ff00:1", + "ipv6.addr": "ff02::1:ff00:1", + "ipv6.dst_host": "ff02::1:ff00:1", + "ipv6.host": "ff02::1:ff00:1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000532e", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::1", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "60:f1:89:96:45:f6", + "icmpv6.opt.src_linkaddr": "60:f1:89:96:45:f6" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:29.560683000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495569.560683000", + "frame.time_delta": "0.410318000", + "frame.time_delta_displayed": "0.410318000", + "frame.time_relative": "1978.099997000", + "frame.number": "7660", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.143072000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.143072000", + "frame.time_delta": "0.582389000", + "frame.time_delta_displayed": "0.582389000", + "frame.time_relative": "1978.682386000", + "frame.number": "7661", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "50:c7:bf:59:d5:84", + "eth.src_tree": { + "eth.src_resolved": "Tp-LinkT_59:d5:84", + "eth.addr": "50:c7:bf:59:d5:84", + "eth.addr_resolved": "Tp-LinkT_59:d5:84", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "50:c7:bf:59:d5:84", + "arp.src.proto_ipv4": "192.168.0.221", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.430508000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.430508000", + "frame.time_delta": "0.287436000", + "frame.time_delta_displayed": "0.287436000", + "frame.time_relative": "1978.969822000", + "frame.number": "7662", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x0000211e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e726", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52117", + "udp.dstport": "1900", + "udp.port": "52117", + "udp.port": "1900", + "udp.length": "134", + "udp.checksum": "0x00004d48", + "udp.checksum.status": "2", + "udp.stream": "10" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "17", + "http.prev_request_in": "7418" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.832574000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.832574000", + "frame.time_delta": "0.402066000", + "frame.time_delta_displayed": "0.402066000", + "frame.time_relative": "1979.371888000", + "frame.number": "7663", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000084fa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003251", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "97", + "http.prev_response_in": "7480" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.835696000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.835696000", + "frame.time_delta": "0.003122000", + "frame.time_delta_displayed": "0.003122000", + "frame.time_relative": "1979.375010000", + "frame.number": "7664", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001c32", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c35", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54755", + "tcp.dstport": "80", + "tcp.port": "54755", + "tcp.port": "80", + "tcp.stream": "299", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00004f9a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.836232000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.836232000", + "frame.time_delta": "0.000536000", + "frame.time_delta_displayed": "0.000536000", + "frame.time_relative": "1979.375546000", + "frame.number": "7665", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54755", + "tcp.port": "80", + "tcp.port": "54755", + "tcp.stream": "299", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00002748", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7664", + "tcp.analysis.ack_rtt": "0.000536000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.838326000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.838326000", + "frame.time_delta": "0.002094000", + "frame.time_delta_displayed": "0.002094000", + "frame.time_relative": "1979.377640000", + "frame.number": "7666", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c33", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c40", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54755", + "tcp.dstport": "80", + "tcp.port": "54755", + "tcp.port": "80", + "tcp.stream": "299", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d926", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7665", + "tcp.analysis.ack_rtt": "0.002094000", + "tcp.analysis.initial_rtt": "0.002630000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.838949000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.838949000", + "frame.time_delta": "0.000623000", + "frame.time_delta_displayed": "0.000623000", + "frame.time_relative": "1979.378263000", + "frame.number": "7667", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001c34", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b98", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54755", + "tcp.dstport": "80", + "tcp.port": "54755", + "tcp.port": "80", + "tcp.stream": "299", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ee9f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002630000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.839423000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.839423000", + "frame.time_delta": "0.000474000", + "frame.time_delta_displayed": "0.000474000", + "frame.time_relative": "1979.378737000", + "frame.number": "7668", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000ff6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a87d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54755", + "tcp.port": "80", + "tcp.port": "54755", + "tcp.stream": "299", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000cab7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7667", + "tcp.analysis.ack_rtt": "0.000474000", + "tcp.analysis.initial_rtt": "0.002630000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.840211000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.840211000", + "frame.time_delta": "0.000788000", + "frame.time_delta_displayed": "0.000788000", + "frame.time_relative": "1979.379525000", + "frame.number": "7669", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00000ff7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a86b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54755", + "tcp.port": "80", + "tcp.port": "54755", + "tcp.stream": "299", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000ad9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002630000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.840222000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.840222000", + "frame.time_delta": "0.000011000", + "frame.time_delta_displayed": "0.000011000", + "frame.time_relative": "1979.379536000", + "frame.number": "7670", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00000ff8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a498", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54755", + "tcp.port": "80", + "tcp.port": "54755", + "tcp.stream": "299", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005d42", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002630000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7669", + "tcp.segment": "7670", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001273000", + "http.request_in": "7667", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.843639000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.843639000", + "frame.time_delta": "0.003417000", + "frame.time_delta_displayed": "0.003417000", + "frame.time_relative": "1979.382953000", + "frame.number": "7671", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c35", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c3e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54755", + "tcp.dstport": "80", + "tcp.port": "54755", + "tcp.port": "80", + "tcp.stream": "299", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d48e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7670", + "tcp.analysis.ack_rtt": "0.003417000", + "tcp.analysis.initial_rtt": "0.002630000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.844209000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.844209000", + "frame.time_delta": "0.000570000", + "frame.time_delta_displayed": "0.000570000", + "frame.time_relative": "1979.383523000", + "frame.number": "7672", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c36", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c3d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54755", + "tcp.dstport": "80", + "tcp.port": "54755", + "tcp.port": "80", + "tcp.stream": "299", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d48d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.844655000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.844655000", + "frame.time_delta": "0.000446000", + "frame.time_delta_displayed": "0.000446000", + "frame.time_relative": "1979.383969000", + "frame.number": "7673", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057f7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000607c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54755", + "tcp.port": "80", + "tcp.port": "54755", + "tcp.stream": "299", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c6c1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7672", + "tcp.analysis.ack_rtt": "0.000446000", + "tcp.analysis.initial_rtt": "0.002630000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.885483000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.885483000", + "frame.time_delta": "0.040828000", + "frame.time_delta_displayed": "0.040828000", + "frame.time_relative": "1979.424797000", + "frame.number": "7674", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000084fb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003247", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "98", + "http.prev_response_in": "7663" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.895883000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.895883000", + "frame.time_delta": "0.010400000", + "frame.time_delta_displayed": "0.010400000", + "frame.time_relative": "1979.435197000", + "frame.number": "7675", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001c37", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c30", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54756", + "tcp.dstport": "80", + "tcp.port": "54756", + "tcp.port": "80", + "tcp.stream": "300", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00002de5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.896429000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.896429000", + "frame.time_delta": "0.000546000", + "frame.time_delta_displayed": "0.000546000", + "frame.time_relative": "1979.435743000", + "frame.number": "7676", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54756", + "tcp.port": "80", + "tcp.port": "54756", + "tcp.stream": "300", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000c541", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7675", + "tcp.analysis.ack_rtt": "0.000546000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.906457000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.906457000", + "frame.time_delta": "0.010028000", + "frame.time_delta_displayed": "0.010028000", + "frame.time_relative": "1979.445771000", + "frame.number": "7677", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c38", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c3b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54756", + "tcp.dstport": "80", + "tcp.port": "54756", + "tcp.port": "80", + "tcp.stream": "300", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007720", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7676", + "tcp.analysis.ack_rtt": "0.010028000", + "tcp.analysis.initial_rtt": "0.010574000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.907363000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.907363000", + "frame.time_delta": "0.000906000", + "frame.time_delta_displayed": "0.000906000", + "frame.time_relative": "1979.446677000", + "frame.number": "7678", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001c39", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b93", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54756", + "tcp.dstport": "80", + "tcp.port": "54756", + "tcp.port": "80", + "tcp.stream": "300", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008c99", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.010574000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.907846000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.907846000", + "frame.time_delta": "0.000483000", + "frame.time_delta_displayed": "0.000483000", + "frame.time_relative": "1979.447160000", + "frame.number": "7679", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000faf1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bd81", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54756", + "tcp.port": "80", + "tcp.port": "54756", + "tcp.stream": "300", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000068b1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7678", + "tcp.analysis.ack_rtt": "0.000483000", + "tcp.analysis.initial_rtt": "0.010574000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.908477000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.908477000", + "frame.time_delta": "0.000631000", + "frame.time_delta_displayed": "0.000631000", + "frame.time_relative": "1979.447791000", + "frame.number": "7680", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000faf2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bd6f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54756", + "tcp.port": "80", + "tcp.port": "54756", + "tcp.stream": "300", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a8d2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.010574000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.908827000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.908827000", + "frame.time_delta": "0.000350000", + "frame.time_delta_displayed": "0.000350000", + "frame.time_relative": "1979.448141000", + "frame.number": "7681", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000faf3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b99c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54756", + "tcp.port": "80", + "tcp.port": "54756", + "tcp.stream": "300", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000fb3b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.010574000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7680", + "tcp.segment": "7681", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001464000", + "http.request_in": "7678", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.911705000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.911705000", + "frame.time_delta": "0.002878000", + "frame.time_delta_displayed": "0.002878000", + "frame.time_relative": "1979.451019000", + "frame.number": "7682", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c3a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c39", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54756", + "tcp.dstport": "80", + "tcp.port": "54756", + "tcp.port": "80", + "tcp.stream": "300", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007288", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7681", + "tcp.analysis.ack_rtt": "0.002878000", + "tcp.analysis.initial_rtt": "0.010574000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.912301000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.912301000", + "frame.time_delta": "0.000596000", + "frame.time_delta_displayed": "0.000596000", + "frame.time_relative": "1979.451615000", + "frame.number": "7683", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c3b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c38", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54756", + "tcp.dstport": "80", + "tcp.port": "54756", + "tcp.port": "80", + "tcp.stream": "300", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007287", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.912731000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.912731000", + "frame.time_delta": "0.000430000", + "frame.time_delta_displayed": "0.000430000", + "frame.time_relative": "1979.452045000", + "frame.number": "7684", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057fa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006079", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54756", + "tcp.port": "80", + "tcp.port": "54756", + "tcp.stream": "300", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000064bb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7683", + "tcp.analysis.ack_rtt": "0.000430000", + "tcp.analysis.initial_rtt": "0.010574000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.960825000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.960825000", + "frame.time_delta": "0.048094000", + "frame.time_delta_displayed": "0.048094000", + "frame.time_relative": "1979.500139000", + "frame.number": "7685", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000084fc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000324c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "99", + "http.prev_response_in": "7674" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.977239000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.977239000", + "frame.time_delta": "0.016414000", + "frame.time_delta_displayed": "0.016414000", + "frame.time_relative": "1979.516553000", + "frame.number": "7686", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001c3c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c2b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54757", + "tcp.dstport": "80", + "tcp.port": "54757", + "tcp.port": "80", + "tcp.stream": "301", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00005aa7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.977748000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.977748000", + "frame.time_delta": "0.000509000", + "frame.time_delta_displayed": "0.000509000", + "frame.time_relative": "1979.517062000", + "frame.number": "7687", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54757", + "tcp.port": "80", + "tcp.port": "54757", + "tcp.stream": "301", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000b776", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7686", + "tcp.analysis.ack_rtt": "0.000509000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.980378000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.980378000", + "frame.time_delta": "0.002630000", + "frame.time_delta_displayed": "0.002630000", + "frame.time_relative": "1979.519692000", + "frame.number": "7688", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c3d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c36", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54757", + "tcp.dstport": "80", + "tcp.port": "54757", + "tcp.port": "80", + "tcp.stream": "301", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006955", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7687", + "tcp.analysis.ack_rtt": "0.002630000", + "tcp.analysis.initial_rtt": "0.003139000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.980988000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.980988000", + "frame.time_delta": "0.000610000", + "frame.time_delta_displayed": "0.000610000", + "frame.time_relative": "1979.520302000", + "frame.number": "7689", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001c3e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b8e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54757", + "tcp.dstport": "80", + "tcp.port": "54757", + "tcp.port": "80", + "tcp.stream": "301", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007ece", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003139000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.981429000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.981429000", + "frame.time_delta": "0.000441000", + "frame.time_delta_displayed": "0.000441000", + "frame.time_relative": "1979.520743000", + "frame.number": "7690", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006e1c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004a57", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54757", + "tcp.port": "80", + "tcp.port": "54757", + "tcp.stream": "301", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005ae6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7689", + "tcp.analysis.ack_rtt": "0.000441000", + "tcp.analysis.initial_rtt": "0.003139000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.982011000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.982011000", + "frame.time_delta": "0.000582000", + "frame.time_delta_displayed": "0.000582000", + "frame.time_relative": "1979.521325000", + "frame.number": "7691", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00006e1d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004a45", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54757", + "tcp.port": "80", + "tcp.port": "54757", + "tcp.stream": "301", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009b07", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003139000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.982452000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.982452000", + "frame.time_delta": "0.000441000", + "frame.time_delta_displayed": "0.000441000", + "frame.time_relative": "1979.521766000", + "frame.number": "7692", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00006e1e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004672", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54757", + "tcp.port": "80", + "tcp.port": "54757", + "tcp.stream": "301", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ed70", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003139000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7691", + "tcp.segment": "7692", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001464000", + "http.request_in": "7689", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.985576000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.985576000", + "frame.time_delta": "0.003124000", + "frame.time_delta_displayed": "0.003124000", + "frame.time_relative": "1979.524890000", + "frame.number": "7693", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c3f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c34", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54757", + "tcp.dstport": "80", + "tcp.port": "54757", + "tcp.port": "80", + "tcp.stream": "301", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000064bd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7692", + "tcp.analysis.ack_rtt": "0.003124000", + "tcp.analysis.initial_rtt": "0.003139000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.986151000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.986151000", + "frame.time_delta": "0.000575000", + "frame.time_delta_displayed": "0.000575000", + "frame.time_relative": "1979.525465000", + "frame.number": "7694", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c40", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c33", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54757", + "tcp.dstport": "80", + "tcp.port": "54757", + "tcp.port": "80", + "tcp.stream": "301", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000064bc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:30.986568000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495570.986568000", + "frame.time_delta": "0.000417000", + "frame.time_delta_displayed": "0.000417000", + "frame.time_relative": "1979.525882000", + "frame.number": "7695", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057fe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006075", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54757", + "tcp.port": "80", + "tcp.port": "54757", + "tcp.stream": "301", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000056f0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7694", + "tcp.analysis.ack_rtt": "0.000417000", + "tcp.analysis.initial_rtt": "0.003139000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.837908000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.837908000", + "frame.time_delta": "0.851340000", + "frame.time_delta_displayed": "0.851340000", + "frame.time_relative": "1980.377222000", + "frame.number": "7696", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00008523", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003228", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "100", + "http.prev_response_in": "7685" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.840814000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.840814000", + "frame.time_delta": "0.002906000", + "frame.time_delta_displayed": "0.002906000", + "frame.time_relative": "1980.380128000", + "frame.number": "7697", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001c41", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c26", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54758", + "tcp.dstport": "80", + "tcp.port": "54758", + "tcp.port": "80", + "tcp.stream": "302", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000010a4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.841358000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.841358000", + "frame.time_delta": "0.000544000", + "frame.time_delta_displayed": "0.000544000", + "frame.time_relative": "1980.380672000", + "frame.number": "7698", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54758", + "tcp.port": "80", + "tcp.port": "54758", + "tcp.stream": "302", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000e855", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7697", + "tcp.analysis.ack_rtt": "0.000544000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.853165000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.853165000", + "frame.time_delta": "0.011807000", + "frame.time_delta_displayed": "0.011807000", + "frame.time_relative": "1980.392479000", + "frame.number": "7699", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c42", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c31", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54758", + "tcp.dstport": "80", + "tcp.port": "54758", + "tcp.port": "80", + "tcp.stream": "302", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009a34", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7698", + "tcp.analysis.ack_rtt": "0.011807000", + "tcp.analysis.initial_rtt": "0.012351000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.854010000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.854010000", + "frame.time_delta": "0.000845000", + "frame.time_delta_displayed": "0.000845000", + "frame.time_relative": "1980.393324000", + "frame.number": "7700", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001c43", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b89", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54758", + "tcp.dstport": "80", + "tcp.port": "54758", + "tcp.port": "80", + "tcp.stream": "302", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000afad", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.012351000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.854502000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.854502000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "1980.393816000", + "frame.number": "7701", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000069be", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004eb5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54758", + "tcp.port": "80", + "tcp.port": "54758", + "tcp.stream": "302", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008bc5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7700", + "tcp.analysis.ack_rtt": "0.000492000", + "tcp.analysis.initial_rtt": "0.012351000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.855139000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.855139000", + "frame.time_delta": "0.000637000", + "frame.time_delta_displayed": "0.000637000", + "frame.time_relative": "1980.394453000", + "frame.number": "7702", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000069bf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004ea3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54758", + "tcp.port": "80", + "tcp.port": "54758", + "tcp.stream": "302", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000cbe6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.012351000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.855494000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.855494000", + "frame.time_delta": "0.000355000", + "frame.time_delta_displayed": "0.000355000", + "frame.time_relative": "1980.394808000", + "frame.number": "7703", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000069c0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004ad0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54758", + "tcp.port": "80", + "tcp.port": "54758", + "tcp.stream": "302", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001e50", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.012351000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7702", + "tcp.segment": "7703", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001484000", + "http.request_in": "7700", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.857549000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.857549000", + "frame.time_delta": "0.002055000", + "frame.time_delta_displayed": "0.002055000", + "frame.time_relative": "1980.396863000", + "frame.number": "7704", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c44", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c2f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54758", + "tcp.dstport": "80", + "tcp.port": "54758", + "tcp.port": "80", + "tcp.stream": "302", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000959c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7703", + "tcp.analysis.ack_rtt": "0.002055000", + "tcp.analysis.initial_rtt": "0.012351000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.858579000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.858579000", + "frame.time_delta": "0.001030000", + "frame.time_delta_displayed": "0.001030000", + "frame.time_relative": "1980.397893000", + "frame.number": "7705", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c45", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c2e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54758", + "tcp.dstport": "80", + "tcp.port": "54758", + "tcp.port": "80", + "tcp.stream": "302", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000959b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.859048000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.859048000", + "frame.time_delta": "0.000469000", + "frame.time_delta_displayed": "0.000469000", + "frame.time_relative": "1980.398362000", + "frame.number": "7706", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000582f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006044", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54758", + "tcp.port": "80", + "tcp.port": "54758", + "tcp.stream": "302", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000087cf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7705", + "tcp.analysis.ack_rtt": "0.000469000", + "tcp.analysis.initial_rtt": "0.012351000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.891037000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.891037000", + "frame.time_delta": "0.031989000", + "frame.time_delta_displayed": "0.031989000", + "frame.time_relative": "1980.430351000", + "frame.number": "7707", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00008528", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000321a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "101", + "http.prev_response_in": "7696" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.894256000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.894256000", + "frame.time_delta": "0.003219000", + "frame.time_delta_displayed": "0.003219000", + "frame.time_relative": "1980.433570000", + "frame.number": "7708", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001c46", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c21", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54759", + "tcp.dstport": "80", + "tcp.port": "54759", + "tcp.port": "80", + "tcp.stream": "303", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000fa12", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.894791000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.894791000", + "frame.time_delta": "0.000535000", + "frame.time_delta_displayed": "0.000535000", + "frame.time_relative": "1980.434105000", + "frame.number": "7709", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54759", + "tcp.port": "80", + "tcp.port": "54759", + "tcp.stream": "303", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000057a4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7708", + "tcp.analysis.ack_rtt": "0.000535000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.896943000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.896943000", + "frame.time_delta": "0.002152000", + "frame.time_delta_displayed": "0.002152000", + "frame.time_relative": "1980.436257000", + "frame.number": "7710", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c47", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c2c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54759", + "tcp.dstport": "80", + "tcp.port": "54759", + "tcp.port": "80", + "tcp.stream": "303", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000983", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7709", + "tcp.analysis.ack_rtt": "0.002152000", + "tcp.analysis.initial_rtt": "0.002687000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.897645000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.897645000", + "frame.time_delta": "0.000702000", + "frame.time_delta_displayed": "0.000702000", + "frame.time_relative": "1980.436959000", + "frame.number": "7711", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001c48", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b84", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54759", + "tcp.dstport": "80", + "tcp.port": "54759", + "tcp.port": "80", + "tcp.stream": "303", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001efc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002687000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.898131000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.898131000", + "frame.time_delta": "0.000486000", + "frame.time_delta_displayed": "0.000486000", + "frame.time_relative": "1980.437445000", + "frame.number": "7712", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a2fb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001578", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54759", + "tcp.port": "80", + "tcp.port": "54759", + "tcp.stream": "303", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000fb13", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7711", + "tcp.analysis.ack_rtt": "0.000486000", + "tcp.analysis.initial_rtt": "0.002687000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.898799000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.898799000", + "frame.time_delta": "0.000668000", + "frame.time_delta_displayed": "0.000668000", + "frame.time_relative": "1980.438113000", + "frame.number": "7713", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000a2fc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001566", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54759", + "tcp.port": "80", + "tcp.port": "54759", + "tcp.stream": "303", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003b35", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002687000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.899152000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.899152000", + "frame.time_delta": "0.000353000", + "frame.time_delta_displayed": "0.000353000", + "frame.time_relative": "1980.438466000", + "frame.number": "7714", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000a2fd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001193", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54759", + "tcp.port": "80", + "tcp.port": "54759", + "tcp.stream": "303", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008d9e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002687000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7713", + "tcp.segment": "7714", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001507000", + "http.request_in": "7711", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.901463000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.901463000", + "frame.time_delta": "0.002311000", + "frame.time_delta_displayed": "0.002311000", + "frame.time_relative": "1980.440777000", + "frame.number": "7715", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c49", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c2a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54759", + "tcp.dstport": "80", + "tcp.port": "54759", + "tcp.port": "80", + "tcp.stream": "303", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000004eb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7714", + "tcp.analysis.ack_rtt": "0.002311000", + "tcp.analysis.initial_rtt": "0.002687000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.902119000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.902119000", + "frame.time_delta": "0.000656000", + "frame.time_delta_displayed": "0.000656000", + "frame.time_relative": "1980.441433000", + "frame.number": "7716", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c4a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c29", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54759", + "tcp.dstport": "80", + "tcp.port": "54759", + "tcp.port": "80", + "tcp.stream": "303", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000004ea", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.902566000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.902566000", + "frame.time_delta": "0.000447000", + "frame.time_delta_displayed": "0.000447000", + "frame.time_relative": "1980.441880000", + "frame.number": "7717", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005833", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006040", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54759", + "tcp.port": "80", + "tcp.port": "54759", + "tcp.stream": "303", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f71d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7716", + "tcp.analysis.ack_rtt": "0.000447000", + "tcp.analysis.initial_rtt": "0.002687000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.943888000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.943888000", + "frame.time_delta": "0.041322000", + "frame.time_delta_displayed": "0.041322000", + "frame.time_relative": "1980.483202000", + "frame.number": "7718", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000852d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000321b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "102", + "http.prev_response_in": "7707" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.946640000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.946640000", + "frame.time_delta": "0.002752000", + "frame.time_delta_displayed": "0.002752000", + "frame.time_relative": "1980.485954000", + "frame.number": "7719", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001c4b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c1c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54760", + "tcp.dstport": "80", + "tcp.port": "54760", + "tcp.port": "80", + "tcp.stream": "304", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000348d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.947189000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.947189000", + "frame.time_delta": "0.000549000", + "frame.time_delta_displayed": "0.000549000", + "frame.time_relative": "1980.486503000", + "frame.number": "7720", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54760", + "tcp.port": "80", + "tcp.port": "54760", + "tcp.stream": "304", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00006ddd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7719", + "tcp.analysis.ack_rtt": "0.000549000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.955132000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.955132000", + "frame.time_delta": "0.007943000", + "frame.time_delta_displayed": "0.007943000", + "frame.time_relative": "1980.494446000", + "frame.number": "7721", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c4c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c27", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54760", + "tcp.dstport": "80", + "tcp.port": "54760", + "tcp.port": "80", + "tcp.stream": "304", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001fbc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7720", + "tcp.analysis.ack_rtt": "0.007943000", + "tcp.analysis.initial_rtt": "0.008492000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.955714000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.955714000", + "frame.time_delta": "0.000582000", + "frame.time_delta_displayed": "0.000582000", + "frame.time_relative": "1980.495028000", + "frame.number": "7722", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001c4d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b7f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54760", + "tcp.dstport": "80", + "tcp.port": "54760", + "tcp.port": "80", + "tcp.stream": "304", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003535", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008492000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.956202000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.956202000", + "frame.time_delta": "0.000488000", + "frame.time_delta_displayed": "0.000488000", + "frame.time_relative": "1980.495516000", + "frame.number": "7723", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e5a9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d2c9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54760", + "tcp.port": "80", + "tcp.port": "54760", + "tcp.stream": "304", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000114d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7722", + "tcp.analysis.ack_rtt": "0.000488000", + "tcp.analysis.initial_rtt": "0.008492000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.956838000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.956838000", + "frame.time_delta": "0.000636000", + "frame.time_delta_displayed": "0.000636000", + "frame.time_relative": "1980.496152000", + "frame.number": "7724", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000e5aa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d2b7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54760", + "tcp.port": "80", + "tcp.port": "54760", + "tcp.stream": "304", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000516e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008492000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.957208000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.957208000", + "frame.time_delta": "0.000370000", + "frame.time_delta_displayed": "0.000370000", + "frame.time_relative": "1980.496522000", + "frame.number": "7725", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000e5ab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cee4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54760", + "tcp.port": "80", + "tcp.port": "54760", + "tcp.stream": "304", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a3d7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008492000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7724", + "tcp.segment": "7725", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001494000", + "http.request_in": "7722", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.959089000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.959089000", + "frame.time_delta": "0.001881000", + "frame.time_delta_displayed": "0.001881000", + "frame.time_relative": "1980.498403000", + "frame.number": "7726", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c4e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c25", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54760", + "tcp.dstport": "80", + "tcp.port": "54760", + "tcp.port": "80", + "tcp.stream": "304", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001b24", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7725", + "tcp.analysis.ack_rtt": "0.001881000", + "tcp.analysis.initial_rtt": "0.008492000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.959727000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.959727000", + "frame.time_delta": "0.000638000", + "frame.time_delta_displayed": "0.000638000", + "frame.time_relative": "1980.499041000", + "frame.number": "7727", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c4f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c24", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54760", + "tcp.dstport": "80", + "tcp.port": "54760", + "tcp.port": "80", + "tcp.stream": "304", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001b23", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:31.960196000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495571.960196000", + "frame.time_delta": "0.000469000", + "frame.time_delta_displayed": "0.000469000", + "frame.time_relative": "1980.499510000", + "frame.number": "7728", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005834", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000603f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54760", + "tcp.port": "80", + "tcp.port": "54760", + "tcp.stream": "304", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000d57", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7727", + "tcp.analysis.ack_rtt": "0.000469000", + "tcp.analysis.initial_rtt": "0.008492000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:32.681219000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495572.681219000", + "frame.time_delta": "0.721023000", + "frame.time_delta_displayed": "0.721023000", + "frame.time_relative": "1981.220533000", + "frame.number": "7729", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fdb", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b815", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001869", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000028b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=651", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:32.681759000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495572.681759000", + "frame.time_delta": "0.000540000", + "frame.time_delta_displayed": "0.000540000", + "frame.time_relative": "1981.221073000", + "frame.number": "7730", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fdc", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009910", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f964", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000028b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=651", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:32.682360000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495572.682360000", + "frame.time_delta": "0.000601000", + "frame.time_delta_displayed": "0.000601000", + "frame.time_relative": "1981.221674000", + "frame.number": "7731", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000872a", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000028b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=651", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:32.731945000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495572.731945000", + "frame.time_delta": "0.049585000", + "frame.time_delta_displayed": "0.049585000", + "frame.time_relative": "1981.271259000", + "frame.number": "7732", + "frame.len": "417", + "frame.cap_len": "417", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "403", + "ip.id": "0x000096ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007532", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "351", + "tcp.seq": "91417", + "tcp.nxtseq": "91768", + "tcp.ack": "18651", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000430b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:b6:e2:a7:a2:6c:0c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2602722, TSecr 2812439564": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2602722", + "tcp.options.timestamp.tsecr": "2812439564" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "351", + "tcp.analysis.push_bytes_sent": "351" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "346", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:88:a6:1d:56:01:a9:96:05:44:11:d4:2b:53:50:c1:23:5f:7b:88:09:a8:44:48:ba:8b:d2:de:39:90:15:8e:98:13:e9:96:c1:6d:c1:15:c2:d4:36:29:ea:b1:e9:42:50:c3:bb:88:7f:48:a5:3e:fd:48:29:a6:57:51:ca:5e:c5:5a:e1:91:bc:80:03:e9:81:9b:d3:ca:ed:bf:8b:94:82:19:03:5a:b5:47:96:24:37:23:4f:3b:e4:72:9d:e2:0d:36:f9:c6:e4:9d:c5:b3:8b:b7:fb:03:13:1d:f1:36:2a:3e:bb:88:d0:4c:b2:8f:95:29:6e:73:97:64:03:fd:b0:19:93:41:7e:cd:da:21:c4:75:3d:0f:e3:bb:1f:3e:64:0c:ac:c7:f3:4d:d5:9a:94:fd:84:c4:86:dc:45:66:79:1e:da:f4:0a:3c:af:b9:9d:03:d2:82:16:76:14:09:0a:68:65:4c:de:ed:45:b2:d3:b8:a8:16:77:71:ba:f7:f5:7a:51:3f:f0:61:27:01:73:a7:ba:cb:88:cd:98:05:df:75:85:2d:17:54:3d:26:41:d3:75:1b:78:7c:8d:70:cf:bc:34:0e:1b:e7:e4:0c:7b:5a:b2:9b:a0:8d:c9:14:40:27:e9:9f:14:8b:32:8b:10:bb:05:f0:7c:10:db:89:c0:99:7c:06:08:4a:26:13:5b:57:7e:e6:81:0b:66:85:89:f2:79:63:01:e1:bd:a4:6a:27:75:d7:b4:a3:ee:a4:f8:5b:5c:47:60:76:f2:3a:ed:76:b0:c2:28:b7:4f:18:93:16:7f:4a:80:56:3d:ac:97:63:c3:df:68:e0:e2:6b:49:ff:9e:25:75:47:c9:a7:b1:7b:47:17:68:7a:92:58:81:10:53:94" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:32.793671000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495572.793671000", + "frame.time_delta": "0.061726000", + "frame.time_delta_displayed": "0.061726000", + "frame.time_relative": "1981.332985000", + "frame.number": "7733", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002de5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000376b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "18651", + "tcp.nxtseq": "18698", + "tcp.ack": "91768", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002912", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a2:8a:3a:00:27:b6:e2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812447290, TSecr 2602722": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812447290", + "tcp.options.timestamp.tsecr": "2602722" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7732", + "tcp.analysis.ack_rtt": "0.061726000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:d0:c1:e0:0c:9e:d5:c3:2f:70:83:3c:80:5e:0c:46:6e:fd:cc:4d:c8:72:11:e2:09:59:f0:23:03:92:47:01:28:12:a5:f7" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:32.794102000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495572.794102000", + "frame.time_delta": "0.000431000", + "frame.time_delta_displayed": "0.000431000", + "frame.time_relative": "1981.333416000", + "frame.number": "7734", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000096ef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007690", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "91768", + "tcp.ack": "18698", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b6f2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:b6:e8:a7:a2:8a:3a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2602728, TSecr 2812447290": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2602728", + "tcp.options.timestamp.tsecr": "2812447290" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7733", + "tcp.analysis.ack_rtt": "0.000431000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:34.808386000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495574.808386000", + "frame.time_delta": "2.014284000", + "frame.time_delta_displayed": "2.014284000", + "frame.time_relative": "1983.347700000", + "frame.number": "7735", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005828", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a669", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5157", + "tcp.ack": "685", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000efee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:34.951591000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495574.951591000", + "frame.time_delta": "0.143205000", + "frame.time_delta_displayed": "0.143205000", + "frame.time_relative": "1983.490905000", + "frame.number": "7736", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000100c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd85", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "685", + "tcp.ack": "5158", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fa63", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:36.676445000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495576.676445000", + "frame.time_delta": "1.724854000", + "frame.time_delta_displayed": "1.724854000", + "frame.time_relative": "1985.215759000", + "frame.number": "7737", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x0000211f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6f5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53846", + "udp.dstport": "1900", + "udp.port": "53846", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00007807", + "udp.checksum.status": "2", + "udp.stream": "140" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:36.814331000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495576.814331000", + "frame.time_delta": "0.137886000", + "frame.time_delta_displayed": "0.137886000", + "frame.time_relative": "1985.353645000", + "frame.number": "7738", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005ec0", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005929", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:37.261593000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495577.261593000", + "frame.time_delta": "0.447262000", + "frame.time_delta_displayed": "0.447262000", + "frame.time_relative": "1985.800907000", + "frame.number": "7739", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000085b4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003197", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "305", + "udp.checksum": "0x0000f2c4", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:37.314404000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495577.314404000", + "frame.time_delta": "0.052811000", + "frame.time_delta_displayed": "0.052811000", + "frame.time_relative": "1985.853718000", + "frame.number": "7740", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000085b5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000318d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "314", + "udp.checksum": "0x000000b0", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "7739" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:37.367229000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495577.367229000", + "frame.time_delta": "0.052825000", + "frame.time_delta_displayed": "0.052825000", + "frame.time_relative": "1985.906543000", + "frame.number": "7741", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000085b7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003191", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "308", + "udp.checksum": "0x0000243a", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "7740" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:37.677375000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495577.677375000", + "frame.time_delta": "0.310146000", + "frame.time_delta_displayed": "0.310146000", + "frame.time_relative": "1986.216689000", + "frame.number": "7742", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002120", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6f4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53846", + "udp.dstport": "1900", + "udp.port": "53846", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00007807", + "udp.checksum.status": "2", + "udp.stream": "140" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "7737" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:37.681490000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495577.681490000", + "frame.time_delta": "0.004115000", + "frame.time_delta_displayed": "0.004115000", + "frame.time_relative": "1986.220804000", + "frame.number": "7743", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fdd", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b813", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001869", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000028b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=651", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:37.682018000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495577.682018000", + "frame.time_delta": "0.000528000", + "frame.time_delta_displayed": "0.000528000", + "frame.time_relative": "1986.221332000", + "frame.number": "7744", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fde", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000990e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f964", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000028b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=651", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:37.683613000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495577.683613000", + "frame.time_delta": "0.001595000", + "frame.time_delta_displayed": "0.001595000", + "frame.time_relative": "1986.222927000", + "frame.number": "7745", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000872a", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000028b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=651", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:37.800442000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495577.800442000", + "frame.time_delta": "0.116829000", + "frame.time_delta_displayed": "0.116829000", + "frame.time_relative": "1986.339756000", + "frame.number": "7746", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:37.800880000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495577.800880000", + "frame.time_delta": "0.000438000", + "frame.time_delta_displayed": "0.000438000", + "frame.time_relative": "1986.340194000", + "frame.number": "7747", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:38.266657000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495578.266657000", + "frame.time_delta": "0.465777000", + "frame.time_delta_displayed": "0.465777000", + "frame.time_relative": "1986.805971000", + "frame.number": "7748", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00008607", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003144", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "305", + "udp.checksum": "0x0000f2c4", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "7741" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:38.319451000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495578.319451000", + "frame.time_delta": "0.052794000", + "frame.time_delta_displayed": "0.052794000", + "frame.time_relative": "1986.858765000", + "frame.number": "7749", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000860c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003136", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "314", + "udp.checksum": "0x000000b0", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "7748" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:38.372232000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495578.372232000", + "frame.time_delta": "0.052781000", + "frame.time_delta_displayed": "0.052781000", + "frame.time_relative": "1986.911546000", + "frame.number": "7750", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000860f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003139", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "308", + "udp.checksum": "0x0000243a", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "7749" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:38.678652000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495578.678652000", + "frame.time_delta": "0.306420000", + "frame.time_delta_displayed": "0.306420000", + "frame.time_relative": "1987.217966000", + "frame.number": "7751", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002121", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53846", + "udp.dstport": "1900", + "udp.port": "53846", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00007807", + "udp.checksum.status": "2", + "udp.stream": "140" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "7742" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:38.793213000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495578.793213000", + "frame.time_delta": "0.114561000", + "frame.time_delta_displayed": "0.114561000", + "frame.time_relative": "1987.332527000", + "frame.number": "7752", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000861c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000312f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "305", + "udp.checksum": "0x0000f2c4", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "7750" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:38.845993000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495578.845993000", + "frame.time_delta": "0.052780000", + "frame.time_delta_displayed": "0.052780000", + "frame.time_relative": "1987.385307000", + "frame.number": "7753", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000861d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003125", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "314", + "udp.checksum": "0x000000b0", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "7752" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:38.898800000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495578.898800000", + "frame.time_delta": "0.052807000", + "frame.time_delta_displayed": "0.052807000", + "frame.time_relative": "1987.438114000", + "frame.number": "7754", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00008623", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003125", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "308", + "udp.checksum": "0x0000243a", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "7753" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:39.678785000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495579.678785000", + "frame.time_delta": "0.779985000", + "frame.time_delta_displayed": "0.779985000", + "frame.time_relative": "1988.218099000", + "frame.number": "7755", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002122", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6f2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53846", + "udp.dstport": "1900", + "udp.port": "53846", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00007807", + "udp.checksum.status": "2", + "udp.stream": "140" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "7751" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:39.818299000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495579.818299000", + "frame.time_delta": "0.139514000", + "frame.time_delta_displayed": "0.139514000", + "frame.time_relative": "1988.357613000", + "frame.number": "7756", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:39.818484000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495579.818484000", + "frame.time_delta": "0.000185000", + "frame.time_delta_displayed": "0.000185000", + "frame.time_relative": "1988.357798000", + "frame.number": "7757", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:39.845718000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495579.845718000", + "frame.time_delta": "0.027234000", + "frame.time_delta_displayed": "0.027234000", + "frame.time_relative": "1988.385032000", + "frame.number": "7758", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00008627", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003124", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "305", + "udp.checksum": "0x0000f2c4", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "7754" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:39.898539000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495579.898539000", + "frame.time_delta": "0.052821000", + "frame.time_delta_displayed": "0.052821000", + "frame.time_relative": "1988.437853000", + "frame.number": "7759", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000862d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003115", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "314", + "udp.checksum": "0x000000b0", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "7758" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:39.951334000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495579.951334000", + "frame.time_delta": "0.052795000", + "frame.time_delta_displayed": "0.052795000", + "frame.time_relative": "1988.490648000", + "frame.number": "7760", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000862f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003119", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "308", + "udp.checksum": "0x0000243a", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "7759" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:40.199291000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495580.199291000", + "frame.time_delta": "0.247957000", + "frame.time_delta_displayed": "0.247957000", + "frame.time_relative": "1988.738605000", + "frame.number": "7761", + "frame.len": "142", + "frame.cap_len": "142", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:adwin_config" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "128", + "ip.id": "0x00000bac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ecd8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "108", + "udp.checksum": "0x0000dfe5", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "adwin_config": { + "adwin_config.command": "1409286244", + "adwin_config.version": "1380667970", + "adwin_config.mac": "d0:73:d5:02:41:da", + "adwin_config.unused": "", + "adwin_config.server_ip": "88.70.73.76", + "adwin_config.unused": "", + "adwin_config.netmask": "85.106.234.132", + "adwin_config.unused": "", + "adwin_config.gateway": "0.0.0.59", + "adwin_config.unused": "", + "adwin_config.dhcp": "1", + "adwin_config.port": "351456827", + "adwin_config.password": "", + "adwin_config.bootloader": "0", + "adwin_config.unused": "", + "adwin_config.description": "", + "adwin_config.date": "", + "adwin_config.revision": "", + "adwin_config.processor_type_raw": "", + "adwin_config.processor_type": "Unknown", + "adwin_config.system_type_raw": "", + "adwin_config.system_type": "Unknown" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:40.950876000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495580.950876000", + "frame.time_delta": "0.751585000", + "frame.time_delta_displayed": "0.751585000", + "frame.time_relative": "1989.490190000", + "frame.number": "7762", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00008676", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000030d5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "305", + "udp.checksum": "0x0000f2c4", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "7760" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:41.003666000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495581.003666000", + "frame.time_delta": "0.052790000", + "frame.time_delta_displayed": "0.052790000", + "frame.time_relative": "1989.542980000", + "frame.number": "7763", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00008679", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000030c9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "314", + "udp.checksum": "0x000000b0", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "7762" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:41.056572000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495581.056572000", + "frame.time_delta": "0.052906000", + "frame.time_delta_displayed": "0.052906000", + "frame.time_relative": "1989.595886000", + "frame.number": "7764", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000867b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000030cd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "308", + "udp.checksum": "0x0000243a", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "7763" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:42.003743000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495582.003743000", + "frame.time_delta": "0.947171000", + "frame.time_delta_displayed": "0.947171000", + "frame.time_relative": "1990.543057000", + "frame.number": "7765", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000086b5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003096", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "305", + "udp.checksum": "0x0000f2c4", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "7764" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:42.056509000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495582.056509000", + "frame.time_delta": "0.052766000", + "frame.time_delta_displayed": "0.052766000", + "frame.time_relative": "1990.595823000", + "frame.number": "7766", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000086b9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003089", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "314", + "udp.checksum": "0x000000b0", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "7765" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:42.109332000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495582.109332000", + "frame.time_delta": "0.052823000", + "frame.time_delta_displayed": "0.052823000", + "frame.time_relative": "1990.648646000", + "frame.number": "7767", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000086bc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000308c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "308", + "udp.checksum": "0x0000243a", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "7766" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:42.267289000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495582.267289000", + "frame.time_delta": "0.157957000", + "frame.time_delta_displayed": "0.157957000", + "frame.time_relative": "1990.806603000", + "frame.number": "7768", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000086be", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000308d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "305", + "udp.checksum": "0x0000f2c4", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "7767" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:42.320054000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495582.320054000", + "frame.time_delta": "0.052765000", + "frame.time_delta_displayed": "0.052765000", + "frame.time_relative": "1990.859368000", + "frame.number": "7769", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000086c4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000307e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "314", + "udp.checksum": "0x000000b0", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "7768" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:42.372781000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495582.372781000", + "frame.time_delta": "0.052727000", + "frame.time_delta_displayed": "0.052727000", + "frame.time_relative": "1990.912095000", + "frame.number": "7770", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000086c8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003080", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "308", + "udp.checksum": "0x0000243a", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "7769" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:42.682349000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495582.682349000", + "frame.time_delta": "0.309568000", + "frame.time_delta_displayed": "0.309568000", + "frame.time_relative": "1991.221663000", + "frame.number": "7771", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fdf", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b811", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001869", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000028b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=651", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:42.682719000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495582.682719000", + "frame.time_delta": "0.000370000", + "frame.time_delta_displayed": "0.000370000", + "frame.time_relative": "1991.222033000", + "frame.number": "7772", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fe0", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000990c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f964", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000028b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=651", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:42.683149000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495582.683149000", + "frame.time_delta": "0.000430000", + "frame.time_delta_displayed": "0.000430000", + "frame.time_relative": "1991.222463000", + "frame.number": "7773", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000872a", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000028b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=651", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:43.319846000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495583.319846000", + "frame.time_delta": "0.636697000", + "frame.time_delta_displayed": "0.636697000", + "frame.time_relative": "1991.859160000", + "frame.number": "7774", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x000086cc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000307f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "305", + "udp.checksum": "0x0000f2c4", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "7770" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:43.372626000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495583.372626000", + "frame.time_delta": "0.052780000", + "frame.time_delta_displayed": "0.052780000", + "frame.time_relative": "1991.911940000", + "frame.number": "7775", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x000086d1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003071", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "314", + "udp.checksum": "0x000000b0", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "7774" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:43.458304000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495583.458304000", + "frame.time_delta": "0.085678000", + "frame.time_delta_displayed": "0.085678000", + "frame.time_relative": "1991.997618000", + "frame.number": "7776", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x000086d6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003072", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "53846", + "udp.port": "1900", + "udp.port": "53846", + "udp.length": "308", + "udp.checksum": "0x0000243a", + "udp.checksum.status": "2", + "udp.stream": "141" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "7775" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:52.769399000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495592.769399000", + "frame.time_delta": "9.311095000", + "frame.time_delta_displayed": "9.311095000", + "frame.time_relative": "2001.308713000", + "frame.number": "7777", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:nbns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00005ec4", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x0000591f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "137", + "udp.dstport": "137", + "udp.port": "137", + "udp.port": "137", + "udp.length": "58", + "udp.checksum": "0x0000a41e", + "udp.checksum.status": "2", + "udp.stream": "28" + }, + "nbns": { + "nbns.id": "0x0000961f", + "nbns.flags": "0x00000110", + "nbns.flags_tree": { + "nbns.flags.response": "0", + "nbns.flags.opcode": "0", + "nbns.flags.truncated": "0", + "nbns.flags.recdesired": "1", + "nbns.flags.broadcast": "1" + }, + "nbns.count.queries": "1", + "nbns.count.answers": "0", + "nbns.count.auth_rr": "0", + "nbns.count.add_rr": "0", + "Queries": { + "WPAD<00>: type NB, class IN": { + "nbns.name": "WPAD<00>", + "nbns.type": "32", + "nbns.class": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:52.770496000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495592.770496000", + "frame.time_delta": "0.001097000", + "frame.time_delta_displayed": "0.001097000", + "frame.time_relative": "2001.309810000", + "frame.number": "7778", + "frame.len": "84", + "frame.cap_len": "84", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" + }, + "eth": { + "eth.dst": "33:33:00:01:00:03", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:03", + "eth.addr": "33:33:00:01:00:03", + "eth.addr_resolved": "IPv6mcast_01:00:03", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x000008f3", + "ipv6.plen": "30", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::790f:988f:49cf:68ba", + "ipv6.addr": "fe80::790f:988f:49cf:68ba", + "ipv6.src_host": "fe80::790f:988f:49cf:68ba", + "ipv6.host": "fe80::790f:988f:49cf:68ba", + "ipv6.dst": "ff02::1:3", + "ipv6.addr": "ff02::1:3", + "ipv6.dst_host": "ff02::1:3", + "ipv6.host": "ff02::1:3", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60230", + "udp.dstport": "5355", + "udp.port": "60230", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000fcb6", + "udp.checksum.status": "2", + "udp.stream": "142" + }, + "llmnr": { + "dns.id": "0x0000683d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type A, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:52.771129000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495592.771129000", + "frame.time_delta": "0.000633000", + "frame.time_delta_displayed": "0.000633000", + "frame.time_relative": "2001.310443000", + "frame.number": "7779", + "frame.len": "64", + "frame.cap_len": "64", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:llmnr" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fc", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fc", + "eth.addr": "01:00:5e:00:00:fc", + "eth.addr_resolved": "IPv4mcast_fc", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "50", + "ip.id": "0x0000057e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000122d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "224.0.0.252", + "ip.addr": "224.0.0.252", + "ip.dst_host": "224.0.0.252", + "ip.host": "224.0.0.252", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60230", + "udp.dstport": "5355", + "udp.port": "60230", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x00001c56", + "udp.checksum.status": "2", + "udp.stream": "143" + }, + "llmnr": { + "dns.id": "0x0000683d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type A, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:52.771692000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495592.771692000", + "frame.time_delta": "0.000563000", + "frame.time_delta_displayed": "0.000563000", + "frame.time_relative": "2001.311006000", + "frame.number": "7780", + "frame.len": "64", + "frame.cap_len": "64", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:llmnr" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fc", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fc", + "eth.addr": "01:00:5e:00:00:fc", + "eth.addr_resolved": "IPv4mcast_fc", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "50", + "ip.id": "0x0000057f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000122c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "224.0.0.252", + "ip.addr": "224.0.0.252", + "ip.dst_host": "224.0.0.252", + "ip.host": "224.0.0.252", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51850", + "udp.dstport": "5355", + "udp.port": "51850", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000700e", + "udp.checksum.status": "2", + "udp.stream": "144" + }, + "llmnr": { + "dns.id": "0x00003526", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type AAAA, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:52.772274000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495592.772274000", + "frame.time_delta": "0.000582000", + "frame.time_delta_displayed": "0.000582000", + "frame.time_relative": "2001.311588000", + "frame.number": "7781", + "frame.len": "84", + "frame.cap_len": "84", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" + }, + "eth": { + "eth.dst": "33:33:00:01:00:03", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:03", + "eth.addr": "33:33:00:01:00:03", + "eth.addr_resolved": "IPv6mcast_01:00:03", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x000dc88a", + "ipv6.plen": "30", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::790f:988f:49cf:68ba", + "ipv6.addr": "fe80::790f:988f:49cf:68ba", + "ipv6.src_host": "fe80::790f:988f:49cf:68ba", + "ipv6.host": "fe80::790f:988f:49cf:68ba", + "ipv6.dst": "ff02::1:3", + "ipv6.addr": "ff02::1:3", + "ipv6.dst_host": "ff02::1:3", + "ipv6.host": "ff02::1:3", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51850", + "udp.dstport": "5355", + "udp.port": "51850", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000506f", + "udp.checksum.status": "2", + "udp.stream": "145" + }, + "llmnr": { + "dns.id": "0x00003526", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type AAAA, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:53.180856000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495593.180856000", + "frame.time_delta": "0.408582000", + "frame.time_delta_displayed": "0.408582000", + "frame.time_relative": "2001.720170000", + "frame.number": "7782", + "frame.len": "84", + "frame.cap_len": "84", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" + }, + "eth": { + "eth.dst": "33:33:00:01:00:03", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:03", + "eth.addr": "33:33:00:01:00:03", + "eth.addr_resolved": "IPv6mcast_01:00:03", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x000008f3", + "ipv6.plen": "30", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::790f:988f:49cf:68ba", + "ipv6.addr": "fe80::790f:988f:49cf:68ba", + "ipv6.src_host": "fe80::790f:988f:49cf:68ba", + "ipv6.host": "fe80::790f:988f:49cf:68ba", + "ipv6.dst": "ff02::1:3", + "ipv6.addr": "ff02::1:3", + "ipv6.dst_host": "ff02::1:3", + "ipv6.host": "ff02::1:3", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60230", + "udp.dstport": "5355", + "udp.port": "60230", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000fcb6", + "udp.checksum.status": "2", + "udp.stream": "142" + }, + "llmnr": { + "dns.id": "0x0000683d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type A, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:53.181473000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495593.181473000", + "frame.time_delta": "0.000617000", + "frame.time_delta_displayed": "0.000617000", + "frame.time_relative": "2001.720787000", + "frame.number": "7783", + "frame.len": "64", + "frame.cap_len": "64", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:llmnr" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fc", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fc", + "eth.addr": "01:00:5e:00:00:fc", + "eth.addr_resolved": "IPv4mcast_fc", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "50", + "ip.id": "0x00000580", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000122b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "224.0.0.252", + "ip.addr": "224.0.0.252", + "ip.dst_host": "224.0.0.252", + "ip.host": "224.0.0.252", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60230", + "udp.dstport": "5355", + "udp.port": "60230", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x00001c56", + "udp.checksum.status": "2", + "udp.stream": "143" + }, + "llmnr": { + "dns.id": "0x0000683d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type A, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:53.182691000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495593.182691000", + "frame.time_delta": "0.001218000", + "frame.time_delta_displayed": "0.001218000", + "frame.time_relative": "2001.722005000", + "frame.number": "7784", + "frame.len": "84", + "frame.cap_len": "84", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" + }, + "eth": { + "eth.dst": "33:33:00:01:00:03", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:03", + "eth.addr": "33:33:00:01:00:03", + "eth.addr_resolved": "IPv6mcast_01:00:03", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x000dc88a", + "ipv6.plen": "30", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::790f:988f:49cf:68ba", + "ipv6.addr": "fe80::790f:988f:49cf:68ba", + "ipv6.src_host": "fe80::790f:988f:49cf:68ba", + "ipv6.host": "fe80::790f:988f:49cf:68ba", + "ipv6.dst": "ff02::1:3", + "ipv6.addr": "ff02::1:3", + "ipv6.dst_host": "ff02::1:3", + "ipv6.host": "ff02::1:3", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51850", + "udp.dstport": "5355", + "udp.port": "51850", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000506f", + "udp.checksum.status": "2", + "udp.stream": "145" + }, + "llmnr": { + "dns.id": "0x00003526", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type AAAA, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:53.183321000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495593.183321000", + "frame.time_delta": "0.000630000", + "frame.time_delta_displayed": "0.000630000", + "frame.time_relative": "2001.722635000", + "frame.number": "7785", + "frame.len": "64", + "frame.cap_len": "64", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:llmnr" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fc", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fc", + "eth.addr": "01:00:5e:00:00:fc", + "eth.addr_resolved": "IPv4mcast_fc", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "50", + "ip.id": "0x00000581", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000122a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "224.0.0.252", + "ip.addr": "224.0.0.252", + "ip.dst_host": "224.0.0.252", + "ip.host": "224.0.0.252", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51850", + "udp.dstport": "5355", + "udp.port": "51850", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000700e", + "udp.checksum.status": "2", + "udp.stream": "144" + }, + "llmnr": { + "dns.id": "0x00003526", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type AAAA, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:53.519411000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495593.519411000", + "frame.time_delta": "0.336090000", + "frame.time_delta_displayed": "0.336090000", + "frame.time_relative": "2002.058725000", + "frame.number": "7786", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:nbns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00005ec5", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x0000591e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "137", + "udp.dstport": "137", + "udp.port": "137", + "udp.port": "137", + "udp.length": "58", + "udp.checksum": "0x0000a41e", + "udp.checksum.status": "2", + "udp.stream": "28" + }, + "nbns": { + "nbns.id": "0x0000961f", + "nbns.flags": "0x00000110", + "nbns.flags_tree": { + "nbns.flags.response": "0", + "nbns.flags.opcode": "0", + "nbns.flags.truncated": "0", + "nbns.flags.recdesired": "1", + "nbns.flags.broadcast": "1" + }, + "nbns.count.queries": "1", + "nbns.count.answers": "0", + "nbns.count.auth_rr": "0", + "nbns.count.add_rr": "0", + "Queries": { + "WPAD<00>: type NB, class IN": { + "nbns.name": "WPAD<00>", + "nbns.type": "32", + "nbns.class": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:19:54.269494000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495594.269494000", + "frame.time_delta": "0.750083000", + "frame.time_delta_displayed": "0.750083000", + "frame.time_relative": "2002.808808000", + "frame.number": "7787", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:nbns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00005ec6", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x0000591d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "137", + "udp.dstport": "137", + "udp.port": "137", + "udp.port": "137", + "udp.length": "58", + "udp.checksum": "0x0000a41e", + "udp.checksum.status": "2", + "udp.stream": "28" + }, + "nbns": { + "nbns.id": "0x0000961f", + "nbns.flags": "0x00000110", + "nbns.flags_tree": { + "nbns.flags.response": "0", + "nbns.flags.opcode": "0", + "nbns.flags.truncated": "0", + "nbns.flags.recdesired": "1", + "nbns.flags.broadcast": "1" + }, + "nbns.count.queries": "1", + "nbns.count.answers": "0", + "nbns.count.auth_rr": "0", + "nbns.count.add_rr": "0", + "Queries": { + "WPAD<00>: type NB, class IN": { + "nbns.name": "WPAD<00>", + "nbns.type": "32", + "nbns.class": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:03.810447000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495603.810447000", + "frame.time_delta": "9.540953000", + "frame.time_delta_displayed": "9.540953000", + "frame.time_relative": "2012.349761000", + "frame.number": "7788", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x000096f0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000765e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "91768", + "tcp.nxtseq": "91817", + "tcp.ack": "18698", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b56e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:c3:06:a7:a2:8a:3a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2605830, TSecr 2812447290": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2605830", + "tcp.options.timestamp.tsecr": "2812447290" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:89:22:27:2b:bc:ee:51:aa:e5:ca:42:23:bd:10:0c:8b:cb:3d:23:e3:f9:df:37:d9:19:33:ee:48:01:79:a4:9f:41:4a:a0:e1:92" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:03.872424000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495603.872424000", + "frame.time_delta": "0.061977000", + "frame.time_delta_displayed": "0.061977000", + "frame.time_relative": "2012.411738000", + "frame.number": "7789", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002de6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003762", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "18698", + "tcp.nxtseq": "18753", + "tcp.ack": "91817", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d0fd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a2:a8:94:00:27:c3:06", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812455060, TSecr 2605830": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812455060", + "tcp.options.timestamp.tsecr": "2605830" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7788", + "tcp.analysis.ack_rtt": "0.061977000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:d1:08:27:20:b3:99:26:08:48:87:47:ba:01:ea:0b:11:fd:a6:df:df:96:d4:4c:b1:fe:1c:e5:d5:fa:36:0c:98:89:2b:37:e6:19:fd:5b:5c:20:f8:d1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:03.872915000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495603.872915000", + "frame.time_delta": "0.000491000", + "frame.time_delta_displayed": "0.000491000", + "frame.time_relative": "2012.412229000", + "frame.number": "7790", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000096f1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000768e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "91817", + "tcp.ack": "18753", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008c0c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:c3:0c:a7:a2:a8:94", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2605836, TSecr 2812455060": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2605836", + "tcp.options.timestamp.tsecr": "2812455060" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7789", + "tcp.analysis.ack_rtt": "0.000491000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:04.204867000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495604.204867000", + "frame.time_delta": "0.331952000", + "frame.time_delta_displayed": "0.331952000", + "frame.time_relative": "2012.744181000", + "frame.number": "7791", + "frame.len": "94", + "frame.cap_len": "94", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "80", + "ip.id": "0x00005829", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a640", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "40", + "tcp.seq": "5158", + "tcp.nxtseq": "5198", + "tcp.ack": "685", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000026c0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "40", + "tcp.analysis.push_bytes_sent": "40" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "35", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:ee:57:ed:55:75:a6:44:03:c9:1c:e1:b1:5e:a7:64:ab:06:75:83:0a:da:82:59:d5:11:65:ae:bc" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:04.348024000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495604.348024000", + "frame.time_delta": "0.143157000", + "frame.time_delta_displayed": "0.143157000", + "frame.time_relative": "2012.887338000", + "frame.number": "7792", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x0000100d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd60", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "36", + "tcp.seq": "685", + "tcp.nxtseq": "721", + "tcp.ack": "5198", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d303", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7791", + "tcp.analysis.ack_rtt": "0.143157000", + "tcp.analysis.bytes_in_flight": "36", + "tcp.analysis.push_bytes_sent": "36" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "31", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:73:70:5a:cb:cc:2a:73:de:60:78:b2:d8:ac:06:c7:7a:53:2f:a4:38:aa:39:f8:69" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:04.348492000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495604.348492000", + "frame.time_delta": "0.000468000", + "frame.time_delta_displayed": "0.000468000", + "frame.time_relative": "2012.887806000", + "frame.number": "7793", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000582a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a667", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5198", + "tcp.ack": "721", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000efa1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7792", + "tcp.analysis.ack_rtt": "0.000468000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:06.817331000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495606.817331000", + "frame.time_delta": "2.468839000", + "frame.time_delta_displayed": "2.468839000", + "frame.time_relative": "2015.356645000", + "frame.number": "7794", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005eca", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x0000591f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:09.350314000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495609.350314000", + "frame.time_delta": "2.532983000", + "frame.time_delta_displayed": "2.532983000", + "frame.time_relative": "2017.889628000", + "frame.number": "7795", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:09.350714000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495609.350714000", + "frame.time_delta": "0.000400000", + "frame.time_delta_displayed": "0.000400000", + "frame.time_relative": "2017.890028000", + "frame.number": "7796", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:23.170508000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495623.170508000", + "frame.time_delta": "13.819794000", + "frame.time_delta_displayed": "13.819794000", + "frame.time_relative": "2031.709822000", + "frame.number": "7797", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00006d88", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00005bcf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:23.223441000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495623.223441000", + "frame.time_delta": "0.052933000", + "frame.time_delta_displayed": "0.052933000", + "frame.time_relative": "2031.762755000", + "frame.number": "7798", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00006d8c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00005bcb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:23.276305000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495623.276305000", + "frame.time_delta": "0.052864000", + "frame.time_delta_displayed": "0.052864000", + "frame.time_relative": "2031.815619000", + "frame.number": "7799", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00006d8f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00005bbf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:23.329204000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495623.329204000", + "frame.time_delta": "0.052899000", + "frame.time_delta_displayed": "0.052899000", + "frame.time_relative": "2031.868518000", + "frame.number": "7800", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00006d90", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00005bbe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:23.381985000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495623.381985000", + "frame.time_delta": "0.052781000", + "frame.time_delta_displayed": "0.052781000", + "frame.time_relative": "2031.921299000", + "frame.number": "7801", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00006d94", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00005bc0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:23.434844000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495623.434844000", + "frame.time_delta": "0.052859000", + "frame.time_delta_displayed": "0.052859000", + "frame.time_relative": "2031.974158000", + "frame.number": "7802", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00006d95", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00005bbf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:25.347651000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495625.347651000", + "frame.time_delta": "1.912807000", + "frame.time_delta_displayed": "1.912807000", + "frame.time_relative": "2033.886965000", + "frame.number": "7803", + "frame.len": "134", + "frame.cap_len": "134", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:adwin_config" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "120", + "ip.id": "0x00000bae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ecde", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "100", + "udp.checksum": "0x000058d9", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "adwin_config": { + "adwin_config.pattern": "0x5c000054", + "adwin_config.version": "1112689490", + "adwin_config.scan_id": "0xd073d502", + "adwin_config.status": "0x41da0000", + "adwin_config.timeout": "1279870552", + "adwin_config.filename": "V2", + "adwin_config.mac": "02:d3:af:c3:9f:42", + "adwin_config.unused": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:27.684298000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495627.684298000", + "frame.time_delta": "2.336647000", + "frame.time_delta_displayed": "2.336647000", + "frame.time_relative": "2036.223612000", + "frame.number": "7804", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fe6", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b80a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001768", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000028c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=652", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:27.684840000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495627.684840000", + "frame.time_delta": "0.000542000", + "frame.time_delta_displayed": "0.000542000", + "frame.time_relative": "2036.224154000", + "frame.number": "7805", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fe7", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009905", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f863", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000028c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=652", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:27.685451000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495627.685451000", + "frame.time_delta": "0.000611000", + "frame.time_delta_displayed": "0.000611000", + "frame.time_relative": "2036.224765000", + "frame.number": "7806", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008629", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000028c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=652", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:28.288716000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495628.288716000", + "frame.time_delta": "0.603265000", + "frame.time_delta_displayed": "0.603265000", + "frame.time_relative": "2036.828030000", + "frame.number": "7807", + "frame.len": "318", + "frame.cap_len": "318", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "304", + "ip.id": "0x0000b01e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x0000e4ba", + "ip.checksum.status": "2", + "ip.src": "54.219.189.243", + "ip.addr": "54.219.189.243", + "ip.src_host": "54.219.189.243", + "ip.host": "54.219.189.243", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49779", + "tcp.port": "80", + "tcp.port": "49779", + "tcp.stream": "260", + "tcp.len": "264", + "tcp.seq": "1", + "tcp.nxtseq": "265", + "tcp.ack": "258", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "15544", + "tcp.window_size": "15544", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000024c5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.016993000", + "tcp.analysis.bytes_in_flight": "264", + "tcp.analysis.push_bytes_sent": "264" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.date": "Wed, 01 Nov 2017 00:20:28 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:20:28 GMT\r\n", + "http.content_type": "text\/javascript; charset=\"UTF-8\"", + "http.response.line": "Content-Type: text\/javascript; charset=\"UTF-8\"\r\n", + "http.content_length_header": "24", + "http.content_length_header_tree": { + "http.content_length": "24" + }, + "http.response.line": "Content-Length: 24\r\n", + "http.connection": "keep-alive", + "http.response.line": "Connection: keep-alive\r\n", + "http.cache_control": "no-cache", + "http.response.line": "Cache-Control: no-cache\r\n", + "http.response.line": "Access-Control-Allow-Origin: *\r\n", + "http.response.line": "Access-Control-Allow-Methods: GET\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "280.020658000", + "http.request_in": "6673", + "http.file_data": "[[],\"15094945528362978\"]" + }, + "data-text-lines": { + "[[],\"15094945528362978\"]": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:28.322561000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495628.322561000", + "frame.time_delta": "0.033845000", + "frame.time_delta_displayed": "0.033845000", + "frame.time_relative": "2036.861875000", + "frame.number": "7808", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001065", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f57b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.189.243", + "ip.addr": "54.219.189.243", + "ip.dst_host": "54.219.189.243", + "ip.host": "54.219.189.243", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49779", + "tcp.dstport": "80", + "tcp.port": "49779", + "tcp.port": "80", + "tcp.stream": "260", + "tcp.len": "0", + "tcp.seq": "258", + "tcp.ack": "265", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5336", + "tcp.window_size": "5336", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000037c2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7807", + "tcp.analysis.ack_rtt": "0.033845000", + "tcp.analysis.initial_rtt": "0.016993000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:28.334380000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495628.334380000", + "frame.time_delta": "0.011819000", + "frame.time_delta_displayed": "0.011819000", + "frame.time_relative": "2036.873694000", + "frame.number": "7809", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b01f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x0000e5c1", + "ip.checksum.status": "2", + "ip.src": "54.219.189.243", + "ip.addr": "54.219.189.243", + "ip.src_host": "54.219.189.243", + "ip.host": "54.219.189.243", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49779", + "tcp.port": "80", + "tcp.port": "49779", + "tcp.stream": "260", + "tcp.len": "0", + "tcp.seq": "265", + "tcp.ack": "259", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "15544", + "tcp.window_size": "15544", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00000fe1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7808", + "tcp.analysis.ack_rtt": "0.011819000", + "tcp.analysis.initial_rtt": "0.016993000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:28.340656000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495628.340656000", + "frame.time_delta": "0.006276000", + "frame.time_delta_displayed": "0.006276000", + "frame.time_relative": "2036.879970000", + "frame.number": "7810", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001066", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f57a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.189.243", + "ip.addr": "54.219.189.243", + "ip.dst_host": "54.219.189.243", + "ip.host": "54.219.189.243", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49779", + "tcp.dstport": "80", + "tcp.port": "49779", + "tcp.port": "80", + "tcp.stream": "260", + "tcp.len": "0", + "tcp.seq": "259", + "tcp.ack": "266", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5335", + "tcp.window_size": "5335", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000037c2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7809", + "tcp.analysis.ack_rtt": "0.006276000", + "tcp.analysis.initial_rtt": "0.016993000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:28.850988000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495628.850988000", + "frame.time_delta": "0.510332000", + "frame.time_delta_displayed": "0.510332000", + "frame.time_relative": "2037.390302000", + "frame.number": "7811", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:29.328995000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495629.328995000", + "frame.time_delta": "0.478007000", + "frame.time_delta_displayed": "0.478007000", + "frame.time_relative": "2037.868309000", + "frame.number": "7812", + "frame.len": "77", + "frame.cap_len": "77", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "63", + "ip.id": "0x00001067", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000297d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49153", + "udp.dstport": "53", + "udp.port": "49153", + "udp.port": "53", + "udp.length": "43", + "udp.checksum": "0x0000ae31", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "pubsub.pubnub.com: type A, class IN": { + "dns.qry.name": "pubsub.pubnub.com", + "dns.qry.name.len": "17", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:29.330815000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495629.330815000", + "frame.time_delta": "0.001820000", + "frame.time_delta_displayed": "0.001820000", + "frame.time_relative": "2037.870129000", + "frame.number": "7813", + "frame.len": "540", + "frame.cap_len": "540", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "526", + "ip.id": "0x00003ad4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007c41", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49153", + "udp.port": "53", + "udp.port": "49153", + "udp.length": "506", + "udp.checksum": "0x000083d5", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.response_to": "7812", + "dns.time": "0.001820000", + "dns.id": "0x00000000", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "2", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "11", + "Queries": { + "pubsub.pubnub.com: type A, class IN": { + "dns.qry.name": "pubsub.pubnub.com", + "dns.qry.name.len": "17", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "pubsub.pubnub.com: type A, class IN, addr 54.241.191.240": { + "dns.resp.name": "pubsub.pubnub.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "126", + "dns.resp.len": "4", + "dns.a": "54.241.191.240" + }, + "pubsub.pubnub.com: type A, class IN, addr 54.241.191.234": { + "dns.resp.name": "pubsub.pubnub.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "126", + "dns.resp.len": "4", + "dns.a": "54.241.191.234" + } + }, + "Authoritative nameservers": { + "pubnub.com: type NS, class IN, ns ns-1979.awsdns-55.co.uk": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51930", + "dns.resp.len": "25", + "dns.ns": "ns-1979.awsdns-55.co.uk" + }, + "pubnub.com: type NS, class IN, ns ns-22.awsdns-02.com": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51930", + "dns.resp.len": "18", + "dns.ns": "ns-22.awsdns-02.com" + }, + "pubnub.com: type NS, class IN, ns ns3.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51930", + "dns.resp.len": "20", + "dns.ns": "ns3.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns2.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51930", + "dns.resp.len": "6", + "dns.ns": "ns2.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns-907.awsdns-49.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51930", + "dns.resp.len": "19", + "dns.ns": "ns-907.awsdns-49.net" + }, + "pubnub.com: type NS, class IN, ns ns1.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51930", + "dns.resp.len": "6", + "dns.ns": "ns1.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns-1127.awsdns-12.org": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51930", + "dns.resp.len": "23", + "dns.ns": "ns-1127.awsdns-12.org" + }, + "pubnub.com: type NS, class IN, ns ns4.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51930", + "dns.resp.len": "6", + "dns.ns": "ns4.p19.dynect.net" + } + }, + "Additional records": { + "ns1.p19.dynect.net: type A, class IN, addr 208.78.70.19": { + "dns.resp.name": "ns1.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4221", + "dns.resp.len": "4", + "dns.a": "208.78.70.19" + }, + "ns2.p19.dynect.net: type A, class IN, addr 204.13.250.19": { + "dns.resp.name": "ns2.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56181", + "dns.resp.len": "4", + "dns.a": "204.13.250.19" + }, + "ns3.p19.dynect.net: type A, class IN, addr 208.78.71.19": { + "dns.resp.name": "ns3.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2491", + "dns.resp.len": "4", + "dns.a": "208.78.71.19" + }, + "ns4.p19.dynect.net: type A, class IN, addr 204.13.251.19": { + "dns.resp.name": "ns4.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56182", + "dns.resp.len": "4", + "dns.a": "204.13.251.19" + }, + "ns-22.awsdns-02.com: type A, class IN, addr 205.251.192.22": { + "dns.resp.name": "ns-22.awsdns-02.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56923", + "dns.resp.len": "4", + "dns.a": "205.251.192.22" + }, + "ns-907.awsdns-49.net: type A, class IN, addr 205.251.195.139": { + "dns.resp.name": "ns-907.awsdns-49.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57031", + "dns.resp.len": "4", + "dns.a": "205.251.195.139" + }, + "ns-1127.awsdns-12.org: type A, class IN, addr 205.251.196.103": { + "dns.resp.name": "ns-1127.awsdns-12.org", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56573", + "dns.resp.len": "4", + "dns.a": "205.251.196.103" + }, + "ns-1979.awsdns-55.co.uk: type A, class IN, addr 205.251.199.187": { + "dns.resp.name": "ns-1979.awsdns-55.co.uk", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56374", + "dns.resp.len": "4", + "dns.a": "205.251.199.187" + }, + "ns-22.awsdns-02.com: type AAAA, class IN, addr 2600:9000:5300:1600::1": { + "dns.resp.name": "ns-22.awsdns-02.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56923", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5300:1600::1" + }, + "ns-907.awsdns-49.net: type AAAA, class IN, addr 2600:9000:5303:8b00::1": { + "dns.resp.name": "ns-907.awsdns-49.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "57031", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5303:8b00::1" + }, + "ns-1127.awsdns-12.org: type AAAA, class IN, addr 2600:9000:5304:6700::1": { + "dns.resp.name": "ns-1127.awsdns-12.org", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56573", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5304:6700::1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:29.338146000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495629.338146000", + "frame.time_delta": "0.007331000", + "frame.time_delta_displayed": "0.007331000", + "frame.time_relative": "2037.877460000", + "frame.number": "7814", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00001068", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f361", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.240", + "ip.addr": "54.241.191.240", + "ip.dst_host": "54.241.191.240", + "ip.host": "54.241.191.240", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49780", + "tcp.dstport": "80", + "tcp.port": "49780", + "tcp.port": "80", + "tcp.stream": "305", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.checksum": "0x0000dd5f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:78", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1400" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:29.351600000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495629.351600000", + "frame.time_delta": "0.013454000", + "frame.time_delta_displayed": "0.013454000", + "frame.time_relative": "2037.890914000", + "frame.number": "7815", + "frame.len": "58", + "frame.cap_len": "58", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x000093ca", + "ip.checksum.status": "2", + "ip.src": "54.241.191.240", + "ip.addr": "54.241.191.240", + "ip.src_host": "54.241.191.240", + "ip.host": "54.241.191.240", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49780", + "tcp.port": "80", + "tcp.port": "49780", + "tcp.stream": "305", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x00002f03", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7814", + "tcp.analysis.ack_rtt": "0.013454000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:29.356849000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495629.356849000", + "frame.time_delta": "0.005249000", + "frame.time_delta_displayed": "0.005249000", + "frame.time_relative": "2037.896163000", + "frame.number": "7816", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001069", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f364", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.240", + "ip.addr": "54.241.191.240", + "ip.dst_host": "54.241.191.240", + "ip.host": "54.241.191.240", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49780", + "tcp.dstport": "80", + "tcp.port": "49780", + "tcp.port": "80", + "tcp.stream": "305", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000069e8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7815", + "tcp.analysis.ack_rtt": "0.005249000", + "tcp.analysis.initial_rtt": "0.018703000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:29.375974000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495629.375974000", + "frame.time_delta": "0.019125000", + "frame.time_delta_displayed": "0.019125000", + "frame.time_relative": "2037.915288000", + "frame.number": "7817", + "frame.len": "69", + "frame.cap_len": "69", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "55", + "ip.id": "0x0000106a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f354", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.240", + "ip.addr": "54.241.191.240", + "ip.dst_host": "54.241.191.240", + "ip.host": "54.241.191.240", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49780", + "tcp.dstport": "80", + "tcp.port": "49780", + "tcp.port": "80", + "tcp.stream": "305", + "tcp.len": "15", + "tcp.seq": "1", + "tcp.nxtseq": "16", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000b263", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018703000", + "tcp.analysis.bytes_in_flight": "15", + "tcp.analysis.push_bytes_sent": "15" + }, + "tcp.segment_data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:29.388548000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495629.388548000", + "frame.time_delta": "0.012574000", + "frame.time_delta_displayed": "0.012574000", + "frame.time_relative": "2037.927862000", + "frame.number": "7818", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cc13", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x0000c7ba", + "ip.checksum.status": "2", + "ip.src": "54.241.191.240", + "ip.addr": "54.241.191.240", + "ip.src_host": "54.241.191.240", + "ip.host": "54.241.191.240", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49780", + "tcp.port": "80", + "tcp.port": "49780", + "tcp.stream": "305", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "16", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000046b1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7817", + "tcp.analysis.ack_rtt": "0.012574000", + "tcp.analysis.initial_rtt": "0.018703000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:29.393675000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495629.393675000", + "frame.time_delta": "0.005127000", + "frame.time_delta_displayed": "0.005127000", + "frame.time_relative": "2037.932989000", + "frame.number": "7819", + "frame.len": "296", + "frame.cap_len": "296", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "282", + "ip.id": "0x0000106b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f270", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.240", + "ip.addr": "54.241.191.240", + "ip.dst_host": "54.241.191.240", + "ip.host": "54.241.191.240", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49780", + "tcp.dstport": "80", + "tcp.port": "49780", + "tcp.port": "80", + "tcp.stream": "305", + "tcp.len": "242", + "tcp.seq": "16", + "tcp.nxtseq": "258", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000e8f6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018703000", + "tcp.analysis.bytes_in_flight": "242", + "tcp.analysis.push_bytes_sent": "242" + }, + "tcp.segment_data": "73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" + }, + "tcp.segments": { + "tcp.segment": "7817", + "tcp.segment": "7819", + "tcp.segment.count": "2", + "tcp.reassembled.length": "257", + "tcp.reassembled.data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f:73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" + }, + "http": { + "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "pubsub.pubnub.com", + "http.request.line": "Host: pubsub.pubnub.com\r\n", + "http.user_agent": "lwsockets\/0.1", + "http.request.line": "User-Agent: lwsockets\/0.1\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.cache_control": "no-cache, no-store, max-age=0", + "http.request.line": "Cache-Control: no-cache, no-store, max-age=0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/pubsub.pubnub.com\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:29.407028000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495629.407028000", + "frame.time_delta": "0.013353000", + "frame.time_delta_displayed": "0.013353000", + "frame.time_relative": "2037.946342000", + "frame.number": "7820", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cc14", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x0000c7b9", + "ip.checksum.status": "2", + "ip.src": "54.241.191.240", + "ip.addr": "54.241.191.240", + "ip.src_host": "54.241.191.240", + "ip.host": "54.241.191.240", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49780", + "tcp.port": "80", + "tcp.port": "49780", + "tcp.stream": "305", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "258", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "15544", + "tcp.window_size": "15544", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000420f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7819", + "tcp.analysis.ack_rtt": "0.013353000", + "tcp.analysis.initial_rtt": "0.018703000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:32.684570000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495632.684570000", + "frame.time_delta": "3.277542000", + "frame.time_delta_displayed": "3.277542000", + "frame.time_relative": "2041.223884000", + "frame.number": "7821", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fe8", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b808", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001768", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000028c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=652", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:32.685097000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495632.685097000", + "frame.time_delta": "0.000527000", + "frame.time_delta_displayed": "0.000527000", + "frame.time_relative": "2041.224411000", + "frame.number": "7822", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fe9", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009903", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f863", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000028c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=652", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:32.685743000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495632.685743000", + "frame.time_delta": "0.000646000", + "frame.time_delta_displayed": "0.000646000", + "frame.time_relative": "2041.225057000", + "frame.number": "7823", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008629", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000028c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=652", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:33.290196000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495633.290196000", + "frame.time_delta": "0.604453000", + "frame.time_delta_displayed": "0.604453000", + "frame.time_relative": "2041.829510000", + "frame.number": "7824", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.120" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:33.295899000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495633.295899000", + "frame.time_delta": "0.005703000", + "frame.time_delta_displayed": "0.005703000", + "frame.time_relative": "2041.835213000", + "frame.number": "7825", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "e4:95:6e:b0:20:39", + "arp.src.proto_ipv4": "192.168.0.120", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:34.418286000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495634.418286000", + "frame.time_delta": "1.122387000", + "frame.time_delta_displayed": "1.122387000", + "frame.time_relative": "2042.957600000", + "frame.number": "7826", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000582b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a666", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5197", + "tcp.ack": "721", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000efa2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:34.561838000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495634.561838000", + "frame.time_delta": "0.143552000", + "frame.time_delta_displayed": "0.143552000", + "frame.time_relative": "2043.101152000", + "frame.number": "7827", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000100e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd83", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "721", + "tcp.ack": "5198", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fa17", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:34.891447000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495634.891447000", + "frame.time_delta": "0.329609000", + "frame.time_delta_displayed": "0.329609000", + "frame.time_relative": "2043.430761000", + "frame.number": "7828", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x000096f2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000765c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "91817", + "tcp.nxtseq": "91866", + "tcp.ack": "18753", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000092af", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:cf:2a:a7:a2:a8:94", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2608938, TSecr 2812455060": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2608938", + "tcp.options.timestamp.tsecr": "2812455060" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:8a:43:db:f2:fd:d1:92:47:07:76:23:19:63:0a:82:26:c6:d1:e4:af:a6:08:c9:37:06:a4:4c:de:50:e1:c1:e3:47:a7:52:23:ca" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:34.952266000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495634.952266000", + "frame.time_delta": "0.060819000", + "frame.time_delta_displayed": "0.060819000", + "frame.time_relative": "2043.491580000", + "frame.number": "7829", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002de7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003761", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "18753", + "tcp.nxtseq": "18808", + "tcp.ack": "91866", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000dc6a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a2:c6:ee:00:27:cf:2a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812462830, TSecr 2608938": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812462830", + "tcp.options.timestamp.tsecr": "2608938" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7828", + "tcp.analysis.ack_rtt": "0.060819000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:d2:9b:aa:bb:61:df:15:29:6f:b6:21:0b:70:b3:03:14:ca:0a:17:2c:a3:04:8e:13:85:83:dc:38:26:ea:36:b0:1a:ae:9f:9e:4f:ba:99:96:65:ba:39" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:34.952762000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495634.952762000", + "frame.time_delta": "0.000496000", + "frame.time_delta_displayed": "0.000496000", + "frame.time_relative": "2043.492076000", + "frame.number": "7830", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000096f3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000768c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "91866", + "tcp.ack": "18808", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006126", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:cf:30:a7:a2:c6:ee", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2608944, TSecr 2812462830": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2608944", + "tcp.options.timestamp.tsecr": "2812462830" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7829", + "tcp.analysis.ack_rtt": "0.000496000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:36.818162000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495636.818162000", + "frame.time_delta": "1.865400000", + "frame.time_delta_displayed": "1.865400000", + "frame.time_relative": "2045.357476000", + "frame.number": "7831", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005ed2", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005917", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:37.685577000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495637.685577000", + "frame.time_delta": "0.867415000", + "frame.time_delta_displayed": "0.867415000", + "frame.time_relative": "2046.224891000", + "frame.number": "7832", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fea", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b806", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001768", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000028c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=652", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:37.685977000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495637.685977000", + "frame.time_delta": "0.000400000", + "frame.time_delta_displayed": "0.000400000", + "frame.time_relative": "2046.225291000", + "frame.number": "7833", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001feb", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009901", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f863", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000028c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=652", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:37.686971000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495637.686971000", + "frame.time_delta": "0.000994000", + "frame.time_delta_displayed": "0.000994000", + "frame.time_relative": "2046.226285000", + "frame.number": "7834", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008629", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000028c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=652", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:39.428193000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495639.428193000", + "frame.time_delta": "1.741222000", + "frame.time_delta_displayed": "1.741222000", + "frame.time_relative": "2047.967507000", + "frame.number": "7835", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:39.428324000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495639.428324000", + "frame.time_delta": "0.000131000", + "frame.time_delta_displayed": "0.000131000", + "frame.time_relative": "2047.967638000", + "frame.number": "7836", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:39.960183000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495639.960183000", + "frame.time_delta": "0.531859000", + "frame.time_delta_displayed": "0.531859000", + "frame.time_relative": "2048.499497000", + "frame.number": "7837", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:39.960616000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495639.960616000", + "frame.time_delta": "0.000433000", + "frame.time_delta_displayed": "0.000433000", + "frame.time_relative": "2048.499930000", + "frame.number": "7838", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:54.895568000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495654.895568000", + "frame.time_delta": "14.934952000", + "frame.time_delta_displayed": "14.934952000", + "frame.time_relative": "2063.434882000", + "frame.number": "7839", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ntp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000010", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "4", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00005189", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dbe2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "198.206.133.14", + "ip.addr": "198.206.133.14", + "ip.dst_host": "198.206.133.14", + "ip.host": "198.206.133.14", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS21554 Wisconsin CyberLynk Network, Inc., Franklin, WI, 42.886902, -88.009697": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS21554 Wisconsin CyberLynk Network, Inc.", + "ip.geoip.asnum": "AS21554 Wisconsin CyberLynk Network, Inc.", + "ip.geoip.dst_city": "Franklin, WI", + "ip.geoip.city": "Franklin, WI", + "ip.geoip.dst_lat": "42.886902", + "ip.geoip.lat": "42.886902", + "ip.geoip.dst_lon": "-88.009697", + "ip.geoip.lon": "-88.009697" + } + }, + "udp": { + "udp.srcport": "34570", + "udp.dstport": "123", + "udp.port": "34570", + "udp.port": "123", + "udp.length": "56", + "udp.checksum": "0x00008545", + "udp.checksum.status": "2", + "udp.stream": "146" + }, + "ntp": { + "ntp.flags": "0x00000023", + "ntp.flags_tree": { + "ntp.flags.li": "0", + "ntp.flags.vn": "4", + "ntp.flags.mode": "3" + }, + "ntp.stratum": "0", + "ntp.ppoll": "0", + "ntp.precision": "0", + "ntp.rootdelay": "0", + "ntp.rootdispersion": "0", + "ntp.refid": "00:00:00:00", + "ntp.reftime": "Dec 31, 1969 16:00:00.000000000 PST", + "ntp.org": "Dec 31, 1969 16:00:00.000000000 PST", + "ntp.rec": "Dec 31, 1969 16:00:00.000000000 PST", + "ntp.xmt": "Apr 10, 2081 17:49:27.423284000 PDT" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:54.954802000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495654.954802000", + "frame.time_delta": "0.059234000", + "frame.time_delta_displayed": "0.059234000", + "frame.time_relative": "2063.494116000", + "frame.number": "7840", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ntp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00004ef4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "17", + "ip.checksum": "0x0000ef87", + "ip.checksum.status": "2", + "ip.src": "198.206.133.14", + "ip.addr": "198.206.133.14", + "ip.src_host": "198.206.133.14", + "ip.host": "198.206.133.14", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS21554 Wisconsin CyberLynk Network, Inc., Franklin, WI, 42.886902, -88.009697": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS21554 Wisconsin CyberLynk Network, Inc.", + "ip.geoip.asnum": "AS21554 Wisconsin CyberLynk Network, Inc.", + "ip.geoip.src_city": "Franklin, WI", + "ip.geoip.city": "Franklin, WI", + "ip.geoip.src_lat": "42.886902", + "ip.geoip.lat": "42.886902", + "ip.geoip.src_lon": "-88.009697", + "ip.geoip.lon": "-88.009697" + }, + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "123", + "udp.dstport": "34570", + "udp.port": "123", + "udp.port": "34570", + "udp.length": "56", + "udp.checksum": "0x0000809d", + "udp.checksum.status": "2", + "udp.stream": "146" + }, + "ntp": { + "ntp.flags": "0x00000024", + "ntp.flags_tree": { + "ntp.flags.li": "0", + "ntp.flags.vn": "4", + "ntp.flags.mode": "4" + }, + "ntp.stratum": "3", + "ntp.ppoll": "6", + "ntp.precision": "-25", + "ntp.rootdelay": "0.00360107421875", + "ntp.rootdispersion": "0.0005340576171875", + "ntp.refid": "3a:b4:9e:96", + "ntp.reftime": "Oct 31, 2017 17:15:25.241065000 PDT", + "ntp.org": "Apr 10, 2081 17:49:27.423284000 PDT", + "ntp.rec": "Oct 31, 2017 17:20:54.932763000 PDT", + "ntp.xmt": "Oct 31, 2017 17:20:54.932780000 PDT" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:55.718111000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495655.718111000", + "frame.time_delta": "0.763309000", + "frame.time_delta_displayed": "0.763309000", + "frame.time_relative": "2064.257425000", + "frame.number": "7841", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:55.967550000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495655.967550000", + "frame.time_delta": "0.249439000", + "frame.time_delta_displayed": "0.249439000", + "frame.time_relative": "2064.506864000", + "frame.number": "7842", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:56.030307000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495656.030307000", + "frame.time_delta": "0.062757000", + "frame.time_delta_displayed": "0.062757000", + "frame.time_relative": "2064.569621000", + "frame.number": "7843", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:56.045032000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495656.045032000", + "frame.time_delta": "0.014725000", + "frame.time_delta_displayed": "0.014725000", + "frame.time_relative": "2064.584346000", + "frame.number": "7844", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:56.436509000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495656.436509000", + "frame.time_delta": "0.391477000", + "frame.time_delta_displayed": "0.391477000", + "frame.time_relative": "2064.975823000", + "frame.number": "7845", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:59.960186000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495659.960186000", + "frame.time_delta": "3.523677000", + "frame.time_delta_displayed": "3.523677000", + "frame.time_relative": "2068.499500000", + "frame.number": "7846", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:20:59.960592000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495659.960592000", + "frame.time_delta": "0.000406000", + "frame.time_delta_displayed": "0.000406000", + "frame.time_relative": "2068.499906000", + "frame.number": "7847", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:00.189024000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495660.189024000", + "frame.time_delta": "0.228432000", + "frame.time_delta_displayed": "0.228432000", + "frame.time_relative": "2068.728338000", + "frame.number": "7848", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x000096f4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000752b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "91866", + "tcp.nxtseq": "92218", + "tcp.ack": "18808", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000071aa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:d9:0c:a7:a2:c6:ee", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2611468, TSecr 2812462830": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2611468", + "tcp.options.timestamp.tsecr": "2812462830" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "352", + "tcp.analysis.push_bytes_sent": "352" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "347", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:8b:0c:e4:73:ae:04:fb:e0:2b:b9:4e:a2:83:15:47:d9:79:13:ca:ef:d6:fe:b6:4d:87:8e:40:52:36:74:da:55:58:c3:ec:cb:da:e5:4e:1c:ac:21:58:35:02:d2:c0:b6:cf:7e:ab:51:75:a4:04:b0:be:97:a2:4a:f8:d7:03:23:28:dc:fe:f8:5c:23:bf:f9:9d:88:60:5a:aa:2a:7a:b0:c8:76:50:72:27:dc:e8:98:04:14:a2:ac:7f:85:6c:04:b4:10:79:03:7e:79:8d:2b:83:f7:32:ca:15:94:68:3a:c7:a1:2b:b2:3a:86:77:2f:7e:3c:f1:27:39:c7:ef:45:b4:b2:81:bf:d1:28:1d:4a:76:75:a2:dd:05:94:34:3e:f2:89:06:47:94:d6:bc:2e:d0:aa:db:3b:a1:2e:ed:ac:ca:60:fb:4b:27:67:ee:98:87:81:45:1b:17:72:ff:16:33:0e:c4:fd:b6:a4:7e:82:e3:41:9d:37:95:f8:59:57:b2:9f:d8:d0:9d:83:a6:54:de:6d:13:7b:1b:40:bc:33:ca:4a:6e:64:90:c1:a5:49:19:3c:62:6f:0b:8c:80:16:1d:b6:41:f6:03:97:85:6b:e1:e3:a4:4f:fa:ef:b5:94:97:6f:e4:b2:13:62:c4:42:d3:4a:25:b1:06:3b:9a:6c:6d:4d:9c:66:e7:60:1a:ce:9c:61:7a:0f:dd:f3:81:62:fb:95:b4:45:e0:05:40:42:93:3a:6b:30:7f:d3:2b:80:17:c5:40:b7:5b:ae:6e:ea:21:1d:c1:e9:e2:d5:2e:97:d3:1e:0f:b4:65:84:7d:1b:4a:d9:8e:52:ff:45:de:25:81:15:ec:0e:f5:6d:1f:5a:d4:48:e4:79:ff:42:d1:15:88:c5:bd:f8" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:00.250242000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495660.250242000", + "frame.time_delta": "0.061218000", + "frame.time_delta_displayed": "0.061218000", + "frame.time_relative": "2068.789556000", + "frame.number": "7849", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002de8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003768", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "18808", + "tcp.nxtseq": "18855", + "tcp.ack": "92218", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002f7f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a2:df:a2:00:27:d9:0c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812469154, TSecr 2611468": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812469154", + "tcp.options.timestamp.tsecr": "2611468" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7848", + "tcp.analysis.ack_rtt": "0.061218000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:d3:14:bf:b8:b2:a0:ad:03:5e:97:56:81:b8:8d:7c:1c:3f:a8:ab:3c:69:05:8c:ff:74:87:18:ae:de:8d:04:62:bf:68:b1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:00.250681000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495660.250681000", + "frame.time_delta": "0.000439000", + "frame.time_delta_displayed": "0.000439000", + "frame.time_relative": "2068.789995000", + "frame.number": "7850", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000096f5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000768a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "92218", + "tcp.ack": "18855", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003d01", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:d9:12:a7:a2:df:a2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2611474, TSecr 2812469154": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2611474", + "tcp.options.timestamp.tsecr": "2812469154" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7849", + "tcp.analysis.ack_rtt": "0.000439000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:01.149744000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495661.149744000", + "frame.time_delta": "0.899063000", + "frame.time_delta_displayed": "0.899063000", + "frame.time_relative": "2069.689058000", + "frame.number": "7851", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:04.558213000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495664.558213000", + "frame.time_delta": "3.408469000", + "frame.time_delta_displayed": "3.408469000", + "frame.time_relative": "2073.097527000", + "frame.number": "7852", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000582c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a665", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5197", + "tcp.ack": "721", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000efa2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:04.701571000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495664.701571000", + "frame.time_delta": "0.143358000", + "frame.time_delta_displayed": "0.143358000", + "frame.time_relative": "2073.240885000", + "frame.number": "7853", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000100f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd82", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "721", + "tcp.ack": "5198", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fa17", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:06.819595000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495666.819595000", + "frame.time_delta": "2.118024000", + "frame.time_delta_displayed": "2.118024000", + "frame.time_relative": "2075.358909000", + "frame.number": "7854", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005ed9", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005910", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:09.568137000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495669.568137000", + "frame.time_delta": "2.748542000", + "frame.time_delta_displayed": "2.748542000", + "frame.time_relative": "2078.107451000", + "frame.number": "7855", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:09.568266000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495669.568266000", + "frame.time_delta": "0.000129000", + "frame.time_delta_displayed": "0.000129000", + "frame.time_relative": "2078.107580000", + "frame.number": "7856", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:10.196891000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495670.196891000", + "frame.time_delta": "0.628625000", + "frame.time_delta_displayed": "0.628625000", + "frame.time_relative": "2078.736205000", + "frame.number": "7857", + "frame.len": "134", + "frame.cap_len": "134", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:adwin_config" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "120", + "ip.id": "0x00000bb1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ecdb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "100", + "udp.checksum": "0x00007c31", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "adwin_config": { + "adwin_config.pattern": "0x5c000054", + "adwin_config.version": "1112689490", + "adwin_config.scan_id": "0xd073d502", + "adwin_config.status": "0x41da0000", + "adwin_config.timeout": "1279870552", + "adwin_config.filename": "V2", + "adwin_config.mac": "fc:de:8e:3a:f3:96", + "adwin_config.unused": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:12.903978000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495672.903978000", + "frame.time_delta": "2.707087000", + "frame.time_delta_displayed": "2.707087000", + "frame.time_relative": "2081.443292000", + "frame.number": "7858", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "64", + "ip.id": "0x0000106c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00002977", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49153", + "udp.dstport": "53", + "udp.port": "49153", + "udp.port": "53", + "udp.length": "44", + "udp.checksum": "0x0000f376", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.id": "0x00000001", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "home.myblossom.com: type A, class IN": { + "dns.qry.name": "home.myblossom.com", + "dns.qry.name.len": "18", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:12.920785000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495672.920785000", + "frame.time_delta": "0.016807000", + "frame.time_delta_displayed": "0.016807000", + "frame.time_relative": "2081.460099000", + "frame.number": "7859", + "frame.len": "423", + "frame.cap_len": "423", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "409", + "ip.id": "0x000041be", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000075cc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49153", + "udp.port": "53", + "udp.port": "49153", + "udp.length": "389", + "udp.checksum": "0x00008360", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.response_to": "7858", + "dns.time": "0.016807000", + "dns.id": "0x00000001", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "2", + "dns.count.auth_rr": "4", + "dns.count.add_rr": "8", + "Queries": { + "home.myblossom.com: type A, class IN": { + "dns.qry.name": "home.myblossom.com", + "dns.qry.name.len": "18", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "home.myblossom.com: type A, class IN, addr 54.219.161.163": { + "dns.resp.name": "home.myblossom.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60", + "dns.resp.len": "4", + "dns.a": "54.219.161.163" + }, + "home.myblossom.com: type A, class IN, addr 54.153.31.0": { + "dns.resp.name": "home.myblossom.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60", + "dns.resp.len": "4", + "dns.a": "54.153.31.0" + } + }, + "Authoritative nameservers": { + "myblossom.com: type NS, class IN, ns ns-1743.awsdns-25.co.uk": { + "dns.resp.name": "myblossom.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "165905", + "dns.resp.len": "25", + "dns.ns": "ns-1743.awsdns-25.co.uk" + }, + "myblossom.com: type NS, class IN, ns ns-1324.awsdns-37.org": { + "dns.resp.name": "myblossom.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "165905", + "dns.resp.len": "23", + "dns.ns": "ns-1324.awsdns-37.org" + }, + "myblossom.com: type NS, class IN, ns ns-540.awsdns-03.net": { + "dns.resp.name": "myblossom.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "165905", + "dns.resp.len": "22", + "dns.ns": "ns-540.awsdns-03.net" + }, + "myblossom.com: type NS, class IN, ns ns-477.awsdns-59.com": { + "dns.resp.name": "myblossom.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "165905", + "dns.resp.len": "19", + "dns.ns": "ns-477.awsdns-59.com" + } + }, + "Additional records": { + "ns-477.awsdns-59.com: type A, class IN, addr 205.251.193.221": { + "dns.resp.name": "ns-477.awsdns-59.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "86542", + "dns.resp.len": "4", + "dns.a": "205.251.193.221" + }, + "ns-540.awsdns-03.net: type A, class IN, addr 205.251.194.28": { + "dns.resp.name": "ns-540.awsdns-03.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "37907", + "dns.resp.len": "4", + "dns.a": "205.251.194.28" + }, + "ns-1324.awsdns-37.org: type A, class IN, addr 205.251.197.44": { + "dns.resp.name": "ns-1324.awsdns-37.org", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "13699", + "dns.resp.len": "4", + "dns.a": "205.251.197.44" + }, + "ns-1743.awsdns-25.co.uk: type A, class IN, addr 205.251.198.207": { + "dns.resp.name": "ns-1743.awsdns-25.co.uk", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "17624", + "dns.resp.len": "4", + "dns.a": "205.251.198.207" + }, + "ns-477.awsdns-59.com: type AAAA, class IN, addr 2600:9000:5301:dd00::1": { + "dns.resp.name": "ns-477.awsdns-59.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "86542", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5301:dd00::1" + }, + "ns-540.awsdns-03.net: type AAAA, class IN, addr 2600:9000:5302:1c00::1": { + "dns.resp.name": "ns-540.awsdns-03.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "37907", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5302:1c00::1" + }, + "ns-1324.awsdns-37.org: type AAAA, class IN, addr 2600:9000:5305:2c00::1": { + "dns.resp.name": "ns-1324.awsdns-37.org", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "13699", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5305:2c00::1" + }, + "ns-1743.awsdns-25.co.uk: type AAAA, class IN, addr 2600:9000:5306:cf00::1": { + "dns.resp.name": "ns-1743.awsdns-25.co.uk", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "17624", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5306:cf00::1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:12.927515000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495672.927515000", + "frame.time_delta": "0.006730000", + "frame.time_delta_displayed": "0.006730000", + "frame.time_relative": "2081.466829000", + "frame.number": "7860", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x0000106d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000011c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.161.163", + "ip.addr": "54.219.161.163", + "ip.dst_host": "54.219.161.163", + "ip.host": "54.219.161.163", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49781", + "tcp.dstport": "80", + "tcp.port": "49781", + "tcp.port": "80", + "tcp.stream": "306", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.checksum": "0x00008bbc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:78", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1400" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:12.951047000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495672.951047000", + "frame.time_delta": "0.023532000", + "frame.time_delta_displayed": "0.023532000", + "frame.time_relative": "2081.490361000", + "frame.number": "7861", + "frame.len": "58", + "frame.cap_len": "58", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "237", + "ip.proto": "6", + "ip.checksum": "0x0000f42c", + "ip.checksum.status": "2", + "ip.src": "54.219.161.163", + "ip.addr": "54.219.161.163", + "ip.src_host": "54.219.161.163", + "ip.host": "54.219.161.163", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49781", + "tcp.port": "80", + "tcp.port": "49781", + "tcp.stream": "306", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "26883", + "tcp.window_size": "26883", + "tcp.checksum": "0x00001220", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7860", + "tcp.analysis.ack_rtt": "0.023532000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:12.956588000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495672.956588000", + "frame.time_delta": "0.005541000", + "frame.time_delta_displayed": "0.005541000", + "frame.time_relative": "2081.495902000", + "frame.number": "7862", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000106e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000011c3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.161.163", + "ip.addr": "54.219.161.163", + "ip.dst_host": "54.219.161.163", + "ip.host": "54.219.161.163", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49781", + "tcp.dstport": "80", + "tcp.port": "49781", + "tcp.port": "80", + "tcp.stream": "306", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00007d00", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7861", + "tcp.analysis.ack_rtt": "0.005541000", + "tcp.analysis.initial_rtt": "0.029073000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:13.427018000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495673.427018000", + "frame.time_delta": "0.470430000", + "frame.time_delta_displayed": "0.470430000", + "frame.time_relative": "2081.966332000", + "frame.number": "7863", + "frame.len": "232", + "frame.cap_len": "232", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "218", + "ip.id": "0x0000106f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x00001110", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.161.163", + "ip.addr": "54.219.161.163", + "ip.dst_host": "54.219.161.163", + "ip.host": "54.219.161.163", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49781", + "tcp.dstport": "80", + "tcp.port": "49781", + "tcp.port": "80", + "tcp.stream": "306", + "tcp.len": "178", + "tcp.seq": "1", + "tcp.nxtseq": "179", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000a37d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.029073000", + "tcp.analysis.bytes_in_flight": "178", + "tcp.analysis.push_bytes_sent": "178" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:61:70:69:2f:64:65:76:69:63:65:2f:76:31:2f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:74:65:6c:65:6d:65:74:72:79:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:68:6f:6d:65:2e:6d:79:62:6c:6f:73:73:6f:6d:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:57:4d:53:44:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6a:73:6f:6e:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:34:32:39:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:13.441301000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495673.441301000", + "frame.time_delta": "0.014283000", + "frame.time_delta_displayed": "0.014283000", + "frame.time_relative": "2081.980615000", + "frame.number": "7864", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008486", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "237", + "ip.proto": "6", + "ip.checksum": "0x00006faa", + "ip.checksum.status": "2", + "ip.src": "54.219.161.163", + "ip.addr": "54.219.161.163", + "ip.src_host": "54.219.161.163", + "ip.host": "54.219.161.163", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49781", + "tcp.port": "80", + "tcp.port": "49781", + "tcp.stream": "306", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "179", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "27872", + "tcp.window_size": "27872", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000254e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7863", + "tcp.analysis.ack_rtt": "0.014283000", + "tcp.analysis.initial_rtt": "0.029073000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:13.447487000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495673.447487000", + "frame.time_delta": "0.006186000", + "frame.time_delta_displayed": "0.006186000", + "frame.time_relative": "2081.986801000", + "frame.number": "7865", + "frame.len": "483", + "frame.cap_len": "483", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:json" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "469", + "ip.id": "0x00001070", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x00001014", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.161.163", + "ip.addr": "54.219.161.163", + "ip.dst_host": "54.219.161.163", + "ip.host": "54.219.161.163", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49781", + "tcp.dstport": "80", + "tcp.port": "49781", + "tcp.port": "80", + "tcp.stream": "306", + "tcp.len": "429", + "tcp.seq": "179", + "tcp.nxtseq": "608", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00006db5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.029073000", + "tcp.analysis.bytes_in_flight": "429", + "tcp.analysis.push_bytes_sent": "429" + }, + "tcp.segment_data": "7b:22:64:68:63:70:53:74:61:74:75:73:22:3a:32:2c:22:70:6c:31:2e:69:70:22:3a:22:31:39:32:2e:31:36:38:2e:30:2e:31:32:30:22:2c:22:70:6c:31:2e:6e:6d:22:3a:22:32:35:35:2e:32:35:35:2e:32:35:35:2e:30:22:2c:22:70:6c:31:2e:67:77:22:3a:22:31:39:32:2e:31:36:38:2e:30:2e:31:22:2c:22:70:6c:31:2e:66:6c:67:22:3a:22:30:78:30:30:30:30:30:30:62:62:22:2c:22:75:61:33:69:70:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:75:61:33:2e:6e:6d:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:75:61:33:2e:67:77:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:75:61:33:2e:66:6c:67:22:3a:22:30:78:30:30:30:30:30:30:62:32:22:2c:22:6c:6f:30:2e:69:70:22:3a:22:31:32:37:2e:30:2e:30:2e:31:22:2c:22:6c:6f:30:2e:6e:6d:22:3a:22:32:35:35:2e:30:2e:30:2e:30:22:2c:22:6c:6f:30:2e:67:77:22:3a:22:31:32:37:2e:30:2e:30:2e:31:22:2c:22:6c:6f:30:2e:66:6c:67:22:3a:22:30:78:30:30:30:30:30:30:30:31:22:2c:22:6d:6c:32:2e:69:70:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:6d:6c:32:2e:6e:6d:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:6d:6c:32:2e:67:77:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:6d:6c:32:2e:66:6c:67:22:3a:22:30:78:30:30:30:30:30:30:62:32:22:2c:22:64:6e:73:30:22:3a:22:31:39:32:2e:31:36:38:2e:30:2e:31:22:2c:22:64:6e:73:31:22:3a:22:38:2e:38:2e:38:2e:38:22:2c:22:64:6e:73:32:22:3a:22:38:2e:38:2e:34:2e:34:22:2c:22:64:6e:73:33:22:3a:22:30:2e:30:2e:30:2e:30:22:7d" + }, + "tcp.segments": { + "tcp.segment": "7863", + "tcp.segment": "7865", + "tcp.segment.count": "2", + "tcp.reassembled.length": "607", + "tcp.reassembled.data": "50:4f:53:54:20:2f:61:70:69:2f:64:65:76:69:63:65:2f:76:31:2f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:74:65:6c:65:6d:65:74:72:79:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:68:6f:6d:65:2e:6d:79:62:6c:6f:73:73:6f:6d:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:57:4d:53:44:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6a:73:6f:6e:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:34:32:39:0d:0a:0d:0a:7b:22:64:68:63:70:53:74:61:74:75:73:22:3a:32:2c:22:70:6c:31:2e:69:70:22:3a:22:31:39:32:2e:31:36:38:2e:30:2e:31:32:30:22:2c:22:70:6c:31:2e:6e:6d:22:3a:22:32:35:35:2e:32:35:35:2e:32:35:35:2e:30:22:2c:22:70:6c:31:2e:67:77:22:3a:22:31:39:32:2e:31:36:38:2e:30:2e:31:22:2c:22:70:6c:31:2e:66:6c:67:22:3a:22:30:78:30:30:30:30:30:30:62:62:22:2c:22:75:61:33:69:70:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:75:61:33:2e:6e:6d:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:75:61:33:2e:67:77:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:75:61:33:2e:66:6c:67:22:3a:22:30:78:30:30:30:30:30:30:62:32:22:2c:22:6c:6f:30:2e:69:70:22:3a:22:31:32:37:2e:30:2e:30:2e:31:22:2c:22:6c:6f:30:2e:6e:6d:22:3a:22:32:35:35:2e:30:2e:30:2e:30:22:2c:22:6c:6f:30:2e:67:77:22:3a:22:31:32:37:2e:30:2e:30:2e:31:22:2c:22:6c:6f:30:2e:66:6c:67:22:3a:22:30:78:30:30:30:30:30:30:30:31:22:2c:22:6d:6c:32:2e:69:70:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:6d:6c:32:2e:6e:6d:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:6d:6c:32:2e:67:77:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:6d:6c:32:2e:66:6c:67:22:3a:22:30:78:30:30:30:30:30:30:62:32:22:2c:22:64:6e:73:30:22:3a:22:31:39:32:2e:31:36:38:2e:30:2e:31:22:2c:22:64:6e:73:31:22:3a:22:38:2e:38:2e:38:2e:38:22:2c:22:64:6e:73:32:22:3a:22:38:2e:38:2e:34:2e:34:22:2c:22:64:6e:73:33:22:3a:22:30:2e:30:2e:30:2e:30:22:7d" + }, + "http": { + "POST \/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/telemetry\/ HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/telemetry\/ HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/telemetry\/", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "home.myblossom.com", + "http.request.line": "Host: home.myblossom.com\r\n", + "http.user_agent": "WMSDK", + "http.request.line": "User-Agent: WMSDK\r\n", + "http.content_type": "application\/json", + "http.request.line": "Content-Type: application\/json\r\n", + "http.content_length_header": "429", + "http.content_length_header_tree": { + "http.content_length": "429" + }, + "http.request.line": "Content-Length: 429\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/home.myblossom.com\/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/telemetry\/", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "{\"dhcpStatus\":2,\"pl1.ip\":\"192.168.0.120\",\"pl1.nm\":\"255.255.255.0\",\"pl1.gw\":\"192.168.0.1\",\"pl1.flg\":\"0x000000bb\",\"ua3ip\":\"0.0.0.0\",\"ua3.nm\":\"0.0.0.0\",\"ua3.gw\":\"0.0.0.0\",\"ua3.flg\":\"0x000000b2\",\"lo0.ip\":\"127.0.0.1\",\"lo0.nm\":\"255.0.0.0\",\"lo0.gw\":\"127.0.0.1\",\"lo0.flg\":\"0x00000001\",\"ml2.ip\":\"0.0.0.0\",\"ml2.nm\":\"0.0.0.0\",\"ml2.gw\":\"0.0.0.0\",\"ml2.flg\":\"0x000000b2\",\"dns0\":\"192.168.0.1\",\"dns1\":\"8.8.8.8\",\"dns2\":\"8.8.4.4\",\"dns3\":\"0.0.0.0\"}" + }, + "json": { + "json.object": { + "json.member": { + "json.value.number": "2", + "json.key": "dhcpStatus" + }, + "json.member": { + "json.value.string": "192.168.0.120", + "json.key": "pl1.ip" + }, + "json.member": { + "json.value.string": "255.255.255.0", + "json.key": "pl1.nm" + }, + "json.member": { + "json.value.string": "192.168.0.1", + "json.key": "pl1.gw" + }, + "json.member": { + "json.value.string": "0x000000bb", + "json.key": "pl1.flg" + }, + "json.member": { + "json.value.string": "0.0.0.0", + "json.key": "ua3ip" + }, + "json.member": { + "json.value.string": "0.0.0.0", + "json.key": "ua3.nm" + }, + "json.member": { + "json.value.string": "0.0.0.0", + "json.key": "ua3.gw" + }, + "json.member": { + "json.value.string": "0x000000b2", + "json.key": "ua3.flg" + }, + "json.member": { + "json.value.string": "127.0.0.1", + "json.key": "lo0.ip" + }, + "json.member": { + "json.value.string": "255.0.0.0", + "json.key": "lo0.nm" + }, + "json.member": { + "json.value.string": "127.0.0.1", + "json.key": "lo0.gw" + }, + "json.member": { + "json.value.string": "0x00000001", + "json.key": "lo0.flg" + }, + "json.member": { + "json.value.string": "0.0.0.0", + "json.key": "ml2.ip" + }, + "json.member": { + "json.value.string": "0.0.0.0", + "json.key": "ml2.nm" + }, + "json.member": { + "json.value.string": "0.0.0.0", + "json.key": "ml2.gw" + }, + "json.member": { + "json.value.string": "0x000000b2", + "json.key": "ml2.flg" + }, + "json.member": { + "json.value.string": "192.168.0.1", + "json.key": "dns0" + }, + "json.member": { + "json.value.string": "8.8.8.8", + "json.key": "dns1" + }, + "json.member": { + "json.value.string": "8.8.4.4", + "json.key": "dns2" + }, + "json.member": { + "json.value.string": "0.0.0.0", + "json.key": "dns3" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:13.462067000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495673.462067000", + "frame.time_delta": "0.014580000", + "frame.time_delta_displayed": "0.014580000", + "frame.time_relative": "2082.001381000", + "frame.number": "7866", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008487", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "237", + "ip.proto": "6", + "ip.checksum": "0x00006fa9", + "ip.checksum.status": "2", + "ip.src": "54.219.161.163", + "ip.addr": "54.219.161.163", + "ip.src_host": "54.219.161.163", + "ip.host": "54.219.161.163", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49781", + "tcp.port": "80", + "tcp.port": "49781", + "tcp.stream": "306", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "608", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "28944", + "tcp.window_size": "28944", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00001f71", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7865", + "tcp.analysis.ack_rtt": "0.014580000", + "tcp.analysis.initial_rtt": "0.029073000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:13.490348000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495673.490348000", + "frame.time_delta": "0.028281000", + "frame.time_delta_displayed": "0.028281000", + "frame.time_relative": "2082.029662000", + "frame.number": "7867", + "frame.len": "690", + "frame.cap_len": "690", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:json" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "676", + "ip.id": "0x00008488", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "237", + "ip.proto": "6", + "ip.checksum": "0x00006d2c", + "ip.checksum.status": "2", + "ip.src": "54.219.161.163", + "ip.addr": "54.219.161.163", + "ip.src_host": "54.219.161.163", + "ip.host": "54.219.161.163", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49781", + "tcp.port": "80", + "tcp.port": "49781", + "tcp.stream": "306", + "tcp.len": "636", + "tcp.seq": "1", + "tcp.nxtseq": "637", + "tcp.ack": "608", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "28944", + "tcp.window_size": "28944", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00009320", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.029073000", + "tcp.analysis.bytes_in_flight": "636", + "tcp.analysis.push_bytes_sent": "636" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.response.line": "Allow: POST, OPTIONS\r\n", + "http.content_type": "application\/json", + "http.response.line": "Content-Type: application\/json\r\n", + "http.date": "Wed, 01 Nov 2017 00:21:13 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:21:13 GMT\r\n", + "http.server": "nginx\/1.4.6 (Ubuntu)", + "http.response.line": "Server: nginx\/1.4.6 (Ubuntu)\r\n", + "http.response.line": "Vary: Accept, Cookie\r\n", + "http.content_length_header": "429", + "http.content_length_header_tree": { + "http.content_length": "429" + }, + "http.response.line": "Content-Length: 429\r\n", + "http.connection": "keep-alive", + "http.response.line": "Connection: keep-alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.042861000", + "http.request_in": "7865", + "http.file_data": "{\"lo0.nm\":\"255.0.0.0\",\"lo0.gw\":\"127.0.0.1\",\"ua3ip\":\"0.0.0.0\",\"pl1.ip\":\"192.168.0.120\",\"pl1.flg\":\"0x000000bb\",\"ml2.nm\":\"0.0.0.0\",\"dns0\":\"192.168.0.1\",\"pl1.nm\":\"255.255.255.0\",\"dns3\":\"0.0.0.0\",\"lo0.flg\":\"0x00000001\",\"dhcpStatus\":2,\"ml2.ip\":\"0.0.0.0\",\"lo0.ip\":\"127.0.0.1\",\"dns1\":\"8.8.8.8\",\"ua3.flg\":\"0x000000b2\",\"dns2\":\"8.8.4.4\",\"ml2.gw\":\"0.0.0.0\",\"ua3.nm\":\"0.0.0.0\",\"ua3.gw\":\"0.0.0.0\",\"ml2.flg\":\"0x000000b2\",\"pl1.gw\":\"192.168.0.1\"}" + }, + "json": { + "json.object": { + "json.member": { + "json.value.string": "255.0.0.0", + "json.key": "lo0.nm" + }, + "json.member": { + "json.value.string": "127.0.0.1", + "json.key": "lo0.gw" + }, + "json.member": { + "json.value.string": "0.0.0.0", + "json.key": "ua3ip" + }, + "json.member": { + "json.value.string": "192.168.0.120", + "json.key": "pl1.ip" + }, + "json.member": { + "json.value.string": "0x000000bb", + "json.key": "pl1.flg" + }, + "json.member": { + "json.value.string": "0.0.0.0", + "json.key": "ml2.nm" + }, + "json.member": { + "json.value.string": "192.168.0.1", + "json.key": "dns0" + }, + "json.member": { + "json.value.string": "255.255.255.0", + "json.key": "pl1.nm" + }, + "json.member": { + "json.value.string": "0.0.0.0", + "json.key": "dns3" + }, + "json.member": { + "json.value.string": "0x00000001", + "json.key": "lo0.flg" + }, + "json.member": { + "json.value.number": "2", + "json.key": "dhcpStatus" + }, + "json.member": { + "json.value.string": "0.0.0.0", + "json.key": "ml2.ip" + }, + "json.member": { + "json.value.string": "127.0.0.1", + "json.key": "lo0.ip" + }, + "json.member": { + "json.value.string": "8.8.8.8", + "json.key": "dns1" + }, + "json.member": { + "json.value.string": "0x000000b2", + "json.key": "ua3.flg" + }, + "json.member": { + "json.value.string": "8.8.4.4", + "json.key": "dns2" + }, + "json.member": { + "json.value.string": "0.0.0.0", + "json.key": "ml2.gw" + }, + "json.member": { + "json.value.string": "0.0.0.0", + "json.key": "ua3.nm" + }, + "json.member": { + "json.value.string": "0.0.0.0", + "json.key": "ua3.gw" + }, + "json.member": { + "json.value.string": "0x000000b2", + "json.key": "ml2.flg" + }, + "json.member": { + "json.value.string": "192.168.0.1", + "json.key": "pl1.gw" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:13.504307000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495673.504307000", + "frame.time_delta": "0.013959000", + "frame.time_delta_displayed": "0.013959000", + "frame.time_relative": "2082.043621000", + "frame.number": "7868", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001071", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000011c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.161.163", + "ip.addr": "54.219.161.163", + "ip.dst_host": "54.219.161.163", + "ip.host": "54.219.161.163", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49781", + "tcp.dstport": "80", + "tcp.port": "49781", + "tcp.port": "80", + "tcp.stream": "306", + "tcp.len": "0", + "tcp.seq": "608", + "tcp.ack": "637", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "4964", + "tcp.window_size": "4964", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00007aa0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7867", + "tcp.analysis.ack_rtt": "0.013959000", + "tcp.analysis.initial_rtt": "0.029073000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:13.519453000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495673.519453000", + "frame.time_delta": "0.015146000", + "frame.time_delta_displayed": "0.015146000", + "frame.time_relative": "2082.058767000", + "frame.number": "7869", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008489", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "237", + "ip.proto": "6", + "ip.checksum": "0x00006fa7", + "ip.checksum.status": "2", + "ip.src": "54.219.161.163", + "ip.addr": "54.219.161.163", + "ip.src_host": "54.219.161.163", + "ip.host": "54.219.161.163", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49781", + "tcp.port": "80", + "tcp.port": "49781", + "tcp.stream": "306", + "tcp.len": "0", + "tcp.seq": "637", + "tcp.ack": "609", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "28944", + "tcp.window_size": "28944", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00001cf3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7868", + "tcp.analysis.ack_rtt": "0.015146000", + "tcp.analysis.initial_rtt": "0.029073000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:13.525300000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495673.525300000", + "frame.time_delta": "0.005847000", + "frame.time_delta_displayed": "0.005847000", + "frame.time_relative": "2082.064614000", + "frame.number": "7870", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001072", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x000011bf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.161.163", + "ip.addr": "54.219.161.163", + "ip.dst_host": "54.219.161.163", + "ip.host": "54.219.161.163", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49781", + "tcp.dstport": "80", + "tcp.port": "49781", + "tcp.port": "80", + "tcp.stream": "306", + "tcp.len": "0", + "tcp.seq": "609", + "tcp.ack": "638", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4963", + "tcp.window_size": "4963", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00007aa0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7869", + "tcp.analysis.ack_rtt": "0.005847000", + "tcp.analysis.initial_rtt": "0.029073000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:16.261679000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495676.261679000", + "frame.time_delta": "2.736379000", + "frame.time_delta_displayed": "2.736379000", + "frame.time_relative": "2084.800993000", + "frame.number": "7871", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00007710", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00005247", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:16.314607000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495676.314607000", + "frame.time_delta": "0.052928000", + "frame.time_delta_displayed": "0.052928000", + "frame.time_relative": "2084.853921000", + "frame.number": "7872", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00007713", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00005244", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:16.367478000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495676.367478000", + "frame.time_delta": "0.052871000", + "frame.time_delta_displayed": "0.052871000", + "frame.time_relative": "2084.906792000", + "frame.number": "7873", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00007717", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00005237", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:16.420369000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495676.420369000", + "frame.time_delta": "0.052891000", + "frame.time_delta_displayed": "0.052891000", + "frame.time_relative": "2084.959683000", + "frame.number": "7874", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000771a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00005234", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:16.473172000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495676.473172000", + "frame.time_delta": "0.052803000", + "frame.time_delta_displayed": "0.052803000", + "frame.time_relative": "2085.012486000", + "frame.number": "7875", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000771c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00005238", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:16.526039000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495676.526039000", + "frame.time_delta": "0.052867000", + "frame.time_delta_displayed": "0.052867000", + "frame.time_relative": "2085.065353000", + "frame.number": "7876", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00007720", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00005234", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:17.930628000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495677.930628000", + "frame.time_delta": "1.404589000", + "frame.time_delta_displayed": "1.404589000", + "frame.time_relative": "2086.469942000", + "frame.number": "7877", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.120" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:17.936946000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495677.936946000", + "frame.time_delta": "0.006318000", + "frame.time_delta_displayed": "0.006318000", + "frame.time_relative": "2086.476260000", + "frame.number": "7878", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "e4:95:6e:b0:20:39", + "arp.src.proto_ipv4": "192.168.0.120", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:22.687356000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495682.687356000", + "frame.time_delta": "4.750410000", + "frame.time_delta_displayed": "4.750410000", + "frame.time_relative": "2091.226670000", + "frame.number": "7879", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ff1", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7ff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001667", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000028d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=653", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:22.687911000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495682.687911000", + "frame.time_delta": "0.000555000", + "frame.time_delta_displayed": "0.000555000", + "frame.time_relative": "2091.227225000", + "frame.number": "7880", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ff2", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098fa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f762", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000028d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=653", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:22.688501000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495682.688501000", + "frame.time_delta": "0.000590000", + "frame.time_delta_displayed": "0.000590000", + "frame.time_relative": "2091.227815000", + "frame.number": "7881", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008528", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000028d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=653", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:27.687686000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495687.687686000", + "frame.time_delta": "4.999185000", + "frame.time_delta_displayed": "4.999185000", + "frame.time_relative": "2096.227000000", + "frame.number": "7882", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ff3", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001667", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000028d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=653", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:27.688201000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495687.688201000", + "frame.time_delta": "0.000515000", + "frame.time_delta_displayed": "0.000515000", + "frame.time_relative": "2096.227515000", + "frame.number": "7883", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ff4", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098f8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f762", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000028d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=653", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:27.688805000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495687.688805000", + "frame.time_delta": "0.000604000", + "frame.time_delta_displayed": "0.000604000", + "frame.time_relative": "2096.228119000", + "frame.number": "7884", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008528", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000028d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=653", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:28.850454000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495688.850454000", + "frame.time_delta": "1.161649000", + "frame.time_delta_displayed": "1.161649000", + "frame.time_relative": "2097.389768000", + "frame.number": "7885", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:28.989906000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495688.989906000", + "frame.time_delta": "0.139452000", + "frame.time_delta_displayed": "0.139452000", + "frame.time_relative": "2097.529220000", + "frame.number": "7886", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ntp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000010", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "4", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x000068dd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000eff2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "74.117.214.3", + "ip.addr": "74.117.214.3", + "ip.dst_host": "74.117.214.3", + "ip.host": "74.117.214.3", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS4539 Schweitzer Engineering Laboratories, Inc., Pullman, WA, 46.732201, -117.245598": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS4539 Schweitzer Engineering Laboratories, Inc.", + "ip.geoip.asnum": "AS4539 Schweitzer Engineering Laboratories, Inc.", + "ip.geoip.dst_city": "Pullman, WA", + "ip.geoip.city": "Pullman, WA", + "ip.geoip.dst_lat": "46.732201", + "ip.geoip.lat": "46.732201", + "ip.geoip.dst_lon": "-117.245598", + "ip.geoip.lon": "-117.245598" + } + }, + "udp": { + "udp.srcport": "59279", + "udp.dstport": "123", + "udp.port": "59279", + "udp.port": "123", + "udp.length": "56", + "udp.checksum": "0x000065df", + "udp.checksum.status": "2", + "udp.stream": "147" + }, + "ntp": { + "ntp.flags": "0x00000023", + "ntp.flags_tree": { + "ntp.flags.li": "0", + "ntp.flags.vn": "4", + "ntp.flags.mode": "3" + }, + "ntp.stratum": "0", + "ntp.ppoll": "0", + "ntp.precision": "0", + "ntp.rootdelay": "0", + "ntp.rootdispersion": "0", + "ntp.refid": "00:00:00:00", + "ntp.reftime": "Dec 31, 1969 16:00:00.000000000 PST", + "ntp.org": "Dec 31, 1969 16:00:00.000000000 PST", + "ntp.rec": "Dec 31, 1969 16:00:00.000000000 PST", + "ntp.xmt": "Jul 30, 2060 15:35:09.402268000 PDT" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:29.029957000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495689.029957000", + "frame.time_delta": "0.040051000", + "frame.time_delta_displayed": "0.040051000", + "frame.time_relative": "2097.569271000", + "frame.number": "7887", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ntp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x0000cc80", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "44", + "ip.proto": "17", + "ip.checksum": "0x0000a05f", + "ip.checksum.status": "2", + "ip.src": "74.117.214.3", + "ip.addr": "74.117.214.3", + "ip.src_host": "74.117.214.3", + "ip.host": "74.117.214.3", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS4539 Schweitzer Engineering Laboratories, Inc., Pullman, WA, 46.732201, -117.245598": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS4539 Schweitzer Engineering Laboratories, Inc.", + "ip.geoip.asnum": "AS4539 Schweitzer Engineering Laboratories, Inc.", + "ip.geoip.src_city": "Pullman, WA", + "ip.geoip.city": "Pullman, WA", + "ip.geoip.src_lat": "46.732201", + "ip.geoip.lat": "46.732201", + "ip.geoip.src_lon": "-117.245598", + "ip.geoip.lon": "-117.245598" + }, + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "123", + "udp.dstport": "59279", + "udp.port": "123", + "udp.port": "59279", + "udp.length": "56", + "udp.checksum": "0x00004f4a", + "udp.checksum.status": "2", + "udp.stream": "147" + }, + "ntp": { + "ntp.flags": "0x00000024", + "ntp.flags_tree": { + "ntp.flags.li": "0", + "ntp.flags.vn": "4", + "ntp.flags.mode": "4" + }, + "ntp.stratum": "1", + "ntp.ppoll": "3", + "ntp.precision": "-23", + "ntp.rootdelay": "0", + "ntp.rootdispersion": "0.00115966796875", + "ntp.refid": "50:50:53:00", + "ntp.reftime": "Oct 31, 2017 17:21:17.114496000 PDT", + "ntp.org": "Jul 30, 2060 15:35:09.402268000 PDT", + "ntp.rec": "Oct 31, 2017 17:21:29.018627000 PDT", + "ntp.xmt": "Oct 31, 2017 17:21:29.018684000 PDT" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.429056000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.429056000", + "frame.time_delta": "1.399099000", + "frame.time_delta_displayed": "1.399099000", + "frame.time_relative": "2098.968370000", + "frame.number": "7888", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x00002123", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e721", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52117", + "udp.dstport": "1900", + "udp.port": "52117", + "udp.port": "1900", + "udp.length": "134", + "udp.checksum": "0x00004d48", + "udp.checksum.status": "2", + "udp.stream": "10" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "18", + "http.prev_request_in": "7662" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.807309000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.807309000", + "frame.time_delta": "0.378253000", + "frame.time_delta_displayed": "0.378253000", + "frame.time_relative": "2099.346623000", + "frame.number": "7889", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00009c95", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001ab6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "103", + "http.prev_response_in": "7718" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.810708000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.810708000", + "frame.time_delta": "0.003399000", + "frame.time_delta_displayed": "0.003399000", + "frame.time_relative": "2099.350022000", + "frame.number": "7890", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001c71", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bf6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54783", + "tcp.dstport": "80", + "tcp.port": "54783", + "tcp.port": "80", + "tcp.stream": "307", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000e528", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.811251000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.811251000", + "frame.time_delta": "0.000543000", + "frame.time_delta_displayed": "0.000543000", + "frame.time_relative": "2099.350565000", + "frame.number": "7891", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54783", + "tcp.port": "80", + "tcp.port": "54783", + "tcp.stream": "307", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000c09e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7890", + "tcp.analysis.ack_rtt": "0.000543000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.814057000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.814057000", + "frame.time_delta": "0.002806000", + "frame.time_delta_displayed": "0.002806000", + "frame.time_relative": "2099.353371000", + "frame.number": "7892", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c72", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005c01", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54783", + "tcp.dstport": "80", + "tcp.port": "54783", + "tcp.port": "80", + "tcp.stream": "307", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000727d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7891", + "tcp.analysis.ack_rtt": "0.002806000", + "tcp.analysis.initial_rtt": "0.003349000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.814724000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.814724000", + "frame.time_delta": "0.000667000", + "frame.time_delta_displayed": "0.000667000", + "frame.time_relative": "2099.354038000", + "frame.number": "7893", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001c73", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b59", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54783", + "tcp.dstport": "80", + "tcp.port": "54783", + "tcp.port": "80", + "tcp.stream": "307", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000087f6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003349000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.815201000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.815201000", + "frame.time_delta": "0.000477000", + "frame.time_delta_displayed": "0.000477000", + "frame.time_relative": "2099.354515000", + "frame.number": "7894", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000dd43", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000db2f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54783", + "tcp.port": "80", + "tcp.port": "54783", + "tcp.stream": "307", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000640e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7893", + "tcp.analysis.ack_rtt": "0.000477000", + "tcp.analysis.initial_rtt": "0.003349000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.815856000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.815856000", + "frame.time_delta": "0.000655000", + "frame.time_delta_displayed": "0.000655000", + "frame.time_relative": "2099.355170000", + "frame.number": "7895", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000dd44", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000db1d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54783", + "tcp.port": "80", + "tcp.port": "54783", + "tcp.stream": "307", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a42f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003349000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.816213000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.816213000", + "frame.time_delta": "0.000357000", + "frame.time_delta_displayed": "0.000357000", + "frame.time_relative": "2099.355527000", + "frame.number": "7896", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000dd45", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d74a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54783", + "tcp.port": "80", + "tcp.port": "54783", + "tcp.stream": "307", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f698", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003349000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7895", + "tcp.segment": "7896", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001489000", + "http.request_in": "7893", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.818241000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.818241000", + "frame.time_delta": "0.002028000", + "frame.time_delta_displayed": "0.002028000", + "frame.time_relative": "2099.357555000", + "frame.number": "7897", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000dd46", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d749", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54783", + "tcp.port": "80", + "tcp.port": "54783", + "tcp.stream": "307", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f698", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003349000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.818751000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.818751000", + "frame.time_delta": "0.000510000", + "frame.time_delta_displayed": "0.000510000", + "frame.time_relative": "2099.358065000", + "frame.number": "7898", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c74", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54783", + "tcp.dstport": "80", + "tcp.port": "54783", + "tcp.port": "80", + "tcp.stream": "307", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006de5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7896", + "tcp.analysis.ack_rtt": "0.002538000", + "tcp.analysis.initial_rtt": "0.003349000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.819317000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.819317000", + "frame.time_delta": "0.000566000", + "frame.time_delta_displayed": "0.000566000", + "frame.time_relative": "2099.358631000", + "frame.number": "7899", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c75", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bfe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54783", + "tcp.dstport": "80", + "tcp.port": "54783", + "tcp.port": "80", + "tcp.stream": "307", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006de4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.819762000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.819762000", + "frame.time_delta": "0.000445000", + "frame.time_delta_displayed": "0.000445000", + "frame.time_relative": "2099.359076000", + "frame.number": "7900", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007053", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004820", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54783", + "tcp.port": "80", + "tcp.port": "54783", + "tcp.stream": "307", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006018", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7899", + "tcp.analysis.ack_rtt": "0.000445000", + "tcp.analysis.initial_rtt": "0.003349000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.822453000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.822453000", + "frame.time_delta": "0.002691000", + "frame.time_delta_displayed": "0.002691000", + "frame.time_relative": "2099.361767000", + "frame.number": "7901", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001c76", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bf1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54783", + "tcp.dstport": "80", + "tcp.port": "54783", + "tcp.port": "80", + "tcp.stream": "307", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d908", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:31:63:7c:0d:31:63:7f:f0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003349000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "7898", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.860289000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.860289000", + "frame.time_delta": "0.037836000", + "frame.time_delta_displayed": "0.037836000", + "frame.time_relative": "2099.399603000", + "frame.number": "7902", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00009c9a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001aa8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "104", + "http.prev_response_in": "7889" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.871220000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.871220000", + "frame.time_delta": "0.010931000", + "frame.time_delta_displayed": "0.010931000", + "frame.time_relative": "2099.410534000", + "frame.number": "7903", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001c77", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bf0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54784", + "tcp.dstport": "80", + "tcp.port": "54784", + "tcp.port": "80", + "tcp.stream": "308", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000e523", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.871764000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.871764000", + "frame.time_delta": "0.000544000", + "frame.time_delta_displayed": "0.000544000", + "frame.time_relative": "2099.411078000", + "frame.number": "7904", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54784", + "tcp.port": "80", + "tcp.port": "54784", + "tcp.stream": "308", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000db2f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7903", + "tcp.analysis.ack_rtt": "0.000544000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.875554000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.875554000", + "frame.time_delta": "0.003790000", + "frame.time_delta_displayed": "0.003790000", + "frame.time_relative": "2099.414868000", + "frame.number": "7905", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c78", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bfb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54784", + "tcp.dstport": "80", + "tcp.port": "54784", + "tcp.port": "80", + "tcp.stream": "308", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008d0e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7904", + "tcp.analysis.ack_rtt": "0.003790000", + "tcp.analysis.initial_rtt": "0.004334000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.876164000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.876164000", + "frame.time_delta": "0.000610000", + "frame.time_delta_displayed": "0.000610000", + "frame.time_relative": "2099.415478000", + "frame.number": "7906", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001c79", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b53", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54784", + "tcp.dstport": "80", + "tcp.port": "54784", + "tcp.port": "80", + "tcp.stream": "308", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a287", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004334000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.876648000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.876648000", + "frame.time_delta": "0.000484000", + "frame.time_delta_displayed": "0.000484000", + "frame.time_relative": "2099.415962000", + "frame.number": "7907", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002799", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000090da", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54784", + "tcp.port": "80", + "tcp.port": "54784", + "tcp.stream": "308", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007e9f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7906", + "tcp.analysis.ack_rtt": "0.000484000", + "tcp.analysis.initial_rtt": "0.004334000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.877291000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.877291000", + "frame.time_delta": "0.000643000", + "frame.time_delta_displayed": "0.000643000", + "frame.time_relative": "2099.416605000", + "frame.number": "7908", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000279a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000090c8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54784", + "tcp.port": "80", + "tcp.port": "54784", + "tcp.stream": "308", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bec0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004334000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.877646000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.877646000", + "frame.time_delta": "0.000355000", + "frame.time_delta_displayed": "0.000355000", + "frame.time_relative": "2099.416960000", + "frame.number": "7909", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000279b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008cf5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54784", + "tcp.port": "80", + "tcp.port": "54784", + "tcp.stream": "308", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000112a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004334000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7908", + "tcp.segment": "7909", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001482000", + "http.request_in": "7906", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.878242000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.878242000", + "frame.time_delta": "0.000596000", + "frame.time_delta_displayed": "0.000596000", + "frame.time_relative": "2099.417556000", + "frame.number": "7910", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000279c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008cf4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54784", + "tcp.port": "80", + "tcp.port": "54784", + "tcp.stream": "308", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000112a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004334000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.880571000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.880571000", + "frame.time_delta": "0.002329000", + "frame.time_delta_displayed": "0.002329000", + "frame.time_relative": "2099.419885000", + "frame.number": "7911", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001c7a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bed", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54784", + "tcp.dstport": "80", + "tcp.port": "54784", + "tcp.port": "80", + "tcp.stream": "308", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000028c7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:11:6d:81:6d:11:6d:85:50", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7909", + "tcp.analysis.ack_rtt": "0.002925000", + "tcp.analysis.initial_rtt": "0.004334000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.881182000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.881182000", + "frame.time_delta": "0.000611000", + "frame.time_delta_displayed": "0.000611000", + "frame.time_relative": "2099.420496000", + "frame.number": "7912", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c7b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bf8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54784", + "tcp.dstport": "80", + "tcp.port": "54784", + "tcp.port": "80", + "tcp.stream": "308", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008875", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.881626000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.881626000", + "frame.time_delta": "0.000444000", + "frame.time_delta_displayed": "0.000444000", + "frame.time_relative": "2099.420940000", + "frame.number": "7913", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007058", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000481b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54784", + "tcp.port": "80", + "tcp.port": "54784", + "tcp.stream": "308", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007aa9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7912", + "tcp.analysis.ack_rtt": "0.000444000", + "tcp.analysis.initial_rtt": "0.004334000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.913374000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.913374000", + "frame.time_delta": "0.031748000", + "frame.time_delta_displayed": "0.031748000", + "frame.time_relative": "2099.452688000", + "frame.number": "7914", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00009c9d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001aab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "105", + "http.prev_response_in": "7902" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.916433000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.916433000", + "frame.time_delta": "0.003059000", + "frame.time_delta_displayed": "0.003059000", + "frame.time_relative": "2099.455747000", + "frame.number": "7915", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001c7c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005beb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54785", + "tcp.dstport": "80", + "tcp.port": "54785", + "tcp.port": "80", + "tcp.stream": "309", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000b484", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.916959000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.916959000", + "frame.time_delta": "0.000526000", + "frame.time_delta_displayed": "0.000526000", + "frame.time_relative": "2099.456273000", + "frame.number": "7916", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54785", + "tcp.port": "80", + "tcp.port": "54785", + "tcp.stream": "309", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000014a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7915", + "tcp.analysis.ack_rtt": "0.000526000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.919039000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.919039000", + "frame.time_delta": "0.002080000", + "frame.time_delta_displayed": "0.002080000", + "frame.time_relative": "2099.458353000", + "frame.number": "7917", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c7d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bf6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54785", + "tcp.dstport": "80", + "tcp.port": "54785", + "tcp.port": "80", + "tcp.stream": "309", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b328", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7916", + "tcp.analysis.ack_rtt": "0.002080000", + "tcp.analysis.initial_rtt": "0.002606000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.919677000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.919677000", + "frame.time_delta": "0.000638000", + "frame.time_delta_displayed": "0.000638000", + "frame.time_relative": "2099.458991000", + "frame.number": "7918", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001c7e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b4e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54785", + "tcp.dstport": "80", + "tcp.port": "54785", + "tcp.port": "80", + "tcp.stream": "309", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c8a1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002606000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.920229000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.920229000", + "frame.time_delta": "0.000552000", + "frame.time_delta_displayed": "0.000552000", + "frame.time_relative": "2099.459543000", + "frame.number": "7919", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007386", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000044ed", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54785", + "tcp.port": "80", + "tcp.port": "54785", + "tcp.stream": "309", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a4b9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7918", + "tcp.analysis.ack_rtt": "0.000552000", + "tcp.analysis.initial_rtt": "0.002606000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.920850000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.920850000", + "frame.time_delta": "0.000621000", + "frame.time_delta_displayed": "0.000621000", + "frame.time_relative": "2099.460164000", + "frame.number": "7920", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00007387", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000044db", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54785", + "tcp.port": "80", + "tcp.port": "54785", + "tcp.stream": "309", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e4da", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002606000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.921199000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.921199000", + "frame.time_delta": "0.000349000", + "frame.time_delta_displayed": "0.000349000", + "frame.time_relative": "2099.460513000", + "frame.number": "7921", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00007388", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004108", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54785", + "tcp.port": "80", + "tcp.port": "54785", + "tcp.stream": "309", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003744", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002606000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7920", + "tcp.segment": "7921", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001522000", + "http.request_in": "7918", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.923457000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.923457000", + "frame.time_delta": "0.002258000", + "frame.time_delta_displayed": "0.002258000", + "frame.time_relative": "2099.462771000", + "frame.number": "7922", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c7f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bf4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54785", + "tcp.dstport": "80", + "tcp.port": "54785", + "tcp.port": "80", + "tcp.stream": "309", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ae90", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7921", + "tcp.analysis.ack_rtt": "0.002258000", + "tcp.analysis.initial_rtt": "0.002606000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.924681000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.924681000", + "frame.time_delta": "0.001224000", + "frame.time_delta_displayed": "0.001224000", + "frame.time_relative": "2099.463995000", + "frame.number": "7923", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c80", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bf3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54785", + "tcp.dstport": "80", + "tcp.port": "54785", + "tcp.port": "80", + "tcp.stream": "309", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ae8f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:30.925129000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495690.925129000", + "frame.time_delta": "0.000448000", + "frame.time_delta_displayed": "0.000448000", + "frame.time_relative": "2099.464443000", + "frame.number": "7924", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000705b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004818", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54785", + "tcp.port": "80", + "tcp.port": "54785", + "tcp.stream": "309", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a0c3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7923", + "tcp.analysis.ack_rtt": "0.000448000", + "tcp.analysis.initial_rtt": "0.002606000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.256337000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.256337000", + "frame.time_delta": "0.331208000", + "frame.time_delta_displayed": "0.331208000", + "frame.time_relative": "2099.795651000", + "frame.number": "7925", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x000096f6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007658", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "92218", + "tcp.nxtseq": "92267", + "tcp.ack": "18855", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a561", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:e5:2f:a7:a2:df:a2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2614575, TSecr 2812469154": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2614575", + "tcp.options.timestamp.tsecr": "2812469154" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:8c:49:d6:21:cf:ab:8d:cb:64:78:1f:a1:9a:09:91:d6:d9:ec:15:f4:99:0b:72:f9:15:ad:fb:53:e4:2f:b3:33:2a:ba:44:47:06" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.317539000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.317539000", + "frame.time_delta": "0.061202000", + "frame.time_delta_displayed": "0.061202000", + "frame.time_relative": "2099.856853000", + "frame.number": "7926", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002de9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000375f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "18855", + "tcp.nxtseq": "18910", + "tcp.ack": "92267", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008426", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a2:fd:f9:00:27:e5:2f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812476921, TSecr 2614575": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812476921", + "tcp.options.timestamp.tsecr": "2614575" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7925", + "tcp.analysis.ack_rtt": "0.061202000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:d4:51:9a:a5:15:41:5f:ec:c6:78:1b:33:11:d0:57:6b:6a:7a:71:58:55:21:f2:0f:3e:20:d9:d3:4d:5e:00:44:0f:8e:9f:b9:9d:39:88:e2:33:19:56" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.318020000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.318020000", + "frame.time_delta": "0.000481000", + "frame.time_delta_displayed": "0.000481000", + "frame.time_relative": "2099.857334000", + "frame.number": "7927", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000096f7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007688", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "92267", + "tcp.ack": "18910", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000121f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:e5:35:a7:a2:fd:f9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2614581, TSecr 2812476921": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2614581", + "tcp.options.timestamp.tsecr": "2812476921" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7926", + "tcp.analysis.ack_rtt": "0.000481000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.812450000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.812450000", + "frame.time_delta": "0.494430000", + "frame.time_delta_displayed": "0.494430000", + "frame.time_relative": "2100.351764000", + "frame.number": "7928", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00009cbd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001a8e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "106", + "http.prev_response_in": "7914" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.815797000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.815797000", + "frame.time_delta": "0.003347000", + "frame.time_delta_displayed": "0.003347000", + "frame.time_relative": "2100.355111000", + "frame.number": "7929", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001c81", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005be6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54786", + "tcp.dstport": "80", + "tcp.port": "54786", + "tcp.port": "80", + "tcp.stream": "310", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000d1b1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.816337000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.816337000", + "frame.time_delta": "0.000540000", + "frame.time_delta_displayed": "0.000540000", + "frame.time_relative": "2100.355651000", + "frame.number": "7930", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54786", + "tcp.port": "80", + "tcp.port": "54786", + "tcp.stream": "310", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000b7d3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7929", + "tcp.analysis.ack_rtt": "0.000540000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.819324000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.819324000", + "frame.time_delta": "0.002987000", + "frame.time_delta_displayed": "0.002987000", + "frame.time_relative": "2100.358638000", + "frame.number": "7931", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c82", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bf1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54786", + "tcp.dstport": "80", + "tcp.port": "54786", + "tcp.port": "80", + "tcp.stream": "310", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000069b2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7930", + "tcp.analysis.ack_rtt": "0.002987000", + "tcp.analysis.initial_rtt": "0.003527000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.819905000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.819905000", + "frame.time_delta": "0.000581000", + "frame.time_delta_displayed": "0.000581000", + "frame.time_relative": "2100.359219000", + "frame.number": "7932", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001c83", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b49", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54786", + "tcp.dstport": "80", + "tcp.port": "54786", + "tcp.port": "80", + "tcp.stream": "310", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007f2b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003527000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.820385000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.820385000", + "frame.time_delta": "0.000480000", + "frame.time_delta_displayed": "0.000480000", + "frame.time_relative": "2100.359699000", + "frame.number": "7933", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000039ea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007e89", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54786", + "tcp.port": "80", + "tcp.port": "54786", + "tcp.stream": "310", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005b43", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7932", + "tcp.analysis.ack_rtt": "0.000480000", + "tcp.analysis.initial_rtt": "0.003527000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.821029000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.821029000", + "frame.time_delta": "0.000644000", + "frame.time_delta_displayed": "0.000644000", + "frame.time_relative": "2100.360343000", + "frame.number": "7934", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000039eb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007e77", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54786", + "tcp.port": "80", + "tcp.port": "54786", + "tcp.stream": "310", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009b64", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003527000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.821408000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.821408000", + "frame.time_delta": "0.000379000", + "frame.time_delta_displayed": "0.000379000", + "frame.time_relative": "2100.360722000", + "frame.number": "7935", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000039ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007aa4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54786", + "tcp.port": "80", + "tcp.port": "54786", + "tcp.stream": "310", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000edcd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003527000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7934", + "tcp.segment": "7935", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001503000", + "http.request_in": "7932", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.826083000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.826083000", + "frame.time_delta": "0.004675000", + "frame.time_delta_displayed": "0.004675000", + "frame.time_relative": "2100.365397000", + "frame.number": "7936", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c84", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54786", + "tcp.dstport": "80", + "tcp.port": "54786", + "tcp.port": "80", + "tcp.stream": "310", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000651a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7935", + "tcp.analysis.ack_rtt": "0.004675000", + "tcp.analysis.initial_rtt": "0.003527000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.826707000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.826707000", + "frame.time_delta": "0.000624000", + "frame.time_delta_displayed": "0.000624000", + "frame.time_relative": "2100.366021000", + "frame.number": "7937", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c85", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54786", + "tcp.dstport": "80", + "tcp.port": "54786", + "tcp.port": "80", + "tcp.stream": "310", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006519", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.827150000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.827150000", + "frame.time_delta": "0.000443000", + "frame.time_delta_displayed": "0.000443000", + "frame.time_relative": "2100.366464000", + "frame.number": "7938", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007069", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000480a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54786", + "tcp.port": "80", + "tcp.port": "54786", + "tcp.stream": "310", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000574d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7937", + "tcp.analysis.ack_rtt": "0.000443000", + "tcp.analysis.initial_rtt": "0.003527000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.865408000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.865408000", + "frame.time_delta": "0.038258000", + "frame.time_delta_displayed": "0.038258000", + "frame.time_relative": "2100.404722000", + "frame.number": "7939", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00009cc1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001a81", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "107", + "http.prev_response_in": "7928" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.878091000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.878091000", + "frame.time_delta": "0.012683000", + "frame.time_delta_displayed": "0.012683000", + "frame.time_relative": "2100.417405000", + "frame.number": "7940", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001c86", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005be1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54787", + "tcp.dstport": "80", + "tcp.port": "54787", + "tcp.port": "80", + "tcp.stream": "311", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000d1ad", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.878627000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.878627000", + "frame.time_delta": "0.000536000", + "frame.time_delta_displayed": "0.000536000", + "frame.time_relative": "2100.417941000", + "frame.number": "7941", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54787", + "tcp.port": "80", + "tcp.port": "54787", + "tcp.stream": "311", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000d085", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7940", + "tcp.analysis.ack_rtt": "0.000536000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.881240000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.881240000", + "frame.time_delta": "0.002613000", + "frame.time_delta_displayed": "0.002613000", + "frame.time_relative": "2100.420554000", + "frame.number": "7942", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c87", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54787", + "tcp.dstport": "80", + "tcp.port": "54787", + "tcp.port": "80", + "tcp.stream": "311", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008264", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7941", + "tcp.analysis.ack_rtt": "0.002613000", + "tcp.analysis.initial_rtt": "0.003149000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.881818000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.881818000", + "frame.time_delta": "0.000578000", + "frame.time_delta_displayed": "0.000578000", + "frame.time_relative": "2100.421132000", + "frame.number": "7943", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001c88", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b44", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54787", + "tcp.dstport": "80", + "tcp.port": "54787", + "tcp.port": "80", + "tcp.stream": "311", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000097dd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003149000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.882299000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.882299000", + "frame.time_delta": "0.000481000", + "frame.time_delta_displayed": "0.000481000", + "frame.time_relative": "2100.421613000", + "frame.number": "7944", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a553", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001320", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54787", + "tcp.port": "80", + "tcp.port": "54787", + "tcp.stream": "311", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000073f5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7943", + "tcp.analysis.ack_rtt": "0.000481000", + "tcp.analysis.initial_rtt": "0.003149000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.882873000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.882873000", + "frame.time_delta": "0.000574000", + "frame.time_delta_displayed": "0.000574000", + "frame.time_relative": "2100.422187000", + "frame.number": "7945", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000a554", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000130e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54787", + "tcp.port": "80", + "tcp.port": "54787", + "tcp.stream": "311", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000b416", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003149000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.883251000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.883251000", + "frame.time_delta": "0.000378000", + "frame.time_delta_displayed": "0.000378000", + "frame.time_relative": "2100.422565000", + "frame.number": "7946", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000a555", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000f3b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54787", + "tcp.port": "80", + "tcp.port": "54787", + "tcp.stream": "311", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000680", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003149000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7945", + "tcp.segment": "7946", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001433000", + "http.request_in": "7943", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.887328000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.887328000", + "frame.time_delta": "0.004077000", + "frame.time_delta_displayed": "0.004077000", + "frame.time_relative": "2100.426642000", + "frame.number": "7947", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c89", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54787", + "tcp.dstport": "80", + "tcp.port": "54787", + "tcp.port": "80", + "tcp.stream": "311", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007dcc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7946", + "tcp.analysis.ack_rtt": "0.004077000", + "tcp.analysis.initial_rtt": "0.003149000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.887905000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.887905000", + "frame.time_delta": "0.000577000", + "frame.time_delta_displayed": "0.000577000", + "frame.time_relative": "2100.427219000", + "frame.number": "7948", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c8a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005be9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54787", + "tcp.dstport": "80", + "tcp.port": "54787", + "tcp.port": "80", + "tcp.stream": "311", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007dcb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.888344000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.888344000", + "frame.time_delta": "0.000439000", + "frame.time_delta_displayed": "0.000439000", + "frame.time_relative": "2100.427658000", + "frame.number": "7949", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000706c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004807", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54787", + "tcp.port": "80", + "tcp.port": "54787", + "tcp.stream": "311", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006fff", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7948", + "tcp.analysis.ack_rtt": "0.000439000", + "tcp.analysis.initial_rtt": "0.003149000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.918258000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.918258000", + "frame.time_delta": "0.029914000", + "frame.time_delta_displayed": "0.029914000", + "frame.time_relative": "2100.457572000", + "frame.number": "7950", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00009cc3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001a85", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "108", + "http.prev_response_in": "7939" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.923889000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.923889000", + "frame.time_delta": "0.005631000", + "frame.time_delta_displayed": "0.005631000", + "frame.time_relative": "2100.463203000", + "frame.number": "7951", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001c8b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bdc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54788", + "tcp.dstport": "80", + "tcp.port": "54788", + "tcp.port": "80", + "tcp.stream": "312", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00003bf3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.924430000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.924430000", + "frame.time_delta": "0.000541000", + "frame.time_delta_displayed": "0.000541000", + "frame.time_relative": "2100.463744000", + "frame.number": "7952", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54788", + "tcp.port": "80", + "tcp.port": "54788", + "tcp.stream": "312", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000f2d5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "7951", + "tcp.analysis.ack_rtt": "0.000541000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.926935000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.926935000", + "frame.time_delta": "0.002505000", + "frame.time_delta_displayed": "0.002505000", + "frame.time_relative": "2100.466249000", + "frame.number": "7953", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c8c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005be7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54788", + "tcp.dstport": "80", + "tcp.port": "54788", + "tcp.port": "80", + "tcp.stream": "312", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a4b4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7952", + "tcp.analysis.ack_rtt": "0.002505000", + "tcp.analysis.initial_rtt": "0.003046000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.927558000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.927558000", + "frame.time_delta": "0.000623000", + "frame.time_delta_displayed": "0.000623000", + "frame.time_relative": "2100.466872000", + "frame.number": "7954", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001c8d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b3f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54788", + "tcp.dstport": "80", + "tcp.port": "54788", + "tcp.port": "80", + "tcp.stream": "312", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ba2d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003046000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.928031000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.928031000", + "frame.time_delta": "0.000473000", + "frame.time_delta_displayed": "0.000473000", + "frame.time_relative": "2100.467345000", + "frame.number": "7955", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000421d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007656", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54788", + "tcp.port": "80", + "tcp.port": "54788", + "tcp.stream": "312", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009645", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7954", + "tcp.analysis.ack_rtt": "0.000473000", + "tcp.analysis.initial_rtt": "0.003046000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.928723000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.928723000", + "frame.time_delta": "0.000692000", + "frame.time_delta_displayed": "0.000692000", + "frame.time_relative": "2100.468037000", + "frame.number": "7956", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000421e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007644", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54788", + "tcp.port": "80", + "tcp.port": "54788", + "tcp.stream": "312", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d666", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003046000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.929084000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.929084000", + "frame.time_delta": "0.000361000", + "frame.time_delta_displayed": "0.000361000", + "frame.time_relative": "2100.468398000", + "frame.number": "7957", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000421f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007271", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54788", + "tcp.port": "80", + "tcp.port": "54788", + "tcp.stream": "312", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000028d0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003046000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "7956", + "tcp.segment": "7957", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001526000", + "http.request_in": "7954", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.932680000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.932680000", + "frame.time_delta": "0.003596000", + "frame.time_delta_displayed": "0.003596000", + "frame.time_relative": "2100.471994000", + "frame.number": "7958", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c8e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005be5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54788", + "tcp.dstport": "80", + "tcp.port": "54788", + "tcp.port": "80", + "tcp.stream": "312", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a01c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7957", + "tcp.analysis.ack_rtt": "0.003596000", + "tcp.analysis.initial_rtt": "0.003046000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.933284000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.933284000", + "frame.time_delta": "0.000604000", + "frame.time_delta_displayed": "0.000604000", + "frame.time_relative": "2100.472598000", + "frame.number": "7959", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c8f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005be4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54788", + "tcp.dstport": "80", + "tcp.port": "54788", + "tcp.port": "80", + "tcp.stream": "312", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a01b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:31.933730000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495691.933730000", + "frame.time_delta": "0.000446000", + "frame.time_delta_displayed": "0.000446000", + "frame.time_relative": "2100.473044000", + "frame.number": "7960", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007070", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004803", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54788", + "tcp.port": "80", + "tcp.port": "54788", + "tcp.stream": "312", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000924f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "7959", + "tcp.analysis.ack_rtt": "0.000446000", + "tcp.analysis.initial_rtt": "0.003046000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:32.687904000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495692.687904000", + "frame.time_delta": "0.754174000", + "frame.time_delta_displayed": "0.754174000", + "frame.time_relative": "2101.227218000", + "frame.number": "7961", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ff6", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7fa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001667", + "udp.checksum.status": "2", + "udp.stream": "98" + }, + "mdns": { + "dns.id": "0x0000028d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=653", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:32.688440000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495692.688440000", + "frame.time_delta": "0.000536000", + "frame.time_delta_displayed": "0.000536000", + "frame.time_relative": "2101.227754000", + "frame.number": "7962", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ff7", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098f5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1321", + "udp.dstport": "5353", + "udp.port": "1321", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f762", + "udp.checksum.status": "2", + "udp.stream": "99" + }, + "mdns": { + "dns.id": "0x0000028d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=653", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:32.689058000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495692.689058000", + "frame.time_delta": "0.000618000", + "frame.time_delta_displayed": "0.000618000", + "frame.time_relative": "2101.228372000", + "frame.number": "7963", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1322", + "udp.dstport": "5353", + "udp.port": "1322", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008528", + "udp.checksum.status": "2", + "udp.stream": "100" + }, + "mdns": { + "dns.id": "0x0000028d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=653", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=55681" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:33.998102000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495693.998102000", + "frame.time_delta": "1.309044000", + "frame.time_delta_displayed": "1.309044000", + "frame.time_relative": "2102.537416000", + "frame.number": "7964", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:33.998278000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495693.998278000", + "frame.time_delta": "0.000176000", + "frame.time_delta_displayed": "0.000176000", + "frame.time_relative": "2102.537592000", + "frame.number": "7965", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:34.698175000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495694.698175000", + "frame.time_delta": "0.699897000", + "frame.time_delta_displayed": "0.699897000", + "frame.time_relative": "2103.237489000", + "frame.number": "7966", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000582d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a664", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5197", + "tcp.ack": "721", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000efa2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:34.841535000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495694.841535000", + "frame.time_delta": "0.143360000", + "frame.time_delta_displayed": "0.143360000", + "frame.time_relative": "2103.380849000", + "frame.number": "7967", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001010", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd81", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "721", + "tcp.ack": "5198", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fa17", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:36.320939000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495696.320939000", + "frame.time_delta": "1.479404000", + "frame.time_delta_displayed": "1.479404000", + "frame.time_relative": "2104.860253000", + "frame.number": "7968", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:36.321392000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495696.321392000", + "frame.time_delta": "0.000453000", + "frame.time_delta_displayed": "0.000453000", + "frame.time_relative": "2104.860706000", + "frame.number": "7969", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:36.675017000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495696.675017000", + "frame.time_delta": "0.353625000", + "frame.time_delta_displayed": "0.353625000", + "frame.time_relative": "2105.214331000", + "frame.number": "7970", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002124", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57205", + "udp.dstport": "1900", + "udp.port": "57205", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00006ae8", + "udp.checksum.status": "2", + "udp.stream": "148" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:36.822388000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495696.822388000", + "frame.time_delta": "0.147371000", + "frame.time_delta_displayed": "0.147371000", + "frame.time_relative": "2105.361702000", + "frame.number": "7971", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005f00", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x000058e9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:37.342545000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495697.342545000", + "frame.time_delta": "0.520157000", + "frame.time_delta_displayed": "0.520157000", + "frame.time_relative": "2105.881859000", + "frame.number": "7972", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00009da8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000019a3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "305", + "udp.checksum": "0x0000e5a5", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:37.395404000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495697.395404000", + "frame.time_delta": "0.052859000", + "frame.time_delta_displayed": "0.052859000", + "frame.time_relative": "2105.934718000", + "frame.number": "7973", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00009dac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001996", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "314", + "udp.checksum": "0x0000f390", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "7972" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:37.448240000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495697.448240000", + "frame.time_delta": "0.052836000", + "frame.time_delta_displayed": "0.052836000", + "frame.time_relative": "2105.987554000", + "frame.number": "7974", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00009db1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001997", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "308", + "udp.checksum": "0x0000171b", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "7973" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:37.677057000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495697.677057000", + "frame.time_delta": "0.228817000", + "frame.time_delta_displayed": "0.228817000", + "frame.time_relative": "2106.216371000", + "frame.number": "7975", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002125", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6ef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57205", + "udp.dstport": "1900", + "udp.port": "57205", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00006ae8", + "udp.checksum.status": "2", + "udp.stream": "148" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "7970" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:38.399725000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495698.399725000", + "frame.time_delta": "0.722668000", + "frame.time_delta_displayed": "0.722668000", + "frame.time_relative": "2106.939039000", + "frame.number": "7976", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00009db5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001996", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "305", + "udp.checksum": "0x0000e5a5", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "7974" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:38.452554000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495698.452554000", + "frame.time_delta": "0.052829000", + "frame.time_delta_displayed": "0.052829000", + "frame.time_relative": "2106.991868000", + "frame.number": "7977", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00009db8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000198a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "314", + "udp.checksum": "0x0000f390", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "7976" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:38.505274000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495698.505274000", + "frame.time_delta": "0.052720000", + "frame.time_delta_displayed": "0.052720000", + "frame.time_relative": "2107.044588000", + "frame.number": "7978", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00009dbd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000198b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "308", + "udp.checksum": "0x0000171b", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "7977" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:38.679232000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495698.679232000", + "frame.time_delta": "0.173958000", + "frame.time_delta_displayed": "0.173958000", + "frame.time_relative": "2107.218546000", + "frame.number": "7979", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002126", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6ee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57205", + "udp.dstport": "1900", + "udp.port": "57205", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00006ae8", + "udp.checksum.status": "2", + "udp.stream": "148" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "7975" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:39.031736000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495699.031736000", + "frame.time_delta": "0.352504000", + "frame.time_delta_displayed": "0.352504000", + "frame.time_relative": "2107.571050000", + "frame.number": "7980", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00009dd6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001975", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "305", + "udp.checksum": "0x0000e5a5", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "7978" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:39.084558000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495699.084558000", + "frame.time_delta": "0.052822000", + "frame.time_delta_displayed": "0.052822000", + "frame.time_relative": "2107.623872000", + "frame.number": "7981", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00009dd9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001969", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "314", + "udp.checksum": "0x0000f390", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "7980" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:39.137342000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495699.137342000", + "frame.time_delta": "0.052784000", + "frame.time_delta_displayed": "0.052784000", + "frame.time_relative": "2107.676656000", + "frame.number": "7982", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00009ddd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000196b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "308", + "udp.checksum": "0x0000171b", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "7981" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:39.678377000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495699.678377000", + "frame.time_delta": "0.541035000", + "frame.time_delta_displayed": "0.541035000", + "frame.time_relative": "2108.217691000", + "frame.number": "7983", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002127", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6ed", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57205", + "udp.dstport": "1900", + "udp.port": "57205", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00006ae8", + "udp.checksum.status": "2", + "udp.stream": "148" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "7979" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:39.850202000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495699.850202000", + "frame.time_delta": "0.171825000", + "frame.time_delta_displayed": "0.171825000", + "frame.time_relative": "2108.389516000", + "frame.number": "7984", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:39.850601000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495699.850601000", + "frame.time_delta": "0.000399000", + "frame.time_delta_displayed": "0.000399000", + "frame.time_relative": "2108.389915000", + "frame.number": "7985", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:40.083993000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495700.083993000", + "frame.time_delta": "0.233392000", + "frame.time_delta_displayed": "0.233392000", + "frame.time_relative": "2108.623307000", + "frame.number": "7986", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00009e0d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000193e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "305", + "udp.checksum": "0x0000e5a5", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "7982" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:40.136758000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495700.136758000", + "frame.time_delta": "0.052765000", + "frame.time_delta_displayed": "0.052765000", + "frame.time_relative": "2108.676072000", + "frame.number": "7987", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00009e0f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001933", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "314", + "udp.checksum": "0x0000f390", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "7986" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:40.189484000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495700.189484000", + "frame.time_delta": "0.052726000", + "frame.time_delta_displayed": "0.052726000", + "frame.time_relative": "2108.728798000", + "frame.number": "7988", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00009e11", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001937", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "308", + "udp.checksum": "0x0000171b", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "7987" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:40.400187000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495700.400187000", + "frame.time_delta": "0.210703000", + "frame.time_delta_displayed": "0.210703000", + "frame.time_relative": "2108.939501000", + "frame.number": "7989", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00009e21", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000192a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "305", + "udp.checksum": "0x0000e5a5", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "7988" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:40.452922000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495700.452922000", + "frame.time_delta": "0.052735000", + "frame.time_delta_displayed": "0.052735000", + "frame.time_relative": "2108.992236000", + "frame.number": "7990", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00009e23", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000191f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "314", + "udp.checksum": "0x0000f390", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "7989" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:40.505614000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495700.505614000", + "frame.time_delta": "0.052692000", + "frame.time_delta_displayed": "0.052692000", + "frame.time_relative": "2109.044928000", + "frame.number": "7991", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00009e28", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001920", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "308", + "udp.checksum": "0x0000171b", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "7990" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:41.452831000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495701.452831000", + "frame.time_delta": "0.947217000", + "frame.time_delta_displayed": "0.947217000", + "frame.time_relative": "2109.992145000", + "frame.number": "7992", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00009e70", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000018db", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "305", + "udp.checksum": "0x0000e5a5", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "7991" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:41.505550000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495701.505550000", + "frame.time_delta": "0.052719000", + "frame.time_delta_displayed": "0.052719000", + "frame.time_relative": "2110.044864000", + "frame.number": "7993", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00009e74", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000018ce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "314", + "udp.checksum": "0x0000f390", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "7992" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:41.558339000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495701.558339000", + "frame.time_delta": "0.052789000", + "frame.time_delta_displayed": "0.052789000", + "frame.time_relative": "2110.097653000", + "frame.number": "7994", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00009e77", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000018d1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "308", + "udp.checksum": "0x0000171b", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "7993" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:42.136685000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495702.136685000", + "frame.time_delta": "0.578346000", + "frame.time_delta_displayed": "0.578346000", + "frame.time_relative": "2110.675999000", + "frame.number": "7995", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00009e8f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000018bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "305", + "udp.checksum": "0x0000e5a5", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "7994" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:42.189530000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495702.189530000", + "frame.time_delta": "0.052845000", + "frame.time_delta_displayed": "0.052845000", + "frame.time_relative": "2110.728844000", + "frame.number": "7996", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00009e94", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000018ae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "314", + "udp.checksum": "0x0000f390", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "7995" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:42.242333000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495702.242333000", + "frame.time_delta": "0.052803000", + "frame.time_delta_displayed": "0.052803000", + "frame.time_relative": "2110.781647000", + "frame.number": "7997", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00009e96", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000018b2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "308", + "udp.checksum": "0x0000171b", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "7996" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:43.188880000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495703.188880000", + "frame.time_delta": "0.946547000", + "frame.time_delta_displayed": "0.946547000", + "frame.time_relative": "2111.728194000", + "frame.number": "7998", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00009ec2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001889", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "305", + "udp.checksum": "0x0000e5a5", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "7997" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:43.241615000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495703.241615000", + "frame.time_delta": "0.052735000", + "frame.time_delta_displayed": "0.052735000", + "frame.time_relative": "2111.780929000", + "frame.number": "7999", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00009ec3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000187f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "314", + "udp.checksum": "0x0000f390", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "7998" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:43.294488000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495703.294488000", + "frame.time_delta": "0.052873000", + "frame.time_delta_displayed": "0.052873000", + "frame.time_relative": "2111.833802000", + "frame.number": "8000", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x00009ec8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001880", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57205", + "udp.port": "1900", + "udp.port": "57205", + "udp.length": "308", + "udp.checksum": "0x0000171b", + "udp.checksum.status": "2", + "udp.stream": "149" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "7999" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:21:55.346826000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495715.346826000", + "frame.time_delta": "12.052338000", + "frame.time_delta_displayed": "12.052338000", + "frame.time_relative": "2123.886140000", + "frame.number": "8001", + "frame.len": "134", + "frame.cap_len": "134", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:adwin_config" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "120", + "ip.id": "0x00000bb4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ecd8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "100", + "udp.checksum": "0x0000e487", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "adwin_config": { + "adwin_config.pattern": "0x5c000054", + "adwin_config.version": "1112689490", + "adwin_config.scan_id": "0xd073d502", + "adwin_config.status": "0x41da0000", + "adwin_config.timeout": "1279870552", + "adwin_config.filename": "V2", + "adwin_config.mac": "9f:36:19:4e:7a:42", + "adwin_config.unused": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:02.336039000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495722.336039000", + "frame.time_delta": "6.989213000", + "frame.time_delta_displayed": "6.989213000", + "frame.time_relative": "2130.875353000", + "frame.number": "8002", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x000096f8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007656", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "92267", + "tcp.nxtseq": "92316", + "tcp.ack": "18910", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c158", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:f1:53:a7:a2:fd:f9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2617683, TSecr 2812476921": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2617683", + "tcp.options.timestamp.tsecr": "2812476921" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:8d:cb:9a:91:cc:d3:07:16:c6:97:9e:ff:37:0e:10:35:44:bf:3f:9f:72:69:84:c0:f7:67:87:02:61:b5:a7:30:d7:8e:89:c4:35" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:02.397270000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495722.397270000", + "frame.time_delta": "0.061231000", + "frame.time_delta_displayed": "0.061231000", + "frame.time_relative": "2130.936584000", + "frame.number": "8003", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002dea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000375e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "18910", + "tcp.nxtseq": "18965", + "tcp.ack": "92316", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000097ca", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a3:1c:53:00:27:f1:53", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812484691, TSecr 2617683": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812484691", + "tcp.options.timestamp.tsecr": "2617683" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8002", + "tcp.analysis.ack_rtt": "0.061231000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:d5:d6:b2:df:9d:3a:92:32:91:62:c1:5a:f2:ee:a8:59:aa:21:42:c6:c4:1c:e2:a4:d3:93:ae:51:6e:55:32:73:19:01:3c:bf:0c:92:7d:77:ba:4d:e1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:02.397773000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495722.397773000", + "frame.time_delta": "0.000503000", + "frame.time_delta_displayed": "0.000503000", + "frame.time_relative": "2130.937087000", + "frame.number": "8004", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000096f9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007686", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "92316", + "tcp.ack": "18965", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e738", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:f1:59:a7:a3:1c:53", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2617689, TSecr 2812484691": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2617689", + "tcp.options.timestamp.tsecr": "2812484691" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8003", + "tcp.analysis.ack_rtt": "0.000503000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:04.081423000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495724.081423000", + "frame.time_delta": "1.683650000", + "frame.time_delta_displayed": "1.683650000", + "frame.time_relative": "2132.620737000", + "frame.number": "8005", + "frame.len": "94", + "frame.cap_len": "94", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "80", + "ip.id": "0x0000582e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a63b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "40", + "tcp.seq": "5198", + "tcp.nxtseq": "5238", + "tcp.ack": "721", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fc58", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "40", + "tcp.analysis.push_bytes_sent": "40" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "35", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:ef:ae:12:ab:73:e0:77:d4:07:e2:9a:30:12:a7:7a:67:f5:0e:51:f5:14:79:2d:ff:60:f3:a3:ed" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:04.225047000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495724.225047000", + "frame.time_delta": "0.143624000", + "frame.time_delta_displayed": "0.143624000", + "frame.time_relative": "2132.764361000", + "frame.number": "8006", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00001011", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd5c", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "36", + "tcp.seq": "721", + "tcp.nxtseq": "757", + "tcp.ack": "5238", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000027de", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8005", + "tcp.analysis.ack_rtt": "0.143624000", + "tcp.analysis.bytes_in_flight": "36", + "tcp.analysis.push_bytes_sent": "36" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "31", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:74:e7:75:4d:11:29:35:68:7b:52:8a:bf:eb:79:df:94:ae:74:1e:a0:52:a2:b8:5e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:04.225558000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495724.225558000", + "frame.time_delta": "0.000511000", + "frame.time_delta_displayed": "0.000511000", + "frame.time_relative": "2132.764872000", + "frame.number": "8007", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000582f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a662", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5238", + "tcp.ack": "757", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ef55", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8006", + "tcp.analysis.ack_rtt": "0.000511000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:06.825271000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495726.825271000", + "frame.time_delta": "2.599713000", + "frame.time_delta_displayed": "2.599713000", + "frame.time_relative": "2135.364585000", + "frame.number": "8008", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005f07", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x000058e2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:07.396852000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495727.396852000", + "frame.time_delta": "0.571581000", + "frame.time_delta_displayed": "0.571581000", + "frame.time_relative": "2135.936166000", + "frame.number": "8009", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000bb6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ecda", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x00009e1c", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:37:84:a1:fb:9a:5d:ce:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:09.706004000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495729.706004000", + "frame.time_delta": "2.309152000", + "frame.time_delta_displayed": "2.309152000", + "frame.time_relative": "2138.245318000", + "frame.number": "8010", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ffd", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001565", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x0000028e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=654", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:09.706519000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495729.706519000", + "frame.time_delta": "0.000515000", + "frame.time_delta_displayed": "0.000515000", + "frame.time_relative": "2138.245833000", + "frame.number": "8011", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001ffe", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098ee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f660", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x0000028e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=654", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:09.707420000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495729.707420000", + "frame.time_delta": "0.000901000", + "frame.time_delta_displayed": "0.000901000", + "frame.time_relative": "2138.246734000", + "frame.number": "8012", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008426", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x0000028e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=654", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:14.706303000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495734.706303000", + "frame.time_delta": "4.998883000", + "frame.time_delta_displayed": "4.998883000", + "frame.time_relative": "2143.245617000", + "frame.number": "8013", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00001fff", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7f1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001565", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x0000028e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=654", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:14.706836000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495734.706836000", + "frame.time_delta": "0.000533000", + "frame.time_delta_displayed": "0.000533000", + "frame.time_relative": "2143.246150000", + "frame.number": "8014", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098ec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f660", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x0000028e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=654", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:14.707439000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495734.707439000", + "frame.time_delta": "0.000603000", + "frame.time_delta_displayed": "0.000603000", + "frame.time_relative": "2143.246753000", + "frame.number": "8015", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008426", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x0000028e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=654", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:17.397768000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495737.397768000", + "frame.time_delta": "2.690329000", + "frame.time_delta_displayed": "2.690329000", + "frame.time_relative": "2145.937082000", + "frame.number": "8016", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00007a28", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004f2f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:17.397783000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495737.397783000", + "frame.time_delta": "0.000015000", + "frame.time_delta_displayed": "0.000015000", + "frame.time_relative": "2145.937097000", + "frame.number": "8017", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x00007a2b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004f2c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:17.430944000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495737.430944000", + "frame.time_delta": "0.033161000", + "frame.time_delta_displayed": "0.033161000", + "frame.time_relative": "2145.970258000", + "frame.number": "8018", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00007a2e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004f20", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:17.483783000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495737.483783000", + "frame.time_delta": "0.052839000", + "frame.time_delta_displayed": "0.052839000", + "frame.time_relative": "2146.023097000", + "frame.number": "8019", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x00007a33", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004f1b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:17.536701000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495737.536701000", + "frame.time_delta": "0.052918000", + "frame.time_delta_displayed": "0.052918000", + "frame.time_relative": "2146.076015000", + "frame.number": "8020", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00007a34", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004f20", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:17.589504000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495737.589504000", + "frame.time_delta": "0.052803000", + "frame.time_delta_displayed": "0.052803000", + "frame.time_relative": "2146.128818000", + "frame.number": "8021", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x00007a39", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00004f1b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:19.707956000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495739.707956000", + "frame.time_delta": "2.118452000", + "frame.time_delta_displayed": "2.118452000", + "frame.time_relative": "2148.247270000", + "frame.number": "8022", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002006", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7ea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001565", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x0000028e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=654", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:19.710233000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495739.710233000", + "frame.time_delta": "0.002277000", + "frame.time_delta_displayed": "0.002277000", + "frame.time_relative": "2148.249547000", + "frame.number": "8023", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002007", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098e5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f660", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x0000028e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=654", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:19.710593000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495739.710593000", + "frame.time_delta": "0.000360000", + "frame.time_delta_displayed": "0.000360000", + "frame.time_relative": "2148.249907000", + "frame.number": "8024", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008426", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x0000028e", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=654", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:26.092161000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495746.092161000", + "frame.time_delta": "6.381568000", + "frame.time_delta_displayed": "6.381568000", + "frame.time_relative": "2154.631475000", + "frame.number": "8025", + "frame.len": "264", + "frame.cap_len": "264", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "250", + "ip.id": "0x00002deb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000036ce", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "198", + "tcp.seq": "18965", + "tcp.nxtseq": "19163", + "tcp.ack": "92316", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007cde", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a3:33:77:00:27:f1:59", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812490615, TSecr 2617689": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812490615", + "tcp.options.timestamp.tsecr": "2617689" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "198", + "tcp.analysis.push_bytes_sent": "198" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "193", + "ssl.app_data": "34:cd:34:17:47:48:0e:d6:0d:bb:6d:72:33:82:75:3b:d3:97:29:c3:b9:cb:d4:db:4c:5e:2c:df:91:0b:8b:20:c2:ca:7a:e9:6d:9f:37:fd:0e:bf:f8:07:74:3b:2b:b2:b3:c3:ba:69:25:32:1c:aa:6b:96:6f:49:3f:a4:bf:cb:d3:a8:53:eb:4d:d7:2c:27:dd:6b:00:48:cb:83:42:29:c3:a8:f6:02:28:50:31:6d:8e:eb:a1:f9:fa:78:9e:d5:4e:96:72:e6:94:a0:92:38:a9:d0:cb:2d:c6:1c:be:35:f3:dd:6d:e0:4c:21:fa:5a:1e:b5:b2:17:8f:e4:78:90:90:d1:e8:43:24:2f:b2:c0:51:ac:c0:c5:6d:1f:42:be:db:9e:da:7c:c3:29:74:c9:13:10:37:19:db:42:31:a6:c6:81:b0:3d:46:ae:f7:63:97:ec:ab:8c:d4:7d:07:2d:0b:5e:e7:23:c1:cb:52:89:7e:0a:be:93:28:13:cb:16:0b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:26.092663000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495746.092663000", + "frame.time_delta": "0.000502000", + "frame.time_delta_displayed": "0.000502000", + "frame.time_relative": "2154.631977000", + "frame.number": "8026", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000096fa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007685", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "92316", + "tcp.ack": "19163", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c60c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:fa:9b:a7:a3:33:77", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2620059, TSecr 2812490615": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2620059", + "tcp.options.timestamp.tsecr": "2812490615" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8025", + "tcp.analysis.ack_rtt": "0.000502000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:26.098850000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495746.098850000", + "frame.time_delta": "0.006187000", + "frame.time_delta_displayed": "0.006187000", + "frame.time_relative": "2154.638164000", + "frame.number": "8027", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x000096fb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000764f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "92316", + "tcp.nxtseq": "92369", + "tcp.ack": "19163", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005638", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:fa:9c:a7:a3:33:77", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2620060, TSecr 2812490615": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2620060", + "tcp.options.timestamp.tsecr": "2812490615" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:8e:e1:96:97:93:f1:81:63:64:e4:82:6d:80:86:13:00:af:6e:0c:ef:65:08:10:b2:be:4b:8f:89:53:b9:8c:5f:76:12:bf:5d:15:a0:09:b7:ff" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:26.198023000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495746.198023000", + "frame.time_delta": "0.099173000", + "frame.time_delta_displayed": "0.099173000", + "frame.time_relative": "2154.737337000", + "frame.number": "8028", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003793", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "19163", + "tcp.ack": "92369", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c6aa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a3:33:92:00:27:fa:9c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812490642, TSecr 2620060": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812490642", + "tcp.options.timestamp.tsecr": "2620060" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8027", + "tcp.analysis.ack_rtt": "0.099173000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:26.198633000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495746.198633000", + "frame.time_delta": "0.000610000", + "frame.time_delta_displayed": "0.000610000", + "frame.time_relative": "2154.737947000", + "frame.number": "8029", + "frame.len": "1442", + "frame.cap_len": "1442", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1428", + "ip.id": "0x000096fc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007123", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1376", + "tcp.seq": "92369", + "tcp.nxtseq": "93745", + "tcp.ack": "19163", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000552", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:fa:a5:a7:a3:33:92", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2620069, TSecr 2812490642": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2620069", + "tcp.options.timestamp.tsecr": "2812490642" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1376", + "tcp.analysis.push_bytes_sent": "1376" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:8f:21:66:30:2a:fb:59:9f:82:f0:1d:65:9f:22:82:61:5f:cf:37:db:71:93:1a:b0:ce:42:93:24:18:31:5e:73:d4:c2:f4:45:11:c2:8c:a1:1a:46" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:90:80:75:6e:45:8e:30:70:5c:a8:11:5c:c3:d5:a4:d2:3e:02:9e:73:37:76:8e:22:68:bc:ff:1c:de:70:8d:b2:0a:1e:0e:67:25:74:5f:b5:6b:ce:f1:2f:16:f3:58:01:9e:66:43:08:b9:c1:0a:c3:cb:03:e9:8b:ef:11:61:fe:78:37:f6:f1:90:e9:35:3a:96:17:2a:8a:93:c1:b2:ab:40:24:02:b5:59:95:58:e6:70" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1078", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:91:ab:80:6a:56:d6:43:aa:70:95:d7:02:be:f0:d4:87:72:59:96:bb:33:f0:68:9e:64:d8:e4:60:58:6a:7e:bf:4d:18:92:7f:41:b5:fe:a2:01:63:af:cb:c3:55:ea:0d:3b:d6:ce:37:94:9e:f2:2d:56:b0:b5:ea:62:75:2b:55:14:85:b8:15:62:83:37:9e:1e:be:2a:7a:8b:34:85:ba:88:bf:df:32:dd:0d:a9:fa:b0:36:49:cb:1d:f4:93:83:55:2d:34:47:a9:ec:ba:c5:36:fe:4f:28:4d:a0:cf:34:16:f3:6a:95:c7:d1:08:4d:d4:60:bd:65:ce:fc:8c:a3:f1:42:66:c3:cd:1c:ae:03:62:91:d6:b2:f6:55:f5:f8:15:ab:4f:e3:e1:34:aa:b9:20:7a:3e:44:b3:58:22:eb:07:31:63:ea:b4:c8:74:53:bd:cf:64:43:83:f5:01:92:ba:ea:b1:3a:a5:d8:95:a4:24:98:e2:16:58:72:ae:f7:76:21:8e:92:86:55:3a:0b:f9:97:c7:d0:9e:92:ef:fc:03:9f:38:47:58:36:d1:2b:e3:4b:35:8d:09:01:94:03:47:9f:d5:35:f8:a9:50:bf:d2:80:3b:ae:c6:0e:73:f4:6c:cb:ee:38:ae:b9:50:89:38:e1:9a:1f:4a:61:7e:3e:22:7a:77:a1:b2:ef:58:f4:73:c2:13:01:d9:10:8b:77:42:1d:5d:ce:91:93:7f:ee:f8:ec:e8:9b:e5:9b:43:9c:f2:6e:6f:c6:69:ca:23:d8:73:58:72:f4:b5:fd:29:59:3a:5e:93:ae:37:79:a4:a0:77:9d:12:42:78:5d:cf:72:d4:2e:8d:b6:44:d1:6e:86:04:9f:0a:f3:d8:fc:45:a6:1c:2a:e2:37:0c:79:aa:70:34:a7:50:9a:7c:8c:6d:65:73:56:bc:a8:46:0c:78:a7:ca:ac:4d:a5:ea:15:b5:70:63:52:44:85:5b:83:c9:b2:eb:a2:01:d7:e9:6f:62:60:23:61:e3:62:c4:d9:ec:92:28:3a:d0:f9:5e:fc:b3:9c:6f:c5:97:08:83:5b:14:6a:5c:36:75:58:d1:3e:9e:d4:0f:bb:91:15:15:95:53:62:0b:eb:a8:a3:7a:26:1e:cb:fc:c4:1e:b6:83:05:46:b7:e6:85:3e:4e:d0:3c:10:5c:e5:64:1f:4d:d4:dc:66:a2:2e:db:c1:46:18:b8:f6:4d:5c:7f:7b:d5:79:7c:50:5e:91:c2:d3:64:cd:8b:aa:74:5f:f5:1c:2b:9d:5d:79:11:f6:51:c1:58:cb:72:80:1d:0d:03:df:da:9f:d7:36:25:6a:ac:f4:4f:48:8b:d1:57:64:00:65:29:0c:79:c2:14:08:3a:c9:5f:de:3d:7b:23:04:e0:85:34:da:4c:41:2e:cd:c9:36:95:b8:0c:70:65:13:f4:76:bf:f3:ea:c2:f7:50:2b:7f:5f:23:36:7c:7c:f5:78:04:f4:b5:18:98:59:46:a8:37:d6:c8:16:a2:13:dc:46:05:d7:e4:b2:ae:e5:6d:50:31:a6:e1:9b:7f:cb:5a:99:14:81:ca:bf:fb:55:c3:85:23:ba:64:79:60:77:80:bc:e6:1d:ed:d8:5e:d5:c9:8d:65:9b:a3:13:21:a1:2a:36:f5:bf:10:d4:87:d4:d6:da:ba:2f:e1:92:d3:17:33:49:ed:09:84:76:6f:ba:39:1f:e4:00:92:8c:4b:b0:e6:c8:1f:0a:d5:b0:72:b5:7b:b8:82:2e:05:10:26:6d:30:5e:13:ca:54:35:f0:1b:56:27:00:e3:37:b6:76:ff:ba:91:24:4c:46:ba:29:43:06:1e:70:2e:bd:7d:08:f6:83:ec:14:f1:8a:f4:70:7a:e6:1f:a9:2e:60:ff:30:ab:38:a0:1b:0e:af:28:b4:ee:41:a8:f2:f2:09:6d:b3:30:1c:5a:92:c7:8e:b0:7e:cb:bc:e5:08:7f:55:d5:a6:61:02:75:c3:03:f3:c1:df:56:d6:35:9e:8a:35:8c:05:86:71:1c:9c:b0:9b:7e:31:0e:5e:25:dd:cb:22:8c:6a:09:db:16:69:c4:e4:bb:19:2e:e2:e0:2a:fa:2b:9d:e6:3d:ec:c8:c0:3e:c3:96:7f:ec:76:56:25:c9:59:96:a1:d3:8f:d8:34:ac:d8:e5:43:b1:64:e0:ee:b6:be:fe:74:4c:ef:c8:9f:8d:87:18:a7:ff:87:76:63:c4:5a:0a:4b:23:35:3a:9b:da:a6:37:22:b1:5c:cb:64:70:cf:dc:b0:c9:e1:01:27:4c:ec:b3:e7:e0:5c:02:17:54:f6:4d:33:ce:09:3a:27:c1:bf:a9:dc:5a:d8:6f:41:9f:b8:32:ba:0a:d7:e9:29:33:c9:7a:7b:0d:a4:71:62:13:b3:3b:47:ed:45:c0:5a:36:05:d3:fe:da:3a:1c:03:03:46:d1:52:c0:18:77:72:aa:79:e8:0c:29:0a:d5:44:3e:7e:1b:bf:e6:4b:92:17:22:0e:f6:a2:e3:c8:22:f2:e2:ad:12:28:90:dc:30:00:d2:37:0b:8d:f5:b7:46:79:05:48:ea:02:00:b5:eb:68:8e:eb:9e:45:ce:82:1c:58:d6:35:30:72:3a:bb:d6:26:61:c4:d9:c5:d8:e4:28:29:03:89:08:10:23:33:6e:e2:19:1a:42:4b:7f:00:eb:8d:e2:4d:0d:47:4f:cb:57:33:f0:b0:6c:f1:df:08:3e:c9:43:b7:37:f3:50:6f:9e:48:78:db:46:c3:ee:71:69:c7:04:a6:d3:8c:c9:45:69:2f:db:d2:0a:dd:fd:a2:de:11:31:5e:c6:02" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "133", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:92:27:70:6d:c8:d5:77:76:8e:34:f0:a4:78:d6:4f:dc:8c:3c:ff:b7:5f:67:fa:54:33:bf:dd:00:90:15:ad:9c:63:b6:83:14:83:fa:a3:63:13:89:dc:44:cb:5c:b3:4c:e3:83:c5:47:8e:d4:77:13:94:8d:28:8b:c7:84:4d:74:00:d0:0d:8a:43:f2:27:71:02:56:5c:8d:be:d6:4b:5b:f6:5e:72:99:a1:57:4c:1e:4e:31:f2:eb:06:cf:77:df:44:dd:ab:d2:29:73:41:78:39:b2:ec:d9:37:eb:ec:e0:ce:a9:13:8c:1d:c7:c6:28:20:b0:3f:3a:e9:7f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:26.258763000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495746.258763000", + "frame.time_delta": "0.060130000", + "frame.time_delta_displayed": "0.060130000", + "frame.time_relative": "2154.798077000", + "frame.number": "8030", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002ded", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003792", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "19163", + "tcp.ack": "93745", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c132", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a3:33:a1:00:27:fa:a5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812490657, TSecr 2620069": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812490657", + "tcp.options.timestamp.tsecr": "2620069" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8029", + "tcp.analysis.ack_rtt": "0.060130000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:26.515384000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495746.515384000", + "frame.time_delta": "0.256621000", + "frame.time_delta_displayed": "0.256621000", + "frame.time_relative": "2155.054698000", + "frame.number": "8031", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x000096fd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000764c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "93745", + "tcp.nxtseq": "93799", + "tcp.ack": "19163", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000398d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:fa:c5:a7:a3:33:a1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2620101, TSecr 2812490657": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2620101", + "tcp.options.timestamp.tsecr": "2812490657" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:93:93:ff:33:5f:e2:03:88:12:b1:b8:6b:69:e9:21:c6:a8:bf:a7:3d:e2:0c:b7:7c:9d:ac:b9:66:8a:c6:9e:34:2b:5f:84:5d:93:f3:5b:b9:29:3a" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:26.575572000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495746.575572000", + "frame.time_delta": "0.060188000", + "frame.time_delta_displayed": "0.060188000", + "frame.time_relative": "2155.114886000", + "frame.number": "8032", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003791", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "19163", + "tcp.ack": "93799", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c08d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a3:33:f0:00:27:fa:c5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812490736, TSecr 2620101": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812490736", + "tcp.options.timestamp.tsecr": "2620101" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8031", + "tcp.analysis.ack_rtt": "0.060188000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.063219000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.063219000", + "frame.time_delta": "1.487647000", + "frame.time_delta_displayed": "1.487647000", + "frame.time_relative": "2156.602533000", + "frame.number": "8033", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x0000a664", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000011fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "39350", + "udp.dstport": "53", + "udp.port": "39350", + "udp.port": "53", + "udp.length": "52", + "udp.checksum": "0x00009d28", + "udp.checksum.status": "2", + "udp.stream": "153" + }, + "dns": { + "dns.id": "0x0000dfbc", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type A, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.063234000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.063234000", + "frame.time_delta": "0.000015000", + "frame.time_delta_displayed": "0.000015000", + "frame.time_relative": "2156.602548000", + "frame.number": "8034", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x0000a665", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000011fc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "39350", + "udp.dstport": "53", + "udp.port": "39350", + "udp.port": "53", + "udp.length": "52", + "udp.checksum": "0x0000c22e", + "udp.checksum.status": "2", + "udp.stream": "153" + }, + "dns": { + "dns.id": "0x0000ba9b", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type AAAA, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.089330000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.089330000", + "frame.time_delta": "0.026096000", + "frame.time_delta_displayed": "0.026096000", + "frame.time_relative": "2156.628644000", + "frame.number": "8035", + "frame.len": "447", + "frame.cap_len": "447", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "433", + "ip.id": "0x0000a1f3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001505", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "39350", + "udp.port": "53", + "udp.port": "39350", + "udp.length": "413", + "udp.checksum": "0x000083f2", + "udp.checksum.status": "2", + "udp.stream": "153" + }, + "dns": { + "dns.response_to": "8033", + "dns.time": "0.026111000", + "dns.id": "0x0000dfbc", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "3", + "dns.count.auth_rr": "4", + "dns.count.add_rr": "8", + "Queries": { + "fw-update2.smartthings.com: type A, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "fw-update2.smartthings.com: type A, class IN, addr 52.4.156.100": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60", + "dns.resp.len": "4", + "dns.a": "52.4.156.100" + }, + "fw-update2.smartthings.com: type A, class IN, addr 34.231.50.247": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60", + "dns.resp.len": "4", + "dns.a": "34.231.50.247" + }, + "fw-update2.smartthings.com: type A, class IN, addr 52.70.238.171": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60", + "dns.resp.len": "4", + "dns.a": "52.70.238.171" + } + }, + "Authoritative nameservers": { + "smartthings.com: type NS, class IN, ns ns-442.awsdns-55.com": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "9114", + "dns.resp.len": "19", + "dns.ns": "ns-442.awsdns-55.com" + }, + "smartthings.com: type NS, class IN, ns ns-779.awsdns-33.net": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "9114", + "dns.resp.len": "22", + "dns.ns": "ns-779.awsdns-33.net" + }, + "smartthings.com: type NS, class IN, ns ns-1275.awsdns-31.org": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "9114", + "dns.resp.len": "23", + "dns.ns": "ns-1275.awsdns-31.org" + }, + "smartthings.com: type NS, class IN, ns ns-1610.awsdns-09.co.uk": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "9114", + "dns.resp.len": "25", + "dns.ns": "ns-1610.awsdns-09.co.uk" + } + }, + "Additional records": { + "ns-442.awsdns-55.com: type A, class IN, addr 205.251.193.186": { + "dns.resp.name": "ns-442.awsdns-55.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "138180", + "dns.resp.len": "4", + "dns.a": "205.251.193.186" + }, + "ns-779.awsdns-33.net: type A, class IN, addr 205.251.195.11": { + "dns.resp.name": "ns-779.awsdns-33.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "9800", + "dns.resp.len": "4", + "dns.a": "205.251.195.11" + }, + "ns-1275.awsdns-31.org: type A, class IN, addr 205.251.196.251": { + "dns.resp.name": "ns-1275.awsdns-31.org", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6093", + "dns.resp.len": "4", + "dns.a": "205.251.196.251" + }, + "ns-1610.awsdns-09.co.uk: type A, class IN, addr 205.251.198.74": { + "dns.resp.name": "ns-1610.awsdns-09.co.uk", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "14695", + "dns.resp.len": "4", + "dns.a": "205.251.198.74" + }, + "ns-442.awsdns-55.com: type AAAA, class IN, addr 2600:9000:5301:ba00::1": { + "dns.resp.name": "ns-442.awsdns-55.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "138180", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5301:ba00::1" + }, + "ns-779.awsdns-33.net: type AAAA, class IN, addr 2600:9000:5303:b00::1": { + "dns.resp.name": "ns-779.awsdns-33.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "9800", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5303:b00::1" + }, + "ns-1275.awsdns-31.org: type AAAA, class IN, addr 2600:9000:5304:fb00::1": { + "dns.resp.name": "ns-1275.awsdns-31.org", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6093", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5304:fb00::1" + }, + "ns-1610.awsdns-09.co.uk: type AAAA, class IN, addr 2600:9000:5306:4a00::1": { + "dns.resp.name": "ns-1610.awsdns-09.co.uk", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "14695", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5306:4a00::1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.089556000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.089556000", + "frame.time_delta": "0.000226000", + "frame.time_delta_displayed": "0.000226000", + "frame.time_relative": "2156.628870000", + "frame.number": "8036", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x0000a1f4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000161b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "39350", + "udp.port": "53", + "udp.port": "39350", + "udp.length": "134", + "udp.checksum": "0x000082db", + "udp.checksum.status": "2", + "udp.stream": "153" + }, + "dns": { + "dns.response_to": "8034", + "dns.time": "0.026322000", + "dns.id": "0x0000ba9b", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type AAAA, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "smartthings.com: type SOA, class IN, mname ns-1275.awsdns-31.org": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "900", + "dns.resp.len": "70", + "dns.soa.mname": "ns-1275.awsdns-31.org", + "dns.soa.rname": "awsdns-hostmaster.amazon.com", + "dns.soa.serial_number": "1", + "dns.soa.refresh_interval": "7200", + "dns.soa.retry_interval": "900", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "86400" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.090600000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.090600000", + "frame.time_delta": "0.001044000", + "frame.time_delta_displayed": "0.001044000", + "frame.time_relative": "2156.629914000", + "frame.number": "8037", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x000013c4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000094f5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58240", + "tcp.dstport": "443", + "tcp.port": "58240", + "tcp.port": "443", + "tcp.stream": "313", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x000029ea", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:27:fb:63:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 2620259, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2620259", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.164111000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.164111000", + "frame.time_delta": "0.073511000", + "frame.time_delta_displayed": "0.073511000", + "frame.time_relative": "2156.703425000", + "frame.number": "8038", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x000001b9", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58240", + "tcp.port": "443", + "tcp.port": "58240", + "tcp.stream": "313", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "26847", + "tcp.window_size": "26847", + "tcp.checksum": "0x00000a67", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:4b:4a:74:a6:00:27:fb:63:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 1263170726, TSecr 2620259": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263170726", + "tcp.options.timestamp.tsecr": "2620259" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8037", + "tcp.analysis.ack_rtt": "0.073511000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.164641000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.164641000", + "frame.time_delta": "0.000530000", + "frame.time_delta_displayed": "0.000530000", + "frame.time_relative": "2156.703955000", + "frame.number": "8039", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000013c5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000094fc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58240", + "tcp.dstport": "443", + "tcp.port": "58240", + "tcp.port": "443", + "tcp.stream": "313", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000a127", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:fb:6a:4b:4a:74:a6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2620266, TSecr 1263170726": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2620266", + "tcp.options.timestamp.tsecr": "1263170726" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8038", + "tcp.analysis.ack_rtt": "0.000530000", + "tcp.analysis.initial_rtt": "0.074041000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.166829000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.166829000", + "frame.time_delta": "0.002188000", + "frame.time_delta_displayed": "0.002188000", + "frame.time_relative": "2156.706143000", + "frame.number": "8040", + "frame.len": "373", + "frame.cap_len": "373", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "359", + "ip.id": "0x000013c6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000093c8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58240", + "tcp.dstport": "443", + "tcp.port": "58240", + "tcp.port": "443", + "tcp.stream": "313", + "tcp.len": "307", + "tcp.seq": "1", + "tcp.nxtseq": "308", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00007d2d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:fb:6a:4b:4a:74:a6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2620266, TSecr 1263170726": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2620266", + "tcp.options.timestamp.tsecr": "1263170726" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.074041000", + "tcp.analysis.bytes_in_flight": "307", + "tcp.analysis.push_bytes_sent": "307" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000301", + "ssl.record.length": "302", + "ssl.handshake": { + "ssl.handshake.type": "1", + "ssl.handshake.length": "298", + "ssl.handshake.version": "0x00000303", + "Random": { + "ssl.handshake.random_time": "Oct 6, 2002 17:58:28.000000000 PDT", + "ssl.handshake.random": "23:59:c2:68:ce:8f:f9:4e:bc:89:6b:47:7f:bc:59:17:8a:cf:e7:7a:11:de:38:24:5b:5f:4a:94" + }, + "ssl.handshake.session_id_length": "0", + "ssl.handshake.cipher_suites_length": "148", + "ssl.handshake.ciphersuites": { + "ssl.handshake.ciphersuite": "49200", + "ssl.handshake.ciphersuite": "49196", + "ssl.handshake.ciphersuite": "49192", + "ssl.handshake.ciphersuite": "49188", + "ssl.handshake.ciphersuite": "49172", + "ssl.handshake.ciphersuite": "49162", + "ssl.handshake.ciphersuite": "163", + "ssl.handshake.ciphersuite": "159", + "ssl.handshake.ciphersuite": "107", + "ssl.handshake.ciphersuite": "106", + "ssl.handshake.ciphersuite": "57", + "ssl.handshake.ciphersuite": "56", + "ssl.handshake.ciphersuite": "136", + "ssl.handshake.ciphersuite": "135", + "ssl.handshake.ciphersuite": "49202", + "ssl.handshake.ciphersuite": "49198", + "ssl.handshake.ciphersuite": "49194", + "ssl.handshake.ciphersuite": "49190", + "ssl.handshake.ciphersuite": "49167", + "ssl.handshake.ciphersuite": "49157", + "ssl.handshake.ciphersuite": "157", + "ssl.handshake.ciphersuite": "61", + "ssl.handshake.ciphersuite": "53", + "ssl.handshake.ciphersuite": "132", + "ssl.handshake.ciphersuite": "49199", + "ssl.handshake.ciphersuite": "49195", + "ssl.handshake.ciphersuite": "49191", + "ssl.handshake.ciphersuite": "49187", + "ssl.handshake.ciphersuite": "49171", + "ssl.handshake.ciphersuite": "49161", + "ssl.handshake.ciphersuite": "162", + "ssl.handshake.ciphersuite": "158", + "ssl.handshake.ciphersuite": "103", + "ssl.handshake.ciphersuite": "64", + "ssl.handshake.ciphersuite": "51", + "ssl.handshake.ciphersuite": "50", + "ssl.handshake.ciphersuite": "154", + "ssl.handshake.ciphersuite": "153", + "ssl.handshake.ciphersuite": "69", + "ssl.handshake.ciphersuite": "68", + "ssl.handshake.ciphersuite": "49201", + "ssl.handshake.ciphersuite": "49197", + "ssl.handshake.ciphersuite": "49193", + "ssl.handshake.ciphersuite": "49189", + "ssl.handshake.ciphersuite": "49166", + "ssl.handshake.ciphersuite": "49156", + "ssl.handshake.ciphersuite": "156", + "ssl.handshake.ciphersuite": "60", + "ssl.handshake.ciphersuite": "47", + "ssl.handshake.ciphersuite": "150", + "ssl.handshake.ciphersuite": "65", + "ssl.handshake.ciphersuite": "7", + "ssl.handshake.ciphersuite": "49169", + "ssl.handshake.ciphersuite": "49159", + "ssl.handshake.ciphersuite": "49164", + "ssl.handshake.ciphersuite": "49154", + "ssl.handshake.ciphersuite": "5", + "ssl.handshake.ciphersuite": "4", + "ssl.handshake.ciphersuite": "49170", + "ssl.handshake.ciphersuite": "49160", + "ssl.handshake.ciphersuite": "22", + "ssl.handshake.ciphersuite": "19", + "ssl.handshake.ciphersuite": "49165", + "ssl.handshake.ciphersuite": "49155", + "ssl.handshake.ciphersuite": "10", + "ssl.handshake.ciphersuite": "21", + "ssl.handshake.ciphersuite": "18", + "ssl.handshake.ciphersuite": "9", + "ssl.handshake.ciphersuite": "20", + "ssl.handshake.ciphersuite": "17", + "ssl.handshake.ciphersuite": "8", + "ssl.handshake.ciphersuite": "6", + "ssl.handshake.ciphersuite": "3", + "ssl.handshake.ciphersuite": "255" + }, + "ssl.handshake.comp_methods_length": "1", + "ssl.handshake.comp_methods": { + "ssl.handshake.comp_method": "0" + }, + "ssl.handshake.extensions_length": "109", + "Extension: ec_point_formats": { + "ssl.handshake.extension.type": "0x0000000b", + "ssl.handshake.extension.len": "4", + "ssl.handshake.extensions_ec_point_formats_length": "3", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_ec_point_format": "0", + "ssl.handshake.extensions_ec_point_format": "1", + "ssl.handshake.extensions_ec_point_format": "2" + } + }, + "Extension: elliptic_curves": { + "ssl.handshake.extension.type": "0x0000000a", + "ssl.handshake.extension.len": "52", + "ssl.handshake.extensions_elliptic_curves_length": "50", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_elliptic_curve": "0x0000000e", + "ssl.handshake.extensions_elliptic_curve": "0x0000000d", + "ssl.handshake.extensions_elliptic_curve": "0x00000019", + "ssl.handshake.extensions_elliptic_curve": "0x0000000b", + "ssl.handshake.extensions_elliptic_curve": "0x0000000c", + "ssl.handshake.extensions_elliptic_curve": "0x00000018", + "ssl.handshake.extensions_elliptic_curve": "0x00000009", + "ssl.handshake.extensions_elliptic_curve": "0x0000000a", + "ssl.handshake.extensions_elliptic_curve": "0x00000016", + "ssl.handshake.extensions_elliptic_curve": "0x00000017", + "ssl.handshake.extensions_elliptic_curve": "0x00000008", + "ssl.handshake.extensions_elliptic_curve": "0x00000006", + "ssl.handshake.extensions_elliptic_curve": "0x00000007", + "ssl.handshake.extensions_elliptic_curve": "0x00000014", + "ssl.handshake.extensions_elliptic_curve": "0x00000015", + "ssl.handshake.extensions_elliptic_curve": "0x00000004", + "ssl.handshake.extensions_elliptic_curve": "0x00000005", + "ssl.handshake.extensions_elliptic_curve": "0x00000012", + "ssl.handshake.extensions_elliptic_curve": "0x00000013", + "ssl.handshake.extensions_elliptic_curve": "0x00000001", + "ssl.handshake.extensions_elliptic_curve": "0x00000002", + "ssl.handshake.extensions_elliptic_curve": "0x00000003", + "ssl.handshake.extensions_elliptic_curve": "0x0000000f", + "ssl.handshake.extensions_elliptic_curve": "0x00000010", + "ssl.handshake.extensions_elliptic_curve": "0x00000011" + } + }, + "Extension: SessionTicket TLS": { + "ssl.handshake.extension.type": "0x00000023", + "ssl.handshake.extension.len": "0", + "ssl.handshake.extension.data": "" + }, + "Extension: signature_algorithms": { + "ssl.handshake.extension.type": "0x0000000d", + "ssl.handshake.extension.len": "32", + "ssl.handshake.sig_hash_alg_len": "30", + "ssl.handshake.sig_hash_algs": { + "ssl.handshake.sig_hash_alg": "0x00000601", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000602", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000603", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000501", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000502", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000503", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000401", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000402", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000403", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000301", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000302", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000303", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000201", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000202", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000203", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "3" + } + } + }, + "Extension: Heartbeat": { + "ssl.handshake.extension.type": "0x0000000f", + "ssl.handshake.extension.len": "1", + "ssl.handshake.extension.heartbeat.mode": "1" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.240107000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.240107000", + "frame.time_delta": "0.073278000", + "frame.time_delta_displayed": "0.073278000", + "frame.time_relative": "2156.779421000", + "frame.number": "8041", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000058da", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000a8e6", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58240", + "tcp.port": "443", + "tcp.port": "58240", + "tcp.stream": "313", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a058", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:4a:74:b9:00:27:fb:6a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263170745, TSecr 2620266": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263170745", + "tcp.options.timestamp.tsecr": "2620266" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8040", + "tcp.analysis.ack_rtt": "0.073278000", + "tcp.analysis.initial_rtt": "0.074041000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.241251000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.241251000", + "frame.time_delta": "0.001144000", + "frame.time_delta_displayed": "0.001144000", + "frame.time_relative": "2156.780565000", + "frame.number": "8042", + "frame.len": "1514", + "frame.cap_len": "1514", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1500", + "ip.id": "0x000058db", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000a33d", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58240", + "tcp.port": "443", + "tcp.port": "58240", + "tcp.stream": "313", + "tcp.len": "1448", + "tcp.seq": "1", + "tcp.nxtseq": "1449", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000097d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:4a:74:ba:00:27:fb:6a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263170746, TSecr 2620266": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263170746", + "tcp.options.timestamp.tsecr": "2620266" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.074041000", + "tcp.analysis.bytes_in_flight": "1448", + "tcp.analysis.push_bytes_sent": "1448" + }, + "tcp.segment_data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e" + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "89", + "ssl.handshake": { + "ssl.handshake.type": "2", + "ssl.handshake.length": "85", + "ssl.handshake.version": "0x00000303", + "Random": { + "ssl.handshake.random_time": "Jul 14, 2077 17:19:58.000000000 PDT", + "ssl.handshake.random": "81:0b:2c:cf:97:42:87:24:a0:b0:bb:52:0a:e1:e0:a8:4c:09:6d:ae:cd:47:2b:d6:14:5b:ab:6b" + }, + "ssl.handshake.session_id_length": "32", + "ssl.handshake.session_id": "f0:29:f1:00:8d:94:4b:36:dd:96:35:0b:29:9f:cc:fb:91:03:92:c5:9a:34:95:e9:ab:fa:d9:c3:19:ef:6d:01", + "ssl.handshake.ciphersuite": "49199", + "ssl.handshake.comp_method": "0", + "ssl.handshake.extensions_length": "13", + "Extension: renegotiation_info": { + "ssl.handshake.extension.type": "0x0000ff01", + "ssl.handshake.extension.len": "1", + "Renegotiation Info extension": { + "ssl.handshake.extensions_reneg_info_len": "0" + } + }, + "Extension: ec_point_formats": { + "ssl.handshake.extension.type": "0x0000000b", + "ssl.handshake.extension.len": "4", + "ssl.handshake.extensions_ec_point_formats_length": "3", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_ec_point_format": "0", + "ssl.handshake.extensions_ec_point_format": "1", + "ssl.handshake.extensions_ec_point_format": "2" + } + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.241273000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.241273000", + "frame.time_delta": "0.000022000", + "frame.time_delta_displayed": "0.000022000", + "frame.time_relative": "2156.780587000", + "frame.number": "8043", + "frame.len": "289", + "frame.cap_len": "289", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:x509ce:ns_cert_exts:x509ce:x509ce:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "275", + "ip.id": "0x000058dc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000a805", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58240", + "tcp.port": "443", + "tcp.port": "58240", + "tcp.stream": "313", + "tcp.len": "223", + "tcp.seq": "1449", + "tcp.nxtseq": "1672", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009308", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:4a:74:ba:00:27:fb:6a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263170746, TSecr 2620266": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263170746", + "tcp.options.timestamp.tsecr": "2620266" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.074041000", + "tcp.analysis.bytes_in_flight": "1671", + "tcp.analysis.push_bytes_sent": "1671" + }, + "tcp.segment_data": "3a:cd:63:9f" + }, + "tcp.segments": { + "tcp.segment": "8042", + "tcp.segment": "8043", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1358", + "tcp.reassembled.data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1353", + "ssl.handshake": { + "ssl.handshake.type": "11", + "ssl.handshake.length": "1349", + "ssl.handshake.certificates_length": "1346", + "ssl.handshake.certificates": { + "ssl.handshake.certificate_length": "777", + "ssl.handshake.certificate": "30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79", + "ssl.handshake.certificate_tree": { + "x509af.signedCertificate_element": { + "x509af.version": "2", + "x509af.serialNumber": "0", + "x509af.signature_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "x509af.issuer": "0", + "x509af.issuer_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.validity_element": { + "x509af.notBefore": "0", + "x509af.notBefore_tree": { + "x509af.utcTime": "15-03-05 21:25:44 (UTC)" + }, + "x509af.notAfter": "0", + "x509af.notAfter_tree": { + "x509af.utcTime": "25-03-02 21:25:44 (UTC)" + } + }, + "x509af.subject": "0", + "x509af.subject_tree": { + "x509af.rdnSequence": "5", + "x509af.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STFWSRV" + } + } + } + } + }, + "x509af.subjectPublicKeyInfo_element": { + "x509af.algorithm_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.1" + }, + "x509af.subjectPublicKey": "30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01", + "x509af.subjectPublicKey_tree": { + "pkcs1.modulus": "00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b", + "pkcs1.publicExponent": "65537" + } + }, + "x509af.extensions": "4", + "x509af.extensions_tree": { + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.19", + "x509ce.BasicConstraintsSyntax_element": "" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.16.840.1.113730.1.13", + "ns_cert_exts.Comment": "OpenSSL Generated Certificate" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.14", + "x509ce.SubjectKeyIdentifier": "01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.35", + "x509ce.AuthorityKeyIdentifier_element": { + "x509ce.authorityCertIssuer": "1", + "x509ce.authorityCertIssuer_tree": { + "x509ce.GeneralName": "4", + "x509ce.GeneralName_tree": { + "x509ce.directoryName": "0", + "x509ce.directoryName_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + } + } + }, + "x509ce.authorityCertSerialNumber": "-2877719464742176835" + } + } + } + }, + "x509af.algorithmIdentifier_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "ber.bitstring.padding": "0", + "x509af.encrypted": "0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79" + }, + "ssl.handshake.certificate_length": "563", + "ssl.handshake.certificate": "30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f", + "ssl.handshake.certificate_tree": { + "x509af.signedCertificate_element": { + "x509af.serialNumber": "-2877719464742176835", + "x509af.signature_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "x509af.issuer": "0", + "x509af.issuer_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.validity_element": { + "x509af.notBefore": "0", + "x509af.notBefore_tree": { + "x509af.utcTime": "15-03-05 21:25:34 (UTC)" + }, + "x509af.notAfter": "0", + "x509af.notAfter_tree": { + "x509af.utcTime": "25-03-02 21:25:34 (UTC)" + } + }, + "x509af.subject": "0", + "x509af.subject_tree": { + "x509af.rdnSequence": "5", + "x509af.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.subjectPublicKeyInfo_element": { + "x509af.algorithm_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.1" + }, + "x509af.subjectPublicKey": "30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01", + "x509af.subjectPublicKey_tree": { + "pkcs1.modulus": "00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f", + "pkcs1.publicExponent": "65537" + } + } + }, + "x509af.algorithmIdentifier_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "ber.bitstring.padding": "0", + "x509af.encrypted": "48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" + } + } + } + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "205", + "ssl.handshake": { + "ssl.handshake.type": "12", + "ssl.handshake.length": "201", + "EC Diffie-Hellman Server Params": { + "ssl.handshake.server_curve_type": "0x00000003", + "ssl.handshake.server_named_curve": "0x00000017", + "ssl.handshake.server_point_len": "65", + "ssl.handshake.server_point": "04:83:d8:68:7e:04:99:82:17:18:db:06:80:1e:97:f4:2b:c0:af:e1:d8:82:30:16:db:5b:27:ee:fc:d6:04:ec:f2:52:40:0c:77:62:df:81:b7:f2:b5:aa:b1:3c:ba:12:f9:42:f1:ea:76:8c:d9:4f:15:8d:bd:b8:d7:f4:41:7e:84", + "ssl.handshake.sig_hash_alg": "0x00000601", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_len": "128", + "ssl.handshake.sig": "c3:20:11:ef:ca:7a:32:7d:e9:7f:a6:08:a0:40:67:d7:d7:e9:1b:87:6d:df:ab:e7:e5:c2:0c:1f:02:8f:2c:91:34:cb:02:27:69:71:11:4a:84:73:ec:c5:e7:35:ee:03:d4:b4:d8:c5:2e:5c:3e:4e:65:6d:39:ae:3d:bf:04:39:a7:37:4d:8f:66:1d:e5:3c:c2:26:1c:37:7d:18:97:c3:f4:ce:42:a5:84:53:23:03:9f:44:e9:9b:20:b9:7e:f5:83:24:79:ec:ad:74:0a:62:93:f6:0f:10:97:26:9b:3d:9c:0a:ae:60:3f:e0:ef:06:99:5d:e7:dc:cf:14:05:51" + } + } + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "4", + "ssl.handshake": { + "ssl.handshake.type": "14", + "ssl.handshake.length": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.241933000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.241933000", + "frame.time_delta": "0.000660000", + "frame.time_delta_displayed": "0.000660000", + "frame.time_relative": "2156.781247000", + "frame.number": "8044", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000013c7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000094fa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58240", + "tcp.dstport": "443", + "tcp.port": "58240", + "tcp.port": "443", + "tcp.stream": "313", + "tcp.len": "0", + "tcp.seq": "308", + "tcp.ack": "1672", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000991d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:fb:72:4b:4a:74:ba", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2620274, TSecr 1263170746": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2620274", + "tcp.options.timestamp.tsecr": "1263170746" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8043", + "tcp.analysis.ack_rtt": "0.000660000", + "tcp.analysis.initial_rtt": "0.074041000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.274742000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.274742000", + "frame.time_delta": "0.032809000", + "frame.time_delta_displayed": "0.032809000", + "frame.time_relative": "2156.814056000", + "frame.number": "8045", + "frame.len": "192", + "frame.cap_len": "192", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "178", + "ip.id": "0x000013c8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000947b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58240", + "tcp.dstport": "443", + "tcp.port": "58240", + "tcp.port": "443", + "tcp.stream": "313", + "tcp.len": "126", + "tcp.seq": "308", + "tcp.nxtseq": "434", + "tcp.ack": "1672", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x000099d8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:fb:75:4b:4a:74:ba", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2620277, TSecr 1263170746": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2620277", + "tcp.options.timestamp.tsecr": "1263170746" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.074041000", + "tcp.analysis.bytes_in_flight": "126", + "tcp.analysis.push_bytes_sent": "126" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "70", + "ssl.handshake": { + "ssl.handshake.type": "16", + "ssl.handshake.length": "66", + "EC Diffie-Hellman Client Params": { + "ssl.handshake.client_point_len": "65", + "ssl.handshake.client_point": "04:4b:a6:45:63:4c:e2:66:86:49:97:4a:f3:ea:bd:df:61:4c:46:d5:ef:d1:d1:66:14:9d:ce:60:1b:44:a5:18:6b:07:f2:ae:d9:ee:0a:6d:f5:d1:7c:e1:21:3a:b1:ee:f5:c9:8e:16:f7:f2:54:c3:d8:91:4f:37:81:cc:a9:5b:32" + } + } + }, + "ssl.record": { + "ssl.record.content_type": "20", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1", + "ssl.change_cipher_spec": "" + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "40", + "ssl.handshake": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.348401000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.348401000", + "frame.time_delta": "0.073659000", + "frame.time_delta_displayed": "0.073659000", + "frame.time_relative": "2156.887715000", + "frame.number": "8046", + "frame.len": "117", + "frame.cap_len": "117", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "103", + "ip.id": "0x000058dd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000a8b0", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58240", + "tcp.port": "443", + "tcp.port": "58240", + "tcp.stream": "313", + "tcp.len": "51", + "tcp.seq": "1672", + "tcp.nxtseq": "1723", + "tcp.ack": "434", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003cdc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:4a:74:d4:00:27:fb:75", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263170772, TSecr 2620277": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263170772", + "tcp.options.timestamp.tsecr": "2620277" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8045", + "tcp.analysis.ack_rtt": "0.073659000", + "tcp.analysis.initial_rtt": "0.074041000", + "tcp.analysis.bytes_in_flight": "51", + "tcp.analysis.push_bytes_sent": "51" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "20", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1", + "ssl.change_cipher_spec": "" + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "40", + "ssl.handshake": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.350047000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.350047000", + "frame.time_delta": "0.001646000", + "frame.time_delta_displayed": "0.001646000", + "frame.time_relative": "2156.889361000", + "frame.number": "8047", + "frame.len": "135", + "frame.cap_len": "135", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "121", + "ip.id": "0x000013c9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000094b3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58240", + "tcp.dstport": "443", + "tcp.port": "58240", + "tcp.port": "443", + "tcp.stream": "313", + "tcp.len": "69", + "tcp.seq": "434", + "tcp.nxtseq": "503", + "tcp.ack": "1723", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00006c03", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:fb:7d:4b:4a:74:d4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2620285, TSecr 1263170772": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2620285", + "tcp.options.timestamp.tsecr": "1263170772" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8046", + "tcp.analysis.ack_rtt": "0.001646000", + "tcp.analysis.initial_rtt": "0.074041000", + "tcp.analysis.bytes_in_flight": "69", + "tcp.analysis.push_bytes_sent": "69" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "64", + "ssl.app_data": "06:b5:da:26:35:28:6f:41:b9:01:d5:d2:b8:ac:3b:6f:52:fb:57:e1:be:dc:24:08:c8:f1:a3:90:e2:ea:01:1b:86:23:aa:15:06:d4:c4:e5:f8:cd:00:b1:11:b0:f1:6a:e7:eb:60:70:6e:fd:95:11:da:be:f0:08:5e:04:9f:8d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.423571000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.423571000", + "frame.time_delta": "0.073524000", + "frame.time_delta_displayed": "0.073524000", + "frame.time_relative": "2156.962885000", + "frame.number": "8048", + "frame.len": "135", + "frame.cap_len": "135", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "121", + "ip.id": "0x000058de", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000a89d", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58240", + "tcp.port": "443", + "tcp.port": "58240", + "tcp.stream": "313", + "tcp.len": "69", + "tcp.seq": "1723", + "tcp.nxtseq": "1792", + "tcp.ack": "503", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000011a0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:4a:74:e7:00:27:fb:7d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263170791, TSecr 2620285": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263170791", + "tcp.options.timestamp.tsecr": "2620285" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8047", + "tcp.analysis.ack_rtt": "0.073524000", + "tcp.analysis.initial_rtt": "0.074041000", + "tcp.analysis.bytes_in_flight": "69", + "tcp.analysis.push_bytes_sent": "69" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "64", + "ssl.app_data": "eb:72:a3:04:94:3e:7f:f9:53:de:ab:ca:a3:8b:da:46:a4:f1:a5:28:cb:12:15:73:ba:00:d3:e0:b7:f6:8d:57:fd:78:9e:20:38:84:94:a6:ea:68:63:3f:a5:cf:45:1d:57:23:eb:4a:34:97:47:f4:1a:00:79:d2:75:c4:22:47" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.424502000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.424502000", + "frame.time_delta": "0.000931000", + "frame.time_delta_displayed": "0.000931000", + "frame.time_relative": "2156.963816000", + "frame.number": "8049", + "frame.len": "555", + "frame.cap_len": "555", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "541", + "ip.id": "0x000013ca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000930e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58240", + "tcp.dstport": "443", + "tcp.port": "58240", + "tcp.port": "443", + "tcp.stream": "313", + "tcp.len": "489", + "tcp.seq": "503", + "tcp.nxtseq": "992", + "tcp.ack": "1792", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000d82b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:fb:84:4b:4a:74:e7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2620292, TSecr 1263170791": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2620292", + "tcp.options.timestamp.tsecr": "1263170791" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8048", + "tcp.analysis.ack_rtt": "0.000931000", + "tcp.analysis.initial_rtt": "0.074041000", + "tcp.analysis.bytes_in_flight": "489", + "tcp.analysis.push_bytes_sent": "489" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "484", + "ssl.app_data": "06:b5:da:26:35:28:6f:42:47:75:0c:82:e8:d7:e1:1a:32:e3:c4:7f:64:2f:1d:94:51:7b:3b:33:7c:ff:5e:48:66:ce:55:6d:e4:95:0b:43:8a:90:c1:e9:29:00:36:cc:df:cc:fb:be:aa:78:49:92:69:b9:b8:38:bb:18:95:e0:ff:9a:f2:2d:0d:2e:05:3b:c7:c9:88:c5:b6:27:1e:c2:77:ff:1d:04:91:09:79:98:3d:4b:87:84:d2:36:cf:fc:cf:59:02:48:ce:23:07:9b:d5:bc:9a:f5:06:9b:5f:a9:04:1b:da:1f:5a:e0:24:56:70:fc:dc:2a:2a:b0:33:08:fc:00:1f:89:7e:43:03:a0:8d:10:03:59:85:57:41:85:87:3e:6d:8b:02:50:75:72:43:42:82:b0:7a:6e:d1:c4:8d:7f:57:c2:ab:3b:75:31:18:02:5d:54:6b:c8:5a:90:ed:02:54:74:85:01:7a:37:2f:0b:1b:42:ba:84:c9:bd:de:62:64:8d:ca:41:f6:20:fc:e5:52:4b:45:6e:ec:13:6e:8c:8a:c3:bc:db:a6:a1:c3:50:2f:b1:70:89:90:fa:54:95:12:11:3a:92:2a:41:5c:eb:ea:97:23:b7:12:70:63:71:ff:b4:aa:ef:50:87:fb:95:89:28:37:5b:f4:36:ed:d5:89:43:a7:8b:1f:23:9d:5b:48:78:bc:e9:d8:ac:bd:91:36:f1:c2:ff:b2:9b:1f:5a:95:af:b5:48:79:29:e6:bb:8a:5c:58:20:1c:24:8a:9a:84:9d:0e:8a:cf:5f:76:52:da:bd:a6:30:2d:bb:30:de:31:19:82:5f:9f:2a:31:93:88:b6:47:4c:6d:42:ba:de:66:84:f0:d4:1d:99:b0:e1:b0:82:27:49:95:06:74:11:55:18:67:39:b9:0d:7c:69:af:94:3e:0e:d3:dc:54:fe:f6:dc:6b:ea:ea:ad:cb:83:9d:c6:7e:11:cb:dc:c7:ee:d2:f6:ae:3a:c8:02:64:c2:59:59:f6:f1:03:47:17:27:21:cf:a5:ba:c6:09:c2:ce:5d:97:95:05:0e:64:1d:1d:ed:a7:0a:58:2e:37:63:f1:5c:16:dd:d6:97:a4:aa:13:bb:7f:60:fe:04:55:4a:66:1e:6a:98:8d:27:07:5a:4a:ad:13:bb:c3:d7:5f:34:85:27:3c:87:a5:fd:4d:ba:42:66:93:1a:07:0a:77:c0:18:f5:06:e6:53:62:a3:2d:86:e2:e7:d0:22:1a:8b:b8:cb:ee:49" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.498303000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.498303000", + "frame.time_delta": "0.073801000", + "frame.time_delta_displayed": "0.073801000", + "frame.time_relative": "2157.037617000", + "frame.number": "8050", + "frame.len": "141", + "frame.cap_len": "141", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "127", + "ip.id": "0x000058df", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000a896", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58240", + "tcp.port": "443", + "tcp.port": "58240", + "tcp.stream": "313", + "tcp.len": "75", + "tcp.seq": "1792", + "tcp.nxtseq": "1867", + "tcp.ack": "992", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000edb7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:4a:74:fa:00:27:fb:84", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263170810, TSecr 2620292": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263170810", + "tcp.options.timestamp.tsecr": "2620292" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8049", + "tcp.analysis.ack_rtt": "0.073801000", + "tcp.analysis.initial_rtt": "0.074041000", + "tcp.analysis.bytes_in_flight": "75", + "tcp.analysis.push_bytes_sent": "75" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "70", + "ssl.app_data": "eb:72:a3:04:94:3e:7f:fa:8b:92:f1:c0:48:aa:5a:a1:3a:71:80:27:69:06:59:1f:ca:d7:ed:aa:33:e3:d2:99:fe:44:cd:b1:9a:b5:10:68:bd:fd:08:a1:1f:fe:84:44:ef:e0:fc:8c:49:f1:6d:c2:b1:27:e8:d0:52:ab:29:0d:97:a9:ee:fc:1e:cb" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.499036000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.499036000", + "frame.time_delta": "0.000733000", + "frame.time_delta_displayed": "0.000733000", + "frame.time_relative": "2157.038350000", + "frame.number": "8051", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000013cb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000094f6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58240", + "tcp.dstport": "443", + "tcp.port": "58240", + "tcp.port": "443", + "tcp.stream": "313", + "tcp.len": "0", + "tcp.seq": "992", + "tcp.ack": "1867", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00009553", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:27:fb:8c:4b:4a:74:fa", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2620300, TSecr 1263170810": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2620300", + "tcp.options.timestamp.tsecr": "1263170810" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8050", + "tcp.analysis.ack_rtt": "0.000733000", + "tcp.analysis.initial_rtt": "0.074041000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.572118000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.572118000", + "frame.time_delta": "0.073082000", + "frame.time_delta_displayed": "0.073082000", + "frame.time_relative": "2157.111432000", + "frame.number": "8052", + "frame.len": "97", + "frame.cap_len": "97", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "83", + "ip.id": "0x000058e0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000a8c1", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58240", + "tcp.port": "443", + "tcp.port": "58240", + "tcp.stream": "313", + "tcp.len": "31", + "tcp.seq": "1867", + "tcp.nxtseq": "1898", + "tcp.ack": "993", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000f69", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:4a:75:0c:00:27:fb:8c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263170828, TSecr 2620300": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263170828", + "tcp.options.timestamp.tsecr": "2620300" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8051", + "tcp.analysis.ack_rtt": "0.073082000", + "tcp.analysis.initial_rtt": "0.074041000", + "tcp.analysis.bytes_in_flight": "31", + "tcp.analysis.push_bytes_sent": "31" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "21", + "ssl.record.version": "0x00000303", + "ssl.record.length": "26", + "ssl.alert_message": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.572204000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.572204000", + "frame.time_delta": "0.000086000", + "frame.time_delta_displayed": "0.000086000", + "frame.time_relative": "2157.111518000", + "frame.number": "8053", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000058e1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000a8df", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58240", + "tcp.port": "443", + "tcp.port": "58240", + "tcp.stream": "313", + "tcp.len": "0", + "tcp.seq": "1898", + "tcp.ack": "993", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000095c8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:4a:75:0c:00:27:fb:8c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263170828, TSecr 2620300": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263170828", + "tcp.options.timestamp.tsecr": "2620300" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.572630000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.572630000", + "frame.time_delta": "0.000426000", + "frame.time_delta_displayed": "0.000426000", + "frame.time_relative": "2157.111944000", + "frame.number": "8054", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f372", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b55a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58240", + "tcp.dstport": "443", + "tcp.port": "58240", + "tcp.port": "443", + "tcp.stream": "313", + "tcp.len": "0", + "tcp.seq": "993", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000c27b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.572643000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.572643000", + "frame.time_delta": "0.000013000", + "frame.time_delta_displayed": "0.000013000", + "frame.time_relative": "2157.111957000", + "frame.number": "8055", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f373", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b559", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58240", + "tcp.dstport": "443", + "tcp.port": "58240", + "tcp.port": "443", + "tcp.stream": "313", + "tcp.len": "0", + "tcp.seq": "993", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000c27b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:28.851421000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495748.851421000", + "frame.time_delta": "0.278778000", + "frame.time_delta_displayed": "0.278778000", + "frame.time_relative": "2157.390735000", + "frame.number": "8056", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:29.707153000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495749.707153000", + "frame.time_delta": "0.855732000", + "frame.time_delta_displayed": "0.855732000", + "frame.time_relative": "2158.246467000", + "frame.number": "8057", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002008", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7e8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001464", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x0000028f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=655", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:29.707657000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495749.707657000", + "frame.time_delta": "0.000504000", + "frame.time_delta_displayed": "0.000504000", + "frame.time_relative": "2158.246971000", + "frame.number": "8058", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002009", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098e3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f55f", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x0000028f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=655", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:29.708273000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495749.708273000", + "frame.time_delta": "0.000616000", + "frame.time_delta_displayed": "0.000616000", + "frame.time_relative": "2158.247587000", + "frame.number": "8059", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008325", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x0000028f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=655", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:30.062403000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495750.062403000", + "frame.time_delta": "0.354130000", + "frame.time_delta_displayed": "0.354130000", + "frame.time_relative": "2158.601717000", + "frame.number": "8060", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:57:18:8e:aa:94", + "arp.src.proto_ipv4": "192.168.0.108", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:31.100468000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495751.100468000", + "frame.time_delta": "1.038065000", + "frame.time_delta_displayed": "1.038065000", + "frame.time_relative": "2159.639782000", + "frame.number": "8061", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:31.100896000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495751.100896000", + "frame.time_delta": "0.000428000", + "frame.time_delta_displayed": "0.000428000", + "frame.time_relative": "2159.640210000", + "frame.number": "8062", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:34.258114000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495754.258114000", + "frame.time_delta": "3.157218000", + "frame.time_delta_displayed": "3.157218000", + "frame.time_relative": "2162.797428000", + "frame.number": "8063", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005830", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a661", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5237", + "tcp.ack": "757", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ef56", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:34.401196000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495754.401196000", + "frame.time_delta": "0.143082000", + "frame.time_delta_displayed": "0.143082000", + "frame.time_relative": "2162.940510000", + "frame.number": "8064", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001012", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd7f", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "757", + "tcp.ack": "5238", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f9cb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:34.707397000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495754.707397000", + "frame.time_delta": "0.306201000", + "frame.time_delta_displayed": "0.306201000", + "frame.time_relative": "2163.246711000", + "frame.number": "8065", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000200a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7e6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001464", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x0000028f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=655", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:34.707917000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495754.707917000", + "frame.time_delta": "0.000520000", + "frame.time_delta_displayed": "0.000520000", + "frame.time_relative": "2163.247231000", + "frame.number": "8066", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000200b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098e1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f55f", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x0000028f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=655", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:34.708532000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495754.708532000", + "frame.time_delta": "0.000615000", + "frame.time_delta_displayed": "0.000615000", + "frame.time_relative": "2163.247846000", + "frame.number": "8067", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008325", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x0000028f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=655", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:36.828386000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495756.828386000", + "frame.time_delta": "2.119854000", + "frame.time_delta_displayed": "2.119854000", + "frame.time_relative": "2165.367700000", + "frame.number": "8068", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005f0e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x000058db", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:37.626009000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495757.626009000", + "frame.time_delta": "0.797623000", + "frame.time_delta_displayed": "0.797623000", + "frame.time_relative": "2166.165323000", + "frame.number": "8069", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:37.855185000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495757.855185000", + "frame.time_delta": "0.229176000", + "frame.time_delta_displayed": "0.229176000", + "frame.time_relative": "2166.394499000", + "frame.number": "8070", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:37.872096000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495757.872096000", + "frame.time_delta": "0.016911000", + "frame.time_delta_displayed": "0.016911000", + "frame.time_relative": "2166.411410000", + "frame.number": "8071", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:37.924817000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495757.924817000", + "frame.time_delta": "0.052721000", + "frame.time_delta_displayed": "0.052721000", + "frame.time_relative": "2166.464131000", + "frame.number": "8072", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:38.039399000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495758.039399000", + "frame.time_delta": "0.114582000", + "frame.time_delta_displayed": "0.114582000", + "frame.time_relative": "2166.578713000", + "frame.number": "8073", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:39.268037000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495759.268037000", + "frame.time_delta": "1.228638000", + "frame.time_delta_displayed": "1.228638000", + "frame.time_relative": "2167.807351000", + "frame.number": "8074", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:39.268212000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495759.268212000", + "frame.time_delta": "0.000175000", + "frame.time_delta_displayed": "0.000175000", + "frame.time_relative": "2167.807526000", + "frame.number": "8075", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:39.707897000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495759.707897000", + "frame.time_delta": "0.439685000", + "frame.time_delta_displayed": "0.439685000", + "frame.time_relative": "2168.247211000", + "frame.number": "8076", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000200c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7e4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001464", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x0000028f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=655", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:39.708288000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495759.708288000", + "frame.time_delta": "0.000391000", + "frame.time_delta_displayed": "0.000391000", + "frame.time_relative": "2168.247602000", + "frame.number": "8077", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000200d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098df", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f55f", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x0000028f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=655", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:39.708835000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495759.708835000", + "frame.time_delta": "0.000547000", + "frame.time_delta_displayed": "0.000547000", + "frame.time_relative": "2168.248149000", + "frame.number": "8078", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008325", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x0000028f", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=655", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:40.198780000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495760.198780000", + "frame.time_delta": "0.489945000", + "frame.time_delta_displayed": "0.489945000", + "frame.time_relative": "2168.738094000", + "frame.number": "8079", + "frame.len": "98", + "frame.cap_len": "98", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "84", + "ip.id": "0x00000bb9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ecf7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "64", + "udp.checksum": "0x00001f52", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "38:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:44:a7:f4:3d:65:ce:f2:14:0f:00:00:00:00:a6:d4:73:1a:21:e0:13:ff:c9:9a:3b:00:00:00:00:01:00:02:00", + "data.len": "56" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:41.252944000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495761.252944000", + "frame.time_delta": "1.054164000", + "frame.time_delta_displayed": "1.054164000", + "frame.time_relative": "2169.792258000", + "frame.number": "8080", + "frame.len": "410", + "frame.cap_len": "410", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "396", + "ip.id": "0x000096fe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007529", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "344", + "tcp.seq": "93799", + "tcp.nxtseq": "94143", + "tcp.ack": "19163", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001a33", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:00:87:a7:a3:33:f0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2621575, TSecr 2812490736": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2621575", + "tcp.options.timestamp.tsecr": "2812490736" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "344", + "tcp.analysis.push_bytes_sent": "344" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "339", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:94:5a:0a:a9:6a:65:99:eb:4a:78:80:d2:51:73:e6:e3:4c:1c:a9:dc:c5:3c:f5:f0:63:9e:25:24:f2:cf:dd:27:cc:05:04:d0:73:c1:77:0f:15:87:51:6a:a0:93:d9:ec:4b:36:5c:0e:8e:3c:7c:29:86:f7:7e:a2:90:25:05:70:6b:2b:f2:87:96:5c:e3:5c:22:f5:70:cc:1b:d6:f7:bb:88:1a:10:3a:0b:1a:a2:25:dd:e6:f4:df:32:f9:94:8a:ee:37:cd:6f:91:dc:65:0f:c9:7a:d1:e1:c4:77:f8:f3:3a:6c:5a:46:a6:df:8c:ca:a7:1b:70:50:e6:62:f7:0f:c4:03:4b:50:ee:d9:d3:2d:3a:fa:db:19:e9:f4:4b:7c:77:01:b8:b3:62:ee:8a:f2:03:6a:79:be:02:50:da:9a:0f:97:34:0a:2d:56:bc:0a:21:87:fa:6e:b3:11:c2:33:e0:23:c7:44:b4:bc:cd:30:83:46:b6:58:bc:e3:7d:57:ab:2e:77:82:b5:7c:36:db:26:82:d8:1c:f8:e0:7b:f9:47:43:73:b0:c7:fc:66:24:ec:8b:01:87:9f:4e:f5:60:ea:9f:ad:4d:ac:53:fd:2f:4b:50:a6:78:98:5b:c1:b9:d6:16:9c:27:f7:59:5d:0b:87:5c:3b:14:b1:6c:31:c9:80:f8:5b:76:e1:04:29:e6:2f:56:62:98:e6:9c:f7:d5:bf:4a:01:69:11:b0:10:73:8c:24:63:77:99:59:86:e7:9f:73:4d:59:85:e3:3a:72:a3:fc:38:40:33:d9:7b:30:e5:6d:a3:0e:cf:16:20:81:e4:de:52:ee:d0:a6:3e:50:e6:6a:8e:62:22:bd:c3:41:17:b8:27:03" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:41.313293000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495761.313293000", + "frame.time_delta": "0.060349000", + "frame.time_delta_displayed": "0.060349000", + "frame.time_relative": "2169.852607000", + "frame.number": "8081", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002def", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003790", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "19163", + "tcp.ack": "94143", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ab0f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a3:42:54:00:28:00:87", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812494420, TSecr 2621575": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812494420", + "tcp.options.timestamp.tsecr": "2621575" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8080", + "tcp.analysis.ack_rtt": "0.060349000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:41.313778000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495761.313778000", + "frame.time_delta": "0.000485000", + "frame.time_delta_displayed": "0.000485000", + "frame.time_relative": "2169.853092000", + "frame.number": "8082", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002df0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003760", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "19163", + "tcp.nxtseq": "19210", + "tcp.ack": "94143", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000073d3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a3:42:54:00:28:00:87", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812494420, TSecr 2621575": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812494420", + "tcp.options.timestamp.tsecr": "2621575" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:d7:e8:e2:1a:93:4e:67:57:74:e8:19:09:dc:80:f0:e8:3b:fd:49:04:a9:9f:89:c0:7b:ec:84:28:95:d0:8d:98:96:5e:44" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:41.347965000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495761.347965000", + "frame.time_delta": "0.034187000", + "frame.time_delta_displayed": "0.034187000", + "frame.time_relative": "2169.887279000", + "frame.number": "8083", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000096ff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007680", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "94143", + "tcp.ack": "19210", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a9e7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:00:91:a7:a3:42:54", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2621585, TSecr 2812494420": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2621585", + "tcp.options.timestamp.tsecr": "2812494420" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8082", + "tcp.analysis.ack_rtt": "0.034187000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:43.139534000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495763.139534000", + "frame.time_delta": "1.791569000", + "frame.time_delta_displayed": "1.791569000", + "frame.time_relative": "2171.678848000", + "frame.number": "8084", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:45.795640000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495765.795640000", + "frame.time_delta": "2.656106000", + "frame.time_delta_displayed": "2.656106000", + "frame.time_relative": "2174.334954000", + "frame.number": "8085", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "50:c7:bf:59:d5:84", + "eth.src_tree": { + "eth.src_resolved": "Tp-LinkT_59:d5:84", + "eth.addr": "50:c7:bf:59:d5:84", + "eth.addr_resolved": "Tp-LinkT_59:d5:84", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "50:c7:bf:59:d5:84", + "arp.src.proto_ipv4": "192.168.0.221", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:49.708245000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495769.708245000", + "frame.time_delta": "3.912605000", + "frame.time_delta_displayed": "3.912605000", + "frame.time_relative": "2178.247559000", + "frame.number": "8086", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000200e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7e2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001363", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000290", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=656", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:49.708777000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495769.708777000", + "frame.time_delta": "0.000532000", + "frame.time_delta_displayed": "0.000532000", + "frame.time_relative": "2178.248091000", + "frame.number": "8087", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000200f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098dd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f45e", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000290", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=656", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:49.709400000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495769.709400000", + "frame.time_delta": "0.000623000", + "frame.time_delta_displayed": "0.000623000", + "frame.time_relative": "2178.248714000", + "frame.number": "8088", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008224", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000290", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=656", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:54.708537000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495774.708537000", + "frame.time_delta": "4.999137000", + "frame.time_delta_displayed": "4.999137000", + "frame.time_relative": "2183.247851000", + "frame.number": "8089", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002010", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7e0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001363", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000290", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=656", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:54.709046000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495774.709046000", + "frame.time_delta": "0.000509000", + "frame.time_delta_displayed": "0.000509000", + "frame.time_relative": "2183.248360000", + "frame.number": "8090", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002011", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098db", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f45e", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000290", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=656", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:54.709655000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495774.709655000", + "frame.time_delta": "0.000609000", + "frame.time_delta_displayed": "0.000609000", + "frame.time_relative": "2183.248969000", + "frame.number": "8091", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008224", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000290", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=656", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:57.022087000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495777.022087000", + "frame.time_delta": "2.312432000", + "frame.time_delta_displayed": "2.312432000", + "frame.time_relative": "2185.561401000", + "frame.number": "8092", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:59.708808000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495779.708808000", + "frame.time_delta": "2.686721000", + "frame.time_delta_displayed": "2.686721000", + "frame.time_relative": "2188.248122000", + "frame.number": "8093", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002012", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7de", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001363", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000290", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=656", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:59.709348000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495779.709348000", + "frame.time_delta": "0.000540000", + "frame.time_delta_displayed": "0.000540000", + "frame.time_relative": "2188.248662000", + "frame.number": "8094", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002013", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098d9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f45e", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000290", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=656", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:22:59.709963000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495779.709963000", + "frame.time_delta": "0.000615000", + "frame.time_delta_displayed": "0.000615000", + "frame.time_relative": "2188.249277000", + "frame.number": "8095", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008224", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000290", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=656", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:01.674556000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495781.674556000", + "frame.time_delta": "1.964593000", + "frame.time_delta_displayed": "1.964593000", + "frame.time_relative": "2190.213870000", + "frame.number": "8096", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x00009700", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000751f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "94143", + "tcp.nxtseq": "94495", + "tcp.ack": "19210", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000009b4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:08:81:a7:a3:42:54", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2623617, TSecr 2812494420": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2623617", + "tcp.options.timestamp.tsecr": "2812494420" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "352", + "tcp.analysis.push_bytes_sent": "352" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "347", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:95:8e:15:52:eb:3d:79:a7:9a:9f:34:a6:f4:5c:b5:f9:fb:67:03:d5:a2:51:33:e9:cf:dc:d7:2b:d0:41:87:d7:9d:f5:e4:7f:67:3f:0d:a5:de:f6:36:4c:81:60:12:b4:a4:b1:05:38:e2:8f:ac:b7:fe:a0:c3:4f:41:0f:eb:57:7c:68:2e:38:82:81:e0:ec:f1:4b:af:36:8c:c2:0e:16:ae:74:0f:c4:ef:b5:07:6d:a5:f2:e9:dc:b6:47:e6:a9:40:e0:35:a6:c6:b1:cf:71:29:d5:a3:a7:1e:99:8e:23:c8:05:df:89:b4:6d:ff:36:bd:2d:51:cf:f7:68:14:1a:4e:a0:4a:23:b6:52:25:58:6c:b2:1c:e5:33:07:4a:9e:6f:88:83:e1:b1:89:a4:75:62:52:37:ee:bc:81:99:71:83:8d:5a:ee:f5:ef:a6:58:0c:89:dc:ce:a4:06:30:65:c5:ab:86:b2:0a:ea:79:53:87:c8:7c:30:95:08:ed:1b:7d:ea:2a:da:06:60:d5:24:e5:1f:cf:06:77:67:96:97:a0:d3:a0:0e:60:cc:f6:17:07:05:9e:78:39:4f:c5:46:95:5e:fb:cd:f8:b0:77:05:42:ef:b1:24:7d:f3:87:dd:36:40:29:52:2e:5a:e1:d8:3b:ee:fe:5f:90:1f:6f:58:6f:ed:f1:73:71:fe:8c:f3:4e:fc:3c:d3:a4:eb:ec:7b:5c:03:39:47:4b:55:f6:91:eb:6d:55:27:18:11:29:be:6e:c2:af:69:d7:3d:ad:48:3c:f0:7c:11:fd:e3:fc:18:36:d5:8a:2d:07:4f:c8:3e:9c:be:0f:68:f9:b7:94:91:21:c4:0c:1b:8d:81:56:6f:de:23:c8:09:62:84:b6:71:c1:25:22:4f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:01.736082000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495781.736082000", + "frame.time_delta": "0.061526000", + "frame.time_delta_displayed": "0.061526000", + "frame.time_relative": "2190.275396000", + "frame.number": "8097", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002df1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000375f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "19210", + "tcp.nxtseq": "19257", + "tcp.ack": "94495", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b7d9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a3:56:46:00:28:08:81", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812499526, TSecr 2623617": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812499526", + "tcp.options.timestamp.tsecr": "2623617" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8096", + "tcp.analysis.ack_rtt": "0.061526000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:d8:58:d5:43:3b:8f:87:6a:0e:6c:7b:e3:0c:66:39:6e:b5:16:67:bf:6b:f5:89:34:8f:dc:9b:c2:6e:79:e0:6b:ee:82:a9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:01.736517000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495781.736517000", + "frame.time_delta": "0.000435000", + "frame.time_delta_displayed": "0.000435000", + "frame.time_relative": "2190.275831000", + "frame.number": "8098", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009701", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000767e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "94495", + "tcp.ack": "19257", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008c70", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:08:87:a7:a3:56:46", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2623623, TSecr 2812499526": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2623623", + "tcp.options.timestamp.tsecr": "2812499526" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8097", + "tcp.analysis.ack_rtt": "0.000435000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:03.168984000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495783.168984000", + "frame.time_delta": "1.432467000", + "frame.time_delta_displayed": "1.432467000", + "frame.time_relative": "2191.708298000", + "frame.number": "8099", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ntp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000010", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "4", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00005afe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000053e0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "216.93.242.12", + "ip.addr": "216.93.242.12", + "ip.dst_host": "216.93.242.12", + "ip.host": "216.93.242.12", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS27552 TowardEX Technologies International, Inc., Boston, MA, 42.358398, -71.059799": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS27552 TowardEX Technologies International, Inc.", + "ip.geoip.asnum": "AS27552 TowardEX Technologies International, Inc.", + "ip.geoip.dst_city": "Boston, MA", + "ip.geoip.city": "Boston, MA", + "ip.geoip.dst_lat": "42.358398", + "ip.geoip.lat": "42.358398", + "ip.geoip.dst_lon": "-71.059799", + "ip.geoip.lon": "-71.059799" + } + }, + "udp": { + "udp.srcport": "46395", + "udp.dstport": "123", + "udp.port": "46395", + "udp.port": "123", + "udp.length": "56", + "udp.checksum": "0x000070ca", + "udp.checksum.status": "2", + "udp.stream": "154" + }, + "ntp": { + "ntp.flags": "0x00000023", + "ntp.flags_tree": { + "ntp.flags.li": "0", + "ntp.flags.vn": "4", + "ntp.flags.mode": "3" + }, + "ntp.stratum": "0", + "ntp.ppoll": "0", + "ntp.precision": "0", + "ntp.rootdelay": "0", + "ntp.rootdispersion": "0", + "ntp.refid": "00:00:00:00", + "ntp.reftime": "Dec 31, 1969 16:00:00.000000000 PST", + "ntp.org": "Dec 31, 1969 16:00:00.000000000 PST", + "ntp.rec": "Dec 31, 1969 16:00:00.000000000 PST", + "ntp.xmt": "Oct 5, 2057 23:40:00.054627000 PDT" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:03.248589000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495783.248589000", + "frame.time_delta": "0.079605000", + "frame.time_delta_displayed": "0.079605000", + "frame.time_relative": "2191.787903000", + "frame.number": "8100", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ntp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x0000ba62", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "48", + "ip.proto": "17", + "ip.checksum": "0x0000048c", + "ip.checksum.status": "2", + "ip.src": "216.93.242.12", + "ip.addr": "216.93.242.12", + "ip.src_host": "216.93.242.12", + "ip.host": "216.93.242.12", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS27552 TowardEX Technologies International, Inc., Boston, MA, 42.358398, -71.059799": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS27552 TowardEX Technologies International, Inc.", + "ip.geoip.asnum": "AS27552 TowardEX Technologies International, Inc.", + "ip.geoip.src_city": "Boston, MA", + "ip.geoip.city": "Boston, MA", + "ip.geoip.src_lat": "42.358398", + "ip.geoip.lat": "42.358398", + "ip.geoip.src_lon": "-71.059799", + "ip.geoip.lon": "-71.059799" + }, + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "123", + "udp.dstport": "46395", + "udp.port": "123", + "udp.port": "46395", + "udp.length": "56", + "udp.checksum": "0x00002980", + "udp.checksum.status": "2", + "udp.stream": "154" + }, + "ntp": { + "ntp.flags": "0x00000024", + "ntp.flags_tree": { + "ntp.flags.li": "0", + "ntp.flags.vn": "4", + "ntp.flags.mode": "4" + }, + "ntp.stratum": "2", + "ntp.ppoll": "3", + "ntp.precision": "-23", + "ntp.rootdelay": "0.0009613037109375", + "ntp.rootdispersion": "0.0285797119140625", + "ntp.refid": "12:1a:04:69", + "ntp.reftime": "Oct 31, 2017 17:10:35.123521000 PDT", + "ntp.org": "Oct 5, 2057 23:40:00.054627000 PDT", + "ntp.rec": "Oct 31, 2017 17:23:03.216221000 PDT", + "ntp.xmt": "Oct 31, 2017 17:23:03.216276000 PDT" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:04.398101000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495784.398101000", + "frame.time_delta": "1.149512000", + "frame.time_delta_displayed": "1.149512000", + "frame.time_relative": "2192.937415000", + "frame.number": "8101", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005831", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a660", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5237", + "tcp.ack": "757", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ef56", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:04.541332000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495784.541332000", + "frame.time_delta": "0.143231000", + "frame.time_delta_displayed": "0.143231000", + "frame.time_relative": "2193.080646000", + "frame.number": "8102", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001013", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd7e", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "757", + "tcp.ack": "5238", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f9cb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:06.740172000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495786.740172000", + "frame.time_delta": "2.198840000", + "frame.time_delta_displayed": "2.198840000", + "frame.time_relative": "2195.279486000", + "frame.number": "8103", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:06.740593000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495786.740593000", + "frame.time_delta": "0.000421000", + "frame.time_delta_displayed": "0.000421000", + "frame.time_relative": "2195.279907000", + "frame.number": "8104", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:06.832996000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495786.832996000", + "frame.time_delta": "0.092403000", + "frame.time_delta_displayed": "0.092403000", + "frame.time_relative": "2195.372310000", + "frame.number": "8105", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005f15", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x000058d4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:08.128015000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495788.128015000", + "frame.time_delta": "1.295019000", + "frame.time_delta_displayed": "1.295019000", + "frame.time_relative": "2196.667329000", + "frame.number": "8106", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:08.128190000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495788.128190000", + "frame.time_delta": "0.000175000", + "frame.time_delta_displayed": "0.000175000", + "frame.time_relative": "2196.667504000", + "frame.number": "8107", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:09.709378000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495789.709378000", + "frame.time_delta": "1.581188000", + "frame.time_delta_displayed": "1.581188000", + "frame.time_relative": "2198.248692000", + "frame.number": "8108", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002017", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7d9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001262", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000291", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=657", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:09.710614000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495789.710614000", + "frame.time_delta": "0.001236000", + "frame.time_delta_displayed": "0.001236000", + "frame.time_relative": "2198.249928000", + "frame.number": "8109", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002018", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098d4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f35d", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000291", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=657", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:09.711168000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495789.711168000", + "frame.time_delta": "0.000554000", + "frame.time_delta_displayed": "0.000554000", + "frame.time_relative": "2198.250482000", + "frame.number": "8110", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008123", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000291", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=657", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:10.421594000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495790.421594000", + "frame.time_delta": "0.710426000", + "frame.time_delta_displayed": "0.710426000", + "frame.time_relative": "2198.960908000", + "frame.number": "8111", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000839b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000045bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:10.440211000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495790.440211000", + "frame.time_delta": "0.018617000", + "frame.time_delta_displayed": "0.018617000", + "frame.time_relative": "2198.979525000", + "frame.number": "8112", + "frame.len": "213", + "frame.cap_len": "213", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "199", + "ip.id": "0x00009702", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075ea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "147", + "tcp.seq": "94495", + "tcp.nxtseq": "94642", + "tcp.ack": "19257", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c424", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:0b:ee:a7:a3:56:46", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2624494, TSecr 2812499526": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2624494", + "tcp.options.timestamp.tsecr": "2812499526" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "147", + "tcp.analysis.push_bytes_sent": "147" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "142", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:96:7d:dd:95:a4:70:79:a4:b2:b7:b6:81:1d:72:3e:59:20:72:ba:66:2d:8e:c5:9f:22:c7:c7:e4:ee:91:15:e7:cf:c1:b1:0f:d5:2c:24:ee:20:54:07:48:d7:38:15:e8:b2:bf:2f:5d:05:05:ba:7d:1b:a5:bf:1e:53:fe:cf:cf:3b:3c:69:71:f9:e7:0a:75:1f:41:79:17:a4:9c:a7:f0:66:3d:0e:fb:15:34:6a:9d:86:56:c5:b4:be:49:e9:8a:ab:2c:86:77:35:6a:ee:e1:d9:e3:55:e3:5e:7e:d4:38:5d:f0:d0:e1:b5:8f:de:49:5d:46:54:68:89:9d:8b:99:fc:6e:61:d4:8d:d5:77" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:10.474484000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495790.474484000", + "frame.time_delta": "0.034273000", + "frame.time_delta_displayed": "0.034273000", + "frame.time_relative": "2199.013798000", + "frame.number": "8113", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x000083a0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000045b7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:10.527588000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495790.527588000", + "frame.time_delta": "0.053104000", + "frame.time_delta_displayed": "0.053104000", + "frame.time_relative": "2199.066902000", + "frame.number": "8114", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x000083a5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000045a9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:10.537970000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495790.537970000", + "frame.time_delta": "0.010382000", + "frame.time_delta_displayed": "0.010382000", + "frame.time_relative": "2199.077284000", + "frame.number": "8115", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002df2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000378d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "19257", + "tcp.ack": "94642", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000080cc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a3:5e:df:00:28:0b:ee", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812501727, TSecr 2624494": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812501727", + "tcp.options.timestamp.tsecr": "2624494" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8112", + "tcp.analysis.ack_rtt": "0.097759000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:10.543493000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495790.543493000", + "frame.time_delta": "0.005523000", + "frame.time_delta_displayed": "0.005523000", + "frame.time_relative": "2199.082807000", + "frame.number": "8116", + "frame.len": "196", + "frame.cap_len": "196", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "182", + "ip.id": "0x00009703", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075fa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "130", + "tcp.seq": "94642", + "tcp.nxtseq": "94772", + "tcp.ack": "19257", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008571", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:0b:f8:a7:a3:5e:df", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2624504, TSecr 2812501727": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2624504", + "tcp.options.timestamp.tsecr": "2812501727" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "130", + "tcp.analysis.push_bytes_sent": "130" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "125", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:97:e4:29:ca:53:ab:8e:a4:b4:8f:83:ae:f5:72:0c:ea:9f:5a:90:af:08:bb:9a:ef:44:a2:5f:d5:e9:04:d3:d8:f0:68:51:44:24:6b:86:18:39:f0:7b:18:21:d7:8c:b4:c7:86:82:25:70:0c:2a:29:cc:14:28:da:79:25:28:b0:b0:b8:ca:8d:57:01:51:c6:20:6d:8e:05:cd:3e:d5:ce:ee:92:1e:f2:a5:b9:53:0e:5d:04:d1:49:a1:c6:c8:a6:e3:ac:59:d8:15:14:6f:ae:93:ba:11:d6:c1:73:08:0f:f1:3c:a7:95:e9:e1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:10.580422000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495790.580422000", + "frame.time_delta": "0.036929000", + "frame.time_delta_displayed": "0.036929000", + "frame.time_relative": "2199.119736000", + "frame.number": "8117", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x000083a8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000045a6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:10.603893000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495790.603893000", + "frame.time_delta": "0.023471000", + "frame.time_delta_displayed": "0.023471000", + "frame.time_relative": "2199.143207000", + "frame.number": "8118", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002df3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000378c", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "19257", + "tcp.ack": "94772", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008030", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a3:5e:ef:00:28:0b:f8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812501743, TSecr 2624504": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812501743", + "tcp.options.timestamp.tsecr": "2624504" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8116", + "tcp.analysis.ack_rtt": "0.060400000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:10.633338000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495790.633338000", + "frame.time_delta": "0.029445000", + "frame.time_delta_displayed": "0.029445000", + "frame.time_relative": "2199.172652000", + "frame.number": "8119", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x000083ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000045a7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:10.686179000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495790.686179000", + "frame.time_delta": "0.052841000", + "frame.time_delta_displayed": "0.052841000", + "frame.time_relative": "2199.225493000", + "frame.number": "8120", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x000083b2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000045a2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:14.709625000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495794.709625000", + "frame.time_delta": "4.023446000", + "frame.time_delta_displayed": "4.023446000", + "frame.time_relative": "2203.248939000", + "frame.number": "8121", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002019", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7d7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001262", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000291", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=657", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:14.710353000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495794.710353000", + "frame.time_delta": "0.000728000", + "frame.time_delta_displayed": "0.000728000", + "frame.time_relative": "2203.249667000", + "frame.number": "8122", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000201a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098d2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f35d", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000291", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=657", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:14.711290000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495794.711290000", + "frame.time_delta": "0.000937000", + "frame.time_delta_displayed": "0.000937000", + "frame.time_relative": "2203.250604000", + "frame.number": "8123", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008123", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000291", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=657", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:19.709932000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495799.709932000", + "frame.time_delta": "4.998642000", + "frame.time_delta_displayed": "4.998642000", + "frame.time_relative": "2208.249246000", + "frame.number": "8124", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000201d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7d3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001262", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000291", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=657", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:19.710450000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495799.710450000", + "frame.time_delta": "0.000518000", + "frame.time_delta_displayed": "0.000518000", + "frame.time_relative": "2208.249764000", + "frame.number": "8125", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000201e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098ce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f35d", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000291", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=657", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:19.711066000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495799.711066000", + "frame.time_delta": "0.000616000", + "frame.time_delta_displayed": "0.000616000", + "frame.time_relative": "2208.250380000", + "frame.number": "8126", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008123", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000291", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=657", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:21.260735000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495801.260735000", + "frame.time_delta": "1.549669000", + "frame.time_delta_displayed": "1.549669000", + "frame.time_relative": "2209.800049000", + "frame.number": "8127", + "frame.len": "1325", + "frame.cap_len": "1325", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1311", + "ip.id": "0x00009704", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007190", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1259", + "tcp.seq": "94772", + "tcp.nxtseq": "96031", + "tcp.ack": "19257", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fb4c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:10:28:a7:a3:5e:ef", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2625576, TSecr 2812501743": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2625576", + "tcp.options.timestamp.tsecr": "2812501743" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1259", + "tcp.analysis.push_bytes_sent": "1259" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1254", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:98:98:c6:a5:d4:6a:87:02:0c:16:18:02:2d:39:6c:fb:a2:96:51:5e:63:b9:43:54:9a:fc:21:83:a1:ec:17:a5:88:5c:69:7c:de:04:80:ee:47:e8:ba:c1:0a:16:a7:84:67:0a:fc:75:28:5b:1d:0d:92:09:25:92:a2:30:5e:9a:2d:c4:85:36:13:6f:73:e8:0b:56:2f:e5:d1:81:54:f1:de:55:4a:a5:1e:2a:91:89:fb:59:4e:26:4a:2a:ac:a2:ff:a4:8c:c2:78:71:33:c3:1f:86:21:d4:83:b4:25:7f:54:e5:0b:77:c0:43:3e:df:cc:3c:8f:30:32:fa:83:5b:11:70:9e:02:e7:cb:dd:60:37:e5:9e:03:b5:69:7e:34:e8:c7:67:d9:a7:bc:95:49:48:33:af:19:f1:eb:81:89:6b:52:0c:02:c2:f9:c5:f2:21:0c:a7:48:d5:f6:b1:18:83:9d:0d:be:c5:06:86:de:5c:82:f2:95:5f:5e:85:f2:bd:c5:de:a3:61:d7:b7:d5:57:86:6f:49:29:c8:ed:15:c5:c4:36:44:46:d4:ae:d7:bf:e6:6f:01:0c:45:b6:de:16:5b:fe:ce:a2:50:73:f6:65:e4:19:85:31:39:26:a7:61:9b:84:29:e7:9b:4e:92:7d:60:2f:c0:7c:1e:2b:bf:36:0b:68:86:22:0c:ac:45:fc:3c:cf:e9:4e:77:9c:62:f2:17:10:e6:3e:15:2d:18:3a:70:f9:98:0b:6c:31:76:cb:9a:a5:d6:08:79:89:71:68:00:69:ad:87:5a:ee:b5:52:97:59:e7:52:f7:1a:9b:ec:28:f7:a6:5a:a9:8c:52:77:7e:37:55:8d:ad:6a:d8:f3:c9:c5:7d:30:3c:e5:b0:18:f7:f3:90:46:56:a6:cb:1d:d2:bd:63:57:bf:d7:b7:1c:ca:0f:cd:6a:3a:b2:7b:b2:2c:58:49:02:6f:10:87:57:4a:f6:2a:c1:b7:3b:d8:bf:a1:d5:37:2d:ff:e5:75:c1:ca:de:a2:86:6e:a5:a7:4e:ba:2f:49:0c:35:25:aa:b6:df:a2:a6:79:fb:4d:d0:3f:cd:d9:81:74:82:23:1b:4f:76:59:ad:ea:3c:e9:89:e0:70:e2:b4:7a:f0:8b:8c:ff:bc:05:df:e6:29:d3:a7:4c:52:e3:85:e0:d3:9a:14:af:c6:1e:aa:7e:ef:76:51:a7:d5:b5:23:2b:90:59:91:4c:b8:3f:fc:2d:db:5c:be:65:0b:23:0e:e3:70:06:51:1d:14:02:a4:fe:8e:14:24:69:eb:31:46:4c:4d:36:2d:dd:d7:51:cf:54:56:ce:99:50:09:8a:1d:4e:ac:87:0c:69:67:70:8f:72:ff:11:fc:b5:cb:4c:f3:f2:2d:2e:8d:70:ee:7d:8b:cb:39:ab:6e:90:8c:ba:72:b7:7d:07:50:ba:85:9f:b2:ce:10:4b:fb:a0:6d:ef:0a:7b:8b:16:ca:e5:af:04:fb:1f:bb:d1:82:e2:97:2a:11:c6:e8:f9:d9:ac:3f:8b:e3:2e:8e:94:85:1c:54:52:85:82:b6:ee:50:97:f0:3b:34:1d:f8:94:d4:b5:a0:df:ad:e5:c9:15:8e:87:ad:03:a5:27:de:46:9f:4b:f8:32:3a:0c:b6:88:68:af:6d:a0:e6:2c:24:f7:31:7e:76:85:b1:aa:55:09:a5:a9:c5:18:17:40:e5:5a:a1:92:28:bf:40:fd:4e:71:69:92:d3:12:71:26:71:2e:39:38:c6:4c:80:b8:63:ad:90:d8:91:13:aa:cf:2e:d2:80:5c:79:18:f8:a9:ba:10:a4:7f:bc:92:b0:ed:c6:49:4b:11:b7:8f:63:98:2b:08:2b:ee:d4:5a:1b:bd:4a:2c:4c:bd:8f:9b:a3:10:10:a2:48:d8:f5:91:4a:d8:fe:65:d1:a7:8b:62:20:9f:45:5a:62:ee:8e:16:c8:3e:cd:68:95:8c:fa:7c:5a:46:49:db:5f:ce:1c:ad:d8:12:ff:30:a9:13:da:8f:59:c8:32:86:f4:11:19:3e:de:9a:a2:ae:1e:9b:79:49:e6:79:77:42:60:6c:10:91:76:f4:7f:89:a3:6e:08:e5:f8:b9:a3:b4:a3:48:ba:e8:f2:99:ba:fa:d5:96:c5:02:a8:25:d5:40:22:1a:c2:3f:9a:49:11:71:77:9a:d9:31:6d:76:c0:f9:ab:3c:f2:c3:cb:9a:8d:9c:3f:c8:53:03:0c:a0:54:05:98:e2:1d:11:d1:b9:15:d8:ff:79:c7:67:78:60:01:3d:62:ad:7b:21:79:5b:92:d3:35:3e:2e:e3:77:f9:4f:45:61:6a:ac:f9:cf:6a:8d:32:55:18:d1:fa:fb:12:35:fd:38:9e:74:6f:07:60:c6:d1:16:fa:c7:13:92:d6:40:77:31:52:99:de:35:71:40:5b:46:60:69:09:12:39:9b:59:62:74:79:bb:44:e6:b3:6a:01:c3:0f:7f:71:e2:c5:91:d5:23:ad:9b:ff:ea:bb:77:72:03:39:55:97:40:93:6c:80:7e:a7:b5:df:22:66:bc:ae:46:87:16:09:42:ba:00:04:e3:8d:1a:28:e7:ce:35:47:da:41:89:9c:a8:df:89:35:6b:2d:31:8f:90:58:83:95:6e:7a:56:74:7d:1a:15:01:eb:e1:c9:20:e6:b5:b2:f1:59:8b:26:55:00:66:45:78:f0:43:8f:c5:7f:84:6a:e4:74:30:32:21:7e:df:50:15:7e:6d:e5:d4:ff:89:fd:35:4b:16:8b:4a:5a:78:8c:2a:55:a0:27:4d:1d:94:7c:02:a6:8a:ca:12:7b:9e:88:49:4a:38:4a:6a:50:bd:41:93:27:e2:7f:5e:59:c5:d5:ee:56:e0:a7:b2:7e:c9:41:71:8b:18:1f:f5:b4:0c:ad:5b:01:f6:93:64:93:2f:4a:12:1f:e5:8c:ca:c0:97:dc:2a:98:06:8e:36:77:73:d0:8a:be:e9:10:bb:57:4d:4b:74:14:22:0b:36:2a:e8:0d:1f:e5:38:be:23:a4:b4:8a:76:07:55:46:4d:79:3b:af:b5:d0:b8:ab:3c:88:07:0f:35:50:c4:af:ec:c7:f4:84:8d:9f:ef:a1:f0:43:6d:7c:88:55:3f:3a:1f:a3:5e:76:aa:cb:c8:47:9a:a9:25:32:67:1d:90:51:1f:b4:52:d0:fd:50:a6:a0:26:04:3e:ce:27:e8:78:3a:48:49:7f:ed:cd:1b:ac:f0:4b:3b:4a:a0:3e:f4:73:5a:7b:24:c8:38:a4:45:e5:56:8d:c3:77:5c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:21.321060000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495801.321060000", + "frame.time_delta": "0.060325000", + "frame.time_delta_displayed": "0.060325000", + "frame.time_relative": "2209.860374000", + "frame.number": "8128", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002df4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000378b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "19257", + "tcp.ack": "96031", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006c9e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a3:69:66:00:28:10:28", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812504422, TSecr 2625576": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812504422", + "tcp.options.timestamp.tsecr": "2625576" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8127", + "tcp.analysis.ack_rtt": "0.060325000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:25.196024000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495805.196024000", + "frame.time_delta": "3.874964000", + "frame.time_delta_displayed": "3.874964000", + "frame.time_relative": "2213.735338000", + "frame.number": "8129", + "frame.len": "98", + "frame.cap_len": "98", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "84", + "ip.id": "0x00000bbb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ecf5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "64", + "udp.checksum": "0x00009db0", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "38:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:04:e7:1a:b8:6f:ce:f2:14:13:00:00:00:00:70:a6:c7:74:f0:da:13:00:00:00:00:00:00:00:00:01:00:02:00", + "data.len": "56" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:28.849201000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495808.849201000", + "frame.time_delta": "3.653177000", + "frame.time_delta_displayed": "3.653177000", + "frame.time_relative": "2217.388515000", + "frame.number": "8130", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:29.712490000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495809.712490000", + "frame.time_delta": "0.863289000", + "frame.time_delta_displayed": "0.863289000", + "frame.time_relative": "2218.251804000", + "frame.number": "8131", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000201f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7d1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001161", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000292", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=658", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:29.713010000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495809.713010000", + "frame.time_delta": "0.000520000", + "frame.time_delta_displayed": "0.000520000", + "frame.time_relative": "2218.252324000", + "frame.number": "8132", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002020", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098cc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f25c", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000292", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=658", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:29.713618000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495809.713618000", + "frame.time_delta": "0.000608000", + "frame.time_delta_displayed": "0.000608000", + "frame.time_relative": "2218.252932000", + "frame.number": "8133", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008022", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000292", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=658", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.429811000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.429811000", + "frame.time_delta": "0.716193000", + "frame.time_delta_displayed": "0.716193000", + "frame.time_relative": "2218.969125000", + "frame.number": "8134", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x00002128", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e71c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52117", + "udp.dstport": "1900", + "udp.port": "52117", + "udp.port": "1900", + "udp.length": "134", + "udp.checksum": "0x00004d48", + "udp.checksum.status": "2", + "udp.stream": "10" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "19", + "http.prev_request_in": "7888" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.823804000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.823804000", + "frame.time_delta": "0.393993000", + "frame.time_delta_displayed": "0.393993000", + "frame.time_relative": "2219.363118000", + "frame.number": "8135", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a425", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001326", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "109", + "http.prev_response_in": "7950" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.827726000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.827726000", + "frame.time_delta": "0.003922000", + "frame.time_delta_displayed": "0.003922000", + "frame.time_relative": "2219.367040000", + "frame.number": "8136", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001cad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54828", + "tcp.dstport": "80", + "tcp.port": "54828", + "tcp.port": "80", + "tcp.stream": "314", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000c9fd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.828258000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.828258000", + "frame.time_delta": "0.000532000", + "frame.time_delta_displayed": "0.000532000", + "frame.time_relative": "2219.367572000", + "frame.number": "8137", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54828", + "tcp.port": "80", + "tcp.port": "54828", + "tcp.stream": "314", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000e38a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8136", + "tcp.analysis.ack_rtt": "0.000532000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.831000000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.831000000", + "frame.time_delta": "0.002742000", + "frame.time_delta_displayed": "0.002742000", + "frame.time_relative": "2219.370314000", + "frame.number": "8138", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bc5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54828", + "tcp.dstport": "80", + "tcp.port": "54828", + "tcp.port": "80", + "tcp.stream": "314", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009569", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8137", + "tcp.analysis.ack_rtt": "0.002742000", + "tcp.analysis.initial_rtt": "0.003274000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.831591000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.831591000", + "frame.time_delta": "0.000591000", + "frame.time_delta_displayed": "0.000591000", + "frame.time_relative": "2219.370905000", + "frame.number": "8139", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001caf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b1d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54828", + "tcp.dstport": "80", + "tcp.port": "54828", + "tcp.port": "80", + "tcp.stream": "314", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000aae2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003274000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.832084000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.832084000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "2219.371398000", + "frame.number": "8140", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006264", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000560f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54828", + "tcp.port": "80", + "tcp.port": "54828", + "tcp.stream": "314", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000086fa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8139", + "tcp.analysis.ack_rtt": "0.000493000", + "tcp.analysis.initial_rtt": "0.003274000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.832705000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.832705000", + "frame.time_delta": "0.000621000", + "frame.time_delta_displayed": "0.000621000", + "frame.time_relative": "2219.372019000", + "frame.number": "8141", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00006265", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000055fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54828", + "tcp.port": "80", + "tcp.port": "54828", + "tcp.stream": "314", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c71b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003274000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.833067000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.833067000", + "frame.time_delta": "0.000362000", + "frame.time_delta_displayed": "0.000362000", + "frame.time_relative": "2219.372381000", + "frame.number": "8142", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00006266", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000522a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54828", + "tcp.port": "80", + "tcp.port": "54828", + "tcp.stream": "314", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001985", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003274000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "8141", + "tcp.segment": "8142", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001476000", + "http.request_in": "8139", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.838145000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.838145000", + "frame.time_delta": "0.005078000", + "frame.time_delta_displayed": "0.005078000", + "frame.time_relative": "2219.377459000", + "frame.number": "8143", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00006267", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005229", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54828", + "tcp.port": "80", + "tcp.port": "54828", + "tcp.stream": "314", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001985", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003274000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.retransmission": "", + "_ws.expert.message": "This frame is a (suspected) retransmission", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + }, + "tcp.analysis.rto": "0.005078000", + "tcp.analysis.rto_frame": "8142" + } + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.840016000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.840016000", + "frame.time_delta": "0.001871000", + "frame.time_delta_displayed": "0.001871000", + "frame.time_relative": "2219.379330000", + "frame.number": "8144", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cb0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bc3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54828", + "tcp.dstport": "80", + "tcp.port": "54828", + "tcp.port": "80", + "tcp.stream": "314", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000090d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8142", + "tcp.analysis.ack_rtt": "0.006949000", + "tcp.analysis.initial_rtt": "0.003274000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.840666000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.840666000", + "frame.time_delta": "0.000650000", + "frame.time_delta_displayed": "0.000650000", + "frame.time_relative": "2219.379980000", + "frame.number": "8145", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cb1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bc2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54828", + "tcp.dstport": "80", + "tcp.port": "54828", + "tcp.port": "80", + "tcp.stream": "314", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000090d0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.841099000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.841099000", + "frame.time_delta": "0.000433000", + "frame.time_delta_displayed": "0.000433000", + "frame.time_relative": "2219.380413000", + "frame.number": "8146", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000079a8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003ecb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54828", + "tcp.port": "80", + "tcp.port": "54828", + "tcp.stream": "314", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008304", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8145", + "tcp.analysis.ack_rtt": "0.000433000", + "tcp.analysis.initial_rtt": "0.003274000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.842631000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.842631000", + "frame.time_delta": "0.001532000", + "frame.time_delta_displayed": "0.001532000", + "frame.time_relative": "2219.381945000", + "frame.number": "8147", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001cb2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bb5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54828", + "tcp.dstport": "80", + "tcp.port": "54828", + "tcp.port": "80", + "tcp.stream": "314", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007823", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:b7:82:b7:d6:b7:82:bb:b9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003274000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "8144", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.876715000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.876715000", + "frame.time_delta": "0.034084000", + "frame.time_delta_displayed": "0.034084000", + "frame.time_relative": "2219.416029000", + "frame.number": "8148", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a427", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000131b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "110", + "http.prev_response_in": "8135" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.892300000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.892300000", + "frame.time_delta": "0.015585000", + "frame.time_delta_displayed": "0.015585000", + "frame.time_relative": "2219.431614000", + "frame.number": "8149", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001cb3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bb4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54829", + "tcp.dstport": "80", + "tcp.port": "54829", + "tcp.port": "80", + "tcp.stream": "315", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00005361", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.892846000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.892846000", + "frame.time_delta": "0.000546000", + "frame.time_delta_displayed": "0.000546000", + "frame.time_relative": "2219.432160000", + "frame.number": "8150", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54829", + "tcp.port": "80", + "tcp.port": "54829", + "tcp.stream": "315", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000569a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8149", + "tcp.analysis.ack_rtt": "0.000546000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.895877000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.895877000", + "frame.time_delta": "0.003031000", + "frame.time_delta_displayed": "0.003031000", + "frame.time_relative": "2219.435191000", + "frame.number": "8151", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cb4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bbf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54829", + "tcp.dstport": "80", + "tcp.port": "54829", + "tcp.port": "80", + "tcp.stream": "315", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000879", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8150", + "tcp.analysis.ack_rtt": "0.003031000", + "tcp.analysis.initial_rtt": "0.003577000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.896479000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.896479000", + "frame.time_delta": "0.000602000", + "frame.time_delta_displayed": "0.000602000", + "frame.time_relative": "2219.435793000", + "frame.number": "8152", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001cb5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b17", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54829", + "tcp.dstport": "80", + "tcp.port": "54829", + "tcp.port": "80", + "tcp.stream": "315", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00001df2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003577000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.896952000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.896952000", + "frame.time_delta": "0.000473000", + "frame.time_delta_displayed": "0.000473000", + "frame.time_relative": "2219.436266000", + "frame.number": "8153", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000656d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005306", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54829", + "tcp.port": "80", + "tcp.port": "54829", + "tcp.stream": "315", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000fa09", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8152", + "tcp.analysis.ack_rtt": "0.000473000", + "tcp.analysis.initial_rtt": "0.003577000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.897597000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.897597000", + "frame.time_delta": "0.000645000", + "frame.time_delta_displayed": "0.000645000", + "frame.time_relative": "2219.436911000", + "frame.number": "8154", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000656e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000052f4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54829", + "tcp.port": "80", + "tcp.port": "54829", + "tcp.stream": "315", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003a2b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003577000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.897952000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.897952000", + "frame.time_delta": "0.000355000", + "frame.time_delta_displayed": "0.000355000", + "frame.time_relative": "2219.437266000", + "frame.number": "8155", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000656f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004f21", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54829", + "tcp.port": "80", + "tcp.port": "54829", + "tcp.stream": "315", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008c94", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003577000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "8154", + "tcp.segment": "8155", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001473000", + "http.request_in": "8152", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.897962000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.897962000", + "frame.time_delta": "0.000010000", + "frame.time_delta_displayed": "0.000010000", + "frame.time_relative": "2219.437276000", + "frame.number": "8156", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00006570", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004f20", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54829", + "tcp.port": "80", + "tcp.port": "54829", + "tcp.stream": "315", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008c94", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003577000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.901122000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.901122000", + "frame.time_delta": "0.003160000", + "frame.time_delta_displayed": "0.003160000", + "frame.time_relative": "2219.440436000", + "frame.number": "8157", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001cb6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bb1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54829", + "tcp.dstport": "80", + "tcp.port": "54829", + "tcp.port": "80", + "tcp.stream": "315", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000be8b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:d4:d1:b0:db:d4:d1:b4:be", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8155", + "tcp.analysis.ack_rtt": "0.003170000", + "tcp.analysis.initial_rtt": "0.003577000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.901714000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.901714000", + "frame.time_delta": "0.000592000", + "frame.time_delta_displayed": "0.000592000", + "frame.time_relative": "2219.441028000", + "frame.number": "8158", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cb7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bbc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54829", + "tcp.dstport": "80", + "tcp.port": "54829", + "tcp.port": "80", + "tcp.stream": "315", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000003e0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.902149000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.902149000", + "frame.time_delta": "0.000435000", + "frame.time_delta_displayed": "0.000435000", + "frame.time_relative": "2219.441463000", + "frame.number": "8159", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000079ab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003ec8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54829", + "tcp.port": "80", + "tcp.port": "54829", + "tcp.stream": "315", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f613", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8158", + "tcp.analysis.ack_rtt": "0.000435000", + "tcp.analysis.initial_rtt": "0.003577000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.930018000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.930018000", + "frame.time_delta": "0.027869000", + "frame.time_delta_displayed": "0.027869000", + "frame.time_relative": "2219.469332000", + "frame.number": "8160", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a428", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001320", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "111", + "http.prev_response_in": "8148" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.935710000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.935710000", + "frame.time_delta": "0.005692000", + "frame.time_delta_displayed": "0.005692000", + "frame.time_relative": "2219.475024000", + "frame.number": "8161", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001cb8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005baf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54830", + "tcp.dstport": "80", + "tcp.port": "54830", + "tcp.port": "80", + "tcp.stream": "316", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000dda4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.936263000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.936263000", + "frame.time_delta": "0.000553000", + "frame.time_delta_displayed": "0.000553000", + "frame.time_relative": "2219.475577000", + "frame.number": "8162", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54830", + "tcp.port": "80", + "tcp.port": "54830", + "tcp.stream": "316", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000b59e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8161", + "tcp.analysis.ack_rtt": "0.000553000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.939753000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.939753000", + "frame.time_delta": "0.003490000", + "frame.time_delta_displayed": "0.003490000", + "frame.time_relative": "2219.479067000", + "frame.number": "8163", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cb9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54830", + "tcp.dstport": "80", + "tcp.port": "54830", + "tcp.port": "80", + "tcp.stream": "316", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000677d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8162", + "tcp.analysis.ack_rtt": "0.003490000", + "tcp.analysis.initial_rtt": "0.004043000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.941121000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.941121000", + "frame.time_delta": "0.001368000", + "frame.time_delta_displayed": "0.001368000", + "frame.time_relative": "2219.480435000", + "frame.number": "8164", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001cba", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b12", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54830", + "tcp.dstport": "80", + "tcp.port": "54830", + "tcp.port": "80", + "tcp.stream": "316", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007cf6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004043000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.941613000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.941613000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "2219.480927000", + "frame.number": "8165", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f32f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c543", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54830", + "tcp.port": "80", + "tcp.port": "54830", + "tcp.stream": "316", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000590e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8164", + "tcp.analysis.ack_rtt": "0.000492000", + "tcp.analysis.initial_rtt": "0.004043000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.942256000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.942256000", + "frame.time_delta": "0.000643000", + "frame.time_delta_displayed": "0.000643000", + "frame.time_relative": "2219.481570000", + "frame.number": "8166", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000f330", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c531", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54830", + "tcp.port": "80", + "tcp.port": "54830", + "tcp.stream": "316", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000992f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004043000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.942607000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.942607000", + "frame.time_delta": "0.000351000", + "frame.time_delta_displayed": "0.000351000", + "frame.time_relative": "2219.481921000", + "frame.number": "8167", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000f331", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c15e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54830", + "tcp.port": "80", + "tcp.port": "54830", + "tcp.stream": "316", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000eb98", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004043000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "8166", + "tcp.segment": "8167", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001486000", + "http.request_in": "8164", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.945056000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.945056000", + "frame.time_delta": "0.002449000", + "frame.time_delta_displayed": "0.002449000", + "frame.time_relative": "2219.484370000", + "frame.number": "8168", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cbb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bb8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54830", + "tcp.dstport": "80", + "tcp.port": "54830", + "tcp.port": "80", + "tcp.stream": "316", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000062e5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8167", + "tcp.analysis.ack_rtt": "0.002449000", + "tcp.analysis.initial_rtt": "0.004043000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.945652000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.945652000", + "frame.time_delta": "0.000596000", + "frame.time_delta_displayed": "0.000596000", + "frame.time_relative": "2219.484966000", + "frame.number": "8169", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cbc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bb7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54830", + "tcp.dstport": "80", + "tcp.port": "54830", + "tcp.port": "80", + "tcp.stream": "316", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000062e4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:30.946104000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495810.946104000", + "frame.time_delta": "0.000452000", + "frame.time_delta_displayed": "0.000452000", + "frame.time_relative": "2219.485418000", + "frame.number": "8170", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000079ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003ec6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54830", + "tcp.port": "80", + "tcp.port": "54830", + "tcp.stream": "316", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005518", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8169", + "tcp.analysis.ack_rtt": "0.000452000", + "tcp.analysis.initial_rtt": "0.004043000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.877431000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.877431000", + "frame.time_delta": "0.931327000", + "frame.time_delta_displayed": "0.931327000", + "frame.time_relative": "2220.416745000", + "frame.number": "8171", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a470", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000012db", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "112", + "http.prev_response_in": "8160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.903971000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.903971000", + "frame.time_delta": "0.026540000", + "frame.time_delta_displayed": "0.026540000", + "frame.time_relative": "2220.443285000", + "frame.number": "8172", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001cbd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005baa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54831", + "tcp.dstport": "80", + "tcp.port": "54831", + "tcp.port": "80", + "tcp.stream": "317", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00008c1b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.904522000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.904522000", + "frame.time_delta": "0.000551000", + "frame.time_delta_displayed": "0.000551000", + "frame.time_relative": "2220.443836000", + "frame.number": "8173", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54831", + "tcp.port": "80", + "tcp.port": "54831", + "tcp.stream": "317", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00009a95", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8172", + "tcp.analysis.ack_rtt": "0.000551000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.911698000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.911698000", + "frame.time_delta": "0.007176000", + "frame.time_delta_displayed": "0.007176000", + "frame.time_relative": "2220.451012000", + "frame.number": "8174", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cbe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bb5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54831", + "tcp.dstport": "80", + "tcp.port": "54831", + "tcp.port": "80", + "tcp.stream": "317", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004c74", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8173", + "tcp.analysis.ack_rtt": "0.007176000", + "tcp.analysis.initial_rtt": "0.007727000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.912743000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.912743000", + "frame.time_delta": "0.001045000", + "frame.time_delta_displayed": "0.001045000", + "frame.time_relative": "2220.452057000", + "frame.number": "8175", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001cbf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b0d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54831", + "tcp.dstport": "80", + "tcp.port": "54831", + "tcp.port": "80", + "tcp.stream": "317", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000061ed", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007727000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.913339000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.913339000", + "frame.time_delta": "0.000596000", + "frame.time_delta_displayed": "0.000596000", + "frame.time_relative": "2220.452653000", + "frame.number": "8176", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005c3c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005c37", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54831", + "tcp.port": "80", + "tcp.port": "54831", + "tcp.stream": "317", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003e05", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8175", + "tcp.analysis.ack_rtt": "0.000596000", + "tcp.analysis.initial_rtt": "0.007727000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.913803000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.913803000", + "frame.time_delta": "0.000464000", + "frame.time_delta_displayed": "0.000464000", + "frame.time_relative": "2220.453117000", + "frame.number": "8177", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00005c3d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005c25", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54831", + "tcp.port": "80", + "tcp.port": "54831", + "tcp.stream": "317", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007e26", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007727000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.914157000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.914157000", + "frame.time_delta": "0.000354000", + "frame.time_delta_displayed": "0.000354000", + "frame.time_relative": "2220.453471000", + "frame.number": "8178", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00005c3e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005852", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54831", + "tcp.port": "80", + "tcp.port": "54831", + "tcp.stream": "317", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d08f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007727000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "8177", + "tcp.segment": "8178", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001414000", + "http.request_in": "8175", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.916577000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.916577000", + "frame.time_delta": "0.002420000", + "frame.time_delta_displayed": "0.002420000", + "frame.time_relative": "2220.455891000", + "frame.number": "8179", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cc0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bb3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54831", + "tcp.dstport": "80", + "tcp.port": "54831", + "tcp.port": "80", + "tcp.stream": "317", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000047dc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8178", + "tcp.analysis.ack_rtt": "0.002420000", + "tcp.analysis.initial_rtt": "0.007727000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.917208000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.917208000", + "frame.time_delta": "0.000631000", + "frame.time_delta_displayed": "0.000631000", + "frame.time_relative": "2220.456522000", + "frame.number": "8180", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cc1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bb2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54831", + "tcp.dstport": "80", + "tcp.port": "54831", + "tcp.port": "80", + "tcp.stream": "317", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000047db", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.917643000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.917643000", + "frame.time_delta": "0.000435000", + "frame.time_delta_displayed": "0.000435000", + "frame.time_relative": "2220.456957000", + "frame.number": "8181", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000079ca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003ea9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54831", + "tcp.port": "80", + "tcp.port": "54831", + "tcp.stream": "317", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003a0f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8180", + "tcp.analysis.ack_rtt": "0.000435000", + "tcp.analysis.initial_rtt": "0.007727000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.930376000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.930376000", + "frame.time_delta": "0.012733000", + "frame.time_delta_displayed": "0.012733000", + "frame.time_relative": "2220.469690000", + "frame.number": "8182", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a473", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000012cf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "113", + "http.prev_response_in": "8171" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.934008000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.934008000", + "frame.time_delta": "0.003632000", + "frame.time_delta_displayed": "0.003632000", + "frame.time_relative": "2220.473322000", + "frame.number": "8183", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001cc2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ba5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54832", + "tcp.dstport": "80", + "tcp.port": "54832", + "tcp.port": "80", + "tcp.stream": "318", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00008203", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.934545000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.934545000", + "frame.time_delta": "0.000537000", + "frame.time_delta_displayed": "0.000537000", + "frame.time_relative": "2220.473859000", + "frame.number": "8184", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54832", + "tcp.port": "80", + "tcp.port": "54832", + "tcp.stream": "318", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000c0c9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8183", + "tcp.analysis.ack_rtt": "0.000537000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.937385000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.937385000", + "frame.time_delta": "0.002840000", + "frame.time_delta_displayed": "0.002840000", + "frame.time_relative": "2220.476699000", + "frame.number": "8185", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cc3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bb0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54832", + "tcp.dstport": "80", + "tcp.port": "54832", + "tcp.port": "80", + "tcp.stream": "318", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000072a8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8184", + "tcp.analysis.ack_rtt": "0.002840000", + "tcp.analysis.initial_rtt": "0.003377000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.938508000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.938508000", + "frame.time_delta": "0.001123000", + "frame.time_delta_displayed": "0.001123000", + "frame.time_relative": "2220.477822000", + "frame.number": "8186", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001cc4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b08", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54832", + "tcp.dstport": "80", + "tcp.port": "54832", + "tcp.port": "80", + "tcp.stream": "318", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008821", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003377000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.939010000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.939010000", + "frame.time_delta": "0.000502000", + "frame.time_delta_displayed": "0.000502000", + "frame.time_relative": "2220.478324000", + "frame.number": "8187", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000847c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000033f7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54832", + "tcp.port": "80", + "tcp.port": "54832", + "tcp.stream": "318", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006439", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8186", + "tcp.analysis.ack_rtt": "0.000502000", + "tcp.analysis.initial_rtt": "0.003377000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.939586000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.939586000", + "frame.time_delta": "0.000576000", + "frame.time_delta_displayed": "0.000576000", + "frame.time_relative": "2220.478900000", + "frame.number": "8188", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000847d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000033e5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54832", + "tcp.port": "80", + "tcp.port": "54832", + "tcp.stream": "318", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a45a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003377000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.939935000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.939935000", + "frame.time_delta": "0.000349000", + "frame.time_delta_displayed": "0.000349000", + "frame.time_relative": "2220.479249000", + "frame.number": "8189", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000847e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003012", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54832", + "tcp.port": "80", + "tcp.port": "54832", + "tcp.stream": "318", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f6c3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003377000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "8188", + "tcp.segment": "8189", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001427000", + "http.request_in": "8186", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.943107000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.943107000", + "frame.time_delta": "0.003172000", + "frame.time_delta_displayed": "0.003172000", + "frame.time_relative": "2220.482421000", + "frame.number": "8190", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cc5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54832", + "tcp.dstport": "80", + "tcp.port": "54832", + "tcp.port": "80", + "tcp.stream": "318", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006e10", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8189", + "tcp.analysis.ack_rtt": "0.003172000", + "tcp.analysis.initial_rtt": "0.003377000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.943781000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.943781000", + "frame.time_delta": "0.000674000", + "frame.time_delta_displayed": "0.000674000", + "frame.time_relative": "2220.483095000", + "frame.number": "8191", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cc6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54832", + "tcp.dstport": "80", + "tcp.port": "54832", + "tcp.port": "80", + "tcp.stream": "318", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006e0f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.944211000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.944211000", + "frame.time_delta": "0.000430000", + "frame.time_delta_displayed": "0.000430000", + "frame.time_relative": "2220.483525000", + "frame.number": "8192", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000079cd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003ea6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54832", + "tcp.port": "80", + "tcp.port": "54832", + "tcp.stream": "318", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006043", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8191", + "tcp.analysis.ack_rtt": "0.000430000", + "tcp.analysis.initial_rtt": "0.003377000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.982828000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.982828000", + "frame.time_delta": "0.038617000", + "frame.time_delta_displayed": "0.038617000", + "frame.time_relative": "2220.522142000", + "frame.number": "8193", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a476", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000012d2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "114", + "http.prev_response_in": "8182" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.994161000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.994161000", + "frame.time_delta": "0.011333000", + "frame.time_delta_displayed": "0.011333000", + "frame.time_relative": "2220.533475000", + "frame.number": "8194", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001cc7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ba0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54833", + "tcp.dstport": "80", + "tcp.port": "54833", + "tcp.port": "80", + "tcp.stream": "319", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00004998", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.994742000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.994742000", + "frame.time_delta": "0.000581000", + "frame.time_delta_displayed": "0.000581000", + "frame.time_relative": "2220.534056000", + "frame.number": "8195", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54833", + "tcp.port": "80", + "tcp.port": "54833", + "tcp.stream": "319", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008d11", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8194", + "tcp.analysis.ack_rtt": "0.000581000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.997903000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.997903000", + "frame.time_delta": "0.003161000", + "frame.time_delta_displayed": "0.003161000", + "frame.time_relative": "2220.537217000", + "frame.number": "8196", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cc8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005bab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54833", + "tcp.dstport": "80", + "tcp.port": "54833", + "tcp.port": "80", + "tcp.stream": "319", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003ef0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8195", + "tcp.analysis.ack_rtt": "0.003161000", + "tcp.analysis.initial_rtt": "0.003742000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.998488000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.998488000", + "frame.time_delta": "0.000585000", + "frame.time_delta_displayed": "0.000585000", + "frame.time_relative": "2220.537802000", + "frame.number": "8197", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001cc9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b03", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54833", + "tcp.dstport": "80", + "tcp.port": "54833", + "tcp.port": "80", + "tcp.stream": "319", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005469", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003742000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.998974000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.998974000", + "frame.time_delta": "0.000486000", + "frame.time_delta_displayed": "0.000486000", + "frame.time_relative": "2220.538288000", + "frame.number": "8198", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001c1d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009c56", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54833", + "tcp.port": "80", + "tcp.port": "54833", + "tcp.stream": "319", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003081", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8197", + "tcp.analysis.ack_rtt": "0.000486000", + "tcp.analysis.initial_rtt": "0.003742000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.999551000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.999551000", + "frame.time_delta": "0.000577000", + "frame.time_delta_displayed": "0.000577000", + "frame.time_relative": "2220.538865000", + "frame.number": "8199", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00001c1e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009c44", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54833", + "tcp.port": "80", + "tcp.port": "54833", + "tcp.stream": "319", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000070a2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003742000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:31.999910000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495811.999910000", + "frame.time_delta": "0.000359000", + "frame.time_delta_displayed": "0.000359000", + "frame.time_relative": "2220.539224000", + "frame.number": "8200", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00001c1f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009871", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54833", + "tcp.port": "80", + "tcp.port": "54833", + "tcp.stream": "319", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c30b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003742000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "8199", + "tcp.segment": "8200", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001422000", + "http.request_in": "8197", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:32.002261000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495812.002261000", + "frame.time_delta": "0.002351000", + "frame.time_delta_displayed": "0.002351000", + "frame.time_relative": "2220.541575000", + "frame.number": "8201", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ba9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54833", + "tcp.dstport": "80", + "tcp.port": "54833", + "tcp.port": "80", + "tcp.stream": "319", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003a58", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8200", + "tcp.analysis.ack_rtt": "0.002351000", + "tcp.analysis.initial_rtt": "0.003742000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:32.002912000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495812.002912000", + "frame.time_delta": "0.000651000", + "frame.time_delta_displayed": "0.000651000", + "frame.time_relative": "2220.542226000", + "frame.number": "8202", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001ccb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ba8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54833", + "tcp.dstport": "80", + "tcp.port": "54833", + "tcp.port": "80", + "tcp.stream": "319", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003a57", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:32.003364000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495812.003364000", + "frame.time_delta": "0.000452000", + "frame.time_delta_displayed": "0.000452000", + "frame.time_relative": "2220.542678000", + "frame.number": "8203", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000079cf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003ea4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54833", + "tcp.port": "80", + "tcp.port": "54833", + "tcp.stream": "319", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002c8b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8202", + "tcp.analysis.ack_rtt": "0.000452000", + "tcp.analysis.initial_rtt": "0.003742000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:32.740998000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495812.740998000", + "frame.time_delta": "0.737634000", + "frame.time_delta_displayed": "0.737634000", + "frame.time_relative": "2221.280312000", + "frame.number": "8204", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009705", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007649", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "96031", + "tcp.nxtseq": "96080", + "tcp.ack": "19257", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ca71", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:14:a4:a7:a3:69:66", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2626724, TSecr 2812504422": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2626724", + "tcp.options.timestamp.tsecr": "2812504422" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:99:d2:c8:8d:ba:d5:a4:3d:86:80:1b:55:82:ff:a9:ea:a6:df:8e:a3:8b:aa:72:27:4c:30:c9:63:64:70:ec:9b:62:d3:e2:6a:2b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:32.801307000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495812.801307000", + "frame.time_delta": "0.060309000", + "frame.time_delta_displayed": "0.060309000", + "frame.time_relative": "2221.340621000", + "frame.number": "8205", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002df5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000378a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "19257", + "tcp.ack": "96080", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005cbb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a3:74:9c:00:28:14:a4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812507292, TSecr 2626724": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812507292", + "tcp.options.timestamp.tsecr": "2626724" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8204", + "tcp.analysis.ack_rtt": "0.060309000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:32.801698000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495812.801698000", + "frame.time_delta": "0.000391000", + "frame.time_delta_displayed": "0.000391000", + "frame.time_relative": "2221.341012000", + "frame.number": "8206", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002df6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003752", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "19257", + "tcp.nxtseq": "19312", + "tcp.ack": "96080", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a0ec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a3:74:9c:00:28:14:a4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812507292, TSecr 2626724": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812507292", + "tcp.options.timestamp.tsecr": "2626724" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:d9:8b:27:d4:17:49:4e:05:b9:27:75:67:f3:ce:24:9c:1e:ac:d8:59:19:dd:5b:37:ad:fd:8f:42:cc:d5:38:5a:7d:22:f5:4a:d1:bd:97:86:a1:e8:69" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:32.802139000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495812.802139000", + "frame.time_delta": "0.000441000", + "frame.time_delta_displayed": "0.000441000", + "frame.time_relative": "2221.341453000", + "frame.number": "8207", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009706", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007679", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "96080", + "tcp.ack": "19312", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005b8f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:14:aa:a7:a3:74:9c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2626730, TSecr 2812507292": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2626730", + "tcp.options.timestamp.tsecr": "2812507292" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8206", + "tcp.analysis.ack_rtt": "0.000441000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:34.538069000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495814.538069000", + "frame.time_delta": "1.735930000", + "frame.time_delta_displayed": "1.735930000", + "frame.time_relative": "2223.077383000", + "frame.number": "8208", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005832", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a65f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5237", + "tcp.ack": "757", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ef56", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:34.681351000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495814.681351000", + "frame.time_delta": "0.143282000", + "frame.time_delta_displayed": "0.143282000", + "frame.time_relative": "2223.220665000", + "frame.number": "8209", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001014", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd7d", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "757", + "tcp.ack": "5238", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f9cb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:34.712773000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495814.712773000", + "frame.time_delta": "0.031422000", + "frame.time_delta_displayed": "0.031422000", + "frame.time_relative": "2223.252087000", + "frame.number": "8210", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002021", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7cf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001161", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000292", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=658", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:34.713301000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495814.713301000", + "frame.time_delta": "0.000528000", + "frame.time_delta_displayed": "0.000528000", + "frame.time_relative": "2223.252615000", + "frame.number": "8211", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002022", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098ca", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f25c", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000292", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=658", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:34.713920000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495814.713920000", + "frame.time_delta": "0.000619000", + "frame.time_delta_displayed": "0.000619000", + "frame.time_relative": "2223.253234000", + "frame.number": "8212", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008022", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000292", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=658", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:36.675880000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495816.675880000", + "frame.time_delta": "1.961960000", + "frame.time_delta_displayed": "1.961960000", + "frame.time_relative": "2225.215194000", + "frame.number": "8213", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002129", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6eb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60335", + "udp.dstport": "1900", + "udp.port": "60335", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00005eae", + "udp.checksum.status": "2", + "udp.stream": "155" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:36.835892000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495816.835892000", + "frame.time_delta": "0.160012000", + "frame.time_delta_displayed": "0.160012000", + "frame.time_relative": "2225.375206000", + "frame.number": "8214", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005f3c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x000058ad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:37.357954000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495817.357954000", + "frame.time_delta": "0.522062000", + "frame.time_delta_displayed": "0.522062000", + "frame.time_relative": "2225.897268000", + "frame.number": "8215", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a5fb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001150", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "305", + "udp.checksum": "0x0000d96b", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:37.410805000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495817.410805000", + "frame.time_delta": "0.052851000", + "frame.time_delta_displayed": "0.052851000", + "frame.time_relative": "2225.950119000", + "frame.number": "8216", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a600", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001142", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "314", + "udp.checksum": "0x0000e756", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "8215" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:37.463672000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495817.463672000", + "frame.time_delta": "0.052867000", + "frame.time_delta_displayed": "0.052867000", + "frame.time_relative": "2226.002986000", + "frame.number": "8217", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a603", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001145", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "308", + "udp.checksum": "0x00000ae1", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "8216" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:37.676183000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495817.676183000", + "frame.time_delta": "0.212511000", + "frame.time_delta_displayed": "0.212511000", + "frame.time_relative": "2226.215497000", + "frame.number": "8218", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x0000212a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6ea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60335", + "udp.dstport": "1900", + "udp.port": "60335", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00005eae", + "udp.checksum.status": "2", + "udp.stream": "155" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "8213" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:38.415618000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495818.415618000", + "frame.time_delta": "0.739435000", + "frame.time_delta_displayed": "0.739435000", + "frame.time_relative": "2226.954932000", + "frame.number": "8219", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a643", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001108", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "305", + "udp.checksum": "0x0000d96b", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "8217" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:38.468363000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495818.468363000", + "frame.time_delta": "0.052745000", + "frame.time_delta_displayed": "0.052745000", + "frame.time_relative": "2227.007677000", + "frame.number": "8220", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a647", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000010fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "314", + "udp.checksum": "0x0000e756", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "8219" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:38.521150000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495818.521150000", + "frame.time_delta": "0.052787000", + "frame.time_delta_displayed": "0.052787000", + "frame.time_relative": "2227.060464000", + "frame.number": "8221", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a64c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000010fc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "308", + "udp.checksum": "0x00000ae1", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "8220" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:38.676371000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495818.676371000", + "frame.time_delta": "0.155221000", + "frame.time_delta_displayed": "0.155221000", + "frame.time_relative": "2227.215685000", + "frame.number": "8222", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x0000212b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6e9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60335", + "udp.dstport": "1900", + "udp.port": "60335", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00005eae", + "udp.checksum.status": "2", + "udp.stream": "155" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "8218" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:39.047160000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495819.047160000", + "frame.time_delta": "0.370789000", + "frame.time_delta_displayed": "0.370789000", + "frame.time_relative": "2227.586474000", + "frame.number": "8223", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a67c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000010cf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "305", + "udp.checksum": "0x0000d96b", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "8221" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:39.099916000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495819.099916000", + "frame.time_delta": "0.052756000", + "frame.time_delta_displayed": "0.052756000", + "frame.time_relative": "2227.639230000", + "frame.number": "8224", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a67d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000010c5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "314", + "udp.checksum": "0x0000e756", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "8223" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:39.152964000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495819.152964000", + "frame.time_delta": "0.053048000", + "frame.time_delta_displayed": "0.053048000", + "frame.time_relative": "2227.692278000", + "frame.number": "8225", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a682", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000010c6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "308", + "udp.checksum": "0x00000ae1", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "8224" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:39.547984000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495819.547984000", + "frame.time_delta": "0.395020000", + "frame.time_delta_displayed": "0.395020000", + "frame.time_relative": "2228.087298000", + "frame.number": "8226", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:39.548160000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495819.548160000", + "frame.time_delta": "0.000176000", + "frame.time_delta_displayed": "0.000176000", + "frame.time_relative": "2228.087474000", + "frame.number": "8227", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:39.677255000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495819.677255000", + "frame.time_delta": "0.129095000", + "frame.time_delta_displayed": "0.129095000", + "frame.time_relative": "2228.216569000", + "frame.number": "8228", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x0000212c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6e8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60335", + "udp.dstport": "1900", + "udp.port": "60335", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00005eae", + "udp.checksum.status": "2", + "udp.stream": "155" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "8222" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:39.713021000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495819.713021000", + "frame.time_delta": "0.035766000", + "frame.time_delta_displayed": "0.035766000", + "frame.time_relative": "2228.252335000", + "frame.number": "8229", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002023", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7cd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001161", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000292", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=658", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:39.713557000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495819.713557000", + "frame.time_delta": "0.000536000", + "frame.time_delta_displayed": "0.000536000", + "frame.time_relative": "2228.252871000", + "frame.number": "8230", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002024", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098c8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f25c", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000292", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=658", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:39.714172000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495819.714172000", + "frame.time_delta": "0.000615000", + "frame.time_delta_displayed": "0.000615000", + "frame.time_relative": "2228.253486000", + "frame.number": "8231", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008022", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000292", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=658", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:40.104614000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495820.104614000", + "frame.time_delta": "0.390442000", + "frame.time_delta_displayed": "0.390442000", + "frame.time_relative": "2228.643928000", + "frame.number": "8232", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a6c2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001089", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "305", + "udp.checksum": "0x0000d96b", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "8225" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:40.157364000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495820.157364000", + "frame.time_delta": "0.052750000", + "frame.time_delta_displayed": "0.052750000", + "frame.time_relative": "2228.696678000", + "frame.number": "8233", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a6c7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000107b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "314", + "udp.checksum": "0x0000e756", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "8232" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:40.210260000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495820.210260000", + "frame.time_delta": "0.052896000", + "frame.time_delta_displayed": "0.052896000", + "frame.time_relative": "2228.749574000", + "frame.number": "8234", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a6cb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000107d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "308", + "udp.checksum": "0x00000ae1", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "8233" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:40.420980000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495820.420980000", + "frame.time_delta": "0.210720000", + "frame.time_delta_displayed": "0.210720000", + "frame.time_relative": "2228.960294000", + "frame.number": "8235", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a6d3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001078", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "305", + "udp.checksum": "0x0000d96b", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "8234" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:40.473688000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495820.473688000", + "frame.time_delta": "0.052708000", + "frame.time_delta_displayed": "0.052708000", + "frame.time_relative": "2229.013002000", + "frame.number": "8236", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a6d7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000106b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "314", + "udp.checksum": "0x0000e756", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "8235" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:40.526512000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495820.526512000", + "frame.time_delta": "0.052824000", + "frame.time_delta_displayed": "0.052824000", + "frame.time_relative": "2229.065826000", + "frame.number": "8237", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a6dc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000106c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "308", + "udp.checksum": "0x00000ae1", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "8236" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:41.473150000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495821.473150000", + "frame.time_delta": "0.946638000", + "frame.time_delta_displayed": "0.946638000", + "frame.time_relative": "2230.012464000", + "frame.number": "8238", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a716", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001035", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "305", + "udp.checksum": "0x0000d96b", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "8237" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:41.526087000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495821.526087000", + "frame.time_delta": "0.052937000", + "frame.time_delta_displayed": "0.052937000", + "frame.time_relative": "2230.065401000", + "frame.number": "8239", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a717", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000102b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "314", + "udp.checksum": "0x0000e756", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "8238" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:41.578882000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495821.578882000", + "frame.time_delta": "0.052795000", + "frame.time_delta_displayed": "0.052795000", + "frame.time_relative": "2230.118196000", + "frame.number": "8240", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a71b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000102d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "308", + "udp.checksum": "0x00000ae1", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "8239" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:42.157648000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495822.157648000", + "frame.time_delta": "0.578766000", + "frame.time_delta_displayed": "0.578766000", + "frame.time_relative": "2230.696962000", + "frame.number": "8241", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a731", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000101a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "305", + "udp.checksum": "0x0000d96b", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "8240" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:42.210430000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495822.210430000", + "frame.time_delta": "0.052782000", + "frame.time_delta_displayed": "0.052782000", + "frame.time_relative": "2230.749744000", + "frame.number": "8242", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a737", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000100b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "314", + "udp.checksum": "0x0000e756", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "8241" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:42.263159000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495822.263159000", + "frame.time_delta": "0.052729000", + "frame.time_delta_displayed": "0.052729000", + "frame.time_relative": "2230.802473000", + "frame.number": "8243", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a73b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000100d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "308", + "udp.checksum": "0x00000ae1", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "8242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:43.210059000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495823.210059000", + "frame.time_delta": "0.946900000", + "frame.time_delta_displayed": "0.946900000", + "frame.time_relative": "2231.749373000", + "frame.number": "8244", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a759", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000ff2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "305", + "udp.checksum": "0x0000d96b", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "8243" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:43.263138000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495823.263138000", + "frame.time_delta": "0.053079000", + "frame.time_delta_displayed": "0.053079000", + "frame.time_relative": "2231.802452000", + "frame.number": "8245", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a75d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000fe5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "314", + "udp.checksum": "0x0000e756", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "8244" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:43.315874000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495823.315874000", + "frame.time_delta": "0.052736000", + "frame.time_delta_displayed": "0.052736000", + "frame.time_relative": "2231.855188000", + "frame.number": "8246", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a762", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000fe6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "60335", + "udp.port": "1900", + "udp.port": "60335", + "udp.length": "308", + "udp.checksum": "0x00000ae1", + "udp.checksum.status": "2", + "udp.stream": "156" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "8245" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:49.713652000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495829.713652000", + "frame.time_delta": "6.397778000", + "frame.time_delta_displayed": "6.397778000", + "frame.time_relative": "2238.252966000", + "frame.number": "8247", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002028", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7c8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001060", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000293", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=659", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:49.714460000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495829.714460000", + "frame.time_delta": "0.000808000", + "frame.time_delta_displayed": "0.000808000", + "frame.time_relative": "2238.253774000", + "frame.number": "8248", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002029", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098c3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f15b", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000293", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=659", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:49.715780000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495829.715780000", + "frame.time_delta": "0.001320000", + "frame.time_delta_displayed": "0.001320000", + "frame.time_relative": "2238.255094000", + "frame.number": "8249", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007f21", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000293", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=659", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:54.713919000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495834.713919000", + "frame.time_delta": "4.998139000", + "frame.time_delta_displayed": "4.998139000", + "frame.time_relative": "2243.253233000", + "frame.number": "8250", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000202a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7c6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001060", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000293", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=659", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:54.714431000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495834.714431000", + "frame.time_delta": "0.000512000", + "frame.time_delta_displayed": "0.000512000", + "frame.time_relative": "2243.253745000", + "frame.number": "8251", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000202b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098c1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f15b", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000293", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=659", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:54.715044000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495834.715044000", + "frame.time_delta": "0.000613000", + "frame.time_delta_displayed": "0.000613000", + "frame.time_relative": "2243.254358000", + "frame.number": "8252", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007f21", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000293", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=659", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:55.636034000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495835.636034000", + "frame.time_delta": "0.920990000", + "frame.time_delta_displayed": "0.920990000", + "frame.time_relative": "2244.175348000", + "frame.number": "8253", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:59.714202000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495839.714202000", + "frame.time_delta": "4.078168000", + "frame.time_delta_displayed": "4.078168000", + "frame.time_relative": "2248.253516000", + "frame.number": "8254", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000202c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7c4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001060", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000293", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=659", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:59.714703000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495839.714703000", + "frame.time_delta": "0.000501000", + "frame.time_delta_displayed": "0.000501000", + "frame.time_relative": "2248.254017000", + "frame.number": "8255", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000202d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098bf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f15b", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000293", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=659", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:23:59.715338000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495839.715338000", + "frame.time_delta": "0.000635000", + "frame.time_delta_displayed": "0.000635000", + "frame.time_relative": "2248.254652000", + "frame.number": "8256", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007f21", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000293", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=659", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:03.820095000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495843.820095000", + "frame.time_delta": "4.104757000", + "frame.time_delta_displayed": "4.104757000", + "frame.time_relative": "2252.359409000", + "frame.number": "8257", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009707", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007647", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "96080", + "tcp.nxtseq": "96129", + "tcp.ack": "19312", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000039ff", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:20:c8:a7:a3:74:9c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2629832, TSecr 2812507292": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2629832", + "tcp.options.timestamp.tsecr": "2812507292" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:9a:5f:a5:6e:e4:0e:2e:84:72:2d:e3:75:43:54:8c:9f:d3:34:04:12:b1:e0:3e:01:ba:77:e6:ae:19:32:f2:92:4d:51:4c:b9:8d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:03.880901000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495843.880901000", + "frame.time_delta": "0.060806000", + "frame.time_delta_displayed": "0.060806000", + "frame.time_relative": "2252.420215000", + "frame.number": "8258", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002df7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003751", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "19312", + "tcp.nxtseq": "19367", + "tcp.ack": "96129", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c206", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a3:92:f6:00:28:20:c8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812515062, TSecr 2629832": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812515062", + "tcp.options.timestamp.tsecr": "2629832" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8257", + "tcp.analysis.ack_rtt": "0.060806000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:da:ac:3a:a8:a7:fe:36:42:86:ad:3e:36:2b:09:12:a6:54:8b:7d:5c:94:e8:22:b8:26:48:15:3b:f8:b1:46:7f:c6:2c:0e:c2:90:de:e9:b4:f7:e4:b5" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:03.881413000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495843.881413000", + "frame.time_delta": "0.000512000", + "frame.time_delta_displayed": "0.000512000", + "frame.time_relative": "2252.420727000", + "frame.number": "8259", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009708", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007677", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "96129", + "tcp.ack": "19367", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000030a9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:20:ce:a7:a3:92:f6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2629838, TSecr 2812515062": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2629838", + "tcp.options.timestamp.tsecr": "2812515062" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8258", + "tcp.analysis.ack_rtt": "0.000512000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:04.404879000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495844.404879000", + "frame.time_delta": "0.523466000", + "frame.time_delta_displayed": "0.523466000", + "frame.time_relative": "2252.944193000", + "frame.number": "8260", + "frame.len": "94", + "frame.cap_len": "94", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "80", + "ip.id": "0x00005833", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a636", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "40", + "tcp.seq": "5238", + "tcp.nxtseq": "5278", + "tcp.ack": "757", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000788f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "40", + "tcp.analysis.push_bytes_sent": "40" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "35", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:f0:e8:6a:b5:69:a5:58:25:e1:0c:b1:90:7c:ed:5a:ce:02:d8:1d:2f:cb:13:e3:81:95:75:43:36" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:04.548157000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495844.548157000", + "frame.time_delta": "0.143278000", + "frame.time_delta_displayed": "0.143278000", + "frame.time_relative": "2253.087471000", + "frame.number": "8261", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00001015", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd58", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "36", + "tcp.seq": "757", + "tcp.nxtseq": "793", + "tcp.ack": "5278", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005dbc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8260", + "tcp.analysis.ack_rtt": "0.143278000", + "tcp.analysis.bytes_in_flight": "36", + "tcp.analysis.push_bytes_sent": "36" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "31", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:75:96:10:c6:ca:4c:85:ac:7f:e7:88:8c:3e:f1:8e:fb:94:75:8c:fb:44:f1:90:b9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:04.548690000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495844.548690000", + "frame.time_delta": "0.000533000", + "frame.time_delta_displayed": "0.000533000", + "frame.time_relative": "2253.088004000", + "frame.number": "8262", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005834", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a65d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5278", + "tcp.ack": "793", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ef09", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8261", + "tcp.analysis.ack_rtt": "0.000533000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:06.838765000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495846.838765000", + "frame.time_delta": "2.290075000", + "frame.time_delta_displayed": "2.290075000", + "frame.time_relative": "2255.378079000", + "frame.number": "8263", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005f48", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x000058a1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:08.890018000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495848.890018000", + "frame.time_delta": "2.051253000", + "frame.time_delta_displayed": "2.051253000", + "frame.time_relative": "2257.429332000", + "frame.number": "8264", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:08.890439000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495848.890439000", + "frame.time_delta": "0.000421000", + "frame.time_delta_displayed": "0.000421000", + "frame.time_relative": "2257.429753000", + "frame.number": "8265", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:09.550706000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495849.550706000", + "frame.time_delta": "0.660267000", + "frame.time_delta_displayed": "0.660267000", + "frame.time_relative": "2258.090020000", + "frame.number": "8266", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:09.551104000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495849.551104000", + "frame.time_delta": "0.000398000", + "frame.time_delta_displayed": "0.000398000", + "frame.time_relative": "2258.090418000", + "frame.number": "8267", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:09.714751000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495849.714751000", + "frame.time_delta": "0.163647000", + "frame.time_delta_displayed": "0.163647000", + "frame.time_relative": "2258.254065000", + "frame.number": "8268", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000202e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7c2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000195e", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000294", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=660", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:09.715264000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495849.715264000", + "frame.time_delta": "0.000513000", + "frame.time_delta_displayed": "0.000513000", + "frame.time_relative": "2258.254578000", + "frame.number": "8269", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000202f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098bd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000fa59", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000294", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=660", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:09.715877000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495849.715877000", + "frame.time_delta": "0.000613000", + "frame.time_delta_displayed": "0.000613000", + "frame.time_relative": "2258.255191000", + "frame.number": "8270", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000881f", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000294", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=660", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:10.244378000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495850.244378000", + "frame.time_delta": "0.528501000", + "frame.time_delta_displayed": "0.528501000", + "frame.time_relative": "2258.783692000", + "frame.number": "8271", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00000bc1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ecf7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "56", + "udp.checksum": "0x000016f1", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "30:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:84:74:02:36:7a:ce:f2:14:21:00:00:00:01:00:00:00:01:00:00:00:06:00:00:00", + "data.len": "48" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:11.518542000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495851.518542000", + "frame.time_delta": "1.274164000", + "frame.time_delta_displayed": "1.274164000", + "frame.time_relative": "2260.057856000", + "frame.number": "8272", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x000085a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000043b6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:11.571546000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495851.571546000", + "frame.time_delta": "0.053004000", + "frame.time_delta_displayed": "0.053004000", + "frame.time_relative": "2260.110860000", + "frame.number": "8273", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x000085a5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000043b2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:11.624448000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495851.624448000", + "frame.time_delta": "0.052902000", + "frame.time_delta_displayed": "0.052902000", + "frame.time_relative": "2260.163762000", + "frame.number": "8274", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x000085a9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000043a5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:11.677372000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495851.677372000", + "frame.time_delta": "0.052924000", + "frame.time_delta_displayed": "0.052924000", + "frame.time_relative": "2260.216686000", + "frame.number": "8275", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x000085ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000043a1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:11.730230000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495851.730230000", + "frame.time_delta": "0.052858000", + "frame.time_delta_displayed": "0.052858000", + "frame.time_relative": "2260.269544000", + "frame.number": "8276", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x000085b2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000043a2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:11.818766000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495851.818766000", + "frame.time_delta": "0.088536000", + "frame.time_delta_displayed": "0.088536000", + "frame.time_relative": "2260.358080000", + "frame.number": "8277", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x000085b5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000439f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:14.716079000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495854.716079000", + "frame.time_delta": "2.897313000", + "frame.time_delta_displayed": "2.897313000", + "frame.time_relative": "2263.255393000", + "frame.number": "8278", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002030", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7c0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000195e", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000294", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=660", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:14.718389000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495854.718389000", + "frame.time_delta": "0.002310000", + "frame.time_delta_displayed": "0.002310000", + "frame.time_relative": "2263.257703000", + "frame.number": "8279", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002031", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098bb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000fa59", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000294", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=660", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:14.725168000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495854.725168000", + "frame.time_delta": "0.006779000", + "frame.time_delta_displayed": "0.006779000", + "frame.time_relative": "2263.264482000", + "frame.number": "8280", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000881f", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000294", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=660", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:19.715310000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495859.715310000", + "frame.time_delta": "4.990142000", + "frame.time_delta_displayed": "4.990142000", + "frame.time_relative": "2268.254624000", + "frame.number": "8281", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002034", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000195e", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000294", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=660", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:19.715853000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495859.715853000", + "frame.time_delta": "0.000543000", + "frame.time_delta_displayed": "0.000543000", + "frame.time_relative": "2268.255167000", + "frame.number": "8282", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002035", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098b7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000fa59", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000294", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=660", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:19.716435000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495859.716435000", + "frame.time_delta": "0.000582000", + "frame.time_delta_displayed": "0.000582000", + "frame.time_relative": "2268.255749000", + "frame.number": "8283", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000881f", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000294", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=660", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:19.731589000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495859.731589000", + "frame.time_delta": "0.015154000", + "frame.time_delta_displayed": "0.015154000", + "frame.time_relative": "2268.270903000", + "frame.number": "8284", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:19.990820000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495859.990820000", + "frame.time_delta": "0.259231000", + "frame.time_delta_displayed": "0.259231000", + "frame.time_relative": "2268.530134000", + "frame.number": "8285", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:20.040461000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495860.040461000", + "frame.time_delta": "0.049641000", + "frame.time_delta_displayed": "0.049641000", + "frame.time_relative": "2268.579775000", + "frame.number": "8286", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:20.052956000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495860.052956000", + "frame.time_delta": "0.012495000", + "frame.time_delta_displayed": "0.012495000", + "frame.time_relative": "2268.592270000", + "frame.number": "8287", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:20.429196000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495860.429196000", + "frame.time_delta": "0.376240000", + "frame.time_delta_displayed": "0.376240000", + "frame.time_relative": "2268.968510000", + "frame.number": "8288", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:25.154452000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495865.154452000", + "frame.time_delta": "4.725256000", + "frame.time_delta_displayed": "4.725256000", + "frame.time_relative": "2273.693766000", + "frame.number": "8289", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:28.849621000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495868.849621000", + "frame.time_delta": "3.695169000", + "frame.time_delta_displayed": "3.695169000", + "frame.time_relative": "2277.388935000", + "frame.number": "8290", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:29.559232000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495869.559232000", + "frame.time_delta": "0.709611000", + "frame.time_delta_displayed": "0.709611000", + "frame.time_relative": "2278.098546000", + "frame.number": "8291", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:29.718187000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495869.718187000", + "frame.time_delta": "0.158955000", + "frame.time_delta_displayed": "0.158955000", + "frame.time_relative": "2278.257501000", + "frame.number": "8292", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002036", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000185d", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000295", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=661", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:29.718669000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495869.718669000", + "frame.time_delta": "0.000482000", + "frame.time_delta_displayed": "0.000482000", + "frame.time_relative": "2278.257983000", + "frame.number": "8293", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002037", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098b5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f958", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000295", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=661", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:29.719100000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495869.719100000", + "frame.time_delta": "0.000431000", + "frame.time_delta_displayed": "0.000431000", + "frame.time_relative": "2278.258414000", + "frame.number": "8294", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000871e", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000295", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=661", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:33.119195000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495873.119195000", + "frame.time_delta": "3.400095000", + "frame.time_delta_displayed": "3.400095000", + "frame.time_relative": "2281.658509000", + "frame.number": "8295", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x00009709", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007516", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "96129", + "tcp.nxtseq": "96481", + "tcp.ack": "19367", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005536", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:2c:3a:a7:a3:92:f6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2632762, TSecr 2812515062": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2632762", + "tcp.options.timestamp.tsecr": "2812515062" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "352", + "tcp.analysis.push_bytes_sent": "352" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "347", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:9b:59:60:40:5d:5f:b7:54:68:a8:ae:42:3d:1d:69:79:a5:51:61:82:94:9e:2e:30:94:6e:f5:5e:b1:ea:68:90:3b:53:a1:60:f9:97:17:65:d3:cf:2c:9a:0a:fd:47:d5:6e:14:3e:5c:dc:68:3a:27:f9:dd:bb:5d:4d:1d:d4:8d:da:1c:cd:16:a1:ae:fa:87:3d:1e:c7:37:6b:0e:e5:6a:a6:cf:58:f5:a6:ed:d2:a7:be:f8:a0:04:9e:3e:e5:34:b2:0d:99:82:d3:41:84:77:4c:d1:a8:f7:8b:80:f9:9b:b3:89:4e:91:42:7f:f4:5a:a0:0f:1b:4a:27:ff:d0:04:af:fe:60:4a:22:02:29:3d:fd:db:c4:1c:c4:c0:29:6f:cf:12:9d:6c:5d:9d:91:9d:ac:61:57:a8:79:13:2d:59:1e:ae:70:ed:b3:1b:20:b7:c2:a5:14:66:23:9c:a9:43:c9:60:8b:67:d1:2a:44:25:42:05:4e:ef:3b:aa:68:a7:13:0e:b8:ed:d7:6f:4a:74:e3:06:ac:26:a1:6b:b2:c3:5f:a7:0f:4b:2c:70:46:f1:4b:ac:1a:da:b4:87:de:4c:30:d4:d1:62:eb:34:b5:d8:d3:89:fc:13:5e:85:ff:ef:79:e5:af:d6:b0:2d:78:c9:25:63:d1:23:0c:a2:a2:9f:ea:9f:cc:2a:f8:b7:8b:15:70:c6:3e:fe:b0:4e:a7:a4:9b:fa:60:e8:2e:2e:a9:65:15:59:24:ee:71:ce:a2:7b:38:05:eb:87:23:53:eb:58:17:03:b8:fa:23:00:8f:4f:66:53:fd:9f:7d:04:f9:68:c2:bb:c8:fd:58:e4:33:66:c3:ea:a7:1e:b9:c4:0d:29:18:2b:45:c6:45:48:ad:88:59:6c:70:a1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:33.187426000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495873.187426000", + "frame.time_delta": "0.068231000", + "frame.time_delta_displayed": "0.068231000", + "frame.time_relative": "2281.726740000", + "frame.number": "8296", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002df8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003758", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "19367", + "tcp.nxtseq": "19414", + "tcp.ack": "96481", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000019f7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a3:af:95:00:28:2c:3a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812522389, TSecr 2632762": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812522389", + "tcp.options.timestamp.tsecr": "2632762" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8295", + "tcp.analysis.ack_rtt": "0.068231000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:db:3c:ca:8d:1b:26:2b:a1:e4:dc:d3:56:6a:af:92:82:d3:34:35:45:a7:86:41:0e:f3:69:60:52:a5:8a:e7:47:60:a7:a9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:33.187865000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495873.187865000", + "frame.time_delta": "0.000439000", + "frame.time_delta_displayed": "0.000439000", + "frame.time_relative": "2281.727179000", + "frame.number": "8297", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000970a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007675", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "96481", + "tcp.ack": "19414", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000708", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:2c:41:a7:a3:af:95", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2632769, TSecr 2812522389": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2632769", + "tcp.options.timestamp.tsecr": "2812522389" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8296", + "tcp.analysis.ack_rtt": "0.000439000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:34.658011000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495874.658011000", + "frame.time_delta": "1.470146000", + "frame.time_delta_displayed": "1.470146000", + "frame.time_relative": "2283.197325000", + "frame.number": "8298", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005835", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a65c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5277", + "tcp.ack": "793", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ef0a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:34.718153000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495874.718153000", + "frame.time_delta": "0.060142000", + "frame.time_delta_displayed": "0.060142000", + "frame.time_relative": "2283.257467000", + "frame.number": "8299", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000203b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7b5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000185d", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000295", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=661", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:34.718691000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495874.718691000", + "frame.time_delta": "0.000538000", + "frame.time_delta_displayed": "0.000538000", + "frame.time_relative": "2283.258005000", + "frame.number": "8300", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000203c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098b0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f958", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000295", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=661", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:34.719306000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495874.719306000", + "frame.time_delta": "0.000615000", + "frame.time_delta_displayed": "0.000615000", + "frame.time_relative": "2283.258620000", + "frame.number": "8301", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000871e", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000295", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=661", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:34.801006000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495874.801006000", + "frame.time_delta": "0.081700000", + "frame.time_delta_displayed": "0.081700000", + "frame.time_relative": "2283.340320000", + "frame.number": "8302", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001016", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd7b", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "793", + "tcp.ack": "5278", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f97f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:36.842117000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495876.842117000", + "frame.time_delta": "2.041111000", + "frame.time_delta_displayed": "2.041111000", + "frame.time_relative": "2285.381431000", + "frame.number": "8303", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005f4f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x0000589a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:39.667946000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495879.667946000", + "frame.time_delta": "2.825829000", + "frame.time_delta_displayed": "2.825829000", + "frame.time_relative": "2288.207260000", + "frame.number": "8304", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:39.668077000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495879.668077000", + "frame.time_delta": "0.000131000", + "frame.time_delta_displayed": "0.000131000", + "frame.time_relative": "2288.207391000", + "frame.number": "8305", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:39.718471000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495879.718471000", + "frame.time_delta": "0.050394000", + "frame.time_delta_displayed": "0.050394000", + "frame.time_relative": "2288.257785000", + "frame.number": "8306", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000203d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7b3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000185d", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000295", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=661", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:39.718961000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495879.718961000", + "frame.time_delta": "0.000490000", + "frame.time_delta_displayed": "0.000490000", + "frame.time_relative": "2288.258275000", + "frame.number": "8307", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000203e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098ae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f958", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000295", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=661", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:39.719569000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495879.719569000", + "frame.time_delta": "0.000608000", + "frame.time_delta_displayed": "0.000608000", + "frame.time_relative": "2288.258883000", + "frame.number": "8308", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000871e", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000295", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=661", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:49.718999000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495889.718999000", + "frame.time_delta": "9.999430000", + "frame.time_delta_displayed": "9.999430000", + "frame.time_relative": "2298.258313000", + "frame.number": "8309", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000203f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7b1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000175c", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000296", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=662", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:49.719515000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495889.719515000", + "frame.time_delta": "0.000516000", + "frame.time_delta_displayed": "0.000516000", + "frame.time_relative": "2298.258829000", + "frame.number": "8310", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002040", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f857", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000296", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=662", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:49.720132000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495889.720132000", + "frame.time_delta": "0.000617000", + "frame.time_delta_displayed": "0.000617000", + "frame.time_relative": "2298.259446000", + "frame.number": "8311", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000861d", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000296", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=662", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:54.719279000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495894.719279000", + "frame.time_delta": "4.999147000", + "frame.time_delta_displayed": "4.999147000", + "frame.time_relative": "2303.258593000", + "frame.number": "8312", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002041", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7af", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000175c", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000296", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=662", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:54.719794000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495894.719794000", + "frame.time_delta": "0.000515000", + "frame.time_delta_displayed": "0.000515000", + "frame.time_relative": "2303.259108000", + "frame.number": "8313", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002042", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098aa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f857", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000296", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=662", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:54.720569000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495894.720569000", + "frame.time_delta": "0.000775000", + "frame.time_delta_displayed": "0.000775000", + "frame.time_relative": "2303.259883000", + "frame.number": "8314", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000861d", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000296", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=662", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:59.719451000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495899.719451000", + "frame.time_delta": "4.998882000", + "frame.time_delta_displayed": "4.998882000", + "frame.time_relative": "2308.258765000", + "frame.number": "8315", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002043", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7ad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000175c", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000296", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=662", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:59.720139000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495899.720139000", + "frame.time_delta": "0.000688000", + "frame.time_delta_displayed": "0.000688000", + "frame.time_relative": "2308.259453000", + "frame.number": "8316", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002044", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098a8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f857", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000296", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=662", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:24:59.720547000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495899.720547000", + "frame.time_delta": "0.000408000", + "frame.time_delta_displayed": "0.000408000", + "frame.time_relative": "2308.259861000", + "frame.number": "8317", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000861d", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000296", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=662", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:04.206015000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495904.206015000", + "frame.time_delta": "4.485468000", + "frame.time_delta_displayed": "4.485468000", + "frame.time_relative": "2312.745329000", + "frame.number": "8318", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x0000970b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007643", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "96481", + "tcp.nxtseq": "96530", + "tcp.ack": "19414", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002a6f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:38:5f:a7:a3:af:95", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2635871, TSecr 2812522389": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2635871", + "tcp.options.timestamp.tsecr": "2812522389" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:9c:5b:69:bd:c2:23:28:78:e6:30:62:93:d1:f2:1a:62:b9:3b:cd:b4:90:2c:1d:cc:35:b2:7c:9e:49:e2:37:da:ed:8f:c1:cb:90" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:04.266566000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495904.266566000", + "frame.time_delta": "0.060551000", + "frame.time_delta_displayed": "0.060551000", + "frame.time_relative": "2312.805880000", + "frame.number": "8319", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002df9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000374f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "19414", + "tcp.nxtseq": "19469", + "tcp.ack": "96530", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000072cb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a3:cd:ef:00:28:38:5f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812530159, TSecr 2635871": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812530159", + "tcp.options.timestamp.tsecr": "2635871" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8318", + "tcp.analysis.ack_rtt": "0.060551000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:dc:df:38:19:41:d8:18:d5:4e:d1:9b:aa:07:ae:c2:a1:9a:7c:7a:fd:08:c6:de:55:57:14:bc:dd:f5:2d:e9:6d:47:df:19:31:f1:8f:27:ec:b6:5e:ad" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:04.267068000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495904.267068000", + "frame.time_delta": "0.000502000", + "frame.time_delta_displayed": "0.000502000", + "frame.time_relative": "2312.806382000", + "frame.number": "8320", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000970c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007673", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "96530", + "tcp.ack": "19469", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000dc21", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:38:65:a7:a3:cd:ef", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2635877, TSecr 2812530159": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2635877", + "tcp.options.timestamp.tsecr": "2812530159" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8319", + "tcp.analysis.ack_rtt": "0.000502000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:04.617834000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495904.617834000", + "frame.time_delta": "0.350766000", + "frame.time_delta_displayed": "0.350766000", + "frame.time_relative": "2313.157148000", + "frame.number": "8321", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x000096e1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00003276", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:04.670978000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495904.670978000", + "frame.time_delta": "0.053144000", + "frame.time_delta_displayed": "0.053144000", + "frame.time_relative": "2313.210292000", + "frame.number": "8322", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x000096e6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00003271", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:04.723875000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495904.723875000", + "frame.time_delta": "0.052897000", + "frame.time_delta_displayed": "0.052897000", + "frame.time_relative": "2313.263189000", + "frame.number": "8323", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x000096e7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00003267", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:04.776758000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495904.776758000", + "frame.time_delta": "0.052883000", + "frame.time_delta_displayed": "0.052883000", + "frame.time_relative": "2313.316072000", + "frame.number": "8324", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x000096e8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00003266", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:04.797981000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495904.797981000", + "frame.time_delta": "0.021223000", + "frame.time_delta_displayed": "0.021223000", + "frame.time_relative": "2313.337295000", + "frame.number": "8325", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005836", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a65b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5277", + "tcp.ack": "793", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ef0a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:04.829945000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495904.829945000", + "frame.time_delta": "0.031964000", + "frame.time_delta_displayed": "0.031964000", + "frame.time_relative": "2313.369259000", + "frame.number": "8326", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x000096ea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000326a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:04.882823000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495904.882823000", + "frame.time_delta": "0.052878000", + "frame.time_delta_displayed": "0.052878000", + "frame.time_relative": "2313.422137000", + "frame.number": "8327", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x000096ee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00003266", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:04.941132000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495904.941132000", + "frame.time_delta": "0.058309000", + "frame.time_delta_displayed": "0.058309000", + "frame.time_relative": "2313.480446000", + "frame.number": "8328", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001017", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd7a", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "793", + "tcp.ack": "5278", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f97f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:06.845148000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495906.845148000", + "frame.time_delta": "1.904016000", + "frame.time_delta_displayed": "1.904016000", + "frame.time_relative": "2315.384462000", + "frame.number": "8329", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005f56", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005893", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:09.270190000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495909.270190000", + "frame.time_delta": "2.425042000", + "frame.time_delta_displayed": "2.425042000", + "frame.time_relative": "2317.809504000", + "frame.number": "8330", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:09.270623000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495909.270623000", + "frame.time_delta": "0.000433000", + "frame.time_delta_displayed": "0.000433000", + "frame.time_relative": "2317.809937000", + "frame.number": "8331", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:09.429153000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495909.429153000", + "frame.time_delta": "0.158530000", + "frame.time_delta_displayed": "0.158530000", + "frame.time_relative": "2317.968467000", + "frame.number": "8332", + "frame.len": "318", + "frame.cap_len": "318", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "304", + "ip.id": "0x0000cc15", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x0000c6b0", + "ip.checksum.status": "2", + "ip.src": "54.241.191.240", + "ip.addr": "54.241.191.240", + "ip.src_host": "54.241.191.240", + "ip.host": "54.241.191.240", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49780", + "tcp.port": "80", + "tcp.port": "49780", + "tcp.stream": "305", + "tcp.len": "264", + "tcp.seq": "1", + "tcp.nxtseq": "265", + "tcp.ack": "258", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "15544", + "tcp.window_size": "15544", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000052e8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018703000", + "tcp.analysis.bytes_in_flight": "264", + "tcp.analysis.push_bytes_sent": "264" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.date": "Wed, 01 Nov 2017 00:25:09 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:25:09 GMT\r\n", + "http.content_type": "text\/javascript; charset=\"UTF-8\"", + "http.response.line": "Content-Type: text\/javascript; charset=\"UTF-8\"\r\n", + "http.content_length_header": "24", + "http.content_length_header_tree": { + "http.content_length": "24" + }, + "http.response.line": "Content-Length: 24\r\n", + "http.connection": "keep-alive", + "http.response.line": "Connection: keep-alive\r\n", + "http.cache_control": "no-cache", + "http.response.line": "Cache-Control: no-cache\r\n", + "http.response.line": "Access-Control-Allow-Origin: *\r\n", + "http.response.line": "Access-Control-Allow-Methods: GET\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "280.035478000", + "http.request_in": "7819", + "http.file_data": "[[],\"15094945528362978\"]" + }, + "data-text-lines": { + "[[],\"15094945528362978\"]": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:09.462349000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495909.462349000", + "frame.time_delta": "0.033196000", + "frame.time_delta_displayed": "0.033196000", + "frame.time_relative": "2318.001663000", + "frame.number": "8333", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001073", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f35a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.240", + "ip.addr": "54.241.191.240", + "ip.dst_host": "54.241.191.240", + "ip.host": "54.241.191.240", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49780", + "tcp.dstport": "80", + "tcp.port": "49780", + "tcp.port": "80", + "tcp.stream": "305", + "tcp.len": "0", + "tcp.seq": "258", + "tcp.ack": "265", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5336", + "tcp.window_size": "5336", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000068e6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8332", + "tcp.analysis.ack_rtt": "0.033196000", + "tcp.analysis.initial_rtt": "0.018703000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:09.474674000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495909.474674000", + "frame.time_delta": "0.012325000", + "frame.time_delta_displayed": "0.012325000", + "frame.time_relative": "2318.013988000", + "frame.number": "8334", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000cc16", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x0000c7b7", + "ip.checksum.status": "2", + "ip.src": "54.241.191.240", + "ip.addr": "54.241.191.240", + "ip.src_host": "54.241.191.240", + "ip.host": "54.241.191.240", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49780", + "tcp.port": "80", + "tcp.port": "49780", + "tcp.stream": "305", + "tcp.len": "0", + "tcp.seq": "265", + "tcp.ack": "259", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "15544", + "tcp.window_size": "15544", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00004105", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8333", + "tcp.analysis.ack_rtt": "0.012325000", + "tcp.analysis.initial_rtt": "0.018703000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:09.480489000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495909.480489000", + "frame.time_delta": "0.005815000", + "frame.time_delta_displayed": "0.005815000", + "frame.time_relative": "2318.019803000", + "frame.number": "8335", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001074", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f359", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.240", + "ip.addr": "54.241.191.240", + "ip.dst_host": "54.241.191.240", + "ip.host": "54.241.191.240", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49780", + "tcp.dstport": "80", + "tcp.port": "49780", + "tcp.port": "80", + "tcp.stream": "305", + "tcp.len": "0", + "tcp.seq": "259", + "tcp.ack": "266", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5335", + "tcp.window_size": "5335", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000068e6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8334", + "tcp.analysis.ack_rtt": "0.005815000", + "tcp.analysis.initial_rtt": "0.018703000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:09.720131000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495909.720131000", + "frame.time_delta": "0.239642000", + "frame.time_delta_displayed": "0.239642000", + "frame.time_relative": "2318.259445000", + "frame.number": "8336", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002045", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7ab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000165b", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000297", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=663", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:09.720642000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495909.720642000", + "frame.time_delta": "0.000511000", + "frame.time_delta_displayed": "0.000511000", + "frame.time_relative": "2318.259956000", + "frame.number": "8337", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002046", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098a6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f756", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000297", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=663", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:09.721267000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495909.721267000", + "frame.time_delta": "0.000625000", + "frame.time_delta_displayed": "0.000625000", + "frame.time_relative": "2318.260581000", + "frame.number": "8338", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000851c", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000297", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=663", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:09.807956000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495909.807956000", + "frame.time_delta": "0.086689000", + "frame.time_delta_displayed": "0.086689000", + "frame.time_relative": "2318.347270000", + "frame.number": "8339", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:09.808124000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495909.808124000", + "frame.time_delta": "0.000168000", + "frame.time_delta_displayed": "0.000168000", + "frame.time_relative": "2318.347438000", + "frame.number": "8340", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:10.468867000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495910.468867000", + "frame.time_delta": "0.660743000", + "frame.time_delta_displayed": "0.660743000", + "frame.time_relative": "2319.008181000", + "frame.number": "8341", + "frame.len": "77", + "frame.cap_len": "77", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "63", + "ip.id": "0x00001075", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000296f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49153", + "udp.dstport": "53", + "udp.port": "49153", + "udp.port": "53", + "udp.length": "43", + "udp.checksum": "0x0000ae31", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "pubsub.pubnub.com: type A, class IN": { + "dns.qry.name": "pubsub.pubnub.com", + "dns.qry.name.len": "17", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:10.470887000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495910.470887000", + "frame.time_delta": "0.002020000", + "frame.time_delta_displayed": "0.002020000", + "frame.time_relative": "2319.010201000", + "frame.number": "8342", + "frame.len": "540", + "frame.cap_len": "540", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "526", + "ip.id": "0x00008423", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000032f2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49153", + "udp.port": "53", + "udp.port": "49153", + "udp.length": "506", + "udp.checksum": "0x000083d5", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.response_to": "8341", + "dns.time": "0.002020000", + "dns.id": "0x00000000", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "2", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "11", + "Queries": { + "pubsub.pubnub.com: type A, class IN": { + "dns.qry.name": "pubsub.pubnub.com", + "dns.qry.name.len": "17", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "pubsub.pubnub.com: type A, class IN, addr 54.219.189.242": { + "dns.resp.name": "pubsub.pubnub.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "152", + "dns.resp.len": "4", + "dns.a": "54.219.189.242" + }, + "pubsub.pubnub.com: type A, class IN, addr 54.219.189.244": { + "dns.resp.name": "pubsub.pubnub.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "152", + "dns.resp.len": "4", + "dns.a": "54.219.189.244" + } + }, + "Authoritative nameservers": { + "pubnub.com: type NS, class IN, ns ns3.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51649", + "dns.resp.len": "20", + "dns.ns": "ns3.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns2.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51649", + "dns.resp.len": "6", + "dns.ns": "ns2.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns-1127.awsdns-12.org": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51649", + "dns.resp.len": "23", + "dns.ns": "ns-1127.awsdns-12.org" + }, + "pubnub.com: type NS, class IN, ns ns-22.awsdns-02.com": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51649", + "dns.resp.len": "18", + "dns.ns": "ns-22.awsdns-02.com" + }, + "pubnub.com: type NS, class IN, ns ns-1979.awsdns-55.co.uk": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51649", + "dns.resp.len": "25", + "dns.ns": "ns-1979.awsdns-55.co.uk" + }, + "pubnub.com: type NS, class IN, ns ns4.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51649", + "dns.resp.len": "6", + "dns.ns": "ns4.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns-907.awsdns-49.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51649", + "dns.resp.len": "19", + "dns.ns": "ns-907.awsdns-49.net" + }, + "pubnub.com: type NS, class IN, ns ns1.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51649", + "dns.resp.len": "6", + "dns.ns": "ns1.p19.dynect.net" + } + }, + "Additional records": { + "ns1.p19.dynect.net: type A, class IN, addr 208.78.70.19": { + "dns.resp.name": "ns1.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3940", + "dns.resp.len": "4", + "dns.a": "208.78.70.19" + }, + "ns2.p19.dynect.net: type A, class IN, addr 204.13.250.19": { + "dns.resp.name": "ns2.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "55900", + "dns.resp.len": "4", + "dns.a": "204.13.250.19" + }, + "ns3.p19.dynect.net: type A, class IN, addr 208.78.71.19": { + "dns.resp.name": "ns3.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2210", + "dns.resp.len": "4", + "dns.a": "208.78.71.19" + }, + "ns4.p19.dynect.net: type A, class IN, addr 204.13.251.19": { + "dns.resp.name": "ns4.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "55901", + "dns.resp.len": "4", + "dns.a": "204.13.251.19" + }, + "ns-22.awsdns-02.com: type A, class IN, addr 205.251.192.22": { + "dns.resp.name": "ns-22.awsdns-02.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56642", + "dns.resp.len": "4", + "dns.a": "205.251.192.22" + }, + "ns-907.awsdns-49.net: type A, class IN, addr 205.251.195.139": { + "dns.resp.name": "ns-907.awsdns-49.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56750", + "dns.resp.len": "4", + "dns.a": "205.251.195.139" + }, + "ns-1127.awsdns-12.org: type A, class IN, addr 205.251.196.103": { + "dns.resp.name": "ns-1127.awsdns-12.org", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56292", + "dns.resp.len": "4", + "dns.a": "205.251.196.103" + }, + "ns-1979.awsdns-55.co.uk: type A, class IN, addr 205.251.199.187": { + "dns.resp.name": "ns-1979.awsdns-55.co.uk", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56093", + "dns.resp.len": "4", + "dns.a": "205.251.199.187" + }, + "ns-22.awsdns-02.com: type AAAA, class IN, addr 2600:9000:5300:1600::1": { + "dns.resp.name": "ns-22.awsdns-02.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56642", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5300:1600::1" + }, + "ns-907.awsdns-49.net: type AAAA, class IN, addr 2600:9000:5303:8b00::1": { + "dns.resp.name": "ns-907.awsdns-49.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56750", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5303:8b00::1" + }, + "ns-1127.awsdns-12.org: type AAAA, class IN, addr 2600:9000:5304:6700::1": { + "dns.resp.name": "ns-1127.awsdns-12.org", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56292", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5304:6700::1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:10.477690000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495910.477690000", + "frame.time_delta": "0.006803000", + "frame.time_delta_displayed": "0.006803000", + "frame.time_relative": "2319.017004000", + "frame.number": "8343", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00001076", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f567", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.189.242", + "ip.addr": "54.219.189.242", + "ip.dst_host": "54.219.189.242", + "ip.host": "54.219.189.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49782", + "tcp.dstport": "80", + "tcp.port": "49782", + "tcp.port": "80", + "tcp.stream": "320", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.checksum": "0x0000fbae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:78", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1400" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:10.490248000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495910.490248000", + "frame.time_delta": "0.012558000", + "frame.time_delta_displayed": "0.012558000", + "frame.time_relative": "2319.029562000", + "frame.number": "8344", + "frame.len": "58", + "frame.cap_len": "58", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x000095de", + "ip.checksum.status": "2", + "ip.src": "54.219.189.242", + "ip.addr": "54.219.189.242", + "ip.src_host": "54.219.189.242", + "ip.host": "54.219.189.242", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49782", + "tcp.port": "80", + "tcp.port": "49782", + "tcp.stream": "320", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x0000bf78", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8343", + "tcp.analysis.ack_rtt": "0.012558000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:10.495788000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495910.495788000", + "frame.time_delta": "0.005540000", + "frame.time_delta_displayed": "0.005540000", + "frame.time_relative": "2319.035102000", + "frame.number": "8345", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001077", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f56a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.189.242", + "ip.addr": "54.219.189.242", + "ip.dst_host": "54.219.189.242", + "ip.host": "54.219.189.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49782", + "tcp.dstport": "80", + "tcp.port": "49782", + "tcp.port": "80", + "tcp.stream": "320", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000fa5d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8344", + "tcp.analysis.ack_rtt": "0.005540000", + "tcp.analysis.initial_rtt": "0.018098000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:10.514874000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495910.514874000", + "frame.time_delta": "0.019086000", + "frame.time_delta_displayed": "0.019086000", + "frame.time_relative": "2319.054188000", + "frame.number": "8346", + "frame.len": "69", + "frame.cap_len": "69", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "55", + "ip.id": "0x00001078", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f55a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.189.242", + "ip.addr": "54.219.189.242", + "ip.dst_host": "54.219.189.242", + "ip.host": "54.219.189.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49782", + "tcp.dstport": "80", + "tcp.port": "49782", + "tcp.port": "80", + "tcp.stream": "320", + "tcp.len": "15", + "tcp.seq": "1", + "tcp.nxtseq": "16", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000042d9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018098000", + "tcp.analysis.bytes_in_flight": "15", + "tcp.analysis.push_bytes_sent": "15" + }, + "tcp.segment_data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:10.526586000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495910.526586000", + "frame.time_delta": "0.011712000", + "frame.time_delta_displayed": "0.011712000", + "frame.time_relative": "2319.065900000", + "frame.number": "8347", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008656", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x00000f8c", + "ip.checksum.status": "2", + "ip.src": "54.219.189.242", + "ip.addr": "54.219.189.242", + "ip.src_host": "54.219.189.242", + "ip.host": "54.219.189.242", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49782", + "tcp.port": "80", + "tcp.port": "49782", + "tcp.stream": "320", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "16", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000d726", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8346", + "tcp.analysis.ack_rtt": "0.011712000", + "tcp.analysis.initial_rtt": "0.018098000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:10.532644000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495910.532644000", + "frame.time_delta": "0.006058000", + "frame.time_delta_displayed": "0.006058000", + "frame.time_relative": "2319.071958000", + "frame.number": "8348", + "frame.len": "296", + "frame.cap_len": "296", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "282", + "ip.id": "0x00001079", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f476", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.189.242", + "ip.addr": "54.219.189.242", + "ip.dst_host": "54.219.189.242", + "ip.host": "54.219.189.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49782", + "tcp.dstport": "80", + "tcp.port": "49782", + "tcp.port": "80", + "tcp.stream": "320", + "tcp.len": "242", + "tcp.seq": "16", + "tcp.nxtseq": "258", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000796c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018098000", + "tcp.analysis.bytes_in_flight": "242", + "tcp.analysis.push_bytes_sent": "242" + }, + "tcp.segment_data": "73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" + }, + "tcp.segments": { + "tcp.segment": "8346", + "tcp.segment": "8348", + "tcp.segment.count": "2", + "tcp.reassembled.length": "257", + "tcp.reassembled.data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f:73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" + }, + "http": { + "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "pubsub.pubnub.com", + "http.request.line": "Host: pubsub.pubnub.com\r\n", + "http.user_agent": "lwsockets\/0.1", + "http.request.line": "User-Agent: lwsockets\/0.1\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.cache_control": "no-cache, no-store, max-age=0", + "http.request.line": "Cache-Control: no-cache, no-store, max-age=0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/pubsub.pubnub.com\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:10.546766000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495910.546766000", + "frame.time_delta": "0.014122000", + "frame.time_delta_displayed": "0.014122000", + "frame.time_relative": "2319.086080000", + "frame.number": "8349", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008657", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x00000f8b", + "ip.checksum.status": "2", + "ip.src": "54.219.189.242", + "ip.addr": "54.219.189.242", + "ip.src_host": "54.219.189.242", + "ip.host": "54.219.189.242", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49782", + "tcp.port": "80", + "tcp.port": "49782", + "tcp.stream": "320", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "258", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "15544", + "tcp.window_size": "15544", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000d284", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8348", + "tcp.analysis.ack_rtt": "0.014122000", + "tcp.analysis.initial_rtt": "0.018098000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:14.430190000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495914.430190000", + "frame.time_delta": "3.883424000", + "frame.time_delta_displayed": "3.883424000", + "frame.time_relative": "2322.969504000", + "frame.number": "8350", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.120" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:14.436421000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495914.436421000", + "frame.time_delta": "0.006231000", + "frame.time_delta_displayed": "0.006231000", + "frame.time_relative": "2322.975735000", + "frame.number": "8351", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "e4:95:6e:b0:20:39", + "arp.src.proto_ipv4": "192.168.0.120", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:14.723179000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495914.723179000", + "frame.time_delta": "0.286758000", + "frame.time_delta_displayed": "0.286758000", + "frame.time_relative": "2323.262493000", + "frame.number": "8352", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002047", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7a9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000165b", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000297", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=663", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:14.723715000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495914.723715000", + "frame.time_delta": "0.000536000", + "frame.time_delta_displayed": "0.000536000", + "frame.time_relative": "2323.263029000", + "frame.number": "8353", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002048", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098a4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f756", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000297", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=663", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:14.724080000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495914.724080000", + "frame.time_delta": "0.000365000", + "frame.time_delta_displayed": "0.000365000", + "frame.time_relative": "2323.263394000", + "frame.number": "8354", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000851c", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000297", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=663", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:19.720678000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495919.720678000", + "frame.time_delta": "4.996598000", + "frame.time_delta_displayed": "4.996598000", + "frame.time_relative": "2328.259992000", + "frame.number": "8355", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000204e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7a2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000165b", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000297", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=663", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:19.721225000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495919.721225000", + "frame.time_delta": "0.000547000", + "frame.time_delta_displayed": "0.000547000", + "frame.time_relative": "2328.260539000", + "frame.number": "8356", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000204f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000989d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f756", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000297", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=663", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:19.721823000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495919.721823000", + "frame.time_delta": "0.000598000", + "frame.time_delta_displayed": "0.000598000", + "frame.time_relative": "2328.261137000", + "frame.number": "8357", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000851c", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000297", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=663", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:21.703302000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495921.703302000", + "frame.time_delta": "1.981479000", + "frame.time_delta_displayed": "1.981479000", + "frame.time_relative": "2330.242616000", + "frame.number": "8358", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:7d:55:a4", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:7d:55:a4", + "eth.addr": "33:33:ff:7d:55:a4", + "eth.addr_resolved": "IPv6mcast_ff:7d:55:a4", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "32", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fd1e:4e89:3b7b::1", + "ipv6.addr": "fd1e:4e89:3b7b::1", + "ipv6.src_host": "fd1e:4e89:3b7b::1", + "ipv6.host": "fd1e:4e89:3b7b::1", + "ipv6.dst": "ff02::1:ff7d:55a4", + "ipv6.addr": "ff02::1:ff7d:55a4", + "ipv6.dst_host": "ff02::1:ff7d:55a4", + "ipv6.host": "ff02::1:ff7d:55a4", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x000088d0", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b:0:9c50:1137:e47d:55a4", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:28.849815000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495928.849815000", + "frame.time_delta": "7.146513000", + "frame.time_delta_displayed": "7.146513000", + "frame.time_relative": "2337.389129000", + "frame.number": "8359", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.433482000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.433482000", + "frame.time_delta": "1.583667000", + "frame.time_delta_displayed": "1.583667000", + "frame.time_relative": "2338.972796000", + "frame.number": "8360", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x0000212d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e717", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52117", + "udp.dstport": "1900", + "udp.port": "52117", + "udp.port": "1900", + "udp.length": "134", + "udp.checksum": "0x00004d48", + "udp.checksum.status": "2", + "udp.stream": "10" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "20", + "http.prev_request_in": "8134" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.815974000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.815974000", + "frame.time_delta": "0.382492000", + "frame.time_delta_displayed": "0.382492000", + "frame.time_relative": "2339.355288000", + "frame.number": "8361", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a81a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000f31", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "115", + "http.prev_response_in": "8193" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.825383000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.825383000", + "frame.time_delta": "0.009409000", + "frame.time_delta_displayed": "0.009409000", + "frame.time_relative": "2339.364697000", + "frame.number": "8362", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001cec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b7b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54865", + "tcp.dstport": "80", + "tcp.port": "54865", + "tcp.port": "80", + "tcp.stream": "321", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000f7fe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.825912000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.825912000", + "frame.time_delta": "0.000529000", + "frame.time_delta_displayed": "0.000529000", + "frame.time_relative": "2339.365226000", + "frame.number": "8363", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54865", + "tcp.port": "80", + "tcp.port": "54865", + "tcp.stream": "321", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000abdc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8362", + "tcp.analysis.ack_rtt": "0.000529000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.832990000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.832990000", + "frame.time_delta": "0.007078000", + "frame.time_delta_displayed": "0.007078000", + "frame.time_relative": "2339.372304000", + "frame.number": "8364", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001ced", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b86", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54865", + "tcp.dstport": "80", + "tcp.port": "54865", + "tcp.port": "80", + "tcp.stream": "321", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005dbb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8363", + "tcp.analysis.ack_rtt": "0.007078000", + "tcp.analysis.initial_rtt": "0.007607000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.833647000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.833647000", + "frame.time_delta": "0.000657000", + "frame.time_delta_displayed": "0.000657000", + "frame.time_relative": "2339.372961000", + "frame.number": "8365", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001cee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ade", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54865", + "tcp.dstport": "80", + "tcp.port": "54865", + "tcp.port": "80", + "tcp.stream": "321", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007334", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007607000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.834111000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.834111000", + "frame.time_delta": "0.000464000", + "frame.time_delta_displayed": "0.000464000", + "frame.time_relative": "2339.373425000", + "frame.number": "8366", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007cc0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003bb3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54865", + "tcp.port": "80", + "tcp.port": "54865", + "tcp.stream": "321", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004f4c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8365", + "tcp.analysis.ack_rtt": "0.000464000", + "tcp.analysis.initial_rtt": "0.007607000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.834683000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.834683000", + "frame.time_delta": "0.000572000", + "frame.time_delta_displayed": "0.000572000", + "frame.time_relative": "2339.373997000", + "frame.number": "8367", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00007cc1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003ba1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54865", + "tcp.port": "80", + "tcp.port": "54865", + "tcp.stream": "321", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008f6d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007607000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.835028000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.835028000", + "frame.time_delta": "0.000345000", + "frame.time_delta_displayed": "0.000345000", + "frame.time_relative": "2339.374342000", + "frame.number": "8368", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00007cc2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000037ce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54865", + "tcp.port": "80", + "tcp.port": "54865", + "tcp.stream": "321", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e1d6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007607000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "8367", + "tcp.segment": "8368", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001381000", + "http.request_in": "8365", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.903022000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.903022000", + "frame.time_delta": "0.067994000", + "frame.time_delta_displayed": "0.067994000", + "frame.time_relative": "2339.442336000", + "frame.number": "8369", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cef", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b84", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54865", + "tcp.dstport": "80", + "tcp.port": "54865", + "tcp.port": "80", + "tcp.stream": "321", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005923", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8368", + "tcp.analysis.ack_rtt": "0.067994000", + "tcp.analysis.initial_rtt": "0.007607000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.903694000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.903694000", + "frame.time_delta": "0.000672000", + "frame.time_delta_displayed": "0.000672000", + "frame.time_relative": "2339.443008000", + "frame.number": "8370", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cf0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b83", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54865", + "tcp.dstport": "80", + "tcp.port": "54865", + "tcp.port": "80", + "tcp.stream": "321", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005922", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.903428000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.903428000", + "frame.time_delta": "-0.000266000", + "frame.time_delta_displayed": "-0.000266000", + "frame.time_relative": "2339.442742000", + "frame.number": "8371", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00007cc3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000037cd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54865", + "tcp.port": "80", + "tcp.port": "54865", + "tcp.stream": "321", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e1d6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007607000", + "tcp.analysis.bytes_in_flight": "996", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.spurious_retransmission": "", + "_ws.expert.message": "This frame is a (suspected) spurious retransmission", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + }, + "_ws.expert": { + "tcp.analysis.retransmission": "", + "_ws.expert.message": "This frame is a (suspected) retransmission", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.903436000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.903436000", + "frame.time_delta": "0.000008000", + "frame.time_delta_displayed": "0.000008000", + "frame.time_relative": "2339.442750000", + "frame.number": "8372", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a81e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000f24", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "116", + "http.prev_response_in": "8361" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.904009000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.904009000", + "frame.time_delta": "0.000573000", + "frame.time_delta_displayed": "0.000573000", + "frame.time_relative": "2339.443323000", + "frame.number": "8373", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000086b7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000031bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54865", + "tcp.port": "80", + "tcp.port": "54865", + "tcp.stream": "321", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004b56", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8370", + "tcp.analysis.ack_rtt": "0.000315000", + "tcp.analysis.initial_rtt": "0.007607000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.907567000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.907567000", + "frame.time_delta": "0.003558000", + "frame.time_delta_displayed": "0.003558000", + "frame.time_relative": "2339.446881000", + "frame.number": "8374", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001cf1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b76", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54865", + "tcp.dstport": "80", + "tcp.port": "54865", + "tcp.port": "80", + "tcp.stream": "321", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007516", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:5c:b6:78:52:5c:b6:7c:35", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8371", + "tcp.analysis.ack_rtt": "0.004139000", + "tcp.analysis.initial_rtt": "0.007607000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "8369", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.908689000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.908689000", + "frame.time_delta": "0.001122000", + "frame.time_delta_displayed": "0.001122000", + "frame.time_relative": "2339.448003000", + "frame.number": "8375", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001cf2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b75", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54866", + "tcp.dstport": "80", + "tcp.port": "54866", + "tcp.port": "80", + "tcp.stream": "322", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000cf5c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.909187000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.909187000", + "frame.time_delta": "0.000498000", + "frame.time_delta_displayed": "0.000498000", + "frame.time_relative": "2339.448501000", + "frame.number": "8376", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54866", + "tcp.port": "80", + "tcp.port": "54866", + "tcp.stream": "322", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008da9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8375", + "tcp.analysis.ack_rtt": "0.000498000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.916554000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.916554000", + "frame.time_delta": "0.007367000", + "frame.time_delta_displayed": "0.007367000", + "frame.time_relative": "2339.455868000", + "frame.number": "8377", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cf3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b80", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54866", + "tcp.dstport": "80", + "tcp.port": "54866", + "tcp.port": "80", + "tcp.stream": "322", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003f88", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8376", + "tcp.analysis.ack_rtt": "0.007367000", + "tcp.analysis.initial_rtt": "0.007865000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.917217000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.917217000", + "frame.time_delta": "0.000663000", + "frame.time_delta_displayed": "0.000663000", + "frame.time_relative": "2339.456531000", + "frame.number": "8378", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001cf4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ad8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54866", + "tcp.dstport": "80", + "tcp.port": "54866", + "tcp.port": "80", + "tcp.stream": "322", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005501", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007865000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.917782000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.917782000", + "frame.time_delta": "0.000565000", + "frame.time_delta_displayed": "0.000565000", + "frame.time_relative": "2339.457096000", + "frame.number": "8379", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009167", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000270c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54866", + "tcp.port": "80", + "tcp.port": "54866", + "tcp.stream": "322", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003119", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8378", + "tcp.analysis.ack_rtt": "0.000565000", + "tcp.analysis.initial_rtt": "0.007865000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.918315000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.918315000", + "frame.time_delta": "0.000533000", + "frame.time_delta_displayed": "0.000533000", + "frame.time_relative": "2339.457629000", + "frame.number": "8380", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00009168", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000026fa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54866", + "tcp.port": "80", + "tcp.port": "54866", + "tcp.stream": "322", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000713a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007865000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.918760000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.918760000", + "frame.time_delta": "0.000445000", + "frame.time_delta_displayed": "0.000445000", + "frame.time_relative": "2339.458074000", + "frame.number": "8381", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00009169", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002327", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54866", + "tcp.port": "80", + "tcp.port": "54866", + "tcp.stream": "322", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c3a3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007865000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "8380", + "tcp.segment": "8381", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001543000", + "http.request_in": "8378", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.921646000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.921646000", + "frame.time_delta": "0.002886000", + "frame.time_delta_displayed": "0.002886000", + "frame.time_relative": "2339.460960000", + "frame.number": "8382", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a81f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000f29", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "117", + "http.prev_response_in": "8372" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.925255000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.925255000", + "frame.time_delta": "0.003609000", + "frame.time_delta_displayed": "0.003609000", + "frame.time_relative": "2339.464569000", + "frame.number": "8383", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cf5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b7e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54866", + "tcp.dstport": "80", + "tcp.port": "54866", + "tcp.port": "80", + "tcp.stream": "322", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003af0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8381", + "tcp.analysis.ack_rtt": "0.006495000", + "tcp.analysis.initial_rtt": "0.007865000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.925833000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.925833000", + "frame.time_delta": "0.000578000", + "frame.time_delta_displayed": "0.000578000", + "frame.time_relative": "2339.465147000", + "frame.number": "8384", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cf6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b7d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54866", + "tcp.dstport": "80", + "tcp.port": "54866", + "tcp.port": "80", + "tcp.stream": "322", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003aef", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.926245000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.926245000", + "frame.time_delta": "0.000412000", + "frame.time_delta_displayed": "0.000412000", + "frame.time_relative": "2339.465559000", + "frame.number": "8385", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000086b9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000031ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54866", + "tcp.port": "80", + "tcp.port": "54866", + "tcp.stream": "322", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002d23", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8384", + "tcp.analysis.ack_rtt": "0.000412000", + "tcp.analysis.initial_rtt": "0.007865000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.926454000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.926454000", + "frame.time_delta": "0.000209000", + "frame.time_delta_displayed": "0.000209000", + "frame.time_relative": "2339.465768000", + "frame.number": "8386", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001cf7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b70", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54867", + "tcp.dstport": "80", + "tcp.port": "54867", + "tcp.port": "80", + "tcp.stream": "323", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000b20c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.926947000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.926947000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "2339.466261000", + "frame.number": "8387", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54867", + "tcp.port": "80", + "tcp.port": "54867", + "tcp.stream": "323", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000a09c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8386", + "tcp.analysis.ack_rtt": "0.000493000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.933613000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.933613000", + "frame.time_delta": "0.006666000", + "frame.time_delta_displayed": "0.006666000", + "frame.time_relative": "2339.472927000", + "frame.number": "8388", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cf8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b7b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54867", + "tcp.dstport": "80", + "tcp.port": "54867", + "tcp.port": "80", + "tcp.stream": "323", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000527b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8387", + "tcp.analysis.ack_rtt": "0.006666000", + "tcp.analysis.initial_rtt": "0.007159000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.934209000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.934209000", + "frame.time_delta": "0.000596000", + "frame.time_delta_displayed": "0.000596000", + "frame.time_relative": "2339.473523000", + "frame.number": "8389", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001cf9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ad3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54867", + "tcp.dstport": "80", + "tcp.port": "54867", + "tcp.port": "80", + "tcp.stream": "323", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000067f4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007159000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.934661000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.934661000", + "frame.time_delta": "0.000452000", + "frame.time_delta_displayed": "0.000452000", + "frame.time_relative": "2339.473975000", + "frame.number": "8390", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000342a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008449", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54867", + "tcp.port": "80", + "tcp.port": "54867", + "tcp.stream": "323", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000440c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8389", + "tcp.analysis.ack_rtt": "0.000452000", + "tcp.analysis.initial_rtt": "0.007159000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.935310000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.935310000", + "frame.time_delta": "0.000649000", + "frame.time_delta_displayed": "0.000649000", + "frame.time_relative": "2339.474624000", + "frame.number": "8391", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000342b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008437", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54867", + "tcp.port": "80", + "tcp.port": "54867", + "tcp.stream": "323", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000842d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007159000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.935743000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.935743000", + "frame.time_delta": "0.000433000", + "frame.time_delta_displayed": "0.000433000", + "frame.time_relative": "2339.475057000", + "frame.number": "8392", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000342c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008064", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54867", + "tcp.port": "80", + "tcp.port": "54867", + "tcp.stream": "323", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000d696", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007159000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "8391", + "tcp.segment": "8392", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001534000", + "http.request_in": "8389", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.943745000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.943745000", + "frame.time_delta": "0.008002000", + "frame.time_delta_displayed": "0.008002000", + "frame.time_relative": "2339.483059000", + "frame.number": "8393", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cfa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b79", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54867", + "tcp.dstport": "80", + "tcp.port": "54867", + "tcp.port": "80", + "tcp.stream": "323", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004de3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8392", + "tcp.analysis.ack_rtt": "0.008002000", + "tcp.analysis.initial_rtt": "0.007159000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.944421000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.944421000", + "frame.time_delta": "0.000676000", + "frame.time_delta_displayed": "0.000676000", + "frame.time_relative": "2339.483735000", + "frame.number": "8394", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cfb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b78", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54867", + "tcp.dstport": "80", + "tcp.port": "54867", + "tcp.port": "80", + "tcp.stream": "323", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004de2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:30.944827000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495930.944827000", + "frame.time_delta": "0.000406000", + "frame.time_delta_displayed": "0.000406000", + "frame.time_relative": "2339.484141000", + "frame.number": "8395", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000086bb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000031b8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54867", + "tcp.port": "80", + "tcp.port": "54867", + "tcp.stream": "323", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004016", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8394", + "tcp.analysis.ack_rtt": "0.000406000", + "tcp.analysis.initial_rtt": "0.007159000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.869042000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.869042000", + "frame.time_delta": "0.924215000", + "frame.time_delta_displayed": "0.924215000", + "frame.time_relative": "2340.408356000", + "frame.number": "8396", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a850", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000efb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "118", + "http.prev_response_in": "8382" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.874546000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.874546000", + "frame.time_delta": "0.005504000", + "frame.time_delta_displayed": "0.005504000", + "frame.time_relative": "2340.413860000", + "frame.number": "8397", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001cfd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b6a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54868", + "tcp.dstport": "80", + "tcp.port": "54868", + "tcp.port": "80", + "tcp.stream": "324", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000a5ea", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.875081000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.875081000", + "frame.time_delta": "0.000535000", + "frame.time_delta_displayed": "0.000535000", + "frame.time_relative": "2340.414395000", + "frame.number": "8398", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54868", + "tcp.port": "80", + "tcp.port": "54868", + "tcp.stream": "324", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000915d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8397", + "tcp.analysis.ack_rtt": "0.000535000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.883031000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.883031000", + "frame.time_delta": "0.007950000", + "frame.time_delta_displayed": "0.007950000", + "frame.time_relative": "2340.422345000", + "frame.number": "8399", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001cfe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b75", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54868", + "tcp.dstport": "80", + "tcp.port": "54868", + "tcp.port": "80", + "tcp.stream": "324", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000433c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8398", + "tcp.analysis.ack_rtt": "0.007950000", + "tcp.analysis.initial_rtt": "0.008485000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.883699000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.883699000", + "frame.time_delta": "0.000668000", + "frame.time_delta_displayed": "0.000668000", + "frame.time_relative": "2340.423013000", + "frame.number": "8400", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001cff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005acd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54868", + "tcp.dstport": "80", + "tcp.port": "54868", + "tcp.port": "80", + "tcp.stream": "324", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000058b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008485000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.884178000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.884178000", + "frame.time_delta": "0.000479000", + "frame.time_delta_displayed": "0.000479000", + "frame.time_relative": "2340.423492000", + "frame.number": "8401", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000015e7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a28c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54868", + "tcp.port": "80", + "tcp.port": "54868", + "tcp.stream": "324", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000034cd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8400", + "tcp.analysis.ack_rtt": "0.000479000", + "tcp.analysis.initial_rtt": "0.008485000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.884770000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.884770000", + "frame.time_delta": "0.000592000", + "frame.time_delta_displayed": "0.000592000", + "frame.time_relative": "2340.424084000", + "frame.number": "8402", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000015e8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a27a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54868", + "tcp.port": "80", + "tcp.port": "54868", + "tcp.stream": "324", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000074ee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008485000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.885202000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.885202000", + "frame.time_delta": "0.000432000", + "frame.time_delta_displayed": "0.000432000", + "frame.time_relative": "2340.424516000", + "frame.number": "8403", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000015e9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009ea7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54868", + "tcp.port": "80", + "tcp.port": "54868", + "tcp.stream": "324", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c757", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008485000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "8402", + "tcp.segment": "8403", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001503000", + "http.request_in": "8400", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.890565000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.890565000", + "frame.time_delta": "0.005363000", + "frame.time_delta_displayed": "0.005363000", + "frame.time_relative": "2340.429879000", + "frame.number": "8404", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d00", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b73", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54868", + "tcp.dstport": "80", + "tcp.port": "54868", + "tcp.port": "80", + "tcp.stream": "324", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003ea4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8403", + "tcp.analysis.ack_rtt": "0.005363000", + "tcp.analysis.initial_rtt": "0.008485000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.891231000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.891231000", + "frame.time_delta": "0.000666000", + "frame.time_delta_displayed": "0.000666000", + "frame.time_relative": "2340.430545000", + "frame.number": "8405", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d01", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b72", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54868", + "tcp.dstport": "80", + "tcp.port": "54868", + "tcp.port": "80", + "tcp.stream": "324", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003ea3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.891680000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.891680000", + "frame.time_delta": "0.000449000", + "frame.time_delta_displayed": "0.000449000", + "frame.time_relative": "2340.430994000", + "frame.number": "8406", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000086dc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003197", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54868", + "tcp.port": "80", + "tcp.port": "54868", + "tcp.stream": "324", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000030d7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8405", + "tcp.analysis.ack_rtt": "0.000449000", + "tcp.analysis.initial_rtt": "0.008485000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.922324000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.922324000", + "frame.time_delta": "0.030644000", + "frame.time_delta_displayed": "0.030644000", + "frame.time_relative": "2340.461638000", + "frame.number": "8407", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a851", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000ef1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "119", + "http.prev_response_in": "8396" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.933829000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.933829000", + "frame.time_delta": "0.011505000", + "frame.time_delta_displayed": "0.011505000", + "frame.time_relative": "2340.473143000", + "frame.number": "8408", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001d02", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b65", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54869", + "tcp.dstport": "80", + "tcp.port": "54869", + "tcp.port": "80", + "tcp.stream": "325", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000d9ef", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.934368000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.934368000", + "frame.time_delta": "0.000539000", + "frame.time_delta_displayed": "0.000539000", + "frame.time_relative": "2340.473682000", + "frame.number": "8409", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54869", + "tcp.port": "80", + "tcp.port": "54869", + "tcp.stream": "325", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000009fc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8408", + "tcp.analysis.ack_rtt": "0.000539000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.941443000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.941443000", + "frame.time_delta": "0.007075000", + "frame.time_delta_displayed": "0.007075000", + "frame.time_relative": "2340.480757000", + "frame.number": "8410", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d03", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b70", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54869", + "tcp.dstport": "80", + "tcp.port": "54869", + "tcp.port": "80", + "tcp.stream": "325", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000bbda", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8409", + "tcp.analysis.ack_rtt": "0.007075000", + "tcp.analysis.initial_rtt": "0.007614000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.942129000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.942129000", + "frame.time_delta": "0.000686000", + "frame.time_delta_displayed": "0.000686000", + "frame.time_relative": "2340.481443000", + "frame.number": "8411", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001d04", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ac8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54869", + "tcp.dstport": "80", + "tcp.port": "54869", + "tcp.port": "80", + "tcp.stream": "325", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d153", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007614000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.942621000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.942621000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "2340.481935000", + "frame.number": "8412", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a4e9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000138a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54869", + "tcp.port": "80", + "tcp.port": "54869", + "tcp.stream": "325", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ad6b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8411", + "tcp.analysis.ack_rtt": "0.000492000", + "tcp.analysis.initial_rtt": "0.007614000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.943189000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.943189000", + "frame.time_delta": "0.000568000", + "frame.time_delta_displayed": "0.000568000", + "frame.time_relative": "2340.482503000", + "frame.number": "8413", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000a4ea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001378", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54869", + "tcp.port": "80", + "tcp.port": "54869", + "tcp.stream": "325", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ed8c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007614000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.943568000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.943568000", + "frame.time_delta": "0.000379000", + "frame.time_delta_displayed": "0.000379000", + "frame.time_relative": "2340.482882000", + "frame.number": "8414", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000a4eb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000fa5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54869", + "tcp.port": "80", + "tcp.port": "54869", + "tcp.stream": "325", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003ff6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007614000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "8413", + "tcp.segment": "8414", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001439000", + "http.request_in": "8411", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.950005000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.950005000", + "frame.time_delta": "0.006437000", + "frame.time_delta_displayed": "0.006437000", + "frame.time_relative": "2340.489319000", + "frame.number": "8415", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d05", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b6e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54869", + "tcp.dstport": "80", + "tcp.port": "54869", + "tcp.port": "80", + "tcp.stream": "325", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b742", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8414", + "tcp.analysis.ack_rtt": "0.006437000", + "tcp.analysis.initial_rtt": "0.007614000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.950638000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.950638000", + "frame.time_delta": "0.000633000", + "frame.time_delta_displayed": "0.000633000", + "frame.time_relative": "2340.489952000", + "frame.number": "8416", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d06", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b6d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54869", + "tcp.dstport": "80", + "tcp.port": "54869", + "tcp.port": "80", + "tcp.stream": "325", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000b741", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.951067000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.951067000", + "frame.time_delta": "0.000429000", + "frame.time_delta_displayed": "0.000429000", + "frame.time_relative": "2340.490381000", + "frame.number": "8417", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000086e1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003192", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54869", + "tcp.port": "80", + "tcp.port": "54869", + "tcp.stream": "325", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a975", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8416", + "tcp.analysis.ack_rtt": "0.000429000", + "tcp.analysis.initial_rtt": "0.007614000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:31.975501000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495931.975501000", + "frame.time_delta": "0.024434000", + "frame.time_delta_displayed": "0.024434000", + "frame.time_relative": "2340.514815000", + "frame.number": "8418", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a853", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000ef5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "120", + "http.prev_response_in": "8407" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:32.000995000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495932.000995000", + "frame.time_delta": "0.025494000", + "frame.time_delta_displayed": "0.025494000", + "frame.time_relative": "2340.540309000", + "frame.number": "8419", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001d07", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b60", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54870", + "tcp.dstport": "80", + "tcp.port": "54870", + "tcp.port": "80", + "tcp.stream": "326", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000a82c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:32.001540000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495932.001540000", + "frame.time_delta": "0.000545000", + "frame.time_delta_displayed": "0.000545000", + "frame.time_relative": "2340.540854000", + "frame.number": "8420", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54870", + "tcp.port": "80", + "tcp.port": "54870", + "tcp.stream": "326", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00009306", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8419", + "tcp.analysis.ack_rtt": "0.000545000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:32.009480000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495932.009480000", + "frame.time_delta": "0.007940000", + "frame.time_delta_displayed": "0.007940000", + "frame.time_relative": "2340.548794000", + "frame.number": "8421", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d08", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b6b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54870", + "tcp.dstport": "80", + "tcp.port": "54870", + "tcp.port": "80", + "tcp.stream": "326", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000044e5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8420", + "tcp.analysis.ack_rtt": "0.007940000", + "tcp.analysis.initial_rtt": "0.008485000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:32.010164000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495932.010164000", + "frame.time_delta": "0.000684000", + "frame.time_delta_displayed": "0.000684000", + "frame.time_relative": "2340.549478000", + "frame.number": "8422", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001d09", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ac3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54870", + "tcp.dstport": "80", + "tcp.port": "54870", + "tcp.port": "80", + "tcp.stream": "326", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005a5e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008485000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:32.010645000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495932.010645000", + "frame.time_delta": "0.000481000", + "frame.time_delta_displayed": "0.000481000", + "frame.time_relative": "2340.549959000", + "frame.number": "8423", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005cae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005bc5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54870", + "tcp.port": "80", + "tcp.port": "54870", + "tcp.stream": "326", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003676", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8422", + "tcp.analysis.ack_rtt": "0.000481000", + "tcp.analysis.initial_rtt": "0.008485000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:32.011291000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495932.011291000", + "frame.time_delta": "0.000646000", + "frame.time_delta_displayed": "0.000646000", + "frame.time_relative": "2340.550605000", + "frame.number": "8424", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00005caf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005bb3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54870", + "tcp.port": "80", + "tcp.port": "54870", + "tcp.stream": "326", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007697", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008485000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:32.011644000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495932.011644000", + "frame.time_delta": "0.000353000", + "frame.time_delta_displayed": "0.000353000", + "frame.time_relative": "2340.550958000", + "frame.number": "8425", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00005cb0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000057e0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54870", + "tcp.port": "80", + "tcp.port": "54870", + "tcp.stream": "326", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c900", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008485000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "8424", + "tcp.segment": "8425", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001480000", + "http.request_in": "8422", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:32.017707000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495932.017707000", + "frame.time_delta": "0.006063000", + "frame.time_delta_displayed": "0.006063000", + "frame.time_relative": "2340.557021000", + "frame.number": "8426", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d0a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b69", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54870", + "tcp.dstport": "80", + "tcp.port": "54870", + "tcp.port": "80", + "tcp.stream": "326", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000404d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8425", + "tcp.analysis.ack_rtt": "0.006063000", + "tcp.analysis.initial_rtt": "0.008485000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:32.018367000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495932.018367000", + "frame.time_delta": "0.000660000", + "frame.time_delta_displayed": "0.000660000", + "frame.time_relative": "2340.557681000", + "frame.number": "8427", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d0b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b68", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54870", + "tcp.dstport": "80", + "tcp.port": "54870", + "tcp.port": "80", + "tcp.stream": "326", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000404c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:32.018817000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495932.018817000", + "frame.time_delta": "0.000450000", + "frame.time_delta_displayed": "0.000450000", + "frame.time_relative": "2340.558131000", + "frame.number": "8428", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000086e2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003191", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54870", + "tcp.port": "80", + "tcp.port": "54870", + "tcp.stream": "326", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003280", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8427", + "tcp.analysis.ack_rtt": "0.000450000", + "tcp.analysis.initial_rtt": "0.008485000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:34.723529000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495934.723529000", + "frame.time_delta": "2.704712000", + "frame.time_delta_displayed": "2.704712000", + "frame.time_relative": "2343.262843000", + "frame.number": "8429", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002050", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b7a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000155a", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000298", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=664", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:34.724040000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495934.724040000", + "frame.time_delta": "0.000511000", + "frame.time_delta_displayed": "0.000511000", + "frame.time_relative": "2343.263354000", + "frame.number": "8430", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002051", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000989b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f655", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000298", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=664", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:34.724639000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495934.724639000", + "frame.time_delta": "0.000599000", + "frame.time_delta_displayed": "0.000599000", + "frame.time_relative": "2343.263953000", + "frame.number": "8431", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000841b", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000298", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=664", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:34.937966000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495934.937966000", + "frame.time_delta": "0.213327000", + "frame.time_delta_displayed": "0.213327000", + "frame.time_relative": "2343.477280000", + "frame.number": "8432", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005837", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a65a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5277", + "tcp.ack": "793", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ef0a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:35.081090000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495935.081090000", + "frame.time_delta": "0.143124000", + "frame.time_delta_displayed": "0.143124000", + "frame.time_relative": "2343.620404000", + "frame.number": "8433", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001018", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd79", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "793", + "tcp.ack": "5278", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f97f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:35.281336000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495935.281336000", + "frame.time_delta": "0.200246000", + "frame.time_delta_displayed": "0.200246000", + "frame.time_relative": "2343.820650000", + "frame.number": "8434", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x0000970d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007641", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "96530", + "tcp.nxtseq": "96579", + "tcp.ack": "19469", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000018db", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:44:83:a7:a3:cd:ef", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2638979, TSecr 2812530159": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2638979", + "tcp.options.timestamp.tsecr": "2812530159" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:9d:6a:bc:52:11:fb:e8:9d:a4:11:22:e9:69:79:dc:b9:7b:d8:4c:d6:b2:e6:fa:66:b6:71:e5:52:c0:ec:d9:f6:50:71:3a:34:1c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:35.341908000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495935.341908000", + "frame.time_delta": "0.060572000", + "frame.time_delta_displayed": "0.060572000", + "frame.time_relative": "2343.881222000", + "frame.number": "8435", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002dfa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000374e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "19469", + "tcp.nxtseq": "19524", + "tcp.ack": "96579", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000007b3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a3:ec:47:00:28:44:83", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812537927, TSecr 2638979": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812537927", + "tcp.options.timestamp.tsecr": "2638979" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8434", + "tcp.analysis.ack_rtt": "0.060572000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:dd:b2:ce:b1:41:46:1e:2a:41:aa:3a:c5:c2:bf:85:2e:c9:b4:89:c4:3d:94:32:04:bf:82:dc:29:58:bf:66:b9:e5:48:c1:32:d2:42:71:b6:4c:d7:0c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:35.342378000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495935.342378000", + "frame.time_delta": "0.000470000", + "frame.time_delta_displayed": "0.000470000", + "frame.time_relative": "2343.881692000", + "frame.number": "8436", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000970e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007671", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "96579", + "tcp.ack": "19524", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b13d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:44:89:a7:a3:ec:47", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2638985, TSecr 2812537927": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2638985", + "tcp.options.timestamp.tsecr": "2812537927" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8435", + "tcp.analysis.ack_rtt": "0.000470000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:36.674905000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495936.674905000", + "frame.time_delta": "1.332527000", + "frame.time_delta_displayed": "1.332527000", + "frame.time_relative": "2345.214219000", + "frame.number": "8437", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x0000212e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6e6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58389", + "udp.dstport": "1900", + "udp.port": "58389", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00006648", + "udp.checksum.status": "2", + "udp.stream": "157" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:36.850012000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495936.850012000", + "frame.time_delta": "0.175107000", + "frame.time_delta_displayed": "0.175107000", + "frame.time_relative": "2345.389326000", + "frame.number": "8438", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005f7f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x0000586a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:37.351171000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495937.351171000", + "frame.time_delta": "0.501159000", + "frame.time_delta_displayed": "0.501159000", + "frame.time_relative": "2345.890485000", + "frame.number": "8439", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a88f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000ebc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "305", + "udp.checksum": "0x0000e105", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:37.403988000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495937.403988000", + "frame.time_delta": "0.052817000", + "frame.time_delta_displayed": "0.052817000", + "frame.time_relative": "2345.943302000", + "frame.number": "8440", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a893", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000eaf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "314", + "udp.checksum": "0x0000eef0", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "8439" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:37.456939000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495937.456939000", + "frame.time_delta": "0.052951000", + "frame.time_delta_displayed": "0.052951000", + "frame.time_relative": "2345.996253000", + "frame.number": "8441", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a898", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000eb0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "308", + "udp.checksum": "0x0000127b", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "8440" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:37.677250000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495937.677250000", + "frame.time_delta": "0.220311000", + "frame.time_delta_displayed": "0.220311000", + "frame.time_relative": "2346.216564000", + "frame.number": "8442", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x0000212f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6e5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58389", + "udp.dstport": "1900", + "udp.port": "58389", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00006648", + "udp.checksum.status": "2", + "udp.stream": "157" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "8437" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:38.408634000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495938.408634000", + "frame.time_delta": "0.731384000", + "frame.time_delta_displayed": "0.731384000", + "frame.time_relative": "2346.947948000", + "frame.number": "8443", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a8c8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000e83", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "305", + "udp.checksum": "0x0000e105", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "8441" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:38.461457000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495938.461457000", + "frame.time_delta": "0.052823000", + "frame.time_delta_displayed": "0.052823000", + "frame.time_relative": "2347.000771000", + "frame.number": "8444", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a8ca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000e78", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "314", + "udp.checksum": "0x0000eef0", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "8443" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:38.514201000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495938.514201000", + "frame.time_delta": "0.052744000", + "frame.time_delta_displayed": "0.052744000", + "frame.time_relative": "2347.053515000", + "frame.number": "8445", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a8cd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000e7b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "308", + "udp.checksum": "0x0000127b", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "8444" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:38.676195000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495938.676195000", + "frame.time_delta": "0.161994000", + "frame.time_delta_displayed": "0.161994000", + "frame.time_relative": "2347.215509000", + "frame.number": "8446", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002130", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6e4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58389", + "udp.dstport": "1900", + "udp.port": "58389", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00006648", + "udp.checksum.status": "2", + "udp.stream": "157" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "8442" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:39.040711000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495939.040711000", + "frame.time_delta": "0.364516000", + "frame.time_delta_displayed": "0.364516000", + "frame.time_relative": "2347.580025000", + "frame.number": "8447", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a8f7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000e54", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "305", + "udp.checksum": "0x0000e105", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "8445" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:39.093484000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495939.093484000", + "frame.time_delta": "0.052773000", + "frame.time_delta_displayed": "0.052773000", + "frame.time_relative": "2347.632798000", + "frame.number": "8448", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a8fb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000e47", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "314", + "udp.checksum": "0x0000eef0", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "8447" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:39.146209000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495939.146209000", + "frame.time_delta": "0.052725000", + "frame.time_delta_displayed": "0.052725000", + "frame.time_relative": "2347.685523000", + "frame.number": "8449", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a8ff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000e49", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "308", + "udp.checksum": "0x0000127b", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "8448" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:39.676525000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495939.676525000", + "frame.time_delta": "0.530316000", + "frame.time_delta_displayed": "0.530316000", + "frame.time_relative": "2348.215839000", + "frame.number": "8450", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002131", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6e3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58389", + "udp.dstport": "1900", + "udp.port": "58389", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00006648", + "udp.checksum.status": "2", + "udp.stream": "157" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "8446" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:39.725268000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495939.725268000", + "frame.time_delta": "0.048743000", + "frame.time_delta_displayed": "0.048743000", + "frame.time_relative": "2348.264582000", + "frame.number": "8451", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002052", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b79e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000155a", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000298", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=664", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:39.725665000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495939.725665000", + "frame.time_delta": "0.000397000", + "frame.time_delta_displayed": "0.000397000", + "frame.time_relative": "2348.264979000", + "frame.number": "8452", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002053", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009899", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f655", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000298", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=664", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:39.726071000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495939.726071000", + "frame.time_delta": "0.000406000", + "frame.time_delta_displayed": "0.000406000", + "frame.time_relative": "2348.265385000", + "frame.number": "8453", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000841b", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000298", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=664", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:39.947880000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495939.947880000", + "frame.time_delta": "0.221809000", + "frame.time_delta_displayed": "0.221809000", + "frame.time_relative": "2348.487194000", + "frame.number": "8454", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:39.948065000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495939.948065000", + "frame.time_delta": "0.000185000", + "frame.time_delta_displayed": "0.000185000", + "frame.time_relative": "2348.487379000", + "frame.number": "8455", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:40.093723000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495940.093723000", + "frame.time_delta": "0.145658000", + "frame.time_delta_displayed": "0.145658000", + "frame.time_relative": "2348.633037000", + "frame.number": "8456", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a90c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000e3f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "305", + "udp.checksum": "0x0000e105", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "8449" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:40.146526000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495940.146526000", + "frame.time_delta": "0.052803000", + "frame.time_delta_displayed": "0.052803000", + "frame.time_relative": "2348.685840000", + "frame.number": "8457", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a90e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000e34", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "314", + "udp.checksum": "0x0000eef0", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "8456" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:40.198845000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495940.198845000", + "frame.time_delta": "0.052319000", + "frame.time_delta_displayed": "0.052319000", + "frame.time_relative": "2348.738159000", + "frame.number": "8458", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a913", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000e35", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "308", + "udp.checksum": "0x0000127b", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "8457" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:40.244628000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495940.244628000", + "frame.time_delta": "0.045783000", + "frame.time_delta_displayed": "0.045783000", + "frame.time_relative": "2348.783942000", + "frame.number": "8459", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000bc6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ecca", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x00006025", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:44:36:5e:2a:8f:ce:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:40.409319000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495940.409319000", + "frame.time_delta": "0.164691000", + "frame.time_delta_displayed": "0.164691000", + "frame.time_relative": "2348.948633000", + "frame.number": "8460", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a923", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000e28", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "305", + "udp.checksum": "0x0000e105", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "8458" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:40.462042000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495940.462042000", + "frame.time_delta": "0.052723000", + "frame.time_delta_displayed": "0.052723000", + "frame.time_relative": "2349.001356000", + "frame.number": "8461", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a925", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000e1d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "314", + "udp.checksum": "0x0000eef0", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "8460" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:40.514713000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495940.514713000", + "frame.time_delta": "0.052671000", + "frame.time_delta_displayed": "0.052671000", + "frame.time_relative": "2349.054027000", + "frame.number": "8462", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a927", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000e21", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "308", + "udp.checksum": "0x0000127b", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "8461" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:41.461758000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495941.461758000", + "frame.time_delta": "0.947045000", + "frame.time_delta_displayed": "0.947045000", + "frame.time_relative": "2350.001072000", + "frame.number": "8463", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a963", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000de8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "305", + "udp.checksum": "0x0000e105", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "8462" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:41.514759000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495941.514759000", + "frame.time_delta": "0.053001000", + "frame.time_delta_displayed": "0.053001000", + "frame.time_relative": "2350.054073000", + "frame.number": "8464", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a964", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000dde", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "314", + "udp.checksum": "0x0000eef0", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "8463" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:41.567565000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495941.567565000", + "frame.time_delta": "0.052806000", + "frame.time_delta_displayed": "0.052806000", + "frame.time_relative": "2350.106879000", + "frame.number": "8465", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a968", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000de0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "308", + "udp.checksum": "0x0000127b", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "8464" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:42.146310000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495942.146310000", + "frame.time_delta": "0.578745000", + "frame.time_delta_displayed": "0.578745000", + "frame.time_relative": "2350.685624000", + "frame.number": "8466", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a982", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000dc9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "305", + "udp.checksum": "0x0000e105", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "8465" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:42.198681000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495942.198681000", + "frame.time_delta": "0.052371000", + "frame.time_delta_displayed": "0.052371000", + "frame.time_relative": "2350.737995000", + "frame.number": "8467", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a986", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000dbc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "314", + "udp.checksum": "0x0000eef0", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "8466" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:42.251536000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495942.251536000", + "frame.time_delta": "0.052855000", + "frame.time_delta_displayed": "0.052855000", + "frame.time_relative": "2350.790850000", + "frame.number": "8468", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a98b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000dbd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "308", + "udp.checksum": "0x0000127b", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "8467" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:43.198593000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495943.198593000", + "frame.time_delta": "0.947057000", + "frame.time_delta_displayed": "0.947057000", + "frame.time_relative": "2351.737907000", + "frame.number": "8469", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000a9e4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000d67", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "305", + "udp.checksum": "0x0000e105", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "8468" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:43.251412000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495943.251412000", + "frame.time_delta": "0.052819000", + "frame.time_delta_displayed": "0.052819000", + "frame.time_relative": "2351.790726000", + "frame.number": "8470", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000a9e5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000d5d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "314", + "udp.checksum": "0x0000eef0", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "8469" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:43.304237000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495943.304237000", + "frame.time_delta": "0.052825000", + "frame.time_delta_displayed": "0.052825000", + "frame.time_relative": "2351.843551000", + "frame.number": "8471", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000a9e6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000d62", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "58389", + "udp.port": "1900", + "udp.port": "58389", + "udp.length": "308", + "udp.checksum": "0x0000127b", + "udp.checksum.status": "2", + "udp.stream": "158" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "8470" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:44.727292000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495944.727292000", + "frame.time_delta": "1.423055000", + "frame.time_delta_displayed": "1.423055000", + "frame.time_relative": "2353.266606000", + "frame.number": "8472", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002054", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b79c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000155a", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000298", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=664", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:44.727713000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495944.727713000", + "frame.time_delta": "0.000421000", + "frame.time_delta_displayed": "0.000421000", + "frame.time_relative": "2353.267027000", + "frame.number": "8473", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002055", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009897", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f655", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000298", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=664", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:25:44.728240000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495944.728240000", + "frame.time_delta": "0.000527000", + "frame.time_delta_displayed": "0.000527000", + "frame.time_relative": "2353.267554000", + "frame.number": "8474", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000841b", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000298", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=664", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:01.448477000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495961.448477000", + "frame.time_delta": "16.720237000", + "frame.time_delta_displayed": "16.720237000", + "frame.time_relative": "2369.987791000", + "frame.number": "8475", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "50:c7:bf:59:d5:84", + "eth.src_tree": { + "eth.src_resolved": "Tp-LinkT_59:d5:84", + "eth.addr": "50:c7:bf:59:d5:84", + "eth.addr_resolved": "Tp-LinkT_59:d5:84", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "50:c7:bf:59:d5:84", + "arp.src.proto_ipv4": "192.168.0.221", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:01.768202000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495961.768202000", + "frame.time_delta": "0.319725000", + "frame.time_delta_displayed": "0.319725000", + "frame.time_relative": "2370.307516000", + "frame.number": "8476", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:02.020860000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495962.020860000", + "frame.time_delta": "0.252658000", + "frame.time_delta_displayed": "0.252658000", + "frame.time_relative": "2370.560174000", + "frame.number": "8477", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:02.037773000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495962.037773000", + "frame.time_delta": "0.016913000", + "frame.time_delta_displayed": "0.016913000", + "frame.time_relative": "2370.577087000", + "frame.number": "8478", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:02.119190000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495962.119190000", + "frame.time_delta": "0.081417000", + "frame.time_delta_displayed": "0.081417000", + "frame.time_relative": "2370.658504000", + "frame.number": "8479", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:02.436560000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495962.436560000", + "frame.time_delta": "0.317370000", + "frame.time_delta_displayed": "0.317370000", + "frame.time_relative": "2370.975874000", + "frame.number": "8480", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:03.813136000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495963.813136000", + "frame.time_delta": "1.376576000", + "frame.time_delta_displayed": "1.376576000", + "frame.time_relative": "2372.352450000", + "frame.number": "8481", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x0000970f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007510", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "96579", + "tcp.nxtseq": "96931", + "tcp.ack": "19524", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d685", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:4f:a8:a7:a3:ec:47", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2641832, TSecr 2812537927": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2641832", + "tcp.options.timestamp.tsecr": "2812537927" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "352", + "tcp.analysis.push_bytes_sent": "352" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "347", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:9e:af:d7:3d:d6:68:85:bc:4f:88:f1:26:7d:df:0b:ee:d1:a5:d6:a9:2b:ed:7b:71:86:fd:0f:15:d1:76:92:74:0f:eb:6a:8d:1e:2f:96:75:62:fe:a0:7a:f6:81:05:4b:ba:7b:bf:04:81:68:60:66:75:96:d0:93:ef:ac:3a:5d:fd:3e:fd:6f:b9:36:a8:fe:df:d5:1c:68:aa:c6:96:02:d1:a7:6c:ab:88:84:90:03:a4:0b:ad:de:8c:3b:53:e8:fe:ea:76:7d:52:8c:01:f5:70:5a:1b:7f:21:ab:56:01:cb:83:88:f3:c1:98:94:a6:98:99:a4:a6:34:06:22:d1:17:fe:87:75:d4:7d:a3:37:95:39:96:be:36:df:50:42:92:5b:aa:ff:82:e5:c9:fd:67:37:f0:38:9b:d3:96:b5:aa:c6:fb:df:cf:0d:51:6e:57:8d:3a:6f:32:b1:35:7c:1e:65:d4:8d:a3:8a:a4:af:51:45:a5:8c:32:33:d8:bc:3f:90:b9:2b:fc:5a:58:28:87:c6:5e:22:18:71:8e:27:1c:57:28:2f:18:4e:6c:35:d1:ef:74:2d:fa:1f:02:b9:a7:23:6c:aa:04:7d:91:ae:e5:f5:48:4d:23:a2:04:32:c8:4d:6d:04:f9:3f:6f:24:32:42:5a:4a:1f:03:16:17:26:f1:99:2c:0a:89:4d:90:5c:45:94:69:24:82:53:cc:85:c7:8f:b0:ca:22:f1:89:87:ce:d9:b4:1b:ce:6a:51:12:fb:66:38:59:0b:e1:c9:42:17:a8:07:55:8d:d4:ad:e2:b8:1c:5a:ef:95:23:32:cf:68:fc:51:04:fa:ac:1c:ae:1d:be:75:18:80:75:95:6b:68:a6:04:8b:df:a2:2f:28:d0:77:f1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:03.874062000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495963.874062000", + "frame.time_delta": "0.060926000", + "frame.time_delta_displayed": "0.060926000", + "frame.time_relative": "2372.413376000", + "frame.number": "8482", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002dfb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003755", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "19524", + "tcp.nxtseq": "19571", + "tcp.ack": "96931", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005f93", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:08:24:00:28:4f:a8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812545060, TSecr 2641832": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812545060", + "tcp.options.timestamp.tsecr": "2641832" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8481", + "tcp.analysis.ack_rtt": "0.060926000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:de:69:2b:cd:af:ec:df:92:78:a7:ad:0e:a9:d6:74:9f:78:7e:db:27:27:ac:22:33:2d:54:29:09:ff:9c:50:16:6b:cb:2c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:03.874516000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495963.874516000", + "frame.time_delta": "0.000454000", + "frame.time_delta_displayed": "0.000454000", + "frame.time_relative": "2372.413830000", + "frame.number": "8483", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009710", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000766f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "96931", + "tcp.ack": "19571", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000088ac", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:4f:ae:a7:a4:08:24", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2641838, TSecr 2812545060": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2641838", + "tcp.options.timestamp.tsecr": "2812545060" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8482", + "tcp.analysis.ack_rtt": "0.000454000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:04.253855000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495964.253855000", + "frame.time_delta": "0.379339000", + "frame.time_delta_displayed": "0.379339000", + "frame.time_relative": "2372.793169000", + "frame.number": "8484", + "frame.len": "94", + "frame.cap_len": "94", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "80", + "ip.id": "0x00005838", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a631", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "40", + "tcp.seq": "5278", + "tcp.nxtseq": "5318", + "tcp.ack": "793", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005928", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "40", + "tcp.analysis.push_bytes_sent": "40" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "35", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:f1:3c:69:ec:87:98:57:ac:1a:c8:f5:df:03:bb:ab:1e:d5:cb:2e:3f:fe:e0:63:52:06:70:e7:87" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:04.396969000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495964.396969000", + "frame.time_delta": "0.143114000", + "frame.time_delta_displayed": "0.143114000", + "frame.time_relative": "2372.936283000", + "frame.number": "8485", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00001019", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd54", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "36", + "tcp.seq": "793", + "tcp.nxtseq": "829", + "tcp.ack": "5318", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009c70", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8484", + "tcp.analysis.ack_rtt": "0.143114000", + "tcp.analysis.bytes_in_flight": "36", + "tcp.analysis.push_bytes_sent": "36" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "31", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:76:9a:c7:29:ce:8b:b1:00:95:96:af:b9:06:63:54:a5:6c:ba:e6:64:54:43:5f:c6" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:04.397482000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495964.397482000", + "frame.time_delta": "0.000513000", + "frame.time_delta_displayed": "0.000513000", + "frame.time_relative": "2372.936796000", + "frame.number": "8486", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005839", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a658", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5318", + "tcp.ack": "829", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000eebd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8485", + "tcp.analysis.ack_rtt": "0.000513000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:05.724573000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495965.724573000", + "frame.time_delta": "1.327091000", + "frame.time_delta_displayed": "1.327091000", + "frame.time_relative": "2374.263887000", + "frame.number": "8487", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000ad14", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001c43", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:05.777579000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495965.777579000", + "frame.time_delta": "0.053006000", + "frame.time_delta_displayed": "0.053006000", + "frame.time_relative": "2374.316893000", + "frame.number": "8488", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000ad16", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001c41", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:05.830553000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495965.830553000", + "frame.time_delta": "0.052974000", + "frame.time_delta_displayed": "0.052974000", + "frame.time_relative": "2374.369867000", + "frame.number": "8489", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000ad1b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001c33", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:05.883499000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495965.883499000", + "frame.time_delta": "0.052946000", + "frame.time_delta_displayed": "0.052946000", + "frame.time_relative": "2374.422813000", + "frame.number": "8490", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000ad1d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001c31", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:05.936383000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495965.936383000", + "frame.time_delta": "0.052884000", + "frame.time_delta_displayed": "0.052884000", + "frame.time_relative": "2374.475697000", + "frame.number": "8491", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000ad20", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001c34", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:05.989257000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495965.989257000", + "frame.time_delta": "0.052874000", + "frame.time_delta_displayed": "0.052874000", + "frame.time_relative": "2374.528571000", + "frame.number": "8492", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000ad25", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00001c2f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:06.852018000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495966.852018000", + "frame.time_delta": "0.862761000", + "frame.time_delta_displayed": "0.862761000", + "frame.time_relative": "2375.391332000", + "frame.number": "8493", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005f86", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005863", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:07.133672000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495967.133672000", + "frame.time_delta": "0.281654000", + "frame.time_delta_displayed": "0.281654000", + "frame.time_relative": "2375.672986000", + "frame.number": "8494", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:08.880386000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495968.880386000", + "frame.time_delta": "1.746714000", + "frame.time_delta_displayed": "1.746714000", + "frame.time_relative": "2377.419700000", + "frame.number": "8495", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:08.880827000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495968.880827000", + "frame.time_delta": "0.000441000", + "frame.time_delta_displayed": "0.000441000", + "frame.time_relative": "2377.420141000", + "frame.number": "8496", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:09.400610000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495969.400610000", + "frame.time_delta": "0.519783000", + "frame.time_delta_displayed": "0.519783000", + "frame.time_relative": "2377.939924000", + "frame.number": "8497", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:09.401012000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495969.401012000", + "frame.time_delta": "0.000402000", + "frame.time_delta_displayed": "0.000402000", + "frame.time_relative": "2377.940326000", + "frame.number": "8498", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:09.725991000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495969.725991000", + "frame.time_delta": "0.324979000", + "frame.time_delta_displayed": "0.324979000", + "frame.time_relative": "2378.265305000", + "frame.number": "8499", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002059", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b797", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001459", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000299", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=665", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:09.726426000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495969.726426000", + "frame.time_delta": "0.000435000", + "frame.time_delta_displayed": "0.000435000", + "frame.time_relative": "2378.265740000", + "frame.number": "8500", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000205a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009892", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f554", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000299", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=665", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:09.726938000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495969.726938000", + "frame.time_delta": "0.000512000", + "frame.time_delta_displayed": "0.000512000", + "frame.time_relative": "2378.266252000", + "frame.number": "8501", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000831a", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000299", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=665", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:14.726211000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495974.726211000", + "frame.time_delta": "4.999273000", + "frame.time_delta_displayed": "4.999273000", + "frame.time_relative": "2383.265525000", + "frame.number": "8502", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000205b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b795", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001459", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000299", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=665", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:14.727782000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495974.727782000", + "frame.time_delta": "0.001571000", + "frame.time_delta_displayed": "0.001571000", + "frame.time_relative": "2383.267096000", + "frame.number": "8503", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000205c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009890", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f554", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000299", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=665", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:14.728177000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495974.728177000", + "frame.time_delta": "0.000395000", + "frame.time_delta_displayed": "0.000395000", + "frame.time_relative": "2383.267491000", + "frame.number": "8504", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000831a", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000299", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=665", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:17.506348000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495977.506348000", + "frame.time_delta": "2.778171000", + "frame.time_delta_displayed": "2.778171000", + "frame.time_relative": "2386.045662000", + "frame.number": "8505", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:19.726040000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495979.726040000", + "frame.time_delta": "2.219692000", + "frame.time_delta_displayed": "2.219692000", + "frame.time_relative": "2388.265354000", + "frame.number": "8506", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000205f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b791", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001459", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x00000299", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=665", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:19.726568000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495979.726568000", + "frame.time_delta": "0.000528000", + "frame.time_delta_displayed": "0.000528000", + "frame.time_relative": "2388.265882000", + "frame.number": "8507", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002060", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000988c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f554", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x00000299", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=665", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:19.727192000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495979.727192000", + "frame.time_delta": "0.000624000", + "frame.time_delta_displayed": "0.000624000", + "frame.time_relative": "2388.266506000", + "frame.number": "8508", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000831a", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x00000299", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=665", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:25.344543000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495985.344543000", + "frame.time_delta": "5.617351000", + "frame.time_delta_displayed": "5.617351000", + "frame.time_relative": "2393.883857000", + "frame.number": "8509", + "frame.len": "80", + "frame.cap_len": "80", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "66", + "ip.id": "0x00000bc8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ecfa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "46", + "udp.checksum": "0x00000aa1", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "26:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:04:57:7a:aa:99:ce:f2:14:6f:00:00:00:b9:0c", + "data.len": "38" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:28.850107000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495988.850107000", + "frame.time_delta": "3.505564000", + "frame.time_delta_displayed": "3.505564000", + "frame.time_relative": "2397.389421000", + "frame.number": "8510", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:31.257540000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495991.257540000", + "frame.time_delta": "2.407433000", + "frame.time_delta_displayed": "2.407433000", + "frame.time_relative": "2399.796854000", + "frame.number": "8511", + "frame.len": "412", + "frame.cap_len": "412", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "398", + "ip.id": "0x00009711", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007514", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "346", + "tcp.seq": "96931", + "tcp.nxtseq": "97277", + "tcp.ack": "19571", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001686", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:5a:60:a7:a4:08:24", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2644576, TSecr 2812545060": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2644576", + "tcp.options.timestamp.tsecr": "2812545060" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "346", + "tcp.analysis.push_bytes_sent": "346" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "341", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:9f:10:17:a9:af:3d:a9:d7:ee:17:fb:ce:05:e2:f9:11:8d:c5:43:3b:b9:1a:8f:8c:6e:84:b2:d3:a3:0f:57:9a:0e:75:bd:28:80:18:60:96:84:c8:24:42:83:dd:5a:1f:03:80:23:0d:24:99:ec:2a:0b:20:8d:39:7e:62:93:1e:99:d0:d7:4d:62:91:e8:91:10:3a:92:e8:3f:78:aa:d7:23:5e:95:68:8c:b0:30:3a:8b:d6:cd:be:01:66:2a:ae:71:99:e2:25:e5:06:f7:c7:8c:64:c2:87:e8:bd:94:68:6e:e1:4e:ed:3c:aa:aa:dd:5f:b9:3b:a8:aa:bd:c1:8e:59:cb:48:b9:ba:99:c4:dc:58:1c:5e:39:bd:e3:3b:bc:c9:20:e5:ac:bb:db:ff:4c:95:42:eb:04:64:55:d5:37:15:14:7d:1d:90:aa:3a:91:d1:21:88:4e:ef:0c:78:4f:af:cf:b9:34:b7:a9:25:38:42:78:ec:df:75:35:82:0d:61:09:10:85:0b:79:b7:15:22:49:a0:2b:ab:08:d3:e9:e7:95:a1:68:37:6f:f3:81:30:d1:b9:03:97:d6:9b:72:46:1d:ce:ec:00:0b:13:22:08:fd:98:de:bb:04:1d:a0:72:02:7d:99:d0:fc:66:44:11:51:81:3c:44:7d:76:3d:42:79:c2:a6:6f:b0:a5:38:c3:86:e2:fe:81:ff:69:00:3f:4a:a3:2e:53:1c:e5:f7:c3:26:a8:e5:d1:3b:1c:ae:9f:90:39:81:a1:94:69:de:9b:3c:dc:28:e8:a3:bf:a1:9a:49:75:24:54:2f:ce:12:7a:73:2c:6d:5c:af:ba:1f:8e:15:99:f6:f8:16:35:e5:99:5d:16:df:10:99" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:31.318254000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495991.318254000", + "frame.time_delta": "0.060714000", + "frame.time_delta_displayed": "0.060714000", + "frame.time_relative": "2399.857568000", + "frame.number": "8512", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002dfc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003754", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "19571", + "tcp.nxtseq": "19618", + "tcp.ack": "97277", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005d47", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:22:f2:00:28:5a:60", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812551922, TSecr 2644576": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812551922", + "tcp.options.timestamp.tsecr": "2644576" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8511", + "tcp.analysis.ack_rtt": "0.060714000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:df:bb:07:31:6e:bc:1f:d1:54:0d:a2:0b:73:38:5c:a3:f3:fc:ac:50:2a:6b:89:65:73:99:63:51:af:0f:d9:40:8d:b8:18" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:31.318663000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495991.318663000", + "frame.time_delta": "0.000409000", + "frame.time_delta_displayed": "0.000409000", + "frame.time_relative": "2399.857977000", + "frame.number": "8513", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009712", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000766d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "97277", + "tcp.ack": "19618", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000619c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:5a:67:a7:a4:22:f2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2644583, TSecr 2812551922": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2644583", + "tcp.options.timestamp.tsecr": "2812551922" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8512", + "tcp.analysis.ack_rtt": "0.000409000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:34.497900000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495994.497900000", + "frame.time_delta": "3.179237000", + "frame.time_delta_displayed": "3.179237000", + "frame.time_relative": "2403.037214000", + "frame.number": "8514", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000583a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a657", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5317", + "tcp.ack": "829", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000eebe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:34.641149000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495994.641149000", + "frame.time_delta": "0.143249000", + "frame.time_delta_displayed": "0.143249000", + "frame.time_relative": "2403.180463000", + "frame.number": "8515", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000101a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd77", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "829", + "tcp.ack": "5318", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f933", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:36.854433000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495996.854433000", + "frame.time_delta": "2.213284000", + "frame.time_delta_displayed": "2.213284000", + "frame.time_relative": "2405.393747000", + "frame.number": "8516", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005f8d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x0000585c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:39.507824000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495999.507824000", + "frame.time_delta": "2.653391000", + "frame.time_delta_displayed": "2.653391000", + "frame.time_relative": "2408.047138000", + "frame.number": "8517", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:39.507964000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509495999.507964000", + "frame.time_delta": "0.000140000", + "frame.time_delta_displayed": "0.000140000", + "frame.time_relative": "2408.047278000", + "frame.number": "8518", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:58.819396000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496018.819396000", + "frame.time_delta": "19.311432000", + "frame.time_delta_displayed": "19.311432000", + "frame.time_relative": "2427.358710000", + "frame.number": "8519", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000bc79", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00000cde", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:58.872198000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496018.872198000", + "frame.time_delta": "0.052802000", + "frame.time_delta_displayed": "0.052802000", + "frame.time_relative": "2427.411512000", + "frame.number": "8520", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000bc7c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00000cdb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:58.925070000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496018.925070000", + "frame.time_delta": "0.052872000", + "frame.time_delta_displayed": "0.052872000", + "frame.time_relative": "2427.464384000", + "frame.number": "8521", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000bc7d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00000cd1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:58.977940000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496018.977940000", + "frame.time_delta": "0.052870000", + "frame.time_delta_displayed": "0.052870000", + "frame.time_relative": "2427.517254000", + "frame.number": "8522", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000bc7f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00000ccf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:59.030817000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496019.030817000", + "frame.time_delta": "0.052877000", + "frame.time_delta_displayed": "0.052877000", + "frame.time_relative": "2427.570131000", + "frame.number": "8523", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000bc81", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00000cd3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:26:59.083649000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496019.083649000", + "frame.time_delta": "0.052832000", + "frame.time_delta_displayed": "0.052832000", + "frame.time_relative": "2427.622963000", + "frame.number": "8524", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000bc82", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00000cd2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:02.337641000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496022.337641000", + "frame.time_delta": "3.253992000", + "frame.time_delta_displayed": "3.253992000", + "frame.time_relative": "2430.876955000", + "frame.number": "8525", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009713", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000763b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "97277", + "tcp.nxtseq": "97326", + "tcp.ack": "19618", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cc8a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:66:85:a7:a4:22:f2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2647685, TSecr 2812551922": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2647685", + "tcp.options.timestamp.tsecr": "2812551922" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:a0:44:43:81:af:f4:fe:e6:f6:fb:ab:06:e9:e5:5f:d2:7b:57:e8:e0:39:63:3a:bc:ab:35:25:d1:25:14:eb:85:3e:78:37:cb:d8" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:02.448320000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496022.448320000", + "frame.time_delta": "0.110679000", + "frame.time_delta_displayed": "0.110679000", + "frame.time_relative": "2430.987634000", + "frame.number": "8526", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002dfd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000374b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "19618", + "tcp.nxtseq": "19673", + "tcp.ack": "97326", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000cef", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:41:4c:00:28:66:85", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812559692, TSecr 2647685": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812559692", + "tcp.options.timestamp.tsecr": "2647685" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8525", + "tcp.analysis.ack_rtt": "0.110679000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:e0:fd:7a:08:86:7e:6f:32:28:8c:49:38:29:89:a0:cf:3f:dd:6f:54:20:8a:8c:3a:05:7c:81:03:7a:bf:0e:c1:28:cd:a7:94:3b:f6:90:48:76:86:a6" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:02.448784000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496022.448784000", + "frame.time_delta": "0.000464000", + "frame.time_delta_displayed": "0.000464000", + "frame.time_relative": "2430.988098000", + "frame.number": "8527", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009714", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000766b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "97326", + "tcp.ack": "19673", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000036b1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:66:90:a7:a4:41:4c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2647696, TSecr 2812559692": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2647696", + "tcp.options.timestamp.tsecr": "2812559692" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8526", + "tcp.analysis.ack_rtt": "0.000464000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:04.637849000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496024.637849000", + "frame.time_delta": "2.189065000", + "frame.time_delta_displayed": "2.189065000", + "frame.time_relative": "2433.177163000", + "frame.number": "8528", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000583b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a656", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5317", + "tcp.ack": "829", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000eebe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:04.730567000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496024.730567000", + "frame.time_delta": "0.092718000", + "frame.time_delta_displayed": "0.092718000", + "frame.time_relative": "2433.269881000", + "frame.number": "8529", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002064", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b78c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001358", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x0000029a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=666", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:04.731079000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496024.731079000", + "frame.time_delta": "0.000512000", + "frame.time_delta_displayed": "0.000512000", + "frame.time_relative": "2433.270393000", + "frame.number": "8530", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002065", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009887", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f453", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x0000029a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=666", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:04.731710000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496024.731710000", + "frame.time_delta": "0.000631000", + "frame.time_delta_displayed": "0.000631000", + "frame.time_relative": "2433.271024000", + "frame.number": "8531", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008219", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x0000029a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=666", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:04.781087000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496024.781087000", + "frame.time_delta": "0.049377000", + "frame.time_delta_displayed": "0.049377000", + "frame.time_relative": "2433.320401000", + "frame.number": "8532", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000101b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd76", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "829", + "tcp.ack": "5318", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f933", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:06.904295000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496026.904295000", + "frame.time_delta": "2.123208000", + "frame.time_delta_displayed": "2.123208000", + "frame.time_relative": "2435.443609000", + "frame.number": "8533", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005f94", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005855", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:07.343431000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496027.343431000", + "frame.time_delta": "0.439136000", + "frame.time_delta_displayed": "0.439136000", + "frame.time_relative": "2435.882745000", + "frame.number": "8534", + "frame.len": "130", + "frame.cap_len": "130", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "116", + "ip.id": "0x00000bcb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ecc5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "96", + "udp.checksum": "0x000043a7", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3e:c4:38:d0:71:a3:ce:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", + "data.len": "88" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:07.450224000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496027.450224000", + "frame.time_delta": "0.106793000", + "frame.time_delta_displayed": "0.106793000", + "frame.time_relative": "2435.989538000", + "frame.number": "8535", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:07.450667000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496027.450667000", + "frame.time_delta": "0.000443000", + "frame.time_delta_displayed": "0.000443000", + "frame.time_relative": "2435.989981000", + "frame.number": "8536", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:09.647792000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496029.647792000", + "frame.time_delta": "2.197125000", + "frame.time_delta_displayed": "2.197125000", + "frame.time_relative": "2438.187106000", + "frame.number": "8537", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:09.647977000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496029.647977000", + "frame.time_delta": "0.000185000", + "frame.time_delta_displayed": "0.000185000", + "frame.time_relative": "2438.187291000", + "frame.number": "8538", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:09.730850000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496029.730850000", + "frame.time_delta": "0.082873000", + "frame.time_delta_displayed": "0.082873000", + "frame.time_relative": "2438.270164000", + "frame.number": "8539", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002069", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b787", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001358", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x0000029a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=666", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:09.731357000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496029.731357000", + "frame.time_delta": "0.000507000", + "frame.time_delta_displayed": "0.000507000", + "frame.time_relative": "2438.270671000", + "frame.number": "8540", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000206a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009882", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f453", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x0000029a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=666", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:09.731971000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496029.731971000", + "frame.time_delta": "0.000614000", + "frame.time_delta_displayed": "0.000614000", + "frame.time_relative": "2438.271285000", + "frame.number": "8541", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008219", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x0000029a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=666", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:10.243105000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496030.243105000", + "frame.time_delta": "0.511134000", + "frame.time_delta_displayed": "0.511134000", + "frame.time_relative": "2438.782419000", + "frame.number": "8542", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00000bcd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ece9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "58", + "udp.checksum": "0x000032b0", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "32:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:c4:b5:aa:1e:a4:ce:f2:14:0d:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:ec:12", + "data.len": "50" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:14.731138000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496034.731138000", + "frame.time_delta": "4.488033000", + "frame.time_delta_displayed": "4.488033000", + "frame.time_relative": "2443.270452000", + "frame.number": "8543", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000206b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b785", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001358", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x0000029a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=666", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:14.731644000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496034.731644000", + "frame.time_delta": "0.000506000", + "frame.time_delta_displayed": "0.000506000", + "frame.time_relative": "2443.270958000", + "frame.number": "8544", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000206c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009880", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f453", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x0000029a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=666", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:14.732243000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496034.732243000", + "frame.time_delta": "0.000599000", + "frame.time_delta_displayed": "0.000599000", + "frame.time_relative": "2443.271557000", + "frame.number": "8545", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008219", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x0000029a", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=666", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:20.007590000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496040.007590000", + "frame.time_delta": "5.275347000", + "frame.time_delta_displayed": "5.275347000", + "frame.time_relative": "2448.546904000", + "frame.number": "8546", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:f1:89:96:45:f6", + "eth.src_tree": { + "eth.src_resolved": "MurataMa_96:45:f6", + "eth.addr": "60:f1:89:96:45:f6", + "eth.addr_resolved": "MurataMa_96:45:f6", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "60:f1:89:96:45:f6", + "arp.src.proto_ipv4": "192.168.0.86", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:26.164506000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496046.164506000", + "frame.time_delta": "6.156916000", + "frame.time_delta_displayed": "6.156916000", + "frame.time_relative": "2454.703820000", + "frame.number": "8547", + "frame.len": "264", + "frame.cap_len": "264", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "250", + "ip.id": "0x00002dfe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000036bb", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "198", + "tcp.seq": "19673", + "tcp.nxtseq": "19871", + "tcp.ack": "97326", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000e1e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:58:81:00:28:66:90", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812565633, TSecr 2647696": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812565633", + "tcp.options.timestamp.tsecr": "2647696" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "198", + "tcp.analysis.push_bytes_sent": "198" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "193", + "ssl.app_data": "34:cd:34:17:47:48:0e:e1:3e:99:45:38:d1:c9:dc:6c:11:5d:8b:64:4e:5e:f3:0b:be:ab:da:da:9e:07:a2:63:39:a0:1b:28:3a:1e:30:ec:c5:21:1a:c4:f6:77:db:0a:98:f6:b9:c5:8a:ae:6b:6a:e3:15:f4:b9:1e:9c:3d:50:e1:80:42:a5:86:84:48:51:ac:aa:b3:5a:f2:06:71:88:aa:ed:8e:7c:6e:e5:50:f4:1f:c0:05:55:90:15:c1:f4:87:22:1d:f2:8a:ce:46:2d:fe:70:94:01:bb:ad:7d:a6:78:a4:16:58:4a:5b:7a:f6:4f:fe:cb:7a:7e:20:9c:c2:36:90:62:1d:96:7b:04:f3:53:1f:3b:c9:18:0a:dc:87:1e:eb:2a:31:3a:d7:c8:83:26:bc:69:f1:d3:18:c1:18:ea:49:55:52:6c:96:2f:63:13:cb:35:e1:76:4d:24:30:66:ef:5c:2c:78:12:a5:84:03:f5:a3:37:2d:ef:3b:44:17" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:26.165022000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496046.165022000", + "frame.time_delta": "0.000516000", + "frame.time_delta_displayed": "0.000516000", + "frame.time_relative": "2454.704336000", + "frame.number": "8548", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009715", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000766a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "97326", + "tcp.ack": "19871", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001573", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:6f:d3:a7:a4:58:81", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2650067, TSecr 2812565633": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2650067", + "tcp.options.timestamp.tsecr": "2812565633" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8547", + "tcp.analysis.ack_rtt": "0.000516000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:26.174407000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496046.174407000", + "frame.time_delta": "0.009385000", + "frame.time_delta_displayed": "0.009385000", + "frame.time_relative": "2454.713721000", + "frame.number": "8549", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x00009716", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007634", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "97326", + "tcp.nxtseq": "97379", + "tcp.ack": "19871", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000084ad", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:6f:d4:a7:a4:58:81", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2650068, TSecr 2812565633": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2650068", + "tcp.options.timestamp.tsecr": "2812565633" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:a1:8d:ba:5e:aa:f7:8f:3a:b0:f2:f9:f9:2d:01:05:e1:d5:b9:a5:4d:43:c5:5b:ff:63:57:2e:91:b3:b7:ce:7d:33:72:f1:3b:24:9b:b2:44:ec" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:26.273873000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496046.273873000", + "frame.time_delta": "0.099466000", + "frame.time_delta_displayed": "0.099466000", + "frame.time_relative": "2454.813187000", + "frame.number": "8550", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002dff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003780", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "19871", + "tcp.ack": "97379", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001610", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:58:9d:00:28:6f:d4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812565661, TSecr 2650068": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812565661", + "tcp.options.timestamp.tsecr": "2650068" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8549", + "tcp.analysis.ack_rtt": "0.099466000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:26.274499000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496046.274499000", + "frame.time_delta": "0.000626000", + "frame.time_delta_displayed": "0.000626000", + "frame.time_relative": "2454.813813000", + "frame.number": "8551", + "frame.len": "1442", + "frame.cap_len": "1442", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1428", + "ip.id": "0x00009717", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007108", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1376", + "tcp.seq": "97379", + "tcp.nxtseq": "98755", + "tcp.ack": "19871", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a5f5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:6f:de:a7:a4:58:9d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2650078, TSecr 2812565661": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2650078", + "tcp.options.timestamp.tsecr": "2812565661" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1376", + "tcp.analysis.push_bytes_sent": "1376" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:a2:65:49:88:5b:8b:24:5e:b2:8b:8c:d3:c6:7e:d0:3d:f6:43:0d:b3:6e:d4:15:02:16:ff:9a:a1:05:02:46:d2:fa:7e:8e:23:97:69:56:02:a8:02" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "96", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:a3:9f:04:89:c9:d2:2d:47:8f:c8:34:bf:41:ed:be:af:c3:34:5e:fa:80:58:9c:b9:96:73:f1:74:16:77:14:23:54:e1:cc:21:9c:ec:ab:bc:e1:ca:7e:4c:19:8c:dd:70:7b:c3:d9:f7:37:c9:5e:e8:92:bb:37:c0:54:0d:76:97:4c:bd:8d:de:4e:7e:09:6f:13:b4:39:88:b5:ed:b8:8f:9d:22:e1:54:7a:e3:3c:0a:95" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1078", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:a4:e3:17:bd:4a:cc:b5:a1:a8:87:1a:1e:70:cb:a8:7d:26:df:b9:3d:15:35:4f:86:41:7d:60:9e:fc:a6:3c:65:c1:6c:91:36:ea:e3:1f:26:46:e0:9d:32:f2:45:f2:4c:ae:ee:47:30:8d:ea:b6:8c:a2:ec:74:6a:a7:e6:45:9c:f0:ab:44:e8:35:75:c4:6c:80:ba:e3:70:0e:66:f4:e3:f0:7e:7c:75:89:2d:87:be:c7:4b:74:28:f6:5d:04:82:d7:c3:b1:60:2c:94:e6:75:fa:d9:57:8a:57:0c:8b:62:53:d9:46:df:4a:05:99:c4:69:5d:46:e4:6c:71:29:9d:b8:2a:41:dc:47:06:94:67:92:d2:e3:1e:31:2a:db:dd:6b:7d:0b:8b:86:64:a1:a3:c2:df:2c:75:2e:ee:78:5d:26:98:12:87:2f:43:d0:53:c8:89:b1:08:68:af:24:79:a1:b3:b5:43:43:ca:12:70:99:90:a2:3a:54:b4:2f:cb:e4:bc:1e:0d:7e:a6:23:7e:18:b7:25:54:ec:67:94:07:35:96:7b:bf:6a:4b:14:60:b8:1d:d6:b8:ed:b5:3f:1b:c3:dd:a7:46:2d:63:80:e4:8f:c9:67:d2:6b:cd:d0:5b:26:7c:67:96:0d:26:76:6e:a5:e6:11:05:ef:86:0d:c6:82:e8:a6:d8:76:36:fb:91:cc:ec:05:30:f2:1a:45:ae:25:dc:9e:23:2c:e3:fc:17:6b:92:28:a6:9b:63:df:76:af:8c:9b:83:1b:c6:4c:ed:af:60:57:0d:6d:d8:74:c3:96:9a:7e:12:69:bf:f5:f0:98:ea:6b:07:07:ab:c4:a3:b3:6a:45:c9:66:5e:89:b5:94:cc:18:d0:84:1c:c9:7c:3f:8c:ea:b8:d2:d7:fa:5f:f9:88:93:f8:cb:5a:22:5e:c2:d1:5d:86:90:93:64:a3:61:20:97:3a:9a:bc:84:1c:54:9c:33:47:66:e7:c4:31:09:4c:d6:4b:40:fc:ef:6c:01:8d:d7:54:58:02:c5:9d:a2:0f:98:67:13:89:a1:22:b8:b4:57:5d:97:a1:d9:3e:ae:9d:24:d1:04:45:ab:8d:06:75:eb:30:4a:c2:0d:32:cb:66:a4:3b:cb:db:3d:a7:32:af:68:17:6d:90:ed:18:1f:72:33:43:eb:ca:51:b3:1e:c2:22:b8:fc:59:6d:30:04:3d:04:e9:b6:54:5c:cf:27:5e:31:0e:40:27:30:5c:0e:1c:a7:68:7e:2a:08:fa:42:1c:22:d6:9e:59:07:18:33:a2:77:08:14:a2:09:5d:2e:ad:b6:31:4e:03:c9:ed:34:70:11:d1:f3:9a:84:dc:f8:f5:51:c6:c9:48:8b:a3:c1:92:c4:64:22:a4:3e:b7:2b:63:f6:cd:2e:ce:1b:29:ad:16:c4:a2:c1:ca:c9:f4:a4:31:05:ef:a3:ea:89:28:a4:f0:7a:12:fb:bc:69:f4:4d:5b:f6:eb:2d:0f:cc:8f:d7:37:7d:5d:97:0f:5e:63:ba:8e:09:03:6a:98:b2:9a:b4:b2:50:71:f0:1f:0e:53:88:ce:52:c1:db:14:e0:22:a2:54:b4:dd:44:d2:1a:9c:46:cb:b8:4e:ac:1f:cf:e7:74:55:9b:38:f3:3d:64:17:cf:68:24:70:c2:65:b2:42:87:3d:10:70:33:d1:9b:24:01:67:a0:76:dc:5a:6c:56:0e:4c:6e:d1:b7:48:e1:f6:b9:a4:cc:d2:05:8f:b9:fa:7e:6a:28:d3:31:ac:fc:7a:3e:66:48:2e:2f:8e:9d:57:5f:94:19:6d:96:a8:7f:c0:7e:c8:ca:55:6b:b4:56:37:b2:7b:82:a5:17:15:71:7f:33:37:7e:f9:42:6a:46:a8:3a:f3:b5:13:7b:f1:47:01:98:43:e6:3a:73:e0:56:19:3f:3c:12:3b:18:43:44:25:ed:c2:d6:96:52:ea:2e:41:c2:2e:bb:ed:c9:9c:d7:4a:0f:9a:da:ab:12:20:86:2c:ed:f0:9b:05:c1:8d:26:d8:ed:02:0b:6c:c5:05:95:3d:b7:be:82:43:05:e9:f7:15:e6:19:0e:f0:1a:3e:b0:f8:9d:c1:15:bc:64:17:b6:98:e9:33:3f:c1:65:64:8b:0e:10:53:b1:b7:39:57:fe:77:78:9f:1a:cf:26:2d:12:65:09:4e:59:f3:30:25:1b:cf:26:6d:09:f7:1f:e2:42:64:b8:e8:97:2e:ca:c0:a9:5f:9b:69:42:0b:d4:1c:fd:36:82:27:10:a8:0f:3f:12:90:3d:bd:6d:74:ef:42:46:dc:10:dc:12:aa:1a:ae:76:3d:ae:6c:94:6e:31:dc:5f:e5:6a:a0:67:cc:ef:c5:01:ff:68:6e:cf:9d:17:51:b5:5b:3e:7c:82:f9:ff:fd:ee:07:6f:29:3a:5f:72:fe:63:1c:1d:90:93:a5:cf:22:06:03:d3:14:c5:c4:db:e4:a3:00:ea:f0:0a:ac:4f:d9:9a:c5:8d:b1:95:0c:73:3b:e6:a4:a1:f2:cc:3e:49:29:6e:54:52:bb:ea:11:d3:55:3b:98:ca:c3:77:2c:5e:49:99:85:d6:8e:f8:78:11:14:a6:9e:6d:6d:2f:28:c0:18:60:11:e2:27:74:f4:7e:73:8c:c6:8d:92:5b:24:14:11:8c:56:bd:43:db:64:72:ba:39:b9:34:00:4e:25:aa:50:f3:c5:c0:c5:2a:f6:14:df:5d:08:81:c8:ce:d4:28:c6:8b:ca:a7:db:aa:94:cd:57:91:68:be:90:26:b6:f9:f4:cd:52:7d:d0:29:4e:b3:3d:8f:c6:6e:b0:5a:e4:2b:a9:23" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "133", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:a5:97:38:9d:6c:e8:6b:11:46:dc:5d:11:73:a9:1c:6c:f1:2d:b6:eb:7a:10:f6:fb:99:d2:05:ce:09:8b:47:09:8c:72:44:c0:b0:3d:9c:55:5a:da:87:30:2c:72:56:1f:90:5e:68:c7:d0:6f:88:f9:b0:59:e2:5f:1e:15:7a:7f:4c:47:1d:35:a5:82:05:0d:98:f6:67:7a:e0:a6:24:b8:b4:4d:b5:90:68:8e:12:9d:58:9b:d5:60:ef:76:ce:23:e7:7b:58:16:e4:9f:47:c7:c7:03:0f:4d:4e:0b:5a:b7:56:5e:4a:92:e2:02:aa:ae:e8:64:a1:be:68:53" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:26.334899000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496046.334899000", + "frame.time_delta": "0.060400000", + "frame.time_delta_displayed": "0.060400000", + "frame.time_relative": "2454.874213000", + "frame.number": "8552", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e00", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000377f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "19871", + "tcp.ack": "98755", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001097", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:58:ac:00:28:6f:de", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812565676, TSecr 2650078": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812565676", + "tcp.options.timestamp.tsecr": "2650078" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8551", + "tcp.analysis.ack_rtt": "0.060400000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:26.586961000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496046.586961000", + "frame.time_delta": "0.252062000", + "frame.time_delta_displayed": "0.252062000", + "frame.time_relative": "2455.126275000", + "frame.number": "8553", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009718", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007631", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "98755", + "tcp.nxtseq": "98809", + "tcp.ack": "19871", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000038aa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:6f:fe:a7:a4:58:ac", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2650110, TSecr 2812565676": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2650110", + "tcp.options.timestamp.tsecr": "2812565676" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:a6:65:6c:54:b9:63:80:6b:a9:f8:94:30:25:7a:83:0c:bd:da:b9:aa:ed:c7:5b:c9:39:db:ff:a7:30:d9:9f:9c:31:ff:40:31:e0:cb:1d:44:60:f5" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:26.647371000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496046.647371000", + "frame.time_delta": "0.060410000", + "frame.time_delta_displayed": "0.060410000", + "frame.time_relative": "2455.186685000", + "frame.number": "8554", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e01", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000377e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "19871", + "tcp.ack": "98809", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000ff3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:58:fa:00:28:6f:fe", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812565754, TSecr 2650110": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812565754", + "tcp.options.timestamp.tsecr": "2650110" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8553", + "tcp.analysis.ack_rtt": "0.060410000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:28.849328000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496048.849328000", + "frame.time_delta": "2.201957000", + "frame.time_delta_displayed": "2.201957000", + "frame.time_relative": "2457.388642000", + "frame.number": "8555", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.428014000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.428014000", + "frame.time_delta": "1.578686000", + "frame.time_delta_displayed": "1.578686000", + "frame.time_relative": "2458.967328000", + "frame.number": "8556", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x00002132", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e712", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52117", + "udp.dstport": "1900", + "udp.port": "52117", + "udp.port": "1900", + "udp.length": "134", + "udp.checksum": "0x00004d48", + "udp.checksum.status": "2", + "udp.stream": "10" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "21", + "http.prev_request_in": "8360" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.809067000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.809067000", + "frame.time_delta": "0.381053000", + "frame.time_delta_displayed": "0.381053000", + "frame.time_relative": "2459.348381000", + "frame.number": "8557", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000ca13", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ed37", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "121", + "http.prev_response_in": "8418" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.817752000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.817752000", + "frame.time_delta": "0.008685000", + "frame.time_delta_displayed": "0.008685000", + "frame.time_relative": "2459.357066000", + "frame.number": "8558", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001d2a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b3d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54905", + "tcp.dstport": "80", + "tcp.port": "54905", + "tcp.port": "80", + "tcp.stream": "327", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00005649", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.818295000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.818295000", + "frame.time_delta": "0.000543000", + "frame.time_delta_displayed": "0.000543000", + "frame.time_relative": "2459.357609000", + "frame.number": "8559", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54905", + "tcp.port": "80", + "tcp.port": "54905", + "tcp.stream": "327", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000410f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8558", + "tcp.analysis.ack_rtt": "0.000543000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.825582000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.825582000", + "frame.time_delta": "0.007287000", + "frame.time_delta_displayed": "0.007287000", + "frame.time_relative": "2459.364896000", + "frame.number": "8560", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d2b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b48", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54905", + "tcp.dstport": "80", + "tcp.port": "54905", + "tcp.port": "80", + "tcp.stream": "327", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f2ed", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8559", + "tcp.analysis.ack_rtt": "0.007287000", + "tcp.analysis.initial_rtt": "0.007830000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.826176000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.826176000", + "frame.time_delta": "0.000594000", + "frame.time_delta_displayed": "0.000594000", + "frame.time_relative": "2459.365490000", + "frame.number": "8561", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001d2c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005aa0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54905", + "tcp.dstport": "80", + "tcp.port": "54905", + "tcp.port": "80", + "tcp.stream": "327", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000867", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007830000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.826648000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.826648000", + "frame.time_delta": "0.000472000", + "frame.time_delta_displayed": "0.000472000", + "frame.time_relative": "2459.365962000", + "frame.number": "8562", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002fa2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000088d1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54905", + "tcp.port": "80", + "tcp.port": "54905", + "tcp.stream": "327", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e47e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8561", + "tcp.analysis.ack_rtt": "0.000472000", + "tcp.analysis.initial_rtt": "0.007830000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.827224000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.827224000", + "frame.time_delta": "0.000576000", + "frame.time_delta_displayed": "0.000576000", + "frame.time_relative": "2459.366538000", + "frame.number": "8563", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00002fa3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000088bf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54905", + "tcp.port": "80", + "tcp.port": "54905", + "tcp.stream": "327", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000024a0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007830000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.827576000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.827576000", + "frame.time_delta": "0.000352000", + "frame.time_delta_displayed": "0.000352000", + "frame.time_relative": "2459.366890000", + "frame.number": "8564", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00002fa4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000084ec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54905", + "tcp.port": "80", + "tcp.port": "54905", + "tcp.stream": "327", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007709", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007830000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "8563", + "tcp.segment": "8564", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001400000", + "http.request_in": "8561", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.827915000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.827915000", + "frame.time_delta": "0.000339000", + "frame.time_delta_displayed": "0.000339000", + "frame.time_relative": "2459.367229000", + "frame.number": "8565", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00002fa5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000084eb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54905", + "tcp.port": "80", + "tcp.port": "54905", + "tcp.stream": "327", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007709", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007830000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.830395000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.830395000", + "frame.time_delta": "0.002480000", + "frame.time_delta_displayed": "0.002480000", + "frame.time_relative": "2459.369709000", + "frame.number": "8566", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001d2d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b3a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54905", + "tcp.dstport": "80", + "tcp.port": "54905", + "tcp.port": "80", + "tcp.stream": "327", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000781a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:81:4d:1c:d3:81:4d:20:b6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8564", + "tcp.analysis.ack_rtt": "0.002819000", + "tcp.analysis.initial_rtt": "0.007830000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.830880000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.830880000", + "frame.time_delta": "0.000485000", + "frame.time_delta_displayed": "0.000485000", + "frame.time_relative": "2459.370194000", + "frame.number": "8567", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d2e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b45", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54905", + "tcp.dstport": "80", + "tcp.port": "54905", + "tcp.port": "80", + "tcp.stream": "327", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ee54", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.831310000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.831310000", + "frame.time_delta": "0.000430000", + "frame.time_delta_displayed": "0.000430000", + "frame.time_relative": "2459.370624000", + "frame.number": "8568", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a828", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000104b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54905", + "tcp.port": "80", + "tcp.port": "54905", + "tcp.stream": "327", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e088", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8567", + "tcp.analysis.ack_rtt": "0.000430000", + "tcp.analysis.initial_rtt": "0.007830000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.861954000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.861954000", + "frame.time_delta": "0.030644000", + "frame.time_delta_displayed": "0.030644000", + "frame.time_relative": "2459.401268000", + "frame.number": "8569", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000ca15", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ed2c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "122", + "http.prev_response_in": "8557" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.881718000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.881718000", + "frame.time_delta": "0.019764000", + "frame.time_delta_displayed": "0.019764000", + "frame.time_relative": "2459.421032000", + "frame.number": "8570", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001d2f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b38", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54906", + "tcp.dstport": "80", + "tcp.port": "54906", + "tcp.port": "80", + "tcp.stream": "328", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000ba75", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.882268000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.882268000", + "frame.time_delta": "0.000550000", + "frame.time_delta_displayed": "0.000550000", + "frame.time_relative": "2459.421582000", + "frame.number": "8571", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54906", + "tcp.port": "80", + "tcp.port": "54906", + "tcp.stream": "328", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000073b1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8570", + "tcp.analysis.ack_rtt": "0.000550000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.890225000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.890225000", + "frame.time_delta": "0.007957000", + "frame.time_delta_displayed": "0.007957000", + "frame.time_relative": "2459.429539000", + "frame.number": "8572", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d30", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b43", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54906", + "tcp.dstport": "80", + "tcp.port": "54906", + "tcp.port": "80", + "tcp.stream": "328", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002590", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8571", + "tcp.analysis.ack_rtt": "0.007957000", + "tcp.analysis.initial_rtt": "0.008507000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.890704000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.890704000", + "frame.time_delta": "0.000479000", + "frame.time_delta_displayed": "0.000479000", + "frame.time_relative": "2459.430018000", + "frame.number": "8573", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001d31", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005a9b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54906", + "tcp.dstport": "80", + "tcp.port": "54906", + "tcp.port": "80", + "tcp.stream": "328", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003b09", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008507000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.891246000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.891246000", + "frame.time_delta": "0.000542000", + "frame.time_delta_displayed": "0.000542000", + "frame.time_relative": "2459.430560000", + "frame.number": "8574", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000afa6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000008cd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54906", + "tcp.port": "80", + "tcp.port": "54906", + "tcp.stream": "328", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00001721", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8573", + "tcp.analysis.ack_rtt": "0.000542000", + "tcp.analysis.initial_rtt": "0.008507000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.891818000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.891818000", + "frame.time_delta": "0.000572000", + "frame.time_delta_displayed": "0.000572000", + "frame.time_relative": "2459.431132000", + "frame.number": "8575", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000afa7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000008bb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54906", + "tcp.port": "80", + "tcp.port": "54906", + "tcp.stream": "328", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005742", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008507000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.892170000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.892170000", + "frame.time_delta": "0.000352000", + "frame.time_delta_displayed": "0.000352000", + "frame.time_relative": "2459.431484000", + "frame.number": "8576", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000afa8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000004e8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54906", + "tcp.port": "80", + "tcp.port": "54906", + "tcp.stream": "328", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a9ab", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008507000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "8575", + "tcp.segment": "8576", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001466000", + "http.request_in": "8573", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.907178000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.907178000", + "frame.time_delta": "0.015008000", + "frame.time_delta_displayed": "0.015008000", + "frame.time_relative": "2459.446492000", + "frame.number": "8577", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d32", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b41", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54906", + "tcp.dstport": "80", + "tcp.port": "54906", + "tcp.port": "80", + "tcp.stream": "328", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000020f8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8576", + "tcp.analysis.ack_rtt": "0.015008000", + "tcp.analysis.initial_rtt": "0.008507000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.907816000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.907816000", + "frame.time_delta": "0.000638000", + "frame.time_delta_displayed": "0.000638000", + "frame.time_relative": "2459.447130000", + "frame.number": "8578", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d33", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b40", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54906", + "tcp.dstport": "80", + "tcp.port": "54906", + "tcp.port": "80", + "tcp.stream": "328", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000020f7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.908272000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.908272000", + "frame.time_delta": "0.000456000", + "frame.time_delta_displayed": "0.000456000", + "frame.time_relative": "2459.447586000", + "frame.number": "8579", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a82a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001049", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54906", + "tcp.port": "80", + "tcp.port": "54906", + "tcp.stream": "328", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000132b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8578", + "tcp.analysis.ack_rtt": "0.000456000", + "tcp.analysis.initial_rtt": "0.008507000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.914873000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.914873000", + "frame.time_delta": "0.006601000", + "frame.time_delta_displayed": "0.006601000", + "frame.time_relative": "2459.454187000", + "frame.number": "8580", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000ca18", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ed2f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "123", + "http.prev_response_in": "8569" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.924638000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.924638000", + "frame.time_delta": "0.009765000", + "frame.time_delta_displayed": "0.009765000", + "frame.time_relative": "2459.463952000", + "frame.number": "8581", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001d34", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b33", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54907", + "tcp.dstport": "80", + "tcp.port": "54907", + "tcp.port": "80", + "tcp.stream": "329", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000a96a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.925172000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.925172000", + "frame.time_delta": "0.000534000", + "frame.time_delta_displayed": "0.000534000", + "frame.time_relative": "2459.464486000", + "frame.number": "8582", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54907", + "tcp.port": "80", + "tcp.port": "54907", + "tcp.stream": "329", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00002471", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8581", + "tcp.analysis.ack_rtt": "0.000534000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.932374000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.932374000", + "frame.time_delta": "0.007202000", + "frame.time_delta_displayed": "0.007202000", + "frame.time_relative": "2459.471688000", + "frame.number": "8583", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d35", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b3e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54907", + "tcp.dstport": "80", + "tcp.port": "54907", + "tcp.port": "80", + "tcp.stream": "329", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d64f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8582", + "tcp.analysis.ack_rtt": "0.007202000", + "tcp.analysis.initial_rtt": "0.007736000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.933033000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.933033000", + "frame.time_delta": "0.000659000", + "frame.time_delta_displayed": "0.000659000", + "frame.time_relative": "2459.472347000", + "frame.number": "8584", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001d36", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005a96", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54907", + "tcp.dstport": "80", + "tcp.port": "54907", + "tcp.port": "80", + "tcp.stream": "329", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ebc8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007736000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.933518000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.933518000", + "frame.time_delta": "0.000485000", + "frame.time_delta_displayed": "0.000485000", + "frame.time_relative": "2459.472832000", + "frame.number": "8585", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002ae2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008d91", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54907", + "tcp.port": "80", + "tcp.port": "54907", + "tcp.stream": "329", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c7e0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8584", + "tcp.analysis.ack_rtt": "0.000485000", + "tcp.analysis.initial_rtt": "0.007736000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.934159000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.934159000", + "frame.time_delta": "0.000641000", + "frame.time_delta_displayed": "0.000641000", + "frame.time_relative": "2459.473473000", + "frame.number": "8586", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00002ae3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008d7f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54907", + "tcp.port": "80", + "tcp.port": "54907", + "tcp.stream": "329", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00000802", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007736000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.934513000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.934513000", + "frame.time_delta": "0.000354000", + "frame.time_delta_displayed": "0.000354000", + "frame.time_relative": "2459.473827000", + "frame.number": "8587", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00002ae4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000089ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54907", + "tcp.port": "80", + "tcp.port": "54907", + "tcp.stream": "329", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005a6b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007736000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "8586", + "tcp.segment": "8587", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001480000", + "http.request_in": "8584", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.941744000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.941744000", + "frame.time_delta": "0.007231000", + "frame.time_delta_displayed": "0.007231000", + "frame.time_relative": "2459.481058000", + "frame.number": "8588", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d37", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b3c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54907", + "tcp.dstport": "80", + "tcp.port": "54907", + "tcp.port": "80", + "tcp.stream": "329", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d1b7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8587", + "tcp.analysis.ack_rtt": "0.007231000", + "tcp.analysis.initial_rtt": "0.007736000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.942591000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.942591000", + "frame.time_delta": "0.000847000", + "frame.time_delta_displayed": "0.000847000", + "frame.time_relative": "2459.481905000", + "frame.number": "8589", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d38", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b3b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54907", + "tcp.dstport": "80", + "tcp.port": "54907", + "tcp.port": "80", + "tcp.stream": "329", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d1b6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:30.943026000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496050.943026000", + "frame.time_delta": "0.000435000", + "frame.time_delta_displayed": "0.000435000", + "frame.time_relative": "2459.482340000", + "frame.number": "8590", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a82d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001046", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54907", + "tcp.port": "80", + "tcp.port": "54907", + "tcp.stream": "329", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c3ea", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8589", + "tcp.analysis.ack_rtt": "0.000435000", + "tcp.analysis.initial_rtt": "0.007736000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.861801000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.861801000", + "frame.time_delta": "0.918775000", + "frame.time_delta_displayed": "0.918775000", + "frame.time_relative": "2460.401115000", + "frame.number": "8591", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000ca3a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ed10", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "124", + "http.prev_response_in": "8580" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.865824000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.865824000", + "frame.time_delta": "0.004023000", + "frame.time_delta_displayed": "0.004023000", + "frame.time_relative": "2460.405138000", + "frame.number": "8592", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001d3a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b2d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54908", + "tcp.dstport": "80", + "tcp.port": "54908", + "tcp.port": "80", + "tcp.stream": "330", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000054fc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.866357000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.866357000", + "frame.time_delta": "0.000533000", + "frame.time_delta_displayed": "0.000533000", + "frame.time_relative": "2460.405671000", + "frame.number": "8593", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54908", + "tcp.port": "80", + "tcp.port": "54908", + "tcp.stream": "330", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000046ca", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8592", + "tcp.analysis.ack_rtt": "0.000533000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.874249000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.874249000", + "frame.time_delta": "0.007892000", + "frame.time_delta_displayed": "0.007892000", + "frame.time_relative": "2460.413563000", + "frame.number": "8594", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d3b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b38", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54908", + "tcp.dstport": "80", + "tcp.port": "54908", + "tcp.port": "80", + "tcp.stream": "330", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f8a8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8593", + "tcp.analysis.ack_rtt": "0.007892000", + "tcp.analysis.initial_rtt": "0.008425000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.874943000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.874943000", + "frame.time_delta": "0.000694000", + "frame.time_delta_displayed": "0.000694000", + "frame.time_relative": "2460.414257000", + "frame.number": "8595", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001d3c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005a90", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54908", + "tcp.dstport": "80", + "tcp.port": "54908", + "tcp.port": "80", + "tcp.stream": "330", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00000e22", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008425000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.875505000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.875505000", + "frame.time_delta": "0.000562000", + "frame.time_delta_displayed": "0.000562000", + "frame.time_relative": "2460.414819000", + "frame.number": "8596", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e955", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cf1d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54908", + "tcp.port": "80", + "tcp.port": "54908", + "tcp.stream": "330", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ea39", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8595", + "tcp.analysis.ack_rtt": "0.000562000", + "tcp.analysis.initial_rtt": "0.008425000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.876126000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.876126000", + "frame.time_delta": "0.000621000", + "frame.time_delta_displayed": "0.000621000", + "frame.time_relative": "2460.415440000", + "frame.number": "8597", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000e956", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cf0b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54908", + "tcp.port": "80", + "tcp.port": "54908", + "tcp.stream": "330", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002a5b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008425000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.876545000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.876545000", + "frame.time_delta": "0.000419000", + "frame.time_delta_displayed": "0.000419000", + "frame.time_relative": "2460.415859000", + "frame.number": "8598", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000e957", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cb38", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54908", + "tcp.port": "80", + "tcp.port": "54908", + "tcp.stream": "330", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007cc4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.008425000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "8597", + "tcp.segment": "8598", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001602000", + "http.request_in": "8595", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.882655000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.882655000", + "frame.time_delta": "0.006110000", + "frame.time_delta_displayed": "0.006110000", + "frame.time_relative": "2460.421969000", + "frame.number": "8599", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d3d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b36", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54908", + "tcp.dstport": "80", + "tcp.port": "54908", + "tcp.port": "80", + "tcp.stream": "330", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f410", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8598", + "tcp.analysis.ack_rtt": "0.006110000", + "tcp.analysis.initial_rtt": "0.008425000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.883239000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.883239000", + "frame.time_delta": "0.000584000", + "frame.time_delta_displayed": "0.000584000", + "frame.time_relative": "2460.422553000", + "frame.number": "8600", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d3e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b35", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54908", + "tcp.dstport": "80", + "tcp.port": "54908", + "tcp.port": "80", + "tcp.stream": "330", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f40f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.883694000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.883694000", + "frame.time_delta": "0.000455000", + "frame.time_delta_displayed": "0.000455000", + "frame.time_relative": "2460.423008000", + "frame.number": "8601", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a833", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001040", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54908", + "tcp.port": "80", + "tcp.port": "54908", + "tcp.stream": "330", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e643", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8600", + "tcp.analysis.ack_rtt": "0.000455000", + "tcp.analysis.initial_rtt": "0.008425000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.914978000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.914978000", + "frame.time_delta": "0.031284000", + "frame.time_delta_displayed": "0.031284000", + "frame.time_relative": "2460.454292000", + "frame.number": "8602", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000ca3b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ed06", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "125", + "http.prev_response_in": "8591" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.925289000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.925289000", + "frame.time_delta": "0.010311000", + "frame.time_delta_displayed": "0.010311000", + "frame.time_relative": "2460.464603000", + "frame.number": "8603", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001d3f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b28", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54909", + "tcp.dstport": "80", + "tcp.port": "54909", + "tcp.port": "80", + "tcp.stream": "331", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000ce5d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.925849000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.925849000", + "frame.time_delta": "0.000560000", + "frame.time_delta_displayed": "0.000560000", + "frame.time_relative": "2460.465163000", + "frame.number": "8604", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54909", + "tcp.port": "80", + "tcp.port": "54909", + "tcp.stream": "331", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000be13", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8603", + "tcp.analysis.ack_rtt": "0.000560000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.932745000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.932745000", + "frame.time_delta": "0.006896000", + "frame.time_delta_displayed": "0.006896000", + "frame.time_relative": "2460.472059000", + "frame.number": "8605", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d40", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b33", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54909", + "tcp.dstport": "80", + "tcp.port": "54909", + "tcp.port": "80", + "tcp.stream": "331", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006ff2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8604", + "tcp.analysis.ack_rtt": "0.006896000", + "tcp.analysis.initial_rtt": "0.007456000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.933323000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.933323000", + "frame.time_delta": "0.000578000", + "frame.time_delta_displayed": "0.000578000", + "frame.time_relative": "2460.472637000", + "frame.number": "8606", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001d41", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005a8b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54909", + "tcp.dstport": "80", + "tcp.port": "54909", + "tcp.port": "80", + "tcp.stream": "331", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000856b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007456000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.933806000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.933806000", + "frame.time_delta": "0.000483000", + "frame.time_delta_displayed": "0.000483000", + "frame.time_relative": "2460.473120000", + "frame.number": "8607", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007782", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000040f1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54909", + "tcp.port": "80", + "tcp.port": "54909", + "tcp.stream": "331", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006183", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8606", + "tcp.analysis.ack_rtt": "0.000483000", + "tcp.analysis.initial_rtt": "0.007456000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.934455000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.934455000", + "frame.time_delta": "0.000649000", + "frame.time_delta_displayed": "0.000649000", + "frame.time_relative": "2460.473769000", + "frame.number": "8608", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00007783", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000040df", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54909", + "tcp.port": "80", + "tcp.port": "54909", + "tcp.stream": "331", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000a1a4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007456000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.934805000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.934805000", + "frame.time_delta": "0.000350000", + "frame.time_delta_displayed": "0.000350000", + "frame.time_relative": "2460.474119000", + "frame.number": "8609", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00007784", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003d0c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54909", + "tcp.port": "80", + "tcp.port": "54909", + "tcp.stream": "331", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000f40d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.007456000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "8608", + "tcp.segment": "8609", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001482000", + "http.request_in": "8606", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.941141000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.941141000", + "frame.time_delta": "0.006336000", + "frame.time_delta_displayed": "0.006336000", + "frame.time_relative": "2460.480455000", + "frame.number": "8610", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d42", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b31", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54909", + "tcp.dstport": "80", + "tcp.port": "54909", + "tcp.port": "80", + "tcp.stream": "331", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006b5a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8609", + "tcp.analysis.ack_rtt": "0.006336000", + "tcp.analysis.initial_rtt": "0.007456000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.941710000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.941710000", + "frame.time_delta": "0.000569000", + "frame.time_delta_displayed": "0.000569000", + "frame.time_relative": "2460.481024000", + "frame.number": "8611", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d43", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b30", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54909", + "tcp.dstport": "80", + "tcp.port": "54909", + "tcp.port": "80", + "tcp.stream": "331", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006b59", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.942160000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.942160000", + "frame.time_delta": "0.000450000", + "frame.time_delta_displayed": "0.000450000", + "frame.time_relative": "2460.481474000", + "frame.number": "8612", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a838", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000103b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54909", + "tcp.port": "80", + "tcp.port": "54909", + "tcp.stream": "331", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005d8d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8611", + "tcp.analysis.ack_rtt": "0.000450000", + "tcp.analysis.initial_rtt": "0.007456000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.968247000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.968247000", + "frame.time_delta": "0.026087000", + "frame.time_delta_displayed": "0.026087000", + "frame.time_relative": "2460.507561000", + "frame.number": "8613", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000ca40", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ed07", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "126", + "http.prev_response_in": "8602" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.992728000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.992728000", + "frame.time_delta": "0.024481000", + "frame.time_delta_displayed": "0.024481000", + "frame.time_relative": "2460.532042000", + "frame.number": "8614", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001d44", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b23", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54910", + "tcp.dstport": "80", + "tcp.port": "54910", + "tcp.port": "80", + "tcp.stream": "332", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000a7b8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.993287000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.993287000", + "frame.time_delta": "0.000559000", + "frame.time_delta_displayed": "0.000559000", + "frame.time_relative": "2460.532601000", + "frame.number": "8615", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54910", + "tcp.port": "80", + "tcp.port": "54910", + "tcp.stream": "332", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00003f7c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8614", + "tcp.analysis.ack_rtt": "0.000559000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:31.999438000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496051.999438000", + "frame.time_delta": "0.006151000", + "frame.time_delta_displayed": "0.006151000", + "frame.time_relative": "2460.538752000", + "frame.number": "8616", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d45", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b2e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54910", + "tcp.dstport": "80", + "tcp.port": "54910", + "tcp.port": "80", + "tcp.stream": "332", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000f15a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8615", + "tcp.analysis.ack_rtt": "0.006151000", + "tcp.analysis.initial_rtt": "0.006710000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:32.000612000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496052.000612000", + "frame.time_delta": "0.001174000", + "frame.time_delta_displayed": "0.001174000", + "frame.time_relative": "2460.539926000", + "frame.number": "8617", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001d46", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005a86", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54910", + "tcp.dstport": "80", + "tcp.port": "54910", + "tcp.port": "80", + "tcp.stream": "332", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000006d4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006710000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:32.001105000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496052.001105000", + "frame.time_delta": "0.000493000", + "frame.time_delta_displayed": "0.000493000", + "frame.time_relative": "2460.540419000", + "frame.number": "8618", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e6f0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d182", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54910", + "tcp.port": "80", + "tcp.port": "54910", + "tcp.stream": "332", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e2eb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8617", + "tcp.analysis.ack_rtt": "0.000493000", + "tcp.analysis.initial_rtt": "0.006710000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:32.001761000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496052.001761000", + "frame.time_delta": "0.000656000", + "frame.time_delta_displayed": "0.000656000", + "frame.time_relative": "2460.541075000", + "frame.number": "8619", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000e6f1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d170", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54910", + "tcp.port": "80", + "tcp.port": "54910", + "tcp.stream": "332", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000230d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006710000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:32.002113000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496052.002113000", + "frame.time_delta": "0.000352000", + "frame.time_delta_displayed": "0.000352000", + "frame.time_relative": "2460.541427000", + "frame.number": "8620", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000e6f2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000cd9d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54910", + "tcp.port": "80", + "tcp.port": "54910", + "tcp.stream": "332", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007576", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.006710000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "8619", + "tcp.segment": "8620", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001501000", + "http.request_in": "8617", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:32.009953000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496052.009953000", + "frame.time_delta": "0.007840000", + "frame.time_delta_displayed": "0.007840000", + "frame.time_relative": "2460.549267000", + "frame.number": "8621", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d47", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b2c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54910", + "tcp.dstport": "80", + "tcp.port": "54910", + "tcp.port": "80", + "tcp.stream": "332", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ecc2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8620", + "tcp.analysis.ack_rtt": "0.007840000", + "tcp.analysis.initial_rtt": "0.006710000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:32.010573000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496052.010573000", + "frame.time_delta": "0.000620000", + "frame.time_delta_displayed": "0.000620000", + "frame.time_relative": "2460.549887000", + "frame.number": "8622", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d48", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b2b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54910", + "tcp.dstport": "80", + "tcp.port": "54910", + "tcp.port": "80", + "tcp.stream": "332", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000ecc1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:32.011040000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496052.011040000", + "frame.time_delta": "0.000467000", + "frame.time_delta_displayed": "0.000467000", + "frame.time_relative": "2460.550354000", + "frame.number": "8623", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a83f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001034", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54910", + "tcp.port": "80", + "tcp.port": "54910", + "tcp.stream": "332", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000def5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8622", + "tcp.analysis.ack_rtt": "0.000467000", + "tcp.analysis.initial_rtt": "0.006710000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:34.777842000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496054.777842000", + "frame.time_delta": "2.766802000", + "frame.time_delta_displayed": "2.766802000", + "frame.time_relative": "2463.317156000", + "frame.number": "8624", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000583c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a655", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5317", + "tcp.ack": "829", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000eebe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:34.921086000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496054.921086000", + "frame.time_delta": "0.143244000", + "frame.time_delta_displayed": "0.143244000", + "frame.time_relative": "2463.460400000", + "frame.number": "8625", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000101c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd75", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "829", + "tcp.ack": "5318", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f933", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:36.673880000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496056.673880000", + "frame.time_delta": "1.752794000", + "frame.time_delta_displayed": "1.752794000", + "frame.time_relative": "2465.213194000", + "frame.number": "8626", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002133", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6e1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56234", + "udp.dstport": "1900", + "udp.port": "56234", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00006eb3", + "udp.checksum.status": "2", + "udp.stream": "159" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:36.907176000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496056.907176000", + "frame.time_delta": "0.233296000", + "frame.time_delta_displayed": "0.233296000", + "frame.time_relative": "2465.446490000", + "frame.number": "8627", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005fb9", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005830", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:37.343560000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496057.343560000", + "frame.time_delta": "0.436384000", + "frame.time_delta_displayed": "0.436384000", + "frame.time_relative": "2465.882874000", + "frame.number": "8628", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000caf8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ec52", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "305", + "udp.checksum": "0x0000e970", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:37.396338000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496057.396338000", + "frame.time_delta": "0.052778000", + "frame.time_delta_displayed": "0.052778000", + "frame.time_relative": "2465.935652000", + "frame.number": "8629", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000cafc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ec45", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "314", + "udp.checksum": "0x0000f75b", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "8628" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:37.449433000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496057.449433000", + "frame.time_delta": "0.053095000", + "frame.time_delta_displayed": "0.053095000", + "frame.time_relative": "2465.988747000", + "frame.number": "8630", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000cb02", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ec45", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "308", + "udp.checksum": "0x00001ae6", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "8629" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:37.676217000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496057.676217000", + "frame.time_delta": "0.226784000", + "frame.time_delta_displayed": "0.226784000", + "frame.time_relative": "2466.215531000", + "frame.number": "8631", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002134", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6e0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56234", + "udp.dstport": "1900", + "udp.port": "56234", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00006eb3", + "udp.checksum.status": "2", + "udp.stream": "159" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "8626" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:38.401315000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496058.401315000", + "frame.time_delta": "0.725098000", + "frame.time_delta_displayed": "0.725098000", + "frame.time_relative": "2466.940629000", + "frame.number": "8632", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000cb2f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ec1b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "305", + "udp.checksum": "0x0000e970", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "8630" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:38.454182000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496058.454182000", + "frame.time_delta": "0.052867000", + "frame.time_delta_displayed": "0.052867000", + "frame.time_relative": "2466.993496000", + "frame.number": "8633", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000cb33", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ec0e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "314", + "udp.checksum": "0x0000f75b", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "8632" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:38.506933000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496058.506933000", + "frame.time_delta": "0.052751000", + "frame.time_delta_displayed": "0.052751000", + "frame.time_relative": "2467.046247000", + "frame.number": "8634", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000cb37", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ec10", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "308", + "udp.checksum": "0x00001ae6", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "8633" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:38.675897000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496058.675897000", + "frame.time_delta": "0.168964000", + "frame.time_delta_displayed": "0.168964000", + "frame.time_relative": "2467.215211000", + "frame.number": "8635", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002135", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6df", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56234", + "udp.dstport": "1900", + "udp.port": "56234", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00006eb3", + "udp.checksum.status": "2", + "udp.stream": "159" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "8631" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:39.033665000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496059.033665000", + "frame.time_delta": "0.357768000", + "frame.time_delta_displayed": "0.357768000", + "frame.time_relative": "2467.572979000", + "frame.number": "8636", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000cb60", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ebea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "305", + "udp.checksum": "0x0000e970", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "8634" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:39.086493000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496059.086493000", + "frame.time_delta": "0.052828000", + "frame.time_delta_displayed": "0.052828000", + "frame.time_relative": "2467.625807000", + "frame.number": "8637", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000cb61", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ebe0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "314", + "udp.checksum": "0x0000f75b", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "8636" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:39.139251000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496059.139251000", + "frame.time_delta": "0.052758000", + "frame.time_delta_displayed": "0.052758000", + "frame.time_relative": "2467.678565000", + "frame.number": "8638", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000cb67", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ebe0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "308", + "udp.checksum": "0x00001ae6", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "8637" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:39.676711000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496059.676711000", + "frame.time_delta": "0.537460000", + "frame.time_delta_displayed": "0.537460000", + "frame.time_relative": "2468.216025000", + "frame.number": "8639", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002136", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6de", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56234", + "udp.dstport": "1900", + "udp.port": "56234", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x00006eb3", + "udp.checksum.status": "2", + "udp.stream": "159" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "8635" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:39.787762000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496059.787762000", + "frame.time_delta": "0.111051000", + "frame.time_delta_displayed": "0.111051000", + "frame.time_relative": "2468.327076000", + "frame.number": "8640", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:39.787939000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496059.787939000", + "frame.time_delta": "0.000177000", + "frame.time_delta_displayed": "0.000177000", + "frame.time_relative": "2468.327253000", + "frame.number": "8641", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:40.086543000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496060.086543000", + "frame.time_delta": "0.298604000", + "frame.time_delta_displayed": "0.298604000", + "frame.time_relative": "2468.625857000", + "frame.number": "8642", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000cb74", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ebd6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "305", + "udp.checksum": "0x0000e970", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "8638" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:40.139268000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496060.139268000", + "frame.time_delta": "0.052725000", + "frame.time_delta_displayed": "0.052725000", + "frame.time_relative": "2468.678582000", + "frame.number": "8643", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000cb77", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ebca", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "314", + "udp.checksum": "0x0000f75b", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "8642" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:40.192082000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496060.192082000", + "frame.time_delta": "0.052814000", + "frame.time_delta_displayed": "0.052814000", + "frame.time_relative": "2468.731396000", + "frame.number": "8644", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000cb7a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ebcd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "308", + "udp.checksum": "0x00001ae6", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "8643" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:40.402077000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496060.402077000", + "frame.time_delta": "0.209995000", + "frame.time_delta_displayed": "0.209995000", + "frame.time_relative": "2468.941391000", + "frame.number": "8645", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000cb87", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ebc3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "305", + "udp.checksum": "0x0000e970", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "8644" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:40.454853000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496060.454853000", + "frame.time_delta": "0.052776000", + "frame.time_delta_displayed": "0.052776000", + "frame.time_relative": "2468.994167000", + "frame.number": "8646", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000cb89", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ebb8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "314", + "udp.checksum": "0x0000f75b", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "8645" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:40.507628000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496060.507628000", + "frame.time_delta": "0.052775000", + "frame.time_delta_displayed": "0.052775000", + "frame.time_relative": "2469.046942000", + "frame.number": "8647", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000cb8c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ebbb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "308", + "udp.checksum": "0x00001ae6", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "8646" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:41.455131000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496061.455131000", + "frame.time_delta": "0.947503000", + "frame.time_delta_displayed": "0.947503000", + "frame.time_relative": "2469.994445000", + "frame.number": "8648", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000cbd2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000eb78", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "305", + "udp.checksum": "0x0000e970", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "8647" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:41.507924000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496061.507924000", + "frame.time_delta": "0.052793000", + "frame.time_delta_displayed": "0.052793000", + "frame.time_relative": "2470.047238000", + "frame.number": "8649", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000cbd7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000eb6a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "314", + "udp.checksum": "0x0000f75b", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "8648" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:41.560699000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496061.560699000", + "frame.time_delta": "0.052775000", + "frame.time_delta_displayed": "0.052775000", + "frame.time_relative": "2470.100013000", + "frame.number": "8650", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000cbd8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000eb6f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "308", + "udp.checksum": "0x00001ae6", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "8649" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:42.139450000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496062.139450000", + "frame.time_delta": "0.578751000", + "frame.time_delta_displayed": "0.578751000", + "frame.time_relative": "2470.678764000", + "frame.number": "8651", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000cbe9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000eb61", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "305", + "udp.checksum": "0x0000e970", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "8650" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:42.192237000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496062.192237000", + "frame.time_delta": "0.052787000", + "frame.time_delta_displayed": "0.052787000", + "frame.time_relative": "2470.731551000", + "frame.number": "8652", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000cbee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000eb53", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "314", + "udp.checksum": "0x0000f75b", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "8651" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:42.244947000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496062.244947000", + "frame.time_delta": "0.052710000", + "frame.time_delta_displayed": "0.052710000", + "frame.time_relative": "2470.784261000", + "frame.number": "8653", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000cbf1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000eb56", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "308", + "udp.checksum": "0x00001ae6", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "8652" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:42.349339000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496062.349339000", + "frame.time_delta": "0.104392000", + "frame.time_delta_displayed": "0.104392000", + "frame.time_relative": "2470.888653000", + "frame.number": "8654", + "frame.len": "411", + "frame.cap_len": "411", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "397", + "ip.id": "0x00009719", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000750d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "345", + "tcp.seq": "98809", + "tcp.nxtseq": "99154", + "tcp.ack": "19871", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000959f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:76:26:a7:a4:58:fa", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2651686, TSecr 2812565754": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2651686", + "tcp.options.timestamp.tsecr": "2812565754" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "345", + "tcp.analysis.push_bytes_sent": "345" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "340", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:a7:a0:b2:77:a4:d6:79:9e:3c:eb:3c:7d:6a:70:82:89:70:cb:a0:da:a7:ad:4a:e4:20:74:2d:4a:e6:b7:3d:2f:db:46:7e:91:9d:6d:c1:e8:2c:ed:af:ce:3f:4f:21:fb:6c:6d:5c:c7:35:e0:16:fc:ef:06:08:fc:7a:cd:31:e8:06:e1:07:21:4f:7d:56:e2:be:11:91:f3:27:62:cc:7b:36:c3:ef:6c:44:0d:8c:bb:62:a0:78:dd:89:ea:61:6c:67:21:3e:50:62:9f:c9:34:05:de:4a:3c:b4:0a:b4:eb:ea:2b:79:8a:14:48:34:ab:26:c4:4c:74:64:99:eb:31:bf:a5:54:09:33:78:1f:15:2f:d7:cd:90:08:a2:20:ad:78:e0:1b:ee:f6:dd:e3:c5:64:91:22:a7:2c:10:9b:dc:7a:55:a5:0c:81:85:3e:bc:7d:f7:6d:ab:14:23:5e:e4:1c:d5:e2:1e:7c:3e:86:11:4f:53:0a:49:1d:b3:31:7c:94:30:90:bb:72:60:c2:42:8f:e2:05:7b:b5:69:dc:d6:a2:7f:b0:3b:3a:40:e0:35:60:9f:bc:d8:2a:37:cc:95:2d:a8:02:63:9c:da:cd:2f:52:54:57:e6:aa:7e:f6:fd:51:c4:5d:8c:81:53:17:73:0f:97:94:00:a4:56:87:38:5c:2f:f6:c2:cd:3b:68:44:e4:87:ed:d9:26:8b:60:35:5d:fd:26:c5:c1:f0:44:89:d3:82:74:a1:98:c8:96:c6:e2:55:41:9b:8b:09:2f:46:51:34:5b:6d:e3:8d:d5:28:7f:12:96:d4:5b:51:97:ef:09:9d:2a:eb:00:a8:d4:f5:03:f9:e1:1e:a1:5f:e8:1a:5d:52:77:ec:de" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:42.409638000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496062.409638000", + "frame.time_delta": "0.060299000", + "frame.time_delta_displayed": "0.060299000", + "frame.time_relative": "2470.948952000", + "frame.number": "8655", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e02", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000377d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "19871", + "tcp.ack": "99154", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f90d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:68:5e:00:28:76:26", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812569694, TSecr 2651686": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812569694", + "tcp.options.timestamp.tsecr": "2651686" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8654", + "tcp.analysis.ack_rtt": "0.060299000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:42.410276000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496062.410276000", + "frame.time_delta": "0.000638000", + "frame.time_delta_displayed": "0.000638000", + "frame.time_relative": "2470.949590000", + "frame.number": "8656", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002e03", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000374d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "19871", + "tcp.nxtseq": "19918", + "tcp.ack": "99154", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000491d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:68:5f:00:28:76:26", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812569695, TSecr 2651686": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812569695", + "tcp.options.timestamp.tsecr": "2651686" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:e2:e0:f2:2b:36:f1:a0:52:24:7a:aa:df:8f:55:41:04:71:77:5a:05:e7:1d:46:f3:eb:d2:d5:60:f4:96:06:16:40:83:fd" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:42.445333000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496062.445333000", + "frame.time_delta": "0.035057000", + "frame.time_delta_displayed": "0.035057000", + "frame.time_relative": "2470.984647000", + "frame.number": "8657", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000971a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007665", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "99154", + "tcp.ack": "19918", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f7e4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:76:30:a7:a4:68:5f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2651696, TSecr 2812569695": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2651696", + "tcp.options.timestamp.tsecr": "2812569695" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8656", + "tcp.analysis.ack_rtt": "0.035057000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:43.191447000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496063.191447000", + "frame.time_delta": "0.746114000", + "frame.time_delta_displayed": "0.746114000", + "frame.time_relative": "2471.730761000", + "frame.number": "8658", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000cc14", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000eb36", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "305", + "udp.checksum": "0x0000e970", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "8653" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:43.244243000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496063.244243000", + "frame.time_delta": "0.052796000", + "frame.time_delta_displayed": "0.052796000", + "frame.time_relative": "2471.783557000", + "frame.number": "8659", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000cc17", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000eb2a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "314", + "udp.checksum": "0x0000f75b", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "8658" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:43.297009000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496063.297009000", + "frame.time_delta": "0.052766000", + "frame.time_delta_displayed": "0.052766000", + "frame.time_relative": "2471.836323000", + "frame.number": "8660", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000cc1a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000eb2d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "56234", + "udp.port": "1900", + "udp.port": "56234", + "udp.length": "308", + "udp.checksum": "0x00001ae6", + "udp.checksum.status": "2", + "udp.stream": "160" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "8659" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:43.714767000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496063.714767000", + "frame.time_delta": "0.417758000", + "frame.time_delta_displayed": "0.417758000", + "frame.time_relative": "2472.254081000", + "frame.number": "8661", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:43.974655000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496063.974655000", + "frame.time_delta": "0.259888000", + "frame.time_delta_displayed": "0.259888000", + "frame.time_relative": "2472.513969000", + "frame.number": "8662", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:44.025940000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496064.025940000", + "frame.time_delta": "0.051285000", + "frame.time_delta_displayed": "0.051285000", + "frame.time_relative": "2472.565254000", + "frame.number": "8663", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:44.059940000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496064.059940000", + "frame.time_delta": "0.034000000", + "frame.time_delta_displayed": "0.034000000", + "frame.time_relative": "2472.599254000", + "frame.number": "8664", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:44.060174000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496064.060174000", + "frame.time_delta": "0.000234000", + "frame.time_delta_displayed": "0.000234000", + "frame.time_relative": "2472.599488000", + "frame.number": "8665", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:46.605737000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496066.605737000", + "frame.time_delta": "2.545563000", + "frame.time_delta_displayed": "2.545563000", + "frame.time_relative": "2475.145051000", + "frame.number": "8666", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:46.615204000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496066.615204000", + "frame.time_delta": "0.009467000", + "frame.time_delta_displayed": "0.009467000", + "frame.time_relative": "2475.154518000", + "frame.number": "8667", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:47.620167000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496067.620167000", + "frame.time_delta": "1.004963000", + "frame.time_delta_displayed": "1.004963000", + "frame.time_relative": "2476.159481000", + "frame.number": "8668", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:47.622560000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496067.622560000", + "frame.time_delta": "0.002393000", + "frame.time_delta_displayed": "0.002393000", + "frame.time_relative": "2476.161874000", + "frame.number": "8669", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:47.624975000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496067.624975000", + "frame.time_delta": "0.002415000", + "frame.time_delta_displayed": "0.002415000", + "frame.time_relative": "2476.164289000", + "frame.number": "8670", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:47.814986000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496067.814986000", + "frame.time_delta": "0.190011000", + "frame.time_delta_displayed": "0.190011000", + "frame.time_relative": "2476.354300000", + "frame.number": "8671", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:48.583774000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496068.583774000", + "frame.time_delta": "0.768788000", + "frame.time_delta_displayed": "0.768788000", + "frame.time_relative": "2477.123088000", + "frame.number": "8672", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x00007e6d", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x00579e18", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:48.594695000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496068.594695000", + "frame.time_delta": "0.010921000", + "frame.time_delta_displayed": "0.010921000", + "frame.time_relative": "2477.134009000", + "frame.number": "8673", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x00000116", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x00c0103f", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:48.606115000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496068.606115000", + "frame.time_delta": "0.011420000", + "frame.time_delta_displayed": "0.011420000", + "frame.time_relative": "2477.145429000", + "frame.number": "8674", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:48.615008000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496068.615008000", + "frame.time_delta": "0.008893000", + "frame.time_delta_displayed": "0.008893000", + "frame.time_relative": "2477.154322000", + "frame.number": "8675", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:49.128989000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496069.128989000", + "frame.time_delta": "0.513981000", + "frame.time_delta_displayed": "0.513981000", + "frame.time_relative": "2477.668303000", + "frame.number": "8676", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:55.242544000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496075.242544000", + "frame.time_delta": "6.113555000", + "frame.time_delta_displayed": "6.113555000", + "frame.time_relative": "2483.781858000", + "frame.number": "8677", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00000bd0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ece6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "58", + "udp.checksum": "0x000053a5", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "32:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:84:f5:d0:98:ae:ce:f2:14:11:00:00:00:2a:43:4e:3c:a0:3d:02:00:ba:a6:01:00:00:00", + "data.len": "50" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:59.733623000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496079.733623000", + "frame.time_delta": "4.491079000", + "frame.time_delta_displayed": "4.491079000", + "frame.time_relative": "2488.272937000", + "frame.number": "8678", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002072", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b77e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001257", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x0000029b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=667", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:59.734155000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496079.734155000", + "frame.time_delta": "0.000532000", + "frame.time_delta_displayed": "0.000532000", + "frame.time_relative": "2488.273469000", + "frame.number": "8679", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002073", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009879", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f352", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x0000029b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=667", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:59.734786000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496079.734786000", + "frame.time_delta": "0.000631000", + "frame.time_delta_displayed": "0.000631000", + "frame.time_relative": "2488.274100000", + "frame.number": "8680", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008118", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x0000029b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=667", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:59.908512000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496079.908512000", + "frame.time_delta": "0.173726000", + "frame.time_delta_displayed": "0.173726000", + "frame.time_relative": "2488.447826000", + "frame.number": "8681", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000c24c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000070b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:27:59.961705000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496079.961705000", + "frame.time_delta": "0.053193000", + "frame.time_delta_displayed": "0.053193000", + "frame.time_relative": "2488.501019000", + "frame.number": "8682", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000c251", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00000706", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:00.014572000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496080.014572000", + "frame.time_delta": "0.052867000", + "frame.time_delta_displayed": "0.052867000", + "frame.time_relative": "2488.553886000", + "frame.number": "8683", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000c253", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000006fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:00.100710000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496080.100710000", + "frame.time_delta": "0.086138000", + "frame.time_delta_displayed": "0.086138000", + "frame.time_relative": "2488.640024000", + "frame.number": "8684", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000c25c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000006f2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:00.153585000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496080.153585000", + "frame.time_delta": "0.052875000", + "frame.time_delta_displayed": "0.052875000", + "frame.time_relative": "2488.692899000", + "frame.number": "8685", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000c25e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000006f6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:00.206453000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496080.206453000", + "frame.time_delta": "0.052868000", + "frame.time_delta_displayed": "0.052868000", + "frame.time_relative": "2488.745767000", + "frame.number": "8686", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000c260", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x000006f4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:03.751963000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496083.751963000", + "frame.time_delta": "3.545510000", + "frame.time_delta_displayed": "3.545510000", + "frame.time_relative": "2492.291277000", + "frame.number": "8687", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x0000971b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007504", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "99154", + "tcp.nxtseq": "99506", + "tcp.ack": "19918", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000002d9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:7e:82:a7:a4:68:5f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2653826, TSecr 2812569695": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2653826", + "tcp.options.timestamp.tsecr": "2812569695" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "352", + "tcp.analysis.push_bytes_sent": "352" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "347", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:a8:14:be:e4:5f:63:4e:5e:85:d2:e6:a3:36:a6:6f:f9:be:78:bc:80:3b:39:24:65:4b:01:90:64:b7:4d:48:21:e5:76:b3:df:95:b3:40:99:45:b5:ca:ae:dc:0c:b2:2a:7a:34:e8:be:b8:0e:d2:58:f5:27:d3:44:2e:d6:4d:b3:b3:62:3a:f3:cc:d3:98:b4:ea:44:ae:2f:28:b6:6a:42:0a:7d:e1:58:41:34:43:8e:40:42:7d:a5:4f:2e:e7:cf:a2:99:ab:51:dd:ac:f6:c6:23:59:d2:5a:22:aa:93:23:52:65:ba:78:e5:80:47:fa:e6:67:48:58:9c:9d:6f:9a:96:a4:1a:15:69:7b:4f:50:1a:70:dd:d1:c1:ea:25:86:54:a7:aa:40:77:b5:97:d5:36:98:68:52:86:15:cf:ed:72:8a:47:83:45:22:10:38:a3:8d:13:98:22:10:63:ad:f2:0f:35:50:75:34:aa:3e:5a:59:52:43:e5:a9:0f:19:30:4d:e2:49:19:e3:0d:34:01:b1:8e:d6:a3:48:63:87:2a:1f:7d:84:df:9b:71:68:be:66:7f:6e:a2:37:b9:84:40:1a:64:a5:2c:18:68:7c:59:93:43:90:ed:02:ec:d4:77:5d:64:ca:4d:b5:0a:2e:fa:ca:8f:79:dd:ba:53:67:94:5b:bf:c9:a6:ed:c7:98:70:41:6e:8a:27:55:72:ae:47:7a:42:2a:80:15:cc:aa:18:62:a8:eb:c0:81:08:f5:8a:ad:8d:06:76:ef:fa:53:60:4e:5a:3a:36:fb:21:82:e6:25:c7:28:31:12:b1:36:f6:38:48:33:85:bb:85:2b:6e:2a:39:a8:c5:b7:64:ac:14:12:d3:ec:94:9f:c5:3a:c5:f5:04:ba" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:03.812943000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496083.812943000", + "frame.time_delta": "0.060980000", + "frame.time_delta_displayed": "0.060980000", + "frame.time_relative": "2492.352257000", + "frame.number": "8688", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002e04", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000374c", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "19918", + "tcp.nxtseq": "19965", + "tcp.ack": "99506", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000035ea", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:7d:45:00:28:7e:82", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812575045, TSecr 2653826": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812575045", + "tcp.options.timestamp.tsecr": "2653826" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8687", + "tcp.analysis.ack_rtt": "0.060980000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:e3:f0:a4:7f:36:3f:a6:cb:a4:b6:2e:43:ef:2a:97:dc:b5:6a:ca:c9:aa:f4:17:1c:1d:35:74:49:af:67:77:c7:f2:e8:86" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:03.813388000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496083.813388000", + "frame.time_delta": "0.000445000", + "frame.time_delta_displayed": "0.000445000", + "frame.time_relative": "2492.352702000", + "frame.number": "8689", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000971c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007663", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "99506", + "tcp.ack": "19965", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d917", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:7e:88:a7:a4:7d:45", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2653832, TSecr 2812575045": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2653832", + "tcp.options.timestamp.tsecr": "2812575045" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8688", + "tcp.analysis.ack_rtt": "0.000445000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:04.109734000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496084.109734000", + "frame.time_delta": "0.296346000", + "frame.time_delta_displayed": "0.296346000", + "frame.time_relative": "2492.649048000", + "frame.number": "8690", + "frame.len": "94", + "frame.cap_len": "94", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "80", + "ip.id": "0x0000583d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a62c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "40", + "tcp.seq": "5318", + "tcp.nxtseq": "5358", + "tcp.ack": "829", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e81f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "40", + "tcp.analysis.push_bytes_sent": "40" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "35", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:f2:26:44:87:42:b5:75:d2:28:d1:3a:e9:61:d1:d0:8f:48:07:08:19:61:e9:34:96:d5:0e:7d:e2" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:04.253233000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496084.253233000", + "frame.time_delta": "0.143499000", + "frame.time_delta_displayed": "0.143499000", + "frame.time_relative": "2492.792547000", + "frame.number": "8691", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x0000101d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd50", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "36", + "tcp.seq": "829", + "tcp.nxtseq": "865", + "tcp.ack": "5358", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e029", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8690", + "tcp.analysis.ack_rtt": "0.143499000", + "tcp.analysis.bytes_in_flight": "36", + "tcp.analysis.push_bytes_sent": "36" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "31", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:77:5f:ea:7a:a2:d9:64:dc:3c:d3:9d:12:02:38:1f:72:4a:2b:b7:33:87:8d:32:c0" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:04.253747000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496084.253747000", + "frame.time_delta": "0.000514000", + "frame.time_delta_displayed": "0.000514000", + "frame.time_relative": "2492.793061000", + "frame.number": "8692", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000583e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a653", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5358", + "tcp.ack": "865", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ee71", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8691", + "tcp.analysis.ack_rtt": "0.000514000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:04.733937000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496084.733937000", + "frame.time_delta": "0.480190000", + "frame.time_delta_displayed": "0.480190000", + "frame.time_relative": "2493.273251000", + "frame.number": "8693", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002074", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b77c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001257", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x0000029b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=667", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:04.734463000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496084.734463000", + "frame.time_delta": "0.000526000", + "frame.time_delta_displayed": "0.000526000", + "frame.time_relative": "2493.273777000", + "frame.number": "8694", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002075", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009877", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f352", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x0000029b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=667", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:04.736542000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496084.736542000", + "frame.time_delta": "0.002079000", + "frame.time_delta_displayed": "0.002079000", + "frame.time_relative": "2493.275856000", + "frame.number": "8695", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008118", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x0000029b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=667", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:06.910909000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496086.910909000", + "frame.time_delta": "2.174367000", + "frame.time_delta_displayed": "2.174367000", + "frame.time_relative": "2495.450223000", + "frame.number": "8696", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005fc0", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005829", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:08.820217000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496088.820217000", + "frame.time_delta": "1.909308000", + "frame.time_delta_displayed": "1.909308000", + "frame.time_relative": "2497.359531000", + "frame.number": "8697", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:08.820625000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496088.820625000", + "frame.time_delta": "0.000408000", + "frame.time_delta_displayed": "0.000408000", + "frame.time_relative": "2497.359939000", + "frame.number": "8698", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.260892000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.260892000", + "frame.time_delta": "0.440267000", + "frame.time_delta_displayed": "0.440267000", + "frame.time_relative": "2497.800206000", + "frame.number": "8699", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.261076000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.261076000", + "frame.time_delta": "0.000184000", + "frame.time_delta_displayed": "0.000184000", + "frame.time_relative": "2497.800390000", + "frame.number": "8700", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.308519000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.308519000", + "frame.time_delta": "0.047443000", + "frame.time_delta_displayed": "0.047443000", + "frame.time_relative": "2497.847833000", + "frame.number": "8701", + "frame.len": "297", + "frame.cap_len": "297", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "283", + "ip.id": "0x00002e05", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003693", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "231", + "tcp.seq": "19965", + "tcp.nxtseq": "20196", + "tcp.ack": "99506", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000061b5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:82:a3:00:28:7e:88", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576419, TSecr 2653832": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576419", + "tcp.options.timestamp.tsecr": "2653832" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "231", + "tcp.analysis.push_bytes_sent": "231" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "226", + "ssl.app_data": "34:cd:34:17:47:48:0e:e4:eb:80:b5:a3:fb:5a:4f:82:fe:8e:02:c7:9c:3e:6d:20:d6:49:5e:92:f1:fa:30:56:6e:ee:11:dc:83:75:8e:c5:94:c4:bd:65:67:12:bb:32:57:09:2b:de:01:d7:65:c7:f3:3c:52:e9:87:bf:fb:2e:ac:ec:78:e3:af:26:03:9d:2c:b7:d1:dc:38:33:1c:36:d5:ae:31:16:7c:2a:08:03:da:17:51:47:a1:3e:6f:37:e6:b6:8a:3d:9a:76:12:6b:16:2b:d9:fb:74:85:61:0c:10:0d:d4:81:42:c5:a6:d9:83:dd:a6:08:99:b1:53:9f:b1:3d:17:30:01:5d:e8:fc:a5:a2:ec:3e:b8:06:ee:2d:8e:b6:a4:10:ec:b6:de:52:c8:a1:52:ed:c2:68:09:c8:27:0f:94:f3:db:f2:21:ce:1f:3a:95:79:eb:d5:4f:64:b7:8a:4f:e9:61:f6:41:5b:09:4c:54:ab:55:39:67:7c:cf:e4:c4:39:c9:84:d0:40:73:b6:b2:4b:ab:aa:34:19:dd:43:22:90:9d:3a:4f:8c:9a:d2:9b:b8:ae:ff:64:ca:d2:f6" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.308998000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.308998000", + "frame.time_delta": "0.000479000", + "frame.time_delta_displayed": "0.000479000", + "frame.time_relative": "2497.848312000", + "frame.number": "8702", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000971d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007662", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "99506", + "tcp.ack": "20196", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d0ac", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:80:ae:a7:a4:82:a3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654382, TSecr 2812576419": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654382", + "tcp.options.timestamp.tsecr": "2812576419" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8701", + "tcp.analysis.ack_rtt": "0.000479000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.327967000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.327967000", + "frame.time_delta": "0.018969000", + "frame.time_delta_displayed": "0.018969000", + "frame.time_relative": "2497.867281000", + "frame.number": "8703", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x0000971e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000762c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "99506", + "tcp.nxtseq": "99559", + "tcp.ack": "20196", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bb67", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:80:b0:a7:a4:82:a3", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654384, TSecr 2812576419": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654384", + "tcp.options.timestamp.tsecr": "2812576419" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:a9:34:53:3d:22:ea:44:9a:17:45:13:da:b5:63:b6:28:e8:a5:72:53:cd:15:48:88:8e:64:2b:ef:de:4a:f2:1a:24:46:84:a8:e1:e8:d6:19:b8" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.333198000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.333198000", + "frame.time_delta": "0.005231000", + "frame.time_delta_displayed": "0.005231000", + "frame.time_relative": "2497.872512000", + "frame.number": "8704", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00006767", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000050d1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36217", + "tcp.dstport": "49154", + "tcp.port": "36217", + "tcp.port": "49154", + "tcp.stream": "333", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 49154", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x0000e244", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:28:80:b0:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 2654384, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654384", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.337317000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.337317000", + "frame.time_delta": "0.004119000", + "frame.time_delta_displayed": "0.004119000", + "frame.time_relative": "2497.876631000", + "frame.number": "8705", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "14:91:82:25:10:77", + "arp.src.proto_ipv4": "192.168.0.65", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.337708000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.337708000", + "frame.time_delta": "0.000391000", + "frame.time_delta_displayed": "0.000391000", + "frame.time_relative": "2497.877022000", + "frame.number": "8706", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "14:91:82:25:10:77", + "arp.dst.proto_ipv4": "192.168.0.65" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.350514000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.350514000", + "frame.time_delta": "0.012806000", + "frame.time_delta_displayed": "0.012806000", + "frame.time_relative": "2497.889828000", + "frame.number": "8707", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b840", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36217", + "tcp.port": "49154", + "tcp.port": "36217", + "tcp.stream": "333", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 49154", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5840", + "tcp.window_size": "5840", + "tcp.checksum": "0x00009369", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 1 (multiply by 2)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "1", + "tcp.options.wscale.multiplier": "2" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8704", + "tcp.analysis.ack_rtt": "0.017316000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.351060000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.351060000", + "frame.time_delta": "0.000546000", + "frame.time_delta_displayed": "0.000546000", + "frame.time_relative": "2497.890374000", + "frame.number": "8708", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006768", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000050e4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36217", + "tcp.dstport": "49154", + "tcp.port": "36217", + "tcp.port": "49154", + "tcp.stream": "333", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000ea20", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8707", + "tcp.analysis.ack_rtt": "0.000546000", + "tcp.analysis.initial_rtt": "0.017862000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.362113000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.362113000", + "frame.time_delta": "0.011053000", + "frame.time_delta_displayed": "0.011053000", + "frame.time_relative": "2497.901427000", + "frame.number": "8709", + "frame.len": "233", + "frame.cap_len": "233", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:data" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "219", + "ip.id": "0x00006769", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00005030", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36217", + "tcp.dstport": "49154", + "tcp.port": "36217", + "tcp.port": "49154", + "tcp.stream": "333", + "tcp.len": "179", + "tcp.seq": "1", + "tcp.nxtseq": "180", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000ca67", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.017862000", + "tcp.analysis.bytes_in_flight": "179", + "tcp.analysis.push_bytes_sent": "179" + } + }, + "http": { + "SUBSCRIBE \/upnp\/event\/basicevent1 HTTP\/1.1\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "SUBSCRIBE \/upnp\/event\/basicevent1 HTTP\/1.1\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "SUBSCRIBE", + "http.request.uri": "\/upnp\/event\/basicevent1", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.65:49154", + "http.unknown_header": "CALLBACK: <http:\/\/192.168.0.242:39500\/>\\n", + "http.unknown_header": "NT: upnp:event\\n", + "http.unknown_header": "TIMEOUT: Second-5400\\n", + "http.user_agent": "CyberGarage-HTTP\/1.0", + "\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.65:49154\/upnp\/event\/basicevent1", + "http.notification": "1", + "http.file_data": "\n", + "data": { + "data.data": "0a", + "data.len": "1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.363633000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.363633000", + "frame.time_delta": "0.001520000", + "frame.time_delta_displayed": "0.001520000", + "frame.time_relative": "2497.902947000", + "frame.number": "8710", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000888a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002fc2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36217", + "tcp.port": "49154", + "tcp.port": "36217", + "tcp.stream": "333", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "180", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000deea", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8709", + "tcp.analysis.ack_rtt": "0.001520000", + "tcp.analysis.initial_rtt": "0.017862000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.366110000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.366110000", + "frame.time_delta": "0.002477000", + "frame.time_delta_displayed": "0.002477000", + "frame.time_relative": "2497.905424000", + "frame.number": "8711", + "frame.len": "267", + "frame.cap_len": "267", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "253", + "ip.id": "0x0000888b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002eec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36217", + "tcp.port": "49154", + "tcp.port": "36217", + "tcp.stream": "333", + "tcp.len": "213", + "tcp.seq": "1", + "tcp.nxtseq": "214", + "tcp.ack": "180", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000bc70", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.017862000", + "tcp.analysis.bytes_in_flight": "213", + "tcp.analysis.push_bytes_sent": "213" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.date": "Wed, 01 Nov 2017 00:28:09 GMT", + "http.response.line": "DATE: Wed, 01 Nov 2017 00:28:09 GMT\r\n", + "http.server": "Unspecified, UPnP\/1.0, Unspecified", + "http.response.line": "SERVER: Unspecified, UPnP\/1.0, Unspecified\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.response.line": "CONTENT-LENGTH: 0\r\n", + "http.response.line": "X-User-Agent: redsonic\r\n", + "http.response.line": "SID: uuid:8976ccd6-1dd2-11b2-be5b-b0ef260068aa\r\n", + "http.response.line": "TIMEOUT: Second-5400\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.366578000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.366578000", + "frame.time_delta": "0.000468000", + "frame.time_delta_displayed": "0.000468000", + "frame.time_relative": "2497.905892000", + "frame.number": "8712", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000676a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000050e2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36217", + "tcp.dstport": "49154", + "tcp.port": "36217", + "tcp.port": "49154", + "tcp.stream": "333", + "tcp.len": "0", + "tcp.seq": "180", + "tcp.ack": "214", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000e888", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8711", + "tcp.analysis.ack_rtt": "0.000468000", + "tcp.analysis.initial_rtt": "0.017862000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.367615000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.367615000", + "frame.time_delta": "0.001037000", + "frame.time_delta_displayed": "0.001037000", + "frame.time_relative": "2497.906929000", + "frame.number": "8713", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000888c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002fc0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36217", + "tcp.port": "49154", + "tcp.port": "36217", + "tcp.stream": "333", + "tcp.len": "0", + "tcp.seq": "214", + "tcp.ack": "180", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000de14", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.370369000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.370369000", + "frame.time_delta": "0.002754000", + "frame.time_delta_displayed": "0.002754000", + "frame.time_relative": "2497.909683000", + "frame.number": "8714", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00007b46", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003cfa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4469", + "tcp.dstport": "39500", + "tcp.port": "4469", + "tcp.port": "39500", + "tcp.stream": "334", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 39500", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5840", + "tcp.window_size": "5840", + "tcp.checksum": "0x0000e1e0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 1 (multiply by 2)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "1", + "tcp.options.wscale.multiplier": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.370845000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.370845000", + "frame.time_delta": "0.000476000", + "frame.time_delta_displayed": "0.000476000", + "frame.time_relative": "2497.910159000", + "frame.number": "8715", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b840", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4469", + "tcp.port": "39500", + "tcp.port": "4469", + "tcp.stream": "334", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 39500", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x0000649f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8714", + "tcp.analysis.ack_rtt": "0.000476000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.373228000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.373228000", + "frame.time_delta": "0.002383000", + "frame.time_delta_displayed": "0.002383000", + "frame.time_relative": "2497.912542000", + "frame.number": "8716", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007b47", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003d05", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4469", + "tcp.dstport": "39500", + "tcp.port": "4469", + "tcp.port": "39500", + "tcp.stream": "334", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000d310", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8715", + "tcp.analysis.ack_rtt": "0.002383000", + "tcp.analysis.initial_rtt": "0.002859000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.374193000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.374193000", + "frame.time_delta": "0.000965000", + "frame.time_delta_displayed": "0.000965000", + "frame.time_relative": "2497.913507000", + "frame.number": "8717", + "frame.len": "258", + "frame.cap_len": "258", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "244", + "ip.id": "0x00007b48", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003c38", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4469", + "tcp.dstport": "39500", + "tcp.port": "4469", + "tcp.port": "39500", + "tcp.stream": "334", + "tcp.len": "204", + "tcp.seq": "1", + "tcp.nxtseq": "205", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00001ab0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002859000", + "tcp.analysis.bytes_in_flight": "204", + "tcp.analysis.push_bytes_sent": "204" + }, + "tcp.segment_data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:37:36:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:38:39:37:36:63:63:64:36:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:30:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.374636000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.374636000", + "frame.time_delta": "0.000443000", + "frame.time_delta_displayed": "0.000443000", + "frame.time_relative": "2497.913950000", + "frame.number": "8718", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009415", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002437", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4469", + "tcp.port": "39500", + "tcp.port": "4469", + "tcp.stream": "334", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "205", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000dcb7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8717", + "tcp.analysis.ack_rtt": "0.000443000", + "tcp.analysis.initial_rtt": "0.002859000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.378497000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.378497000", + "frame.time_delta": "0.003861000", + "frame.time_delta_displayed": "0.003861000", + "frame.time_relative": "2497.917811000", + "frame.number": "8719", + "frame.len": "231", + "frame.cap_len": "231", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml:http:data" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "217", + "ip.id": "0x00007b49", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003c52", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4469", + "tcp.dstport": "39500", + "tcp.port": "4469", + "tcp.port": "39500", + "tcp.stream": "334", + "tcp.len": "177", + "tcp.seq": "205", + "tcp.nxtseq": "382", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00009ef3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002859000", + "tcp.analysis.bytes_in_flight": "177", + "tcp.analysis.push_bytes_sent": "177" + }, + "tcp.segment_data": "3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:7c:31:35:30:39:34:39:35:31:30:38:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" + }, + "tcp.segments": { + "tcp.segment": "8717", + "tcp.segment": "8719", + "tcp.segment.count": "2", + "tcp.reassembled.length": "380", + "tcp.reassembled.data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:37:36:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:38:39:37:36:63:63:64:36:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:30:0d:0a:0d:0a:3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:7c:31:35:30:39:34:39:35:31:30:38:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" + }, + "http": { + "NOTIFY \/ HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY \/ HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "\/", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.242:39500", + "http.content_type": "text\/xml; charset=\"utf-8\"", + "http.content_length_header": "176", + "http.content_length_header_tree": { + "http.content_length": "176" + }, + "http.unknown_header": "NT: upnp:event\\r\\n", + "http.unknown_header": "NTS: upnp:propchange\\r\\n", + "http.unknown_header": "SID: uuid:8976ccd6-1dd2-11b2-be5b-b0ef260068aa\\r\\n", + "http.unknown_header": "SEQ: 0\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.242:39500\/", + "http.notification": "1", + "http.file_data": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">\n<e:property>\n<BinaryState>0|1509495108|0|0|14320|1209600|15|0|0|4860051<\/BinaryState>\n<\/e:property>\n<\/e:propertyset>\n\n\r" + }, + "xml": { + "xml.tag": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:e=\"urn:schemas-upnp-org:event-1-0\"", + "xml.tag": "<e:property>", + "xml.tag_tree": { + "xml.tag": "<BinaryState>", + "xml.tag_tree": { + "xml.cdata": "0|1509495108|0|0|14320|1209600|15|0|0|4860051", + "<\/BinaryState>": "" + }, + "<\/e:property>": "" + }, + "<\/e:propertyset>": "" + } + }, + "http": { + "data": { + "data.data": "0a", + "data.len": "1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.378904000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.378904000", + "frame.time_delta": "0.000407000", + "frame.time_delta_displayed": "0.000407000", + "frame.time_relative": "2497.918218000", + "frame.number": "8720", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009416", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002436", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4469", + "tcp.port": "39500", + "tcp.port": "4469", + "tcp.stream": "334", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "382", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000dbf5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8719", + "tcp.analysis.ack_rtt": "0.000407000", + "tcp.analysis.initial_rtt": "0.002859000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.404202000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.404202000", + "frame.time_delta": "0.025298000", + "frame.time_delta_displayed": "0.025298000", + "frame.time_relative": "2497.943516000", + "frame.number": "8721", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000676b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000050e1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36217", + "tcp.dstport": "49154", + "tcp.port": "36217", + "tcp.port": "49154", + "tcp.stream": "333", + "tcp.len": "0", + "tcp.seq": "180", + "tcp.ack": "215", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000e887", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8713", + "tcp.analysis.ack_rtt": "0.036587000", + "tcp.analysis.initial_rtt": "0.017862000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.425862000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.425862000", + "frame.time_delta": "0.021660000", + "frame.time_delta_displayed": "0.021660000", + "frame.time_relative": "2497.965176000", + "frame.number": "8722", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e06", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003779", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "20196", + "tcp.ack": "99559", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d146", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:82:c1:00:28:80:b0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576449, TSecr 2654384": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576449", + "tcp.options.timestamp.tsecr": "2654384" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8703", + "tcp.analysis.ack_rtt": "0.097895000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.426408000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.426408000", + "frame.time_delta": "0.000546000", + "frame.time_delta_displayed": "0.000546000", + "frame.time_relative": "2497.965722000", + "frame.number": "8723", + "frame.len": "882", + "frame.cap_len": "882", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "868", + "ip.id": "0x0000971f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007330", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "816", + "tcp.seq": "99559", + "tcp.nxtseq": "100375", + "tcp.ack": "20196", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000baa9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:80:ba:a7:a4:82:c1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654394, TSecr 2812576449": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654394", + "tcp.options.timestamp.tsecr": "2812576449" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "816", + "tcp.analysis.push_bytes_sent": "816" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:aa:73:30:75:00:da:5f:5d:03:f5:f8:19:9c:8c:1a:59:87:ef:53:cd:97:e0:41:ec:53:51:d2:00:97:91:21:2a:12:4e:ed:20:87:4e:6a:53:d1:e9" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "292", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:ab:47:1a:64:67:90:d3:b0:82:b9:4a:6f:68:e1:b4:38:be:c0:fe:72:b9:37:22:f8:e7:d0:fa:d8:40:ca:0f:b8:a9:c8:52:a7:01:25:3f:24:90:a8:a1:10:25:b9:35:db:7f:e7:6e:c1:d0:d5:2a:92:d5:5d:5a:22:c5:29:fe:cb:31:fd:ba:ad:6c:43:ee:86:6b:5f:b4:d7:c4:06:8c:e4:87:0b:8e:ee:6f:89:38:06:d6:44:52:43:5d:2f:8c:ac:71:88:f0:0d:87:ef:6a:4c:20:e0:00:fd:00:f1:90:01:4d:4c:95:1d:db:db:11:fd:ba:ea:c0:2e:2e:c1:1f:24:4d:7b:54:c0:02:01:89:cd:b5:d8:5c:c5:d0:2a:3a:13:fa:92:f4:84:e3:5f:ae:f9:18:50:81:bb:3b:5c:e8:4b:05:69:10:b9:ac:07:eb:f9:6c:56:be:46:09:62:28:23:e7:1d:68:f4:35:ef:64:c0:ce:aa:4c:7f:cf:82:0a:0d:7f:2e:ad:e6:a0:7a:c5:cd:20:a2:45:9c:60:a4:a0:0d:c4:02:02:c1:83:89:f3:d1:a6:83:dc:98:42:c4:ad:be:dc:2f:02:3a:97:3f:5b:2a:62:53:9c:7f:48:2c:c6:35:6c:09:dd:53:d1:5b:15:7f:b2:dc:45:9e:32:26:e9:26:60:9e:a2:e6:49:13:b6:74:10:55:fc:81:31:ad:13:d6:0f:f7:98:0b:4c:ad:cc:f3:33:01:62:47:ba" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "460", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:ac:cb:e3:0b:88:d6:d9:5a:e9:ad:4b:b4:f2:01:01:fb:30:b3:2d:c7:a3:e5:e8:64:6c:d1:47:23:1b:01:e7:86:30:a5:77:b7:a1:6b:c3:53:d3:7c:9a:f0:db:b4:55:dc:cb:08:69:0d:14:85:93:eb:b3:05:8a:f8:e2:eb:9c:b2:fb:09:18:d1:c1:29:75:4a:52:9b:3f:ee:b9:25:9e:8f:56:f0:08:ab:fb:4d:94:26:2e:ce:3e:dc:3f:1d:76:d4:18:d2:d3:5a:f2:60:15:bf:b8:bd:e0:28:c8:ac:ba:12:1d:4c:4c:1b:ac:29:d4:4f:0c:76:fa:ae:ee:db:8b:28:4e:53:91:45:ab:c4:4b:9f:91:4d:8e:77:ea:d9:5e:2d:15:9f:cf:e1:19:bf:77:1c:17:cd:38:29:28:8d:d7:99:5c:54:2b:01:59:f2:d3:64:73:f1:d8:f8:9f:aa:0e:a8:9f:ea:6c:88:f7:c1:63:b9:6b:d9:17:4e:c7:e7:41:c6:c1:03:57:f3:46:b9:99:95:c9:e1:83:1a:cb:85:13:80:ab:b0:f3:cf:5a:18:7c:95:27:a9:c7:19:2a:ed:83:c0:0b:ac:6e:85:5d:38:c1:a7:eb:85:35:b1:f3:6e:54:06:37:0d:c4:86:0d:6f:a1:69:0c:91:19:65:24:d2:e6:b1:23:48:36:74:75:a6:78:b3:8e:8f:12:90:f5:e9:d9:47:e7:0f:70:08:2f:c1:3b:be:e6:92:2a:48:d4:7e:2f:c6:8a:92:fc:35:13:0a:58:b8:f4:1a:a4:8c:69:80:00:8d:a6:e3:2c:cb:64:dd:3a:cd:57:97:f9:2a:14:95:39:c6:9c:73:96:36:55:83:33:1c:58:3c:aa:29:94:ff:2f:55:9d:06:a8:f4:f5:bf:d5:e6:c3:cc:44:a0:22:d7:52:c5:45:cd:41:dd:16:50:b6:ad:39:43:ec:ea:f1:47:5e:7f:92:e9:0a:d0:9c:0d:72:c1:16:12:61:0b:ab:49:16:bf:03:d7:6e:9d:f4:33:79:71:6b:35:e9:c8:9a:a3:6a:db:21:dc:4c:e7:20:7a:d3:74:97:94:27:1a:8a:ec:da:75:ee:dc:32:6b:35:74:82:0d:4a:ad:1c:71:a8:9e:43:22:17:3d:1a:e4:fb:0e:da:81:84:1b:96:2b:33:e3:23:a7:94:94:9c:ed:78" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.487335000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.487335000", + "frame.time_delta": "0.060927000", + "frame.time_delta_displayed": "0.060927000", + "frame.time_relative": "2498.026649000", + "frame.number": "8724", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e07", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003778", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "20196", + "tcp.ack": "100375", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cdfd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:82:d0:00:28:80:ba", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576464, TSecr 2654394": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576464", + "tcp.options.timestamp.tsecr": "2654394" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8723", + "tcp.analysis.ack_rtt": "0.060927000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.489283000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.489283000", + "frame.time_delta": "0.001948000", + "frame.time_delta_displayed": "0.001948000", + "frame.time_relative": "2498.028597000", + "frame.number": "8725", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002e08", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003748", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "20196", + "tcp.nxtseq": "20243", + "tcp.ack": "100375", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004015", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:82:d0:00:28:80:ba", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576464, TSecr 2654394": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576464", + "tcp.options.timestamp.tsecr": "2654394" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:e5:9b:51:53:cc:49:55:4d:6a:c6:96:d5:63:22:ad:a4:b7:66:0c:c9:88:e5:83:14:aa:ad:c0:2c:f3:4b:8a:f5:51:c0:a7" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.490320000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.490320000", + "frame.time_delta": "0.001037000", + "frame.time_delta_displayed": "0.001037000", + "frame.time_relative": "2498.029634000", + "frame.number": "8726", + "frame.len": "704", + "frame.cap_len": "704", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "690", + "ip.id": "0x00002e09", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000034f8", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "638", + "tcp.seq": "20243", + "tcp.nxtseq": "20881", + "tcp.ack": "100375", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000003dd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:82:d0:00:28:80:ba", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576464, TSecr 2654394": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576464", + "tcp.options.timestamp.tsecr": "2654394" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "685", + "tcp.analysis.push_bytes_sent": "638" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "633", + "ssl.app_data": "34:cd:34:17:47:48:0e:e6:a2:36:42:1d:33:0e:ce:d5:46:41:de:c7:f3:18:6a:03:a4:c3:8b:61:45:e0:7a:4b:c2:13:74:34:b1:06:84:59:70:5d:fd:85:7c:2a:20:a7:e9:0c:21:e5:86:fc:81:ad:6b:9e:4d:18:a4:4b:25:f7:ef:24:1f:9a:2d:f8:cd:07:73:51:a3:39:5f:f2:07:17:ba:3c:7e:97:e7:b6:b4:6f:06:fa:a4:23:d0:fa:98:81:20:14:84:c5:30:47:31:83:76:6a:5c:af:a5:a0:c4:ec:1b:da:86:76:0e:e2:d1:f7:0c:4e:83:bb:0d:1c:12:6f:57:3c:03:4b:a8:fe:ab:25:e4:64:7b:da:f6:05:5f:18:be:3b:df:6a:16:04:2d:64:f0:f1:b2:d3:b2:f9:df:12:d0:ae:99:fa:f4:89:a9:36:45:a0:9d:97:19:12:29:00:c0:6c:8f:89:50:37:23:8f:84:71:7e:3c:01:a4:47:bc:f5:4a:76:25:c6:a4:9a:59:70:81:bf:24:81:2c:c6:8a:32:9f:c8:8b:ef:9e:bd:41:07:11:94:98:a8:78:97:56:62:25:fc:fd:1b:96:62:de:c5:55:92:a3:2c:0e:1e:92:99:f8:d9:ac:cf:5b:9d:21:b0:6f:82:56:f1:4d:a1:dd:6e:4b:67:50:c9:c1:0c:77:8b:f7:38:b6:bb:a1:8d:b5:7e:3b:40:6e:93:e6:e5:dc:3d:38:f8:5d:c0:b2:8e:e0:99:6f:0f:39:0b:a0:31:73:00:ba:c0:82:8b:05:b7:f1:0e:06:99:d3:78:b5:1b:70:26:5c:c5:93:3e:cf:0b:05:b5:8b:f9:be:9b:83:d6:b0:07:fb:ff:a5:a3:d1:bd:29:65:80:ab:d5:85:43:f7:db:d8:bc:e0:23:90:7a:03:8a:65:6b:07:36:ab:a4:7f:ad:5e:e4:e0:a1:4d:d5:e6:e5:48:9d:61:a9:f3:a5:1e:1a:30:aa:95:a2:92:34:10:54:63:7f:f1:17:19:76:9c:c7:40:8e:cf:cc:14:01:50:a9:11:dd:50:7b:a9:ff:8b:a2:3d:f3:98:5b:03:f3:dd:6f:95:3a:e0:06:a5:ac:e1:62:e2:86:ab:b2:e3:34:95:7c:e3:90:8c:ae:34:18:10:ec:7f:29:48:82:a1:b2:80:fe:a0:be:ca:a1:f3:84:73:04:e7:d8:2b:97:13:93:70:dc:b0:ca:cb:b3:d2:58:c9:a2:58:b2:37:67:02:13:34:57:4d:bc:e7:30:47:b8:af:bd:c2:eb:dc:be:64:25:55:d5:cf:7b:39:6e:d4:4a:1d:3b:3f:dd:01:3f:44:c2:44:d0:cf:14:eb:53:3c:32:6e:ea:fe:0a:03:e6:0a:26:d2:df:e4:fd:1f:c7:89:1b:9e:89:ae:af:de:8f:48:65:7c:4a:0f:26:5c:8c:7b:92:74:19:c0:08:80:24:21:c3:a0:2d:0f:2f:dd:a2:cd:5c:94:82:28:30:30:65:7b:37:22:ee:24:d0:0a:d8:3b:84:81:2f:40:c2:b2:4b:ca:3f:69:e6:d0:f8:08:3f:10:79:b0:48:41:c1:b9:3a:66:ef:82:6a:f7:d8:c1:7f:0a:4a:19:b1:99:f9:46:ae:ef:0a:e1:45:de:98:a7:0c:93:94:d1:69:d3" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.493085000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.493085000", + "frame.time_delta": "0.002765000", + "frame.time_delta_displayed": "0.002765000", + "frame.time_relative": "2498.032399000", + "frame.number": "8727", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00009720", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007630", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "100375", + "tcp.nxtseq": "100422", + "tcp.ack": "20881", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fbf1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:80:c0:a7:a4:82:d0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654400, TSecr 2812576464": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654400", + "tcp.options.timestamp.tsecr": "2812576464" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8726", + "tcp.analysis.ack_rtt": "0.002765000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:ad:ff:be:36:27:c4:39:8a:fc:b2:d9:c9:54:e4:bb:ba:e3:60:84:b1:c5:63:b4:02:03:1c:fb:8c:95:07:8c:3e:a4:08:74" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.518251000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.518251000", + "frame.time_delta": "0.025166000", + "frame.time_delta_displayed": "0.025166000", + "frame.time_relative": "2498.057565000", + "frame.number": "8728", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000676c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000050e0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36217", + "tcp.dstport": "49154", + "tcp.port": "36217", + "tcp.port": "49154", + "tcp.stream": "333", + "tcp.len": "0", + "tcp.seq": "180", + "tcp.ack": "215", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000e886", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.523531000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.523531000", + "frame.time_delta": "0.005280000", + "frame.time_delta_displayed": "0.005280000", + "frame.time_relative": "2498.062845000", + "frame.number": "8729", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b84c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36217", + "tcp.port": "49154", + "tcp.port": "36217", + "tcp.stream": "333", + "tcp.len": "0", + "tcp.seq": "215", + "tcp.ack": "181", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000de13", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8728", + "tcp.analysis.ack_rtt": "0.005280000", + "tcp.analysis.initial_rtt": "0.017862000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.541615000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.541615000", + "frame.time_delta": "0.018084000", + "frame.time_delta_displayed": "0.018084000", + "frame.time_relative": "2498.080929000", + "frame.number": "8730", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00003ecc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000796c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36218", + "tcp.dstport": "49154", + "tcp.port": "36218", + "tcp.port": "49154", + "tcp.stream": "335", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 49154", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x0000d60d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:28:80:c5:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 2654405, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654405", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.543007000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.543007000", + "frame.time_delta": "0.001392000", + "frame.time_delta_displayed": "0.001392000", + "frame.time_relative": "2498.082321000", + "frame.number": "8731", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b840", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36218", + "tcp.port": "49154", + "tcp.port": "36218", + "tcp.stream": "335", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 49154", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5840", + "tcp.window_size": "5840", + "tcp.checksum": "0x0000600a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 1 (multiply by 2)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "1", + "tcp.options.wscale.multiplier": "2" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8730", + "tcp.analysis.ack_rtt": "0.001392000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.543467000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.543467000", + "frame.time_delta": "0.000460000", + "frame.time_delta_displayed": "0.000460000", + "frame.time_relative": "2498.082781000", + "frame.number": "8732", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003ecd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000797f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36218", + "tcp.dstport": "49154", + "tcp.port": "36218", + "tcp.port": "49154", + "tcp.stream": "335", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000b6c1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8731", + "tcp.analysis.ack_rtt": "0.000460000", + "tcp.analysis.initial_rtt": "0.001852000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.553725000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.553725000", + "frame.time_delta": "0.010258000", + "frame.time_delta_displayed": "0.010258000", + "frame.time_relative": "2498.093039000", + "frame.number": "8733", + "frame.len": "151", + "frame.cap_len": "151", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "137", + "ip.id": "0x00002e0a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003720", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "85", + "tcp.seq": "20881", + "tcp.nxtseq": "20966", + "tcp.ack": "100422", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00006464", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:82:e0:00:28:80:c0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576480, TSecr 2654400": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576480", + "tcp.options.timestamp.tsecr": "2654400" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8727", + "tcp.analysis.ack_rtt": "0.060640000", + "tcp.analysis.bytes_in_flight": "85", + "tcp.analysis.push_bytes_sent": "85" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "80", + "ssl.app_data": "34:cd:34:17:47:48:0e:e7:2d:c1:b2:3b:ac:f0:ce:77:0a:66:51:8e:bc:9c:47:a2:54:df:5d:e7:84:f8:03:78:a8:c3:0b:3e:c6:02:f0:83:ee:b3:cf:1a:fb:7a:ca:17:15:9d:ed:47:94:8b:7d:ef:87:dd:46:31:92:2c:c0:b7:65:3d:2c:bc:84:ef:f4:d6:ea:99:0c:e8:45:35:24:64" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.554253000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.554253000", + "frame.time_delta": "0.000528000", + "frame.time_delta_displayed": "0.000528000", + "frame.time_relative": "2498.093567000", + "frame.number": "8734", + "frame.len": "144", + "frame.cap_len": "144", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "130", + "ip.id": "0x00009721", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007610", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "78", + "tcp.seq": "100422", + "tcp.nxtseq": "100500", + "tcp.ack": "20966", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005865", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:80:c7:a7:a4:82:e0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654407, TSecr 2812576480": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654407", + "tcp.options.timestamp.tsecr": "2812576480" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8733", + "tcp.analysis.ack_rtt": "0.000528000", + "tcp.analysis.bytes_in_flight": "78", + "tcp.analysis.push_bytes_sent": "78" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "73", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:ae:72:d9:44:2f:88:5c:92:51:46:eb:0b:6b:cb:4c:60:13:11:8c:d0:ac:96:79:99:f3:78:63:33:40:cd:42:ce:ec:f1:e9:5d:ab:a8:4b:c8:40:01:c0:11:7d:4f:3e:94:21:0c:11:93:67:eb:c3:bd:c6:ba:42:87:82:44:9e:9c:97:17" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.554584000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.554584000", + "frame.time_delta": "0.000331000", + "frame.time_delta_displayed": "0.000331000", + "frame.time_relative": "2498.093898000", + "frame.number": "8735", + "frame.len": "640", + "frame.cap_len": "640", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "626", + "ip.id": "0x00003ece", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007734", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36218", + "tcp.dstport": "49154", + "tcp.port": "36218", + "tcp.port": "49154", + "tcp.stream": "335", + "tcp.len": "586", + "tcp.seq": "1", + "tcp.nxtseq": "587", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00003ce6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.001852000", + "tcp.analysis.bytes_in_flight": "586", + "tcp.analysis.push_bytes_sent": "586" + } + }, + "http": { + "POST \/upnp\/control\/timesync1 HTTP\/1.1\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/upnp\/control\/timesync1 HTTP\/1.1\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/upnp\/control\/timesync1", + "http.request.version": "HTTP\/1.1" + }, + "http.content_type": "text\/xml; charset=\"utf-8\"", + "http.request.line": "Content-Type: text\/xml; charset=\"utf-8\"\n", + "http.request.line": "SOAPACTION: \"urn:Belkin:service:timesync:1#TimeSync\"\n", + "http.content_length_header": "376", + "http.content_length_header_tree": { + "http.content_length": "376" + }, + "http.request.line": "Content-Length: 376\n", + "http.host": "192.168.0.65:49154", + "http.request.line": "HOST: 192.168.0.65:49154\n", + "http.user_agent": "CyberGarage-HTTP\/1.0", + "http.request.line": "User-Agent: CyberGarage-HTTP\/1.0\n", + "\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.65:49154\/upnp\/control\/timesync1", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">\n <s:Body>\n <u:TimeSync xmlns:u=\"urn:Belkin:service:timesync:1\">\n <UTC>1509496089<\/UTC>\n <TimeZone>-05.00<\/TimeZone>\n <dst>1<\/dst>\n <DstSupported>1<\/DstSupported>\n <\/u:TimeSync>\n <\/s:Body>\n<\/s:Envelope>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"utf-8\"?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "utf-8", + "?>": "" + }, + "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", + "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", + "xml.tag": "<s:Body>", + "xml.tag_tree": { + "xml.tag": "<u:TimeSync xmlns:u=\"urn:Belkin:service:timesync:1\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:u=\"urn:Belkin:service:timesync:1\"", + "xml.tag": "<UTC>", + "xml.tag_tree": { + "xml.cdata": "1509496089", + "<\/UTC>": "" + }, + "xml.tag": "<TimeZone>", + "xml.tag_tree": { + "xml.cdata": "-05.00", + "<\/TimeZone>": "" + }, + "xml.tag": "<dst>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/dst>": "" + }, + "xml.tag": "<DstSupported>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/DstSupported>": "" + }, + "<\/u:TimeSync>": "" + }, + "<\/s:Body>": "" + }, + "<\/s:Envelope>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.556742000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.556742000", + "frame.time_delta": "0.002158000", + "frame.time_delta_displayed": "0.002158000", + "frame.time_relative": "2498.096056000", + "frame.number": "8736", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000072da", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004572", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36218", + "tcp.port": "49154", + "tcp.port": "36218", + "tcp.stream": "335", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "587", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3506", + "tcp.window_size": "7012", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000a7aa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8735", + "tcp.analysis.ack_rtt": "0.002158000", + "tcp.analysis.initial_rtt": "0.001852000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.566501000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.566501000", + "frame.time_delta": "0.009759000", + "frame.time_delta_displayed": "0.009759000", + "frame.time_relative": "2498.105815000", + "frame.number": "8737", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00009417", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000240f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4469", + "tcp.port": "39500", + "tcp.port": "4469", + "tcp.stream": "334", + "tcp.len": "38", + "tcp.seq": "1", + "tcp.nxtseq": "39", + "tcp.ack": "382", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000e880", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002859000", + "tcp.analysis.bytes_in_flight": "38", + "tcp.analysis.push_bytes_sent": "38" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.567975000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.567975000", + "frame.time_delta": "0.001474000", + "frame.time_delta_displayed": "0.001474000", + "frame.time_relative": "2498.107289000", + "frame.number": "8738", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007b4a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003d02", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4469", + "tcp.dstport": "39500", + "tcp.port": "4469", + "tcp.port": "39500", + "tcp.stream": "334", + "tcp.len": "0", + "tcp.seq": "382", + "tcp.ack": "39", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000d16d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8737", + "tcp.analysis.ack_rtt": "0.001474000", + "tcp.analysis.initial_rtt": "0.002859000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.569134000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.569134000", + "frame.time_delta": "0.001159000", + "frame.time_delta_displayed": "0.001159000", + "frame.time_relative": "2498.108448000", + "frame.number": "8739", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007b4b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003d01", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4469", + "tcp.dstport": "39500", + "tcp.port": "4469", + "tcp.port": "39500", + "tcp.stream": "334", + "tcp.len": "0", + "tcp.seq": "382", + "tcp.ack": "39", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000d16c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.569747000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.569747000", + "frame.time_delta": "0.000613000", + "frame.time_delta_displayed": "0.000613000", + "frame.time_relative": "2498.109061000", + "frame.number": "8740", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009418", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002434", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4469", + "tcp.port": "39500", + "tcp.port": "4469", + "tcp.stream": "334", + "tcp.len": "0", + "tcp.seq": "39", + "tcp.ack": "383", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000dbcd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8739", + "tcp.analysis.ack_rtt": "0.000613000", + "tcp.analysis.initial_rtt": "0.002859000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.571183000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.571183000", + "frame.time_delta": "0.001436000", + "frame.time_delta_displayed": "0.001436000", + "frame.time_relative": "2498.110497000", + "frame.number": "8741", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00007b4c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003d00", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4469", + "tcp.dstport": "39500", + "tcp.port": "4469", + "tcp.port": "39500", + "tcp.stream": "334", + "tcp.len": "0", + "tcp.seq": "383", + "tcp.ack": "40", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000d16b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8740", + "tcp.analysis.ack_rtt": "0.001436000", + "tcp.analysis.initial_rtt": "0.002859000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.654627000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.654627000", + "frame.time_delta": "0.083444000", + "frame.time_delta_displayed": "0.083444000", + "frame.time_relative": "2498.193941000", + "frame.number": "8742", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e0b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003774", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "20966", + "tcp.ack": "100500", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ca47", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:82:fa:00:28:80:c7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576506, TSecr 2654407": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576506", + "tcp.options.timestamp.tsecr": "2654407" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8734", + "tcp.analysis.ack_rtt": "0.100374000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.655122000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.655122000", + "frame.time_delta": "0.000495000", + "frame.time_delta_displayed": "0.000495000", + "frame.time_relative": "2498.194436000", + "frame.number": "8743", + "frame.len": "271", + "frame.cap_len": "271", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "257", + "ip.id": "0x00009722", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007590", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "205", + "tcp.seq": "100500", + "tcp.nxtseq": "100705", + "tcp.ack": "20966", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00002f7f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:80:d1:a7:a4:82:fa", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654417, TSecr 2812576506": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654417", + "tcp.options.timestamp.tsecr": "2812576506" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "205", + "tcp.analysis.push_bytes_sent": "205" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:af:21:e7:da:3d:77:b8:d2:38:f3:40:1f:87:c1:b9:33:13:c8:e8:4a:ec:ce:64:40:b8:34:b0:4f:a0:ee:33:2f:4b:cc:9f:c1:fe:40:ba:92:ba:97" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "67", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:b0:93:bf:28:87:75:b1:05:cf:99:22:ce:0c:05:4f:f8:c4:42:a0:4e:ef:55:e0:1f:f9:4e:c5:0f:3a:66:46:b6:77:83:2f:d6:8a:c5:dc:f6:4c:4b:b2:0c:ad:08:db:d4:80:07:68:56:68:20:b7:4f:d0:73:ef:25" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "74", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:b1:63:5a:73:8f:61:93:c3:33:36:b4:2b:4a:33:e8:aa:70:3d:f7:d4:40:5b:b9:e2:8d:a0:d4:b4:64:f4:78:72:a3:86:00:60:51:74:96:b4:4e:de:4a:73:a5:96:a2:98:e7:a7:3f:7d:73:bf:07:95:ca:c2:87:cc:ee:46:fb:dd:c8:b0:60" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.715263000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.715263000", + "frame.time_delta": "0.060141000", + "frame.time_delta_displayed": "0.060141000", + "frame.time_relative": "2498.254577000", + "frame.number": "8744", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e0c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003773", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "20966", + "tcp.ack": "100705", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c961", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:83:09:00:28:80:d1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576521, TSecr 2654417": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576521", + "tcp.options.timestamp.tsecr": "2654417" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8743", + "tcp.analysis.ack_rtt": "0.060141000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.716460000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.716460000", + "frame.time_delta": "0.001197000", + "frame.time_delta_displayed": "0.001197000", + "frame.time_relative": "2498.255774000", + "frame.number": "8745", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002e0d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003743", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "20966", + "tcp.nxtseq": "21013", + "tcp.ack": "100705", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000dc6b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:83:09:00:28:80:d1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576521, TSecr 2654417": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576521", + "tcp.options.timestamp.tsecr": "2654417" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:e8:8b:c6:a7:e1:54:37:9e:d3:a3:31:6c:95:80:83:ca:5c:2c:34:6f:61:4f:a6:fa:35:e7:04:e5:97:10:c8:b7:44:01:1e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.720536000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.720536000", + "frame.time_delta": "0.004076000", + "frame.time_delta_displayed": "0.004076000", + "frame.time_relative": "2498.259850000", + "frame.number": "8746", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009723", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000762b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "100705", + "tcp.nxtseq": "100754", + "tcp.ack": "21013", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000056a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:80:d7:a7:a4:83:09", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654423, TSecr 2812576521": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654423", + "tcp.options.timestamp.tsecr": "2812576521" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8745", + "tcp.analysis.ack_rtt": "0.004076000", + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:b2:bd:14:2d:b4:01:ea:db:24:f9:24:5a:b3:71:c8:96:6c:05:c4:c9:86:d0:2f:62:7c:ef:52:73:85:df:a3:d1:ed:be:4f:80:78" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.734185000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.734185000", + "frame.time_delta": "0.013649000", + "frame.time_delta_displayed": "0.013649000", + "frame.time_relative": "2498.273499000", + "frame.number": "8747", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002076", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b77a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001257", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x0000029b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=667", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.734721000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.734721000", + "frame.time_delta": "0.000536000", + "frame.time_delta_displayed": "0.000536000", + "frame.time_relative": "2498.274035000", + "frame.number": "8748", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002077", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009875", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f352", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x0000029b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=667", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.735356000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.735356000", + "frame.time_delta": "0.000635000", + "frame.time_delta_displayed": "0.000635000", + "frame.time_relative": "2498.274670000", + "frame.number": "8749", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008118", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x0000029b", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=667", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:09.817873000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496089.817873000", + "frame.time_delta": "0.082517000", + "frame.time_delta_displayed": "0.082517000", + "frame.time_relative": "2498.357187000", + "frame.number": "8750", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e0e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003771", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "21013", + "tcp.ack": "100754", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c8e1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:83:23:00:28:80:d7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576547, TSecr 2654423": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576547", + "tcp.options.timestamp.tsecr": "2654423" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8746", + "tcp.analysis.ack_rtt": "0.097337000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.070787000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.070787000", + "frame.time_delta": "0.252914000", + "frame.time_delta_displayed": "0.252914000", + "frame.time_relative": "2498.610101000", + "frame.number": "8751", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x000072db", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000044b1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36218", + "tcp.port": "49154", + "tcp.port": "36218", + "tcp.stream": "335", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "587", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3506", + "tcp.window_size": "7012", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000acb1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.001852000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:32:36:37:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:32:38:3a:31:30:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.071272000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.071272000", + "frame.time_delta": "0.000485000", + "frame.time_delta_displayed": "0.000485000", + "frame.time_relative": "2498.610586000", + "frame.number": "8752", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003ecf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000797d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36218", + "tcp.dstport": "49154", + "tcp.port": "36218", + "tcp.port": "49154", + "tcp.stream": "335", + "tcp.len": "0", + "tcp.seq": "587", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000b3a7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8751", + "tcp.analysis.ack_rtt": "0.000485000", + "tcp.analysis.initial_rtt": "0.001852000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.072112000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.072112000", + "frame.time_delta": "0.000840000", + "frame.time_delta_displayed": "0.000840000", + "frame.time_relative": "2498.611426000", + "frame.number": "8753", + "frame.len": "321", + "frame.cap_len": "321", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "307", + "ip.id": "0x000072dc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004465", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36218", + "tcp.port": "49154", + "tcp.port": "36218", + "tcp.stream": "335", + "tcp.len": "267", + "tcp.seq": "193", + "tcp.nxtseq": "461", + "tcp.ack": "587", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3506", + "tcp.window_size": "7012", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000dcae", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.001852000", + "tcp.analysis.bytes_in_flight": "268", + "tcp.analysis.push_bytes_sent": "267" + }, + "tcp.segment_data": "3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:54:69:6d:65:53:79:6e:63:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:74:69:6d:65:73:79:6e:63:3a:31:22:3e:0d:0a:3c:73:74:61:74:75:73:3e:73:75:63:63:65:73:73:3c:2f:73:74:61:74:75:73:3e:0d:0a:3c:2f:75:3a:54:69:6d:65:53:79:6e:63:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" + }, + "tcp.segments": { + "tcp.segment": "8751", + "tcp.segment": "8753", + "tcp.segment.count": "2", + "tcp.reassembled.length": "459", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:32:36:37:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:32:38:3a:31:30:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a:3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:54:69:6d:65:53:79:6e:63:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:74:69:6d:65:73:79:6e:63:3a:31:22:3e:0d:0a:3c:73:74:61:74:75:73:3e:73:75:63:63:65:73:73:3c:2f:73:74:61:74:75:73:3e:0d:0a:3c:2f:75:3a:54:69:6d:65:53:79:6e:63:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_length_header": "267", + "http.content_length_header_tree": { + "http.content_length": "267" + }, + "http.response.line": "CONTENT-LENGTH: 267\r\n", + "http.content_type": "text\/xml; charset=\"utf-8\"", + "http.response.line": "CONTENT-TYPE: text\/xml; charset=\"utf-8\"\r\n", + "http.date": "Wed, 01 Nov 2017 00:28:10 GMT", + "http.response.line": "DATE: Wed, 01 Nov 2017 00:28:10 GMT\r\n", + "http.response.line": "EXT:\r\n", + "http.server": "Unspecified, UPnP\/1.0, Unspecified", + "http.response.line": "SERVER: Unspecified, UPnP\/1.0, Unspecified\r\n", + "http.response.line": "X-User-Agent: redsonic\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.517528000", + "http.request_in": "8735", + "http.file_data": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"><s:Body>\n<u:TimeSyncResponse xmlns:u=\"urn:Belkin:service:timesync:1\">\r\n<status>success<\/status>\r\n<\/u:TimeSyncResponse>\r\n<\/s:Body> <\/s:Envelope>" + }, + "xml": { + "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", + "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", + "xml.tag": "<s:Body>", + "xml.tag_tree": { + "xml.tag": "<u:TimeSyncResponse xmlns:u=\"urn:Belkin:service:timesync:1\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:u=\"urn:Belkin:service:timesync:1\"", + "xml.tag": "<status>", + "xml.tag_tree": { + "xml.cdata": "success", + "<\/status>": "" + }, + "<\/u:TimeSyncResponse>": "" + }, + "<\/s:Body>": "" + }, + "<\/s:Envelope>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.086522000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.086522000", + "frame.time_delta": "0.014410000", + "frame.time_delta_displayed": "0.014410000", + "frame.time_relative": "2498.625836000", + "frame.number": "8754", + "frame.len": "317", + "frame.cap_len": "317", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "303", + "ip.id": "0x00009724", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007560", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "251", + "tcp.seq": "100754", + "tcp.nxtseq": "101005", + "tcp.ack": "21013", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000710d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:80:fc:a7:a4:83:23", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654460, TSecr 2812576547": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654460", + "tcp.options.timestamp.tsecr": "2812576547" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "251", + "tcp.analysis.push_bytes_sent": "251" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "246", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:b3:cb:c3:4e:33:8d:7f:08:55:0c:1c:15:37:bf:69:ea:00:14:d0:14:07:2a:88:0f:5e:a5:61:df:f4:53:68:b5:48:3c:2a:e5:20:9e:aa:5f:19:e3:52:18:a2:60:3d:e9:07:9c:d4:3d:97:09:0f:23:a0:d6:3a:23:0c:1e:07:3c:bb:ed:5f:4a:c1:3c:42:a1:b2:10:de:d6:20:46:01:2b:76:7b:8b:dc:3d:a4:5e:68:68:f1:c3:e8:64:b0:cb:b2:d5:d7:74:10:4a:17:39:6a:9c:3e:c2:51:6e:7e:2b:cb:6f:4a:5d:4d:35:19:d8:0c:d3:69:d4:05:22:f5:d3:56:88:95:89:eb:47:dc:4f:f5:9f:f2:ef:81:f4:5e:ab:de:91:57:40:12:bc:dc:86:3a:81:bf:c9:13:52:4c:ac:ac:24:81:70:5f:2d:18:16:4e:55:38:f5:74:13:9c:5b:f5:cf:5f:57:7f:63:c7:6b:e6:99:e1:85:cf:a1:dd:35:e0:00:05:fc:7b:70:45:4b:5c:01:ae:e2:bd:30:b2:f9:c8:9d:e2:26:a2:62:45:16:b9:f7:32:15:cb:ec:43:5b:e6:05:f3:6b:ed:26:41:5a:54:86:a0:a9:3a:8b:c8:0a" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.104170000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.104170000", + "frame.time_delta": "0.017648000", + "frame.time_delta_displayed": "0.017648000", + "frame.time_relative": "2498.643484000", + "frame.number": "8755", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003ed0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000797c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36218", + "tcp.dstport": "49154", + "tcp.port": "36218", + "tcp.port": "49154", + "tcp.stream": "335", + "tcp.len": "0", + "tcp.seq": "587", + "tcp.ack": "461", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000b28a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8753", + "tcp.analysis.ack_rtt": "0.032058000", + "tcp.analysis.initial_rtt": "0.001852000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.146708000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.146708000", + "frame.time_delta": "0.042538000", + "frame.time_delta_displayed": "0.042538000", + "frame.time_relative": "2498.686022000", + "frame.number": "8756", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e0f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003770", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "21013", + "tcp.ack": "101005", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c76f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:83:75:00:28:80:fc", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576629, TSecr 2654460": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576629", + "tcp.options.timestamp.tsecr": "2654460" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8754", + "tcp.analysis.ack_rtt": "0.060186000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.147237000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.147237000", + "frame.time_delta": "0.000529000", + "frame.time_delta_displayed": "0.000529000", + "frame.time_relative": "2498.686551000", + "frame.number": "8757", + "frame.len": "392", + "frame.cap_len": "392", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "378", + "ip.id": "0x00009725", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007514", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "326", + "tcp.seq": "101005", + "tcp.nxtseq": "101331", + "tcp.ack": "21013", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ad6b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:81:02:a7:a4:83:75", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654466, TSecr 2812576629": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654466", + "tcp.options.timestamp.tsecr": "2812576629" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "326", + "tcp.analysis.push_bytes_sent": "326" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "321", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:b4:e4:5c:ca:1f:ce:d0:3b:11:bf:55:ca:8a:36:8e:48:4e:dc:2f:a4:b2:34:0c:4b:1a:55:bf:1f:98:ac:6b:81:a9:57:1a:5b:dc:9c:da:a4:01:40:f9:4d:c1:c7:57:ea:bf:c9:f7:37:2a:d2:4a:5e:10:26:30:76:1e:66:d0:3a:4e:c3:5f:70:a3:fb:6b:38:bc:55:0f:d8:a6:bf:e2:57:5b:c0:14:67:38:6f:8b:50:7f:f0:b9:70:0a:84:67:b8:a7:c1:22:4b:a6:41:71:3d:09:9b:53:63:9b:a7:6e:72:0b:d1:58:8c:09:7a:dd:b2:14:64:cb:af:72:2b:d2:18:ab:8d:da:cd:ec:4d:b7:06:f9:b4:26:b2:ff:a5:64:cf:58:36:6f:13:9f:f0:b8:cb:0b:5c:85:b3:80:f0:6d:e5:0a:cf:2f:85:11:43:27:19:1e:07:3b:60:1e:fb:81:9d:79:97:55:99:3d:1c:e7:65:62:83:85:1b:90:63:5a:93:6c:2f:dc:ca:32:72:24:6d:3b:22:b8:a0:5d:36:91:c2:96:61:95:18:82:aa:22:f2:40:c4:45:35:3c:a5:94:cc:75:5b:85:06:c2:7a:53:8e:b2:cd:34:9c:8d:1c:55:9a:aa:fc:82:e8:24:8d:62:f2:86:f6:cf:c9:26:0f:00:f0:27:c4:81:2c:f9:f1:9b:fc:6b:73:d3:c0:51:2f:06:0a:d8:25:4e:e5:64:0e:51:2a:f8:08:13:25:48:92:a7:75:82:dd:28:f8:55:d3:62:53:02:1f:85:78:0b:d0:69:fd:e6:db:55:e7:d0:0d:8a:fe:ee:ac" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.208073000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.208073000", + "frame.time_delta": "0.060836000", + "frame.time_delta_displayed": "0.060836000", + "frame.time_relative": "2498.747387000", + "frame.number": "8758", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e10", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000376f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "21013", + "tcp.ack": "101331", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c614", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:83:84:00:28:81:02", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576644, TSecr 2654466": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576644", + "tcp.options.timestamp.tsecr": "2654466" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8757", + "tcp.analysis.ack_rtt": "0.060836000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.209142000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.209142000", + "frame.time_delta": "0.001069000", + "frame.time_delta_displayed": "0.001069000", + "frame.time_relative": "2498.748456000", + "frame.number": "8759", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002e11", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000373f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "21013", + "tcp.nxtseq": "21060", + "tcp.ack": "101331", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ce4b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:83:84:00:28:81:02", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576644, TSecr 2654466": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576644", + "tcp.options.timestamp.tsecr": "2654466" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:e9:ca:5b:4f:af:61:3f:ee:b9:ad:95:dc:bf:ce:e9:d2:79:3c:5d:7e:f3:60:f9:ea:52:aa:b2:5a:4a:f3:47:68:dd:d2:20" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.210438000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.210438000", + "frame.time_delta": "0.001296000", + "frame.time_delta_displayed": "0.001296000", + "frame.time_relative": "2498.749752000", + "frame.number": "8760", + "frame.len": "615", + "frame.cap_len": "615", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "601", + "ip.id": "0x00002e12", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003548", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "549", + "tcp.seq": "21060", + "tcp.nxtseq": "21609", + "tcp.ack": "101331", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000aa96", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:83:84:00:28:81:02", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576644, TSecr 2654466": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576644", + "tcp.options.timestamp.tsecr": "2654466" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "596", + "tcp.analysis.push_bytes_sent": "549" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "544", + "ssl.app_data": "34:cd:34:17:47:48:0e:ea:75:9d:d5:4f:48:2f:2a:59:4f:55:1a:35:39:51:54:01:44:2e:94:4d:9c:a3:fd:f4:6a:40:dc:bf:24:c6:16:a5:13:c2:08:97:11:d5:d6:c9:56:b5:df:62:da:f1:b2:d7:14:00:1f:ab:2f:f3:01:2a:d9:aa:23:e4:cd:c4:ca:36:c5:d5:a4:d4:a1:a6:ce:f7:f3:be:29:a6:ae:73:ba:9c:85:92:11:e1:6b:dd:a0:2a:9d:51:8a:6f:f5:18:b8:98:b3:d6:7c:6b:d8:0b:be:1f:8c:ae:0b:d7:79:c7:e9:be:b3:b8:f6:6a:94:fd:09:9f:c2:72:51:8e:43:a7:ea:08:d2:53:a4:54:5c:27:f8:d2:0c:0b:46:f4:e5:e1:00:a0:02:88:02:47:27:d5:11:aa:7a:d4:42:1e:c7:0f:64:c0:b2:86:44:f7:70:54:57:bd:b8:a4:87:58:fd:b4:4e:bb:e4:b3:dd:35:54:e6:d7:20:1e:bd:87:45:e7:73:a5:00:1e:56:b5:1e:39:76:e5:a0:ca:e2:75:a7:9c:29:26:9c:56:d8:b9:2f:7a:f0:43:fa:39:88:44:57:ab:eb:3f:7b:5a:c7:77:d5:6a:68:0a:5e:1f:a5:f7:bb:2f:3e:9f:77:a5:e4:57:66:25:02:73:8e:6b:e2:4a:80:a4:6e:73:72:0b:a1:bf:1e:df:d7:95:84:74:d1:31:2d:04:dc:77:dd:a2:d4:7b:cd:e5:c6:d9:ea:0b:2d:45:7a:d1:41:38:3f:85:31:78:55:19:27:f5:d0:5c:be:4b:90:fe:84:77:36:07:30:c8:92:43:e0:ae:f1:9e:6e:e4:04:65:7b:80:e1:ff:c8:1f:ee:6e:75:08:b7:ba:30:67:61:a1:2e:e3:f5:b1:0b:dc:e8:a1:71:be:92:48:67:aa:ee:32:43:a1:5b:ed:0a:b6:c6:c3:1b:1f:82:ca:a4:61:38:f8:a5:ea:e4:b8:f6:77:f3:4a:d6:89:7b:39:eb:f5:be:bb:38:99:84:fe:f2:5e:c0:0d:74:ad:98:ce:e6:e9:be:d8:8f:c3:82:8a:19:66:b1:ed:78:37:4b:72:48:f6:4e:fb:99:57:c1:9d:0e:ae:2d:35:68:96:c6:25:76:16:0d:3d:c9:19:23:68:94:a4:bf:35:61:af:31:b4:ad:ea:b4:7c:5e:4f:9e:41:e8:30:0b:7f:69:87:e0:4e:3e:74:72:fc:fc:76:6a:55:24:09:79:05:9b:0b:0c:d3:f2:fa:05:73:04:50:ba:d2:72:84:f6:49:c6:b9:8d:fa:b3:f5:57:76:ac:cb:2f:b9:28:65:c8:15:cc:44:97:f3:f3:cc:3b:00:18:0b:a6:39:66:f4:7c:db:9d:2a:05:bd:0a:92:05:1f:dc:e8:7b:74:65:05:4d:28:a7:78:08" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.214364000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.214364000", + "frame.time_delta": "0.003926000", + "frame.time_delta_displayed": "0.003926000", + "frame.time_relative": "2498.753678000", + "frame.number": "8761", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00009726", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000762a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "101331", + "tcp.nxtseq": "101378", + "tcp.ack": "21609", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000022f8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:81:09:a7:a4:83:84", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654473, TSecr 2812576644": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654473", + "tcp.options.timestamp.tsecr": "2812576644" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8760", + "tcp.analysis.ack_rtt": "0.003926000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:b5:e2:b3:04:e4:04:4c:10:0e:55:c3:30:f8:26:31:ba:12:4b:85:b4:35:71:29:2f:32:73:01:37:ba:d1:68:46:73:b4:4a" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.243262000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.243262000", + "frame.time_delta": "0.028898000", + "frame.time_delta_displayed": "0.028898000", + "frame.time_relative": "2498.782576000", + "frame.number": "8762", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003ed1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000797b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36218", + "tcp.dstport": "49154", + "tcp.port": "36218", + "tcp.port": "49154", + "tcp.stream": "335", + "tcp.len": "0", + "tcp.seq": "587", + "tcp.ack": "461", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000b289", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.244998000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.244998000", + "frame.time_delta": "0.001736000", + "frame.time_delta_displayed": "0.001736000", + "frame.time_relative": "2498.784312000", + "frame.number": "8763", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b84c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36218", + "tcp.port": "49154", + "tcp.port": "36218", + "tcp.stream": "335", + "tcp.len": "0", + "tcp.seq": "461", + "tcp.ack": "588", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3506", + "tcp.window_size": "7012", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000a5dd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8762", + "tcp.analysis.ack_rtt": "0.001736000", + "tcp.analysis.initial_rtt": "0.001852000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.254418000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.254418000", + "frame.time_delta": "0.009420000", + "frame.time_delta_displayed": "0.009420000", + "frame.time_relative": "2498.793732000", + "frame.number": "8764", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00001e2e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009a0a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36219", + "tcp.dstport": "49154", + "tcp.port": "36219", + "tcp.port": "49154", + "tcp.stream": "336", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 49154", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x00001443", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:28:81:0d:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 2654477, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654477", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.256145000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.256145000", + "frame.time_delta": "0.001727000", + "frame.time_delta_displayed": "0.001727000", + "frame.time_relative": "2498.795459000", + "frame.number": "8765", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b840", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36219", + "tcp.port": "49154", + "tcp.port": "36219", + "tcp.stream": "336", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 49154", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5840", + "tcp.window_size": "5840", + "tcp.checksum": "0x0000476a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 1 (multiply by 2)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "1", + "tcp.options.wscale.multiplier": "2" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8764", + "tcp.analysis.ack_rtt": "0.001727000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.256610000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.256610000", + "frame.time_delta": "0.000465000", + "frame.time_delta_displayed": "0.000465000", + "frame.time_relative": "2498.795924000", + "frame.number": "8766", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001e2f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009a1d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36219", + "tcp.dstport": "49154", + "tcp.port": "36219", + "tcp.port": "49154", + "tcp.stream": "336", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00009e21", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8765", + "tcp.analysis.ack_rtt": "0.000465000", + "tcp.analysis.initial_rtt": "0.002192000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.267619000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.267619000", + "frame.time_delta": "0.011009000", + "frame.time_delta_displayed": "0.011009000", + "frame.time_relative": "2498.806933000", + "frame.number": "8767", + "frame.len": "551", + "frame.cap_len": "551", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "537", + "ip.id": "0x00001e30", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000982b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36219", + "tcp.dstport": "49154", + "tcp.port": "36219", + "tcp.port": "49154", + "tcp.stream": "336", + "tcp.len": "497", + "tcp.seq": "1", + "tcp.nxtseq": "498", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000fedd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002192000", + "tcp.analysis.bytes_in_flight": "497", + "tcp.analysis.push_bytes_sent": "497" + } + }, + "http": { + "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/upnp\/control\/basicevent1", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "SOAPACTION: \"urn:Belkin:service:basicevent:1#GetBinaryState\"\n", + "http.content_length_header": "277", + "http.content_length_header_tree": { + "http.content_length": "277" + }, + "http.request.line": "Content-Length: 277\n", + "http.content_type": "text\/xml; charset=\"utf-8\"", + "http.request.line": "Content-Type: text\/xml; charset=\"utf-8\"\n", + "http.host": "192.168.0.65:49154", + "http.request.line": "HOST: 192.168.0.65:49154\n", + "http.user_agent": "CyberGarage-HTTP\/1.0", + "http.request.line": "User-Agent: CyberGarage-HTTP\/1.0\n", + "\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.65:49154\/upnp\/control\/basicevent1", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">\n<s:Body>\n<u:GetBinaryState xmlns:u=\"urn:Belkin:service:basicevent:1\">\n<\/u:GetBinaryState>\n<\/s:Body>\n<\/s:Envelope>" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"utf-8\"?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "utf-8", + "?>": "" + }, + "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", + "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", + "xml.tag": "<s:Body>", + "xml.tag_tree": { + "xml.tag": "<u:GetBinaryState xmlns:u=\"urn:Belkin:service:basicevent:1\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:u=\"urn:Belkin:service:basicevent:1\"", + "<\/u:GetBinaryState>": "" + }, + "<\/s:Body>": "" + }, + "<\/s:Envelope>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.269729000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.269729000", + "frame.time_delta": "0.002110000", + "frame.time_delta_displayed": "0.002110000", + "frame.time_relative": "2498.809043000", + "frame.number": "8768", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000bbd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ac8f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36219", + "tcp.port": "49154", + "tcp.port": "36219", + "tcp.stream": "336", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "498", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00008f95", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8767", + "tcp.analysis.ack_rtt": "0.002110000", + "tcp.analysis.initial_rtt": "0.002192000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.273461000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.273461000", + "frame.time_delta": "0.003732000", + "frame.time_delta_displayed": "0.003732000", + "frame.time_relative": "2498.812775000", + "frame.number": "8769", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00000bbe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000abce", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36219", + "tcp.port": "49154", + "tcp.port": "36219", + "tcp.stream": "336", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "498", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000929e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002192000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:32:38:35:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:32:38:3a:31:30:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.273918000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.273918000", + "frame.time_delta": "0.000457000", + "frame.time_delta_displayed": "0.000457000", + "frame.time_relative": "2498.813232000", + "frame.number": "8770", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001e31", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009a1b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36219", + "tcp.dstport": "49154", + "tcp.port": "36219", + "tcp.port": "49154", + "tcp.stream": "336", + "tcp.len": "0", + "tcp.seq": "498", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00009b60", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8769", + "tcp.analysis.ack_rtt": "0.000457000", + "tcp.analysis.initial_rtt": "0.002192000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.274673000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.274673000", + "frame.time_delta": "0.000755000", + "frame.time_delta_displayed": "0.000755000", + "frame.time_relative": "2498.813987000", + "frame.number": "8771", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00000bbf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ab70", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36219", + "tcp.port": "49154", + "tcp.port": "36219", + "tcp.stream": "336", + "tcp.len": "285", + "tcp.seq": "193", + "tcp.nxtseq": "479", + "tcp.ack": "498", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00009b83", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002192000", + "tcp.analysis.bytes_in_flight": "286", + "tcp.analysis.push_bytes_sent": "285" + }, + "tcp.segment_data": "3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:47:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:2f:75:3a:47:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" + }, + "tcp.segments": { + "tcp.segment": "8769", + "tcp.segment": "8771", + "tcp.segment.count": "2", + "tcp.reassembled.length": "477", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:32:38:35:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:32:38:3a:31:30:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a:3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:47:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:2f:75:3a:47:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_length_header": "285", + "http.content_length_header_tree": { + "http.content_length": "285" + }, + "http.response.line": "CONTENT-LENGTH: 285\r\n", + "http.content_type": "text\/xml; charset=\"utf-8\"", + "http.response.line": "CONTENT-TYPE: text\/xml; charset=\"utf-8\"\r\n", + "http.date": "Wed, 01 Nov 2017 00:28:10 GMT", + "http.response.line": "DATE: Wed, 01 Nov 2017 00:28:10 GMT\r\n", + "http.response.line": "EXT:\r\n", + "http.server": "Unspecified, UPnP\/1.0, Unspecified", + "http.response.line": "SERVER: Unspecified, UPnP\/1.0, Unspecified\r\n", + "http.response.line": "X-User-Agent: redsonic\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.007054000", + "http.request_in": "8767", + "http.file_data": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"><s:Body>\n<u:GetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">\r\n<BinaryState>0<\/BinaryState>\r\n<\/u:GetBinaryStateResponse>\r\n<\/s:Body> <\/s:Envelope>" + }, + "xml": { + "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", + "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", + "xml.tag": "<s:Body>", + "xml.tag_tree": { + "xml.tag": "<u:GetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:u=\"urn:Belkin:service:basicevent:1\"", + "xml.tag": "<BinaryState>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/BinaryState>": "" + }, + "<\/u:GetBinaryStateResponse>": "" + }, + "<\/s:Body>": "" + }, + "<\/s:Envelope>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.314156000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.314156000", + "frame.time_delta": "0.039483000", + "frame.time_delta_displayed": "0.039483000", + "frame.time_relative": "2498.853470000", + "frame.number": "8772", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001e32", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009a1a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36219", + "tcp.dstport": "49154", + "tcp.port": "36219", + "tcp.port": "49154", + "tcp.stream": "336", + "tcp.len": "0", + "tcp.seq": "498", + "tcp.ack": "479", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00009a31", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8771", + "tcp.analysis.ack_rtt": "0.039483000", + "tcp.analysis.initial_rtt": "0.002192000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.315900000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.315900000", + "frame.time_delta": "0.001744000", + "frame.time_delta_displayed": "0.001744000", + "frame.time_relative": "2498.855214000", + "frame.number": "8773", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e13", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000376c", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "21609", + "tcp.ack": "101378", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c36f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:83:9f:00:28:81:09", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576671, TSecr 2654473": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576671", + "tcp.options.timestamp.tsecr": "2654473" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8761", + "tcp.analysis.ack_rtt": "0.101536000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.316422000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.316422000", + "frame.time_delta": "0.000522000", + "frame.time_delta_displayed": "0.000522000", + "frame.time_relative": "2498.855736000", + "frame.number": "8774", + "frame.len": "876", + "frame.cap_len": "876", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "862", + "ip.id": "0x00009727", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000732e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "810", + "tcp.seq": "101378", + "tcp.nxtseq": "102188", + "tcp.ack": "21609", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000208", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:81:13:a7:a4:83:9f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654483, TSecr 2812576671": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654483", + "tcp.options.timestamp.tsecr": "2812576671" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "810", + "tcp.analysis.push_bytes_sent": "810" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:b6:eb:87:67:4e:3e:11:a1:bd:09:f8:5c:53:50:1b:52:df:23:40:0d:0e:40:f8:0a:59:93:50:e1:b2:33:0e:14:b1:86:6f:a7:4a:c8:a8:dd:1f" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:b7:3a:6d:14:41:55:06:1f:66:43:2f:37:4c:1f:8d:69:f8:c0:a8:2e:4c:2b:bd:db:31:7d:39:51:0d:de:7f:f9:1b:c0:02:6a:24:54:53:bb:47:84" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:b8:ca:84:c9:0e:72:33:54:92:49:a9:98:22:a4:32:e1:63:cd:9d:6c:f4:de:b8:f0:64:bd:4b:08:7f:66:13:fd:26:89:c3:96:76:4c:f8:4b:3a:3d" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:b9:e0:0a:da:63:1c:49:26:24:06:9c:88:dc:c1:e0:7b:37:68:a8:78:3e:68:94:cd:c4:14:2c:91:3b:9a:46:b8:01:00:a7:41:e1:10:25:6b:8c:58" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "246", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:ba:cf:22:7b:60:72:12:f2:2a:c4:1b:8c:61:19:b3:55:09:d0:50:7f:d4:d5:06:5b:8e:54:0c:50:61:ad:42:8f:54:c6:08:92:d8:2b:4b:58:fa:41:ac:e2:c5:7a:a9:9f:f6:31:11:e9:81:7f:37:c2:e9:fa:8c:77:76:c8:32:52:dd:94:02:4e:a4:26:e9:92:a2:68:ba:96:c3:3b:3d:10:bb:dc:d0:c9:70:ef:92:f1:f5:4b:9f:2f:34:1b:48:dc:f2:ac:7d:fa:cb:f8:27:54:22:7a:9e:40:b0:a4:ba:8a:91:cd:b5:49:e5:32:1f:47:86:1c:58:24:e5:2a:ad:39:c8:db:d8:44:56:f3:9b:0e:d8:e5:49:b2:5b:85:54:ef:95:59:3f:2a:94:ff:e1:5d:ee:c0:9c:48:73:b9:02:63:14:4b:00:43:b1:d2:00:71:b5:a1:5f:bc:46:9b:3b:a8:63:e3:71:57:05:3e:68:9d:e0:6a:1b:6a:7a:d3:fa:78:4b:74:5b:b0:14:2c:8e:a3:29:3e:07:06:87:ec:d5:52:6d:cb:5b:db:ed:1b:e1:e9:55:8b:d0:b1:c0:2e:9a:cf:38:ea:83:0a:7b:0d:db:12:e9:88:dc:8b:ac:5a:54" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "339", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:bb:16:df:75:da:c0:3d:41:d4:27:f0:8d:e8:a1:b8:19:40:92:56:a9:45:14:45:f3:9a:c1:ed:29:70:d4:7f:30:89:80:3d:b5:30:1a:93:86:0c:c6:94:00:f0:9c:1c:92:15:8d:47:62:5b:19:aa:2b:7c:5f:44:09:e5:01:34:92:33:06:1b:f9:77:18:5f:cb:e9:6e:82:e3:63:b1:04:5e:71:05:a8:3d:13:65:84:ce:8d:0e:92:f2:ca:a0:80:9e:d7:fc:15:ca:e7:c3:42:3e:2d:f6:0e:19:cd:c8:0d:de:27:e8:27:a1:7d:fe:93:d2:31:e3:bd:82:b4:6e:7c:30:bc:b3:ed:f1:c7:e2:7c:4c:4f:39:57:40:e5:4c:20:b9:7b:42:7f:75:7f:de:5f:9a:cc:bd:e3:77:ee:b8:ba:c1:2c:53:c9:bc:24:a0:b2:ad:d0:6a:cb:79:bc:d6:28:e5:e3:79:8a:82:df:55:bd:c0:2b:ac:7f:9a:05:65:61:2d:5f:bc:82:1d:3d:c9:18:d9:a2:1d:fd:6f:88:8b:ef:dc:f5:7c:f2:a9:a6:ce:5b:dd:1c:41:8f:72:09:09:03:55:39:ac:09:41:88:da:43:fd:94:cd:68:24:9f:86:05:63:4e:4d:f0:4a:bd:8d:3b:13:fe:76:bc:41:cf:ec:53:2e:55:30:c9:90:77:35:aa:36:fd:e4:6a:e5:07:77:93:ab:96:7b:89:20:c0:30:ab:86:9c:3d:09:0d:51:34:9e:0e:c4:78:a2:5d:14:3e:00:79:c3:6c:c1:03:0f:a2:39:08:72:a4:b9:50:ce:ae:89:cd:98:16:25:9c:42:e7:fe:ea:4d:48:f5:89:98:79:8f:37:94:e4:df:7a" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.379589000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.379589000", + "frame.time_delta": "0.063167000", + "frame.time_delta_displayed": "0.063167000", + "frame.time_relative": "2498.918903000", + "frame.number": "8775", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e14", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000376b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "21609", + "tcp.ack": "102188", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c02c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:83:ae:00:28:81:13", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576686, TSecr 2654483": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576686", + "tcp.options.timestamp.tsecr": "2654483" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8774", + "tcp.analysis.ack_rtt": "0.063167000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.381051000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.381051000", + "frame.time_delta": "0.001462000", + "frame.time_delta_displayed": "0.001462000", + "frame.time_relative": "2498.920365000", + "frame.number": "8776", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002e15", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000373b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "21609", + "tcp.nxtseq": "21656", + "tcp.ack": "102188", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c49e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:83:af:00:28:81:13", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576687, TSecr 2654483": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576687", + "tcp.options.timestamp.tsecr": "2654483" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:eb:27:d1:f9:40:8c:d1:6f:a2:e9:52:53:f1:e2:a4:ef:f3:5e:45:65:45:1d:ab:4e:1a:f8:c8:ea:2a:ce:8b:b7:5d:ce:0e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.387267000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.387267000", + "frame.time_delta": "0.006216000", + "frame.time_delta_displayed": "0.006216000", + "frame.time_relative": "2498.926581000", + "frame.number": "8777", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00009728", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007628", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "102188", + "tcp.nxtseq": "102235", + "tcp.ack": "21656", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b4c3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:81:1a:a7:a4:83:af", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654490, TSecr 2812576687": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654490", + "tcp.options.timestamp.tsecr": "2812576687" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8776", + "tcp.analysis.ack_rtt": "0.006216000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:bc:7a:96:f6:76:50:38:32:bd:38:75:29:8a:40:a8:00:2c:3d:98:d4:0c:77:3d:17:2a:c5:1c:af:6c:fc:8d:f4:de:4d:74" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.397501000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.397501000", + "frame.time_delta": "0.010234000", + "frame.time_delta_displayed": "0.010234000", + "frame.time_relative": "2498.936815000", + "frame.number": "8778", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001e33", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00009a19", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36219", + "tcp.dstport": "49154", + "tcp.port": "36219", + "tcp.port": "49154", + "tcp.stream": "336", + "tcp.len": "0", + "tcp.seq": "498", + "tcp.ack": "479", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00009a30", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.403742000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.403742000", + "frame.time_delta": "0.006241000", + "frame.time_delta_displayed": "0.006241000", + "frame.time_relative": "2498.943056000", + "frame.number": "8779", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b84c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36219", + "tcp.port": "49154", + "tcp.port": "36219", + "tcp.stream": "336", + "tcp.len": "0", + "tcp.seq": "479", + "tcp.ack": "499", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00008db6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8778", + "tcp.analysis.ack_rtt": "0.006241000", + "tcp.analysis.initial_rtt": "0.002192000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.486086000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.486086000", + "frame.time_delta": "0.082344000", + "frame.time_delta_displayed": "0.082344000", + "frame.time_relative": "2499.025400000", + "frame.number": "8780", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e16", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003769", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "21656", + "tcp.ack": "102235", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bfab", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:83:ca:00:28:81:1a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576714, TSecr 2654490": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576714", + "tcp.options.timestamp.tsecr": "2654490" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8777", + "tcp.analysis.ack_rtt": "0.098819000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.486568000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.486568000", + "frame.time_delta": "0.000482000", + "frame.time_delta_displayed": "0.000482000", + "frame.time_relative": "2499.025882000", + "frame.number": "8781", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009729", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007620", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "102235", + "tcp.nxtseq": "102289", + "tcp.ack": "21656", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a7af", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:81:24:a7:a4:83:ca", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654500, TSecr 2812576714": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654500", + "tcp.options.timestamp.tsecr": "2812576714" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:bd:66:4d:64:b2:83:96:ff:f8:b5:12:65:ee:bb:49:09:50:6c:49:67:e6:0a:d2:eb:0f:6c:e3:97:74:32:bf:11:84:d7:9b:cf:69:9c:16:17:5f:08" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.547269000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.547269000", + "frame.time_delta": "0.060701000", + "frame.time_delta_displayed": "0.060701000", + "frame.time_relative": "2499.086583000", + "frame.number": "8782", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e17", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003768", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "21656", + "tcp.ack": "102289", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bf5c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:83:d9:00:28:81:24", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576729, TSecr 2654500": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576729", + "tcp.options.timestamp.tsecr": "2654500" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8781", + "tcp.analysis.ack_rtt": "0.060701000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.815092000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.815092000", + "frame.time_delta": "0.267823000", + "frame.time_delta_displayed": "0.267823000", + "frame.time_relative": "2499.354406000", + "frame.number": "8783", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002946", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008efa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4470", + "tcp.dstport": "39500", + "tcp.port": "4470", + "tcp.port": "39500", + "tcp.stream": "337", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 39500", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5840", + "tcp.window_size": "5840", + "tcp.checksum": "0x0000ae86", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 1 (multiply by 2)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "1", + "tcp.options.wscale.multiplier": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.815576000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.815576000", + "frame.time_delta": "0.000484000", + "frame.time_delta_displayed": "0.000484000", + "frame.time_relative": "2499.354890000", + "frame.number": "8784", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b840", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4470", + "tcp.port": "39500", + "tcp.port": "4470", + "tcp.stream": "337", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 39500", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x00006fe6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8783", + "tcp.analysis.ack_rtt": "0.000484000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.819329000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.819329000", + "frame.time_delta": "0.003753000", + "frame.time_delta_displayed": "0.003753000", + "frame.time_relative": "2499.358643000", + "frame.number": "8785", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002947", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008f05", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4470", + "tcp.dstport": "39500", + "tcp.port": "4470", + "tcp.port": "39500", + "tcp.stream": "337", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000de57", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8784", + "tcp.analysis.ack_rtt": "0.003753000", + "tcp.analysis.initial_rtt": "0.004237000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.822253000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.822253000", + "frame.time_delta": "0.002924000", + "frame.time_delta_displayed": "0.002924000", + "frame.time_relative": "2499.361567000", + "frame.number": "8786", + "frame.len": "258", + "frame.cap_len": "258", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "244", + "ip.id": "0x00002948", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008e38", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4470", + "tcp.dstport": "39500", + "tcp.port": "4470", + "tcp.port": "39500", + "tcp.stream": "337", + "tcp.len": "204", + "tcp.seq": "1", + "tcp.nxtseq": "205", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x000027fc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004237000", + "tcp.analysis.bytes_in_flight": "204", + "tcp.analysis.push_bytes_sent": "204" + }, + "tcp.segment_data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:35:30:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:38:39:37:36:63:63:64:36:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:31:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.822736000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.822736000", + "frame.time_delta": "0.000483000", + "frame.time_delta_displayed": "0.000483000", + "frame.time_relative": "2499.362050000", + "frame.number": "8787", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004a3f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006e0d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4470", + "tcp.port": "39500", + "tcp.port": "4470", + "tcp.stream": "337", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "205", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000e7fe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8786", + "tcp.analysis.ack_rtt": "0.000483000", + "tcp.analysis.initial_rtt": "0.004237000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.824207000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.824207000", + "frame.time_delta": "0.001471000", + "frame.time_delta_displayed": "0.001471000", + "frame.time_relative": "2499.363521000", + "frame.number": "8788", + "frame.len": "205", + "frame.cap_len": "205", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml:http:data" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "191", + "ip.id": "0x00002949", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008e6c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4470", + "tcp.dstport": "39500", + "tcp.port": "4470", + "tcp.port": "39500", + "tcp.stream": "337", + "tcp.len": "151", + "tcp.seq": "205", + "tcp.nxtseq": "356", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000a925", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004237000", + "tcp.analysis.bytes_in_flight": "151", + "tcp.analysis.push_bytes_sent": "151" + }, + "tcp.segment_data": "3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:45:6e:65:72:67:79:50:65:72:55:6e:69:74:43:6f:73:74:3e:31:7c:31:31:31:7c:31:3c:2f:45:6e:65:72:67:79:50:65:72:55:6e:69:74:43:6f:73:74:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" + }, + "tcp.segments": { + "tcp.segment": "8786", + "tcp.segment": "8788", + "tcp.segment.count": "2", + "tcp.reassembled.length": "354", + "tcp.reassembled.data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:35:30:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:38:39:37:36:63:63:64:36:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:31:0d:0a:0d:0a:3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:45:6e:65:72:67:79:50:65:72:55:6e:69:74:43:6f:73:74:3e:31:7c:31:31:31:7c:31:3c:2f:45:6e:65:72:67:79:50:65:72:55:6e:69:74:43:6f:73:74:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" + }, + "http": { + "NOTIFY \/ HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY \/ HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "\/", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.242:39500", + "http.content_type": "text\/xml; charset=\"utf-8\"", + "http.content_length_header": "150", + "http.content_length_header_tree": { + "http.content_length": "150" + }, + "http.unknown_header": "NT: upnp:event\\r\\n", + "http.unknown_header": "NTS: upnp:propchange\\r\\n", + "http.unknown_header": "SID: uuid:8976ccd6-1dd2-11b2-be5b-b0ef260068aa\\r\\n", + "http.unknown_header": "SEQ: 1\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.242:39500\/", + "http.notification": "1", + "http.file_data": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">\n<e:property>\n<EnergyPerUnitCost>1|111|1<\/EnergyPerUnitCost>\n<\/e:property>\n<\/e:propertyset>\n\n\r" + }, + "xml": { + "xml.tag": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:e=\"urn:schemas-upnp-org:event-1-0\"", + "xml.tag": "<e:property>", + "xml.tag_tree": { + "xml.tag": "<EnergyPerUnitCost>", + "xml.tag_tree": { + "xml.cdata": "1|111|1", + "<\/EnergyPerUnitCost>": "" + }, + "<\/e:property>": "" + }, + "<\/e:propertyset>": "" + } + }, + "http": { + "data": { + "data.data": "0a", + "data.len": "1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.824620000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.824620000", + "frame.time_delta": "0.000413000", + "frame.time_delta_displayed": "0.000413000", + "frame.time_relative": "2499.363934000", + "frame.number": "8789", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004a40", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006e0c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4470", + "tcp.port": "39500", + "tcp.port": "4470", + "tcp.stream": "337", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "356", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000e756", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8788", + "tcp.analysis.ack_rtt": "0.000413000", + "tcp.analysis.initial_rtt": "0.004237000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.841176000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.841176000", + "frame.time_delta": "0.016556000", + "frame.time_delta_displayed": "0.016556000", + "frame.time_relative": "2499.380490000", + "frame.number": "8790", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x0000972a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000761f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "102289", + "tcp.nxtseq": "102343", + "tcp.ack": "21656", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001277", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:81:47:a7:a4:83:d9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654535, TSecr 2812576729": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654535", + "tcp.options.timestamp.tsecr": "2812576729" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:be:9e:b1:cd:0a:7a:46:8d:e0:95:66:6c:da:bb:16:c3:d2:9d:46:a6:1e:57:e9:e8:8f:1f:c4:d1:98:b7:6b:ca:33:76:97:10:cc:31:38:c5:61:0a" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.902089000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.902089000", + "frame.time_delta": "0.060913000", + "frame.time_delta_displayed": "0.060913000", + "frame.time_relative": "2499.441403000", + "frame.number": "8791", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e18", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003767", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "21656", + "tcp.ack": "102343", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000beab", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:84:31:00:28:81:47", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576817, TSecr 2654535": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576817", + "tcp.options.timestamp.tsecr": "2654535" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8790", + "tcp.analysis.ack_rtt": "0.060913000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.902619000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.902619000", + "frame.time_delta": "0.000530000", + "frame.time_delta_displayed": "0.000530000", + "frame.time_relative": "2499.441933000", + "frame.number": "8792", + "frame.len": "480", + "frame.cap_len": "480", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "466", + "ip.id": "0x0000972b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000074b6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "414", + "tcp.seq": "102343", + "tcp.nxtseq": "102757", + "tcp.ack": "21656", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ccb9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:81:4d:a7:a4:84:31", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654541, TSecr 2812576817": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654541", + "tcp.options.timestamp.tsecr": "2812576817" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "414", + "tcp.analysis.push_bytes_sent": "414" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "409", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:bf:2e:c0:fa:e8:bb:35:89:0a:24:49:fc:73:5b:39:9e:2f:f0:91:a9:85:29:21:d1:9e:c0:a9:a0:2e:6e:c0:7d:f5:9a:4b:3d:0c:c0:f2:fe:29:e6:97:ed:d5:1a:70:92:76:b3:66:01:5d:6d:07:b2:03:65:0f:8c:9f:22:06:4d:2f:8c:ef:0e:7c:b6:4d:fa:9e:8a:76:5f:fe:36:ee:ba:eb:aa:0f:43:9f:1e:c4:51:54:c5:6c:ed:b1:e6:78:8e:14:c3:1b:9d:3d:53:04:c0:c7:39:75:b4:82:15:fb:40:2e:75:a7:7a:e8:88:ed:d9:04:c1:5b:4c:7b:fc:b6:75:ac:8c:2d:a0:da:b9:23:5b:c5:0b:be:a9:7b:3e:dd:12:59:16:3b:e2:69:fd:c5:4e:23:e0:5b:2a:ec:ba:22:13:25:67:fc:86:98:48:d9:a7:bb:bc:2d:0a:33:f4:fe:bc:3d:a5:7c:db:38:79:e9:72:60:08:bb:71:39:0c:bd:13:fd:d1:4c:72:fb:75:cf:94:95:2d:f9:a6:c9:3d:ba:75:48:22:2d:b0:78:a8:ed:09:07:9a:76:d3:4e:89:35:8a:7f:cb:70:c7:67:95:fa:1f:29:2b:b6:48:e8:54:34:d4:1b:8f:f8:43:eb:96:ae:e5:52:77:38:a6:fc:94:96:ff:8a:4e:1c:68:60:da:51:a6:5c:3c:86:bb:f1:70:46:0b:e7:d7:d5:ee:50:27:ed:40:0b:70:df:c3:cb:66:b3:b7:39:09:55:b8:4c:2e:7b:5b:c1:33:c2:f5:c0:d2:07:78:c5:20:96:8d:ee:ba:35:b4:22:a8:c4:d1:36:a0:05:69:9e:21:38:b2:a1:9c:f1:85:18:f9:a9:73:9d:cb:71:8d:19:fd:2f:ce:ae:3d:f1:ad:f3:70:13:63:9f:0d:f7:86:19:53:74:3d:7d:d4:a2:fb:10:a3:e5:41:1a:9d:c1:75:a2:28:93:1a:23:73:e8:77:68:ef:88:31:a8:44:b5:d3:b8:8e:c6:19:f9:23:9d:07:92:e7:4b:bc:27:79:a2:03:e7:9e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.964505000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.964505000", + "frame.time_delta": "0.061886000", + "frame.time_delta_displayed": "0.061886000", + "frame.time_relative": "2499.503819000", + "frame.number": "8793", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e19", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003766", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "21656", + "tcp.ack": "102757", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bcf7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:84:41:00:28:81:4d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576833, TSecr 2654541": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576833", + "tcp.options.timestamp.tsecr": "2654541" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8792", + "tcp.analysis.ack_rtt": "0.061886000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.965696000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.965696000", + "frame.time_delta": "0.001191000", + "frame.time_delta_displayed": "0.001191000", + "frame.time_relative": "2499.505010000", + "frame.number": "8794", + "frame.len": "151", + "frame.cap_len": "151", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "137", + "ip.id": "0x00002e1a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003710", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "85", + "tcp.seq": "21656", + "tcp.nxtseq": "21741", + "tcp.ack": "102757", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001661", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:84:41:00:28:81:4d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576833, TSecr 2654541": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576833", + "tcp.options.timestamp.tsecr": "2654541" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "85", + "tcp.analysis.push_bytes_sent": "85" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "80", + "ssl.app_data": "34:cd:34:17:47:48:0e:ec:77:f5:0d:50:72:f7:c6:23:8a:b9:17:5d:6b:7e:f7:46:8b:96:40:7d:84:0c:40:30:b2:7a:93:5a:57:70:9b:dc:07:76:54:f5:cc:71:09:f5:16:e4:7e:eb:55:d1:c8:d7:1c:10:c8:52:2a:5a:0c:82:59:89:72:10:8e:4f:53:b1:26:84:61:cb:86:bc:2b:43" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.969488000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.969488000", + "frame.time_delta": "0.003792000", + "frame.time_delta_displayed": "0.003792000", + "frame.time_relative": "2499.508802000", + "frame.number": "8795", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x0000972c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007624", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "102757", + "tcp.nxtseq": "102804", + "tcp.ack": "21741", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000677a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:81:54:a7:a4:84:41", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654548, TSecr 2812576833": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654548", + "tcp.options.timestamp.tsecr": "2812576833" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8794", + "tcp.analysis.ack_rtt": "0.003792000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:c0:46:91:d2:67:ac:46:1b:4b:28:9b:57:a3:a1:5e:42:b7:74:1b:23:de:c8:c9:30:62:dc:47:fe:b7:2b:2f:65:d1:97:8e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.978166000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.978166000", + "frame.time_delta": "0.008678000", + "frame.time_delta_displayed": "0.008678000", + "frame.time_relative": "2499.517480000", + "frame.number": "8796", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00004a41", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006de5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4470", + "tcp.port": "39500", + "tcp.port": "4470", + "tcp.stream": "337", + "tcp.len": "38", + "tcp.seq": "1", + "tcp.nxtseq": "39", + "tcp.ack": "356", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000f3e1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004237000", + "tcp.analysis.bytes_in_flight": "38", + "tcp.analysis.push_bytes_sent": "38" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.979570000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.979570000", + "frame.time_delta": "0.001404000", + "frame.time_delta_displayed": "0.001404000", + "frame.time_relative": "2499.518884000", + "frame.number": "8797", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000294a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008f02", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4470", + "tcp.dstport": "39500", + "tcp.port": "4470", + "tcp.port": "39500", + "tcp.stream": "337", + "tcp.len": "0", + "tcp.seq": "356", + "tcp.ack": "39", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000dcce", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8796", + "tcp.analysis.ack_rtt": "0.001404000", + "tcp.analysis.initial_rtt": "0.004237000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.980592000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.980592000", + "frame.time_delta": "0.001022000", + "frame.time_delta_displayed": "0.001022000", + "frame.time_relative": "2499.519906000", + "frame.number": "8798", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000294b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008f01", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4470", + "tcp.dstport": "39500", + "tcp.port": "4470", + "tcp.port": "39500", + "tcp.stream": "337", + "tcp.len": "0", + "tcp.seq": "356", + "tcp.ack": "39", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000dccd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.981220000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.981220000", + "frame.time_delta": "0.000628000", + "frame.time_delta_displayed": "0.000628000", + "frame.time_relative": "2499.520534000", + "frame.number": "8799", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004a42", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006e0a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4470", + "tcp.port": "39500", + "tcp.port": "4470", + "tcp.stream": "337", + "tcp.len": "0", + "tcp.seq": "39", + "tcp.ack": "357", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000e72e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8798", + "tcp.analysis.ack_rtt": "0.000628000", + "tcp.analysis.initial_rtt": "0.004237000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:10.983303000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496090.983303000", + "frame.time_delta": "0.002083000", + "frame.time_delta_displayed": "0.002083000", + "frame.time_relative": "2499.522617000", + "frame.number": "8800", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000294c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008f00", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4470", + "tcp.dstport": "39500", + "tcp.port": "4470", + "tcp.port": "39500", + "tcp.stream": "337", + "tcp.len": "0", + "tcp.seq": "357", + "tcp.ack": "40", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000dccc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8799", + "tcp.analysis.ack_rtt": "0.002083000", + "tcp.analysis.initial_rtt": "0.004237000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:11.030278000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496091.030278000", + "frame.time_delta": "0.046975000", + "frame.time_delta_displayed": "0.046975000", + "frame.time_relative": "2499.569592000", + "frame.number": "8801", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002e1b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003735", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "21741", + "tcp.nxtseq": "21788", + "tcp.ack": "102804", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005aac", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:84:52:00:28:81:54", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576850, TSecr 2654548": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576850", + "tcp.options.timestamp.tsecr": "2654548" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8795", + "tcp.analysis.ack_rtt": "0.060790000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:ed:03:af:00:5e:4d:d3:29:b2:d6:d6:39:95:85:93:c1:2d:57:6a:cc:87:08:00:f3:e8:16:d0:8d:b4:6c:04:2f:df:83:00" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:11.030764000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496091.030764000", + "frame.time_delta": "0.000486000", + "frame.time_delta_displayed": "0.000486000", + "frame.time_relative": "2499.570078000", + "frame.number": "8802", + "frame.len": "145", + "frame.cap_len": "145", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "131", + "ip.id": "0x0000972d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007603", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "79", + "tcp.seq": "102804", + "tcp.nxtseq": "102883", + "tcp.ack": "21788", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000098e4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:81:5a:a7:a4:84:52", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654554, TSecr 2812576850": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654554", + "tcp.options.timestamp.tsecr": "2812576850" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8801", + "tcp.analysis.ack_rtt": "0.000486000", + "tcp.analysis.bytes_in_flight": "79", + "tcp.analysis.push_bytes_sent": "79" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "74", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:c1:11:18:5f:ca:12:c9:e3:76:19:43:97:87:c0:36:48:0d:ad:6a:98:08:cf:b4:4a:dc:e1:4a:70:f5:c8:7a:24:fb:d0:e1:2c:52:ef:14:56:c4:9d:83:fb:d6:14:42:de:5f:1f:ec:03:a3:59:39:1a:d5:9a:1a:7c:21:ce:a1:5c:63:72:6c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:11.129788000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496091.129788000", + "frame.time_delta": "0.099024000", + "frame.time_delta_displayed": "0.099024000", + "frame.time_relative": "2499.669102000", + "frame.number": "8803", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e1c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003763", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "21788", + "tcp.ack": "102883", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bbbe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:84:6b:00:28:81:5a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576875, TSecr 2654554": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576875", + "tcp.options.timestamp.tsecr": "2654554" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8802", + "tcp.analysis.ack_rtt": "0.099024000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:11.130261000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496091.130261000", + "frame.time_delta": "0.000473000", + "frame.time_delta_displayed": "0.000473000", + "frame.time_relative": "2499.669575000", + "frame.number": "8804", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x0000972e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007620", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "102883", + "tcp.nxtseq": "102932", + "tcp.ack": "21788", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000889c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:81:64:a7:a4:84:6b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654564, TSecr 2812576875": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654564", + "tcp.options.timestamp.tsecr": "2812576875" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:c2:07:de:b1:7e:fd:5e:04:dc:c9:31:c9:17:68:c9:85:36:93:ee:93:ea:07:39:e6:97:b8:2e:21:b5:90:ca:c6:33:14:70:37:90" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:11.190452000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496091.190452000", + "frame.time_delta": "0.060191000", + "frame.time_delta_displayed": "0.060191000", + "frame.time_relative": "2499.729766000", + "frame.number": "8805", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e1d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003762", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "21788", + "tcp.ack": "102932", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000bb74", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:84:7a:00:28:81:64", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812576890, TSecr 2654564": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812576890", + "tcp.options.timestamp.tsecr": "2654564" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8804", + "tcp.analysis.ack_rtt": "0.060191000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.126432000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.126432000", + "frame.time_delta": "0.935980000", + "frame.time_delta_displayed": "0.935980000", + "frame.time_relative": "2500.665746000", + "frame.number": "8806", + "frame.len": "298", + "frame.cap_len": "298", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "284", + "ip.id": "0x00002e1e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003679", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "232", + "tcp.seq": "21788", + "tcp.nxtseq": "22020", + "tcp.ack": "102932", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009924", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:85:64:00:28:81:64", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812577124, TSecr 2654564": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812577124", + "tcp.options.timestamp.tsecr": "2654564" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "232", + "tcp.analysis.push_bytes_sent": "232" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "227", + "ssl.app_data": "34:cd:34:17:47:48:0e:ee:58:3f:d4:c9:29:77:37:59:9b:9c:18:78:9e:58:37:0a:73:46:37:ac:6b:0b:d6:af:c6:6e:7d:0a:ea:87:13:47:af:05:33:ea:25:24:65:9c:97:9b:9b:5b:d4:4f:41:8b:61:48:e3:27:9b:4b:8e:6d:8c:6f:cf:a5:02:a1:a4:d6:eb:a8:ec:b3:7a:de:94:df:0f:09:28:eb:6e:3b:38:e6:9f:c9:66:47:fa:be:f5:76:b9:d1:f1:30:aa:0f:9d:9e:1b:66:5b:e8:00:e3:26:93:00:2e:fb:86:6e:df:31:e9:13:a2:30:d3:78:ee:13:df:db:70:cc:06:6c:0a:67:36:63:36:75:9d:49:2b:83:e2:2d:97:e1:99:11:0b:6e:4c:0e:bc:d7:dc:74:c6:c5:3b:13:83:25:87:ca:20:28:7c:6b:a6:e3:6b:d6:bb:be:0a:aa:11:70:ba:18:ee:f6:aa:60:a9:79:ab:21:c6:f7:f6:ac:d1:0d:70:7d:8f:99:db:49:ca:6a:2f:c4:14:b1:ca:ce:4d:24:02:61:04:56:24:0f:29:aa:82:30:ff:80:bc:0c:bf:6e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.134965000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.134965000", + "frame.time_delta": "0.008533000", + "frame.time_delta_displayed": "0.008533000", + "frame.time_relative": "2500.674279000", + "frame.number": "8807", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x0000972f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000761b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "102932", + "tcp.nxtseq": "102985", + "tcp.ack": "22020", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005d35", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:81:c9:a7:a4:85:64", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654665, TSecr 2812577124": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654665", + "tcp.options.timestamp.tsecr": "2812577124" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8806", + "tcp.analysis.ack_rtt": "0.008533000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:c3:a6:64:b7:27:1b:2a:09:ff:c7:82:85:ea:ac:7b:96:59:e3:f8:3c:37:ee:1b:2b:0c:eb:23:b3:5f:31:c8:34:f0:71:39:a9:0d:93:6e:bb:4f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.137689000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.137689000", + "frame.time_delta": "0.002724000", + "frame.time_delta_displayed": "0.002724000", + "frame.time_relative": "2500.677003000", + "frame.number": "8808", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00009bb4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001be4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36217", + "tcp.dstport": "49153", + "tcp.port": "36217", + "tcp.port": "49153", + "tcp.stream": "338", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 49153", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x00005f56", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:28:81:c9:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 2654665, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654665", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.144216000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.144216000", + "frame.time_delta": "0.006527000", + "frame.time_delta_displayed": "0.006527000", + "frame.time_relative": "2500.683530000", + "frame.number": "8809", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "94:10:3e:36:60:09", + "arp.src.proto_ipv4": "192.168.0.225", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.144636000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.144636000", + "frame.time_delta": "0.000420000", + "frame.time_delta_displayed": "0.000420000", + "frame.time_relative": "2500.683950000", + "frame.number": "8810", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "94:10:3e:36:60:09", + "arp.dst.proto_ipv4": "192.168.0.225" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.149712000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.149712000", + "frame.time_delta": "0.005076000", + "frame.time_delta_displayed": "0.005076000", + "frame.time_relative": "2500.689026000", + "frame.number": "8811", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b7a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36217", + "tcp.port": "49153", + "tcp.port": "36217", + "tcp.stream": "338", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 49153", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5840", + "tcp.window_size": "5840", + "tcp.checksum": "0x00006b8b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 1 (multiply by 2)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "1", + "tcp.options.wscale.multiplier": "2" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8808", + "tcp.analysis.ack_rtt": "0.012023000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.150227000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.150227000", + "frame.time_delta": "0.000515000", + "frame.time_delta_displayed": "0.000515000", + "frame.time_relative": "2500.689541000", + "frame.number": "8812", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009bb5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001bf7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36217", + "tcp.dstport": "49153", + "tcp.port": "36217", + "tcp.port": "49153", + "tcp.stream": "338", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000c242", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8811", + "tcp.analysis.ack_rtt": "0.000515000", + "tcp.analysis.initial_rtt": "0.012538000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.161248000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.161248000", + "frame.time_delta": "0.011021000", + "frame.time_delta_displayed": "0.011021000", + "frame.time_relative": "2500.700562000", + "frame.number": "8813", + "frame.len": "234", + "frame.cap_len": "234", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:data" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "220", + "ip.id": "0x00009bb6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001b42", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36217", + "tcp.dstport": "49153", + "tcp.port": "36217", + "tcp.port": "49153", + "tcp.stream": "338", + "tcp.len": "180", + "tcp.seq": "1", + "tcp.nxtseq": "181", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00008875", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.012538000", + "tcp.analysis.bytes_in_flight": "180", + "tcp.analysis.push_bytes_sent": "180" + } + }, + "http": { + "SUBSCRIBE \/upnp\/event\/basicevent1 HTTP\/1.1\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "SUBSCRIBE \/upnp\/event\/basicevent1 HTTP\/1.1\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "SUBSCRIBE", + "http.request.uri": "\/upnp\/event\/basicevent1", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.225:49153", + "http.unknown_header": "CALLBACK: <http:\/\/192.168.0.242:39500\/>\\n", + "http.unknown_header": "NT: upnp:event\\n", + "http.unknown_header": "TIMEOUT: Second-5400\\n", + "http.user_agent": "CyberGarage-HTTP\/1.0", + "\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.225:49153\/upnp\/event\/basicevent1", + "http.notification": "1", + "http.file_data": "\n", + "data": { + "data.data": "0a", + "data.len": "1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.162762000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.162762000", + "frame.time_delta": "0.001514000", + "frame.time_delta_displayed": "0.001514000", + "frame.time_relative": "2500.702076000", + "frame.number": "8814", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fd79", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ba32", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36217", + "tcp.port": "49153", + "tcp.port": "36217", + "tcp.stream": "338", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "181", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000b70b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8813", + "tcp.analysis.ack_rtt": "0.001514000", + "tcp.analysis.initial_rtt": "0.012538000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.166697000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.166697000", + "frame.time_delta": "0.003935000", + "frame.time_delta_displayed": "0.003935000", + "frame.time_relative": "2500.706011000", + "frame.number": "8815", + "frame.len": "267", + "frame.cap_len": "267", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "253", + "ip.id": "0x0000fd7a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b95c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36217", + "tcp.port": "49153", + "tcp.port": "36217", + "tcp.stream": "338", + "tcp.len": "213", + "tcp.seq": "1", + "tcp.nxtseq": "214", + "tcp.ack": "181", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000da1a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.012538000", + "tcp.analysis.bytes_in_flight": "213", + "tcp.analysis.push_bytes_sent": "213" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.date": "Wed, 01 Nov 2017 00:28:12 GMT", + "http.response.line": "DATE: Wed, 01 Nov 2017 00:28:12 GMT\r\n", + "http.server": "Unspecified, UPnP\/1.0, Unspecified", + "http.response.line": "SERVER: Unspecified, UPnP\/1.0, Unspecified\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.response.line": "CONTENT-LENGTH: 0\r\n", + "http.response.line": "X-User-Agent: redsonic\r\n", + "http.response.line": "SID: uuid:8b1d77e2-1dd2-11b2-bdbd-82692efb0d7e\r\n", + "http.response.line": "TIMEOUT: Second-5400\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.167153000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.167153000", + "frame.time_delta": "0.000456000", + "frame.time_delta_displayed": "0.000456000", + "frame.time_relative": "2500.706467000", + "frame.number": "8816", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009bb7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001bf5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36217", + "tcp.dstport": "49153", + "tcp.port": "36217", + "tcp.port": "49153", + "tcp.stream": "338", + "tcp.len": "0", + "tcp.seq": "181", + "tcp.ack": "214", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000c0a9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8815", + "tcp.analysis.ack_rtt": "0.000456000", + "tcp.analysis.initial_rtt": "0.012538000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.167648000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.167648000", + "frame.time_delta": "0.000495000", + "frame.time_delta_displayed": "0.000495000", + "frame.time_relative": "2500.706962000", + "frame.number": "8817", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000fd7b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ba30", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36217", + "tcp.port": "49153", + "tcp.port": "36217", + "tcp.stream": "338", + "tcp.len": "0", + "tcp.seq": "214", + "tcp.ack": "181", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000b635", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.169371000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.169371000", + "frame.time_delta": "0.001723000", + "frame.time_delta_displayed": "0.001723000", + "frame.time_relative": "2500.708685000", + "frame.number": "8818", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000dc6e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000db31", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "3668", + "tcp.dstport": "39500", + "tcp.port": "3668", + "tcp.port": "39500", + "tcp.stream": "339", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 39500", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5840", + "tcp.window_size": "5840", + "tcp.checksum": "0x00004d9a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 1 (multiply by 2)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "1", + "tcp.options.wscale.multiplier": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.169800000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.169800000", + "frame.time_delta": "0.000429000", + "frame.time_delta_displayed": "0.000429000", + "frame.time_relative": "2500.709114000", + "frame.number": "8819", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b7a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "3668", + "tcp.port": "39500", + "tcp.port": "3668", + "tcp.stream": "339", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 39500", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x0000d7d8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8818", + "tcp.analysis.ack_rtt": "0.000429000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.172123000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.172123000", + "frame.time_delta": "0.002323000", + "frame.time_delta_displayed": "0.002323000", + "frame.time_relative": "2500.711437000", + "frame.number": "8820", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000dc6f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000db3c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "3668", + "tcp.dstport": "39500", + "tcp.port": "3668", + "tcp.port": "39500", + "tcp.stream": "339", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000464a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8819", + "tcp.analysis.ack_rtt": "0.002323000", + "tcp.analysis.initial_rtt": "0.002752000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.173511000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.173511000", + "frame.time_delta": "0.001388000", + "frame.time_delta_displayed": "0.001388000", + "frame.time_relative": "2500.712825000", + "frame.number": "8821", + "frame.len": "258", + "frame.cap_len": "258", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "244", + "ip.id": "0x0000dc70", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000da6f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "3668", + "tcp.dstport": "39500", + "tcp.port": "3668", + "tcp.port": "39500", + "tcp.stream": "339", + "tcp.len": "204", + "tcp.seq": "1", + "tcp.nxtseq": "205", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00001434", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002752000", + "tcp.analysis.bytes_in_flight": "204", + "tcp.analysis.push_bytes_sent": "204" + }, + "tcp.segment_data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:33:32:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:38:62:31:64:37:37:65:32:2d:31:64:64:32:2d:31:31:62:32:2d:62:64:62:64:2d:38:32:36:39:32:65:66:62:30:64:37:65:0d:0a:53:45:51:3a:20:30:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.173963000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.173963000", + "frame.time_delta": "0.000452000", + "frame.time_delta_displayed": "0.000452000", + "frame.time_relative": "2500.713277000", + "frame.number": "8822", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000f92", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a81a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "3668", + "tcp.port": "39500", + "tcp.port": "3668", + "tcp.stream": "339", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "205", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00004ff1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8821", + "tcp.analysis.ack_rtt": "0.000452000", + "tcp.analysis.initial_rtt": "0.002752000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.176493000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.176493000", + "frame.time_delta": "0.002530000", + "frame.time_delta_displayed": "0.002530000", + "frame.time_relative": "2500.715807000", + "frame.number": "8823", + "frame.len": "187", + "frame.cap_len": "187", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml:http:data" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "173", + "ip.id": "0x0000dc71", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000dab5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "3668", + "tcp.dstport": "39500", + "tcp.port": "3668", + "tcp.port": "39500", + "tcp.stream": "339", + "tcp.len": "133", + "tcp.seq": "205", + "tcp.nxtseq": "338", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000a125", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002752000", + "tcp.analysis.bytes_in_flight": "133", + "tcp.analysis.push_bytes_sent": "133" + }, + "tcp.segment_data": "3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" + }, + "tcp.segments": { + "tcp.segment": "8821", + "tcp.segment": "8823", + "tcp.segment.count": "2", + "tcp.reassembled.length": "336", + "tcp.reassembled.data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:33:32:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:38:62:31:64:37:37:65:32:2d:31:64:64:32:2d:31:31:62:32:2d:62:64:62:64:2d:38:32:36:39:32:65:66:62:30:64:37:65:0d:0a:53:45:51:3a:20:30:0d:0a:0d:0a:3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" + }, + "http": { + "NOTIFY \/ HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY \/ HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "\/", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.242:39500", + "http.content_type": "text\/xml; charset=\"utf-8\"", + "http.content_length_header": "132", + "http.content_length_header_tree": { + "http.content_length": "132" + }, + "http.unknown_header": "NT: upnp:event\\r\\n", + "http.unknown_header": "NTS: upnp:propchange\\r\\n", + "http.unknown_header": "SID: uuid:8b1d77e2-1dd2-11b2-bdbd-82692efb0d7e\\r\\n", + "http.unknown_header": "SEQ: 0\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.242:39500\/", + "http.notification": "1", + "http.file_data": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">\n<e:property>\n<BinaryState>0<\/BinaryState>\n<\/e:property>\n<\/e:propertyset>\n\n\r" + }, + "xml": { + "xml.tag": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:e=\"urn:schemas-upnp-org:event-1-0\"", + "xml.tag": "<e:property>", + "xml.tag_tree": { + "xml.tag": "<BinaryState>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/BinaryState>": "" + }, + "<\/e:property>": "" + }, + "<\/e:propertyset>": "" + } + }, + "http": { + "data": { + "data.data": "0a", + "data.len": "1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.176947000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.176947000", + "frame.time_delta": "0.000454000", + "frame.time_delta_displayed": "0.000454000", + "frame.time_relative": "2500.716261000", + "frame.number": "8824", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000f93", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a819", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "3668", + "tcp.port": "39500", + "tcp.port": "3668", + "tcp.stream": "339", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "338", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00004f5b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8823", + "tcp.analysis.ack_rtt": "0.000454000", + "tcp.analysis.initial_rtt": "0.002752000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.196583000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.196583000", + "frame.time_delta": "0.019636000", + "frame.time_delta_displayed": "0.019636000", + "frame.time_relative": "2500.735897000", + "frame.number": "8825", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e1f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003760", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "22020", + "tcp.ack": "102985", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b8f7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:85:75:00:28:81:c9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812577141, TSecr 2654665": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812577141", + "tcp.options.timestamp.tsecr": "2654665" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8807", + "tcp.analysis.ack_rtt": "0.061618000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.197107000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.197107000", + "frame.time_delta": "0.000524000", + "frame.time_delta_displayed": "0.000524000", + "frame.time_relative": "2500.736421000", + "frame.number": "8826", + "frame.len": "417", + "frame.cap_len": "417", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "403", + "ip.id": "0x00009730", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000074f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "351", + "tcp.seq": "102985", + "tcp.nxtseq": "103336", + "tcp.ack": "22020", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a643", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:81:cf:a7:a4:85:75", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654671, TSecr 2812577141": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654671", + "tcp.options.timestamp.tsecr": "2812577141" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "351", + "tcp.analysis.push_bytes_sent": "351" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:c4:d1:3f:af:72:00:0e:99:d0:f3:ad:90:70:0b:a8:40:92:5c:0e:54:a0:29:1b:75:cb:a3:3a:c3:c1:7c:7c:b9:98:3c:d6:70:9d:a2:e8:83:64:c6" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "292", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:c5:d7:fc:d8:2d:d2:26:1c:4b:a8:45:a3:61:03:72:54:66:e1:89:1a:84:f2:81:82:e0:ed:b2:fb:9b:14:48:ec:49:f8:cf:bd:79:47:67:b9:15:7f:1a:03:7b:d0:a8:a3:95:5a:ac:5d:29:eb:63:18:3c:15:f3:87:0f:58:10:2f:c0:7d:4a:76:8f:09:45:a2:93:82:6d:1f:00:33:c9:4f:2f:db:93:c8:89:17:d8:31:92:db:b1:22:c5:3b:e0:b4:23:a5:53:3e:b8:d9:33:7e:2e:ad:7f:b7:a7:f7:55:fa:5b:70:5b:93:a7:9e:d6:f8:24:19:2d:b5:c7:42:b3:13:61:c4:fd:58:17:a5:a0:f3:01:9c:36:35:64:5d:a6:a7:68:c4:3d:ad:53:2a:b1:45:dc:e6:28:d4:d8:49:5e:65:82:5c:ce:9e:3c:56:a8:f0:a2:28:1a:b5:4b:e9:0e:b6:42:68:1e:fb:8d:4f:c2:d7:92:d0:2a:db:a9:74:ca:91:11:06:8c:21:d8:a3:e3:7b:4d:fd:87:4a:4c:5a:b4:a8:df:62:a6:4f:75:68:2c:af:3f:4f:25:c3:b4:ac:15:ba:89:5f:13:ef:d7:6a:29:92:46:42:46:54:01:dc:39:b0:3e:96:22:b2:16:c4:74:15:54:d9:50:2c:83:19:c5:b6:1e:ae:1d:c4:5a:82:7e:82:0e:c6:50:ce:59:06:14:a8:45:4b:ec:ea:0f:dc:d1:b3:e1:65:37:8e:8f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.204097000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.204097000", + "frame.time_delta": "0.006990000", + "frame.time_delta_displayed": "0.006990000", + "frame.time_relative": "2500.743411000", + "frame.number": "8827", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009bb8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001bf4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36217", + "tcp.dstport": "49153", + "tcp.port": "36217", + "tcp.port": "49153", + "tcp.stream": "338", + "tcp.len": "0", + "tcp.seq": "181", + "tcp.ack": "215", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000c0a8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8817", + "tcp.analysis.ack_rtt": "0.036449000", + "tcp.analysis.initial_rtt": "0.012538000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.257209000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.257209000", + "frame.time_delta": "0.053112000", + "frame.time_delta_displayed": "0.053112000", + "frame.time_relative": "2500.796523000", + "frame.number": "8828", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e20", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000375f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "22020", + "tcp.ack": "103336", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b783", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:85:84:00:28:81:cf", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812577156, TSecr 2654671": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812577156", + "tcp.options.timestamp.tsecr": "2654671" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8826", + "tcp.analysis.ack_rtt": "0.060102000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.257729000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.257729000", + "frame.time_delta": "0.000520000", + "frame.time_delta_displayed": "0.000520000", + "frame.time_relative": "2500.797043000", + "frame.number": "8829", + "frame.len": "487", + "frame.cap_len": "487", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "473", + "ip.id": "0x00009731", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000074a9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "421", + "tcp.seq": "103336", + "tcp.nxtseq": "103757", + "tcp.ack": "22020", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000192d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:81:d5:a7:a4:85:84", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654677, TSecr 2812577156": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654677", + "tcp.options.timestamp.tsecr": "2812577156" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "421", + "tcp.analysis.push_bytes_sent": "421" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "416", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:c6:87:85:50:5e:21:55:ff:9e:32:9c:4a:11:cb:7f:49:43:2d:75:3a:66:da:c9:f6:c8:08:3f:59:01:f7:05:85:5a:fb:e0:33:a4:8b:07:f1:7b:0c:61:f0:0b:c0:4e:e5:76:1d:4c:24:0d:f2:30:53:a1:bc:9a:80:83:c7:e6:7e:43:7a:87:b4:39:18:50:33:c6:63:5a:09:6a:20:2e:65:79:41:e8:ee:d6:bf:85:02:23:b9:9e:b3:df:cb:56:1c:37:e2:6e:22:de:7d:28:e2:57:a1:54:8d:bc:a6:92:f2:dc:ac:c3:81:bf:ed:cf:c3:6c:cf:be:e2:3b:5f:6b:fe:64:4b:c6:56:8a:47:a7:56:bb:cb:dd:d1:da:ff:9a:97:3f:3d:6d:56:1d:14:38:df:b0:34:29:a2:fc:2d:41:12:6b:24:f4:8c:c5:43:ab:43:4b:1c:2c:d7:66:cd:ae:55:a2:be:a6:1c:8a:2c:5b:0a:fd:8b:a8:c3:52:32:bb:b4:c7:6b:98:3d:e9:27:c3:ad:30:09:52:61:1f:7f:d2:ff:c5:ac:ac:e8:dd:00:ec:9a:0c:c9:12:db:9b:c2:5b:e8:09:66:27:99:17:26:1e:ee:6d:4f:c4:62:fb:5c:11:dc:9f:c4:2d:17:70:e1:41:f0:45:6c:db:ac:a9:18:0d:26:fe:3e:87:88:18:1b:f4:6b:79:5e:c1:5e:c3:df:c6:a9:56:e7:f2:f8:6a:17:d1:12:0f:73:55:ff:92:ab:9f:02:41:d0:70:7d:a7:6f:8c:1f:74:10:7e:05:9e:ce:04:2e:75:44:02:79:90:69:19:c8:7d:8f:e9:23:b0:68:0a:07:39:5a:62:5b:12:2f:1b:94:c6:1f:d3:63:6a:96:7e:5d:c3:6e:e6:46:7d:61:cd:5f:82:7c:d5:61:17:51:f9:cc:59:22:ec:2b:20:94:e4:c5:89:d0:94:10:9f:e2:d7:28:b5:d0:81:ef:5d:de:07:2e:60:2c:13:60:2d:b5:30:46:5d:74:11:af:f7:0c:42:14:98:38:63:a8:08:49:37:25:83:63:18:8e:4b:df:c0:b8:e0" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.258626000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.258626000", + "frame.time_delta": "0.000897000", + "frame.time_delta_displayed": "0.000897000", + "frame.time_relative": "2500.797940000", + "frame.number": "8830", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002e21", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000372f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "22020", + "tcp.nxtseq": "22067", + "tcp.ack": "103336", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c96e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:85:85:00:28:81:cf", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812577157, TSecr 2654671": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812577157", + "tcp.options.timestamp.tsecr": "2654671" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:ef:5d:dc:ca:fd:ec:4a:16:c2:bd:c5:97:92:dc:79:fb:05:57:61:88:74:fe:14:c7:92:ae:e4:99:8a:17:ee:da:a8:e1:4a" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.259731000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.259731000", + "frame.time_delta": "0.001105000", + "frame.time_delta_displayed": "0.001105000", + "frame.time_relative": "2500.799045000", + "frame.number": "8831", + "frame.len": "705", + "frame.cap_len": "705", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "691", + "ip.id": "0x00002e22", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000034de", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "639", + "tcp.seq": "22067", + "tcp.nxtseq": "22706", + "tcp.ack": "103336", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a943", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:85:85:00:28:81:cf", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812577157, TSecr 2654671": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812577157", + "tcp.options.timestamp.tsecr": "2654671" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "686", + "tcp.analysis.push_bytes_sent": "639" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "634", + "ssl.app_data": "34:cd:34:17:47:48:0e:f0:b8:77:ec:e5:b0:95:62:fb:84:fc:7f:92:20:22:75:ce:c5:90:0e:fc:65:88:99:c4:e9:b7:d7:d8:4e:c8:db:1f:cd:0a:ca:15:2c:11:c4:af:0a:d0:f1:bd:1a:4a:2b:2e:f3:af:e8:30:bc:97:cc:6a:71:a5:d5:4f:a5:fe:01:83:05:3f:dd:94:ae:e9:8e:c8:2e:df:e5:77:80:bd:ba:87:2c:64:e6:60:38:15:43:73:d9:59:7f:c2:64:4e:dc:bb:5e:8b:b4:11:0b:f8:b6:ba:24:3a:99:b4:05:80:9a:e5:80:ba:40:e1:ba:59:61:68:19:07:23:3b:48:ae:e2:45:63:c9:5f:81:57:4d:25:7a:a7:f6:2b:be:e8:c2:19:d1:b0:3d:25:16:ac:68:f8:0e:f3:9b:f2:57:1e:a0:12:13:22:9a:5b:10:79:0d:48:74:1d:14:7a:0f:de:a7:82:0a:19:7f:70:4f:71:99:60:3e:25:79:09:9d:07:05:31:3a:5a:55:b8:94:ff:52:d7:c9:aa:75:17:62:29:7a:60:5c:b2:1d:ba:87:53:2b:d7:1f:39:0d:d9:c8:c3:5a:e9:d6:d8:98:d8:e4:4e:a7:15:df:68:69:cb:c5:29:f9:b5:e2:4e:e6:90:70:3e:5f:30:46:ef:46:a2:4c:b5:6e:0f:e2:ee:86:15:13:ad:ec:5f:53:0e:10:c7:dc:2a:8f:db:1f:2c:79:e4:72:a6:63:ed:b1:34:3e:e9:07:52:7c:02:c1:7c:54:1c:ce:0c:5c:95:ae:73:4c:74:ec:b0:b9:6f:34:f5:45:ae:bf:27:86:24:ac:cb:7c:2b:0d:ff:df:3f:98:ac:e5:50:76:22:15:37:a6:7f:c9:fb:ce:5e:11:e5:d8:7c:37:46:98:31:aa:d2:a6:14:ce:9c:66:9a:b1:04:8f:6b:7f:f8:12:20:7a:99:2f:32:98:84:79:d2:d2:73:e7:cf:72:8a:2d:15:4b:29:c0:4e:60:d3:d5:14:c7:cc:99:b5:e9:07:5d:7c:35:ae:ac:98:17:e8:68:c9:d3:3c:80:6e:16:9f:da:c7:32:9e:35:f0:f6:8c:2a:cd:69:09:01:a8:8e:3a:5c:32:ab:a9:60:a8:30:6c:ce:73:65:f6:11:f4:79:8e:37:68:10:be:f5:11:cc:18:81:c8:98:5a:70:1c:43:6d:2e:6c:bf:cc:77:5f:ad:98:25:d2:3a:5a:54:d6:a9:5b:d4:6c:db:a8:fc:96:19:e5:b5:00:da:b0:10:d3:ac:80:69:75:9a:ed:84:87:69:6b:e7:fd:45:a9:62:70:b4:2d:b7:56:b9:52:a0:0c:2c:36:5b:71:f6:e2:b2:29:b1:3d:49:a9:1a:1d:f2:e7:3d:57:af:28:07:24:c9:ea:41:62:7e:46:55:b0:43:af:44:bc:1e:eb:7b:5f:9a:8c:d5:5a:28:2d:5e:ac:e8:08:54:46:7b:b4:29:ad:bb:d2:8a:3f:b5:0f:27:86:c3:6f:38:36:d5:a9:c6:fe:06:c0:b8:1a:ca:51:aa:17:fb:d8:97:24:b9:28:41:4d:b3:8d:26:76:f3:c9:39:ed:8d:e6:8b:1e:11:f2:bc:00:b1:e5:1b:28:ce:c8:fb:e5:0d:51:f8:a9:a2:a5:d4:2d:89:2b:9e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.270582000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.270582000", + "frame.time_delta": "0.010851000", + "frame.time_delta_displayed": "0.010851000", + "frame.time_relative": "2500.809896000", + "frame.number": "8832", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009732", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000764d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "103757", + "tcp.ack": "22706", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b239", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:81:d6:a7:a4:85:85", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654678, TSecr 2812577157": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654678", + "tcp.options.timestamp.tsecr": "2812577157" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8831", + "tcp.analysis.ack_rtt": "0.010851000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.294747000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.294747000", + "frame.time_delta": "0.024165000", + "frame.time_delta_displayed": "0.024165000", + "frame.time_relative": "2500.834061000", + "frame.number": "8833", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00009bb9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00001bf3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36217", + "tcp.dstport": "49153", + "tcp.port": "36217", + "tcp.port": "49153", + "tcp.stream": "338", + "tcp.len": "0", + "tcp.seq": "181", + "tcp.ack": "215", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000c0a7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.296443000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.296443000", + "frame.time_delta": "0.001696000", + "frame.time_delta_displayed": "0.001696000", + "frame.time_relative": "2500.835757000", + "frame.number": "8834", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b7ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36217", + "tcp.port": "49153", + "tcp.port": "36217", + "tcp.stream": "338", + "tcp.len": "0", + "tcp.seq": "215", + "tcp.ack": "182", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000b634", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8833", + "tcp.analysis.ack_rtt": "0.001696000", + "tcp.analysis.initial_rtt": "0.012538000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.313825000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.313825000", + "frame.time_delta": "0.017382000", + "frame.time_delta_displayed": "0.017382000", + "frame.time_relative": "2500.853139000", + "frame.number": "8835", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000d151", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e646", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36218", + "tcp.dstport": "49153", + "tcp.port": "36218", + "tcp.port": "49153", + "tcp.stream": "340", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 49153", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x000049be", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:28:81:da:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 2654682, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654682", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.315676000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.315676000", + "frame.time_delta": "0.001851000", + "frame.time_delta_displayed": "0.001851000", + "frame.time_relative": "2500.854990000", + "frame.number": "8836", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b7a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36218", + "tcp.port": "49153", + "tcp.port": "36218", + "tcp.stream": "340", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 49153", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5840", + "tcp.window_size": "5840", + "tcp.checksum": "0x000063fa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 1 (multiply by 2)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "1", + "tcp.options.wscale.multiplier": "2" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8835", + "tcp.analysis.ack_rtt": "0.001851000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.316136000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.316136000", + "frame.time_delta": "0.000460000", + "frame.time_delta_displayed": "0.000460000", + "frame.time_relative": "2500.855450000", + "frame.number": "8837", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d152", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e659", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36218", + "tcp.dstport": "49153", + "tcp.port": "36218", + "tcp.port": "49153", + "tcp.stream": "340", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000bab1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8836", + "tcp.analysis.ack_rtt": "0.000460000", + "tcp.analysis.initial_rtt": "0.002311000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.327213000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.327213000", + "frame.time_delta": "0.011077000", + "frame.time_delta_displayed": "0.011077000", + "frame.time_relative": "2500.866527000", + "frame.number": "8838", + "frame.len": "641", + "frame.cap_len": "641", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "627", + "ip.id": "0x0000d153", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e40d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36218", + "tcp.dstport": "49153", + "tcp.port": "36218", + "tcp.port": "49153", + "tcp.stream": "340", + "tcp.len": "587", + "tcp.seq": "1", + "tcp.nxtseq": "588", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00005698", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002311000", + "tcp.analysis.bytes_in_flight": "587", + "tcp.analysis.push_bytes_sent": "587" + } + }, + "http": { + "POST \/upnp\/control\/timesync1 HTTP\/1.1\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/upnp\/control\/timesync1 HTTP\/1.1\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/upnp\/control\/timesync1", + "http.request.version": "HTTP\/1.1" + }, + "http.content_type": "text\/xml; charset=\"utf-8\"", + "http.request.line": "Content-Type: text\/xml; charset=\"utf-8\"\n", + "http.request.line": "SOAPACTION: \"urn:Belkin:service:timesync:1#TimeSync\"\n", + "http.content_length_header": "376", + "http.content_length_header_tree": { + "http.content_length": "376" + }, + "http.request.line": "Content-Length: 376\n", + "http.host": "192.168.0.225:49153", + "http.request.line": "HOST: 192.168.0.225:49153\n", + "http.user_agent": "CyberGarage-HTTP\/1.0", + "http.request.line": "User-Agent: CyberGarage-HTTP\/1.0\n", + "\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.225:49153\/upnp\/control\/timesync1", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">\n <s:Body>\n <u:TimeSync xmlns:u=\"urn:Belkin:service:timesync:1\">\n <UTC>1509496092<\/UTC>\n <TimeZone>-05.00<\/TimeZone>\n <dst>1<\/dst>\n <DstSupported>1<\/DstSupported>\n <\/u:TimeSync>\n <\/s:Body>\n<\/s:Envelope>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"utf-8\"?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "utf-8", + "?>": "" + }, + "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", + "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", + "xml.tag": "<s:Body>", + "xml.tag_tree": { + "xml.tag": "<u:TimeSync xmlns:u=\"urn:Belkin:service:timesync:1\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:u=\"urn:Belkin:service:timesync:1\"", + "xml.tag": "<UTC>", + "xml.tag_tree": { + "xml.cdata": "1509496092", + "<\/UTC>": "" + }, + "xml.tag": "<TimeZone>", + "xml.tag_tree": { + "xml.cdata": "-05.00", + "<\/TimeZone>": "" + }, + "xml.tag": "<dst>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/dst>": "" + }, + "xml.tag": "<DstSupported>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/DstSupported>": "" + }, + "<\/u:TimeSync>": "" + }, + "<\/s:Body>": "" + }, + "<\/s:Envelope>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.329342000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.329342000", + "frame.time_delta": "0.002129000", + "frame.time_delta_displayed": "0.002129000", + "frame.time_relative": "2500.868656000", + "frame.number": "8839", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f3cf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c3dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36218", + "tcp.port": "49153", + "tcp.port": "36218", + "tcp.stream": "340", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "588", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3507", + "tcp.window_size": "7014", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000ab98", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8838", + "tcp.analysis.ack_rtt": "0.002129000", + "tcp.analysis.initial_rtt": "0.002311000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.357879000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.357879000", + "frame.time_delta": "0.028537000", + "frame.time_delta_displayed": "0.028537000", + "frame.time_relative": "2500.897193000", + "frame.number": "8840", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e23", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000375c", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "22706", + "tcp.ack": "103757", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b310", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:85:9e:00:28:81:d5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812577182, TSecr 2654677": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812577182", + "tcp.options.timestamp.tsecr": "2654677" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8829", + "tcp.analysis.ack_rtt": "0.100150000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.358392000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.358392000", + "frame.time_delta": "0.000513000", + "frame.time_delta_displayed": "0.000513000", + "frame.time_relative": "2500.897706000", + "frame.number": "8841", + "frame.len": "328", + "frame.cap_len": "328", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "314", + "ip.id": "0x00009733", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007546", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "262", + "tcp.seq": "103757", + "tcp.nxtseq": "104019", + "tcp.ack": "22706", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003e6b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:81:df:a7:a4:85:9e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654687, TSecr 2812577182": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654687", + "tcp.options.timestamp.tsecr": "2812577182" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "262", + "tcp.analysis.push_bytes_sent": "262" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:c7:4a:bc:5c:a9:13:bb:37:1e:7f:25:e1:15:e3:2c:12:7b:1d:69:1e:08:1a:eb:44:95:a0:2b:64:89:48:cd:c6:d6:ff:db" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:c8:26:19:e8:69:05:0e:d9:d2:3a:a3:41:e5:ec:9d:c1:10:7e:53:fe:a0:32:17:33:6d:ba:e8:3f:20:dd:d9:fb:ad:ef:f7:fc:22:3d:e7:f1:b3" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:c9:17:87:34:06:81:a3:de:b0:3f:e7:88:10:b9:2c:c5:ce:c0:21:45:ad:95:d5:36:f2:a4:72:fe:0f:a6:46:58:0e:4f:5d:06:9f:cc:2c:f3:2e:51" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:ca:93:53:ab:d9:2c:cd:51:6d:3f:64:8c:6a:4e:71:40:73:49:a4:20:dd:2e:4f:88:d7:4f:eb:be:b5:69:aa:92:3e:eb:d8:96:93:b2:ab:ab:35:35" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:cb:6a:0d:35:12:ef:fc:e2:10:57:40:03:dd:13:50:aa:a5:60:cb:68:69:d7:f2:2d:90:7c:5d:a8:64:1d:57:9c:b9:b6:73:9a:42:67:21:93:09:4e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.418760000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.418760000", + "frame.time_delta": "0.060368000", + "frame.time_delta_displayed": "0.060368000", + "frame.time_relative": "2500.958074000", + "frame.number": "8842", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e24", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000375b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "22706", + "tcp.ack": "104019", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b1f1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:85:ad:00:28:81:df", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812577197, TSecr 2654687": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812577197", + "tcp.options.timestamp.tsecr": "2654687" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8841", + "tcp.analysis.ack_rtt": "0.060368000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.419371000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.419371000", + "frame.time_delta": "0.000611000", + "frame.time_delta_displayed": "0.000611000", + "frame.time_relative": "2500.958685000", + "frame.number": "8843", + "frame.len": "151", + "frame.cap_len": "151", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "137", + "ip.id": "0x00002e25", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003705", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "85", + "tcp.seq": "22706", + "tcp.nxtseq": "22791", + "tcp.ack": "104019", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000370d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:85:ad:00:28:81:df", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812577197, TSecr 2654687": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812577197", + "tcp.options.timestamp.tsecr": "2654687" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "85", + "tcp.analysis.push_bytes_sent": "85" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "80", + "ssl.app_data": "34:cd:34:17:47:48:0e:f1:5c:49:37:50:0a:0f:4a:3a:29:3b:52:58:74:35:d8:74:06:92:4a:43:da:f8:10:9e:b4:e7:36:c9:1c:e6:4f:f0:67:4a:2c:ad:de:a9:52:cb:5c:a9:b0:47:7b:15:78:99:9c:e1:76:2a:69:6d:bf:02:77:b2:29:2a:a0:fb:02:ca:08:c8:60:a8:45:98:8a:aa" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.423314000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.423314000", + "frame.time_delta": "0.003943000", + "frame.time_delta_displayed": "0.003943000", + "frame.time_relative": "2500.962628000", + "frame.number": "8844", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00009734", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000761c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "104019", + "tcp.nxtseq": "104066", + "tcp.ack": "22791", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000553b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:81:e5:a7:a4:85:ad", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654693, TSecr 2812577197": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654693", + "tcp.options.timestamp.tsecr": "2812577197" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8843", + "tcp.analysis.ack_rtt": "0.003943000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:cc:5d:9d:2b:c8:92:5f:79:e7:cc:21:5f:b0:e1:78:30:05:2e:f7:fb:f4:ba:24:02:9d:39:33:21:7a:ad:f0:6b:4c:e4:f9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.426137000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.426137000", + "frame.time_delta": "0.002823000", + "frame.time_delta_displayed": "0.002823000", + "frame.time_relative": "2500.965451000", + "frame.number": "8845", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00000f94", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a7f2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "3668", + "tcp.port": "39500", + "tcp.port": "3668", + "tcp.stream": "339", + "tcp.len": "38", + "tcp.seq": "1", + "tcp.nxtseq": "39", + "tcp.ack": "338", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00005be6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002752000", + "tcp.analysis.bytes_in_flight": "38", + "tcp.analysis.push_bytes_sent": "38" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.428219000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.428219000", + "frame.time_delta": "0.002082000", + "frame.time_delta_displayed": "0.002082000", + "frame.time_relative": "2500.967533000", + "frame.number": "8846", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000dc72", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000db39", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "3668", + "tcp.dstport": "39500", + "tcp.port": "3668", + "tcp.port": "39500", + "tcp.stream": "339", + "tcp.len": "0", + "tcp.seq": "338", + "tcp.ack": "39", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x000044d3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8845", + "tcp.analysis.ack_rtt": "0.002082000", + "tcp.analysis.initial_rtt": "0.002752000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.429072000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.429072000", + "frame.time_delta": "0.000853000", + "frame.time_delta_displayed": "0.000853000", + "frame.time_relative": "2500.968386000", + "frame.number": "8847", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000dc73", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000db38", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "3668", + "tcp.dstport": "39500", + "tcp.port": "3668", + "tcp.port": "39500", + "tcp.stream": "339", + "tcp.len": "0", + "tcp.seq": "338", + "tcp.ack": "39", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x000044d2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.429679000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.429679000", + "frame.time_delta": "0.000607000", + "frame.time_delta_displayed": "0.000607000", + "frame.time_relative": "2500.968993000", + "frame.number": "8848", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000f95", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a817", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "3668", + "tcp.port": "39500", + "tcp.port": "3668", + "tcp.stream": "339", + "tcp.len": "0", + "tcp.seq": "39", + "tcp.ack": "339", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00004f33", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8847", + "tcp.analysis.ack_rtt": "0.000607000", + "tcp.analysis.initial_rtt": "0.002752000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.431403000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.431403000", + "frame.time_delta": "0.001724000", + "frame.time_delta_displayed": "0.001724000", + "frame.time_relative": "2500.970717000", + "frame.number": "8849", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000dc74", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000db37", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "3668", + "tcp.dstport": "39500", + "tcp.port": "3668", + "tcp.port": "39500", + "tcp.stream": "339", + "tcp.len": "0", + "tcp.seq": "339", + "tcp.ack": "40", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x000044d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8848", + "tcp.analysis.ack_rtt": "0.001724000", + "tcp.analysis.initial_rtt": "0.002752000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.484199000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.484199000", + "frame.time_delta": "0.052796000", + "frame.time_delta_displayed": "0.052796000", + "frame.time_relative": "2501.023513000", + "frame.number": "8850", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002e26", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000372a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "22791", + "tcp.nxtseq": "22838", + "tcp.ack": "104066", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d217", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:85:bd:00:28:81:e5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812577213, TSecr 2654693": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812577213", + "tcp.options.timestamp.tsecr": "2654693" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8844", + "tcp.analysis.ack_rtt": "0.060885000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:f2:3b:20:64:7f:2f:98:30:ad:17:85:6c:f6:bd:58:47:c0:29:dd:a7:99:a0:a1:e1:b0:a1:66:30:3d:23:f9:2f:e4:43:b8" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.484691000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.484691000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "2501.024005000", + "frame.number": "8851", + "frame.len": "145", + "frame.cap_len": "145", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "131", + "ip.id": "0x00009735", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075fb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "79", + "tcp.seq": "104066", + "tcp.nxtseq": "104145", + "tcp.ack": "22838", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fa82", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:81:ec:a7:a4:85:bd", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654700, TSecr 2812577213": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654700", + "tcp.options.timestamp.tsecr": "2812577213" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8850", + "tcp.analysis.ack_rtt": "0.000492000", + "tcp.analysis.bytes_in_flight": "79", + "tcp.analysis.push_bytes_sent": "79" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "74", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:cd:c6:f1:69:9f:6b:44:b3:58:93:a5:c6:57:83:b3:e6:7b:37:6e:a1:0c:32:6c:b6:2a:b5:ae:09:cd:56:da:d0:71:b4:3a:ca:29:5b:6e:ac:37:88:4c:6d:53:9c:33:b2:a7:58:d0:68:18:16:69:48:21:66:25:d8:05:56:51:31:b1:cb:6c" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.581869000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.581869000", + "frame.time_delta": "0.097178000", + "frame.time_delta_displayed": "0.097178000", + "frame.time_relative": "2501.121183000", + "frame.number": "8852", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e27", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003758", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "22838", + "tcp.ack": "104145", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b0b9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:85:d6:00:28:81:ec", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812577238, TSecr 2654700": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812577238", + "tcp.options.timestamp.tsecr": "2654700" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8851", + "tcp.analysis.ack_rtt": "0.097178000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.582356000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.582356000", + "frame.time_delta": "0.000487000", + "frame.time_delta_displayed": "0.000487000", + "frame.time_relative": "2501.121670000", + "frame.number": "8853", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009736", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007618", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "104145", + "tcp.nxtseq": "104194", + "tcp.ack": "22838", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000038a6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:81:f5:a7:a4:85:d6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654709, TSecr 2812577238": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654709", + "tcp.options.timestamp.tsecr": "2812577238" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:ce:16:3c:c4:1f:8b:59:ab:21:6b:85:00:40:60:ee:23:41:e8:76:e3:97:20:da:df:5a:84:42:3e:74:1f:28:3b:08:4c:60:8a:4f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.643072000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.643072000", + "frame.time_delta": "0.060716000", + "frame.time_delta_displayed": "0.060716000", + "frame.time_relative": "2501.182386000", + "frame.number": "8854", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e28", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003757", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "22838", + "tcp.ack": "104194", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b070", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:85:e5:00:28:81:f5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812577253, TSecr 2654709": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812577253", + "tcp.options.timestamp.tsecr": "2654709" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8853", + "tcp.analysis.ack_rtt": "0.060716000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.839906000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.839906000", + "frame.time_delta": "0.196834000", + "frame.time_delta_displayed": "0.196834000", + "frame.time_relative": "2501.379220000", + "frame.number": "8855", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x0000f3d0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c31b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36218", + "tcp.port": "49153", + "tcp.port": "36218", + "tcp.stream": "340", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "588", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3507", + "tcp.window_size": "7014", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000b09d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002311000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:32:36:37:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:32:38:3a:31:32:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.840400000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.840400000", + "frame.time_delta": "0.000494000", + "frame.time_delta_displayed": "0.000494000", + "frame.time_relative": "2501.379714000", + "frame.number": "8856", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d154", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e657", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36218", + "tcp.dstport": "49153", + "tcp.port": "36218", + "tcp.port": "49153", + "tcp.stream": "340", + "tcp.len": "0", + "tcp.seq": "588", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000b796", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8855", + "tcp.analysis.ack_rtt": "0.000494000", + "tcp.analysis.initial_rtt": "0.002311000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.841249000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.841249000", + "frame.time_delta": "0.000849000", + "frame.time_delta_displayed": "0.000849000", + "frame.time_relative": "2501.380563000", + "frame.number": "8857", + "frame.len": "321", + "frame.cap_len": "321", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "307", + "ip.id": "0x0000f3d1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c2cf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36218", + "tcp.port": "49153", + "tcp.port": "36218", + "tcp.stream": "340", + "tcp.len": "267", + "tcp.seq": "193", + "tcp.nxtseq": "461", + "tcp.ack": "588", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3507", + "tcp.window_size": "7014", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000e09c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002311000", + "tcp.analysis.bytes_in_flight": "268", + "tcp.analysis.push_bytes_sent": "267" + }, + "tcp.segment_data": "3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:54:69:6d:65:53:79:6e:63:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:74:69:6d:65:73:79:6e:63:3a:31:22:3e:0d:0a:3c:73:74:61:74:75:73:3e:73:75:63:63:65:73:73:3c:2f:73:74:61:74:75:73:3e:0d:0a:3c:2f:75:3a:54:69:6d:65:53:79:6e:63:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" + }, + "tcp.segments": { + "tcp.segment": "8855", + "tcp.segment": "8857", + "tcp.segment.count": "2", + "tcp.reassembled.length": "459", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:32:36:37:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:32:38:3a:31:32:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a:3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:54:69:6d:65:53:79:6e:63:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:74:69:6d:65:73:79:6e:63:3a:31:22:3e:0d:0a:3c:73:74:61:74:75:73:3e:73:75:63:63:65:73:73:3c:2f:73:74:61:74:75:73:3e:0d:0a:3c:2f:75:3a:54:69:6d:65:53:79:6e:63:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_length_header": "267", + "http.content_length_header_tree": { + "http.content_length": "267" + }, + "http.response.line": "CONTENT-LENGTH: 267\r\n", + "http.content_type": "text\/xml; charset=\"utf-8\"", + "http.response.line": "CONTENT-TYPE: text\/xml; charset=\"utf-8\"\r\n", + "http.date": "Wed, 01 Nov 2017 00:28:12 GMT", + "http.response.line": "DATE: Wed, 01 Nov 2017 00:28:12 GMT\r\n", + "http.response.line": "EXT:\r\n", + "http.server": "Unspecified, UPnP\/1.0, Unspecified", + "http.response.line": "SERVER: Unspecified, UPnP\/1.0, Unspecified\r\n", + "http.response.line": "X-User-Agent: redsonic\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.514036000", + "http.request_in": "8838", + "http.file_data": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"><s:Body>\n<u:TimeSyncResponse xmlns:u=\"urn:Belkin:service:timesync:1\">\r\n<status>success<\/status>\r\n<\/u:TimeSyncResponse>\r\n<\/s:Body> <\/s:Envelope>" + }, + "xml": { + "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", + "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", + "xml.tag": "<s:Body>", + "xml.tag_tree": { + "xml.tag": "<u:TimeSyncResponse xmlns:u=\"urn:Belkin:service:timesync:1\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:u=\"urn:Belkin:service:timesync:1\"", + "xml.tag": "<status>", + "xml.tag_tree": { + "xml.cdata": "success", + "<\/status>": "" + }, + "<\/u:TimeSyncResponse>": "" + }, + "<\/s:Body>": "" + }, + "<\/s:Envelope>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.848969000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.848969000", + "frame.time_delta": "0.007720000", + "frame.time_delta_displayed": "0.007720000", + "frame.time_relative": "2501.388283000", + "frame.number": "8858", + "frame.len": "317", + "frame.cap_len": "317", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "303", + "ip.id": "0x00009737", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000754d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "251", + "tcp.seq": "104194", + "tcp.nxtseq": "104445", + "tcp.ack": "22838", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000012d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:82:10:a7:a4:85:e5", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654736, TSecr 2812577253": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654736", + "tcp.options.timestamp.tsecr": "2812577253" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "251", + "tcp.analysis.push_bytes_sent": "251" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "246", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:cf:90:f0:82:cf:f3:0a:55:d8:8c:66:a0:11:5a:d9:25:58:b3:ea:91:d9:41:71:9a:99:d9:4b:28:6f:6f:5e:f0:b4:42:66:3a:3f:d7:a9:8d:ca:84:92:32:d2:98:5f:41:b3:7b:fa:46:93:ea:c6:d2:c5:02:1f:dd:d5:b0:13:1b:37:b8:bb:6a:e6:03:56:fb:4e:f7:ca:c0:e5:dc:c8:a6:18:41:43:e6:65:f4:05:4f:a4:d5:62:54:f4:ab:4b:13:5a:a5:8b:5f:0e:82:ac:c7:fa:71:b4:f1:0f:42:73:23:05:4c:6a:25:23:12:16:1a:05:8e:9b:11:e1:92:cd:20:ca:e1:0f:98:fe:c3:1f:17:c4:74:8b:28:93:8c:1f:a8:a4:5c:ad:d0:64:18:fa:6e:d3:90:bc:27:fe:5e:b5:80:b2:c4:9a:ec:de:0e:7b:68:a1:fd:72:cf:48:2c:9e:ea:21:be:05:56:89:99:18:01:32:9c:ee:e0:1d:f8:0a:27:ff:fc:23:60:5a:5a:45:88:70:e8:66:05:0d:13:9e:18:17:ca:c5:99:49:af:41:8c:2d:fa:b2:8f:68:56:a9:17:b5:4d:57:5f:da:92:ae:3d:b7:af:32:bf:ad:e0:1d" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.874038000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.874038000", + "frame.time_delta": "0.025069000", + "frame.time_delta_displayed": "0.025069000", + "frame.time_relative": "2501.413352000", + "frame.number": "8859", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d155", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e656", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36218", + "tcp.dstport": "49153", + "tcp.port": "36218", + "tcp.port": "49153", + "tcp.stream": "340", + "tcp.len": "0", + "tcp.seq": "588", + "tcp.ack": "461", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000b679", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8857", + "tcp.analysis.ack_rtt": "0.032789000", + "tcp.analysis.initial_rtt": "0.002311000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.909177000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.909177000", + "frame.time_delta": "0.035139000", + "frame.time_delta_displayed": "0.035139000", + "frame.time_relative": "2501.448491000", + "frame.number": "8860", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e29", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003756", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "22838", + "tcp.ack": "104445", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000af18", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:86:27:00:28:82:10", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812577319, TSecr 2654736": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812577319", + "tcp.options.timestamp.tsecr": "2654736" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8858", + "tcp.analysis.ack_rtt": "0.060208000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.909689000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.909689000", + "frame.time_delta": "0.000512000", + "frame.time_delta_displayed": "0.000512000", + "frame.time_relative": "2501.449003000", + "frame.number": "8861", + "frame.len": "392", + "frame.cap_len": "392", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "378", + "ip.id": "0x00009738", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007501", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "326", + "tcp.seq": "104445", + "tcp.nxtseq": "104771", + "tcp.ack": "22838", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003eac", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:82:16:a7:a4:86:27", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654742, TSecr 2812577319": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654742", + "tcp.options.timestamp.tsecr": "2812577319" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "326", + "tcp.analysis.push_bytes_sent": "326" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "321", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:d0:9a:f1:30:6e:c1:0a:d2:f9:90:fc:90:ee:0e:da:09:76:e0:8e:70:61:27:2f:c4:c4:04:0f:70:f3:97:3e:9d:18:ec:1f:a9:f6:9a:e4:a3:a1:86:95:d6:48:81:63:c3:2c:88:b6:31:78:d4:f4:ea:54:5d:59:e4:d1:8e:f3:d1:e2:73:0e:82:f3:21:3d:e0:6b:5f:70:25:a7:86:46:f2:93:5d:c3:7f:5c:f6:25:56:83:af:b2:10:b9:27:a3:75:75:da:d9:12:37:54:9d:26:aa:78:a1:dc:9f:eb:40:8a:54:31:a4:39:dc:f9:16:80:1d:38:31:71:f9:bb:02:b9:1f:63:22:45:3e:43:31:2b:79:7b:c3:0f:2d:54:1c:c7:c4:83:77:5a:99:54:20:ee:62:ec:51:b7:b0:8d:ce:14:ee:59:11:15:61:e2:be:90:8e:9a:38:df:97:40:dd:20:10:e2:1a:a5:fe:1b:63:a0:2d:8e:38:ab:c4:1c:fb:06:f8:ea:cc:74:da:ff:b2:f7:dc:a4:42:4f:20:be:c8:29:a6:fd:18:4e:32:93:9c:15:8f:f0:3e:84:dd:5f:01:87:66:60:9f:87:d8:7e:6d:7f:1f:49:7e:0f:09:54:07:ff:c8:78:3d:c2:f3:5c:70:90:23:7e:3c:d5:ef:26:a4:3e:0b:55:aa:c7:14:5e:4c:01:37:18:1b:62:f0:dd:75:78:49:d5:39:58:33:79:f9:e6:b0:26:d3:13:76:29:dc:f2:b0:5e:a2:c2:41:47:e6:2e:33:f1:01:71:0a:d0:44:7b:6f:70:cc:a0:5d:bf:4d:7d:8c:03" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.971684000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.971684000", + "frame.time_delta": "0.061995000", + "frame.time_delta_displayed": "0.061995000", + "frame.time_relative": "2501.510998000", + "frame.number": "8862", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e2a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003755", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "22838", + "tcp.ack": "104771", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000adbc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:86:37:00:28:82:16", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812577335, TSecr 2654742": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812577335", + "tcp.options.timestamp.tsecr": "2654742" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8861", + "tcp.analysis.ack_rtt": "0.061995000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.972114000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.972114000", + "frame.time_delta": "0.000430000", + "frame.time_delta_displayed": "0.000430000", + "frame.time_relative": "2501.511428000", + "frame.number": "8863", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002e2b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003725", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "22838", + "tcp.nxtseq": "22885", + "tcp.ack": "104771", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a102", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:86:37:00:28:82:16", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812577335, TSecr 2654742": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812577335", + "tcp.options.timestamp.tsecr": "2654742" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:f3:c9:15:c8:f0:69:ca:d4:47:24:f3:fb:5e:30:51:dc:b9:f1:2f:9f:b0:00:46:ae:69:67:d4:67:b3:f4:52:30:07:8f:c0" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.972934000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.972934000", + "frame.time_delta": "0.000820000", + "frame.time_delta_displayed": "0.000820000", + "frame.time_relative": "2501.512248000", + "frame.number": "8864", + "frame.len": "616", + "frame.cap_len": "616", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "602", + "ip.id": "0x00002e2c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000352d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "550", + "tcp.seq": "22885", + "tcp.nxtseq": "23435", + "tcp.ack": "104771", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d07c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:86:37:00:28:82:16", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812577335, TSecr 2654742": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812577335", + "tcp.options.timestamp.tsecr": "2654742" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "597", + "tcp.analysis.push_bytes_sent": "550" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "545", + "ssl.app_data": "34:cd:34:17:47:48:0e:f4:72:15:5c:76:04:f3:a4:72:cf:86:18:9e:dd:3e:29:d3:a6:7b:5a:a7:cf:9c:f2:f6:0f:d9:f0:0a:80:d6:c0:81:b1:33:20:a7:ff:e1:63:21:98:92:df:d1:18:d7:62:85:d0:ee:e6:08:18:eb:0d:1e:a0:09:88:5b:7d:4f:4d:00:96:d5:9f:ef:ab:a5:26:73:95:64:c5:82:1d:bf:cb:1a:63:e6:44:53:c4:e5:78:20:b8:e2:1d:d8:3e:f8:26:4b:32:6f:29:59:f9:fd:e7:68:31:5b:1f:2d:36:77:13:cd:5b:45:0d:c7:8f:90:ed:8d:ed:ae:02:78:39:d5:65:e3:e6:92:4f:c2:93:b6:c2:51:88:19:c0:ff:58:59:ab:38:b0:47:71:e7:1f:b2:4e:4b:a8:0d:fd:94:c4:0a:3d:e9:cb:25:5d:d3:39:d6:60:1b:9b:68:da:e4:49:a8:b0:5d:72:9c:c7:9d:f0:7e:8e:bf:a1:d8:a7:02:05:f8:51:59:9d:69:e9:34:93:61:b3:3d:fd:94:2f:f4:b1:d1:35:49:c7:ea:ad:50:02:4b:70:8a:cb:32:ad:8f:e6:49:1d:95:33:25:08:51:61:82:e3:a8:5e:cd:41:21:15:7c:7e:e5:e8:27:96:f3:6f:8e:08:0d:7e:94:00:3d:fd:9f:65:94:fb:01:02:53:c9:30:47:91:32:6a:77:39:cb:a8:55:e5:a5:c2:04:41:6d:6e:67:ce:0d:da:61:f4:7d:26:53:d6:d4:35:e6:73:d1:0f:e7:f2:6e:6e:86:8d:b9:18:2a:9d:71:51:05:d5:47:7b:06:d1:c2:53:7e:40:3f:d3:a9:cf:b3:47:08:2f:ff:82:d7:08:cf:a3:5a:d9:45:aa:22:38:b1:ea:56:3e:30:b8:28:43:eb:34:79:9b:4f:cb:a4:9e:19:2b:86:a6:67:52:5b:ba:9f:fd:23:bd:c1:da:85:59:b1:8a:e5:25:a6:b2:6f:5c:92:3d:f7:83:19:06:5b:48:3c:39:09:58:06:4d:99:fc:82:f6:f0:44:89:bc:a2:0a:98:e6:b9:5b:70:33:6a:26:bd:e0:b3:24:3f:2f:e5:35:e4:28:57:ec:b3:41:c0:5f:67:bd:6e:e8:97:c6:23:dd:c1:bb:c8:6f:4e:ad:a0:e0:98:4e:c6:71:0d:60:7d:62:45:98:bb:2f:f7:83:6c:83:fb:e7:93:28:51:3f:0d:51:12:26:a3:02:4c:61:0f:9c:39:3a:ba:04:33:31:9a:84:1a:ae:e2:5a:55:18:d2:a3:74:94:1c:3f:5a:eb:82:a8:10:2a:3c:f5:07:7a:04:56:0a:ae:33:34:fc:52:09:f8:06:55:5c:9a:a9:2a:f8:ef:71:45:90:aa:77:51:e2:83:f4:2d:23:6d:ce:af:35:6e:02" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.975936000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.975936000", + "frame.time_delta": "0.003002000", + "frame.time_delta_displayed": "0.003002000", + "frame.time_relative": "2501.515250000", + "frame.number": "8865", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00009739", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007617", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "104771", + "tcp.nxtseq": "104818", + "tcp.ack": "23435", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000049cd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:82:1d:a7:a4:86:37", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654749, TSecr 2812577335": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654749", + "tcp.options.timestamp.tsecr": "2812577335" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8864", + "tcp.analysis.ack_rtt": "0.003002000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:d1:00:82:5d:68:fe:f1:61:c5:16:f3:b9:20:63:58:b7:aa:7b:4f:69:aa:39:67:9f:ea:e4:de:24:e7:4d:71:ac:aa:df:a8" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.988995000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.988995000", + "frame.time_delta": "0.013059000", + "frame.time_delta_displayed": "0.013059000", + "frame.time_relative": "2501.528309000", + "frame.number": "8866", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d156", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e655", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36218", + "tcp.dstport": "49153", + "tcp.port": "36218", + "tcp.port": "49153", + "tcp.stream": "340", + "tcp.len": "0", + "tcp.seq": "588", + "tcp.ack": "461", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000b678", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:12.991057000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496092.991057000", + "frame.time_delta": "0.002062000", + "frame.time_delta_displayed": "0.002062000", + "frame.time_relative": "2501.530371000", + "frame.number": "8867", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b7ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36218", + "tcp.port": "49153", + "tcp.port": "36218", + "tcp.stream": "340", + "tcp.len": "0", + "tcp.seq": "461", + "tcp.ack": "589", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3507", + "tcp.window_size": "7014", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000a9cb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8866", + "tcp.analysis.ack_rtt": "0.002062000", + "tcp.analysis.initial_rtt": "0.002311000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:13.016443000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496093.016443000", + "frame.time_delta": "0.025386000", + "frame.time_delta_displayed": "0.025386000", + "frame.time_relative": "2501.555757000", + "frame.number": "8868", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000bf96", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f801", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36219", + "tcp.dstport": "49153", + "tcp.port": "36219", + "tcp.port": "49153", + "tcp.stream": "341", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 49153", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x00000973", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:28:82:21:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 2654753, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654753", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:13.018059000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496093.018059000", + "frame.time_delta": "0.001616000", + "frame.time_delta_displayed": "0.001616000", + "frame.time_relative": "2501.557373000", + "frame.number": "8869", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b7a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36219", + "tcp.port": "49153", + "tcp.port": "36219", + "tcp.stream": "341", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 49153", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5840", + "tcp.window_size": "5840", + "tcp.checksum": "0x0000ebed", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 1 (multiply by 2)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "1", + "tcp.options.wscale.multiplier": "2" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8868", + "tcp.analysis.ack_rtt": "0.001616000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:13.018527000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496093.018527000", + "frame.time_delta": "0.000468000", + "frame.time_delta_displayed": "0.000468000", + "frame.time_relative": "2501.557841000", + "frame.number": "8870", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000bf97", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f814", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36219", + "tcp.dstport": "49153", + "tcp.port": "36219", + "tcp.port": "49153", + "tcp.stream": "341", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x000042a5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8869", + "tcp.analysis.ack_rtt": "0.000468000", + "tcp.analysis.initial_rtt": "0.002084000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:13.029580000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496093.029580000", + "frame.time_delta": "0.011053000", + "frame.time_delta_displayed": "0.011053000", + "frame.time_relative": "2501.568894000", + "frame.number": "8871", + "frame.len": "552", + "frame.cap_len": "552", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "538", + "ip.id": "0x0000bf98", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f621", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36219", + "tcp.dstport": "49153", + "tcp.port": "36219", + "tcp.port": "49153", + "tcp.stream": "341", + "tcp.len": "498", + "tcp.seq": "1", + "tcp.nxtseq": "499", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00005e78", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002084000", + "tcp.analysis.bytes_in_flight": "498", + "tcp.analysis.push_bytes_sent": "498" + } + }, + "http": { + "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/upnp\/control\/basicevent1", + "http.request.version": "HTTP\/1.1" + }, + "http.request.line": "SOAPACTION: \"urn:Belkin:service:basicevent:1#GetBinaryState\"\n", + "http.content_length_header": "277", + "http.content_length_header_tree": { + "http.content_length": "277" + }, + "http.request.line": "Content-Length: 277\n", + "http.content_type": "text\/xml; charset=\"utf-8\"", + "http.request.line": "Content-Type: text\/xml; charset=\"utf-8\"\n", + "http.host": "192.168.0.225:49153", + "http.request.line": "HOST: 192.168.0.225:49153\n", + "http.user_agent": "CyberGarage-HTTP\/1.0", + "http.request.line": "User-Agent: CyberGarage-HTTP\/1.0\n", + "\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.225:49153\/upnp\/control\/basicevent1", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">\n<s:Body>\n<u:GetBinaryState xmlns:u=\"urn:Belkin:service:basicevent:1\">\n<\/u:GetBinaryState>\n<\/s:Body>\n<\/s:Envelope>" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"utf-8\"?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "utf-8", + "?>": "" + }, + "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", + "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", + "xml.tag": "<s:Body>", + "xml.tag_tree": { + "xml.tag": "<u:GetBinaryState xmlns:u=\"urn:Belkin:service:basicevent:1\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:u=\"urn:Belkin:service:basicevent:1\"", + "<\/u:GetBinaryState>": "" + }, + "<\/s:Body>": "" + }, + "<\/s:Envelope>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:13.031974000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496093.031974000", + "frame.time_delta": "0.002394000", + "frame.time_delta_displayed": "0.002394000", + "frame.time_relative": "2501.571288000", + "frame.number": "8872", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002a66", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008d46", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36219", + "tcp.port": "49153", + "tcp.port": "36219", + "tcp.stream": "341", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "499", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00003418", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8871", + "tcp.analysis.ack_rtt": "0.002394000", + "tcp.analysis.initial_rtt": "0.002084000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:13.035743000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496093.035743000", + "frame.time_delta": "0.003769000", + "frame.time_delta_displayed": "0.003769000", + "frame.time_relative": "2501.575057000", + "frame.number": "8873", + "frame.len": "246", + "frame.cap_len": "246", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "232", + "ip.id": "0x00002a67", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008c85", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36219", + "tcp.port": "49153", + "tcp.port": "36219", + "tcp.stream": "341", + "tcp.len": "192", + "tcp.seq": "1", + "tcp.nxtseq": "193", + "tcp.ack": "499", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000371f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002084000", + "tcp.analysis.bytes_in_flight": "192", + "tcp.analysis.push_bytes_sent": "192" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:32:38:35:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:32:38:3a:31:32:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:13.036198000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496093.036198000", + "frame.time_delta": "0.000455000", + "frame.time_delta_displayed": "0.000455000", + "frame.time_relative": "2501.575512000", + "frame.number": "8874", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000bf99", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f812", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36219", + "tcp.dstport": "49153", + "tcp.port": "36219", + "tcp.port": "49153", + "tcp.stream": "341", + "tcp.len": "0", + "tcp.seq": "499", + "tcp.ack": "193", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00003fe3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8873", + "tcp.analysis.ack_rtt": "0.000455000", + "tcp.analysis.initial_rtt": "0.002084000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:13.036694000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496093.036694000", + "frame.time_delta": "0.000496000", + "frame.time_delta_displayed": "0.000496000", + "frame.time_relative": "2501.576008000", + "frame.number": "8875", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x00002a68", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008c27", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36219", + "tcp.port": "49153", + "tcp.port": "36219", + "tcp.stream": "341", + "tcp.len": "285", + "tcp.seq": "193", + "tcp.nxtseq": "479", + "tcp.ack": "499", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00004006", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002084000", + "tcp.analysis.bytes_in_flight": "286", + "tcp.analysis.push_bytes_sent": "285" + }, + "tcp.segment_data": "3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:47:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:2f:75:3a:47:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" + }, + "tcp.segments": { + "tcp.segment": "8873", + "tcp.segment": "8875", + "tcp.segment.count": "2", + "tcp.reassembled.length": "477", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:32:38:35:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:32:38:3a:31:32:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a:3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:47:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:2f:75:3a:47:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_length_header": "285", + "http.content_length_header_tree": { + "http.content_length": "285" + }, + "http.response.line": "CONTENT-LENGTH: 285\r\n", + "http.content_type": "text\/xml; charset=\"utf-8\"", + "http.response.line": "CONTENT-TYPE: text\/xml; charset=\"utf-8\"\r\n", + "http.date": "Wed, 01 Nov 2017 00:28:12 GMT", + "http.response.line": "DATE: Wed, 01 Nov 2017 00:28:12 GMT\r\n", + "http.response.line": "EXT:\r\n", + "http.server": "Unspecified, UPnP\/1.0, Unspecified", + "http.response.line": "SERVER: Unspecified, UPnP\/1.0, Unspecified\r\n", + "http.response.line": "X-User-Agent: redsonic\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.007114000", + "http.request_in": "8871", + "http.file_data": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"><s:Body>\n<u:GetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">\r\n<BinaryState>0<\/BinaryState>\r\n<\/u:GetBinaryStateResponse>\r\n<\/s:Body> <\/s:Envelope>" + }, + "xml": { + "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", + "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", + "xml.tag": "<s:Body>", + "xml.tag_tree": { + "xml.tag": "<u:GetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:u=\"urn:Belkin:service:basicevent:1\"", + "xml.tag": "<BinaryState>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/BinaryState>": "" + }, + "<\/u:GetBinaryStateResponse>": "" + }, + "<\/s:Body>": "" + }, + "<\/s:Envelope>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:13.073960000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496093.073960000", + "frame.time_delta": "0.037266000", + "frame.time_delta_displayed": "0.037266000", + "frame.time_relative": "2501.613274000", + "frame.number": "8876", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e2d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003752", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "23435", + "tcp.ack": "104818", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ab17", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:86:51:00:28:82:1d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812577361, TSecr 2654749": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812577361", + "tcp.options.timestamp.tsecr": "2654749" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8865", + "tcp.analysis.ack_rtt": "0.098024000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:13.074056000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496093.074056000", + "frame.time_delta": "0.000096000", + "frame.time_delta_displayed": "0.000096000", + "frame.time_relative": "2501.613370000", + "frame.number": "8877", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000bf9a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f811", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36219", + "tcp.dstport": "49153", + "tcp.port": "36219", + "tcp.port": "49153", + "tcp.stream": "341", + "tcp.len": "0", + "tcp.seq": "499", + "tcp.ack": "479", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00003eb4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8875", + "tcp.analysis.ack_rtt": "0.037362000", + "tcp.analysis.initial_rtt": "0.002084000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:13.074474000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496093.074474000", + "frame.time_delta": "0.000418000", + "frame.time_delta_displayed": "0.000418000", + "frame.time_relative": "2501.613788000", + "frame.number": "8878", + "frame.len": "876", + "frame.cap_len": "876", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "862", + "ip.id": "0x0000973a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000731b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "810", + "tcp.seq": "104818", + "tcp.nxtseq": "105628", + "tcp.ack": "23435", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000045f9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:82:27:a7:a4:86:51", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654759, TSecr 2812577361": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654759", + "tcp.options.timestamp.tsecr": "2812577361" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "810", + "tcp.analysis.push_bytes_sent": "810" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:d2:5e:03:34:2d:68:17:0b:ff:73:01:67:23:27:96:98:ec:b8:2b:f2:09:c0:8a:83:07:e4:b7:b7:57:4b:20:df:02:08:17:db:0d:11:bf:31:38:86" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:d3:72:21:1f:59:6e:da:ae:f6:cf:a4:5d:55:96:af:c7:49:98:7f:d6:18:08:2a:dd:5e:82:cb:18:b0:28:17:cd:91:e0:88:d8:67:e6:f4:68:df" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:d4:5f:df:87:42:10:ad:af:d1:9e:0d:29:8f:e0:6f:c8:ca:16:0d:11:3c:ed:15:33:f0:61:b6:7c:46:f9:e6:a4:8d:eb:44:f3:85:bc:86:cc:df:33" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:d5:a5:dd:56:7e:9d:36:53:b0:b8:68:3f:58:ff:54:dc:cc:09:aa:83:c0:67:07:83:85:13:45:7b:88:76:65:16:75:0a:9c:f9:ed:9d:58:7b:ca:e9" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "246", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:d6:e2:b1:41:48:aa:3f:a2:6e:18:3c:45:cc:23:03:71:d0:6e:b7:a8:40:79:86:1b:17:f1:53:26:8b:72:71:2b:4d:9c:ca:d2:e7:8d:1a:d8:61:d1:43:d3:f0:b7:b7:9a:06:7a:54:73:5b:51:82:e8:b8:cf:18:02:2c:02:a9:39:91:2f:fd:a4:29:b1:d8:86:16:0f:5c:de:76:b5:37:93:59:97:19:24:8f:fd:5a:88:b8:34:31:00:a9:38:da:e4:05:3c:24:64:bf:8d:1b:04:f2:62:2a:fc:4b:c7:00:a0:6d:e4:85:6c:a0:ac:85:09:10:cd:26:58:e2:94:59:02:5b:c1:1c:90:4a:a4:b3:2e:fc:9a:4b:ab:47:31:ab:4a:39:8e:31:12:98:79:0c:3f:e4:53:3b:0d:68:05:89:13:ca:99:5c:62:aa:75:15:4a:c6:28:3b:01:01:b9:74:0a:56:4c:10:d1:71:19:ba:e3:5a:66:de:76:60:ac:33:ce:49:21:e4:86:c2:41:5f:0c:6d:af:95:0c:2f:44:8b:5b:bf:96:fb:f0:ef:ba:64:f6:87:31:1a:dd:ab:8f:d2:de:8a:b9:12:dd:5f:2f:fa:64:19:25:52:44:93:19:79" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "339", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:d7:8a:c8:42:69:08:2e:5a:1f:e8:9a:21:d0:2f:d0:ae:d4:88:6b:94:0a:2e:5d:46:eb:f7:1b:9e:2c:1d:4d:f7:3d:7d:a7:ac:ea:8f:68:9f:6e:ae:25:c4:e4:ce:8c:9d:b1:da:3c:9c:7b:cf:c5:81:ff:36:ca:de:09:b1:ea:15:b2:7e:ca:43:10:46:2a:d8:12:e1:6a:01:ee:0a:04:a3:19:68:1b:a6:97:2d:3c:ac:42:14:4e:ec:8d:fa:bd:ab:ba:60:4f:69:9e:31:b7:26:10:95:f6:c7:a7:4f:4d:83:99:78:8a:6c:da:36:3c:01:9b:b9:43:76:97:ac:ce:0e:3e:87:ee:29:a5:44:2d:d6:1e:8b:2a:b5:97:fa:44:5b:c3:f4:f9:56:15:29:e1:7f:35:a5:52:cc:64:41:74:5a:3f:07:6a:b8:9c:9e:e6:e3:b9:74:47:65:65:08:a4:44:aa:f3:64:51:e7:13:de:97:04:cf:14:19:8a:9b:e1:c2:59:10:b1:4d:2d:33:17:a7:38:18:02:9a:74:54:a8:41:be:c2:15:4f:4f:e8:29:08:53:24:4c:a3:56:86:d0:77:59:a6:11:40:21:9d:54:e4:cb:3a:dd:28:64:ba:0e:c6:21:7a:0c:80:e9:fb:a3:6f:83:a1:c5:d1:a1:dc:50:6f:16:28:2d:70:4b:bb:00:8f:7d:b8:f5:c0:58:e6:4c:be:79:d3:c3:cd:31:c3:ab:a5:4a:50:f5:b5:ca:4b:93:4f:b5:3c:42:ae:b8:a3:6f:08:14:b0:91:d5:ac:58:4c:e3:d0:86:b5:56:72:7d:8f:5c:6a:5b:56:66:88:fd:6c:04:48:a7:ab:21:0b:b3:37:cd:a9:d4:8d:df" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:13.135635000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496093.135635000", + "frame.time_delta": "0.061161000", + "frame.time_delta_displayed": "0.061161000", + "frame.time_relative": "2501.674949000", + "frame.number": "8879", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e2e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003751", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "23435", + "tcp.ack": "105628", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a7d4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:86:60:00:28:82:27", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812577376, TSecr 2654759": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812577376", + "tcp.options.timestamp.tsecr": "2654759" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8878", + "tcp.analysis.ack_rtt": "0.061161000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:13.137929000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496093.137929000", + "frame.time_delta": "0.002294000", + "frame.time_delta_displayed": "0.002294000", + "frame.time_relative": "2501.677243000", + "frame.number": "8880", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002e2f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003721", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "23435", + "tcp.nxtseq": "23482", + "tcp.ack": "105628", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001cfc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:86:60:00:28:82:27", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812577376, TSecr 2654759": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812577376", + "tcp.options.timestamp.tsecr": "2654759" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:f5:82:eb:15:c2:c6:7b:5b:20:72:62:42:e3:cd:4b:82:e3:57:1d:b5:02:e6:91:64:e7:24:cb:6b:f0:92:4e:32:78:72:4a" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:13.141543000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496093.141543000", + "frame.time_delta": "0.003614000", + "frame.time_delta_displayed": "0.003614000", + "frame.time_relative": "2501.680857000", + "frame.number": "8881", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x0000973b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007615", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "105628", + "tcp.nxtseq": "105675", + "tcp.ack": "23482", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000b92b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:82:2d:a7:a4:86:60", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654765, TSecr 2812577376": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654765", + "tcp.options.timestamp.tsecr": "2812577376" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8880", + "tcp.analysis.ack_rtt": "0.003614000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:d8:d6:fd:38:b7:ba:0a:f0:89:d0:1c:ba:27:7f:0c:d8:63:47:6a:11:e2:ef:e0:ee:f5:d0:db:aa:eb:34:c8:fd:ed:a9:75" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:13.188773000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496093.188773000", + "frame.time_delta": "0.047230000", + "frame.time_delta_displayed": "0.047230000", + "frame.time_relative": "2501.728087000", + "frame.number": "8882", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "94:10:3e:36:60:09", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000bf9b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000f810", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.dst_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36219", + "tcp.dstport": "49153", + "tcp.port": "36219", + "tcp.port": "49153", + "tcp.stream": "341", + "tcp.len": "0", + "tcp.seq": "499", + "tcp.ack": "479", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00003eb3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:13.190374000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496093.190374000", + "frame.time_delta": "0.001601000", + "frame.time_delta_displayed": "0.001601000", + "frame.time_relative": "2501.729688000", + "frame.number": "8883", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "94:10:3e:36:60:09", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_36:60:09", + "eth.addr": "94:10:3e:36:60:09", + "eth.addr_resolved": "BelkinIn_36:60:09", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b7ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.225", + "ip.addr": "192.168.0.225", + "ip.src_host": "192.168.0.225", + "ip.host": "192.168.0.225", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49153", + "tcp.dstport": "36219", + "tcp.port": "49153", + "tcp.port": "36219", + "tcp.stream": "341", + "tcp.len": "0", + "tcp.seq": "479", + "tcp.ack": "500", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3456", + "tcp.window_size": "6912", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00003239", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8882", + "tcp.analysis.ack_rtt": "0.001601000", + "tcp.analysis.initial_rtt": "0.002084000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:13.238420000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496093.238420000", + "frame.time_delta": "0.048046000", + "frame.time_delta_displayed": "0.048046000", + "frame.time_relative": "2501.777734000", + "frame.number": "8884", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e30", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000374f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "23482", + "tcp.ack": "105675", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a756", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:86:7a:00:28:82:2d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812577402, TSecr 2654765": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812577402", + "tcp.options.timestamp.tsecr": "2654765" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8881", + "tcp.analysis.ack_rtt": "0.096877000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:13.238903000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496093.238903000", + "frame.time_delta": "0.000483000", + "frame.time_delta_displayed": "0.000483000", + "frame.time_relative": "2501.778217000", + "frame.number": "8885", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x0000973c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000760d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "105675", + "tcp.nxtseq": "105729", + "tcp.ack": "23482", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000028f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:82:37:a7:a4:86:7a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654775, TSecr 2812577402": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654775", + "tcp.options.timestamp.tsecr": "2812577402" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:d9:d8:c5:30:a4:17:41:9c:b7:41:40:b4:7a:b0:5f:32:42:88:2b:5a:3b:e8:f4:c1:90:2a:3a:46:3e:b8:a2:38:3a:8c:8a:93:e4:f5:32:61:1f:74" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:13.299462000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496093.299462000", + "frame.time_delta": "0.060559000", + "frame.time_delta_displayed": "0.060559000", + "frame.time_relative": "2501.838776000", + "frame.number": "8886", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e31", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000374e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "23482", + "tcp.ack": "105729", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000a707", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:86:89:00:28:82:37", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812577417, TSecr 2654775": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812577417", + "tcp.options.timestamp.tsecr": "2654775" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8885", + "tcp.analysis.ack_rtt": "0.060559000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:15.252543000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496095.252543000", + "frame.time_delta": "1.953081000", + "frame.time_delta_displayed": "1.953081000", + "frame.time_relative": "2503.791857000", + "frame.number": "8887", + "frame.len": "1325", + "frame.cap_len": "1325", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1311", + "ip.id": "0x0000973d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007157", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "1259", + "tcp.seq": "105729", + "tcp.nxtseq": "106988", + "tcp.ack": "23482", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000cbec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:83:00:a7:a4:86:89", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2654976, TSecr 2812577417": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2654976", + "tcp.options.timestamp.tsecr": "2812577417" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "1259", + "tcp.analysis.push_bytes_sent": "1259" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1254", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:da:62:f9:60:83:46:ae:38:f2:01:75:31:7b:f6:35:7c:bb:06:38:55:22:b7:4b:df:04:bf:6d:5a:60:e4:30:ff:dc:b8:7c:7b:76:2b:33:01:73:42:e9:1f:d5:42:fc:80:b6:62:ae:78:b3:f3:de:86:ce:2c:19:25:86:84:8e:16:9c:16:31:9f:df:a9:10:a2:41:7c:8b:e0:6b:82:16:17:af:9a:8d:82:42:0f:ec:00:6c:4b:df:cd:5e:a2:03:37:b2:fe:fb:7d:c9:75:e9:ed:d1:81:2b:e8:0f:df:b9:bb:d9:d8:e5:7f:43:d3:82:1c:4f:a2:94:d7:64:20:e0:8f:b7:2c:3e:b3:d8:2a:e0:d4:40:82:af:dc:47:44:ce:86:1c:90:12:0e:e0:df:72:35:81:57:b4:e8:48:30:b9:f4:65:5c:d9:99:95:ab:0f:98:42:14:39:6b:0d:d5:15:a0:37:a4:76:36:bc:fe:83:c9:c3:a0:3a:cf:8b:88:1d:34:67:42:f1:fb:7a:2a:fa:ce:32:2b:ba:0c:34:02:32:f9:27:2b:d2:fb:3c:8b:cd:18:7e:0f:a3:33:ea:b2:c0:ad:31:91:9d:45:c3:c8:45:00:71:52:5a:9c:21:a9:f8:0a:97:f9:ed:5a:30:d2:36:4f:31:17:46:bc:d6:a4:31:64:e7:6a:4e:1c:1a:d2:f6:7f:e1:97:63:a8:09:e1:63:fe:5d:6d:34:b5:17:7c:61:03:13:d3:e3:c7:4e:e0:90:2f:ad:e0:ef:03:01:b1:02:53:96:c1:da:7e:a4:3a:ac:c7:0d:56:bc:03:d5:ca:58:3c:dd:1d:f4:1b:12:5c:0a:55:f1:6c:5d:82:2a:b5:08:16:2e:63:76:51:c6:21:ea:f0:fe:f7:43:02:a4:e8:32:67:b2:87:10:41:69:6e:47:a2:30:2a:7f:5e:79:d8:7a:b1:0e:01:3a:63:40:8b:f7:a2:d1:48:f5:ff:62:3c:bf:f6:9a:58:45:73:c7:cc:77:3f:57:72:cd:5e:f0:8a:f9:58:7d:1f:2b:b4:bd:40:a0:43:fc:0b:ee:d9:35:1b:2a:1a:3d:1d:80:85:e1:b5:a6:44:d9:2c:d0:05:97:25:8f:45:66:50:a6:32:01:7e:00:f1:e2:1a:e9:a6:71:96:65:4a:33:1b:53:b3:ea:48:9c:25:38:f6:04:4f:ab:69:c6:d2:28:53:a3:f3:e2:8e:3d:8f:6a:74:28:a1:19:46:48:71:a4:a8:91:34:4d:71:47:bd:25:45:26:4a:f9:90:bf:b9:ca:09:67:3e:42:16:e3:be:f1:02:4c:e6:1c:ce:ce:06:20:ea:8e:32:7e:62:d8:35:30:d9:f5:70:22:e1:8a:fc:62:7f:a0:ba:bc:48:95:be:cc:b0:e4:09:36:4a:7c:69:50:e8:12:cf:a3:3d:55:c4:e6:29:75:33:b2:1b:0d:bc:43:54:2c:ce:71:a4:fb:54:b6:9d:e9:e4:7e:7f:58:2e:5f:96:6b:77:d4:40:27:c1:ba:43:bf:46:82:f1:20:31:79:32:45:aa:b2:e1:23:9d:da:41:5a:12:ca:38:ef:7a:6a:7c:bb:7d:f8:9b:7c:e0:5d:22:aa:69:3f:cf:3a:93:4f:28:53:4f:70:d2:4b:88:09:5c:62:dd:34:68:80:9c:c0:cf:21:f8:e5:e0:ac:13:ce:23:19:43:5b:97:c2:9b:5c:de:aa:5f:d1:d6:1d:7d:b1:89:23:86:a3:6c:18:f9:fc:23:a4:77:08:7a:9a:35:aa:4e:1a:59:5f:1d:ea:d2:16:b5:57:58:b8:b3:85:d2:0f:ac:06:a6:49:3e:b8:6e:df:84:21:95:3c:53:77:63:f8:da:77:6c:71:da:36:83:52:d5:70:00:86:26:36:bf:ad:ed:46:bc:62:02:cd:e0:2f:94:18:25:4c:e5:4e:4d:62:98:80:25:b6:ff:50:ba:c3:bb:4c:55:fe:67:dd:79:5e:48:4c:82:21:4b:b3:32:56:1f:9e:94:7c:ac:ae:cb:6d:20:45:2e:df:9c:36:47:75:3c:5a:75:02:40:8a:cb:09:74:09:f9:ee:d0:7a:55:d1:cb:f1:32:a0:4f:57:cf:a8:f7:5f:e0:ab:b9:fe:e9:e0:c3:ba:61:95:2c:af:25:c3:fa:45:c2:3a:47:93:99:76:f8:34:52:08:5d:63:00:d1:fa:23:4b:4d:93:42:57:fd:b5:86:83:a1:a4:e1:92:3a:9c:5e:7b:49:b4:1f:fb:f4:9a:34:03:7d:d1:13:59:43:01:50:4a:35:fe:34:bc:ba:22:0d:eb:e1:91:61:02:92:33:a5:8c:93:43:c5:fe:5b:d4:92:bc:1a:b5:09:31:b7:fd:69:23:4b:43:41:97:9a:79:9c:65:4c:92:cd:44:49:1e:98:27:88:5e:bd:f8:7e:dd:f2:e4:3e:e4:c2:b0:81:82:2d:4d:9a:23:89:b7:19:39:99:af:5c:62:5b:6d:c7:1f:1c:89:6d:c1:59:b8:3c:d0:cf:33:97:c5:b5:47:ef:4a:b7:f9:27:20:84:74:63:41:69:20:15:b6:41:69:aa:43:cf:0e:14:f4:73:94:cc:1b:15:4a:55:a7:e8:7f:51:35:80:3b:c7:60:b9:6d:2f:16:35:86:3a:03:d9:29:cc:ee:0d:3f:48:41:b6:12:b8:92:d2:de:59:43:93:21:69:4b:b5:a2:b9:ec:9d:a6:21:8c:c2:4c:24:85:97:12:81:67:af:59:9e:5a:f9:f6:3f:6d:a2:05:dd:21:fb:66:78:00:42:9d:e0:4d:dd:a2:0a:75:b4:83:61:34:f7:48:a8:5c:90:10:c8:5c:be:54:ba:12:bd:18:4b:29:f1:bc:b8:5d:4c:50:fa:53:76:dd:bb:ab:ff:b0:a8:b1:72:7e:e0:17:7f:d0:e9:51:55:92:6f:15:10:00:88:1e:77:dc:50:79:4f:ae:a6:8d:d2:0f:30:a9:25:d8:ba:b6:3d:2d:c0:ef:0d:66:b3:d2:01:78:fc:b9:dc:e1:db:63:99:cf:a0:7c:b9:b7:aa:f5:4b:c1:74:22:98:8f:7e:d3:73:4d:e9:fb:03:bf:37:c4:eb:86:37:fe:c7:6c:1c:6f:3c:3a:c1:02:b0:ee:08:a3:5e:2b:bd:e5:1e:ff:26:b7:58:78:cc:53:38:7c:47:3b:17:24:33:ed:c0:89:a5:de:a8:c1:86:85:c3:38:84:87:a3:7a:c3:78:ce:4b:9b:81:6d:16:a7:0d:53:f5:69:4a:63:31:a5:3c:28:b3:18:be:d1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:15.313361000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496095.313361000", + "frame.time_delta": "0.060818000", + "frame.time_delta_displayed": "0.060818000", + "frame.time_relative": "2503.852675000", + "frame.number": "8888", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e32", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000374d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "23482", + "tcp.ack": "106988", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00009f5c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:88:80:00:28:83:00", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812577920, TSecr 2654976": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812577920", + "tcp.options.timestamp.tsecr": "2654976" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8887", + "tcp.analysis.ack_rtt": "0.060818000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:18.486641000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496098.486641000", + "frame.time_delta": "3.173280000", + "frame.time_delta_displayed": "3.173280000", + "frame.time_relative": "2507.025955000", + "frame.number": "8889", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00002804", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000905d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52887", + "udp.dstport": "53", + "udp.port": "52887", + "udp.port": "53", + "udp.length": "52", + "udp.checksum": "0x00008eb7", + "udp.checksum.status": "2", + "udp.stream": "161" + }, + "dns": { + "dns.id": "0x0000b94c", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type A, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:18.486656000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496098.486656000", + "frame.time_delta": "0.000015000", + "frame.time_delta_displayed": "0.000015000", + "frame.time_relative": "2507.025970000", + "frame.number": "8890", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00002805", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000905c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52887", + "udp.dstport": "53", + "udp.port": "52887", + "udp.port": "53", + "udp.length": "52", + "udp.checksum": "0x000084eb", + "udp.checksum.status": "2", + "udp.stream": "161" + }, + "dns": { + "dns.id": "0x0000c2fd", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type AAAA, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:18.487820000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496098.487820000", + "frame.time_delta": "0.001164000", + "frame.time_delta_displayed": "0.001164000", + "frame.time_relative": "2507.027134000", + "frame.number": "8891", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x0000ad74", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000aed", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "52887", + "udp.port": "53", + "udp.port": "52887", + "udp.length": "52", + "udp.checksum": "0x00008289", + "udp.checksum.status": "2", + "udp.stream": "161" + }, + "dns": { + "dns.response_to": "8890", + "dns.time": "0.001164000", + "dns.id": "0x0000c2fd", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "fw-update2.smartthings.com: type AAAA, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:18.516141000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496098.516141000", + "frame.time_delta": "0.028321000", + "frame.time_delta_displayed": "0.028321000", + "frame.time_relative": "2507.055455000", + "frame.number": "8892", + "frame.len": "447", + "frame.cap_len": "447", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "433", + "ip.id": "0x0000ad75", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000983", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "52887", + "udp.port": "53", + "udp.port": "52887", + "udp.length": "413", + "udp.checksum": "0x000083f2", + "udp.checksum.status": "2", + "udp.stream": "161" + }, + "dns": { + "dns.response_to": "8889", + "dns.time": "0.029500000", + "dns.id": "0x0000b94c", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "3", + "dns.count.auth_rr": "4", + "dns.count.add_rr": "8", + "Queries": { + "fw-update2.smartthings.com: type A, class IN": { + "dns.qry.name": "fw-update2.smartthings.com", + "dns.qry.name.len": "26", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "fw-update2.smartthings.com: type A, class IN, addr 52.4.156.100": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60", + "dns.resp.len": "4", + "dns.a": "52.4.156.100" + }, + "fw-update2.smartthings.com: type A, class IN, addr 52.70.238.171": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60", + "dns.resp.len": "4", + "dns.a": "52.70.238.171" + }, + "fw-update2.smartthings.com: type A, class IN, addr 34.231.50.247": { + "dns.resp.name": "fw-update2.smartthings.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "60", + "dns.resp.len": "4", + "dns.a": "34.231.50.247" + } + }, + "Authoritative nameservers": { + "smartthings.com: type NS, class IN, ns ns-1610.awsdns-09.co.uk": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "62631", + "dns.resp.len": "25", + "dns.ns": "ns-1610.awsdns-09.co.uk" + }, + "smartthings.com: type NS, class IN, ns ns-779.awsdns-33.net": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "62631", + "dns.resp.len": "22", + "dns.ns": "ns-779.awsdns-33.net" + }, + "smartthings.com: type NS, class IN, ns ns-442.awsdns-55.com": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "62631", + "dns.resp.len": "19", + "dns.ns": "ns-442.awsdns-55.com" + }, + "smartthings.com: type NS, class IN, ns ns-1275.awsdns-31.org": { + "dns.resp.name": "smartthings.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "62631", + "dns.resp.len": "23", + "dns.ns": "ns-1275.awsdns-31.org" + } + }, + "Additional records": { + "ns-442.awsdns-55.com: type A, class IN, addr 205.251.193.186": { + "dns.resp.name": "ns-442.awsdns-55.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "149455", + "dns.resp.len": "4", + "dns.a": "205.251.193.186" + }, + "ns-779.awsdns-33.net: type A, class IN, addr 205.251.195.11": { + "dns.resp.name": "ns-779.awsdns-33.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58492", + "dns.resp.len": "4", + "dns.a": "205.251.195.11" + }, + "ns-1275.awsdns-31.org: type A, class IN, addr 205.251.196.251": { + "dns.resp.name": "ns-1275.awsdns-31.org", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56731", + "dns.resp.len": "4", + "dns.a": "205.251.196.251" + }, + "ns-1610.awsdns-09.co.uk: type A, class IN, addr 205.251.198.74": { + "dns.resp.name": "ns-1610.awsdns-09.co.uk", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56833", + "dns.resp.len": "4", + "dns.a": "205.251.198.74" + }, + "ns-442.awsdns-55.com: type AAAA, class IN, addr 2600:9000:5301:ba00::1": { + "dns.resp.name": "ns-442.awsdns-55.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "100388", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5301:ba00::1" + }, + "ns-779.awsdns-33.net: type AAAA, class IN, addr 2600:9000:5303:b00::1": { + "dns.resp.name": "ns-779.awsdns-33.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58492", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5303:b00::1" + }, + "ns-1275.awsdns-31.org: type AAAA, class IN, addr 2600:9000:5304:fb00::1": { + "dns.resp.name": "ns-1275.awsdns-31.org", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56731", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5304:fb00::1" + }, + "ns-1610.awsdns-09.co.uk: type AAAA, class IN, addr 2600:9000:5306:4a00::1": { + "dns.resp.name": "ns-1610.awsdns-09.co.uk", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56833", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5306:4a00::1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:18.517285000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496098.517285000", + "frame.time_delta": "0.001144000", + "frame.time_delta_displayed": "0.001144000", + "frame.time_relative": "2507.056599000", + "frame.number": "8893", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000d0fe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d7ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58254", + "tcp.dstport": "443", + "tcp.port": "58254", + "tcp.port": "443", + "tcp.stream": "342", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x00002dd5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:28:84:47:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 2655303, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2655303", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:18.595089000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496098.595089000", + "frame.time_delta": "0.077804000", + "frame.time_delta_displayed": "0.077804000", + "frame.time_relative": "2507.134403000", + "frame.number": "8894", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x000001b9", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58254", + "tcp.port": "443", + "tcp.port": "58254", + "tcp.stream": "342", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "26847", + "tcp.window_size": "26847", + "tcp.checksum": "0x0000ddd8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:4b:4b:ca:dd:00:28:84:47:01:03:03:08", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 1263258333, TSecr 2655303": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263258333", + "tcp.options.timestamp.tsecr": "2655303" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8893", + "tcp.analysis.ack_rtt": "0.077804000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:18.595600000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496098.595600000", + "frame.time_delta": "0.000511000", + "frame.time_delta_displayed": "0.000511000", + "frame.time_relative": "2507.134914000", + "frame.number": "8895", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000d0ff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d7c1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58254", + "tcp.dstport": "443", + "tcp.port": "58254", + "tcp.port": "443", + "tcp.stream": "342", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00007498", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:84:4f:4b:4b:ca:dd", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2655311, TSecr 1263258333": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2655311", + "tcp.options.timestamp.tsecr": "1263258333" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8894", + "tcp.analysis.ack_rtt": "0.000511000", + "tcp.analysis.initial_rtt": "0.078315000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:18.597740000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496098.597740000", + "frame.time_delta": "0.002140000", + "frame.time_delta_displayed": "0.002140000", + "frame.time_relative": "2507.137054000", + "frame.number": "8896", + "frame.len": "373", + "frame.cap_len": "373", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "359", + "ip.id": "0x0000d100", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d68d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58254", + "tcp.dstport": "443", + "tcp.port": "58254", + "tcp.port": "443", + "tcp.stream": "342", + "tcp.len": "307", + "tcp.seq": "1", + "tcp.nxtseq": "308", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00009dc5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:84:4f:4b:4b:ca:dd", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2655311, TSecr 1263258333": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2655311", + "tcp.options.timestamp.tsecr": "1263258333" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.078315000", + "tcp.analysis.bytes_in_flight": "307", + "tcp.analysis.push_bytes_sent": "307" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000301", + "ssl.record.length": "302", + "ssl.handshake": { + "ssl.handshake.type": "1", + "ssl.handshake.length": "298", + "ssl.handshake.version": "0x00000303", + "Random": { + "ssl.handshake.random_time": "May 31, 2070 05:28:41.000000000 PDT", + "ssl.handshake.random": "cf:b0:4a:3a:47:a6:38:98:68:80:c2:56:ba:4f:38:b3:96:02:58:43:17:af:c2:a3:de:35:63:62" + }, + "ssl.handshake.session_id_length": "0", + "ssl.handshake.cipher_suites_length": "148", + "ssl.handshake.ciphersuites": { + "ssl.handshake.ciphersuite": "49200", + "ssl.handshake.ciphersuite": "49196", + "ssl.handshake.ciphersuite": "49192", + "ssl.handshake.ciphersuite": "49188", + "ssl.handshake.ciphersuite": "49172", + "ssl.handshake.ciphersuite": "49162", + "ssl.handshake.ciphersuite": "163", + "ssl.handshake.ciphersuite": "159", + "ssl.handshake.ciphersuite": "107", + "ssl.handshake.ciphersuite": "106", + "ssl.handshake.ciphersuite": "57", + "ssl.handshake.ciphersuite": "56", + "ssl.handshake.ciphersuite": "136", + "ssl.handshake.ciphersuite": "135", + "ssl.handshake.ciphersuite": "49202", + "ssl.handshake.ciphersuite": "49198", + "ssl.handshake.ciphersuite": "49194", + "ssl.handshake.ciphersuite": "49190", + "ssl.handshake.ciphersuite": "49167", + "ssl.handshake.ciphersuite": "49157", + "ssl.handshake.ciphersuite": "157", + "ssl.handshake.ciphersuite": "61", + "ssl.handshake.ciphersuite": "53", + "ssl.handshake.ciphersuite": "132", + "ssl.handshake.ciphersuite": "49199", + "ssl.handshake.ciphersuite": "49195", + "ssl.handshake.ciphersuite": "49191", + "ssl.handshake.ciphersuite": "49187", + "ssl.handshake.ciphersuite": "49171", + "ssl.handshake.ciphersuite": "49161", + "ssl.handshake.ciphersuite": "162", + "ssl.handshake.ciphersuite": "158", + "ssl.handshake.ciphersuite": "103", + "ssl.handshake.ciphersuite": "64", + "ssl.handshake.ciphersuite": "51", + "ssl.handshake.ciphersuite": "50", + "ssl.handshake.ciphersuite": "154", + "ssl.handshake.ciphersuite": "153", + "ssl.handshake.ciphersuite": "69", + "ssl.handshake.ciphersuite": "68", + "ssl.handshake.ciphersuite": "49201", + "ssl.handshake.ciphersuite": "49197", + "ssl.handshake.ciphersuite": "49193", + "ssl.handshake.ciphersuite": "49189", + "ssl.handshake.ciphersuite": "49166", + "ssl.handshake.ciphersuite": "49156", + "ssl.handshake.ciphersuite": "156", + "ssl.handshake.ciphersuite": "60", + "ssl.handshake.ciphersuite": "47", + "ssl.handshake.ciphersuite": "150", + "ssl.handshake.ciphersuite": "65", + "ssl.handshake.ciphersuite": "7", + "ssl.handshake.ciphersuite": "49169", + "ssl.handshake.ciphersuite": "49159", + "ssl.handshake.ciphersuite": "49164", + "ssl.handshake.ciphersuite": "49154", + "ssl.handshake.ciphersuite": "5", + "ssl.handshake.ciphersuite": "4", + "ssl.handshake.ciphersuite": "49170", + "ssl.handshake.ciphersuite": "49160", + "ssl.handshake.ciphersuite": "22", + "ssl.handshake.ciphersuite": "19", + "ssl.handshake.ciphersuite": "49165", + "ssl.handshake.ciphersuite": "49155", + "ssl.handshake.ciphersuite": "10", + "ssl.handshake.ciphersuite": "21", + "ssl.handshake.ciphersuite": "18", + "ssl.handshake.ciphersuite": "9", + "ssl.handshake.ciphersuite": "20", + "ssl.handshake.ciphersuite": "17", + "ssl.handshake.ciphersuite": "8", + "ssl.handshake.ciphersuite": "6", + "ssl.handshake.ciphersuite": "3", + "ssl.handshake.ciphersuite": "255" + }, + "ssl.handshake.comp_methods_length": "1", + "ssl.handshake.comp_methods": { + "ssl.handshake.comp_method": "0" + }, + "ssl.handshake.extensions_length": "109", + "Extension: ec_point_formats": { + "ssl.handshake.extension.type": "0x0000000b", + "ssl.handshake.extension.len": "4", + "ssl.handshake.extensions_ec_point_formats_length": "3", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_ec_point_format": "0", + "ssl.handshake.extensions_ec_point_format": "1", + "ssl.handshake.extensions_ec_point_format": "2" + } + }, + "Extension: elliptic_curves": { + "ssl.handshake.extension.type": "0x0000000a", + "ssl.handshake.extension.len": "52", + "ssl.handshake.extensions_elliptic_curves_length": "50", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_elliptic_curve": "0x0000000e", + "ssl.handshake.extensions_elliptic_curve": "0x0000000d", + "ssl.handshake.extensions_elliptic_curve": "0x00000019", + "ssl.handshake.extensions_elliptic_curve": "0x0000000b", + "ssl.handshake.extensions_elliptic_curve": "0x0000000c", + "ssl.handshake.extensions_elliptic_curve": "0x00000018", + "ssl.handshake.extensions_elliptic_curve": "0x00000009", + "ssl.handshake.extensions_elliptic_curve": "0x0000000a", + "ssl.handshake.extensions_elliptic_curve": "0x00000016", + "ssl.handshake.extensions_elliptic_curve": "0x00000017", + "ssl.handshake.extensions_elliptic_curve": "0x00000008", + "ssl.handshake.extensions_elliptic_curve": "0x00000006", + "ssl.handshake.extensions_elliptic_curve": "0x00000007", + "ssl.handshake.extensions_elliptic_curve": "0x00000014", + "ssl.handshake.extensions_elliptic_curve": "0x00000015", + "ssl.handshake.extensions_elliptic_curve": "0x00000004", + "ssl.handshake.extensions_elliptic_curve": "0x00000005", + "ssl.handshake.extensions_elliptic_curve": "0x00000012", + "ssl.handshake.extensions_elliptic_curve": "0x00000013", + "ssl.handshake.extensions_elliptic_curve": "0x00000001", + "ssl.handshake.extensions_elliptic_curve": "0x00000002", + "ssl.handshake.extensions_elliptic_curve": "0x00000003", + "ssl.handshake.extensions_elliptic_curve": "0x0000000f", + "ssl.handshake.extensions_elliptic_curve": "0x00000010", + "ssl.handshake.extensions_elliptic_curve": "0x00000011" + } + }, + "Extension: SessionTicket TLS": { + "ssl.handshake.extension.type": "0x00000023", + "ssl.handshake.extension.len": "0", + "ssl.handshake.extension.data": "" + }, + "Extension: signature_algorithms": { + "ssl.handshake.extension.type": "0x0000000d", + "ssl.handshake.extension.len": "32", + "ssl.handshake.sig_hash_alg_len": "30", + "ssl.handshake.sig_hash_algs": { + "ssl.handshake.sig_hash_alg": "0x00000601", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000602", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000603", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000501", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000502", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000503", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "5", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000401", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000402", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000403", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "4", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000301", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000302", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000303", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "3", + "ssl.handshake.sig_hash_sig": "3" + }, + "ssl.handshake.sig_hash_alg": "0x00000201", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_hash_alg": "0x00000202", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "2" + }, + "ssl.handshake.sig_hash_alg": "0x00000203", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "2", + "ssl.handshake.sig_hash_sig": "3" + } + } + }, + "Extension: Heartbeat": { + "ssl.handshake.extension.type": "0x0000000f", + "ssl.handshake.extension.len": "1", + "ssl.handshake.extension.heartbeat.mode": "1" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:18.675430000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496098.675430000", + "frame.time_delta": "0.077690000", + "frame.time_delta_displayed": "0.077690000", + "frame.time_relative": "2507.214744000", + "frame.number": "8897", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000068ae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x00009912", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58254", + "tcp.port": "443", + "tcp.port": "58254", + "tcp.stream": "342", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000073c8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:4b:ca:f1:00:28:84:4f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263258353, TSecr 2655311": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263258353", + "tcp.options.timestamp.tsecr": "2655311" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8896", + "tcp.analysis.ack_rtt": "0.077690000", + "tcp.analysis.initial_rtt": "0.078315000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:18.676528000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496098.676528000", + "frame.time_delta": "0.001098000", + "frame.time_delta_displayed": "0.001098000", + "frame.time_relative": "2507.215842000", + "frame.number": "8898", + "frame.len": "1514", + "frame.cap_len": "1514", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1500", + "ip.id": "0x000068af", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x00009369", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58254", + "tcp.port": "443", + "tcp.port": "58254", + "tcp.stream": "342", + "tcp.len": "1448", + "tcp.seq": "1", + "tcp.nxtseq": "1449", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000097d1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:4b:ca:f1:00:28:84:4f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263258353, TSecr 2655311": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263258353", + "tcp.options.timestamp.tsecr": "2655311" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.078315000", + "tcp.analysis.bytes_in_flight": "1448", + "tcp.analysis.push_bytes_sent": "1448" + }, + "tcp.segment_data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e" + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "89", + "ssl.handshake": { + "ssl.handshake.type": "2", + "ssl.handshake.length": "85", + "ssl.handshake.version": "0x00000303", + "Random": { + "ssl.handshake.random_time": "Aug 20, 2078 06:26:26.000000000 PDT", + "ssl.handshake.random": "98:d9:51:4e:38:98:16:d3:e0:3c:28:31:21:90:13:53:2e:29:f1:8e:28:74:0f:f0:8c:9e:03:56" + }, + "ssl.handshake.session_id_length": "32", + "ssl.handshake.session_id": "fc:92:ce:90:4b:6c:c2:5f:27:84:6f:ca:79:7f:f9:f0:11:26:27:34:a7:01:36:bb:25:96:8c:75:66:8e:e1:97", + "ssl.handshake.ciphersuite": "49199", + "ssl.handshake.comp_method": "0", + "ssl.handshake.extensions_length": "13", + "Extension: renegotiation_info": { + "ssl.handshake.extension.type": "0x0000ff01", + "ssl.handshake.extension.len": "1", + "Renegotiation Info extension": { + "ssl.handshake.extensions_reneg_info_len": "0" + } + }, + "Extension: ec_point_formats": { + "ssl.handshake.extension.type": "0x0000000b", + "ssl.handshake.extension.len": "4", + "ssl.handshake.extensions_ec_point_formats_length": "3", + "ssl.handshake.extensions_elliptic_curves": { + "ssl.handshake.extensions_ec_point_format": "0", + "ssl.handshake.extensions_ec_point_format": "1", + "ssl.handshake.extensions_ec_point_format": "2" + } + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:18.676550000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496098.676550000", + "frame.time_delta": "0.000022000", + "frame.time_delta_displayed": "0.000022000", + "frame.time_relative": "2507.215864000", + "frame.number": "8899", + "frame.len": "289", + "frame.cap_len": "289", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:x509ce:ns_cert_exts:x509ce:x509ce:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "275", + "ip.id": "0x000068b0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x00009831", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58254", + "tcp.port": "443", + "tcp.port": "58254", + "tcp.stream": "342", + "tcp.len": "223", + "tcp.seq": "1449", + "tcp.nxtseq": "1672", + "tcp.ack": "308", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00009308", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:4b:ca:f1:00:28:84:4f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263258353, TSecr 2655311": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263258353", + "tcp.options.timestamp.tsecr": "2655311" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.078315000", + "tcp.analysis.bytes_in_flight": "1671", + "tcp.analysis.push_bytes_sent": "1671" + }, + "tcp.segment_data": "3a:cd:63:9f" + }, + "tcp.segments": { + "tcp.segment": "8898", + "tcp.segment": "8899", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1358", + "tcp.reassembled.data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1353", + "ssl.handshake": { + "ssl.handshake.type": "11", + "ssl.handshake.length": "1349", + "ssl.handshake.certificates_length": "1346", + "ssl.handshake.certificates": { + "ssl.handshake.certificate_length": "777", + "ssl.handshake.certificate": "30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79", + "ssl.handshake.certificate_tree": { + "x509af.signedCertificate_element": { + "x509af.version": "2", + "x509af.serialNumber": "0", + "x509af.signature_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "x509af.issuer": "0", + "x509af.issuer_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.validity_element": { + "x509af.notBefore": "0", + "x509af.notBefore_tree": { + "x509af.utcTime": "15-03-05 21:25:44 (UTC)" + }, + "x509af.notAfter": "0", + "x509af.notAfter_tree": { + "x509af.utcTime": "25-03-02 21:25:44 (UTC)" + } + }, + "x509af.subject": "0", + "x509af.subject_tree": { + "x509af.rdnSequence": "5", + "x509af.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STFWSRV" + } + } + } + } + }, + "x509af.subjectPublicKeyInfo_element": { + "x509af.algorithm_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.1" + }, + "x509af.subjectPublicKey": "30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01", + "x509af.subjectPublicKey_tree": { + "pkcs1.modulus": "00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b", + "pkcs1.publicExponent": "65537" + } + }, + "x509af.extensions": "4", + "x509af.extensions_tree": { + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.19", + "x509ce.BasicConstraintsSyntax_element": "" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.16.840.1.113730.1.13", + "ns_cert_exts.Comment": "OpenSSL Generated Certificate" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.14", + "x509ce.SubjectKeyIdentifier": "01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02" + }, + "x509af.Extension_element": { + "x509af.extension.id": "2.5.29.35", + "x509ce.AuthorityKeyIdentifier_element": { + "x509ce.authorityCertIssuer": "1", + "x509ce.authorityCertIssuer_tree": { + "x509ce.GeneralName": "4", + "x509ce.GeneralName_tree": { + "x509ce.directoryName": "0", + "x509ce.directoryName_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + } + } + }, + "x509ce.authorityCertSerialNumber": "-2877719464742176835" + } + } + } + }, + "x509af.algorithmIdentifier_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "ber.bitstring.padding": "0", + "x509af.encrypted": "0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79" + }, + "ssl.handshake.certificate_length": "563", + "ssl.handshake.certificate": "30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f", + "ssl.handshake.certificate_tree": { + "x509af.signedCertificate_element": { + "x509af.serialNumber": "-2877719464742176835", + "x509af.signature_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "x509af.issuer": "0", + "x509af.issuer_tree": { + "x509if.rdnSequence": "5", + "x509if.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.validity_element": { + "x509af.notBefore": "0", + "x509af.notBefore_tree": { + "x509af.utcTime": "15-03-05 21:25:34 (UTC)" + }, + "x509af.notAfter": "0", + "x509af.notAfter_tree": { + "x509af.utcTime": "25-03-02 21:25:34 (UTC)" + } + }, + "x509af.subject": "0", + "x509af.subject_tree": { + "x509af.rdnSequence": "5", + "x509af.rdnSequence_tree": { + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.6", + "x509sat.CountryName": "US" + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.8", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "Minnesota" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.10", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.11", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "SmartThings" + } + } + }, + "x509if.RDNSequence_item": "1", + "x509if.RDNSequence_item_tree": { + "x509if.RelativeDistinguishedName_item_element": { + "x509if.id": "2.5.4.3", + "x509sat.DirectoryString": "1", + "x509sat.DirectoryString_tree": { + "x509sat.printableString": "STCA" + } + } + } + } + }, + "x509af.subjectPublicKeyInfo_element": { + "x509af.algorithm_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.1" + }, + "x509af.subjectPublicKey": "30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01", + "x509af.subjectPublicKey_tree": { + "pkcs1.modulus": "00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f", + "pkcs1.publicExponent": "65537" + } + } + }, + "x509af.algorithmIdentifier_element": { + "x509af.algorithm.id": "1.2.840.113549.1.1.5" + }, + "ber.bitstring.padding": "0", + "x509af.encrypted": "48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" + } + } + } + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "205", + "ssl.handshake": { + "ssl.handshake.type": "12", + "ssl.handshake.length": "201", + "EC Diffie-Hellman Server Params": { + "ssl.handshake.server_curve_type": "0x00000003", + "ssl.handshake.server_named_curve": "0x00000017", + "ssl.handshake.server_point_len": "65", + "ssl.handshake.server_point": "04:a4:ec:a6:1b:59:d9:b1:70:25:24:15:8b:ac:57:ce:39:9f:82:82:b0:ca:33:f7:00:97:48:c9:5d:d2:e9:21:c8:52:30:3d:47:ba:ad:d1:b9:d9:a9:30:dd:de:d8:4b:d9:d4:8f:34:7d:e6:58:03:25:48:48:5d:94:d5:58:df:6a", + "ssl.handshake.sig_hash_alg": "0x00000601", + "ssl.handshake.sig_hash_alg_tree": { + "ssl.handshake.sig_hash_hash": "6", + "ssl.handshake.sig_hash_sig": "1" + }, + "ssl.handshake.sig_len": "128", + "ssl.handshake.sig": "62:a9:fd:de:d3:ec:fb:6b:d9:25:c9:90:20:06:6a:75:19:d0:d3:fa:f3:ce:82:84:ce:91:0d:b1:73:6e:59:4e:58:70:37:7e:1c:5a:16:ab:08:94:bc:76:67:89:de:cd:49:93:90:c8:b8:c7:75:60:1d:7a:d8:3e:01:a7:71:1e:43:81:ca:90:91:95:aa:9f:be:01:87:61:27:df:52:2c:5f:ac:96:94:43:11:70:b7:b7:af:97:36:68:1b:36:8b:d6:89:66:58:83:8f:1a:8e:d8:aa:67:67:37:8f:c4:85:74:b7:e4:ad:76:f7:8e:5a:6e:03:6a:ba:e1:35:4c:18" + } + } + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "4", + "ssl.handshake": { + "ssl.handshake.type": "14", + "ssl.handshake.length": "0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:18.677181000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496098.677181000", + "frame.time_delta": "0.000631000", + "frame.time_delta_displayed": "0.000631000", + "frame.time_relative": "2507.216495000", + "frame.number": "8900", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000d101", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d7bf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58254", + "tcp.dstport": "443", + "tcp.port": "58254", + "tcp.port": "443", + "tcp.stream": "342", + "tcp.len": "0", + "tcp.seq": "308", + "tcp.ack": "1672", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00006c8e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:84:57:4b:4b:ca:f1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2655319, TSecr 1263258353": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2655319", + "tcp.options.timestamp.tsecr": "1263258353" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8899", + "tcp.analysis.ack_rtt": "0.000631000", + "tcp.analysis.initial_rtt": "0.078315000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:18.715660000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496098.715660000", + "frame.time_delta": "0.038479000", + "frame.time_delta_displayed": "0.038479000", + "frame.time_relative": "2507.254974000", + "frame.number": "8901", + "frame.len": "192", + "frame.cap_len": "192", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "178", + "ip.id": "0x0000d102", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d740", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58254", + "tcp.dstport": "443", + "tcp.port": "58254", + "tcp.port": "443", + "tcp.stream": "342", + "tcp.len": "126", + "tcp.seq": "308", + "tcp.nxtseq": "434", + "tcp.ack": "1672", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000c0b9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:84:5b:4b:4b:ca:f1", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2655323, TSecr 1263258353": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2655323", + "tcp.options.timestamp.tsecr": "1263258353" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.078315000", + "tcp.analysis.bytes_in_flight": "126", + "tcp.analysis.push_bytes_sent": "126" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "70", + "ssl.handshake": { + "ssl.handshake.type": "16", + "ssl.handshake.length": "66", + "EC Diffie-Hellman Client Params": { + "ssl.handshake.client_point_len": "65", + "ssl.handshake.client_point": "04:15:ab:3e:4e:1b:1b:59:62:7d:ad:4e:4e:91:f7:aa:44:79:a1:e5:5c:75:8c:1e:6c:74:bd:f4:9a:3d:d5:7f:34:ff:00:b9:30:41:bf:6f:98:87:31:6b:e5:21:86:8c:ce:9f:ce:62:4c:14:1c:91:10:f2:94:67:ee:0b:f1:69:01" + } + } + }, + "ssl.record": { + "ssl.record.content_type": "20", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1", + "ssl.change_cipher_spec": "" + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "40", + "ssl.handshake": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:18.793292000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496098.793292000", + "frame.time_delta": "0.077632000", + "frame.time_delta_displayed": "0.077632000", + "frame.time_relative": "2507.332606000", + "frame.number": "8902", + "frame.len": "117", + "frame.cap_len": "117", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "103", + "ip.id": "0x000068b1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x000098dc", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58254", + "tcp.port": "443", + "tcp.port": "58254", + "tcp.stream": "342", + "tcp.len": "51", + "tcp.seq": "1672", + "tcp.nxtseq": "1723", + "tcp.ack": "434", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e570", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:4b:cb:0f:00:28:84:5b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263258383, TSecr 2655323": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263258383", + "tcp.options.timestamp.tsecr": "2655323" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8901", + "tcp.analysis.ack_rtt": "0.077632000", + "tcp.analysis.initial_rtt": "0.078315000", + "tcp.analysis.bytes_in_flight": "51", + "tcp.analysis.push_bytes_sent": "51" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "20", + "ssl.record.version": "0x00000303", + "ssl.record.length": "1", + "ssl.change_cipher_spec": "" + }, + "ssl.record": { + "ssl.record.content_type": "22", + "ssl.record.version": "0x00000303", + "ssl.record.length": "40", + "ssl.handshake": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:18.793787000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496098.793787000", + "frame.time_delta": "0.000495000", + "frame.time_delta_displayed": "0.000495000", + "frame.time_relative": "2507.333101000", + "frame.number": "8903", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000d103", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d7bd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58254", + "tcp.dstport": "443", + "tcp.port": "58254", + "tcp.port": "443", + "tcp.stream": "342", + "tcp.len": "0", + "tcp.seq": "434", + "tcp.ack": "1723", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00006bb3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:84:63:4b:4b:cb:0f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2655331, TSecr 1263258383": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2655331", + "tcp.options.timestamp.tsecr": "1263258383" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8902", + "tcp.analysis.ack_rtt": "0.000495000", + "tcp.analysis.initial_rtt": "0.078315000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:18.794358000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496098.794358000", + "frame.time_delta": "0.000571000", + "frame.time_delta_displayed": "0.000571000", + "frame.time_relative": "2507.333672000", + "frame.number": "8904", + "frame.len": "135", + "frame.cap_len": "135", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "121", + "ip.id": "0x0000d104", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d777", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58254", + "tcp.dstport": "443", + "tcp.port": "58254", + "tcp.port": "443", + "tcp.stream": "342", + "tcp.len": "69", + "tcp.seq": "434", + "tcp.nxtseq": "503", + "tcp.ack": "1723", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000a2f8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:84:63:4b:4b:cb:0f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2655331, TSecr 1263258383": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2655331", + "tcp.options.timestamp.tsecr": "1263258383" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.078315000", + "tcp.analysis.bytes_in_flight": "69", + "tcp.analysis.push_bytes_sent": "69" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "64", + "ssl.app_data": "4f:49:80:11:a4:61:71:f0:35:b8:00:ea:45:e3:02:9c:4c:e7:98:f9:01:f0:fb:be:7e:ea:ce:66:4a:43:5b:01:2e:89:59:7f:1a:4f:47:44:c8:76:46:63:88:78:5b:50:9a:92:70:1e:43:a8:4b:a4:3e:36:e7:ac:d3:7d:bf:dc" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:18.872457000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496098.872457000", + "frame.time_delta": "0.078099000", + "frame.time_delta_displayed": "0.078099000", + "frame.time_relative": "2507.411771000", + "frame.number": "8905", + "frame.len": "135", + "frame.cap_len": "135", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "121", + "ip.id": "0x000068b2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x000098c9", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58254", + "tcp.port": "443", + "tcp.port": "58254", + "tcp.stream": "342", + "tcp.len": "69", + "tcp.seq": "1723", + "tcp.nxtseq": "1792", + "tcp.ack": "503", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "110", + "tcp.window_size": "28160", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e70a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:4b:cb:22:00:28:84:63", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263258402, TSecr 2655331": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263258402", + "tcp.options.timestamp.tsecr": "2655331" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8904", + "tcp.analysis.ack_rtt": "0.078099000", + "tcp.analysis.initial_rtt": "0.078315000", + "tcp.analysis.bytes_in_flight": "69", + "tcp.analysis.push_bytes_sent": "69" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "64", + "ssl.app_data": "01:a6:f9:d6:88:79:de:92:70:f7:13:96:1a:13:48:69:d1:cd:78:34:d8:b4:1a:57:e5:e1:db:d1:ed:48:c2:18:eb:34:71:5f:50:bd:b2:44:2b:fe:4a:04:20:86:07:af:e6:b5:82:b9:8d:56:0c:1f:4f:38:7d:ea:9e:e1:46:bc" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:18.873391000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496098.873391000", + "frame.time_delta": "0.000934000", + "frame.time_delta_displayed": "0.000934000", + "frame.time_relative": "2507.412705000", + "frame.number": "8906", + "frame.len": "555", + "frame.cap_len": "555", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "541", + "ip.id": "0x0000d105", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d5d2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58254", + "tcp.dstport": "443", + "tcp.port": "58254", + "tcp.port": "443", + "tcp.stream": "342", + "tcp.len": "489", + "tcp.seq": "503", + "tcp.nxtseq": "992", + "tcp.ack": "1792", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00002909", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:84:6a:4b:4b:cb:22", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2655338, TSecr 1263258402": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2655338", + "tcp.options.timestamp.tsecr": "1263258402" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8905", + "tcp.analysis.ack_rtt": "0.000934000", + "tcp.analysis.initial_rtt": "0.078315000", + "tcp.analysis.bytes_in_flight": "489", + "tcp.analysis.push_bytes_sent": "489" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "484", + "ssl.app_data": "4f:49:80:11:a4:61:71:f1:e1:df:dc:f5:99:6c:c7:7e:c8:03:39:18:ff:e3:89:87:0e:2e:3b:f1:9c:9a:9b:80:ef:ac:2d:c2:69:dc:a8:ba:17:90:13:50:8b:62:24:29:85:77:4b:f5:53:a7:12:bd:7d:9b:f1:0c:c8:65:37:50:4e:f1:9a:52:fb:92:e4:fc:c6:fd:ac:21:ce:c5:69:f8:15:60:82:b9:18:42:12:45:75:ee:1d:bf:38:38:00:78:c1:8e:0b:3f:c8:46:a6:59:f8:94:6b:2e:d5:06:e8:ce:bb:08:f4:7b:f6:62:83:8a:5a:62:6e:46:9d:56:e9:20:40:73:40:ad:3c:47:5b:7d:ab:a2:0c:65:f0:e4:2b:76:9a:5d:1d:a4:1a:ee:7b:1e:8e:6b:3f:8f:10:bb:b4:29:9f:96:0b:7e:7c:47:1a:69:b7:c9:69:18:cc:05:7e:dd:68:eb:2f:6a:f2:ce:50:8f:e4:71:70:86:19:64:87:14:98:a0:1e:8f:3c:14:a6:98:52:a7:a5:5e:f9:4d:29:57:6b:93:f4:46:e0:35:3c:2b:30:b4:f5:14:02:d8:b2:f9:84:c8:f0:df:13:0b:3f:43:01:ae:76:85:cf:ab:c4:48:88:55:bc:24:33:96:31:53:1e:57:11:4c:cc:38:77:8f:3f:f6:ef:e1:45:05:65:82:ef:b4:03:a1:02:3a:77:71:37:90:cd:4b:fb:75:83:3c:f2:6f:11:64:ee:3e:ac:e9:84:05:92:be:2c:35:50:8d:45:17:41:78:9c:66:aa:56:33:79:70:fc:cb:0a:e3:bb:d0:61:87:6b:18:67:c9:63:22:c8:5a:75:b4:2e:65:2a:e6:65:56:54:5c:5f:97:67:96:3d:80:fa:45:b2:5e:b3:2b:12:80:ef:50:94:af:c0:c3:5f:92:7b:f4:9d:fd:5c:59:60:bf:02:ff:fb:16:7f:c4:72:d6:d2:22:4e:50:2e:6b:6b:8e:d2:63:a4:b7:1a:3e:cf:67:2f:94:0f:e6:b4:aa:30:26:2f:7b:71:01:01:6c:27:91:04:47:de:ee:4a:ef:cc:c5:21:fc:06:e7:b8:f3:81:82:2c:7a:b1:d7:df:e8:44:2c:b3:36:e5:0f:53:d4:a0:e9:b1:88:73:21:6a:c6:0d:22:7a:af:e2:9c:26:81:75:a7:15:87:83:54:af:06:c3:b1:7a:97:bf:6c:ad:fe:ea:f2:63:c4:da:53:12:1c:80:5a:d4:ea:1b:0f:1d:f5:fe:dd:e3" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:18.951236000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496098.951236000", + "frame.time_delta": "0.077845000", + "frame.time_delta_displayed": "0.077845000", + "frame.time_relative": "2507.490550000", + "frame.number": "8907", + "frame.len": "141", + "frame.cap_len": "141", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "127", + "ip.id": "0x000068b3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x000098c2", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58254", + "tcp.port": "443", + "tcp.port": "58254", + "tcp.stream": "342", + "tcp.len": "75", + "tcp.seq": "1792", + "tcp.nxtseq": "1867", + "tcp.ack": "992", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00002808", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:4b:cb:36:00:28:84:6a", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263258422, TSecr 2655338": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263258422", + "tcp.options.timestamp.tsecr": "2655338" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8906", + "tcp.analysis.ack_rtt": "0.077845000", + "tcp.analysis.initial_rtt": "0.078315000", + "tcp.analysis.bytes_in_flight": "75", + "tcp.analysis.push_bytes_sent": "75" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "70", + "ssl.app_data": "01:a6:f9:d6:88:79:de:93:22:67:a7:3e:6b:09:7e:68:9f:00:68:2d:8e:51:b4:21:fe:90:b4:ec:b2:ca:56:66:cc:a9:66:7e:33:6e:f5:f7:a9:3c:a9:b5:00:72:76:f3:d3:35:c8:f4:52:83:ce:20:f7:3f:3c:17:bb:10:ec:7a:53:e0:2e:36:fe:40" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:18.951977000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496098.951977000", + "frame.time_delta": "0.000741000", + "frame.time_delta_displayed": "0.000741000", + "frame.time_relative": "2507.491291000", + "frame.number": "8908", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000d106", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d7ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58254", + "tcp.dstport": "443", + "tcp.port": "58254", + "tcp.port": "443", + "tcp.stream": "342", + "tcp.len": "0", + "tcp.seq": "992", + "tcp.ack": "1867", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "281", + "tcp.window_size": "17984", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x000068be", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:84:72:4b:4b:cb:36", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2655346, TSecr 1263258422": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2655346", + "tcp.options.timestamp.tsecr": "1263258422" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8907", + "tcp.analysis.ack_rtt": "0.000741000", + "tcp.analysis.initial_rtt": "0.078315000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:19.029131000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496099.029131000", + "frame.time_delta": "0.077154000", + "frame.time_delta_displayed": "0.077154000", + "frame.time_relative": "2507.568445000", + "frame.number": "8909", + "frame.len": "97", + "frame.cap_len": "97", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "83", + "ip.id": "0x000068b4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x000098ed", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58254", + "tcp.port": "443", + "tcp.port": "58254", + "tcp.stream": "342", + "tcp.len": "31", + "tcp.seq": "1867", + "tcp.nxtseq": "1898", + "tcp.ack": "993", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00007128", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:4b:cb:4a:00:28:84:72", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263258442, TSecr 2655346": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263258442", + "tcp.options.timestamp.tsecr": "2655346" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8908", + "tcp.analysis.ack_rtt": "0.077154000", + "tcp.analysis.initial_rtt": "0.078315000", + "tcp.analysis.bytes_in_flight": "31", + "tcp.analysis.push_bytes_sent": "31" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "21", + "ssl.record.version": "0x00000303", + "ssl.record.length": "26", + "ssl.alert_message": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:19.029216000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496099.029216000", + "frame.time_delta": "0.000085000", + "frame.time_delta_displayed": "0.000085000", + "frame.time_relative": "2507.568530000", + "frame.number": "8910", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000068b5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "231", + "ip.proto": "6", + "ip.checksum": "0x0000990b", + "ip.checksum.status": "2", + "ip.src": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.src_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.src_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.src_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.src_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "58254", + "tcp.port": "443", + "tcp.port": "58254", + "tcp.stream": "342", + "tcp.len": "0", + "tcp.seq": "1898", + "tcp.ack": "993", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "114", + "tcp.window_size": "29184", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006931", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:4b:4b:cb:4a:00:28:84:72", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 1263258442, TSecr 2655346": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "1263258442", + "tcp.options.timestamp.tsecr": "2655346" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:19.029599000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496099.029599000", + "frame.time_delta": "0.000383000", + "frame.time_delta_displayed": "0.000383000", + "frame.time_relative": "2507.568913000", + "frame.number": "8911", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006547", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004386", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58254", + "tcp.dstport": "443", + "tcp.port": "58254", + "tcp.port": "443", + "tcp.stream": "342", + "tcp.len": "0", + "tcp.seq": "993", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00004f4b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:19.029610000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496099.029610000", + "frame.time_delta": "0.000011000", + "frame.time_delta_displayed": "0.000011000", + "frame.time_relative": "2507.568924000", + "frame.number": "8912", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006548", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004385", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "52.4.156.100", + "ip.addr": "52.4.156.100", + "ip.dst_host": "52.4.156.100", + "ip.host": "52.4.156.100", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", + "ip.geoip.dst_city": "Ashburn, VA", + "ip.geoip.city": "Ashburn, VA", + "ip.geoip.dst_lat": "39.033501", + "ip.geoip.lat": "39.033501", + "ip.geoip.dst_lon": "-77.483803", + "ip.geoip.lon": "-77.483803" + } + }, + "tcp": { + "tcp.srcport": "58254", + "tcp.dstport": "443", + "tcp.port": "58254", + "tcp.port": "443", + "tcp.stream": "342", + "tcp.len": "0", + "tcp.seq": "993", + "tcp.ack": "0", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000004", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "1", + "tcp.flags.reset_tree": { + "_ws.expert": { + "tcp.connection.rst": "", + "_ws.expert.message": "Connection reset (RST)", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "0", + "tcp.window_size": "0", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00004f4b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:19.270745000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496099.270745000", + "frame.time_delta": "0.241135000", + "frame.time_delta_displayed": "0.241135000", + "frame.time_relative": "2507.810059000", + "frame.number": "8913", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000d7a6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000e116", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49169", + "udp.dstport": "53", + "udp.port": "49169", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00008e6c", + "udp.checksum.status": "2", + "udp.stream": "162" + }, + "dns": { + "dns.id": "0x00000f3a", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:19.277116000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496099.277116000", + "frame.time_delta": "0.006371000", + "frame.time_delta_displayed": "0.006371000", + "frame.time_relative": "2507.816430000", + "frame.number": "8914", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000c30d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f3fa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49169", + "udp.port": "53", + "udp.port": "49169", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "162" + }, + "dns": { + "dns.response_to": "8913", + "dns.time": "0.006371000", + "dns.id": "0x00000f3a", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "177", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "16752", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1603", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1603", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1603", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1603", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1603", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1603", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1603", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1603", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1603", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "475", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 165.254.137.96": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "806", + "dns.resp.len": "4", + "dns.a": "165.254.137.96" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.137.96": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3590", + "dns.resp.len": "4", + "dns.a": "165.254.137.96" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3784", + "dns.resp.len": "4", + "dns.a": "96.17.70.188" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "117", + "dns.resp.len": "4", + "dns.a": "173.197.192.230" + }, + "n5b.akamaiedge.net: type A, class IN, addr 165.254.137.91": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "604", + "dns.resp.len": "4", + "dns.a": "165.254.137.91" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.134.240": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "393", + "dns.resp.len": "4", + "dns.a": "165.254.134.240" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4359", + "dns.resp.len": "4", + "dns.a": "165.254.134.239" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1614", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:19.277986000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496099.277986000", + "frame.time_delta": "0.000870000", + "frame.time_delta_displayed": "0.000870000", + "frame.time_relative": "2507.817300000", + "frame.number": "8915", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000a976", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eda8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "173.223.52.125", + "ip.addr": "173.223.52.125", + "ip.dst_host": "173.223.52.125", + "ip.host": "173.223.52.125", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", + "ip.geoip.asnum": "AS20940 Akamai International B.V.", + "ip.geoip.dst_city": "Cambridge, MA", + "ip.geoip.city": "Cambridge, MA", + "ip.geoip.dst_lat": "42.362598", + "ip.geoip.lat": "42.362598", + "ip.geoip.dst_lon": "-71.084297", + "ip.geoip.lon": "-71.084297" + } + }, + "tcp": { + "tcp.srcport": "57703", + "tcp.dstport": "443", + "tcp.port": "57703", + "tcp.port": "443", + "tcp.stream": "343", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000018c4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:19.281261000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496099.281261000", + "frame.time_delta": "0.003275000", + "frame.time_delta_displayed": "0.003275000", + "frame.time_relative": "2507.820575000", + "frame.number": "8916", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "56", + "ip.proto": "6", + "ip.checksum": "0x00009f1f", + "ip.checksum.status": "2", + "ip.src": "173.223.52.125", + "ip.addr": "173.223.52.125", + "ip.src_host": "173.223.52.125", + "ip.host": "173.223.52.125", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS20940 Akamai International B.V.", + "ip.geoip.asnum": "AS20940 Akamai International B.V.", + "ip.geoip.src_city": "Cambridge, MA", + "ip.geoip.city": "Cambridge, MA", + "ip.geoip.src_lat": "42.362598", + "ip.geoip.lat": "42.362598", + "ip.geoip.src_lon": "-71.084297", + "ip.geoip.lon": "-71.084297" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "57703", + "tcp.port": "443", + "tcp.port": "57703", + "tcp.stream": "343", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00009486", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:05", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 5 (multiply by 32)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "5", + "tcp.options.wscale.multiplier": "32" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8915", + "tcp.analysis.ack_rtt": "0.003275000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:19.281792000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496099.281792000", + "frame.time_delta": "0.000531000", + "frame.time_delta_displayed": "0.000531000", + "frame.time_relative": "2507.821106000", + "frame.number": "8917", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a977", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000edb3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "173.223.52.125", + "ip.addr": "173.223.52.125", + "ip.dst_host": "173.223.52.125", + "ip.host": "173.223.52.125", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", + "ip.geoip.asnum": "AS20940 Akamai International B.V.", + "ip.geoip.dst_city": "Cambridge, MA", + "ip.geoip.city": "Cambridge, MA", + "ip.geoip.dst_lat": "42.362598", + "ip.geoip.lat": "42.362598", + "ip.geoip.dst_lon": "-71.084297", + "ip.geoip.lon": "-71.084297" + } + }, + "tcp": { + "tcp.srcport": "57703", + "tcp.dstport": "443", + "tcp.port": "57703", + "tcp.port": "443", + "tcp.stream": "343", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003925", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8916", + "tcp.analysis.ack_rtt": "0.000531000", + "tcp.analysis.initial_rtt": "0.003806000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:19.281804000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496099.281804000", + "frame.time_delta": "0.000012000", + "frame.time_delta_displayed": "0.000012000", + "frame.time_relative": "2507.821118000", + "frame.number": "8918", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a978", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000edb2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "173.223.52.125", + "ip.addr": "173.223.52.125", + "ip.dst_host": "173.223.52.125", + "ip.host": "173.223.52.125", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", + "ip.geoip.asnum": "AS20940 Akamai International B.V.", + "ip.geoip.dst_city": "Cambridge, MA", + "ip.geoip.city": "Cambridge, MA", + "ip.geoip.dst_lat": "42.362598", + "ip.geoip.lat": "42.362598", + "ip.geoip.dst_lon": "-71.084297", + "ip.geoip.lon": "-71.084297" + } + }, + "tcp": { + "tcp.srcport": "57703", + "tcp.dstport": "443", + "tcp.port": "57703", + "tcp.port": "443", + "tcp.stream": "343", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003924", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:19.285180000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496099.285180000", + "frame.time_delta": "0.003376000", + "frame.time_delta_displayed": "0.003376000", + "frame.time_relative": "2507.824494000", + "frame.number": "8919", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f230", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "56", + "ip.proto": "6", + "ip.checksum": "0x0000acfa", + "ip.checksum.status": "2", + "ip.src": "173.223.52.125", + "ip.addr": "173.223.52.125", + "ip.src_host": "173.223.52.125", + "ip.host": "173.223.52.125", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS20940 Akamai International B.V.", + "ip.geoip.asnum": "AS20940 Akamai International B.V.", + "ip.geoip.src_city": "Cambridge, MA", + "ip.geoip.city": "Cambridge, MA", + "ip.geoip.src_lat": "42.362598", + "ip.geoip.lat": "42.362598", + "ip.geoip.src_lon": "-71.084297", + "ip.geoip.lon": "-71.084297" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "57703", + "tcp.port": "443", + "tcp.port": "57703", + "tcp.stream": "343", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "2", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "913", + "tcp.window_size": "29216", + "tcp.window_size_scalefactor": "32", + "tcp.checksum": "0x000043d4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8918", + "tcp.analysis.ack_rtt": "0.003376000", + "tcp.analysis.initial_rtt": "0.003806000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:19.285649000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496099.285649000", + "frame.time_delta": "0.000469000", + "frame.time_delta_displayed": "0.000469000", + "frame.time_relative": "2507.824963000", + "frame.number": "8920", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000a979", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000edb1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "173.223.52.125", + "ip.addr": "173.223.52.125", + "ip.dst_host": "173.223.52.125", + "ip.host": "173.223.52.125", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", + "ip.geoip.asnum": "AS20940 Akamai International B.V.", + "ip.geoip.dst_city": "Cambridge, MA", + "ip.geoip.city": "Cambridge, MA", + "ip.geoip.dst_lat": "42.362598", + "ip.geoip.lat": "42.362598", + "ip.geoip.dst_lon": "-71.084297", + "ip.geoip.lon": "-71.084297" + } + }, + "tcp": { + "tcp.srcport": "57703", + "tcp.dstport": "443", + "tcp.port": "57703", + "tcp.port": "443", + "tcp.stream": "343", + "tcp.len": "0", + "tcp.seq": "2", + "tcp.ack": "2", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00003923", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8919", + "tcp.analysis.ack_rtt": "0.000469000", + "tcp.analysis.initial_rtt": "0.003806000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.067646000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.067646000", + "frame.time_delta": "3.781997000", + "frame.time_delta_displayed": "3.781997000", + "frame.time_relative": "2511.606960000", + "frame.number": "8921", + "frame.len": "297", + "frame.cap_len": "297", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "283", + "ip.id": "0x00002e33", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003665", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "231", + "tcp.seq": "23482", + "tcp.nxtseq": "23713", + "tcp.ack": "106988", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004899", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:90:13:00:28:83:00", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812579859, TSecr 2654976": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812579859", + "tcp.options.timestamp.tsecr": "2654976" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "231", + "tcp.analysis.push_bytes_sent": "231" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "226", + "ssl.app_data": "34:cd:34:17:47:48:0e:f6:11:f8:e4:77:a0:d5:c2:13:51:62:c2:6d:95:b8:13:23:e4:22:32:28:d6:46:89:d4:c1:4c:f1:0f:7b:4b:11:8a:1f:19:62:ae:c3:13:33:a5:00:5f:fd:cf:a5:50:3c:66:04:b6:83:21:fd:3b:b4:c3:d1:36:05:7d:30:8b:d1:48:d7:42:49:7c:6a:eb:a7:0a:8c:eb:6c:e6:45:02:23:5e:49:17:27:57:8b:0d:12:7d:00:12:f3:c4:8f:f3:57:67:7e:df:9c:bf:c8:40:3b:9d:9b:dc:e7:2b:d1:4c:43:4d:44:89:b6:0b:a0:02:11:be:9e:9a:7f:95:47:b9:03:62:70:2c:1b:94:19:7e:96:c9:6a:d1:bd:8e:60:0a:b2:b8:ea:57:20:c7:71:c9:23:37:fd:5f:62:15:63:5d:8b:9c:a6:fb:20:54:5c:3f:18:fb:cd:82:92:7e:e0:71:18:1c:33:c5:75:41:c7:36:c7:bf:37:e2:f4:83:90:e9:68:8e:26:43:f4:15:17:19:a1:1c:93:09:07:f6:54:5e:1c:5b:c9:4e:2c:11:4a:41:29:6a:5c:f6" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.074667000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.074667000", + "frame.time_delta": "0.007021000", + "frame.time_delta_displayed": "0.007021000", + "frame.time_relative": "2511.613981000", + "frame.number": "8922", + "frame.len": "119", + "frame.cap_len": "119", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "105", + "ip.id": "0x0000973e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000760c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "53", + "tcp.seq": "106988", + "tcp.nxtseq": "107041", + "tcp.ack": "23713", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000046d9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:86:0f:a7:a4:90:13", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2655759, TSecr 2812579859": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2655759", + "tcp.options.timestamp.tsecr": "2812579859" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8921", + "tcp.analysis.ack_rtt": "0.007021000", + "tcp.analysis.bytes_in_flight": "53", + "tcp.analysis.push_bytes_sent": "53" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "48", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:db:25:8d:fd:e3:b3:fe:87:db:27:99:da:6b:36:67:df:50:30:44:3e:75:cb:ae:46:8c:fd:64:1e:be:b8:0c:a6:92:ec:d8:fb:ce:91:19:bf:e9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.076142000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.076142000", + "frame.time_delta": "0.001475000", + "frame.time_delta_displayed": "0.001475000", + "frame.time_relative": "2511.615456000", + "frame.number": "8923", + "frame.len": "74", + "frame.cap_len": "74", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "60", + "ip.id": "0x0000d5f4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e243", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36225", + "tcp.dstport": "49154", + "tcp.port": "36225", + "tcp.port": "49154", + "tcp.stream": "344", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "40", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 49154", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x0000168f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:04:02:08:0a:00:28:86:0f:00:00:00:00:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "Timestamps: TSval 2655759, TSecr 0": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2655759", + "tcp.options.timestamp.tsecr": "0" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.078229000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.078229000", + "frame.time_delta": "0.002087000", + "frame.time_delta_displayed": "0.002087000", + "frame.time_relative": "2511.617543000", + "frame.number": "8924", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b840", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36225", + "tcp.port": "49154", + "tcp.port": "36225", + "tcp.stream": "344", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 49154", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5840", + "tcp.window_size": "5840", + "tcp.checksum": "0x00002f21", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 1 (multiply by 2)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "1", + "tcp.options.wscale.multiplier": "2" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8923", + "tcp.analysis.ack_rtt": "0.002087000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.078638000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.078638000", + "frame.time_delta": "0.000409000", + "frame.time_delta_displayed": "0.000409000", + "frame.time_relative": "2511.617952000", + "frame.number": "8925", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d5f5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e256", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36225", + "tcp.dstport": "49154", + "tcp.port": "36225", + "tcp.port": "49154", + "tcp.stream": "344", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x000085d8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8924", + "tcp.analysis.ack_rtt": "0.000409000", + "tcp.analysis.initial_rtt": "0.002496000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.089137000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.089137000", + "frame.time_delta": "0.010499000", + "frame.time_delta_displayed": "0.010499000", + "frame.time_relative": "2511.628451000", + "frame.number": "8926", + "frame.len": "233", + "frame.cap_len": "233", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:data" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "219", + "ip.id": "0x0000d5f6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e1a2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36225", + "tcp.dstport": "49154", + "tcp.port": "36225", + "tcp.port": "49154", + "tcp.stream": "344", + "tcp.len": "179", + "tcp.seq": "1", + "tcp.nxtseq": "180", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "229", + "tcp.window_size": "14656", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000661f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002496000", + "tcp.analysis.bytes_in_flight": "179", + "tcp.analysis.push_bytes_sent": "179" + } + }, + "http": { + "SUBSCRIBE \/upnp\/event\/basicevent1 HTTP\/1.1\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "SUBSCRIBE \/upnp\/event\/basicevent1 HTTP\/1.1\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "SUBSCRIBE", + "http.request.uri": "\/upnp\/event\/basicevent1", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.65:49154", + "http.unknown_header": "CALLBACK: <http:\/\/192.168.0.242:39500\/>\\n", + "http.unknown_header": "NT: upnp:event\\n", + "http.unknown_header": "TIMEOUT: Second-5400\\n", + "http.user_agent": "CyberGarage-HTTP\/1.0", + "\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.65:49154\/upnp\/event\/basicevent1", + "http.notification": "1", + "http.file_data": "\n", + "data": { + "data.data": "0a", + "data.len": "1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.092899000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.092899000", + "frame.time_delta": "0.003762000", + "frame.time_delta_displayed": "0.003762000", + "frame.time_relative": "2511.632213000", + "frame.number": "8927", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f7d8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c073", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36225", + "tcp.port": "49154", + "tcp.port": "36225", + "tcp.stream": "344", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "180", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00007aa2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8926", + "tcp.analysis.ack_rtt": "0.003762000", + "tcp.analysis.initial_rtt": "0.002496000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.096922000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.096922000", + "frame.time_delta": "0.004023000", + "frame.time_delta_displayed": "0.004023000", + "frame.time_relative": "2511.636236000", + "frame.number": "8928", + "frame.len": "267", + "frame.cap_len": "267", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "253", + "ip.id": "0x0000f7d9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000bf9d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36225", + "tcp.port": "49154", + "tcp.port": "36225", + "tcp.stream": "344", + "tcp.len": "213", + "tcp.seq": "1", + "tcp.nxtseq": "214", + "tcp.ack": "180", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00008e62", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002496000", + "tcp.analysis.bytes_in_flight": "213", + "tcp.analysis.push_bytes_sent": "213" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.date": "Wed, 01 Nov 2017 00:28:23 GMT", + "http.response.line": "DATE: Wed, 01 Nov 2017 00:28:23 GMT\r\n", + "http.server": "Unspecified, UPnP\/1.0, Unspecified", + "http.response.line": "SERVER: Unspecified, UPnP\/1.0, Unspecified\r\n", + "http.content_length_header": "0", + "http.content_length_header_tree": { + "http.content_length": "0" + }, + "http.response.line": "CONTENT-LENGTH: 0\r\n", + "http.response.line": "X-User-Agent: redsonic\r\n", + "http.response.line": "SID: uuid:91a61178-1dd2-11b2-be5b-b0ef260068aa\r\n", + "http.response.line": "TIMEOUT: Second-5400\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.097345000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.097345000", + "frame.time_delta": "0.000423000", + "frame.time_delta_displayed": "0.000423000", + "frame.time_relative": "2511.636659000", + "frame.number": "8929", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d5f7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e254", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36225", + "tcp.dstport": "49154", + "tcp.port": "36225", + "tcp.port": "49154", + "tcp.stream": "344", + "tcp.len": "0", + "tcp.seq": "180", + "tcp.ack": "214", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00008440", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8928", + "tcp.analysis.ack_rtt": "0.000423000", + "tcp.analysis.initial_rtt": "0.002496000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.100769000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.100769000", + "frame.time_delta": "0.003424000", + "frame.time_delta_displayed": "0.003424000", + "frame.time_relative": "2511.640083000", + "frame.number": "8930", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000054fe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006342", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4471", + "tcp.dstport": "39500", + "tcp.port": "4471", + "tcp.port": "39500", + "tcp.stream": "345", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 39500", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5840", + "tcp.window_size": "5840", + "tcp.checksum": "0x0000d572", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 1 (multiply by 2)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "1", + "tcp.options.wscale.multiplier": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.100912000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.100912000", + "frame.time_delta": "0.000143000", + "frame.time_delta_displayed": "0.000143000", + "frame.time_relative": "2511.640226000", + "frame.number": "8931", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f7da", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000c071", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36225", + "tcp.port": "49154", + "tcp.port": "36225", + "tcp.stream": "344", + "tcp.len": "0", + "tcp.seq": "214", + "tcp.ack": "180", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x000079cc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.101170000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.101170000", + "frame.time_delta": "0.000258000", + "frame.time_delta_displayed": "0.000258000", + "frame.time_relative": "2511.640484000", + "frame.number": "8932", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b840", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4471", + "tcp.port": "39500", + "tcp.port": "4471", + "tcp.stream": "345", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 39500", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x0000ee43", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8930", + "tcp.analysis.ack_rtt": "0.000401000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.106237000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.106237000", + "frame.time_delta": "0.005067000", + "frame.time_delta_displayed": "0.005067000", + "frame.time_relative": "2511.645551000", + "frame.number": "8933", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000054ff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000634d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4471", + "tcp.dstport": "39500", + "tcp.port": "4471", + "tcp.port": "39500", + "tcp.stream": "345", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00005cb5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8932", + "tcp.analysis.ack_rtt": "0.005067000", + "tcp.analysis.initial_rtt": "0.005468000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.106365000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.106365000", + "frame.time_delta": "0.000128000", + "frame.time_delta_displayed": "0.000128000", + "frame.time_relative": "2511.645679000", + "frame.number": "8934", + "frame.len": "258", + "frame.cap_len": "258", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "244", + "ip.id": "0x00005500", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006280", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4471", + "tcp.dstport": "39500", + "tcp.port": "4471", + "tcp.port": "39500", + "tcp.stream": "345", + "tcp.len": "204", + "tcp.seq": "1", + "tcp.nxtseq": "205", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000d88c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005468000", + "tcp.analysis.bytes_in_flight": "204", + "tcp.analysis.push_bytes_sent": "204" + }, + "tcp.segment_data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:37:36:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:39:31:61:36:31:31:37:38:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:30:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.106759000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.106759000", + "frame.time_delta": "0.000394000", + "frame.time_delta_displayed": "0.000394000", + "frame.time_relative": "2511.646073000", + "frame.number": "8935", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000030e9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008763", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4471", + "tcp.port": "39500", + "tcp.port": "4471", + "tcp.stream": "345", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "205", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000665c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8934", + "tcp.analysis.ack_rtt": "0.000394000", + "tcp.analysis.initial_rtt": "0.005468000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.108459000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.108459000", + "frame.time_delta": "0.001700000", + "frame.time_delta_displayed": "0.001700000", + "frame.time_relative": "2511.647773000", + "frame.number": "8936", + "frame.len": "231", + "frame.cap_len": "231", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml:http:data" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "217", + "ip.id": "0x00005501", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000629a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4471", + "tcp.dstport": "39500", + "tcp.port": "4471", + "tcp.port": "39500", + "tcp.stream": "345", + "tcp.len": "177", + "tcp.seq": "205", + "tcp.nxtseq": "382", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00002898", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005468000", + "tcp.analysis.bytes_in_flight": "177", + "tcp.analysis.push_bytes_sent": "177" + }, + "tcp.segment_data": "3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:7c:31:35:30:39:34:39:35:31:30:38:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" + }, + "tcp.segments": { + "tcp.segment": "8934", + "tcp.segment": "8936", + "tcp.segment.count": "2", + "tcp.reassembled.length": "380", + "tcp.reassembled.data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:37:36:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:39:31:61:36:31:31:37:38:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:30:0d:0a:0d:0a:3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:7c:31:35:30:39:34:39:35:31:30:38:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" + }, + "http": { + "NOTIFY \/ HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY \/ HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "\/", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.242:39500", + "http.content_type": "text\/xml; charset=\"utf-8\"", + "http.content_length_header": "176", + "http.content_length_header_tree": { + "http.content_length": "176" + }, + "http.unknown_header": "NT: upnp:event\\r\\n", + "http.unknown_header": "NTS: upnp:propchange\\r\\n", + "http.unknown_header": "SID: uuid:91a61178-1dd2-11b2-be5b-b0ef260068aa\\r\\n", + "http.unknown_header": "SEQ: 0\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.242:39500\/", + "http.notification": "1", + "http.file_data": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">\n<e:property>\n<BinaryState>0|1509495108|0|0|14320|1209600|15|0|0|4860051<\/BinaryState>\n<\/e:property>\n<\/e:propertyset>\n\n\r" + }, + "xml": { + "xml.tag": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:e=\"urn:schemas-upnp-org:event-1-0\"", + "xml.tag": "<e:property>", + "xml.tag_tree": { + "xml.tag": "<BinaryState>", + "xml.tag_tree": { + "xml.cdata": "0|1509495108|0|0|14320|1209600|15|0|0|4860051", + "<\/BinaryState>": "" + }, + "<\/e:property>": "" + }, + "<\/e:propertyset>": "" + } + }, + "http": { + "data": { + "data.data": "0a", + "data.len": "1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.108877000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.108877000", + "frame.time_delta": "0.000418000", + "frame.time_delta_displayed": "0.000418000", + "frame.time_relative": "2511.648191000", + "frame.number": "8937", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000030ea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008762", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4471", + "tcp.port": "39500", + "tcp.port": "4471", + "tcp.stream": "345", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "382", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000659a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8936", + "tcp.analysis.ack_rtt": "0.000418000", + "tcp.analysis.initial_rtt": "0.005468000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.133579000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.133579000", + "frame.time_delta": "0.024702000", + "frame.time_delta_displayed": "0.024702000", + "frame.time_relative": "2511.672893000", + "frame.number": "8938", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d5f8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e253", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36225", + "tcp.dstport": "49154", + "tcp.port": "36225", + "tcp.port": "49154", + "tcp.stream": "344", + "tcp.len": "0", + "tcp.seq": "180", + "tcp.ack": "215", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000843f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8931", + "tcp.analysis.ack_rtt": "0.032667000", + "tcp.analysis.initial_rtt": "0.002496000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.134890000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.134890000", + "frame.time_delta": "0.001311000", + "frame.time_delta_displayed": "0.001311000", + "frame.time_relative": "2511.674204000", + "frame.number": "8939", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e34", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000374b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "23713", + "tcp.ack": "107041", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000938d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:90:24:00:28:86:0f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812579876, TSecr 2655759": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812579876", + "tcp.options.timestamp.tsecr": "2655759" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8922", + "tcp.analysis.ack_rtt": "0.060223000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.135376000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.135376000", + "frame.time_delta": "0.000486000", + "frame.time_delta_displayed": "0.000486000", + "frame.time_relative": "2511.674690000", + "frame.number": "8940", + "frame.len": "911", + "frame.cap_len": "911", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "897", + "ip.id": "0x0000973f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000072f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "845", + "tcp.seq": "107041", + "tcp.nxtseq": "107886", + "tcp.ack": "23713", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000209f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:86:15:a7:a4:90:24", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2655765, TSecr 2812579876": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2655765", + "tcp.options.timestamp.tsecr": "2812579876" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "845", + "tcp.analysis.push_bytes_sent": "845" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:dc:39:2c:20:eb:1d:47:18:30:a1:3d:21:63:6e:1c:d7:3f:40:e7:07:9f:72:c9:d4:02:c8:cc:2e:b5:25:d7:bd:c4:27:19:ff:95:07:72:c2:3e:11" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:dd:8e:3c:7d:2d:7c:3a:d6:6f:50:cd:cc:f0:0b:7d:83:a7:ea:0a:d4:1f:35:9f:c1:a9:b8:dc:f7:aa:8f:44:1f:1b:d9:a3:81:f9:93:67:64:92:ce" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "267", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:de:ec:1f:09:12:30:40:1a:f2:c3:d5:07:5f:22:52:0d:07:7c:56:8c:3d:9f:4f:4e:eb:78:ae:4e:b9:6a:dd:ea:5c:9d:89:ea:db:6d:83:f3:b5:48:37:61:37:d7:39:68:22:e0:57:cd:88:4b:1a:16:61:5e:ef:2b:be:cd:b5:49:a6:fd:b5:4d:7b:d9:3f:5f:89:41:8d:e4:57:f6:f5:54:05:a8:a4:e0:90:9f:7c:59:ea:88:e9:c9:65:97:b2:ef:8c:bc:28:57:b5:f4:01:20:ca:39:bf:32:5a:fc:f7:b0:d2:15:64:7a:c1:fe:0f:ce:5a:89:58:d1:2a:a7:f3:88:fd:ba:77:86:3c:8b:87:cd:c0:eb:88:66:31:f9:35:60:ce:5c:3e:12:bd:c3:0d:f5:b6:e2:0a:2e:2e:7a:e6:65:35:1f:5a:46:db:62:27:a2:8a:d6:af:5e:a0:9a:4f:de:0f:c5:61:20:a7:77:93:b3:72:fb:cb:9d:95:b4:49:9a:6f:51:8e:4b:03:c5:30:8d:04:8f:e3:92:7a:dc:d0:58:e3:0c:f0:cb:cb:d4:b8:98:5a:ae:3f:13:2a:a2:23:9b:6a:7e:c2:93:d4:68:49:30:07:c7:e3:86:68:47:07:77:4c:2f:bf:7f:7e:85:76:a8:9f:bb:c3:22:25:31:80:34:62:78:f5:84" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "460", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:df:da:b3:da:19:42:4e:68:8c:bc:22:98:ac:02:ce:e5:ee:a3:39:00:0a:1e:57:8d:51:93:38:9d:52:a6:a7:20:af:89:2d:14:db:9b:14:2e:24:51:3e:2e:1b:1a:1e:34:5b:12:31:05:e0:8d:03:46:ff:ae:75:f5:23:2f:3c:0e:97:d4:4d:f1:69:9d:09:06:22:e5:11:33:f0:a8:87:83:d0:71:53:6b:31:e3:11:00:be:f2:bd:3f:85:4e:9f:3b:8f:17:ef:84:b9:c7:fb:fe:30:f3:81:52:28:93:41:5a:c7:23:61:ea:03:2e:af:0c:32:57:70:da:63:7e:e7:8b:e7:03:e0:2d:dc:2b:2d:25:c0:f8:15:90:b2:86:f6:c5:36:2d:db:bb:d8:c2:2e:70:0e:2c:6b:fc:fa:bf:a9:68:10:7a:a4:fd:ac:eb:4e:bb:b7:b2:4f:a5:ae:e1:3c:69:63:11:39:30:9f:9d:83:18:18:94:fd:eb:2a:d4:d3:fc:9e:99:ef:9a:f7:4b:8b:06:f6:44:4c:96:0a:67:41:99:a2:31:ee:34:3c:d2:0a:03:72:07:fe:c5:ee:05:e2:a8:50:4b:a0:24:09:6d:69:b4:3d:fc:e8:39:62:2c:56:fb:c6:8b:b8:7b:25:74:82:44:3c:b9:e7:c9:b8:25:f2:29:0d:9f:43:09:0d:2e:a9:f9:81:55:40:b0:93:00:65:ab:5e:8e:a6:78:c8:56:cd:23:55:5f:eb:5d:b9:c4:8a:95:ba:ee:c8:cc:0c:38:61:01:63:4f:fa:88:e3:7a:b6:d3:6e:9e:7f:6c:a3:96:cd:31:60:ae:51:d1:4a:63:e5:46:ca:d8:ed:af:24:5b:49:fd:1b:d8:a9:01:01:1f:24:76:0b:aa:43:86:a9:ae:fd:8f:cb:4d:b8:39:6c:30:2f:50:d2:f9:2d:b7:4f:0d:59:68:cc:24:5a:6e:25:e4:1b:18:fe:95:83:b4:87:14:1e:35:a6:9b:64:29:06:31:5d:cf:c3:b5:0a:d5:0f:01:33:ed:41:b9:bb:cd:5f:c8:7c:e9:d4:ff:a5:c1:4b:69:83:48:17:59:e1:fc:b4:fd:f7:73:4b:ca:79:73:d8:f4:94:7e:f5:cc:01:f5:e1:fb:48:35:c0:97:e5:4b:ff:a2:81:42:26:82:05:e0:cd:2d:61:7c:4e:53:35:59:5f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.195617000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.195617000", + "frame.time_delta": "0.060241000", + "frame.time_delta_displayed": "0.060241000", + "frame.time_relative": "2511.734931000", + "frame.number": "8941", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e35", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000374a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "23713", + "tcp.ack": "107886", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000902b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:90:33:00:28:86:15", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812579891, TSecr 2655765": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812579891", + "tcp.options.timestamp.tsecr": "2655765" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8940", + "tcp.analysis.ack_rtt": "0.060241000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.198484000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.198484000", + "frame.time_delta": "0.002867000", + "frame.time_delta_displayed": "0.002867000", + "frame.time_relative": "2511.737798000", + "frame.number": "8942", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002e36", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000371a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "23713", + "tcp.nxtseq": "23760", + "tcp.ack": "107886", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d2cd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:90:34:00:28:86:15", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812579892, TSecr 2655765": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812579892", + "tcp.options.timestamp.tsecr": "2655765" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:f7:02:f2:17:37:c5:b5:88:ff:78:cc:65:8a:80:27:8d:5d:dd:43:41:1f:87:2f:b6:1f:7e:3d:38:b0:7f:1f:c6:4f:b6:8b" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.202502000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.202502000", + "frame.time_delta": "0.004018000", + "frame.time_delta_displayed": "0.004018000", + "frame.time_relative": "2511.741816000", + "frame.number": "8943", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00009740", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007610", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "107886", + "tcp.nxtseq": "107933", + "tcp.ack": "23760", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000694d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:86:1b:a7:a4:90:34", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2655771, TSecr 2812579892": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2655771", + "tcp.options.timestamp.tsecr": "2812579892" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8942", + "tcp.analysis.ack_rtt": "0.004018000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:e0:72:7a:4b:56:70:e8:ae:d6:9f:2c:82:ff:45:22:af:cf:d0:33:bd:8e:82:60:ad:96:9d:4a:e9:14:40:9f:b0:84:36:5a" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.224729000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.224729000", + "frame.time_delta": "0.022227000", + "frame.time_delta_displayed": "0.022227000", + "frame.time_relative": "2511.764043000", + "frame.number": "8944", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000d5f9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000e252", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "36225", + "tcp.dstport": "49154", + "tcp.port": "36225", + "tcp.port": "49154", + "tcp.stream": "344", + "tcp.len": "0", + "tcp.seq": "180", + "tcp.ack": "215", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000843e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.226680000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.226680000", + "frame.time_delta": "0.001951000", + "frame.time_delta_displayed": "0.001951000", + "frame.time_relative": "2511.765994000", + "frame.number": "8945", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b84c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "49154", + "tcp.dstport": "36225", + "tcp.port": "49154", + "tcp.port": "36225", + "tcp.stream": "344", + "tcp.len": "0", + "tcp.seq": "215", + "tcp.ack": "181", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x000079cb", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8944", + "tcp.analysis.ack_rtt": "0.001951000", + "tcp.analysis.initial_rtt": "0.002496000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.263225000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.263225000", + "frame.time_delta": "0.036545000", + "frame.time_delta_displayed": "0.036545000", + "frame.time_relative": "2511.802539000", + "frame.number": "8946", + "frame.len": "151", + "frame.cap_len": "151", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "137", + "ip.id": "0x00002e37", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000036f3", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "85", + "tcp.seq": "23760", + "tcp.nxtseq": "23845", + "tcp.ack": "107933", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000e114", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:90:44:00:28:86:1b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812579908, TSecr 2655771": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812579908", + "tcp.options.timestamp.tsecr": "2655771" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8943", + "tcp.analysis.ack_rtt": "0.060723000", + "tcp.analysis.bytes_in_flight": "85", + "tcp.analysis.push_bytes_sent": "85" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "80", + "ssl.app_data": "34:cd:34:17:47:48:0e:f8:66:4f:98:a0:95:24:fb:45:57:a3:d3:1b:08:59:bb:e4:81:50:d8:6e:ad:8e:82:c4:53:14:c7:f7:e4:0c:bb:f8:ef:1f:13:f3:59:8f:42:72:ea:44:c8:ef:73:26:f1:66:96:82:6b:cc:65:8e:52:5a:29:1d:7d:51:c7:52:ee:a0:a1:cb:95:82:a8:64:11:80" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.263734000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.263734000", + "frame.time_delta": "0.000509000", + "frame.time_delta_displayed": "0.000509000", + "frame.time_relative": "2511.803048000", + "frame.number": "8947", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009741", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007608", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "107933", + "tcp.nxtseq": "107987", + "tcp.ack": "23845", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000069f1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:86:22:a7:a4:90:44", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2655778, TSecr 2812579908": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2655778", + "tcp.options.timestamp.tsecr": "2812579908" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8946", + "tcp.analysis.ack_rtt": "0.000509000", + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:e1:db:fa:fe:d3:5e:2b:3e:31:c7:9e:e1:a8:da:76:14:24:91:f4:5a:ed:b9:8e:a8:19:bb:03:d5:1f:fe:f1:99:e0:54:46:2f:e3:1b:3c:0f:47:e5" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.274088000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.274088000", + "frame.time_delta": "0.010354000", + "frame.time_delta_displayed": "0.010354000", + "frame.time_relative": "2511.813402000", + "frame.number": "8948", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x000030eb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000873b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4471", + "tcp.port": "39500", + "tcp.port": "4471", + "tcp.stream": "345", + "tcp.len": "38", + "tcp.seq": "1", + "tcp.nxtseq": "39", + "tcp.ack": "382", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00007225", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.005468000", + "tcp.analysis.bytes_in_flight": "38", + "tcp.analysis.push_bytes_sent": "38" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.275516000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.275516000", + "frame.time_delta": "0.001428000", + "frame.time_delta_displayed": "0.001428000", + "frame.time_relative": "2511.814830000", + "frame.number": "8949", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005502", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000634a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4471", + "tcp.dstport": "39500", + "tcp.port": "4471", + "tcp.port": "39500", + "tcp.stream": "345", + "tcp.len": "0", + "tcp.seq": "382", + "tcp.ack": "39", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00005b12", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8948", + "tcp.analysis.ack_rtt": "0.001428000", + "tcp.analysis.initial_rtt": "0.005468000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.276560000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.276560000", + "frame.time_delta": "0.001044000", + "frame.time_delta_displayed": "0.001044000", + "frame.time_relative": "2511.815874000", + "frame.number": "8950", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005503", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006349", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4471", + "tcp.dstport": "39500", + "tcp.port": "4471", + "tcp.port": "39500", + "tcp.stream": "345", + "tcp.len": "0", + "tcp.seq": "382", + "tcp.ack": "39", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00005b11", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.277206000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.277206000", + "frame.time_delta": "0.000646000", + "frame.time_delta_displayed": "0.000646000", + "frame.time_relative": "2511.816520000", + "frame.number": "8951", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000030ec", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00008760", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4471", + "tcp.port": "39500", + "tcp.port": "4471", + "tcp.stream": "345", + "tcp.len": "0", + "tcp.seq": "39", + "tcp.ack": "383", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00006572", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8950", + "tcp.analysis.ack_rtt": "0.000646000", + "tcp.analysis.initial_rtt": "0.005468000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.278709000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.278709000", + "frame.time_delta": "0.001503000", + "frame.time_delta_displayed": "0.001503000", + "frame.time_relative": "2511.818023000", + "frame.number": "8952", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005504", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006348", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4471", + "tcp.dstport": "39500", + "tcp.port": "4471", + "tcp.port": "39500", + "tcp.stream": "345", + "tcp.len": "0", + "tcp.seq": "383", + "tcp.ack": "40", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00005b10", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8951", + "tcp.analysis.ack_rtt": "0.001503000", + "tcp.analysis.initial_rtt": "0.005468000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.366004000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.366004000", + "frame.time_delta": "0.087295000", + "frame.time_delta_displayed": "0.087295000", + "frame.time_relative": "2511.905318000", + "frame.number": "8953", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e38", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003747", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "23845", + "tcp.ack": "107987", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008f0a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:90:5e:00:28:86:22", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812579934, TSecr 2655778": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812579934", + "tcp.options.timestamp.tsecr": "2655778" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8947", + "tcp.analysis.ack_rtt": "0.102270000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.366500000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.366500000", + "frame.time_delta": "0.000496000", + "frame.time_delta_displayed": "0.000496000", + "frame.time_relative": "2511.905814000", + "frame.number": "8954", + "frame.len": "192", + "frame.cap_len": "192", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "178", + "ip.id": "0x00009742", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075bf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "126", + "tcp.seq": "107987", + "tcp.nxtseq": "108113", + "tcp.ack": "23845", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000dcf7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:86:2c:a7:a4:90:5e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2655788, TSecr 2812579934": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2655788", + "tcp.options.timestamp.tsecr": "2812579934" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "126", + "tcp.analysis.push_bytes_sent": "126" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:e2:2e:79:bc:c3:a2:01:5d:ac:68:fd:14:8f:fd:56:f0:6c:ac:e1:6c:8a:e2:73:c1:0e:bd:3d:69:4b:2f:77:3e:eb:67:33" + }, + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "74", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:e3:fe:2a:8e:66:3e:26:9c:07:8c:16:57:b6:25:25:70:7f:d9:c1:2d:d4:2d:52:2e:fa:69:3e:c1:6e:ef:44:d5:54:e5:56:6b:25:46:bc:e1:24:ff:c7:db:44:7f:57:4c:88:90:d1:d9:96:cc:0e:8d:62:e4:c1:f2:9f:83:08:b9:50:39:26" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.427174000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.427174000", + "frame.time_delta": "0.060674000", + "frame.time_delta_displayed": "0.060674000", + "frame.time_relative": "2511.966488000", + "frame.number": "8955", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e39", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003746", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "23845", + "tcp.ack": "108113", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008e73", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:90:6d:00:28:86:2c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812579949, TSecr 2655788": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812579949", + "tcp.options.timestamp.tsecr": "2655788" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8954", + "tcp.analysis.ack_rtt": "0.060674000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.427661000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.427661000", + "frame.time_delta": "0.000487000", + "frame.time_delta_displayed": "0.000487000", + "frame.time_relative": "2511.966975000", + "frame.number": "8956", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002e3a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003716", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "23845", + "tcp.nxtseq": "23892", + "tcp.ack": "108113", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00007d25", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:90:6d:00:28:86:2c", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812579949, TSecr 2655788": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812579949", + "tcp.options.timestamp.tsecr": "2655788" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:f9:52:af:70:60:14:03:e9:5d:38:d4:49:7e:76:ba:d2:77:30:90:56:50:a6:42:e3:28:c6:6e:71:32:d2:ea:05:f3:a7:e6" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.431563000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.431563000", + "frame.time_delta": "0.003902000", + "frame.time_delta_displayed": "0.003902000", + "frame.time_relative": "2511.970877000", + "frame.number": "8957", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009743", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000760b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "108113", + "tcp.nxtseq": "108162", + "tcp.ack": "23892", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d251", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:86:32:a7:a4:90:6d", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2655794, TSecr 2812579949": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2655794", + "tcp.options.timestamp.tsecr": "2812579949" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8956", + "tcp.analysis.ack_rtt": "0.003902000", + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:e4:4f:08:67:fc:45:e2:17:0a:b0:8f:df:0d:4b:a7:77:39:5b:12:9f:23:50:7d:ec:91:66:23:2a:90:66:d0:71:36:ad:32:ef:32" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:23.529848000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496103.529848000", + "frame.time_delta": "0.098285000", + "frame.time_delta_displayed": "0.098285000", + "frame.time_relative": "2512.069162000", + "frame.number": "8958", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e3b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003744", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "23892", + "tcp.ack": "108162", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008df3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:90:87:00:28:86:32", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812579975, TSecr 2655794": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812579975", + "tcp.options.timestamp.tsecr": "2655794" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8957", + "tcp.analysis.ack_rtt": "0.098285000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.371489000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.371489000", + "frame.time_delta": "0.841641000", + "frame.time_delta_displayed": "0.841641000", + "frame.time_relative": "2512.910803000", + "frame.number": "8959", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x000012a7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a599", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4472", + "tcp.dstport": "39500", + "tcp.port": "4472", + "tcp.port": "39500", + "tcp.stream": "346", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 39500", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5840", + "tcp.window_size": "5840", + "tcp.checksum": "0x00009794", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 1 (multiply by 2)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "1", + "tcp.options.wscale.multiplier": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.371977000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.371977000", + "frame.time_delta": "0.000488000", + "frame.time_delta_displayed": "0.000488000", + "frame.time_relative": "2512.911291000", + "frame.number": "8960", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b840", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4472", + "tcp.port": "39500", + "tcp.port": "4472", + "tcp.stream": "346", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 39500", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "14600", + "tcp.window_size": "14600", + "tcp.checksum": "0x00000aca", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:06", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 6 (multiply by 64)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "6", + "tcp.options.wscale.multiplier": "64" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8959", + "tcp.analysis.ack_rtt": "0.000488000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.373878000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.373878000", + "frame.time_delta": "0.001901000", + "frame.time_delta_displayed": "0.001901000", + "frame.time_relative": "2512.913192000", + "frame.number": "8961", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000012a8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a5a4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4472", + "tcp.dstport": "39500", + "tcp.port": "4472", + "tcp.port": "39500", + "tcp.stream": "346", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000793b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8960", + "tcp.analysis.ack_rtt": "0.001901000", + "tcp.analysis.initial_rtt": "0.002389000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.374715000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.374715000", + "frame.time_delta": "0.000837000", + "frame.time_delta_displayed": "0.000837000", + "frame.time_relative": "2512.914029000", + "frame.number": "8962", + "frame.len": "258", + "frame.cap_len": "258", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "244", + "ip.id": "0x000012a9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a4d7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4472", + "tcp.dstport": "39500", + "tcp.port": "4472", + "tcp.port": "39500", + "tcp.stream": "346", + "tcp.len": "204", + "tcp.seq": "1", + "tcp.nxtseq": "205", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x0000f717", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002389000", + "tcp.analysis.bytes_in_flight": "204", + "tcp.analysis.push_bytes_sent": "204" + }, + "tcp.segment_data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:35:30:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:39:31:61:36:31:31:37:38:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:31:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.375179000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.375179000", + "frame.time_delta": "0.000464000", + "frame.time_delta_displayed": "0.000464000", + "frame.time_relative": "2512.914493000", + "frame.number": "8963", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000010b9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a793", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4472", + "tcp.port": "39500", + "tcp.port": "4472", + "tcp.stream": "346", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "205", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "15680", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x000082e2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8962", + "tcp.analysis.ack_rtt": "0.000464000", + "tcp.analysis.initial_rtt": "0.002389000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.377409000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.377409000", + "frame.time_delta": "0.002230000", + "frame.time_delta_displayed": "0.002230000", + "frame.time_relative": "2512.916723000", + "frame.number": "8964", + "frame.len": "205", + "frame.cap_len": "205", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml:http:data" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "191", + "ip.id": "0x000012aa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a50b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4472", + "tcp.dstport": "39500", + "tcp.port": "4472", + "tcp.port": "39500", + "tcp.stream": "346", + "tcp.len": "151", + "tcp.seq": "205", + "tcp.nxtseq": "356", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x00004409", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002389000", + "tcp.analysis.bytes_in_flight": "151", + "tcp.analysis.push_bytes_sent": "151" + }, + "tcp.segment_data": "3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:45:6e:65:72:67:79:50:65:72:55:6e:69:74:43:6f:73:74:3e:31:7c:31:31:31:7c:31:3c:2f:45:6e:65:72:67:79:50:65:72:55:6e:69:74:43:6f:73:74:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" + }, + "tcp.segments": { + "tcp.segment": "8962", + "tcp.segment": "8964", + "tcp.segment.count": "2", + "tcp.reassembled.length": "354", + "tcp.reassembled.data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:35:30:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:39:31:61:36:31:31:37:38:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:31:0d:0a:0d:0a:3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:45:6e:65:72:67:79:50:65:72:55:6e:69:74:43:6f:73:74:3e:31:7c:31:31:31:7c:31:3c:2f:45:6e:65:72:67:79:50:65:72:55:6e:69:74:43:6f:73:74:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" + }, + "http": { + "NOTIFY \/ HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY \/ HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "\/", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.242:39500", + "http.content_type": "text\/xml; charset=\"utf-8\"", + "http.content_length_header": "150", + "http.content_length_header_tree": { + "http.content_length": "150" + }, + "http.unknown_header": "NT: upnp:event\\r\\n", + "http.unknown_header": "NTS: upnp:propchange\\r\\n", + "http.unknown_header": "SID: uuid:91a61178-1dd2-11b2-be5b-b0ef260068aa\\r\\n", + "http.unknown_header": "SEQ: 1\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.242:39500\/", + "http.notification": "1", + "http.file_data": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">\n<e:property>\n<EnergyPerUnitCost>1|111|1<\/EnergyPerUnitCost>\n<\/e:property>\n<\/e:propertyset>\n\n\r" + }, + "xml": { + "xml.tag": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns:e=\"urn:schemas-upnp-org:event-1-0\"", + "xml.tag": "<e:property>", + "xml.tag_tree": { + "xml.tag": "<EnergyPerUnitCost>", + "xml.tag_tree": { + "xml.cdata": "1|111|1", + "<\/EnergyPerUnitCost>": "" + }, + "<\/e:property>": "" + }, + "<\/e:propertyset>": "" + } + }, + "http": { + "data": { + "data.data": "0a", + "data.len": "1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.377824000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.377824000", + "frame.time_delta": "0.000415000", + "frame.time_delta_displayed": "0.000415000", + "frame.time_relative": "2512.917138000", + "frame.number": "8965", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000010ba", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a792", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4472", + "tcp.port": "39500", + "tcp.port": "4472", + "tcp.stream": "346", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "356", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x0000823a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8964", + "tcp.analysis.ack_rtt": "0.000415000", + "tcp.analysis.initial_rtt": "0.002389000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.399246000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.399246000", + "frame.time_delta": "0.021422000", + "frame.time_delta_displayed": "0.021422000", + "frame.time_relative": "2512.938560000", + "frame.number": "8966", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "106", + "ip.id": "0x00009744", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007605", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "54", + "tcp.seq": "108162", + "tcp.nxtseq": "108216", + "tcp.ack": "23892", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ec05", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:86:93:a7:a4:90:87", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2655891, TSecr 2812579975": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2655891", + "tcp.options.timestamp.tsecr": "2812579975" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "54", + "tcp.analysis.push_bytes_sent": "54" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "49", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:e5:48:67:ce:7c:9f:87:4c:9c:fe:62:92:7f:d6:92:0d:46:4d:f9:06:d4:52:b5:09:5e:f6:b9:3e:05:80:0d:56:67:b9:9d:bc:b1:d0:bc:0a:cf:b8" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.459470000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.459470000", + "frame.time_delta": "0.060224000", + "frame.time_delta_displayed": "0.060224000", + "frame.time_relative": "2512.998784000", + "frame.number": "8967", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e3c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003743", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "23892", + "tcp.ack": "108216", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008c74", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:91:6f:00:28:86:93", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812580207, TSecr 2655891": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812580207", + "tcp.options.timestamp.tsecr": "2655891" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8966", + "tcp.analysis.ack_rtt": "0.060224000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.459996000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.459996000", + "frame.time_delta": "0.000526000", + "frame.time_delta_displayed": "0.000526000", + "frame.time_relative": "2512.999310000", + "frame.number": "8968", + "frame.len": "480", + "frame.cap_len": "480", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "466", + "ip.id": "0x00009745", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000749c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "414", + "tcp.seq": "108216", + "tcp.nxtseq": "108630", + "tcp.ack": "23892", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000028b6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:86:99:a7:a4:91:6f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2655897, TSecr 2812580207": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2655897", + "tcp.options.timestamp.tsecr": "2812580207" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "414", + "tcp.analysis.push_bytes_sent": "414" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "409", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:e6:ef:88:ee:85:c9:4d:8f:b1:f4:24:e1:2c:dc:a8:91:11:c6:10:8b:fd:4b:5a:12:c4:50:8e:f5:0e:ff:8e:cc:0e:61:88:80:01:ee:a1:1d:e0:79:dc:df:93:d2:3e:8c:de:c8:68:80:f9:68:07:07:f3:00:26:c0:cf:ae:92:66:8b:99:34:7a:c9:b7:90:e8:6d:8a:cf:4d:78:7a:03:32:df:58:da:84:a9:2f:28:aa:d3:06:12:83:30:e4:a9:df:b8:4a:37:8b:90:6d:b6:57:1b:4c:73:67:c4:ad:7e:53:d0:5c:7f:22:de:94:e9:cd:70:d8:d7:14:62:7c:99:04:67:31:be:f6:6f:23:95:e0:88:e6:c9:92:2b:cd:89:5d:a2:58:16:28:2e:9e:e6:ad:28:23:2b:93:66:48:59:e0:87:f6:f0:4c:6d:1a:70:4b:8b:97:0b:e0:67:d1:c5:a0:b4:18:a2:8f:51:1b:4f:fa:68:5f:e3:ac:d9:ef:eb:a3:52:0f:a9:c3:03:12:58:0e:c6:cc:13:b5:f1:22:c5:17:f8:ec:a6:df:90:ac:0f:a8:c6:15:e6:4b:16:3a:31:6e:83:47:2c:5b:96:cf:34:97:24:a7:78:3e:d0:b7:5a:f2:29:9c:68:a3:fb:45:ba:87:05:59:6d:0a:c7:81:8f:6d:93:e7:2c:ec:8f:cd:29:25:4e:89:46:7f:5f:7c:c8:d6:18:e4:c9:a3:74:c1:1c:f0:d6:25:08:85:a0:a6:d7:99:e5:8d:41:75:44:27:64:ea:81:de:eb:f5:25:27:89:0f:16:05:79:c7:1b:c1:5a:57:92:29:69:3e:42:af:dc:04:87:a2:1f:07:29:39:d8:bf:e9:12:80:48:57:62:08:26:9e:f8:1f:b3:96:d4:74:8d:29:54:cd:1c:b1:06:35:52:ad:b2:7f:95:a3:f0:8b:5f:c0:fa:c3:f6:2f:17:72:a4:b5:75:db:a3:ca:d2:34:f4:58:20:97:98:eb:e5:61:58:df:b6:b7:b0:9b:fd:2d:f5:0a:b6:4f:28:a7:33:82:45:81:d9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.520484000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.520484000", + "frame.time_delta": "0.060488000", + "frame.time_delta_displayed": "0.060488000", + "frame.time_relative": "2513.059798000", + "frame.number": "8969", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e3d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003742", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "23892", + "tcp.ack": "108630", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008ac1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:91:7e:00:28:86:99", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812580222, TSecr 2655897": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812580222", + "tcp.options.timestamp.tsecr": "2655897" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8968", + "tcp.analysis.ack_rtt": "0.060488000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.520990000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.520990000", + "frame.time_delta": "0.000506000", + "frame.time_delta_displayed": "0.000506000", + "frame.time_relative": "2513.060304000", + "frame.number": "8970", + "frame.len": "151", + "frame.cap_len": "151", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "137", + "ip.id": "0x00002e3e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x000036ec", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "85", + "tcp.seq": "23892", + "tcp.nxtseq": "23977", + "tcp.ack": "108630", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000324e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:91:7e:00:28:86:99", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812580222, TSecr 2655897": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812580222", + "tcp.options.timestamp.tsecr": "2655897" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "85", + "tcp.analysis.push_bytes_sent": "85" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "80", + "ssl.app_data": "34:cd:34:17:47:48:0e:fa:15:f6:29:32:84:90:f1:48:49:d4:5e:7f:d7:db:1d:75:4a:db:a6:d9:e2:bd:84:96:7f:a0:71:7f:08:b1:71:ed:48:80:b4:24:36:e6:85:e5:70:c0:13:4a:c6:7c:7e:08:1d:4c:5d:b6:92:72:c2:69:28:1d:c5:8a:6e:8c:a6:ff:a3:d1:c1:17:72:bd:0f:9f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.525770000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.525770000", + "frame.time_delta": "0.004780000", + "frame.time_delta_displayed": "0.004780000", + "frame.time_relative": "2513.065084000", + "frame.number": "8971", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00009746", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000760a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "108630", + "tcp.nxtseq": "108677", + "tcp.ack": "23977", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003383", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:86:a0:a7:a4:91:7e", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2655904, TSecr 2812580222": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2655904", + "tcp.options.timestamp.tsecr": "2812580222" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8970", + "tcp.analysis.ack_rtt": "0.004780000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:e7:26:f7:8d:5c:2f:d8:67:29:76:8d:cd:55:19:e2:37:aa:1b:9b:38:44:0b:3f:31:14:d8:48:44:3a:c9:56:f3:9f:4f:fd" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.528713000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.528713000", + "frame.time_delta": "0.002943000", + "frame.time_delta_displayed": "0.002943000", + "frame.time_relative": "2513.068027000", + "frame.number": "8972", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x000010bb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a76b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4472", + "tcp.port": "39500", + "tcp.port": "4472", + "tcp.stream": "346", + "tcp.len": "38", + "tcp.seq": "1", + "tcp.nxtseq": "39", + "tcp.ack": "356", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00008ec5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002389000", + "tcp.analysis.bytes_in_flight": "38", + "tcp.analysis.push_bytes_sent": "38" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.530991000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.530991000", + "frame.time_delta": "0.002278000", + "frame.time_delta_displayed": "0.002278000", + "frame.time_relative": "2513.070305000", + "frame.number": "8973", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000012ab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a5a1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4472", + "tcp.dstport": "39500", + "tcp.port": "4472", + "tcp.port": "39500", + "tcp.stream": "346", + "tcp.len": "0", + "tcp.seq": "356", + "tcp.ack": "39", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x000077b2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8972", + "tcp.analysis.ack_rtt": "0.002278000", + "tcp.analysis.initial_rtt": "0.002389000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.531718000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.531718000", + "frame.time_delta": "0.000727000", + "frame.time_delta_displayed": "0.000727000", + "frame.time_relative": "2513.071032000", + "frame.number": "8974", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000012ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a5a0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4472", + "tcp.dstport": "39500", + "tcp.port": "4472", + "tcp.port": "39500", + "tcp.stream": "346", + "tcp.len": "0", + "tcp.seq": "356", + "tcp.ack": "39", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x000077b1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.532332000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.532332000", + "frame.time_delta": "0.000614000", + "frame.time_delta_displayed": "0.000614000", + "frame.time_relative": "2513.071646000", + "frame.number": "8975", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "14:91:82:25:10:77", + "eth.dst_tree": { + "eth.dst_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000010bc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a790", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.dst_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "39500", + "tcp.dstport": "4472", + "tcp.port": "39500", + "tcp.port": "4472", + "tcp.stream": "346", + "tcp.len": "0", + "tcp.seq": "39", + "tcp.ack": "357", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "262", + "tcp.window_size": "16768", + "tcp.window_size_scalefactor": "64", + "tcp.checksum": "0x00008212", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8974", + "tcp.analysis.ack_rtt": "0.000614000", + "tcp.analysis.initial_rtt": "0.002389000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.536436000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.536436000", + "frame.time_delta": "0.004104000", + "frame.time_delta_displayed": "0.004104000", + "frame.time_relative": "2513.075750000", + "frame.number": "8976", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "14:91:82:25:10:77", + "eth.src_tree": { + "eth.src_resolved": "BelkinIn_25:10:77", + "eth.addr": "14:91:82:25:10:77", + "eth.addr_resolved": "BelkinIn_25:10:77", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000012ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a59f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.65", + "ip.addr": "192.168.0.65", + "ip.src_host": "192.168.0.65", + "ip.host": "192.168.0.65", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "4472", + "tcp.dstport": "39500", + "tcp.port": "4472", + "tcp.port": "39500", + "tcp.stream": "346", + "tcp.len": "0", + "tcp.seq": "357", + "tcp.ack": "40", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "2920", + "tcp.window_size": "5840", + "tcp.window_size_scalefactor": "2", + "tcp.checksum": "0x000077b0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "8975", + "tcp.analysis.ack_rtt": "0.004104000", + "tcp.analysis.initial_rtt": "0.002389000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.586584000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.586584000", + "frame.time_delta": "0.050148000", + "frame.time_delta_displayed": "0.050148000", + "frame.time_relative": "2513.125898000", + "frame.number": "8977", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002e3f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003711", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "23977", + "tcp.nxtseq": "24024", + "tcp.ack": "108677", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d7b2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:91:8f:00:28:86:a0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812580239, TSecr 2655904": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812580239", + "tcp.options.timestamp.tsecr": "2655904" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8971", + "tcp.analysis.ack_rtt": "0.060814000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:fb:f5:e9:d4:66:43:b4:55:9e:f3:ae:58:9c:e6:73:b1:7f:8d:2d:65:0d:b0:c2:06:02:b5:ea:09:48:3a:9d:d5:a7:b8:ec" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.587080000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.587080000", + "frame.time_delta": "0.000496000", + "frame.time_delta_displayed": "0.000496000", + "frame.time_relative": "2513.126394000", + "frame.number": "8978", + "frame.len": "145", + "frame.cap_len": "145", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "131", + "ip.id": "0x00009747", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075e9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "79", + "tcp.seq": "108677", + "tcp.nxtseq": "108756", + "tcp.ack": "24024", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00000607", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:86:a6:a7:a4:91:8f", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2655910, TSecr 2812580239": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2655910", + "tcp.options.timestamp.tsecr": "2812580239" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8977", + "tcp.analysis.ack_rtt": "0.000496000", + "tcp.analysis.bytes_in_flight": "79", + "tcp.analysis.push_bytes_sent": "79" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "74", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:e8:39:74:bd:80:d7:b2:60:6a:3b:6b:18:d2:88:c5:7f:24:d3:15:ab:cc:f4:c1:dd:08:5e:cf:77:2e:2f:c9:24:7f:1a:87:87:7c:32:a7:5d:ed:52:65:64:ec:fe:6c:bc:c7:23:82:03:16:59:bc:95:db:a0:dc:88:52:25:e0:17:d1:59:1e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.685904000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.685904000", + "frame.time_delta": "0.098824000", + "frame.time_delta_displayed": "0.098824000", + "frame.time_relative": "2513.225218000", + "frame.number": "8979", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e40", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000373f", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "24024", + "tcp.ack": "108756", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00008988", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:91:a8:00:28:86:a6", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812580264, TSecr 2655910": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812580264", + "tcp.options.timestamp.tsecr": "2655910" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8978", + "tcp.analysis.ack_rtt": "0.098824000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.686396000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.686396000", + "frame.time_delta": "0.000492000", + "frame.time_delta_displayed": "0.000492000", + "frame.time_relative": "2513.225710000", + "frame.number": "8980", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009748", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007606", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "108756", + "tcp.nxtseq": "108805", + "tcp.ack": "24024", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004a26", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:86:b0:a7:a4:91:a8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2655920, TSecr 2812580264": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2655920", + "tcp.options.timestamp.tsecr": "2812580264" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:e9:2f:ca:49:7b:de:b3:2f:fe:be:d7:dc:f5:61:db:41:fc:7f:43:f7:67:57:63:de:33:48:f8:70:8a:46:a3:f7:ff:e5:58:bc:f4" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:24.746767000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496104.746767000", + "frame.time_delta": "0.060371000", + "frame.time_delta_displayed": "0.060371000", + "frame.time_relative": "2513.286081000", + "frame.number": "8981", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e41", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000373e", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "24024", + "tcp.ack": "108805", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000893e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:91:b7:00:28:86:b0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812580279, TSecr 2655920": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812580279", + "tcp.options.timestamp.tsecr": "2655920" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8980", + "tcp.analysis.ack_rtt": "0.060371000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:28.849041000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496108.849041000", + "frame.time_delta": "4.102274000", + "frame.time_delta_displayed": "4.102274000", + "frame.time_relative": "2517.388355000", + "frame.number": "8982", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:34.337778000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496114.337778000", + "frame.time_delta": "5.488737000", + "frame.time_delta_displayed": "5.488737000", + "frame.time_relative": "2522.877092000", + "frame.number": "8983", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000583f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a652", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5357", + "tcp.ack": "865", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ee72", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:34.496060000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496114.496060000", + "frame.time_delta": "0.158282000", + "frame.time_delta_displayed": "0.158282000", + "frame.time_relative": "2523.035374000", + "frame.number": "8984", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000101e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd73", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "865", + "tcp.ack": "5358", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f8e7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:36.953559000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496116.953559000", + "frame.time_delta": "2.457499000", + "frame.time_delta_displayed": "2.457499000", + "frame.time_relative": "2525.492873000", + "frame.number": "8985", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005fc7", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x00005822", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:40.243249000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496120.243249000", + "frame.time_delta": "3.289690000", + "frame.time_delta_displayed": "3.289690000", + "frame.time_relative": "2528.782563000", + "frame.number": "8986", + "frame.len": "82", + "frame.cap_len": "82", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "68", + "ip.id": "0x00000bd6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ecea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "48", + "udp.checksum": "0x0000e9e5", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "data": { + "data.data": "28:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:84:a4:37:14:b9:ce:f2:14:96:01:00:00:54:0b:00:00", + "data.len": "40" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:52.995176000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496132.995176000", + "frame.time_delta": "12.751927000", + "frame.time_delta_displayed": "12.751927000", + "frame.time_relative": "2541.534490000", + "frame.number": "8987", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000d132", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000f824", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:53.028290000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496133.028290000", + "frame.time_delta": "0.033114000", + "frame.time_delta_displayed": "0.033114000", + "frame.time_relative": "2541.567604000", + "frame.number": "8988", + "frame.len": "213", + "frame.cap_len": "213", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "199", + "ip.id": "0x00009749", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075a3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "147", + "tcp.seq": "108805", + "tcp.nxtseq": "108952", + "tcp.ack": "24024", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005a9b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:91:c2:a7:a4:91:b7", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2658754, TSecr 2812580279": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2658754", + "tcp.options.timestamp.tsecr": "2812580279" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "147", + "tcp.analysis.push_bytes_sent": "147" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "142", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:ea:e2:d0:0a:33:e6:08:30:dc:66:cc:e9:80:27:cc:69:db:f3:a9:f3:35:92:4e:ed:01:c4:cd:66:3e:bd:39:d5:bc:ed:40:65:12:28:bc:95:f4:4c:b8:d1:eb:25:b9:d0:b7:17:6b:4d:06:a9:a1:f7:f2:a4:88:17:fd:d5:7f:35:a5:b3:49:cb:5b:24:30:10:fa:84:be:cc:30:9f:49:e0:70:a3:e5:fe:53:98:c5:28:2d:bd:1f:65:4b:8e:23:ae:5f:02:b8:7c:2c:5d:c3:92:06:c6:bc:2f:d3:ff:32:12:f8:c2:be:0a:27:47:16:a4:62:eb:ce:2b:58:a0:62:e5:1f:ab:7e:24:64:04:10" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:53.048327000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496133.048327000", + "frame.time_delta": "0.020037000", + "frame.time_delta_displayed": "0.020037000", + "frame.time_relative": "2541.587641000", + "frame.number": "8989", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000d136", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000f820", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:53.088816000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496133.088816000", + "frame.time_delta": "0.040489000", + "frame.time_delta_displayed": "0.040489000", + "frame.time_relative": "2541.628130000", + "frame.number": "8990", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e42", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000373d", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "24024", + "tcp.ack": "108952", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000061ec", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:ad:64:00:28:91:c2", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812587364, TSecr 2658754": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812587364", + "tcp.options.timestamp.tsecr": "2658754" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8988", + "tcp.analysis.ack_rtt": "0.060526000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:53.101235000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496133.101235000", + "frame.time_delta": "0.012419000", + "frame.time_delta_displayed": "0.012419000", + "frame.time_relative": "2541.640549000", + "frame.number": "8991", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000d138", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000f815", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:53.121153000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496133.121153000", + "frame.time_delta": "0.019918000", + "frame.time_delta_displayed": "0.019918000", + "frame.time_relative": "2541.660467000", + "frame.number": "8992", + "frame.len": "196", + "frame.cap_len": "196", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "182", + "ip.id": "0x0000974a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075b3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "130", + "tcp.seq": "108952", + "tcp.nxtseq": "109082", + "tcp.ack": "24024", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000085bd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:91:cb:a7:a4:ad:64", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2658763, TSecr 2812587364": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2658763", + "tcp.options.timestamp.tsecr": "2812587364" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "130", + "tcp.analysis.push_bytes_sent": "130" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "125", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:eb:65:90:82:f7:ef:88:d5:ad:8d:9c:5e:82:bd:11:1a:ff:42:d9:d9:4c:53:c1:a2:a4:5a:0d:5b:ec:ff:48:65:2b:9e:37:bf:ef:65:45:06:70:b0:cd:5a:11:f9:57:80:1f:ff:26:ac:7a:e7:0f:e5:89:82:d6:fb:75:43:d9:9a:fc:35:ca:3c:de:e1:9a:13:ce:13:75:75:69:da:a1:15:96:a3:d7:4c:8f:4e:14:fa:b2:8c:a8:02:e6:3e:46:c2:79:a4:6b:83:26:57:bc:d5:41:db:42:2a:b4:1b:33:d1:4a:bc:f3:a0:84:79" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:53.154098000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496133.154098000", + "frame.time_delta": "0.032945000", + "frame.time_delta_displayed": "0.032945000", + "frame.time_relative": "2541.693412000", + "frame.number": "8993", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000d13a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000f813", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:53.181311000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496133.181311000", + "frame.time_delta": "0.027213000", + "frame.time_delta_displayed": "0.027213000", + "frame.time_relative": "2541.720625000", + "frame.number": "8994", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e43", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000373c", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "24024", + "tcp.ack": "109082", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000614a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:ad:7b:00:28:91:cb", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812587387, TSecr 2658763": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812587387", + "tcp.options.timestamp.tsecr": "2658763" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "8992", + "tcp.analysis.ack_rtt": "0.060158000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:53.206996000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496133.206996000", + "frame.time_delta": "0.025685000", + "frame.time_delta_displayed": "0.025685000", + "frame.time_relative": "2541.746310000", + "frame.number": "8995", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000d13b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000f818", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:53.259908000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496133.259908000", + "frame.time_delta": "0.052912000", + "frame.time_delta_displayed": "0.052912000", + "frame.time_relative": "2541.799222000", + "frame.number": "8996", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000d13d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000f816", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:54.778673000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496134.778673000", + "frame.time_delta": "1.518765000", + "frame.time_delta_displayed": "1.518765000", + "frame.time_relative": "2543.317987000", + "frame.number": "8997", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002080", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b770", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001156", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x0000029c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=668", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:54.778730000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496134.778730000", + "frame.time_delta": "0.000057000", + "frame.time_delta_displayed": "0.000057000", + "frame.time_relative": "2543.318044000", + "frame.number": "8998", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008017", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x0000029c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=668", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:54.778827000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496134.778827000", + "frame.time_delta": "0.000097000", + "frame.time_delta_displayed": "0.000097000", + "frame.time_relative": "2543.318141000", + "frame.number": "8999", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002081", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000986b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f251", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x0000029c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=668", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:55.606997000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496135.606997000", + "frame.time_delta": "0.828170000", + "frame.time_delta_displayed": "0.828170000", + "frame.time_relative": "2544.146311000", + "frame.number": "9000", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x0000974b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007603", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "109082", + "tcp.nxtseq": "109131", + "tcp.ack": "24024", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ec0f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:92:c4:a7:a4:ad:7b", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2659012, TSecr 2812587387": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2659012", + "tcp.options.timestamp.tsecr": "2812587387" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:ec:d7:1c:6e:66:fd:41:1e:b9:9e:cb:d6:4e:1b:c0:8c:57:ec:ce:fb:25:c3:be:3a:ee:75:26:5d:32:b7:20:ca:3d:c3:6b:7b:0f" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:55.667199000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496135.667199000", + "frame.time_delta": "0.060202000", + "frame.time_delta_displayed": "0.060202000", + "frame.time_relative": "2544.206513000", + "frame.number": "9001", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00002e44", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000373b", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "24024", + "tcp.ack": "109131", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005db2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:af:e9:00:28:92:c4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812588009, TSecr 2659012": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812588009", + "tcp.options.timestamp.tsecr": "2659012" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "9000", + "tcp.analysis.ack_rtt": "0.060202000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:55.667743000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496135.667743000", + "frame.time_delta": "0.000544000", + "frame.time_delta_displayed": "0.000544000", + "frame.time_relative": "2544.207057000", + "frame.number": "9002", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002e45", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003703", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "24024", + "tcp.nxtseq": "24079", + "tcp.ack": "109131", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000eb24", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:af:e9:00:28:92:c4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812588009, TSecr 2659012": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812588009", + "tcp.options.timestamp.tsecr": "2659012" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:fc:b2:91:58:4f:13:17:93:90:73:c3:7c:05:3a:88:3c:d9:a2:e4:ff:a3:9a:53:63:6a:50:55:ac:95:6b:ad:50:af:82:17:94:b7:df:cf:74:08:af:14" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:55.702254000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496135.702254000", + "frame.time_delta": "0.034511000", + "frame.time_delta_displayed": "0.034511000", + "frame.time_relative": "2544.241568000", + "frame.number": "9003", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000974c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007633", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "109131", + "tcp.ack": "24079", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005c82", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:92:ce:a7:a4:af:e9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2659022, TSecr 2812588009": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2659022", + "tcp.options.timestamp.tsecr": "2812588009" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "9002", + "tcp.analysis.ack_rtt": "0.034511000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:58.090470000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496138.090470000", + "frame.time_delta": "2.388216000", + "frame.time_delta_displayed": "2.388216000", + "frame.time_relative": "2546.629784000", + "frame.number": "9004", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:58.090904000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496138.090904000", + "frame.time_delta": "0.000434000", + "frame.time_delta_displayed": "0.000434000", + "frame.time_relative": "2546.630218000", + "frame.number": "9005", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:59.736988000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496139.736988000", + "frame.time_delta": "1.646084000", + "frame.time_delta_displayed": "1.646084000", + "frame.time_relative": "2548.276302000", + "frame.number": "9006", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002082", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b76e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001156", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x0000029c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=668", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:59.737507000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496139.737507000", + "frame.time_delta": "0.000519000", + "frame.time_delta_displayed": "0.000519000", + "frame.time_relative": "2548.276821000", + "frame.number": "9007", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002083", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009869", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f251", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x0000029c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=668", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:28:59.738152000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496139.738152000", + "frame.time_delta": "0.000645000", + "frame.time_delta_displayed": "0.000645000", + "frame.time_relative": "2548.277466000", + "frame.number": "9008", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008017", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x0000029c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=668", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:04.487739000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496144.487739000", + "frame.time_delta": "4.749587000", + "frame.time_delta_displayed": "4.749587000", + "frame.time_relative": "2553.027053000", + "frame.number": "9009", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005840", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a651", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5357", + "tcp.ack": "865", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ee72", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:04.631017000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496144.631017000", + "frame.time_delta": "0.143278000", + "frame.time_delta_displayed": "0.143278000", + "frame.time_relative": "2553.170331000", + "frame.number": "9010", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000101f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd72", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "865", + "tcp.ack": "5358", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f8e7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:04.737268000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496144.737268000", + "frame.time_delta": "0.106251000", + "frame.time_delta_displayed": "0.106251000", + "frame.time_relative": "2553.276582000", + "frame.number": "9011", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002087", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b769", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001156", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x0000029c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=668", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:04.737786000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496144.737786000", + "frame.time_delta": "0.000518000", + "frame.time_delta_displayed": "0.000518000", + "frame.time_relative": "2553.277100000", + "frame.number": "9012", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002088", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009864", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f251", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x0000029c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=668", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:04.738424000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496144.738424000", + "frame.time_delta": "0.000638000", + "frame.time_delta_displayed": "0.000638000", + "frame.time_relative": "2553.277738000", + "frame.number": "9013", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00008017", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x0000029c", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=668", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:06.796011000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496146.796011000", + "frame.time_delta": "2.057587000", + "frame.time_delta_displayed": "2.057587000", + "frame.time_relative": "2555.335325000", + "frame.number": "9014", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:06.798442000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496146.798442000", + "frame.time_delta": "0.002431000", + "frame.time_delta_displayed": "0.002431000", + "frame.time_relative": "2555.337756000", + "frame.number": "9015", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:06.804943000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496146.804943000", + "frame.time_delta": "0.006501000", + "frame.time_delta_displayed": "0.006501000", + "frame.time_relative": "2555.344257000", + "frame.number": "9016", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:06.854983000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496146.854983000", + "frame.time_delta": "0.050040000", + "frame.time_delta_displayed": "0.050040000", + "frame.time_relative": "2555.394297000", + "frame.number": "9017", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:07.005954000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496147.005954000", + "frame.time_delta": "0.150971000", + "frame.time_delta_displayed": "0.150971000", + "frame.time_relative": "2555.545268000", + "frame.number": "9018", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005fce", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x0000581b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:07.674830000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496147.674830000", + "frame.time_delta": "0.668876000", + "frame.time_delta_displayed": "0.668876000", + "frame.time_relative": "2556.214144000", + "frame.number": "9019", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x00007ee8", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x00a39d51", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:07.676382000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496147.676382000", + "frame.time_delta": "0.001552000", + "frame.time_delta_displayed": "0.001552000", + "frame.time_relative": "2556.215696000", + "frame.number": "9020", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:bf:34:7e", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:bf:34:7e", + "eth.addr": "33:33:ff:bf:34:7e", + "eth.addr_resolved": "IPv6mcast_ff:bf:34:7e", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "32", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1:ffbf:347e", + "ipv6.addr": "ff02::1:ffbf:347e", + "ipv6.dst_host": "ff02::1:ffbf:347e", + "ipv6.host": "ff02::1:ffbf:347e", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007df7", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fe80::1ab4:30ff:febf:347e", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:07.862602000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496147.862602000", + "frame.time_delta": "0.186220000", + "frame.time_delta_displayed": "0.186220000", + "frame.time_relative": "2556.401916000", + "frame.number": "9021", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x0000fa5a", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x00331787", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:07.870164000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496147.870164000", + "frame.time_delta": "0.007562000", + "frame.time_delta_displayed": "0.007562000", + "frame.time_relative": "2556.409478000", + "frame.number": "9022", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:07.884823000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496147.884823000", + "frame.time_delta": "0.014659000", + "frame.time_delta_displayed": "0.014659000", + "frame.time_relative": "2556.424137000", + "frame.number": "9023", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:08.205297000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496148.205297000", + "frame.time_delta": "0.320474000", + "frame.time_delta_displayed": "0.320474000", + "frame.time_relative": "2556.744611000", + "frame.number": "9024", + "frame.len": "145", + "frame.cap_len": "145", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "131", + "ip.id": "0x0000974d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075e3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "79", + "tcp.seq": "109131", + "tcp.nxtseq": "109210", + "tcp.ack": "24079", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00001dee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:97:b0:a7:a4:af:e9", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2660272, TSecr 2812588009": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2660272", + "tcp.options.timestamp.tsecr": "2812588009" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "79", + "tcp.analysis.push_bytes_sent": "79" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "74", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:ed:4d:7b:f8:23:bb:07:20:5c:6a:c6:aa:e7:85:4b:25:50:31:a5:46:8a:99:49:e8:e6:da:53:1d:99:84:b2:58:69:ff:a2:85:b1:e3:6f:7e:eb:6c:f3:e1:01:1c:5d:50:38:57:62:d7:c1:58:b6:8c:c8:f9:43:86:b1:06:c2:3d:58:0d:89" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:08.267531000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496148.267531000", + "frame.time_delta": "0.062234000", + "frame.time_delta_displayed": "0.062234000", + "frame.time_relative": "2556.806845000", + "frame.number": "9025", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002e46", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x0000370a", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "24079", + "tcp.nxtseq": "24126", + "tcp.ack": "109210", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000d74d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:bc:37:00:28:97:b0", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812591159, TSecr 2660272": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812591159", + "tcp.options.timestamp.tsecr": "2660272" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "9024", + "tcp.analysis.ack_rtt": "0.062234000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:fd:9c:02:a1:24:40:e6:3d:cd:44:d0:94:0c:a1:8d:ec:03:25:e7:0f:e4:17:03:4f:3b:4b:a3:31:ac:46:83:17:38:11:a9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:08.267963000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496148.267963000", + "frame.time_delta": "0.000432000", + "frame.time_delta_displayed": "0.000432000", + "frame.time_relative": "2556.807277000", + "frame.number": "9026", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000974e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00007631", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "109210", + "tcp.ack": "24126", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00004ace", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:97:b6:a7:a4:bc:37", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2660278, TSecr 2812591159": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2660278", + "tcp.options.timestamp.tsecr": "2812591159" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "9025", + "tcp.analysis.ack_rtt": "0.000432000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:08.891214000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496148.891214000", + "frame.time_delta": "0.623251000", + "frame.time_delta_displayed": "0.623251000", + "frame.time_relative": "2557.430528000", + "frame.number": "9027", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:08.893079000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496148.893079000", + "frame.time_delta": "0.001865000", + "frame.time_delta_displayed": "0.001865000", + "frame.time_relative": "2557.432393000", + "frame.number": "9028", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:08.899059000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496148.899059000", + "frame.time_delta": "0.005980000", + "frame.time_delta_displayed": "0.005980000", + "frame.time_relative": "2557.438373000", + "frame.number": "9029", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:09.115683000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496149.115683000", + "frame.time_delta": "0.216624000", + "frame.time_delta_displayed": "0.216624000", + "frame.time_relative": "2557.654997000", + "frame.number": "9030", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:09.497664000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496149.497664000", + "frame.time_delta": "0.381981000", + "frame.time_delta_displayed": "0.381981000", + "frame.time_relative": "2558.036978000", + "frame.number": "9031", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:09.497844000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496149.497844000", + "frame.time_delta": "0.000180000", + "frame.time_delta_displayed": "0.000180000", + "frame.time_relative": "2558.037158000", + "frame.number": "9032", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:17:88:69:ee:e4", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:09.715769000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496149.715769000", + "frame.time_delta": "0.217925000", + "frame.time_delta_displayed": "0.217925000", + "frame.time_relative": "2558.255083000", + "frame.number": "9033", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x0000580a", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x001cc4b6", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:09.722342000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496149.722342000", + "frame.time_delta": "0.006573000", + "frame.time_delta_displayed": "0.006573000", + "frame.time_relative": "2558.261656000", + "frame.number": "9034", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x00008a6f", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x002a877b", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:09.739037000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496149.739037000", + "frame.time_delta": "0.016695000", + "frame.time_delta_displayed": "0.016695000", + "frame.time_relative": "2558.278351000", + "frame.number": "9035", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:09.755349000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496149.755349000", + "frame.time_delta": "0.016312000", + "frame.time_delta_displayed": "0.016312000", + "frame.time_relative": "2558.294663000", + "frame.number": "9036", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:10.759041000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496150.759041000", + "frame.time_delta": "1.003692000", + "frame.time_delta_displayed": "1.003692000", + "frame.time_relative": "2559.298355000", + "frame.number": "9037", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_02", + "eth.addr": "33:33:00:00:00:02", + "eth.addr_resolved": "IPv6mcast_02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "8", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::2", + "ipv6.addr": "ff02::2", + "ipv6.dst_host": "ff02::2", + "ipv6.host": "ff02::2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "133", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00007bb8", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:10.761687000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496150.761687000", + "frame.time_delta": "0.002646000", + "frame.time_delta_displayed": "0.002646000", + "frame.time_relative": "2559.301001000", + "frame.number": "9038", + "frame.len": "174", + "frame.cap_len": "174", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01", + "eth.addr": "33:33:00:00:00:01", + "eth.addr_resolved": "IPv6mcast_01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00016898", + "ipv6.plen": "120", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "fe80::b2b9:8aff:fe73:698e", + "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.host": "fe80::b2b9:8aff:fe73:698e", + "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.sa_mac": "b0:b9:8a:73:69:8e", + "ipv6.dst": "ff02::1", + "ipv6.addr": "ff02::1", + "ipv6.dst_host": "ff02::1", + "ipv6.host": "ff02::1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "134", + "icmpv6.code": "0", + "icmpv6.checksum": "0x00006442", + "icmpv6.checksum.status": "1", + "icmpv6.nd.ra.cur_hop_limit": "64", + "icmpv6.nd.ra.flag": "0x000000c0", + "icmpv6.nd.ra.flag_tree": { + "icmpv6.nd.ra.flag.m": "1", + "icmpv6.nd.ra.flag.o": "1", + "icmpv6.nd.ra.flag.h": "0", + "icmpv6.nd.ra.flag.prf": "0", + "icmpv6.nd.ra.flag.p": "0", + "icmpv6.nd.ra.flag.rsv": "0" + }, + "icmpv6.nd.ra.router_lifetime": "0", + "icmpv6.nd.ra.reachable_time": "0", + "icmpv6.nd.ra.retrans_timer": "0", + "icmpv6.opt": { + "icmpv6.opt.type": "1", + "icmpv6.opt.length": "1", + "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", + "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "5", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.mtu": "1500" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "3", + "icmpv6.opt.length": "4", + "icmpv6.opt.prefix.length": "64", + "icmpv6.opt.prefix.flag": "0x000000c0", + "icmpv6.opt.prefix.flag_tree": { + "icmpv6.opt.prefix.flag.l": "1", + "icmpv6.opt.prefix.flag.a": "1", + "icmpv6.opt.prefix.flag.r": "0", + "icmpv6.opt.prefix.flag.reserved": "0" + }, + "icmpv6.opt.prefix.valid_lifetime": "4294967295", + "icmpv6.opt.prefix.preferred_lifetime": "4294967295", + "icmpv6.opt.reserved": "", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "24", + "icmpv6.opt.length": "3", + "icmpv6.opt.prefix.length": "48", + "icmpv6.opt.route_info.flag": "0x00000000", + "icmpv6.opt.route_info.flag_tree": { + "icmpv6.opt.route_info.flag.route_preference": "0", + "icmpv6.opt.route_info.flag.reserved": "0" + }, + "icmpv6.opt.route_lifetime": "4294967295", + "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "25", + "icmpv6.opt.length": "3", + "icmpv6.opt.reserved": "", + "icmpv6.opt.rdnss.lifetime": "6000", + "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" + }, + "icmpv6.opt": { + "icmpv6.opt.type": "7", + "icmpv6.opt.length": "1", + "icmpv6.opt.reserved": "", + "icmpv6.opt.advertisement_interval": "600000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:10.765447000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496150.765447000", + "frame.time_delta": "0.003760000", + "frame.time_delta_displayed": "0.003760000", + "frame.time_relative": "2559.304761000", + "frame.number": "9039", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b490", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:10.955793000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496150.955793000", + "frame.time_delta": "0.190346000", + "frame.time_delta_displayed": "0.190346000", + "frame.time_relative": "2559.495107000", + "frame.number": "9040", + "frame.len": "150", + "frame.cap_len": "150", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "96", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000b590", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "4", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::fb" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:11.141482000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496151.141482000", + "frame.time_delta": "0.185689000", + "frame.time_delta_displayed": "0.185689000", + "frame.time_relative": "2559.680796000", + "frame.number": "9041", + "frame.len": "120", + "frame.cap_len": "120", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "66", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "66", + "udp.checksum": "0x0000d9c7", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "1", + "dhcpv6.xid": "0x00104305", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Rapid Commit": { + "dhcpv6.option.type": "14", + "dhcpv6.option.length": "0" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "12", + "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "0", + "dhcpv6.iaid.t2": "0" + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:11.175002000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496151.175002000", + "frame.time_delta": "0.033520000", + "frame.time_delta_displayed": "0.033520000", + "frame.time_relative": "2559.714316000", + "frame.number": "9042", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x000080eb", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x00ce905b", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:00", + "dhcpv6.elapsed_time": "0" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:12.228117000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496152.228117000", + "frame.time_delta": "1.053115000", + "frame.time_delta_displayed": "1.053115000", + "frame.time_relative": "2560.767431000", + "frame.number": "9043", + "frame.len": "158", + "frame.cap_len": "158", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" + }, + "eth": { + "eth.dst": "33:33:00:01:00:02", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:02", + "eth.addr": "33:33:00:01:00:02", + "eth.addr_resolved": "IPv6mcast_01:00:02", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "104", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::1:2", + "ipv6.addr": "ff02::1:2", + "ipv6.dst_host": "ff02::1:2", + "ipv6.host": "ff02::1:2", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "546", + "udp.dstport": "547", + "udp.port": "546", + "udp.port": "547", + "udp.length": "104", + "udp.checksum": "0x00008080", + "udp.checksum.status": "2", + "udp.stream": "15" + }, + "dhcpv6": { + "dhcpv6.msgtype": "3", + "dhcpv6.xid": "0x00ce905b", + "Elapsed time": { + "dhcpv6.option.type": "8", + "dhcpv6.option.length": "2", + "dhcpv6.option.value": "00:6b", + "dhcpv6.elapsed_time": "1070" + }, + "Server Identifier": { + "dhcpv6.option.type": "2", + "dhcpv6.option.length": "10", + "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", + "dhcpv6.duid.type": "3", + "dhcpv6.duidll.hwtype": "1", + "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" + }, + "Client Identifier": { + "dhcpv6.option.type": "1", + "dhcpv6.option.length": "14", + "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", + "dhcpv6.duid.type": "1", + "dhcpv6.duidllt.hwtype": "1", + "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", + "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" + }, + "Identity Association for Non-temporary Address": { + "dhcpv6.option.type": "3", + "dhcpv6.option.length": "40", + "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaid": "30bf347e", + "dhcpv6.iaid.t1": "21600", + "dhcpv6.iaid.t2": "34560", + "IA Address": { + "dhcpv6.option.type": "5", + "dhcpv6.option.length": "24", + "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", + "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", + "dhcpv6.iaaddr.pref_lifetime": "0", + "dhcpv6.iaaddr.valid_lifetime": "0" + } + }, + "Option Request": { + "dhcpv6.option.type": "6", + "dhcpv6.option.length": "6", + "dhcpv6.option.value": "00:17:00:18:00:1f", + "dhcpv6.requested_option_code": "23", + "dhcpv6.requested_option_code": "24", + "dhcpv6.requested_option_code": "31" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:12.234901000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496152.234901000", + "frame.time_delta": "0.006784000", + "frame.time_delta_displayed": "0.006784000", + "frame.time_relative": "2560.774215000", + "frame.number": "9044", + "frame.len": "78", + "frame.cap_len": "78", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:icmpv6" + }, + "eth": { + "eth.dst": "33:33:ff:00:01:01", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_ff:00:01:01", + "eth.addr": "33:33:ff:00:01:01", + "eth.addr_resolved": "IPv6mcast_ff:00:01:01", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "24", + "ipv6.nxt": "58", + "ipv6.hlim": "255", + "ipv6.src": "::", + "ipv6.addr": "::", + "ipv6.src_host": "::", + "ipv6.host": "::", + "ipv6.dst": "ff02::1:ff00:101", + "ipv6.addr": "ff02::1:ff00:101", + "ipv6.dst_host": "ff02::1:ff00:101", + "ipv6.host": "ff02::1:ff00:101", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "icmpv6": { + "icmpv6.type": "135", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000f182", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00:00:00", + "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:12.245105000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496152.245105000", + "frame.time_delta": "0.010204000", + "frame.time_delta_displayed": "0.010204000", + "frame.time_relative": "2560.784419000", + "frame.number": "9045", + "frame.len": "110", + "frame.cap_len": "110", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" + }, + "eth": { + "eth.dst": "33:33:00:00:00:16", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_16", + "eth.addr": "33:33:00:00:00:16", + "eth.addr_resolved": "IPv6mcast_16", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "18:b4:30:bf:34:7e", + "eth.src_tree": { + "eth.src_resolved": "NestLabs_bf:34:7e", + "eth.addr": "18:b4:30:bf:34:7e", + "eth.addr_resolved": "NestLabs_bf:34:7e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "56", + "ipv6.nxt": "0", + "ipv6.hlim": "1", + "ipv6.src": "fe80::1ab4:30ff:febf:347e", + "ipv6.addr": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", + "ipv6.host": "fe80::1ab4:30ff:febf:347e", + "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", + "ipv6.sa_mac": "18:b4:30:bf:34:7e", + "ipv6.dst": "ff02::16", + "ipv6.addr": "ff02::16", + "ipv6.dst_host": "ff02::16", + "ipv6.host": "ff02::16", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "", + "ipv6.hopopts": { + "ipv6.hopopts.nxt": "58", + "ipv6.hopopts.len": "0", + "ipv6.hopopts.len_oct": "8", + "ipv6.opt": { + "ipv6.opt.type": "5", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000005" + }, + "ipv6.opt.length": "2", + "ipv6.opt.router_alert": "0" + }, + "ipv6.opt": { + "ipv6.opt.type": "1", + "ipv6.opt.type_tree": { + "ipv6.opt.type.action": "0", + "ipv6.opt.type.change": "0", + "ipv6.opt.type.rest": "0x00000001" + }, + "ipv6.opt.length": "0", + "ipv6.opt.padn": "" + } + } + }, + "icmpv6": { + "icmpv6.type": "143", + "icmpv6.code": "0", + "icmpv6.checksum": "0x0000effa", + "icmpv6.checksum.status": "1", + "icmpv6.reserved": "00:00", + "icmpv6.mldr.nb_mcast_records": "2", + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "3", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" + }, + "icmpv6.mldr.mar": { + "icmpv6.mldr.mar.record_type": "4", + "icmpv6.mldr.mar.aux_data_len": "0", + "icmpv6.mldr.mar.nb_sources": "0", + "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:17.107939000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496157.107939000", + "frame.time_delta": "4.862834000", + "frame.time_delta_displayed": "4.862834000", + "frame.time_relative": "2565.647253000", + "frame.number": "9046", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "50:c7:bf:59:d5:84", + "eth.src_tree": { + "eth.src_resolved": "Tp-LinkT_59:d5:84", + "eth.addr": "50:c7:bf:59:d5:84", + "eth.addr_resolved": "Tp-LinkT_59:d5:84", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "50:c7:bf:59:d5:84", + "arp.src.proto_ipv4": "192.168.0.221", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:25.692362000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496165.692362000", + "frame.time_delta": "8.584423000", + "frame.time_delta_displayed": "8.584423000", + "frame.time_relative": "2574.231676000", + "frame.number": "9047", + "frame.len": "20", + "frame.cap_len": "20", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:llc" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.len": "6" + }, + "llc": { + "llc.dsap": "0x00000000", + "llc.dsap_tree": { + "llc.dsap.sap": "0", + "llc.dsap.ig": "0" + }, + "llc.ssap": "0x00000001", + "llc.ssap_tree": { + "llc.ssap.sap": "0", + "llc.ssap.cr": "1" + }, + "llc.control": "0x000000af", + "llc.control_tree": { + "llc.control.u_modifier_resp": "0x0000002b", + "llc.control.ftype": "0x00000003" + } + }, + "basicxid": { + "basicxid.llc.xid.format": "0x00000081", + "basicxid.llc.xid.types": "0x00000001", + "basicxid.llc.xid.wsize": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:25.921633000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496165.921633000", + "frame.time_delta": "0.229271000", + "frame.time_delta_displayed": "0.229271000", + "frame.time_relative": "2574.460947000", + "frame.number": "9048", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9d", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x00004f9e", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0001", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "01", + "bootp.option.dhcp": "1" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:26.030555000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496166.030555000", + "frame.time_delta": "0.108922000", + "frame.time_delta_displayed": "0.108922000", + "frame.time_relative": "2574.569869000", + "frame.number": "9049", + "frame.len": "350", + "frame.cap_len": "350", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:bootp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "336", + "ip.id": "0x00000001", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ba9c", + "ip.checksum.status": "2", + "ip.src": "0.0.0.0", + "ip.addr": "0.0.0.0", + "ip.src_host": "0.0.0.0", + "ip.host": "0.0.0.0", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "68", + "udp.dstport": "67", + "udp.port": "68", + "udp.port": "67", + "udp.length": "316", + "udp.checksum": "0x000080b3", + "udp.checksum.status": "2", + "udp.stream": "3" + }, + "bootp": { + "bootp.type": "1", + "bootp.hw.type": "0x00000001", + "bootp.hw.len": "6", + "bootp.hops": "0", + "bootp.id": "0xabcd0002", + "bootp.secs": "0", + "bootp.flags": "0x00000000", + "bootp.flags_tree": { + "bootp.flags.bc": "0", + "bootp.flags.reserved": "0x00000000" + }, + "bootp.ip.client": "0.0.0.0", + "bootp.ip.your": "0.0.0.0", + "bootp.ip.server": "0.0.0.0", + "bootp.ip.relay": "0.0.0.0", + "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", + "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", + "bootp.server": "", + "bootp.file": "", + "bootp.dhcp": "1", + "bootp.cookie": "99.130.83.99", + "bootp.option.type": "53", + "bootp.option.type_tree": { + "bootp.option.length": "1", + "bootp.option.value": "03", + "bootp.option.dhcp": "3" + }, + "bootp.option.type": "12", + "bootp.option.type_tree": { + "bootp.option.length": "14", + "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", + "bootp.option.hostname": "USR-WIFI232-G2" + }, + "bootp.option.type": "57", + "bootp.option.type_tree": { + "bootp.option.length": "2", + "bootp.option.value": "05:dc", + "bootp.option.dhcp_max_message_size": "1500" + }, + "bootp.option.type": "50", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:72", + "bootp.option.requested_ip_address": "192.168.0.114" + }, + "bootp.option.type": "54", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "c0:a8:00:01", + "bootp.option.dhcp_server_id": "192.168.0.1" + }, + "bootp.option.type": "55", + "bootp.option.type_tree": { + "bootp.option.length": "4", + "bootp.option.value": "01:03:1c:06", + "bootp.option.request_list_item": "1", + "bootp.option.request_list_item": "3", + "bootp.option.request_list_item": "28", + "bootp.option.request_list_item": "6" + }, + "bootp.option.type": "0", + "bootp.option.type_tree": { + "bootp.option.end": "255" + }, + "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:26.045547000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496166.045547000", + "frame.time_delta": "0.014992000", + "frame.time_delta_displayed": "0.014992000", + "frame.time_relative": "2574.584861000", + "frame.number": "9050", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:26.406268000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496166.406268000", + "frame.time_delta": "0.360721000", + "frame.time_delta_displayed": "0.360721000", + "frame.time_relative": "2574.945582000", + "frame.number": "9051", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "0.0.0.0", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.114" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:28.733904000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496168.733904000", + "frame.time_delta": "2.327636000", + "frame.time_delta_displayed": "2.327636000", + "frame.time_relative": "2577.273218000", + "frame.number": "9052", + "frame.len": "142", + "frame.cap_len": "142", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:adwin_config" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:02:41:da", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_02:41:da", + "eth.addr": "d0:73:d5:02:41:da", + "eth.addr_resolved": "LifiLabs_02:41:da", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "128", + "ip.id": "0x00000bd9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000ecab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.152", + "ip.addr": "192.168.0.152", + "ip.src_host": "192.168.0.152", + "ip.host": "192.168.0.152", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56700", + "udp.dstport": "56700", + "udp.port": "56700", + "udp.port": "56700", + "udp.length": "108", + "udp.checksum": "0x00002b46", + "udp.checksum.status": "2", + "udp.stream": "2" + }, + "adwin_config": { + "adwin_config.command": "1409286244", + "adwin_config.version": "1380667970", + "adwin_config.mac": "d0:73:d5:02:41:da", + "adwin_config.unused": "", + "adwin_config.server_ip": "88.70.73.76", + "adwin_config.unused": "", + "adwin_config.netmask": "94.114.83.4", + "adwin_config.unused": "", + "adwin_config.gateway": "0.0.0.59", + "adwin_config.unused": "", + "adwin_config.dhcp": "1", + "adwin_config.port": "351456963", + "adwin_config.password": "", + "adwin_config.bootloader": "0", + "adwin_config.unused": "", + "adwin_config.description": "", + "adwin_config.date": "", + "adwin_config.revision": "", + "adwin_config.processor_type_raw": "", + "adwin_config.processor_type": "Unknown", + "adwin_config.system_type_raw": "", + "adwin_config.system_type": "Unknown" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:28.849252000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496168.849252000", + "frame.time_delta": "0.115348000", + "frame.time_delta_displayed": "0.115348000", + "frame.time_relative": "2577.388566000", + "frame.number": "9053", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:29.558811000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496169.558811000", + "frame.time_delta": "0.709559000", + "frame.time_delta_displayed": "0.709559000", + "frame.time_relative": "2578.098125000", + "frame.number": "9054", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "3c:ef:8c:6f:79:5a", + "eth.src_tree": { + "eth.src_resolved": "Zhejiang_6f:79:5a", + "eth.addr": "3c:ef:8c:6f:79:5a", + "eth.addr_resolved": "Zhejiang_6f:79:5a", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.isgratuitous": "1", + "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", + "arp.src.proto_ipv4": "192.168.0.71", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.71" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.429498000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.429498000", + "frame.time_delta": "0.870687000", + "frame.time_delta_displayed": "0.870687000", + "frame.time_relative": "2578.968812000", + "frame.number": "9055", + "frame.len": "168", + "frame.cap_len": "168", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "154", + "ip.id": "0x00002137", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e70d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52117", + "udp.dstport": "1900", + "udp.port": "52117", + "udp.port": "1900", + "udp.length": "134", + "udp.checksum": "0x00004d48", + "udp.checksum.status": "2", + "udp.stream": "10" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "22", + "http.prev_request_in": "8556" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.851195000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.851195000", + "frame.time_delta": "0.421697000", + "frame.time_delta_displayed": "0.421697000", + "frame.time_relative": "2579.390509000", + "frame.number": "9056", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000d789", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dfc1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "127", + "http.prev_response_in": "8613" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.854800000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.854800000", + "frame.time_delta": "0.003605000", + "frame.time_delta_displayed": "0.003605000", + "frame.time_relative": "2579.394114000", + "frame.number": "9057", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001d66", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b01", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54931", + "tcp.dstport": "80", + "tcp.port": "54931", + "tcp.port": "80", + "tcp.stream": "347", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000c2a4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.855338000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.855338000", + "frame.time_delta": "0.000538000", + "frame.time_delta_displayed": "0.000538000", + "frame.time_relative": "2579.394652000", + "frame.number": "9058", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54931", + "tcp.port": "80", + "tcp.port": "54931", + "tcp.stream": "347", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00001b8a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "9057", + "tcp.analysis.ack_rtt": "0.000538000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.857538000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.857538000", + "frame.time_delta": "0.002200000", + "frame.time_delta_displayed": "0.002200000", + "frame.time_relative": "2579.396852000", + "frame.number": "9059", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d67", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b0c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54931", + "tcp.dstport": "80", + "tcp.port": "54931", + "tcp.port": "80", + "tcp.stream": "347", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000cd68", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9058", + "tcp.analysis.ack_rtt": "0.002200000", + "tcp.analysis.initial_rtt": "0.002738000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.858192000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.858192000", + "frame.time_delta": "0.000654000", + "frame.time_delta_displayed": "0.000654000", + "frame.time_relative": "2579.397506000", + "frame.number": "9060", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001d68", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005a64", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54931", + "tcp.dstport": "80", + "tcp.port": "54931", + "tcp.port": "80", + "tcp.stream": "347", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000e2e1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002738000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.858680000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.858680000", + "frame.time_delta": "0.000488000", + "frame.time_delta_displayed": "0.000488000", + "frame.time_relative": "2579.397994000", + "frame.number": "9061", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000e27c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d5f6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54931", + "tcp.port": "80", + "tcp.port": "54931", + "tcp.stream": "347", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bef9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9060", + "tcp.analysis.ack_rtt": "0.000488000", + "tcp.analysis.initial_rtt": "0.002738000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.859249000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.859249000", + "frame.time_delta": "0.000569000", + "frame.time_delta_displayed": "0.000569000", + "frame.time_relative": "2579.398563000", + "frame.number": "9062", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000e27d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d5e4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54931", + "tcp.port": "80", + "tcp.port": "54931", + "tcp.stream": "347", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ff1a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002738000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.859748000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.859748000", + "frame.time_delta": "0.000499000", + "frame.time_delta_displayed": "0.000499000", + "frame.time_relative": "2579.399062000", + "frame.number": "9063", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000e27e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000d211", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54931", + "tcp.port": "80", + "tcp.port": "54931", + "tcp.stream": "347", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005184", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002738000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "9062", + "tcp.segment": "9063", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001556000", + "http.request_in": "9060", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.863950000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.863950000", + "frame.time_delta": "0.004202000", + "frame.time_delta_displayed": "0.004202000", + "frame.time_relative": "2579.403264000", + "frame.number": "9064", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d69", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b0a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54931", + "tcp.dstport": "80", + "tcp.port": "54931", + "tcp.port": "80", + "tcp.stream": "347", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c8d0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9063", + "tcp.analysis.ack_rtt": "0.004202000", + "tcp.analysis.initial_rtt": "0.002738000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.864633000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.864633000", + "frame.time_delta": "0.000683000", + "frame.time_delta_displayed": "0.000683000", + "frame.time_relative": "2579.403947000", + "frame.number": "9065", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d6a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b09", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54931", + "tcp.dstport": "80", + "tcp.port": "54931", + "tcp.port": "80", + "tcp.stream": "347", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000c8cf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.865066000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.865066000", + "frame.time_delta": "0.000433000", + "frame.time_delta_displayed": "0.000433000", + "frame.time_relative": "2579.404380000", + "frame.number": "9066", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c94c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ef26", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54931", + "tcp.port": "80", + "tcp.port": "54931", + "tcp.stream": "347", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bb03", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9065", + "tcp.analysis.ack_rtt": "0.000433000", + "tcp.analysis.initial_rtt": "0.002738000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.904080000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.904080000", + "frame.time_delta": "0.039014000", + "frame.time_delta_displayed": "0.039014000", + "frame.time_relative": "2579.443394000", + "frame.number": "9067", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000d78a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dfb7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "128", + "http.prev_response_in": "9056" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.907286000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.907286000", + "frame.time_delta": "0.003206000", + "frame.time_delta_displayed": "0.003206000", + "frame.time_relative": "2579.446600000", + "frame.number": "9068", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001d6b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005afc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54932", + "tcp.dstport": "80", + "tcp.port": "54932", + "tcp.port": "80", + "tcp.stream": "348", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000a529", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.907869000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.907869000", + "frame.time_delta": "0.000583000", + "frame.time_delta_displayed": "0.000583000", + "frame.time_relative": "2579.447183000", + "frame.number": "9069", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54932", + "tcp.port": "80", + "tcp.port": "54932", + "tcp.stream": "348", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000a5c4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "9068", + "tcp.analysis.ack_rtt": "0.000583000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.910633000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.910633000", + "frame.time_delta": "0.002764000", + "frame.time_delta_displayed": "0.002764000", + "frame.time_relative": "2579.449947000", + "frame.number": "9070", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d6c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b07", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54932", + "tcp.dstport": "80", + "tcp.port": "54932", + "tcp.port": "80", + "tcp.stream": "348", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000057a3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9069", + "tcp.analysis.ack_rtt": "0.002764000", + "tcp.analysis.initial_rtt": "0.003347000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.911258000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.911258000", + "frame.time_delta": "0.000625000", + "frame.time_delta_displayed": "0.000625000", + "frame.time_relative": "2579.450572000", + "frame.number": "9071", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001d6d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005a5f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54932", + "tcp.dstport": "80", + "tcp.port": "54932", + "tcp.port": "80", + "tcp.stream": "348", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006d1c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003347000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.911731000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.911731000", + "frame.time_delta": "0.000473000", + "frame.time_delta_displayed": "0.000473000", + "frame.time_relative": "2579.451045000", + "frame.number": "9072", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000b23e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000635", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54932", + "tcp.port": "80", + "tcp.port": "54932", + "tcp.stream": "348", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004934", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9071", + "tcp.analysis.ack_rtt": "0.000473000", + "tcp.analysis.initial_rtt": "0.003347000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.912321000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.912321000", + "frame.time_delta": "0.000590000", + "frame.time_delta_displayed": "0.000590000", + "frame.time_relative": "2579.451635000", + "frame.number": "9073", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x0000b23f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000623", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54932", + "tcp.port": "80", + "tcp.port": "54932", + "tcp.stream": "348", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00008955", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003347000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.912742000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.912742000", + "frame.time_delta": "0.000421000", + "frame.time_delta_displayed": "0.000421000", + "frame.time_relative": "2579.452056000", + "frame.number": "9074", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x0000b240", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00000250", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54932", + "tcp.port": "80", + "tcp.port": "54932", + "tcp.stream": "348", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000dbbe", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003347000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "9073", + "tcp.segment": "9074", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001484000", + "http.request_in": "9071", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.914778000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.914778000", + "frame.time_delta": "0.002036000", + "frame.time_delta_displayed": "0.002036000", + "frame.time_relative": "2579.454092000", + "frame.number": "9075", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d6e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b05", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54932", + "tcp.dstport": "80", + "tcp.port": "54932", + "tcp.port": "80", + "tcp.stream": "348", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000530b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9074", + "tcp.analysis.ack_rtt": "0.002036000", + "tcp.analysis.initial_rtt": "0.003347000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.915408000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.915408000", + "frame.time_delta": "0.000630000", + "frame.time_delta_displayed": "0.000630000", + "frame.time_relative": "2579.454722000", + "frame.number": "9076", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d6f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b04", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54932", + "tcp.dstport": "80", + "tcp.port": "54932", + "tcp.port": "80", + "tcp.stream": "348", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000530a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.915838000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.915838000", + "frame.time_delta": "0.000430000", + "frame.time_delta_displayed": "0.000430000", + "frame.time_relative": "2579.455152000", + "frame.number": "9077", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c951", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ef21", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54932", + "tcp.port": "80", + "tcp.port": "54932", + "tcp.stream": "348", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000453e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9076", + "tcp.analysis.ack_rtt": "0.000430000", + "tcp.analysis.initial_rtt": "0.003347000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.956963000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.956963000", + "frame.time_delta": "0.041125000", + "frame.time_delta_displayed": "0.041125000", + "frame.time_relative": "2579.496277000", + "frame.number": "9078", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000d78d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dfba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "129", + "http.prev_response_in": "9067" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.966252000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.966252000", + "frame.time_delta": "0.009289000", + "frame.time_delta_displayed": "0.009289000", + "frame.time_relative": "2579.505566000", + "frame.number": "9079", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001d70", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005af7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54933", + "tcp.dstport": "80", + "tcp.port": "54933", + "tcp.port": "80", + "tcp.stream": "349", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000cf4a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.966793000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.966793000", + "frame.time_delta": "0.000541000", + "frame.time_delta_displayed": "0.000541000", + "frame.time_relative": "2579.506107000", + "frame.number": "9080", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54933", + "tcp.port": "80", + "tcp.port": "54933", + "tcp.stream": "349", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000c78d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "9079", + "tcp.analysis.ack_rtt": "0.000541000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.968969000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.968969000", + "frame.time_delta": "0.002176000", + "frame.time_delta_displayed": "0.002176000", + "frame.time_relative": "2579.508283000", + "frame.number": "9081", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d71", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b02", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54933", + "tcp.dstport": "80", + "tcp.port": "54933", + "tcp.port": "80", + "tcp.stream": "349", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000796c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9080", + "tcp.analysis.ack_rtt": "0.002176000", + "tcp.analysis.initial_rtt": "0.002717000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.969596000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.969596000", + "frame.time_delta": "0.000627000", + "frame.time_delta_displayed": "0.000627000", + "frame.time_relative": "2579.508910000", + "frame.number": "9082", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001d72", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005a5a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54933", + "tcp.dstport": "80", + "tcp.port": "54933", + "tcp.port": "80", + "tcp.stream": "349", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008ee5", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002717000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.970202000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.970202000", + "frame.time_delta": "0.000606000", + "frame.time_delta_displayed": "0.000606000", + "frame.time_relative": "2579.509516000", + "frame.number": "9083", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000003c5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b4ae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54933", + "tcp.port": "80", + "tcp.port": "54933", + "tcp.stream": "349", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006afd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9082", + "tcp.analysis.ack_rtt": "0.000606000", + "tcp.analysis.initial_rtt": "0.002717000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.970670000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.970670000", + "frame.time_delta": "0.000468000", + "frame.time_delta_displayed": "0.000468000", + "frame.time_relative": "2579.509984000", + "frame.number": "9084", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000003c6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b49c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54933", + "tcp.port": "80", + "tcp.port": "54933", + "tcp.stream": "349", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000ab1e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002717000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.971102000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.971102000", + "frame.time_delta": "0.000432000", + "frame.time_delta_displayed": "0.000432000", + "frame.time_relative": "2579.510416000", + "frame.number": "9085", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000003c7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b0c9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54933", + "tcp.port": "80", + "tcp.port": "54933", + "tcp.stream": "349", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000fd87", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.002717000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "9084", + "tcp.segment": "9085", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001506000", + "http.request_in": "9082", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.977415000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.977415000", + "frame.time_delta": "0.006313000", + "frame.time_delta_displayed": "0.006313000", + "frame.time_relative": "2579.516729000", + "frame.number": "9086", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d73", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005b00", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54933", + "tcp.dstport": "80", + "tcp.port": "54933", + "tcp.port": "80", + "tcp.stream": "349", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000074d4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9085", + "tcp.analysis.ack_rtt": "0.006313000", + "tcp.analysis.initial_rtt": "0.002717000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.978008000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.978008000", + "frame.time_delta": "0.000593000", + "frame.time_delta_displayed": "0.000593000", + "frame.time_relative": "2579.517322000", + "frame.number": "9087", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d74", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005aff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54933", + "tcp.dstport": "80", + "tcp.port": "54933", + "tcp.port": "80", + "tcp.stream": "349", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x000074d3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:30.978454000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496170.978454000", + "frame.time_delta": "0.000446000", + "frame.time_delta_displayed": "0.000446000", + "frame.time_relative": "2579.517768000", + "frame.number": "9088", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c954", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000ef1e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54933", + "tcp.port": "80", + "tcp.port": "54933", + "tcp.stream": "349", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00006707", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9087", + "tcp.analysis.ack_rtt": "0.000446000", + "tcp.analysis.initial_rtt": "0.002717000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.130418000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.130418000", + "frame.time_delta": "0.151964000", + "frame.time_delta_displayed": "0.151964000", + "frame.time_relative": "2579.669732000", + "frame.number": "9089", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "ac:cf:23:5a:9c:e2", + "eth.src_tree": { + "eth.src_resolved": "Hi-Flyin_5a:9c:e2", + "eth.addr": "ac:cf:23:5a:9c:e2", + "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", + "arp.src.proto_ipv4": "192.168.0.114", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.904077000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.904077000", + "frame.time_delta": "0.773659000", + "frame.time_delta_displayed": "0.773659000", + "frame.time_relative": "2580.443391000", + "frame.number": "9090", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000d7cd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000df7d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "305", + "udp.checksum": "0x0000f985", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "130", + "http.prev_response_in": "9078" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.907869000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.907869000", + "frame.time_delta": "0.003792000", + "frame.time_delta_displayed": "0.003792000", + "frame.time_relative": "2580.447183000", + "frame.number": "9091", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001d76", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005af1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54934", + "tcp.dstport": "80", + "tcp.port": "54934", + "tcp.port": "80", + "tcp.stream": "350", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x00000e12", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.908415000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.908415000", + "frame.time_delta": "0.000546000", + "frame.time_delta_displayed": "0.000546000", + "frame.time_relative": "2580.447729000", + "frame.number": "9092", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54934", + "tcp.port": "80", + "tcp.port": "54934", + "tcp.stream": "350", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000da4f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "9091", + "tcp.analysis.ack_rtt": "0.000546000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.911452000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.911452000", + "frame.time_delta": "0.003037000", + "frame.time_delta_displayed": "0.003037000", + "frame.time_relative": "2580.450766000", + "frame.number": "9093", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d77", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005afc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54934", + "tcp.dstport": "80", + "tcp.port": "54934", + "tcp.port": "80", + "tcp.stream": "350", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008c2e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9092", + "tcp.analysis.ack_rtt": "0.003037000", + "tcp.analysis.initial_rtt": "0.003583000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.913931000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.913931000", + "frame.time_delta": "0.002479000", + "frame.time_delta_displayed": "0.002479000", + "frame.time_relative": "2580.453245000", + "frame.number": "9094", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001d78", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005a54", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54934", + "tcp.dstport": "80", + "tcp.port": "54934", + "tcp.port": "80", + "tcp.stream": "350", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000a1a7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003583000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.914420000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.914420000", + "frame.time_delta": "0.000489000", + "frame.time_delta_displayed": "0.000489000", + "frame.time_relative": "2580.453734000", + "frame.number": "9095", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00004aa1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006dd2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54934", + "tcp.port": "80", + "tcp.port": "54934", + "tcp.stream": "350", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00007dbf", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9094", + "tcp.analysis.ack_rtt": "0.000489000", + "tcp.analysis.initial_rtt": "0.003583000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.915009000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.915009000", + "frame.time_delta": "0.000589000", + "frame.time_delta_displayed": "0.000589000", + "frame.time_relative": "2580.454323000", + "frame.number": "9096", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x00004aa2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00006dc0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54934", + "tcp.port": "80", + "tcp.port": "54934", + "tcp.stream": "350", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000bde0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003583000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.915360000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.915360000", + "frame.time_delta": "0.000351000", + "frame.time_delta_displayed": "0.000351000", + "frame.time_relative": "2580.454674000", + "frame.number": "9097", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00004aa3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000069ed", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54934", + "tcp.port": "80", + "tcp.port": "54934", + "tcp.stream": "350", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000104a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003583000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "9096", + "tcp.segment": "9097", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001429000", + "http.request_in": "9094", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.917780000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.917780000", + "frame.time_delta": "0.002420000", + "frame.time_delta_displayed": "0.002420000", + "frame.time_relative": "2580.457094000", + "frame.number": "9098", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x00004aa4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000069ec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54934", + "tcp.port": "80", + "tcp.port": "54934", + "tcp.stream": "350", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000104a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003583000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995", + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.out_of_order": "", + "_ws.expert.message": "This frame is a (suspected) out-of-order segment", + "_ws.expert.severity": "6291456", + "_ws.expert.group": "33554432" + } + } + } + }, + "_ws.malformed": { + "_ws.expert": { + "_ws.malformed.reassembly": "", + "_ws.expert.message": "New fragment overlaps old data (retransmission?)", + "_ws.expert.severity": "8388608", + "_ws.expert.group": "117440512" + }, + "_ws.malformed": "Malformed Packet" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.920374000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.920374000", + "frame.time_delta": "0.002594000", + "frame.time_delta_displayed": "0.002594000", + "frame.time_relative": "2580.459688000", + "frame.number": "9099", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d79", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005afa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54934", + "tcp.dstport": "80", + "tcp.port": "54934", + "tcp.port": "80", + "tcp.stream": "350", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008796", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9097", + "tcp.analysis.ack_rtt": "0.005014000", + "tcp.analysis.initial_rtt": "0.003583000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.920847000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.920847000", + "frame.time_delta": "0.000473000", + "frame.time_delta_displayed": "0.000473000", + "frame.time_relative": "2580.460161000", + "frame.number": "9100", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d7a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005af9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54934", + "tcp.dstport": "80", + "tcp.port": "54934", + "tcp.port": "80", + "tcp.stream": "350", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00008795", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.921283000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.921283000", + "frame.time_delta": "0.000436000", + "frame.time_delta_displayed": "0.000436000", + "frame.time_relative": "2580.460597000", + "frame.number": "9101", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c996", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eedc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54934", + "tcp.port": "80", + "tcp.port": "54934", + "tcp.stream": "350", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000079c9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9100", + "tcp.analysis.ack_rtt": "0.000436000", + "tcp.analysis.initial_rtt": "0.003583000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.922046000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.922046000", + "frame.time_delta": "0.000763000", + "frame.time_delta_displayed": "0.000763000", + "frame.time_relative": "2580.461360000", + "frame.number": "9102", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001d7b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005aec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54934", + "tcp.dstport": "80", + "tcp.port": "54934", + "tcp.port": "80", + "tcp.stream": "350", + "tcp.len": "0", + "tcp.seq": "169", + "tcp.ack": "1014", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000d449", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:05:0a:94:8b:28:1d:94:8b:2c:00", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "SACK: 18-1013": { + "tcp.option_kind": "5", + "tcp.option_len": "10", + "tcp.options.sack": "1", + "tcp.options.sack_le": "18", + "tcp.options.sack_re": "1013", + "tcp.options.sack.count": "1" + } + }, + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003583000", + "tcp.analysis.flags": { + "tcp.analysis.duplicate_ack": "" + }, + "tcp.analysis.duplicate_ack_num": "1", + "tcp.analysis.duplicate_ack_frame": "9099", + "tcp.analysis.duplicate_ack_frame_tree": { + "_ws.expert": { + "tcp.analysis.duplicate_ack": "", + "_ws.expert.message": "Duplicate ACK (#1)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.957968000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.957968000", + "frame.time_delta": "0.035922000", + "frame.time_delta_displayed": "0.035922000", + "frame.time_relative": "2580.497282000", + "frame.number": "9103", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000d7cf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000df72", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "314", + "udp.checksum": "0x00000771", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "131", + "http.prev_response_in": "9090" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.967664000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.967664000", + "frame.time_delta": "0.009696000", + "frame.time_delta_displayed": "0.009696000", + "frame.time_relative": "2580.506978000", + "frame.number": "9104", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001d7c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005aeb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54935", + "tcp.dstport": "80", + "tcp.port": "54935", + "tcp.port": "80", + "tcp.stream": "351", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x000035d6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.968218000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.968218000", + "frame.time_delta": "0.000554000", + "frame.time_delta_displayed": "0.000554000", + "frame.time_relative": "2580.507532000", + "frame.number": "9105", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54935", + "tcp.port": "80", + "tcp.port": "54935", + "tcp.stream": "351", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x0000b132", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "9104", + "tcp.analysis.ack_rtt": "0.000554000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.970764000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.970764000", + "frame.time_delta": "0.002546000", + "frame.time_delta_displayed": "0.002546000", + "frame.time_relative": "2580.510078000", + "frame.number": "9106", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d7d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005af6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54935", + "tcp.dstport": "80", + "tcp.port": "54935", + "tcp.port": "80", + "tcp.stream": "351", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00006311", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9105", + "tcp.analysis.ack_rtt": "0.002546000", + "tcp.analysis.initial_rtt": "0.003100000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.971717000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.971717000", + "frame.time_delta": "0.000953000", + "frame.time_delta_displayed": "0.000953000", + "frame.time_relative": "2580.511031000", + "frame.number": "9107", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001d7e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005a4e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54935", + "tcp.dstport": "80", + "tcp.port": "54935", + "tcp.port": "80", + "tcp.stream": "351", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000788a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003100000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.972184000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.972184000", + "frame.time_delta": "0.000467000", + "frame.time_delta_displayed": "0.000467000", + "frame.time_relative": "2580.511498000", + "frame.number": "9108", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000082a2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000035d1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54935", + "tcp.port": "80", + "tcp.port": "54935", + "tcp.stream": "351", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000054a2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9107", + "tcp.analysis.ack_rtt": "0.000467000", + "tcp.analysis.initial_rtt": "0.003100000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.972828000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.972828000", + "frame.time_delta": "0.000644000", + "frame.time_delta_displayed": "0.000644000", + "frame.time_relative": "2580.512142000", + "frame.number": "9109", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000082a3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000035bf", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54935", + "tcp.port": "80", + "tcp.port": "54935", + "tcp.stream": "351", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000094c3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003100000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.973184000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.973184000", + "frame.time_delta": "0.000356000", + "frame.time_delta_displayed": "0.000356000", + "frame.time_relative": "2580.512498000", + "frame.number": "9110", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000082a4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000031ec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54935", + "tcp.port": "80", + "tcp.port": "54935", + "tcp.stream": "351", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000e72c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.003100000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "9109", + "tcp.segment": "9110", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001467000", + "http.request_in": "9107", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.975899000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.975899000", + "frame.time_delta": "0.002715000", + "frame.time_delta_displayed": "0.002715000", + "frame.time_relative": "2580.515213000", + "frame.number": "9111", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d7f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005af4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54935", + "tcp.dstport": "80", + "tcp.port": "54935", + "tcp.port": "80", + "tcp.stream": "351", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005e79", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9110", + "tcp.analysis.ack_rtt": "0.002715000", + "tcp.analysis.initial_rtt": "0.003100000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.976467000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.976467000", + "frame.time_delta": "0.000568000", + "frame.time_delta_displayed": "0.000568000", + "frame.time_relative": "2580.515781000", + "frame.number": "9112", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d80", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005af3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54935", + "tcp.dstport": "80", + "tcp.port": "54935", + "tcp.port": "80", + "tcp.stream": "351", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00005e78", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:31.976910000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496171.976910000", + "frame.time_delta": "0.000443000", + "frame.time_delta_displayed": "0.000443000", + "frame.time_relative": "2580.516224000", + "frame.number": "9113", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c999", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eed9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54935", + "tcp.port": "80", + "tcp.port": "54935", + "tcp.stream": "351", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000050ac", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9112", + "tcp.analysis.ack_rtt": "0.000443000", + "tcp.analysis.initial_rtt": "0.003100000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:32.010825000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496172.010825000", + "frame.time_delta": "0.033915000", + "frame.time_delta_displayed": "0.033915000", + "frame.time_relative": "2580.550139000", + "frame.number": "9114", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000d7d1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000df76", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "52117", + "udp.port": "1900", + "udp.port": "52117", + "udp.length": "308", + "udp.checksum": "0x00002afb", + "udp.checksum.status": "2", + "udp.stream": "11" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "132", + "http.prev_response_in": "9103" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:32.015793000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496172.015793000", + "frame.time_delta": "0.004968000", + "frame.time_delta_displayed": "0.004968000", + "frame.time_relative": "2580.555107000", + "frame.number": "9115", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00001d81", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005ae6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54936", + "tcp.dstport": "80", + "tcp.port": "54936", + "tcp.port": "80", + "tcp.stream": "352", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "64240", + "tcp.window_size": "64240", + "tcp.checksum": "0x0000f48b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 8 (multiply by 256)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "8", + "tcp.options.wscale.multiplier": "256" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:32.016339000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496172.016339000", + "frame.time_delta": "0.000546000", + "frame.time_delta_displayed": "0.000546000", + "frame.time_relative": "2580.555653000", + "frame.number": "9116", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000b867", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54936", + "tcp.port": "80", + "tcp.port": "54936", + "tcp.stream": "352", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00008e43", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "9115", + "tcp.analysis.ack_rtt": "0.000546000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:32.020191000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496172.020191000", + "frame.time_delta": "0.003852000", + "frame.time_delta_displayed": "0.003852000", + "frame.time_relative": "2580.559505000", + "frame.number": "9117", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d82", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005af1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54936", + "tcp.dstport": "80", + "tcp.port": "54936", + "tcp.port": "80", + "tcp.stream": "352", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00004022", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9116", + "tcp.analysis.ack_rtt": "0.003852000", + "tcp.analysis.initial_rtt": "0.004398000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:32.020675000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496172.020675000", + "frame.time_delta": "0.000484000", + "frame.time_delta_displayed": "0.000484000", + "frame.time_relative": "2580.559989000", + "frame.number": "9118", + "frame.len": "221", + "frame.cap_len": "221", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "207", + "ip.id": "0x00001d83", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005a49", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54936", + "tcp.dstport": "80", + "tcp.port": "54936", + "tcp.port": "80", + "tcp.stream": "352", + "tcp.len": "167", + "tcp.seq": "1", + "tcp.nxtseq": "168", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "256", + "tcp.window_size": "65536", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x0000559b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004398000", + "tcp.analysis.bytes_in_flight": "167", + "tcp.analysis.push_bytes_sent": "167" + } + }, + "http": { + "GET \/description.xml HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/description.xml", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "192.168.0.160", + "http.request.line": "Host: 192.168.0.160\r\n", + "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", + "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", + "http.request.line": "Keep-Alive: 0\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.accept_encoding": "gzip", + "http.request.line": "Accept-Encoding: gzip\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:32.021209000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496172.021209000", + "frame.time_delta": "0.000534000", + "frame.time_delta_displayed": "0.000534000", + "frame.time_relative": "2580.560523000", + "frame.number": "9119", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000051d2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000066a1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54936", + "tcp.port": "80", + "tcp.port": "54936", + "tcp.stream": "352", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000031b3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9118", + "tcp.analysis.ack_rtt": "0.000534000", + "tcp.analysis.initial_rtt": "0.004398000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:32.021804000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496172.021804000", + "frame.time_delta": "0.000595000", + "frame.time_delta_displayed": "0.000595000", + "frame.time_relative": "2580.561118000", + "frame.number": "9120", + "frame.len": "71", + "frame.cap_len": "71", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "57", + "ip.id": "0x000051d3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000668f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54936", + "tcp.port": "80", + "tcp.port": "54936", + "tcp.stream": "352", + "tcp.len": "17", + "tcp.seq": "1", + "tcp.nxtseq": "18", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000071d4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004398000", + "tcp.analysis.bytes_in_flight": "17", + "tcp.analysis.push_bytes_sent": "17" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:32.022156000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496172.022156000", + "frame.time_delta": "0.000352000", + "frame.time_delta_displayed": "0.000352000", + "frame.time_relative": "2580.561470000", + "frame.number": "9121", + "frame.len": "1049", + "frame.cap_len": "1049", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:xml" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1035", + "ip.id": "0x000051d4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000062bc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54936", + "tcp.port": "80", + "tcp.port": "54936", + "tcp.stream": "352", + "tcp.len": "995", + "tcp.seq": "18", + "tcp.nxtseq": "1014", + "tcp.ack": "168", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000019", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x0000c43d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.004398000", + "tcp.analysis.bytes_in_flight": "1013", + "tcp.analysis.push_bytes_sent": "995" + }, + "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "tcp.segments": { + "tcp.segment": "9120", + "tcp.segment": "9121", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1012", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/xml", + "http.response.line": "Content-type: text\/xml\r\n", + "http.connection": "Keep-Alive", + "http.response.line": "Connection: Keep-Alive\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.001481000", + "http.request_in": "9118", + "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" + }, + "xml": { + "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", + "xml.xmlpi.xml_tree": { + "xml.xmlpi.xml.version": "1.0", + "xml.xmlpi.xml.encoding": "UTF-8", + "?>": "" + }, + "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", + "xml.tag_tree": { + "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", + "xml.tag": "<specVersion>", + "xml.tag_tree": { + "xml.tag": "<major>", + "xml.tag_tree": { + "xml.cdata": "1", + "<\/major>": "" + }, + "xml.tag": "<minor>", + "xml.tag_tree": { + "xml.cdata": "0", + "<\/minor>": "" + }, + "<\/specVersion>": "" + }, + "xml.tag": "<URLBase>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/192.168.0.160:80\/", + "<\/URLBase>": "" + }, + "xml.tag": "<device>", + "xml.tag_tree": { + "xml.tag": "<deviceType>", + "xml.tag_tree": { + "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", + "<\/deviceType>": "" + }, + "xml.tag": "<friendlyName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue (192.168.0.160)", + "<\/friendlyName>": "" + }, + "xml.tag": "<manufacturer>", + "xml.tag_tree": { + "xml.cdata": "Royal Philips Electronics", + "<\/manufacturer>": "" + }, + "xml.tag": "<manufacturerURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.philips.com", + "<\/manufacturerURL>": "" + }, + "xml.tag": "<modelDescription>", + "xml.tag_tree": { + "xml.cdata": "Philips hue Personal Wireless Lighting", + "<\/modelDescription>": "" + }, + "xml.tag": "<modelName>", + "xml.tag_tree": { + "xml.cdata": "Philips hue bridge 2015", + "<\/modelName>": "" + }, + "xml.tag": "<modelNumber>", + "xml.tag_tree": { + "xml.cdata": "BSB002", + "<\/modelNumber>": "" + }, + "xml.tag": "<modelURL>", + "xml.tag_tree": { + "xml.cdata": "http:\/\/www.meethue.com", + "<\/modelURL>": "" + }, + "xml.tag": "<serialNumber>", + "xml.tag_tree": { + "xml.cdata": "00178869eee4", + "<\/serialNumber>": "" + }, + "xml.tag": "<UDN>", + "xml.tag_tree": { + "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", + "<\/UDN>": "" + }, + "xml.tag": "<presentationURL>", + "xml.tag_tree": { + "xml.cdata": "index.html", + "<\/presentationURL>": "" + }, + "xml.tag": "<iconList>", + "xml.tag_tree": { + "xml.tag": "<icon>", + "xml.tag_tree": { + "xml.tag": "<mimetype>", + "xml.tag_tree": { + "xml.cdata": "image\/png", + "<\/mimetype>": "" + }, + "xml.tag": "<height>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/height>": "" + }, + "xml.tag": "<width>", + "xml.tag_tree": { + "xml.cdata": "48", + "<\/width>": "" + }, + "xml.tag": "<depth>", + "xml.tag_tree": { + "xml.cdata": "24", + "<\/depth>": "" + }, + "xml.tag": "<url>", + "xml.tag_tree": { + "xml.cdata": "hue_logo_0.png", + "<\/url>": "" + }, + "<\/icon>": "" + }, + "<\/iconList>": "" + }, + "<\/device>": "" + }, + "<\/root>": "" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:32.026218000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496172.026218000", + "frame.time_delta": "0.004062000", + "frame.time_delta_displayed": "0.004062000", + "frame.time_relative": "2580.565532000", + "frame.number": "9122", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d84", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005aef", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54936", + "tcp.dstport": "80", + "tcp.port": "54936", + "tcp.port": "80", + "tcp.stream": "352", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003b8a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9121", + "tcp.analysis.ack_rtt": "0.004062000", + "tcp.analysis.initial_rtt": "0.004398000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:32.026801000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496172.026801000", + "frame.time_delta": "0.000583000", + "frame.time_delta_displayed": "0.000583000", + "frame.time_relative": "2580.566115000", + "frame.number": "9123", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001d85", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "6", + "ip.checksum": "0x00005aee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "54936", + "tcp.dstport": "80", + "tcp.port": "54936", + "tcp.port": "80", + "tcp.stream": "352", + "tcp.len": "0", + "tcp.seq": "168", + "tcp.ack": "1014", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "252", + "tcp.window_size": "64512", + "tcp.window_size_scalefactor": "256", + "tcp.checksum": "0x00003b89", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:32.027249000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496172.027249000", + "frame.time_delta": "0.000448000", + "frame.time_delta_displayed": "0.000448000", + "frame.time_relative": "2580.566563000", + "frame.number": "9124", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c99d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000eed5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "54936", + "tcp.port": "80", + "tcp.port": "54936", + "tcp.stream": "352", + "tcp.len": "0", + "tcp.seq": "1014", + "tcp.ack": "169", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00002dbd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9123", + "tcp.analysis.ack_rtt": "0.000448000", + "tcp.analysis.initial_rtt": "0.004398000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:33.490502000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496173.490502000", + "frame.time_delta": "1.463253000", + "frame.time_delta_displayed": "1.463253000", + "frame.time_relative": "2582.029816000", + "frame.number": "9125", + "frame.len": "418", + "frame.cap_len": "418", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "404", + "ip.id": "0x0000974f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000074d0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "352", + "tcp.seq": "109210", + "tcp.nxtseq": "109562", + "tcp.ack": "24126", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00005f40", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:a1:90:a7:a4:bc:37", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2662800, TSecr 2812591159": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2662800", + "tcp.options.timestamp.tsecr": "2812591159" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "352", + "tcp.analysis.push_bytes_sent": "352" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "347", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:ee:51:09:e3:f7:5c:7b:35:75:2c:2b:de:00:27:b1:13:40:c6:21:30:44:6a:38:3c:45:5e:59:c7:e0:fd:3c:76:e0:3b:53:8e:0e:48:e9:ff:06:fb:29:64:63:db:1e:d8:13:e1:9d:5b:54:88:4b:8a:94:09:37:d4:53:fa:d8:48:25:f7:af:8d:e1:10:d4:93:96:e1:01:a5:60:f9:4d:a8:39:e1:f4:21:c9:cc:1b:3b:72:0c:e8:c1:43:96:0b:cb:c6:52:b7:8d:69:fe:6c:2e:ac:e4:6d:05:b2:72:e0:9b:86:04:ad:ba:90:e1:8b:0a:65:49:85:10:44:75:40:5a:03:0e:f8:4a:53:ff:45:d2:0b:2a:02:b4:05:fb:29:86:26:49:3b:66:97:06:17:ab:0d:f8:87:67:ca:24:6b:80:40:69:c0:2b:06:3e:44:ee:79:d2:ec:36:dc:75:be:5d:ea:9e:9b:00:5c:79:a0:0e:5c:a9:c2:76:4e:37:56:ba:c3:f4:fb:f0:46:79:68:6f:72:b3:f7:a5:ed:b2:bc:ea:27:51:ee:0a:4b:ff:70:98:38:94:17:a7:3b:67:0c:97:4f:92:1d:9b:b4:7a:0c:fb:44:d0:43:2b:a8:27:15:2c:e9:ec:c1:54:8d:de:4c:13:db:37:dd:bc:d9:5c:6f:74:52:a0:21:50:c5:52:63:19:5a:ee:55:54:b5:3e:8f:8e:56:aa:e7:1e:9e:75:d7:10:a6:25:81:e8:0c:03:c7:28:86:b2:83:7f:c5:eb:13:c4:9e:69:46:00:6e:f4:03:d8:15:57:a8:5f:ba:d2:53:4a:a1:8c:72:ba:74:59:e2:a5:a6:52:c5:4c:d7:71:2d:0b:86:01:08:99:b9:4d:80:87:eb:cc:de:c1" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:33.551737000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496173.551737000", + "frame.time_delta": "0.061235000", + "frame.time_delta_displayed": "0.061235000", + "frame.time_relative": "2582.091051000", + "frame.number": "9126", + "frame.len": "113", + "frame.cap_len": "113", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "99", + "ip.id": "0x00002e47", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003709", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "47", + "tcp.seq": "24126", + "tcp.nxtseq": "24173", + "tcp.ack": "109562", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000597f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:d4:e8:00:28:a1:90", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812597480, TSecr 2662800": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812597480", + "tcp.options.timestamp.tsecr": "2662800" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "9125", + "tcp.analysis.ack_rtt": "0.061235000", + "tcp.analysis.bytes_in_flight": "47", + "tcp.analysis.push_bytes_sent": "47" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "42", + "ssl.app_data": "34:cd:34:17:47:48:0e:fe:24:c8:78:e8:d7:15:f6:eb:b9:af:33:35:45:fd:ce:32:01:82:c9:01:a8:b5:02:50:da:4c:4d:1e:f9:41:f5:77:60:e9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:33.552243000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496173.552243000", + "frame.time_delta": "0.000506000", + "frame.time_delta_displayed": "0.000506000", + "frame.time_relative": "2582.091557000", + "frame.number": "9127", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009750", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000762f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "109562", + "tcp.ack": "24173", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000026ad", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:a1:97:a7:a4:d4:e8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2662807, TSecr 2812597480": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2662807", + "tcp.options.timestamp.tsecr": "2812597480" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "9126", + "tcp.analysis.ack_rtt": "0.000506000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:34.627699000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496174.627699000", + "frame.time_delta": "1.075456000", + "frame.time_delta_displayed": "1.075456000", + "frame.time_relative": "2583.167013000", + "frame.number": "9128", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005841", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a650", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5357", + "tcp.ack": "865", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ee72", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive": "", + "_ws.expert.message": "TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:34.771431000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496174.771431000", + "frame.time_delta": "0.143732000", + "frame.time_delta_displayed": "0.143732000", + "frame.time_relative": "2583.310745000", + "frame.number": "9129", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00001020", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd71", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "865", + "tcp.ack": "5358", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000f8e7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.flags": { + "_ws.expert": { + "tcp.analysis.keep_alive_ack": "", + "_ws.expert.message": "ACK to a TCP keep-alive segment", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:36.672051000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496176.672051000", + "frame.time_delta": "1.900620000", + "frame.time_delta_displayed": "1.900620000", + "frame.time_relative": "2585.211365000", + "frame.number": "9130", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002138", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57452", + "udp.dstport": "1900", + "udp.port": "57452", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x000069f1", + "udp.checksum.status": "2", + "udp.stream": "163" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:37.054401000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496177.054401000", + "frame.time_delta": "0.382350000", + "frame.time_delta_displayed": "0.382350000", + "frame.time_relative": "2585.593715000", + "frame.number": "9131", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00005ff6", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x000057f3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:37.327363000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496177.327363000", + "frame.time_delta": "0.272962000", + "frame.time_delta_displayed": "0.272962000", + "frame.time_relative": "2585.866677000", + "frame.number": "9132", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000d9ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dd9e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "305", + "udp.checksum": "0x0000e4ae", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:37.380176000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496177.380176000", + "frame.time_delta": "0.052813000", + "frame.time_delta_displayed": "0.052813000", + "frame.time_relative": "2585.919490000", + "frame.number": "9133", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000d9af", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dd92", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "314", + "udp.checksum": "0x0000f299", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "2", + "http.prev_response_in": "9132" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:37.432974000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496177.432974000", + "frame.time_delta": "0.052798000", + "frame.time_delta_displayed": "0.052798000", + "frame.time_relative": "2585.972288000", + "frame.number": "9134", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000d9b0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dd97", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "308", + "udp.checksum": "0x00001624", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "3", + "http.prev_response_in": "9133" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:37.598229000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496177.598229000", + "frame.time_delta": "0.165255000", + "frame.time_delta_displayed": "0.165255000", + "frame.time_relative": "2586.137543000", + "frame.number": "9135", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000e5c7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d2ee", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "39280", + "udp.dstport": "53", + "udp.port": "39280", + "udp.port": "53", + "udp.length": "49", + "udp.checksum": "0x0000f329", + "udp.checksum.status": "2", + "udp.stream": "165" + }, + "dns": { + "dns.id": "0x000000d5", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "diagnostics.meethue.com: type A, class IN": { + "dns.qry.name": "diagnostics.meethue.com", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:37.600242000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496177.600242000", + "frame.time_delta": "0.002013000", + "frame.time_delta_displayed": "0.002013000", + "frame.time_relative": "2586.139556000", + "frame.number": "9136", + "frame.len": "297", + "frame.cap_len": "297", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "283", + "ip.id": "0x0000cd39", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000eaa6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "39280", + "udp.port": "53", + "udp.port": "39280", + "udp.length": "263", + "udp.checksum": "0x0000830a", + "udp.checksum.status": "2", + "udp.stream": "165" + }, + "dns": { + "dns.response_to": "9135", + "dns.time": "0.002013000", + "dns.id": "0x000000d5", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "diagnostics.meethue.com: type A, class IN": { + "dns.qry.name": "diagnostics.meethue.com", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "diagnostics.meethue.com: type A, class IN, addr 130.211.67.12": { + "dns.resp.name": "diagnostics.meethue.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "191", + "dns.resp.len": "4", + "dns.a": "130.211.67.12" + } + }, + "Authoritative nameservers": { + "meethue.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "meethue.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2563", + "dns.resp.len": "18", + "dns.ns": "ns3.ext.philips.com" + }, + "meethue.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "meethue.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2563", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + }, + "meethue.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "meethue.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2563", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "167074", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "27847", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "27847", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001:0:57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "170769", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001:0:57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "85831", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1:0:57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "85831", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1:0:57:73:36:68" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:37.601058000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496177.601058000", + "frame.time_delta": "0.000816000", + "frame.time_delta_displayed": "0.000816000", + "frame.time_relative": "2586.140372000", + "frame.number": "9137", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00006b86", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004816", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "130.211.67.12", + "ip.addr": "130.211.67.12", + "ip.dst_host": "130.211.67.12", + "ip.host": "130.211.67.12", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "46284", + "tcp.dstport": "80", + "tcp.port": "46284", + "tcp.port": "80", + "tcp.stream": "353", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000099cd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:37.675285000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496177.675285000", + "frame.time_delta": "0.074227000", + "frame.time_delta_displayed": "0.074227000", + "frame.time_relative": "2586.214599000", + "frame.number": "9138", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x00002139", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6db", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57452", + "udp.dstport": "1900", + "udp.port": "57452", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x000069f1", + "udp.checksum.status": "2", + "udp.stream": "163" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "2", + "http.prev_request_in": "9130" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:37.744503000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496177.744503000", + "frame.time_delta": "0.069218000", + "frame.time_delta_displayed": "0.069218000", + "frame.time_relative": "2586.283817000", + "frame.number": "9139", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000c29c", + "ip.checksum.status": "2", + "ip.src": "130.211.67.12", + "ip.addr": "130.211.67.12", + "ip.src_host": "130.211.67.12", + "ip.host": "130.211.67.12", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "46284", + "tcp.port": "80", + "tcp.port": "46284", + "tcp.stream": "353", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "28400", + "tcp.window_size": "28400", + "tcp.checksum": "0x0000b4d9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:8c:01:01:04:02:01:03:03:07", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1420" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 7 (multiply by 128)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "7", + "tcp.options.wscale.multiplier": "128" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "9137", + "tcp.analysis.ack_rtt": "0.143445000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:37.745028000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496177.745028000", + "frame.time_delta": "0.000525000", + "frame.time_delta_displayed": "0.000525000", + "frame.time_relative": "2586.284342000", + "frame.number": "9140", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006b87", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004821", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "130.211.67.12", + "ip.addr": "130.211.67.12", + "ip.dst_host": "130.211.67.12", + "ip.host": "130.211.67.12", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "46284", + "tcp.dstport": "80", + "tcp.port": "46284", + "tcp.port": "80", + "tcp.stream": "353", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005632", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9139", + "tcp.analysis.ack_rtt": "0.000525000", + "tcp.analysis.initial_rtt": "0.143970000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:37.745041000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496177.745041000", + "frame.time_delta": "0.000013000", + "frame.time_delta_displayed": "0.000013000", + "frame.time_relative": "2586.284355000", + "frame.number": "9141", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "45", + "ip.id": "0x00006b88", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000481b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "130.211.67.12", + "ip.addr": "130.211.67.12", + "ip.dst_host": "130.211.67.12", + "ip.host": "130.211.67.12", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "46284", + "tcp.dstport": "80", + "tcp.port": "46284", + "tcp.port": "80", + "tcp.stream": "353", + "tcp.len": "5", + "tcp.seq": "1", + "tcp.nxtseq": "6", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00009281", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.143970000", + "tcp.analysis.bytes_in_flight": "5", + "tcp.analysis.push_bytes_sent": "5" + }, + "tcp.segment_data": "50:4f:53:54:20" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:37.746593000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496177.746593000", + "frame.time_delta": "0.001552000", + "frame.time_delta_displayed": "0.001552000", + "frame.time_relative": "2586.285907000", + "frame.number": "9142", + "frame.len": "1474", + "frame.cap_len": "1474", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1460", + "ip.id": "0x00006b89", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004293", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "130.211.67.12", + "ip.addr": "130.211.67.12", + "ip.dst_host": "130.211.67.12", + "ip.host": "130.211.67.12", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "46284", + "tcp.dstport": "80", + "tcp.port": "46284", + "tcp.port": "80", + "tcp.stream": "353", + "tcp.len": "1420", + "tcp.seq": "6", + "tcp.nxtseq": "1426", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x000010b3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.143970000", + "tcp.analysis.bytes_in_flight": "1425", + "tcp.analysis.push_bytes_sent": "1420" + }, + "tcp.segment_data": "2f:62:72:69:64:67:65:73:2f:77:73:2f:73:74:61:74:73:3f:73:73:6f:3d:39:31:63:32:62:34:34:65:30:63:63:32:65:32:31:65:64:34:39:35:37:36:61:62:36:37:33:32:63:31:35:62:35:63:38:61:38:36:65:35:66:34:32:31:31:66:65:62:34:61:31:65:39:61:30:38:36:64:64:64:66:39:64:32:36:36:33:65:37:63:36:62:30:33:35:61:33:33:62:34:33:64:64:39:38:63:36:31:36:38:38:34:32:63:36:62:62:65:64:34:66:38:34:66:38:62:61:32:37:63:62:36:65:36:35:39:33:64:63:33:64:65:30:37:61:32:39:30:30:32:33:37:36:62:37:38:39:31:39:64:36:31:30:33:37:66:38:31:62:66:35:39:31:61:33:64:38:32:35:65:61:66:39:37:38:30:63:31:38:63:64:30:37:31:38:34:33:65:64:66:30:61:63:63:31:32:34:32:34:34:30:36:65:66:64:62:62:33:37:30:62:33:66:39:32:39:36:36:65:63:39:62:36:34:34:64:32:31:62:64:62:65:31:64:39:37:65:64:32:38:34:61:31:63:35:35:62:37:63:65:32:30:61:66:39:31:37:64:31:36:39:30:32:34:63:32:35:62:36:33:66:33:32:65:34:37:65:33:61:37:30:31:34:37:65:35:66:32:37:61:62:66:30:37:62:39:36:34:37:63:37:32:64:63:35:31:30:39:39:37:61:39:63:33:64:62:30:65:66:61:31:30:64:39:34:65:36:31:32:37:35:38:37:30:64:33:62:66:61:32:64:39:36:37:33:34:35:37:63:39:34:39:66:30:39:36:31:31:66:34:36:31:35:38:61:33:38:38:65:62:64:31:30:36:65:61:34:33:31:34:34:63:30:34:31:65:32:38:33:35:62:34:32:36:26:69:3d:36:64:66:30:63:36:39:34:32:64:64:37:35:36:34:32:66:35:63:38:32:65:63:35:61:62:34:38:62:66:61:37:26:61:75:74:68:3d:35:30:33:39:65:30:63:65:31:33:62:61:64:61:36:32:31:65:37:33:65:36:38:66:62:30:33:64:62:33:64:64:38:61:63:62:39:30:66:63:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:69:61:67:6e:6f:73:74:69:63:73:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3a:38:30:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:54:72:61:6e:73:66:65:72:2d:65:6e:63:6f:64:69:6e:67:3a:20:63:68:75:6e:6b:65:64:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:74:65:78:74:2f:70:6c:61:69:6e:0d:0a:0d:0a:32:30:0d:0a:61:36:65:34:62:38:34:63:65:39:61:31:32:34:39:64:38:61:36:35:61:34:38:33:37:66:64:64:64:36:61:37:0d:0a:32:30:0d:0a:63:33:63:61:34:32:38:61:36:39:30:30:36:66:32:34:35:63:64:36:33:66:33:32:37:34:36:36:61:38:62:65:0d:0a:32:30:0d:0a:39:62:33:63:37:39:33:30:61:63:33:63:64:37:39:65:39:36:64:61:36:32:35:35:33:32:34:31:66:65:35:33:0d:0a:32:30:0d:0a:39:62:35:64:30:38:65:35:66:30:33:65:62:33:65:35:39:37:36:33:38:33:31:36:32:36:66:30:35:33:63:32:0d:0a:32:30:0d:0a:64:66:33:31:65:64:35:36:36:35:34:65:33:33:32:65:66:33:65:66:30:31:38:30:65:32:38:32:64:30:30:39:0d:0a:32:30:0d:0a:38:32:65:61:36:65:30:34:64:61:61:38:62:62:39:38:37:33:32:31:63:66:63:34:62:35:65:65:32:63:36:30:0d:0a:32:30:0d:0a:65:38:66:65:33:66:62:34:31:66:37:64:36:62:66:65:62:31:63:65:30:37:30:32:33:39:31:66:31:33:65:33:0d:0a:32:30:0d:0a:64:62:36:63:37:32:35:37:33:34:35:31:32:64:33:38:35:36:34:63:37:63:65:37:66:34:37:34:38:62:32:30:0d:0a:32:30:0d:0a:64:30:34:38:66:33:34:65:30:37:32:65:31:63:37:30:65:37:61:35:39:37:38:63:35:32:38:30:37:34:39:30:0d:0a:32:30:0d:0a:34:31:30:32:32:30:33:30:63:37:61:66:35:36:66:63:61:61:37:34:63:38:31:31:66:33:38:66:38:63:63:64:0d:0a:32:30:0d:0a:65:38:33:31:34:37:66:32:33:35:61:35:61:38:63:61:65:64:38:31:37:32:66:61:39:32:36:61:64:37:34:61:0d:0a:32:30:0d:0a:66:36:64:38:31:62:64:61:37:39:61:64:36:65:64:38:61:64:61:37:39:62:65:66:31:34:39:30:30:63:36:39:0d:0a:32:30:0d:0a:35:33:63:65:30:62:33:63:35:33:66:65:66:38:64:65:33:36:39:35:63:61:36:31:31:65:63:39:63:36:65:63:0d:0a:32:30:0d:0a:31:64:61:30:30:33:65:36:65:63:34:65:61:62:31:32:32:32:31:63:32:66:30:66:36:33:64:36:30:32:34:35:0d:0a:32:30:0d:0a:65:33:37:64:64:36:33:66:34:61:37:35:35:31:33:31:32:39:32:61:65:36:63:64:66:64:64:32:37:66:36:63:0d:0a:32:30:0d:0a:30:36:65:32:63:32:66:65:61:39:31:37:66:62:65:36:35:34:34:37:31:36:37:66:64:65:64:34:35:62:31:65:0d:0a:32:30:0d:0a:32:30:32:34:62:33:36:62:32:34:34:66:64:39:34:35:62:37:38:31:62:39:36:63:34:30:39:64:32:64:36:31:0d:0a:32:30:0d:0a:64:66:65:37:32:38:33:61:32:36:37:39:63:37:37:32:39:30:65:66:61:62:35:35:34:33:65:38:37:35:64:62:0d:0a:32:30:0d:0a:34:33:38:63:32:38:30:39:32:65:38:65:30:62:31:33:63:38:32:37:38:34:34:36:31:36:64:65:64:32:65:30:0d:0a:32:30:0d:0a:61:65:63:37:33:36:32:35:33:31:37:32:38:37:61:35:66:38:39:30:34:37:65:39:31:38:30:65:66:37:31:64:0d:0a:32:30:0d:0a:30:37:39:34:33:30:36:31:62:39:35:31:66:30:61:64:65:39:64:66:61:66:33:30:34:36:65:36:36:61:63:64:0d:0a:32:30:0d:0a:65:34:65:37:38:39:37:62:64:33:33" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:37.887831000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496177.887831000", + "frame.time_delta": "0.141238000", + "frame.time_delta_displayed": "0.141238000", + "frame.time_relative": "2586.427145000", + "frame.number": "9143", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002060", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000a248", + "ip.checksum.status": "2", + "ip.src": "130.211.67.12", + "ip.addr": "130.211.67.12", + "ip.src_host": "130.211.67.12", + "ip.host": "130.211.67.12", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "46284", + "tcp.port": "80", + "tcp.port": "46284", + "tcp.stream": "353", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "6", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "222", + "tcp.window_size": "28416", + "tcp.window_size_scalefactor": "128", + "tcp.checksum": "0x00006391", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9141", + "tcp.analysis.ack_rtt": "0.142790000", + "tcp.analysis.initial_rtt": "0.143970000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:37.888359000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496177.888359000", + "frame.time_delta": "0.000528000", + "frame.time_delta_displayed": "0.000528000", + "frame.time_relative": "2586.427673000", + "frame.number": "9144", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data-text-lines" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x00006b8a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000046f8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "130.211.67.12", + "ip.addr": "130.211.67.12", + "ip.dst_host": "130.211.67.12", + "ip.host": "130.211.67.12", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "46284", + "tcp.dstport": "80", + "tcp.port": "46284", + "tcp.port": "80", + "tcp.stream": "353", + "tcp.len": "294", + "tcp.seq": "1426", + "tcp.nxtseq": "1720", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3650", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00005bad", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.143970000", + "tcp.analysis.bytes_in_flight": "1714", + "tcp.analysis.push_bytes_sent": "1714" + }, + "tcp.segment_data": "66:64:66:62:37:64:62:65:36:30:61:61:33:66:62:63:36:36:66:35:62:0d:0a:32:30:0d:0a:64:66:64:36:34:66:39:36:35:39:61:62:38:32:35:32:64:61:36:33:34:65:39:66:66:38:63:34:66:61:63:62:0d:0a:32:30:0d:0a:65:30:32:61:38:37:30:35:34:32:39:30:36:32:36:30:34:37:65:66:62:61:34:32:62:38:37:39:35:34:61:61:0d:0a:32:30:0d:0a:63:63:61:63:36:30:33:63:65:61:63:64:38:38:62:62:34:34:32:34:66:63:66:31:37:33:34:36:62:31:64:35:0d:0a:32:30:0d:0a:33:65:66:35:61:34:61:38:30:32:36:64:30:37:63:36:63:31:36:37:62:30:32:33:32:62:39:64:65:33:32:34:0d:0a:32:30:0d:0a:65:33:64:34:34:66:37:30:64:62:31:33:36:65:30:63:35:32:37:36:39:37:34:31:66:36:36:63:37:64:63:37:0d:0a:32:30:0d:0a:66:32:37:33:37:37:63:31:33:38:65:30:33:66:39:30:31:39:31:63:64:34:64:30:64:38:35:66:62:35:30:35:0d:0a:32:30:0d:0a:38:61:35:35:39:35:33:34:33:36:33:37:32:34:64:35:39:61:31:37:32:32:31:32:62:33:37:30:30:63:35:38:0d:0a:30:0d:0a:0d:0a" + }, + "tcp.segments": { + "tcp.segment": "9141", + "tcp.segment": "9142", + "tcp.segment": "9144", + "tcp.segment.count": "3", + "tcp.reassembled.length": "1719", + "tcp.reassembled.data": "50:4f:53:54:20:2f:62:72:69:64:67:65:73:2f:77:73:2f:73:74:61:74:73:3f:73:73:6f:3d:39:31:63:32:62:34:34:65:30:63:63:32:65:32:31:65:64:34:39:35:37:36:61:62:36:37:33:32:63:31:35:62:35:63:38:61:38:36:65:35:66:34:32:31:31:66:65:62:34:61:31:65:39:61:30:38:36:64:64:64:66:39:64:32:36:36:33:65:37:63:36:62:30:33:35:61:33:33:62:34:33:64:64:39:38:63:36:31:36:38:38:34:32:63:36:62:62:65:64:34:66:38:34:66:38:62:61:32:37:63:62:36:65:36:35:39:33:64:63:33:64:65:30:37:61:32:39:30:30:32:33:37:36:62:37:38:39:31:39:64:36:31:30:33:37:66:38:31:62:66:35:39:31:61:33:64:38:32:35:65:61:66:39:37:38:30:63:31:38:63:64:30:37:31:38:34:33:65:64:66:30:61:63:63:31:32:34:32:34:34:30:36:65:66:64:62:62:33:37:30:62:33:66:39:32:39:36:36:65:63:39:62:36:34:34:64:32:31:62:64:62:65:31:64:39:37:65:64:32:38:34:61:31:63:35:35:62:37:63:65:32:30:61:66:39:31:37:64:31:36:39:30:32:34:63:32:35:62:36:33:66:33:32:65:34:37:65:33:61:37:30:31:34:37:65:35:66:32:37:61:62:66:30:37:62:39:36:34:37:63:37:32:64:63:35:31:30:39:39:37:61:39:63:33:64:62:30:65:66:61:31:30:64:39:34:65:36:31:32:37:35:38:37:30:64:33:62:66:61:32:64:39:36:37:33:34:35:37:63:39:34:39:66:30:39:36:31:31:66:34:36:31:35:38:61:33:38:38:65:62:64:31:30:36:65:61:34:33:31:34:34:63:30:34:31:65:32:38:33:35:62:34:32:36:26:69:3d:36:64:66:30:63:36:39:34:32:64:64:37:35:36:34:32:66:35:63:38:32:65:63:35:61:62:34:38:62:66:61:37:26:61:75:74:68:3d:35:30:33:39:65:30:63:65:31:33:62:61:64:61:36:32:31:65:37:33:65:36:38:66:62:30:33:64:62:33:64:64:38:61:63:62:39:30:66:63:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:69:61:67:6e:6f:73:74:69:63:73:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3a:38:30:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:54:72:61:6e:73:66:65:72:2d:65:6e:63:6f:64:69:6e:67:3a:20:63:68:75:6e:6b:65:64:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:74:65:78:74:2f:70:6c:61:69:6e:0d:0a:0d:0a:32:30:0d:0a:61:36:65:34:62:38:34:63:65:39:61:31:32:34:39:64:38:61:36:35:61:34:38:33:37:66:64:64:64:36:61:37:0d:0a:32:30:0d:0a:63:33:63:61:34:32:38:61:36:39:30:30:36:66:32:34:35:63:64:36:33:66:33:32:37:34:36:36:61:38:62:65:0d:0a:32:30:0d:0a:39:62:33:63:37:39:33:30:61:63:33:63:64:37:39:65:39:36:64:61:36:32:35:35:33:32:34:31:66:65:35:33:0d:0a:32:30:0d:0a:39:62:35:64:30:38:65:35:66:30:33:65:62:33:65:35:39:37:36:33:38:33:31:36:32:36:66:30:35:33:63:32:0d:0a:32:30:0d:0a:64:66:33:31:65:64:35:36:36:35:34:65:33:33:32:65:66:33:65:66:30:31:38:30:65:32:38:32:64:30:30:39:0d:0a:32:30:0d:0a:38:32:65:61:36:65:30:34:64:61:61:38:62:62:39:38:37:33:32:31:63:66:63:34:62:35:65:65:32:63:36:30:0d:0a:32:30:0d:0a:65:38:66:65:33:66:62:34:31:66:37:64:36:62:66:65:62:31:63:65:30:37:30:32:33:39:31:66:31:33:65:33:0d:0a:32:30:0d:0a:64:62:36:63:37:32:35:37:33:34:35:31:32:64:33:38:35:36:34:63:37:63:65:37:66:34:37:34:38:62:32:30:0d:0a:32:30:0d:0a:64:30:34:38:66:33:34:65:30:37:32:65:31:63:37:30:65:37:61:35:39:37:38:63:35:32:38:30:37:34:39:30:0d:0a:32:30:0d:0a:34:31:30:32:32:30:33:30:63:37:61:66:35:36:66:63:61:61:37:34:63:38:31:31:66:33:38:66:38:63:63:64:0d:0a:32:30:0d:0a:65:38:33:31:34:37:66:32:33:35:61:35:61:38:63:61:65:64:38:31:37:32:66:61:39:32:36:61:64:37:34:61:0d:0a:32:30:0d:0a:66:36:64:38:31:62:64:61:37:39:61:64:36:65:64:38:61:64:61:37:39:62:65:66:31:34:39:30:30:63:36:39:0d:0a:32:30:0d:0a:35:33:63:65:30:62:33:63:35:33:66:65:66:38:64:65:33:36:39:35:63:61:36:31:31:65:63:39:63:36:65:63:0d:0a:32:30:0d:0a:31:64:61:30:30:33:65:36:65:63:34:65:61:62:31:32:32:32:31:63:32:66:30:66:36:33:64:36:30:32:34:35:0d:0a:32:30:0d:0a:65:33:37:64:64:36:33:66:34:61:37:35:35:31:33:31:32:39:32:61:65:36:63:64:66:64:64:32:37:66:36:63:0d:0a:32:30:0d:0a:30:36:65:32:63:32:66:65:61:39:31:37:66:62:65:36:35:34:34:37:31:36:37:66:64:65:64:34:35:62:31:65:0d:0a:32:30:0d:0a:32:30:32:34:62:33:36:62:32:34:34:66:64:39:34:35:62:37:38:31:62:39:36:63:34:30:39:64:32:64:36:31:0d:0a:32:30:0d:0a:64:66:65:37:32:38:33:61:32:36:37:39:63:37:37:32:39:30:65:66:61:62:35:35:34:33:65:38:37:35:64:62:0d:0a:32:30:0d:0a:34:33:38:63:32:38:30:39:32:65:38:65:30:62:31:33:63:38:32:37:38:34:34:36:31:36:64:65:64:32:65:30:0d:0a:32:30:0d:0a:61:65:63:37:33:36:32:35:33:31:37:32:38:37:61:35:66:38:39:30:34:37:65:39:31:38:30:65:66:37:31:64:0d:0a:32:30:0d:0a:30:37:39:34:33:30:36:31:62:39:35:31:66:30:61:64:65:39:64:66:61:66:33:30:34:36:65:36:36:61:63:64:0d:0a:32:30:0d:0a:65:34:65:37:38:39:37:62:64:33:33:66:64:66:62:37:64:62:65:36:30:61:61:33:66:62:63:36:36:66:35:62:0d:0a:32:30:0d:0a:64:66:64:36:34:66:39:36:35:39:61:62:38:32:35:32:64:61:36:33:34:65:39:66:66:38:63:34:66:61:63:62:0d:0a:32:30:0d:0a:65:30:32:61:38:37:30:35:34:32:39:30:36:32:36:30:34:37:65:66:62:61:34:32:62:38:37:39:35:34:61:61:0d:0a:32:30:0d:0a:63:63:61:63:36:30:33:63:65:61:63:64:38:38:62:62:34:34:32:34:66:63:66:31:37:33:34:36:62:31:64:35:0d:0a:32:30:0d:0a:33:65:66:35:61:34:61:38:30:32:36:64:30:37:63:36:63:31:36:37:62:30:32:33:32:62:39:64:65:33:32:34:0d:0a:32:30:0d:0a:65:33:64:34:34:66:37:30:64:62:31:33:36:65:30:63:35:32:37:36:39:37:34:31:66:36:36:63:37:64:63:37:0d:0a:32:30:0d:0a:66:32:37:33:37:37:63:31:33:38:65:30:33:66:39:30:31:39:31:63:64:34:64:30:64:38:35:66:62:35:30:35:0d:0a:32:30:0d:0a:38:61:35:35:39:35:33:34:33:36:33:37:32:34:64:35:39:61:31:37:32:32:31:32:62:33:37:30:30:63:35:38:0d:0a:30:0d:0a:0d:0a" + }, + "http": { + " [truncated]POST \/bridges\/ws\/stats?sso=91c2b44e0cc2e21ed49576ab6732c15b5c8a86e5f4211feb4a1e9a086dddf9d2663e7c6b035a33b43dd98c6168842c6bbed4f84f8ba27cb6e6593dc3de07a29002376b78919d61037f81bf591a3d825eaf9780c18cd071843edf0acc12424406efdbb370": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/bridges\/ws\/stats?sso=91c2b44e0cc2e21ed49576ab6732c15b5c8a86e5f4211feb4a1e9a086dddf9d2663e7c6b035a33b43dd98c6168842c6bbed4f84f8ba27cb6e6593dc3de07a29002376b78919d61037f81bf591a3d825eaf9780c18cd071843edf0acc12424406efdbb370b3f92966ec9b", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/bridges\/ws\/stats?sso=91c2b44e0cc2e21ed49576ab6732c15b5c8a86e5f4211feb4a1e9a086dddf9d2663e7c6b035a33b43dd98c6168842c6bbed4f84f8ba27cb6e6593dc3de07a29002376b78919d61037f81bf591a3d825eaf9780c18cd071843edf0acc12424406efdbb370b3f92966ec9b644d21bdbe1d97ed284a1c55b7ce20af917d169024c25b63f32e47e3a70147e5f27abf07b9647c72dc510997a9c3db0efa10d94e61275870d3bfa2d9673457c949f09611f46158a388ebd106ea43144c041e2835b426&i=6df0c6942dd75642f5c82ec5ab48bfa7&auth=5039e0ce13bada621e73e68fb03db3dd8acb90fc", + "http.request.uri_tree": { + "http.request.uri.path": "\/bridges\/ws\/stats", + "http.request.uri.query": "sso=91c2b44e0cc2e21ed49576ab6732c15b5c8a86e5f4211feb4a1e9a086dddf9d2663e7c6b035a33b43dd98c6168842c6bbed4f84f8ba27cb6e6593dc3de07a29002376b78919d61037f81bf591a3d825eaf9780c18cd071843edf0acc12424406efdbb370b3f92966ec9b644d21bdbe1d97ed284a1c55b7ce20af917d169024c25b63f32e47e3a70147e5f27abf07b9647c72dc510997a9c3db0efa10d94e61275870d3bfa2d9673457c949f09611f46158a388ebd106ea43144c041e2835b426&i=6df0c6942dd75642f5c82ec5ab48bfa7&auth=5039e0ce13bada621e73e68fb03db3dd8acb90fc", + "http.request.uri.query_tree": { + "http.request.uri.query.parameter": "sso=91c2b44e0cc2e21ed49576ab6732c15b5c8a86e5f4211feb4a1e9a086dddf9d2663e7c6b035a33b43dd98c6168842c6bbed4f84f8ba27cb6e6593dc3de07a29002376b78919d61037f81bf591a3d825eaf9780c18cd071843edf0acc12424406efdbb370b3f92966ec9b644d21bdbe1d97ed284a1c55b7ce20af917d169024c25b63f32e47e3a70147e5f27abf07b9647c72dc510997a9c3db0efa10d94e61275870d3bfa2d9673457c949f09611f46158a388ebd106ea43144c041e2835b426", + "http.request.uri.query.parameter": "i=6df0c6942dd75642f5c82ec5ab48bfa7", + "http.request.uri.query.parameter": "auth=5039e0ce13bada621e73e68fb03db3dd8acb90fc" + } + }, + "http.request.version": "HTTP\/1.1" + }, + "http.host": "diagnostics.meethue.com:80", + "http.request.line": "Host: diagnostics.meethue.com:80\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "http.transfer_encoding": "chunked", + "http.request.line": "Transfer-encoding: chunked\r\n", + "http.content_type": "text\/plain", + "http.request.line": "Content-Type: text\/plain\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/diagnostics.meethue.com:80\/bridges\/ws\/stats?sso=91c2b44e0cc2e21ed49576ab6732c15b5c8a86e5f4211feb4a1e9a086dddf9d2663e7c6b035a33b43dd98c6168842c6bbed4f84f8ba27cb6e6593dc3de07a29002376b78919d61037f81bf591a3d825eaf9780c18cd071843edf0acc12424406efdbb370b3f92966ec9b644d21bdbe1d97ed284a1c55b7ce20af917d169024c25b63f32e47e3a70147e5f27abf07b9647c72dc510997a9c3db0efa10d94e61275870d3bfa2d9673457c949f09611f46158a388ebd106ea43144c041e2835b426&i=6df0c6942dd75642f5c82ec5ab48bfa7&auth=5039e0ce13bada621e73e68fb03db3dd8acb90fc", + "http.request": "1", + "http.request_number": "1", + "HTTP chunked response": { + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "61:36:65:34:62:38:34:63:65:39:61:31:32:34:39:64:38:61:36:35:61:34:38:33:37:66:64:64:64:36:61:37", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "63:33:63:61:34:32:38:61:36:39:30:30:36:66:32:34:35:63:64:36:33:66:33:32:37:34:36:36:61:38:62:65", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "39:62:33:63:37:39:33:30:61:63:33:63:64:37:39:65:39:36:64:61:36:32:35:35:33:32:34:31:66:65:35:33", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "39:62:35:64:30:38:65:35:66:30:33:65:62:33:65:35:39:37:36:33:38:33:31:36:32:36:66:30:35:33:63:32", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "64:66:33:31:65:64:35:36:36:35:34:65:33:33:32:65:66:33:65:66:30:31:38:30:65:32:38:32:64:30:30:39", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "38:32:65:61:36:65:30:34:64:61:61:38:62:62:39:38:37:33:32:31:63:66:63:34:62:35:65:65:32:63:36:30", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "65:38:66:65:33:66:62:34:31:66:37:64:36:62:66:65:62:31:63:65:30:37:30:32:33:39:31:66:31:33:65:33", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "64:62:36:63:37:32:35:37:33:34:35:31:32:64:33:38:35:36:34:63:37:63:65:37:66:34:37:34:38:62:32:30", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "64:30:34:38:66:33:34:65:30:37:32:65:31:63:37:30:65:37:61:35:39:37:38:63:35:32:38:30:37:34:39:30", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "34:31:30:32:32:30:33:30:63:37:61:66:35:36:66:63:61:61:37:34:63:38:31:31:66:33:38:66:38:63:63:64", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "65:38:33:31:34:37:66:32:33:35:61:35:61:38:63:61:65:64:38:31:37:32:66:61:39:32:36:61:64:37:34:61", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "66:36:64:38:31:62:64:61:37:39:61:64:36:65:64:38:61:64:61:37:39:62:65:66:31:34:39:30:30:63:36:39", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "35:33:63:65:30:62:33:63:35:33:66:65:66:38:64:65:33:36:39:35:63:61:36:31:31:65:63:39:63:36:65:63", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "31:64:61:30:30:33:65:36:65:63:34:65:61:62:31:32:32:32:31:63:32:66:30:66:36:33:64:36:30:32:34:35", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "65:33:37:64:64:36:33:66:34:61:37:35:35:31:33:31:32:39:32:61:65:36:63:64:66:64:64:32:37:66:36:63", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "30:36:65:32:63:32:66:65:61:39:31:37:66:62:65:36:35:34:34:37:31:36:37:66:64:65:64:34:35:62:31:65", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "32:30:32:34:62:33:36:62:32:34:34:66:64:39:34:35:62:37:38:31:62:39:36:63:34:30:39:64:32:64:36:31", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "64:66:65:37:32:38:33:61:32:36:37:39:63:37:37:32:39:30:65:66:61:62:35:35:34:33:65:38:37:35:64:62", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "34:33:38:63:32:38:30:39:32:65:38:65:30:62:31:33:63:38:32:37:38:34:34:36:31:36:64:65:64:32:65:30", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "61:65:63:37:33:36:32:35:33:31:37:32:38:37:61:35:66:38:39:30:34:37:65:39:31:38:30:65:66:37:31:64", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "30:37:39:34:33:30:36:31:62:39:35:31:66:30:61:64:65:39:64:66:61:66:33:30:34:36:65:36:36:61:63:64", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "65:34:65:37:38:39:37:62:64:33:33:66:64:66:62:37:64:62:65:36:30:61:61:33:66:62:63:36:36:66:35:62", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "64:66:64:36:34:66:39:36:35:39:61:62:38:32:35:32:64:61:36:33:34:65:39:66:66:38:63:34:66:61:63:62", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "65:30:32:61:38:37:30:35:34:32:39:30:36:32:36:30:34:37:65:66:62:61:34:32:62:38:37:39:35:34:61:61", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "63:63:61:63:36:30:33:63:65:61:63:64:38:38:62:62:34:34:32:34:66:63:66:31:37:33:34:36:62:31:64:35", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "33:65:66:35:61:34:61:38:30:32:36:64:30:37:63:36:63:31:36:37:62:30:32:33:32:62:39:64:65:33:32:34", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "65:33:64:34:34:66:37:30:64:62:31:33:36:65:30:63:35:32:37:36:39:37:34:31:66:36:36:63:37:64:63:37", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "66:32:37:33:37:37:63:31:33:38:65:30:33:66:39:30:31:39:31:63:64:34:64:30:64:38:35:66:62:35:30:35", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "Data chunk (32 octets)": { + "http.chunk_size": "32", + "data": { + "data.data": "38:61:35:35:39:35:33:34:33:36:33:37:32:34:64:35:39:61:31:37:32:32:31:32:62:33:37:30:30:63:35:38", + "data.len": "32" + }, + "http.chunk_boundary": "0d:0a" + }, + "End of chunked encoding": { + "http.chunk_size": "0" + }, + "\\r\\n": "" + }, + "http.file_data": "a6e4b84ce9a1249d8a65a4837fddd6a7c3ca428a69006f245cd63f327466a8be9b3c7930ac3cd79e96da62553241fe539b5d08e5f03eb3e59763831626f053c2df31ed56654e332ef3ef0180e282d00982ea6e04daa8bb987321cfc4b5ee2c60e8fe3fb41f7d6bfeb1ce0702391f13e3db6c725734512d38564c7ce7f4748b20d048f34e072e1c70e7a5978c5280749041022030c7af56fcaa74c811f38f8ccde83147f235a5a8caed8172fa926ad74af6d81bda79ad6ed8ada79bef14900c6953ce0b3c53fef8de3695ca611ec9c6ec1da003e6ec4eab12221c2f0f63d60245e37dd63f4a755131292ae6cdfdd27f6c06e2c2fea917fbe65447167fded45b1e2024b36b244fd945b781b96c409d2d61dfe7283a2679c77290efab5543e875db438c28092e8e0b13c827844616ded2e0aec73625317287a5f89047e9180ef71d07943061b951f0ade9dfaf3046e66acde4e7897bd33fdfb7dbe60aa3fbc66f5bdfd64f9659ab8252da634e9ff8c4facbe02a87054290626047efba42b87954aaccac603ceacd88bb4424fcf17346b1d53ef5a4a8026d07c6c167b0232b9de324e3d44f70db136e0c52769741f66c7dc7f27377c138e03f90191cd4d0d85fb5058a559534363724d59a172212b3700c58" + }, + "data-text-lines": { + " [truncated]a6e4b84ce9a1249d8a65a4837fddd6a7c3ca428a69006f245cd63f327466a8be9b3c7930ac3cd79e96da62553241fe539b5d08e5f03eb3e59763831626f053c2df31ed56654e332ef3ef0180e282d00982ea6e04daa8bb987321cfc4b5ee2c60e8fe3fb41f7d6bfeb1ce0702391f13e3db6": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:37.892261000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496177.892261000", + "frame.time_delta": "0.003902000", + "frame.time_delta_displayed": "0.003902000", + "frame.time_relative": "2586.431575000", + "frame.number": "9145", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002061", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000a247", + "ip.checksum.status": "2", + "ip.src": "130.211.67.12", + "ip.addr": "130.211.67.12", + "ip.src_host": "130.211.67.12", + "ip.host": "130.211.67.12", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "46284", + "tcp.port": "80", + "tcp.port": "46284", + "tcp.stream": "353", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1426", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "245", + "tcp.window_size": "31360", + "tcp.window_size_scalefactor": "128", + "tcp.checksum": "0x00005dee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9142", + "tcp.analysis.ack_rtt": "0.145668000", + "tcp.analysis.initial_rtt": "0.143970000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:38.032418000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496178.032418000", + "frame.time_delta": "0.140157000", + "frame.time_delta_displayed": "0.140157000", + "frame.time_relative": "2586.571732000", + "frame.number": "9146", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002062", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000a246", + "ip.checksum.status": "2", + "ip.src": "130.211.67.12", + "ip.addr": "130.211.67.12", + "ip.src_host": "130.211.67.12", + "ip.host": "130.211.67.12", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "46284", + "tcp.port": "80", + "tcp.port": "46284", + "tcp.stream": "353", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1720", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "267", + "tcp.window_size": "34176", + "tcp.window_size_scalefactor": "128", + "tcp.checksum": "0x00005cb2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9144", + "tcp.analysis.ack_rtt": "0.144059000", + "tcp.analysis.initial_rtt": "0.143970000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:38.095769000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496178.095769000", + "frame.time_delta": "0.063351000", + "frame.time_delta_displayed": "0.063351000", + "frame.time_relative": "2586.635083000", + "frame.number": "9147", + "frame.len": "231", + "frame.cap_len": "231", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "217", + "ip.id": "0x00002063", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000a194", + "ip.checksum.status": "2", + "ip.src": "130.211.67.12", + "ip.addr": "130.211.67.12", + "ip.src_host": "130.211.67.12", + "ip.host": "130.211.67.12", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "46284", + "tcp.port": "80", + "tcp.port": "46284", + "tcp.stream": "353", + "tcp.len": "177", + "tcp.seq": "1", + "tcp.nxtseq": "178", + "tcp.ack": "1720", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "267", + "tcp.window_size": "34176", + "tcp.window_size_scalefactor": "128", + "tcp.checksum": "0x0000ad4a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.143970000", + "tcp.analysis.bytes_in_flight": "177", + "tcp.analysis.push_bytes_sent": "177" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.content_type": "text\/html; charset=utf-8", + "http.response.line": "Content-Type: text\/html; charset=utf-8\r\n", + "http.content_length_header": "2", + "http.content_length_header_tree": { + "http.content_length": "2" + }, + "http.response.line": "Content-Length: 2\r\n", + "http.response.line": "ETag: W\/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\n", + "http.date": "Wed, 01 Nov 2017 00:29:38 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:29:38 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.207410000", + "http.request_in": "9144", + "http.file_data": "OK" + }, + "data-text-lines": { + "OK": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:38.095855000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496178.095855000", + "frame.time_delta": "0.000086000", + "frame.time_delta_displayed": "0.000086000", + "frame.time_relative": "2586.635169000", + "frame.number": "9148", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002064", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000a244", + "ip.checksum.status": "2", + "ip.src": "130.211.67.12", + "ip.addr": "130.211.67.12", + "ip.src_host": "130.211.67.12", + "ip.host": "130.211.67.12", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "46284", + "tcp.port": "80", + "tcp.port": "46284", + "tcp.stream": "353", + "tcp.len": "0", + "tcp.seq": "178", + "tcp.ack": "1720", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "267", + "tcp.window_size": "34176", + "tcp.window_size_scalefactor": "128", + "tcp.checksum": "0x00005c00", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:38.096554000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496178.096554000", + "frame.time_delta": "0.000699000", + "frame.time_delta_displayed": "0.000699000", + "frame.time_relative": "2586.635868000", + "frame.number": "9149", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006b8b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000481d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "130.211.67.12", + "ip.addr": "130.211.67.12", + "ip.dst_host": "130.211.67.12", + "ip.host": "130.211.67.12", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "46284", + "tcp.dstport": "80", + "tcp.port": "46284", + "tcp.port": "80", + "tcp.stream": "353", + "tcp.len": "0", + "tcp.seq": "1720", + "tcp.ack": "178", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004e44", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9147", + "tcp.analysis.ack_rtt": "0.000785000", + "tcp.analysis.initial_rtt": "0.143970000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:38.097216000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496178.097216000", + "frame.time_delta": "0.000662000", + "frame.time_delta_displayed": "0.000662000", + "frame.time_relative": "2586.636530000", + "frame.number": "9150", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00006b8c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000481c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "130.211.67.12", + "ip.addr": "130.211.67.12", + "ip.dst_host": "130.211.67.12", + "ip.host": "130.211.67.12", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "46284", + "tcp.dstport": "80", + "tcp.port": "46284", + "tcp.port": "80", + "tcp.stream": "353", + "tcp.len": "0", + "tcp.seq": "1720", + "tcp.ack": "179", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "3784", + "tcp.window_size": "30272", + "tcp.window_size_scalefactor": "8", + "tcp.checksum": "0x00004e42", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9148", + "tcp.analysis.ack_rtt": "0.001361000", + "tcp.analysis.initial_rtt": "0.143970000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:38.254383000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496178.254383000", + "frame.time_delta": "0.157167000", + "frame.time_delta_displayed": "0.157167000", + "frame.time_relative": "2586.793697000", + "frame.number": "9151", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00002065", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000a243", + "ip.checksum.status": "2", + "ip.src": "130.211.67.12", + "ip.addr": "130.211.67.12", + "ip.src_host": "130.211.67.12", + "ip.host": "130.211.67.12", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "46284", + "tcp.port": "80", + "tcp.port": "46284", + "tcp.stream": "353", + "tcp.len": "0", + "tcp.seq": "179", + "tcp.ack": "1721", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "267", + "tcp.window_size": "34176", + "tcp.window_size_scalefactor": "128", + "tcp.checksum": "0x00005bff", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9150", + "tcp.analysis.ack_rtt": "0.157167000", + "tcp.analysis.initial_rtt": "0.143970000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:38.380329000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496178.380329000", + "frame.time_delta": "0.125946000", + "frame.time_delta_displayed": "0.125946000", + "frame.time_relative": "2586.919643000", + "frame.number": "9152", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000da06", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dd44", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "305", + "udp.checksum": "0x0000e4ae", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "4", + "http.prev_response_in": "9134" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:38.491932000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496178.491932000", + "frame.time_delta": "0.111603000", + "frame.time_delta_displayed": "0.111603000", + "frame.time_relative": "2587.031246000", + "frame.number": "9153", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000da08", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dd39", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "314", + "udp.checksum": "0x0000f299", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "5", + "http.prev_response_in": "9152" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:38.491944000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496178.491944000", + "frame.time_delta": "0.000012000", + "frame.time_delta_displayed": "0.000012000", + "frame.time_relative": "2587.031258000", + "frame.number": "9154", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000da09", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dd3e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "308", + "udp.checksum": "0x00001624", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "6", + "http.prev_response_in": "9153" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:38.560174000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496178.560174000", + "frame.time_delta": "0.068230000", + "frame.time_delta_displayed": "0.068230000", + "frame.time_relative": "2587.099488000", + "frame.number": "9155", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.242" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:38.560595000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496178.560595000", + "frame.time_delta": "0.000421000", + "frame.time_delta_displayed": "0.000421000", + "frame.time_relative": "2587.099909000", + "frame.number": "9156", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "d0:52:a8:a3:60:0f", + "arp.src.proto_ipv4": "192.168.0.242", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:38.592639000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496178.592639000", + "frame.time_delta": "0.032044000", + "frame.time_delta_displayed": "0.032044000", + "frame.time_relative": "2587.131953000", + "frame.number": "9157", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000e612", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d2a7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "33609", + "udp.dstport": "53", + "udp.port": "33609", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x000032b9", + "udp.checksum.status": "2", + "udp.stream": "166" + }, + "dns": { + "dns.id": "0x00000f3b", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:38.593256000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496178.593256000", + "frame.time_delta": "0.000617000", + "frame.time_delta_displayed": "0.000617000", + "frame.time_relative": "2587.132570000", + "frame.number": "9158", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000cd69", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000eb50", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "33609", + "udp.port": "53", + "udp.port": "33609", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "166" + }, + "dns": { + "dns.response_to": "9157", + "dns.time": "0.000617000", + "dns.id": "0x00000f3b", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:38.594091000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496178.594091000", + "frame.time_delta": "0.000835000", + "frame.time_delta_displayed": "0.000835000", + "frame.time_relative": "2587.133405000", + "frame.number": "9159", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000e613", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d2a6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "37240", + "udp.dstport": "53", + "udp.port": "37240", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00003f89", + "udp.checksum.status": "2", + "udp.stream": "167" + }, + "dns": { + "dns.id": "0x00000f3c", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:38.594520000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496178.594520000", + "frame.time_delta": "0.000429000", + "frame.time_delta_displayed": "0.000429000", + "frame.time_relative": "2587.133834000", + "frame.number": "9160", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x0000cd6a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000eb3f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "37240", + "udp.port": "53", + "udp.port": "37240", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "167" + }, + "dns": { + "dns.response_to": "9159", + "dns.time": "0.000429000", + "dns.id": "0x00000f3c", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1199", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:38.595290000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496178.595290000", + "frame.time_delta": "0.000770000", + "frame.time_delta_displayed": "0.000770000", + "frame.time_relative": "2587.134604000", + "frame.number": "9161", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x0000f0aa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004525", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35314", + "tcp.dstport": "80", + "tcp.port": "35314", + "tcp.port": "80", + "tcp.stream": "354", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000085a0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:38.672846000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496178.672846000", + "frame.time_delta": "0.077556000", + "frame.time_delta_displayed": "0.077556000", + "frame.time_relative": "2587.212160000", + "frame.number": "9162", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x0000213a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6da", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57452", + "udp.dstport": "1900", + "udp.port": "57452", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x000069f1", + "udp.checksum.status": "2", + "udp.stream": "163" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "3", + "http.prev_request_in": "9138" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:38.731861000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496178.731861000", + "frame.time_delta": "0.059015000", + "frame.time_delta_displayed": "0.059015000", + "frame.time_relative": "2587.271175000", + "frame.number": "9163", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x00001673", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00007460", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35314", + "tcp.port": "80", + "tcp.port": "35314", + "tcp.stream": "354", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x0000ade0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "9161", + "tcp.analysis.ack_rtt": "0.136571000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:38.732388000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496178.732388000", + "frame.time_delta": "0.000527000", + "frame.time_delta_displayed": "0.000527000", + "frame.time_relative": "2587.271702000", + "frame.number": "9164", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f0ab", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00004530", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35314", + "tcp.dstport": "80", + "tcp.port": "35314", + "tcp.port": "80", + "tcp.stream": "354", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000776f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9163", + "tcp.analysis.ack_rtt": "0.000527000", + "tcp.analysis.initial_rtt": "0.137098000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:38.732402000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496178.732402000", + "frame.time_delta": "0.000014000", + "frame.time_delta_displayed": "0.000014000", + "frame.time_relative": "2587.271716000", + "frame.number": "9165", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x0000f0ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000042d7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35314", + "tcp.dstport": "80", + "tcp.port": "35314", + "tcp.port": "80", + "tcp.stream": "354", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00000bf6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137098000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:32:30:30:22:2c:20:4e:6f:6e:63:65:3d:22:51:35:55:43:63:76:7a:54:68:68:6d:39:49:4e:55:49:65:31:6e:6f:53:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:45:55:6a:55:42:31:68:53:30:48:4a:37:62:4d:57:58:48:38:70:43:36:51:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:33:32:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:38.869634000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496178.869634000", + "frame.time_delta": "0.137232000", + "frame.time_delta_displayed": "0.137232000", + "frame.time_relative": "2587.408948000", + "frame.number": "9166", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005079", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00003a62", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35314", + "tcp.port": "80", + "tcp.port": "35314", + "tcp.stream": "354", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000d4a3", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9165", + "tcp.analysis.ack_rtt": "0.137232000", + "tcp.analysis.initial_rtt": "0.137098000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:38.870265000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496178.870265000", + "frame.time_delta": "0.000631000", + "frame.time_delta_displayed": "0.000631000", + "frame.time_relative": "2587.409579000", + "frame.number": "9167", + "frame.len": "1382", + "frame.cap_len": "1382", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1368", + "ip.id": "0x0000f0ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003ffe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35314", + "tcp.dstport": "80", + "tcp.port": "35314", + "tcp.port": "80", + "tcp.stream": "354", + "tcp.len": "1328", + "tcp.seq": "601", + "tcp.nxtseq": "1929", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000eaa7", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137098000", + "tcp.analysis.bytes_in_flight": "1328", + "tcp.analysis.push_bytes_sent": "1328" + }, + "tcp.segment_data": "d3:45:ca:b9:62:f3:cf:3c:7b:0a:12:aa:f4:48:e8:93:07:3d:9b:db:94:e9:54:69:30:68:a7:28:24:0b:18:00:bd:ba:0b:7b:b4:2d:21:6c:c5:d7:5d:d3:a1:31:cb:d7:57:7d:54:4e:91:8c:5c:b7:3f:9f:d1:96:35:17:05:1a:d5:30:f6:33:c6:8b:26:9c:74:5a:77:f7:47:b0:6b:3d:6f:9d:b9:8b:39:d4:29:c1:44:0b:62:28:f8:5e:d6:e7:9b:18:79:6b:e6:04:51:c2:bb:44:e4:bc:10:82:06:29:b8:70:23:82:82:64:fa:2b:d9:aa:c8:f9:cb:db:3d:a3:03:d9:f4:42:3e:ca:c9:51:69:72:b8:62:17:ed:fe:75:58:b6:5b:15:98:10:0e:91:38:f8:09:28:a0:9a:78:bc:d3:aa:a1:03:b4:78:c7:84:54:53:59:85:9c:3a:82:91:fd:9f:84:07:2d:69:c4:4e:12:0a:81:72:da:7c:aa:11:48:22:c0:0a:1f:88:b3:21:c5:a3:0c:9e:d6:1f:ec:94:4e:99:5c:c7:d9:14:44:8f:60:07:24:ee:3a:45:b1:f0:7a:5b:73:06:fe:65:2b:e8:ab:ea:19:e7:79:c9:3d:80:8b:17:aa:ca:03:96:98:7e:ea:39:1d:1c:ed:aa:b2:52:cf:ba:55:fb:5c:db:16:0c:6f:75:12:65:8c:1a:32:73:7e:24:22:b7:9a:a5:5b:ff:0d:82:8c:b8:42:5d:01:18:09:5b:4b:47:9b:68:ae:64:30:a7:d5:89:39:fa:1f:f1:16:0d:62:79:c8:5c:2f:13:76:db:1e:4f:ed:c2:e1:c8:26:02:27:a6:ad:01:55:06:d4:d9:26:69:2d:83:12:c8:27:fb:93:92:63:4e:dc:ba:9c:ad:1a:6f:c9:94:fb:ca:45:d0:6b:6b:e5:81:ea:41:9e:c4:88:e9:fa:8b:b9:20:f5:21:f5:d9:a5:54:dc:d2:33:8e:51:ce:ec:e5:e1:47:3b:96:f6:43:6f:93:c7:de:87:e4:7b:e3:75:bf:64:eb:f8:29:70:4e:38:b8:60:fc:6d:a4:ba:82:97:6a:85:d4:df:f2:65:ae:03:e1:25:7a:44:01:44:20:c3:9f:d8:9d:5c:83:59:45:bb:07:38:22:73:b6:ce:02:25:69:c6:ee:0b:b1:78:d8:7d:72:42:89:c1:a1:f3:df:98:fb:4d:0d:43:5a:e3:03:6f:95:64:23:50:f4:e5:f0:83:c2:1b:98:5e:2a:6d:84:0c:42:9d:f7:37:8e:ea:9c:dc:5f:f8:4f:da:ce:69:2a:a3:8f:ef:84:23:b3:50:c1:f4:46:a0:2a:99:c9:42:8e:e4:22:ed:fe:dc:31:03:1a:32:52:2b:9f:f7:bf:f0:82:15:bb:df:59:3a:e7:41:f0:f1:16:2f:dc:76:50:25:ce:28:f3:d8:6c:75:44:f8:d3:0f:50:01:bd:6f:e9:da:bd:e6:18:e5:89:47:ab:5e:63:29:ba:4e:97:83:f9:8d:f7:e0:62:ca:00:76:fe:9d:dd:e3:5e:94:4d:be:6d:35:ea:63:de:46:17:91:b7:fe:9a:67:37:08:df:f9:16:22:ae:a3:53:d6:47:d3:c0:1b:f7:44:2a:76:39:72:34:64:32:51:a3:23:e9:30:b7:5a:5a:1e:8f:22:97:10:73:91:44:ca:91:5a:dc:da:a5:17:cc:3b:87:7c:c9:7a:02:e3:ee:e6:20:bc:26:c7:cf:f2:b7:9f:54:8d:d4:cb:31:fe:af:bb:5d:ca:e9:ac:8e:9c:3d:b0:35:3f:d1:ed:3f:1f:08:de:29:c1:9f:8e:8c:44:13:fa:9b:a2:9c:84:4a:db:61:70:b2:ee:3a:cd:5c:43:ee:54:5a:71:5f:00:03:66:3e:1a:72:06:ff:6f:2a:10:53:15:25:5e:24:08:0a:e4:89:9a:d9:6e:0b:7b:de:33:e0:15:b8:86:9f:76:5c:36:c2:a7:23:66:8f:ca:25:97:5c:84:90:b0:c2:a3:e2:6d:2e:9e:e7:94:6e:b8:93:62:03:e1:e5:16:6c:bf:36:63:f6:54:b2:96:08:17:ef:a5:d8:a2:36:58:8f:54:40:c8:4e:63:0e:03:1a:9c:65:11:dc:dd:a7:11:49:95:7a:1e:97:e5:52:75:bc:e6:e5:63:bc:be:f4:59:77:e4:c0:5e:9f:34:04:08:92:73:75:34:09:5f:7d:b2:cd:ac:15:59:4d:68:5a:11:32:7d:98:4f:2e:73:f7:f5:88:f0:51:1c:df:f9:1e:f8:d7:f4:11:b3:e1:38:21:7f:2e:fa:30:7e:4d:8c:ea:bb:58:a4:96:17:d8:98:c2:fa:4c:7e:8c:29:0e:31:b1:49:2a:06:e3:8f:85:a9:59:17:c1:02:e2:1f:97:f3:5b:4f:83:76:7a:9d:03:00:c3:c6:26:eb:95:6b:bf:e1:5d:de:c3:11:ec:45:23:ee:33:a4:39:f1:dd:f7:e7:64:2c:7a:01:8d:ae:71:a6:55:7f:5f:21:17:e2:bf:ae:dc:d2:38:aa:96:17:bf:9c:51:86:54:1a:9c:73:a1:70:de:06:2a:d3:c0:fb:e0:93:8a:49:73:3c:ae:3e:68:ee:bf:90:b3:ee:6c:5b:db:64:d9:6d:35:93:69:8e:9a:81:b5:06:0d:32:67:d9:e9:16:d8:ee:cf:48:c6:04:17:ae:73:bb:70:bf:f4:f8:10:05:2f:5a:57:63:1f:ab:55:06:cf:24:28:87:4b:9c:41:0d:3d:b6:ea:53:0f:a1:78:6e:e5:ed:fb:0c:dc:fa:6e:fe:3c:6d:c5:5d:d0:82:a9:f4:d5:a6:eb:54:08:a6:5b:a1:41:d5:02:94:4e:9d:a5:06:1b:99:c7:7e:d8:29:f4:c8:60:11:d6:a4:0e:f4:b0:b5:22:40:65:71:80:5f:4a:74:b3:bb:e3:b1:d9:e8:a6:b5:22:c9:a5:55:fe:9e:bf:2e:a0:1f:54:7f:8e:67:d7:13:76:8f:85:6e:0f:74:49:73:48:0c:0f:98:d6:d9:8e:25:99:36:2a:e2:d9:3d:1d:63:cc:bd:53:66:7c:43:50:ea:d7:3e:26:14:78:77:e0:91:01:b1:9c:31:3f:4a:af:7e:14:43:ca:ed:2b:f7:fb:9b:df:a5:82:aa:28:07:29:d7:50:6f:c5:f0:5b:1a:ea:47:1e:ad:65:4a:f4:f7:dd:9a:31:b4:cc:e7:82:3c:6e:1d:a2:a0:0a:fa:5d:74:0e:ce:7c:47:28:f7:ee:83:4d:59:46:b5:6d:93:54:79:a7:38:d3:df:e0:6f:36:9b:c8:06:ef:67:0a:f1:74:60:c2:cd:3e:a4:30:fe:db:57:2a:31:cb:73:be:73:fe:6b:34:01:7c:b1:f2:c2:02:26:9c:63:4f:8c:37:26:53:13:9b:88:a8:83:a2:15:d8:25:ed:46:f6:b9:e8:22:e8:f6:1e:fa:96:9e:fd:de:61:7e:d4:01:5d:cb:75:3c" + }, + "tcp.segments": { + "tcp.segment": "9165", + "tcp.segment": "9167", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1928", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:32:30:30:22:2c:20:4e:6f:6e:63:65:3d:22:51:35:55:43:63:76:7a:54:68:68:6d:39:49:4e:55:49:65:31:6e:6f:53:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:45:55:6a:55:42:31:68:53:30:48:4a:37:62:4d:57:58:48:38:70:43:36:51:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:33:32:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:d3:45:ca:b9:62:f3:cf:3c:7b:0a:12:aa:f4:48:e8:93:07:3d:9b:db:94:e9:54:69:30:68:a7:28:24:0b:18:00:bd:ba:0b:7b:b4:2d:21:6c:c5:d7:5d:d3:a1:31:cb:d7:57:7d:54:4e:91:8c:5c:b7:3f:9f:d1:96:35:17:05:1a:d5:30:f6:33:c6:8b:26:9c:74:5a:77:f7:47:b0:6b:3d:6f:9d:b9:8b:39:d4:29:c1:44:0b:62:28:f8:5e:d6:e7:9b:18:79:6b:e6:04:51:c2:bb:44:e4:bc:10:82:06:29:b8:70:23:82:82:64:fa:2b:d9:aa:c8:f9:cb:db:3d:a3:03:d9:f4:42:3e:ca:c9:51:69:72:b8:62:17:ed:fe:75:58:b6:5b:15:98:10:0e:91:38:f8:09:28:a0:9a:78:bc:d3:aa:a1:03:b4:78:c7:84:54:53:59:85:9c:3a:82:91:fd:9f:84:07:2d:69:c4:4e:12:0a:81:72:da:7c:aa:11:48:22:c0:0a:1f:88:b3:21:c5:a3:0c:9e:d6:1f:ec:94:4e:99:5c:c7:d9:14:44:8f:60:07:24:ee:3a:45:b1:f0:7a:5b:73:06:fe:65:2b:e8:ab:ea:19:e7:79:c9:3d:80:8b:17:aa:ca:03:96:98:7e:ea:39:1d:1c:ed:aa:b2:52:cf:ba:55:fb:5c:db:16:0c:6f:75:12:65:8c:1a:32:73:7e:24:22:b7:9a:a5:5b:ff:0d:82:8c:b8:42:5d:01:18:09:5b:4b:47:9b:68:ae:64:30:a7:d5:89:39:fa:1f:f1:16:0d:62:79:c8:5c:2f:13:76:db:1e:4f:ed:c2:e1:c8:26:02:27:a6:ad:01:55:06:d4:d9:26:69:2d:83:12:c8:27:fb:93:92:63:4e:dc:ba:9c:ad:1a:6f:c9:94:fb:ca:45:d0:6b:6b:e5:81:ea:41:9e:c4:88:e9:fa:8b:b9:20:f5:21:f5:d9:a5:54:dc:d2:33:8e:51:ce:ec:e5:e1:47:3b:96:f6:43:6f:93:c7:de:87:e4:7b:e3:75:bf:64:eb:f8:29:70:4e:38:b8:60:fc:6d:a4:ba:82:97:6a:85:d4:df:f2:65:ae:03:e1:25:7a:44:01:44:20:c3:9f:d8:9d:5c:83:59:45:bb:07:38:22:73:b6:ce:02:25:69:c6:ee:0b:b1:78:d8:7d:72:42:89:c1:a1:f3:df:98:fb:4d:0d:43:5a:e3:03:6f:95:64:23:50:f4:e5:f0:83:c2:1b:98:5e:2a:6d:84:0c:42:9d:f7:37:8e:ea:9c:dc:5f:f8:4f:da:ce:69:2a:a3:8f:ef:84:23:b3:50:c1:f4:46:a0:2a:99:c9:42:8e:e4:22:ed:fe:dc:31:03:1a:32:52:2b:9f:f7:bf:f0:82:15:bb:df:59:3a:e7:41:f0:f1:16:2f:dc:76:50:25:ce:28:f3:d8:6c:75:44:f8:d3:0f:50:01:bd:6f:e9:da:bd:e6:18:e5:89:47:ab:5e:63:29:ba:4e:97:83:f9:8d:f7:e0:62:ca:00:76:fe:9d:dd:e3:5e:94:4d:be:6d:35:ea:63:de:46:17:91:b7:fe:9a:67:37:08:df:f9:16:22:ae:a3:53:d6:47:d3:c0:1b:f7:44:2a:76:39:72:34:64:32:51:a3:23:e9:30:b7:5a:5a:1e:8f:22:97:10:73:91:44:ca:91:5a:dc:da:a5:17:cc:3b:87:7c:c9:7a:02:e3:ee:e6:20:bc:26:c7:cf:f2:b7:9f:54:8d:d4:cb:31:fe:af:bb:5d:ca:e9:ac:8e:9c:3d:b0:35:3f:d1:ed:3f:1f:08:de:29:c1:9f:8e:8c:44:13:fa:9b:a2:9c:84:4a:db:61:70:b2:ee:3a:cd:5c:43:ee:54:5a:71:5f:00:03:66:3e:1a:72:06:ff:6f:2a:10:53:15:25:5e:24:08:0a:e4:89:9a:d9:6e:0b:7b:de:33:e0:15:b8:86:9f:76:5c:36:c2:a7:23:66:8f:ca:25:97:5c:84:90:b0:c2:a3:e2:6d:2e:9e:e7:94:6e:b8:93:62:03:e1:e5:16:6c:bf:36:63:f6:54:b2:96:08:17:ef:a5:d8:a2:36:58:8f:54:40:c8:4e:63:0e:03:1a:9c:65:11:dc:dd:a7:11:49:95:7a:1e:97:e5:52:75:bc:e6:e5:63:bc:be:f4:59:77:e4:c0:5e:9f:34:04:08:92:73:75:34:09:5f:7d:b2:cd:ac:15:59:4d:68:5a:11:32:7d:98:4f:2e:73:f7:f5:88:f0:51:1c:df:f9:1e:f8:d7:f4:11:b3:e1:38:21:7f:2e:fa:30:7e:4d:8c:ea:bb:58:a4:96:17:d8:98:c2:fa:4c:7e:8c:29:0e:31:b1:49:2a:06:e3:8f:85:a9:59:17:c1:02:e2:1f:97:f3:5b:4f:83:76:7a:9d:03:00:c3:c6:26:eb:95:6b:bf:e1:5d:de:c3:11:ec:45:23:ee:33:a4:39:f1:dd:f7:e7:64:2c:7a:01:8d:ae:71:a6:55:7f:5f:21:17:e2:bf:ae:dc:d2:38:aa:96:17:bf:9c:51:86:54:1a:9c:73:a1:70:de:06:2a:d3:c0:fb:e0:93:8a:49:73:3c:ae:3e:68:ee:bf:90:b3:ee:6c:5b:db:64:d9:6d:35:93:69:8e:9a:81:b5:06:0d:32:67:d9:e9:16:d8:ee:cf:48:c6:04:17:ae:73:bb:70:bf:f4:f8:10:05:2f:5a:57:63:1f:ab:55:06:cf:24:28:87:4b:9c:41:0d:3d:b6:ea:53:0f:a1:78:6e:e5:ed:fb:0c:dc:fa:6e:fe:3c:6d:c5:5d:d0:82:a9:f4:d5:a6:eb:54:08:a6:5b:a1:41:d5:02:94:4e:9d:a5:06:1b:99:c7:7e:d8:29:f4:c8:60:11:d6:a4:0e:f4:b0:b5:22:40:65:71:80:5f:4a:74:b3:bb:e3:b1:d9:e8:a6:b5:22:c9:a5:55:fe:9e:bf:2e:a0:1f:54:7f:8e:67:d7:13:76:8f:85:6e:0f:74:49:73:48:0c:0f:98:d6:d9:8e:25:99:36:2a:e2:d9:3d:1d:63:cc:bd:53:66:7c:43:50:ea:d7:3e:26:14:78:77:e0:91:01:b1:9c:31:3f:4a:af:7e:14:43:ca:ed:2b:f7:fb:9b:df:a5:82:aa:28:07:29:d7:50:6f:c5:f0:5b:1a:ea:47:1e:ad:65:4a:f4:f7:dd:9a:31:b4:cc:e7:82:3c:6e:1d:a2:a0:0a:fa:5d:74:0e:ce:7c:47:28:f7:ee:83:4d:59:46:b5:6d:93:54:79:a7:38:d3:df:e0:6f:36:9b:c8:06:ef:67:0a:f1:74:60:c2:cd:3e:a4:30:fe:db:57:2a:31:cb:73:be:73:fe:6b:34:01:7c:b1:f2:c2:02:26:9c:63:4f:8c:37:26:53:13:9b:88:a8:83:a2:15:d8:25:ed:46:f6:b9:e8:22:e8:f6:1e:fa:96:9e:fd:de:61:7e:d4:01:5d:cb:75:3c" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"200\", Nonce=\"Q5UCcvzThhm9INUIe1noSg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"EUjUB1hS0HJ7bMWXH8pC6Q==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"200\", Nonce=\"Q5UCcvzThhm9INUIe1noSg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"EUjUB1hS0HJ7bMWXH8pC6Q==\"\r\n", + "http.content_length_header": "1328 ", + "http.content_length_header_tree": { + "http.content_length": "1328" + }, + "http.request.line": "Content-Length: 1328 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "\u00ef\u00bf\u00bdE\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdb\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd<{\n\u0012\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdH\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0007=\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdTi0h\u00ef\u00bf\u00bd($\u000b\u0018" + }, + "media": { + "media.type": "d3:45:ca:b9:62:f3:cf:3c:7b:0a:12:aa:f4:48:e8:93:07:3d:9b:db:94:e9:54:69:30:68:a7:28:24:0b:18:00:bd:ba:0b:7b:b4:2d:21:6c:c5:d7:5d:d3:a1:31:cb:d7:57:7d:54:4e:91:8c:5c:b7:3f:9f:d1:96:35:17:05:1a:d5:30:f6:33:c6:8b:26:9c:74:5a:77:f7:47:b0:6b:3d:6f:9d:b9:8b:39:d4:29:c1:44:0b:62:28:f8:5e:d6:e7:9b:18:79:6b:e6:04:51:c2:bb:44:e4:bc:10:82:06:29:b8:70:23:82:82:64:fa:2b:d9:aa:c8:f9:cb:db:3d:a3:03:d9:f4:42:3e:ca:c9:51:69:72:b8:62:17:ed:fe:75:58:b6:5b:15:98:10:0e:91:38:f8:09:28:a0:9a:78:bc:d3:aa:a1:03:b4:78:c7:84:54:53:59:85:9c:3a:82:91:fd:9f:84:07:2d:69:c4:4e:12:0a:81:72:da:7c:aa:11:48:22:c0:0a:1f:88:b3:21:c5:a3:0c:9e:d6:1f:ec:94:4e:99:5c:c7:d9:14:44:8f:60:07:24:ee:3a:45:b1:f0:7a:5b:73:06:fe:65:2b:e8:ab:ea:19:e7:79:c9:3d:80:8b:17:aa:ca:03:96:98:7e:ea:39:1d:1c:ed:aa:b2:52:cf:ba:55:fb:5c:db:16:0c:6f:75:12:65:8c:1a:32:73:7e:24:22:b7:9a:a5:5b:ff:0d:82:8c:b8:42:5d:01:18:09:5b:4b:47:9b:68:ae:64:30:a7:d5:89:39:fa:1f:f1:16:0d:62:79:c8:5c:2f:13:76:db:1e:4f:ed:c2:e1:c8:26:02:27:a6:ad:01:55:06:d4:d9:26:69:2d:83:12:c8:27:fb:93:92:63:4e:dc:ba:9c:ad:1a:6f:c9:94:fb:ca:45:d0:6b:6b:e5:81:ea:41:9e:c4:88:e9:fa:8b:b9:20:f5:21:f5:d9:a5:54:dc:d2:33:8e:51:ce:ec:e5:e1:47:3b:96:f6:43:6f:93:c7:de:87:e4:7b:e3:75:bf:64:eb:f8:29:70:4e:38:b8:60:fc:6d:a4:ba:82:97:6a:85:d4:df:f2:65:ae:03:e1:25:7a:44:01:44:20:c3:9f:d8:9d:5c:83:59:45:bb:07:38:22:73:b6:ce:02:25:69:c6:ee:0b:b1:78:d8:7d:72:42:89:c1:a1:f3:df:98:fb:4d:0d:43:5a:e3:03:6f:95:64:23:50:f4:e5:f0:83:c2:1b:98:5e:2a:6d:84:0c:42:9d:f7:37:8e:ea:9c:dc:5f:f8:4f:da:ce:69:2a:a3:8f:ef:84:23:b3:50:c1:f4:46:a0:2a:99:c9:42:8e:e4:22:ed:fe:dc:31:03:1a:32:52:2b:9f:f7:bf:f0:82:15:bb:df:59:3a:e7:41:f0:f1:16:2f:dc:76:50:25:ce:28:f3:d8:6c:75:44:f8:d3:0f:50:01:bd:6f:e9:da:bd:e6:18:e5:89:47:ab:5e:63:29:ba:4e:97:83:f9:8d:f7:e0:62:ca:00:76:fe:9d:dd:e3:5e:94:4d:be:6d:35:ea:63:de:46:17:91:b7:fe:9a:67:37:08:df:f9:16:22:ae:a3:53:d6:47:d3:c0:1b:f7:44:2a:76:39:72:34:64:32:51:a3:23:e9:30:b7:5a:5a:1e:8f:22:97:10:73:91:44:ca:91:5a:dc:da:a5:17:cc:3b:87:7c:c9:7a:02:e3:ee:e6:20:bc:26:c7:cf:f2:b7:9f:54:8d:d4:cb:31:fe:af:bb:5d:ca:e9:ac:8e:9c:3d:b0:35:3f:d1:ed:3f:1f:08:de:29:c1:9f:8e:8c:44:13:fa:9b:a2:9c:84:4a:db:61:70:b2:ee:3a:cd:5c:43:ee:54:5a:71:5f:00:03:66:3e:1a:72:06:ff:6f:2a:10:53:15:25:5e:24:08:0a:e4:89:9a:d9:6e:0b:7b:de:33:e0:15:b8:86:9f:76:5c:36:c2:a7:23:66:8f:ca:25:97:5c:84:90:b0:c2:a3:e2:6d:2e:9e:e7:94:6e:b8:93:62:03:e1:e5:16:6c:bf:36:63:f6:54:b2:96:08:17:ef:a5:d8:a2:36:58:8f:54:40:c8:4e:63:0e:03:1a:9c:65:11:dc:dd:a7:11:49:95:7a:1e:97:e5:52:75:bc:e6:e5:63:bc:be:f4:59:77:e4:c0:5e:9f:34:04:08:92:73:75:34:09:5f:7d:b2:cd:ac:15:59:4d:68:5a:11:32:7d:98:4f:2e:73:f7:f5:88:f0:51:1c:df:f9:1e:f8:d7:f4:11:b3:e1:38:21:7f:2e:fa:30:7e:4d:8c:ea:bb:58:a4:96:17:d8:98:c2:fa:4c:7e:8c:29:0e:31:b1:49:2a:06:e3:8f:85:a9:59:17:c1:02:e2:1f:97:f3:5b:4f:83:76:7a:9d:03:00:c3:c6:26:eb:95:6b:bf:e1:5d:de:c3:11:ec:45:23:ee:33:a4:39:f1:dd:f7:e7:64:2c:7a:01:8d:ae:71:a6:55:7f:5f:21:17:e2:bf:ae:dc:d2:38:aa:96:17:bf:9c:51:86:54:1a:9c:73:a1:70:de:06:2a:d3:c0:fb:e0:93:8a:49:73:3c:ae:3e:68:ee:bf:90:b3:ee:6c:5b:db:64:d9:6d:35:93:69:8e:9a:81:b5:06:0d:32:67:d9:e9:16:d8:ee:cf:48:c6:04:17:ae:73:bb:70:bf:f4:f8:10:05:2f:5a:57:63:1f:ab:55:06:cf:24:28:87:4b:9c:41:0d:3d:b6:ea:53:0f:a1:78:6e:e5:ed:fb:0c:dc:fa:6e:fe:3c:6d:c5:5d:d0:82:a9:f4:d5:a6:eb:54:08:a6:5b:a1:41:d5:02:94:4e:9d:a5:06:1b:99:c7:7e:d8:29:f4:c8:60:11:d6:a4:0e:f4:b0:b5:22:40:65:71:80:5f:4a:74:b3:bb:e3:b1:d9:e8:a6:b5:22:c9:a5:55:fe:9e:bf:2e:a0:1f:54:7f:8e:67:d7:13:76:8f:85:6e:0f:74:49:73:48:0c:0f:98:d6:d9:8e:25:99:36:2a:e2:d9:3d:1d:63:cc:bd:53:66:7c:43:50:ea:d7:3e:26:14:78:77:e0:91:01:b1:9c:31:3f:4a:af:7e:14:43:ca:ed:2b:f7:fb:9b:df:a5:82:aa:28:07:29:d7:50:6f:c5:f0:5b:1a:ea:47:1e:ad:65:4a:f4:f7:dd:9a:31:b4:cc:e7:82:3c:6e:1d:a2:a0:0a:fa:5d:74:0e:ce:7c:47:28:f7:ee:83:4d:59:46:b5:6d:93:54:79:a7:38:d3:df:e0:6f:36:9b:c8:06:ef:67:0a:f1:74:60:c2:cd:3e:a4:30:fe:db:57:2a:31:cb:73:be:73:fe:6b:34:01:7c:b1:f2:c2:02:26:9c:63:4f:8c:37:26:53:13:9b:88:a8:83:a2:15:d8:25:ed:46:f6:b9:e8:22:e8:f6:1e:fa:96:9e:fd:de:61:7e:d4:01:5d:cb:75:3c" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.009101000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.009101000", + "frame.time_delta": "0.138836000", + "frame.time_delta_displayed": "0.138836000", + "frame.time_relative": "2587.548415000", + "frame.number": "9168", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008a5b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00000080", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35314", + "tcp.port": "80", + "tcp.port": "35314", + "tcp.stream": "354", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1929", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "6068", + "tcp.window_size": "6068", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000ca43", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9167", + "tcp.analysis.ack_rtt": "0.138836000", + "tcp.analysis.initial_rtt": "0.137098000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.012290000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.012290000", + "frame.time_delta": "0.003189000", + "frame.time_delta_displayed": "0.003189000", + "frame.time_relative": "2587.551604000", + "frame.number": "9169", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000da0d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dd3d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "305", + "udp.checksum": "0x0000e4ae", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "7", + "http.prev_response_in": "9154" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.012906000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.012906000", + "frame.time_delta": "0.000616000", + "frame.time_delta_displayed": "0.000616000", + "frame.time_relative": "2587.552220000", + "frame.number": "9170", + "frame.len": "1434", + "frame.cap_len": "1434", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1420", + "ip.id": "0x00008b56", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000fa20", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35314", + "tcp.port": "80", + "tcp.port": "35314", + "tcp.stream": "354", + "tcp.len": "1380", + "tcp.seq": "1", + "tcp.nxtseq": "1381", + "tcp.ack": "1929", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "6068", + "tcp.window_size": "6068", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00000a73", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137098000", + "tcp.analysis.bytes_in_flight": "1380", + "tcp.analysis.push_bytes_sent": "1380" + }, + "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:34:30:31:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:70:72:69:76:61:74:65:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:74:65:78:74:2f:68:74:6d:6c:0d:0a:53:65:72:76:65:72:3a:20:4d:69:63:72:6f:73:6f:66:74:2d:49:49:53:2f:37:2e:35:0d:0a:57:57:57:2d:41:75:74:68:65:6e:74:69:63:61:74:65:3a:20:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:52:65:6e:65:77:4e:6f:6e:63:65:3d:22:54:72:75:65:22:2c:20:4e:6f:6e:63:65:3d:22:49:32:4b:38:5a:52:39:53:45:4b:4f:2f:49:4e:55:49:72:77:69:54:65:77:3d:3d:22:0d:0a:58:2d:41:73:70:4e:65:74:2d:56:65:72:73:69:6f:6e:3a:20:34:2e:30:2e:33:30:33:31:39:0d:0a:58:2d:50:6f:77:65:72:65:64:2d:42:79:3a:20:41:53:50:2e:4e:45:54:0d:0a:44:61:74:65:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:32:39:3a:33:38:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:39:33:0d:0a:0d:0a:3c:21:44:4f:43:54:59:50:45:20:68:74:6d:6c:20:50:55:42:4c:49:43:20:22:2d:2f:2f:57:33:43:2f:2f:44:54:44:20:58:48:54:4d:4c:20:31:2e:30:20:53:74:72:69:63:74:2f:2f:45:4e:22:20:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:54:52:2f:78:68:74:6d:6c:31:2f:44:54:44:2f:78:68:74:6d:6c:31:2d:73:74:72:69:63:74:2e:64:74:64:22:3e:0d:0a:3c:68:74:6d:6c:20:78:6d:6c:6e:73:3d:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:31:39:39:39:2f:78:68:74:6d:6c:22:3e:0d:0a:3c:68:65:61:64:3e:0d:0a:3c:6d:65:74:61:20:68:74:74:70:2d:65:71:75:69:76:3d:22:43:6f:6e:74:65:6e:74:2d:54:79:70:65:22:20:63:6f:6e:74:65:6e:74:3d:22:74:65:78:74:2f:68:74:6d:6c:3b:20:63:68:61:72:73:65:74:3d:69:73:6f:2d:38:38:35:39:2d:31:22:2f:3e:0d:0a:3c:74:69:74:6c:65:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:74:69:74:6c:65:3e:0d:0a:3c:73:74:79:6c:65:20:74:79:70:65:3d:22:74:65:78:74:2f:63:73:73:22:3e:0d:0a:3c:21:2d:2d:0d:0a:62:6f:64:79:7b:6d:61:72:67:69:6e:3a:30:3b:66:6f:6e:74:2d:73:69:7a:65:3a:2e:37:65:6d:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:56:65:72:64:61:6e:61:2c:20:41:72:69:61:6c:2c:20:48:65:6c:76:65:74:69:63:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:45:45:45:45:45:45:3b:7d:0d:0a:66:69:65:6c:64:73:65:74:7b:70:61:64:64:69:6e:67:3a:30:20:31:35:70:78:20:31:30:70:78:20:31:35:70:78:3b:7d:20:0d:0a:68:31:7b:66:6f:6e:74:2d:73:69:7a:65:3a:32:2e:34:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:7d:0d:0a:68:32:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:37:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:43:43:30:30:30:30:3b:7d:20:0d:0a:68:33:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:32:65:6d:3b:6d:61:72:67:69:6e:3a:31:30:70:78:20:30:20:30:20:30:3b:63:6f:6c:6f:72:3a:23:30:30:30:30:30:30:3b:7d:20:0d:0a:23:68:65:61:64:65:72:7b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:30:3b:70:61:64:64:69:6e:67:3a:36:70:78:20:32:25:20:36:70:78:20:32:25:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:22:74:72:65:62:75:63:68:65:74:20:4d:53:22:2c:20:56:65:72:64:61:6e:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:0d:0a:62:61:63:6b:67:72:6f:75:6e:64:2d:63:6f:6c:6f:72:3a:23:35:35:35:35:35:35:3b:7d:0d:0a:23:63:6f:6e:74:65:6e:74:7b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:32:25:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2e:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:7b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:46:46:46:3b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:2d:74:6f:70:3a:38:70:78:3b:70:61:64:64:69:6e:67:3a:31:30:70:78:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2d:2d:3e:0d:0a:3c:2f:73:74:79:6c:65:3e:0d:0a:3c:2f:68:65:61:64:3e:0d:0a:3c:62:6f:64:79:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:68:65:61:64:65:72:22:3e:3c:68:31:3e:53:65:72:76:65:72:20:45:72:72:6f:72:3c:2f:68:31:3e:3c:2f:64:69:76:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:63:6f:6e:74:65:6e:74:22:3e:0d:0a:20:3c:64:69:76:20:63:6c:61:73:73:3d:22:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:22:3e:3c:66:69:65:6c:64:73" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.012932000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.012932000", + "frame.time_delta": "0.000026000", + "frame.time_delta_displayed": "0.000026000", + "frame.time_relative": "2587.552246000", + "frame.number": "9171", + "frame.len": "134", + "frame.cap_len": "134", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "120", + "ip.id": "0x00008b57", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000ff33", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35314", + "tcp.port": "80", + "tcp.port": "35314", + "tcp.stream": "354", + "tcp.len": "80", + "tcp.seq": "1381", + "tcp.nxtseq": "1461", + "tcp.ack": "1929", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "6068", + "tcp.window_size": "6068", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000055f", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137098000", + "tcp.analysis.bytes_in_flight": "1460", + "tcp.analysis.push_bytes_sent": "1460" + }, + "tcp.segment_data": "65:74:3e:0d:0a:20:20:3c:68:32:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:68:32:3e" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.013009000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.013009000", + "frame.time_delta": "0.000077000", + "frame.time_delta_displayed": "0.000077000", + "frame.time_relative": "2587.552323000", + "frame.number": "9172", + "frame.len": "213", + "frame.cap_len": "213", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "199", + "ip.id": "0x00008b58", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000fee3", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35314", + "tcp.port": "80", + "tcp.port": "35314", + "tcp.stream": "354", + "tcp.len": "159", + "tcp.seq": "1461", + "tcp.nxtseq": "1620", + "tcp.ack": "1929", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "6068", + "tcp.window_size": "6068", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00005ec2", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.137098000", + "tcp.analysis.bytes_in_flight": "1619", + "tcp.analysis.push_bytes_sent": "159" + }, + "tcp.segment_data": "0d:0a:20:20:3c:68:33:3e:59:6f:75:20:64:6f:20:6e:6f:74:20:68:61:76:65:20:70:65:72:6d:69:73:73:69:6f:6e:20:74:6f:20:76:69:65:77:20:74:68:69:73:20:64:69:72:65:63:74:6f:72:79:20:6f:72:20:70:61:67:65:20:75:73:69:6e:67:20:74:68:65:20:63:72:65:64:65:6e:74:69:61:6c:73:20:74:68:61:74:20:79:6f:75:20:73:75:70:70:6c:69:65:64:2e:3c:2f:68:33:3e:0d:0a:20:3c:2f:66:69:65:6c:64:73:65:74:3e:3c:2f:64:69:76:3e:0d:0a:3c:2f:64:69:76:3e:0d:0a:3c:2f:62:6f:64:79:3e:0d:0a:3c:2f:68:74:6d:6c:3e:0d:0a" + }, + "tcp.segments": { + "tcp.segment": "9170", + "tcp.segment": "9171", + "tcp.segment": "9172", + "tcp.segment.count": "3", + "tcp.reassembled.length": "1619", + "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:34:30:31:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:70:72:69:76:61:74:65:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:74:65:78:74:2f:68:74:6d:6c:0d:0a:53:65:72:76:65:72:3a:20:4d:69:63:72:6f:73:6f:66:74:2d:49:49:53:2f:37:2e:35:0d:0a:57:57:57:2d:41:75:74:68:65:6e:74:69:63:61:74:65:3a:20:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:52:65:6e:65:77:4e:6f:6e:63:65:3d:22:54:72:75:65:22:2c:20:4e:6f:6e:63:65:3d:22:49:32:4b:38:5a:52:39:53:45:4b:4f:2f:49:4e:55:49:72:77:69:54:65:77:3d:3d:22:0d:0a:58:2d:41:73:70:4e:65:74:2d:56:65:72:73:69:6f:6e:3a:20:34:2e:30:2e:33:30:33:31:39:0d:0a:58:2d:50:6f:77:65:72:65:64:2d:42:79:3a:20:41:53:50:2e:4e:45:54:0d:0a:44:61:74:65:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:32:39:3a:33:38:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:39:33:0d:0a:0d:0a:3c:21:44:4f:43:54:59:50:45:20:68:74:6d:6c:20:50:55:42:4c:49:43:20:22:2d:2f:2f:57:33:43:2f:2f:44:54:44:20:58:48:54:4d:4c:20:31:2e:30:20:53:74:72:69:63:74:2f:2f:45:4e:22:20:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:54:52:2f:78:68:74:6d:6c:31:2f:44:54:44:2f:78:68:74:6d:6c:31:2d:73:74:72:69:63:74:2e:64:74:64:22:3e:0d:0a:3c:68:74:6d:6c:20:78:6d:6c:6e:73:3d:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:31:39:39:39:2f:78:68:74:6d:6c:22:3e:0d:0a:3c:68:65:61:64:3e:0d:0a:3c:6d:65:74:61:20:68:74:74:70:2d:65:71:75:69:76:3d:22:43:6f:6e:74:65:6e:74:2d:54:79:70:65:22:20:63:6f:6e:74:65:6e:74:3d:22:74:65:78:74:2f:68:74:6d:6c:3b:20:63:68:61:72:73:65:74:3d:69:73:6f:2d:38:38:35:39:2d:31:22:2f:3e:0d:0a:3c:74:69:74:6c:65:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:74:69:74:6c:65:3e:0d:0a:3c:73:74:79:6c:65:20:74:79:70:65:3d:22:74:65:78:74:2f:63:73:73:22:3e:0d:0a:3c:21:2d:2d:0d:0a:62:6f:64:79:7b:6d:61:72:67:69:6e:3a:30:3b:66:6f:6e:74:2d:73:69:7a:65:3a:2e:37:65:6d:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:56:65:72:64:61:6e:61:2c:20:41:72:69:61:6c:2c:20:48:65:6c:76:65:74:69:63:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:45:45:45:45:45:45:3b:7d:0d:0a:66:69:65:6c:64:73:65:74:7b:70:61:64:64:69:6e:67:3a:30:20:31:35:70:78:20:31:30:70:78:20:31:35:70:78:3b:7d:20:0d:0a:68:31:7b:66:6f:6e:74:2d:73:69:7a:65:3a:32:2e:34:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:7d:0d:0a:68:32:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:37:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:43:43:30:30:30:30:3b:7d:20:0d:0a:68:33:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:32:65:6d:3b:6d:61:72:67:69:6e:3a:31:30:70:78:20:30:20:30:20:30:3b:63:6f:6c:6f:72:3a:23:30:30:30:30:30:30:3b:7d:20:0d:0a:23:68:65:61:64:65:72:7b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:30:3b:70:61:64:64:69:6e:67:3a:36:70:78:20:32:25:20:36:70:78:20:32:25:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:22:74:72:65:62:75:63:68:65:74:20:4d:53:22:2c:20:56:65:72:64:61:6e:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:0d:0a:62:61:63:6b:67:72:6f:75:6e:64:2d:63:6f:6c:6f:72:3a:23:35:35:35:35:35:35:3b:7d:0d:0a:23:63:6f:6e:74:65:6e:74:7b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:32:25:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2e:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:7b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:46:46:46:3b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:2d:74:6f:70:3a:38:70:78:3b:70:61:64:64:69:6e:67:3a:31:30:70:78:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2d:2d:3e:0d:0a:3c:2f:73:74:79:6c:65:3e:0d:0a:3c:2f:68:65:61:64:3e:0d:0a:3c:62:6f:64:79:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:68:65:61:64:65:72:22:3e:3c:68:31:3e:53:65:72:76:65:72:20:45:72:72:6f:72:3c:2f:68:31:3e:3c:2f:64:69:76:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:63:6f:6e:74:65:6e:74:22:3e:0d:0a:20:3c:64:69:76:20:63:6c:61:73:73:3d:22:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:22:3e:3c:66:69:65:6c:64:73:65:74:3e:0d:0a:20:20:3c:68:32:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:68:32:3e:0d:0a:20:20:3c:68:33:3e:59:6f:75:20:64:6f:20:6e:6f:74:20:68:61:76:65:20:70:65:72:6d:69:73:73:69:6f:6e:20:74:6f:20:76:69:65:77:20:74:68:69:73:20:64:69:72:65:63:74:6f:72:79:20:6f:72:20:70:61:67:65:20:75:73:69:6e:67:20:74:68:65:20:63:72:65:64:65:6e:74:69:61:6c:73:20:74:68:61:74:20:79:6f:75:20:73:75:70:70:6c:69:65:64:2e:3c:2f:68:33:3e:0d:0a:20:3c:2f:66:69:65:6c:64:73:65:74:3e:3c:2f:64:69:76:3e:0d:0a:3c:2f:64:69:76:3e:0d:0a:3c:2f:62:6f:64:79:3e:0d:0a:3c:2f:68:74:6d:6c:3e:0d:0a" + }, + "http": { + "HTTP\/1.1 401 Unauthorized\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 401 Unauthorized\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "401", + "http.response.phrase": "Unauthorized" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_type": "text\/html", + "http.response.line": "Content-Type: text\/html\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Type=\"SSO\", RenewNonce=\"True\", Nonce=\"I2K8ZR9SEKO\/INUIrwiTew==\"", + "http.response.line": "WWW-Authenticate: CBAuth Type=\"SSO\", RenewNonce=\"True\", Nonce=\"I2K8ZR9SEKO\/INUIrwiTew==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Wed, 01 Nov 2017 00:29:38 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:29:38 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "http.content_length_header": "1293", + "http.content_length_header_tree": { + "http.content_length": "1293" + }, + "http.response.line": "Content-Length: 1293\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.142744000", + "http.request_in": "9167", + "http.file_data": "<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD XHTML 1.0 Strict\/\/EN\" \"http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-strict.dtd\">\r\n<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text\/html; charset=iso-8859-1\"\/>\r\n<title>401 - Unauthorized: Access is denied due to invalid credentials.<\/title>\r\n<style type=\"text\/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n<\/style>\r\n<\/head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error<\/h1><\/div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n <h2>401 - Unauthorized: Access is denied due to invalid credentials.<\/h2>\r\n <h3>You do not have permission to view this directory or page using the credentials that you supplied.<\/h3>\r\n <\/fieldset><\/div>\r\n<\/div>\r\n<\/body>\r\n<\/html>\r\n" + }, + "data-text-lines": { + "<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD XHTML 1.0 Strict\/\/EN\" \"http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-strict.dtd\">\\r\\n": "", + "<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\\r\\n": "", + "<head>\\r\\n": "", + "<meta http-equiv=\"Content-Type\" content=\"text\/html; charset=iso-8859-1\"\/>\\r\\n": "", + "<title>401 - Unauthorized: Access is denied due to invalid credentials.<\/title>\\r\\n": "", + "<style type=\"text\/css\">\\r\\n": "", + "<!--\\r\\n": "", + "body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\\r\\n": "", + "fieldset{padding:0 15px 10px 15px;} \\r\\n": "", + "h1{font-size:2.4em;margin:0;color:#FFF;}\\r\\n": "", + "h2{font-size:1.7em;margin:0;color:#CC0000;} \\r\\n": "", + "h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \\r\\n": "", + "#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\\r\\n": "", + "background-color:#555555;}\\r\\n": "", + "#content{margin:0 0 0 2%;position:relative;}\\r\\n": "", + ".content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\\r\\n": "", + "-->\\r\\n": "", + "<\/style>\\r\\n": "", + "<\/head>\\r\\n": "", + "<body>\\r\\n": "", + "<div id=\"header\"><h1>Server Error<\/h1><\/div>\\r\\n": "", + "<div id=\"content\">\\r\\n": "", + " <div class=\"content-container\"><fieldset>\\r\\n": "", + " <h2>401 - Unauthorized: Access is denied due to invalid credentials.<\/h2>\\r\\n": "", + " <h3>You do not have permission to view this directory or page using the credentials that you supplied.<\/h3>\\r\\n": "", + " <\/fieldset><\/div>\\r\\n": "", + "<\/div>\\r\\n": "", + "<\/body>\\r\\n": "", + "<\/html>\\r\\n": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.013086000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.013086000", + "frame.time_delta": "0.000077000", + "frame.time_delta_displayed": "0.000077000", + "frame.time_relative": "2587.552400000", + "frame.number": "9173", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008b5a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000ff80", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35314", + "tcp.port": "80", + "tcp.port": "35314", + "tcp.stream": "354", + "tcp.len": "0", + "tcp.seq": "1620", + "tcp.ack": "1929", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "6068", + "tcp.window_size": "6068", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000c3ef", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.013509000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.013509000", + "frame.time_delta": "0.000423000", + "frame.time_delta_displayed": "0.000423000", + "frame.time_relative": "2587.552823000", + "frame.number": "9174", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f0ae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000452d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35314", + "tcp.dstport": "80", + "tcp.port": "35314", + "tcp.port": "80", + "tcp.stream": "354", + "tcp.len": "0", + "tcp.seq": "1929", + "tcp.ack": "1381", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "31740", + "tcp.window_size": "31740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00006097", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9170", + "tcp.analysis.ack_rtt": "0.000603000", + "tcp.analysis.initial_rtt": "0.137098000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.013521000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.013521000", + "frame.time_delta": "0.000012000", + "frame.time_delta_displayed": "0.000012000", + "frame.time_relative": "2587.552835000", + "frame.number": "9175", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f0af", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000452c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35314", + "tcp.dstport": "80", + "tcp.port": "35314", + "tcp.port": "80", + "tcp.stream": "354", + "tcp.len": "0", + "tcp.seq": "1929", + "tcp.ack": "1461", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "31740", + "tcp.window_size": "31740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00006047", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9171", + "tcp.analysis.ack_rtt": "0.000589000", + "tcp.analysis.initial_rtt": "0.137098000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.013530000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.013530000", + "frame.time_delta": "0.000009000", + "frame.time_delta_displayed": "0.000009000", + "frame.time_relative": "2587.552844000", + "frame.number": "9176", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f0b0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000452b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35314", + "tcp.dstport": "80", + "tcp.port": "35314", + "tcp.port": "80", + "tcp.stream": "354", + "tcp.len": "0", + "tcp.seq": "1929", + "tcp.ack": "1620", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "31740", + "tcp.window_size": "31740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00005fa8", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9172", + "tcp.analysis.ack_rtt": "0.000521000", + "tcp.analysis.initial_rtt": "0.137098000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.013821000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.013821000", + "frame.time_delta": "0.000291000", + "frame.time_delta_displayed": "0.000291000", + "frame.time_relative": "2587.553135000", + "frame.number": "9177", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000f0b1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000452a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35314", + "tcp.dstport": "80", + "tcp.port": "35314", + "tcp.port": "80", + "tcp.stream": "354", + "tcp.len": "0", + "tcp.seq": "1929", + "tcp.ack": "1621", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "31740", + "tcp.window_size": "31740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00005fa6", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9173", + "tcp.analysis.ack_rtt": "0.000735000", + "tcp.analysis.initial_rtt": "0.137098000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.014708000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.014708000", + "frame.time_delta": "0.000887000", + "frame.time_delta_displayed": "0.000887000", + "frame.time_relative": "2587.554022000", + "frame.number": "9178", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000e63c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d27d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51252", + "udp.dstport": "53", + "udp.port": "51252", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000edcb", + "udp.checksum.status": "2", + "udp.stream": "168" + }, + "dns": { + "dns.id": "0x00000f3d", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.015261000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.015261000", + "frame.time_delta": "0.000553000", + "frame.time_delta_displayed": "0.000553000", + "frame.time_relative": "2587.554575000", + "frame.number": "9179", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000cd72", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000eb47", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "51252", + "udp.port": "53", + "udp.port": "51252", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "168" + }, + "dns": { + "dns.response_to": "9178", + "dns.time": "0.000553000", + "dns.id": "0x00000f3d", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.016046000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.016046000", + "frame.time_delta": "0.000785000", + "frame.time_delta_displayed": "0.000785000", + "frame.time_relative": "2587.555360000", + "frame.number": "9180", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000e63d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d27c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "48478", + "udp.dstport": "53", + "udp.port": "48478", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x000013a1", + "udp.checksum.status": "2", + "udp.stream": "169" + }, + "dns": { + "dns.id": "0x00000f3e", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.016568000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.016568000", + "frame.time_delta": "0.000522000", + "frame.time_delta_displayed": "0.000522000", + "frame.time_relative": "2587.555882000", + "frame.number": "9181", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x0000cd73", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000eb36", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "48478", + "udp.port": "53", + "udp.port": "48478", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "169" + }, + "dns": { + "dns.response_to": "9180", + "dns.time": "0.000522000", + "dns.id": "0x00000f3e", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1198", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.017293000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.017293000", + "frame.time_delta": "0.000725000", + "frame.time_delta_displayed": "0.000725000", + "frame.time_relative": "2587.556607000", + "frame.number": "9182", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00000598", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003038", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35315", + "tcp.dstport": "80", + "tcp.port": "35315", + "tcp.port": "80", + "tcp.stream": "355", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x00007804", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Window scale: 3 (multiply by 8)": { + "tcp.option_kind": "3", + "tcp.option_len": "3", + "tcp.options.wscale.shift": "3", + "tcp.options.wscale.multiplier": "8" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.065174000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.065174000", + "frame.time_delta": "0.047881000", + "frame.time_delta_displayed": "0.047881000", + "frame.time_relative": "2587.604488000", + "frame.number": "9183", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000da11", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dd30", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "314", + "udp.checksum": "0x0000f299", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "8", + "http.prev_response_in": "9169" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.117899000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.117899000", + "frame.time_delta": "0.052725000", + "frame.time_delta_displayed": "0.052725000", + "frame.time_relative": "2587.657213000", + "frame.number": "9184", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000da13", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dd34", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "308", + "udp.checksum": "0x00001624", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "9", + "http.prev_response_in": "9183" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.154225000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.154225000", + "frame.time_delta": "0.036326000", + "frame.time_delta_displayed": "0.036326000", + "frame.time_relative": "2587.693539000", + "frame.number": "9185", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c9c8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000c112", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35314", + "tcp.port": "80", + "tcp.port": "35314", + "tcp.stream": "354", + "tcp.len": "0", + "tcp.seq": "1621", + "tcp.ack": "1930", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "6068", + "tcp.window_size": "6068", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000c3ee", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9177", + "tcp.analysis.ack_rtt": "0.140404000", + "tcp.analysis.initial_rtt": "0.137098000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.156592000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.156592000", + "frame.time_delta": "0.002367000", + "frame.time_delta_displayed": "0.002367000", + "frame.time_relative": "2587.695906000", + "frame.number": "9186", + "frame.len": "62", + "frame.cap_len": "62", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "48", + "ip.id": "0x0000fff1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00008ae1", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35315", + "tcp.port": "80", + "tcp.port": "35315", + "tcp.stream": "355", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "28", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "4140", + "tcp.window_size": "4140", + "tcp.checksum": "0x0000816b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:64:04:02:00:00", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1380" + }, + "tcp.options.sack_perm": "1", + "tcp.options.sack_perm_tree": { + "tcp.option_kind": "4", + "tcp.option_len": "2" + }, + "End of Option List (EOL)": { + "tcp.options.type": "0", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "0" + } + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "9182", + "tcp.analysis.ack_rtt": "0.139299000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.157107000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.157107000", + "frame.time_delta": "0.000515000", + "frame.time_delta_displayed": "0.000515000", + "frame.time_relative": "2587.696421000", + "frame.number": "9187", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00000599", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003043", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35315", + "tcp.dstport": "80", + "tcp.port": "35315", + "tcp.port": "80", + "tcp.stream": "355", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00004afa", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9186", + "tcp.analysis.ack_rtt": "0.000515000", + "tcp.analysis.initial_rtt": "0.139814000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.157120000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.157120000", + "frame.time_delta": "0.000013000", + "frame.time_delta_displayed": "0.000013000", + "frame.time_relative": "2587.696434000", + "frame.number": "9188", + "frame.len": "654", + "frame.cap_len": "654", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "640", + "ip.id": "0x0000059a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002dea", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35315", + "tcp.dstport": "80", + "tcp.port": "35315", + "tcp.port": "80", + "tcp.stream": "355", + "tcp.len": "600", + "tcp.seq": "1", + "tcp.nxtseq": "601", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000079cd", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.139814000", + "tcp.analysis.bytes_in_flight": "600", + "tcp.analysis.push_bytes_sent": "600" + }, + "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:32:30:31:22:2c:20:4e:6f:6e:63:65:3d:22:49:32:4b:38:5a:52:39:53:45:4b:4f:2f:49:4e:55:49:72:77:69:54:65:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:42:70:6a:67:4f:2b:6b:4a:31:74:70:75:2f:46:62:61:2f:64:4a:6f:51:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:33:32:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.293298000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.293298000", + "frame.time_delta": "0.136178000", + "frame.time_delta_displayed": "0.136178000", + "frame.time_relative": "2587.832612000", + "frame.number": "9189", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00003d52", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00004d89", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35315", + "tcp.port": "80", + "tcp.port": "35315", + "tcp.stream": "355", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "601", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4740", + "tcp.window_size": "4740", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000a82e", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9188", + "tcp.analysis.ack_rtt": "0.136178000", + "tcp.analysis.initial_rtt": "0.139814000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.293933000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.293933000", + "frame.time_delta": "0.000635000", + "frame.time_delta_displayed": "0.000635000", + "frame.time_relative": "2587.833247000", + "frame.number": "9190", + "frame.len": "1382", + "frame.cap_len": "1382", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "1368", + "ip.id": "0x0000059b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00002b11", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35315", + "tcp.dstport": "80", + "tcp.port": "35315", + "tcp.port": "80", + "tcp.stream": "355", + "tcp.len": "1328", + "tcp.seq": "601", + "tcp.nxtseq": "1929", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000e59b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.139814000", + "tcp.analysis.bytes_in_flight": "1328", + "tcp.analysis.push_bytes_sent": "1328" + }, + "tcp.segment_data": "ef:2b:ea:fe:50:df:84:91:dc:10:8f:74:c5:c9:6e:b9:57:04:72:33:87:d0:8f:2a:35:53:b3:f2:25:33:e0:de:c7:cc:b1:69:72:ed:17:69:74:34:a2:ac:f3:25:f6:6d:74:b2:14:75:eb:c2:eb:ec:31:c9:b4:07:d5:cd:3c:76:e1:20:73:64:19:ed:27:50:fd:5d:c9:09:cf:0e:e7:e4:5a:b0:03:d1:39:03:18:2b:1c:b5:cf:4c:02:b1:ba:83:6e:b8:f1:66:65:54:18:f5:d2:6e:80:4f:e8:5b:0d:a9:37:91:bc:62:14:35:2b:af:5d:df:da:89:89:1c:ee:16:ba:6b:88:ad:b7:6b:e6:74:22:ab:f2:c2:a6:af:5b:a4:d4:3a:65:e2:12:b8:a0:ce:fe:73:46:27:a7:00:ea:72:dc:1a:d3:2f:24:70:96:37:4c:f1:53:ce:1b:f0:45:13:3d:ba:f2:ff:56:9a:da:7b:67:06:d3:e5:de:ea:6c:f6:0e:93:87:c1:97:34:15:74:62:9e:69:04:a6:be:25:80:4b:78:af:e8:47:82:ad:62:e2:45:25:1e:79:0f:cc:52:72:ed:fc:47:ec:f3:65:d7:f8:b0:52:56:de:7c:2e:23:d6:43:5f:f5:94:42:e4:c3:ce:76:b8:81:68:70:8a:36:4c:3e:f4:59:bf:ad:69:26:fd:43:0d:3c:7d:0d:42:8b:89:c3:03:4d:c7:bb:1e:e4:58:53:87:d1:0c:39:4c:5d:2f:6a:70:b6:db:a2:d1:1d:88:51:97:7a:2d:ee:e9:21:7f:bd:0a:b2:e1:0d:0e:a8:a4:67:1a:6b:7c:33:17:9e:03:b3:d6:12:4a:bf:0f:91:db:9b:fb:d0:4b:c4:b6:29:39:4c:bf:e9:46:8f:3f:52:d1:bd:9c:32:86:05:8a:fb:06:cc:f2:49:10:3f:2a:00:fd:12:2e:34:b8:4c:93:45:09:08:91:60:df:9f:a3:60:af:d8:86:e6:da:a7:02:fb:00:f5:ec:cc:9b:aa:e9:23:ad:2f:0f:f1:57:9f:8a:5f:23:dd:01:a9:d3:66:4a:51:f5:30:a5:6d:a5:a8:1f:40:97:21:48:fd:94:4f:46:13:ac:56:00:c1:2b:b4:90:f0:45:ab:95:74:7d:6b:0e:99:91:d2:e2:54:5c:32:63:19:99:e0:58:a0:d5:67:e5:25:b1:84:35:cb:99:1d:b6:72:6b:1f:1b:d4:49:24:61:62:94:64:88:59:95:34:a4:60:45:64:4f:5e:1d:ab:31:59:5a:30:e7:90:a6:05:e1:2a:1d:aa:0b:dd:a2:8d:90:b0:62:89:04:f2:60:f4:b6:43:f4:41:6b:e8:64:d9:f0:0d:28:38:f5:db:33:07:ed:c0:41:aa:d6:36:41:1f:ee:cf:73:f4:57:d2:23:20:02:3a:8a:6d:67:dc:2e:f8:01:05:51:1e:a6:94:b5:46:ce:b2:58:8b:fb:54:98:f3:25:46:1a:20:7e:09:89:72:37:e8:f8:60:a5:2f:69:ac:be:96:41:c4:c1:e2:6b:4f:a6:3b:18:e5:4d:a0:6c:bb:35:b6:54:25:d0:e6:93:87:7f:02:9e:b4:28:c4:06:73:1d:3b:c7:7a:5f:60:76:1f:2d:09:ef:51:e0:a3:50:47:cc:b1:02:ed:36:90:d4:f4:c0:eb:ed:32:01:82:0e:4b:09:16:d1:98:7e:42:7b:4a:2f:a9:72:0d:87:be:a3:52:a6:69:41:3b:1e:9f:df:08:18:70:1c:9e:b2:99:33:0b:e1:3a:7e:90:46:16:7e:94:98:06:6c:21:98:c4:11:f9:6b:51:70:8a:7a:8c:4b:16:55:ef:3c:64:fe:29:f5:0a:90:e7:a2:16:9a:ea:0d:3e:f9:33:ac:23:43:ce:27:cd:c1:77:e3:3d:56:de:1e:5d:08:42:28:b2:13:f6:0b:f1:04:ad:b9:44:34:ad:d3:d1:8e:3e:8e:a4:e5:73:81:97:c8:b8:cc:c8:a8:1a:82:37:a0:4c:7b:79:88:14:86:33:0e:7c:00:2d:29:23:31:f8:e6:75:af:3c:3e:72:7f:ae:7c:98:e4:d2:85:fb:97:66:5d:43:c1:1c:ec:6d:09:de:fc:88:94:9a:a7:2f:8b:7b:fa:45:86:b9:30:83:5f:18:24:bf:4f:b2:a9:58:a0:e7:ee:7e:65:70:41:ae:e1:ae:f8:c3:ba:f2:d0:ca:83:c5:e0:74:26:9e:23:39:e2:2b:85:8c:62:09:c9:a2:f6:e5:b6:5c:73:31:04:65:06:18:dc:12:b6:5d:f9:e2:6f:1e:fb:f6:42:ca:8d:69:31:d4:8b:54:2a:ab:65:91:ce:73:53:7c:55:05:4b:8d:92:14:dd:8a:12:a6:cd:19:96:83:68:3d:ef:0b:48:61:e0:d4:c9:95:c3:fd:1f:1d:71:01:65:eb:0f:74:8b:20:82:e8:0e:e4:63:9d:3e:86:b7:24:14:d8:f3:44:4c:ee:d7:ed:ae:c2:89:55:8c:fc:8e:79:33:bb:26:96:ef:ee:bc:16:ea:be:08:76:c6:a4:49:06:0f:5d:b5:d9:6c:62:9c:5b:80:37:a1:18:c7:5c:c7:7d:0b:d4:35:38:57:06:7e:9d:56:e5:4f:9a:c2:5b:b4:69:15:a9:29:5c:f0:cb:e7:fc:f4:51:bb:2a:50:e0:8e:40:e3:dc:51:58:68:e3:83:03:d8:a1:a0:7d:71:b0:57:fc:90:5b:92:58:0e:0d:66:15:18:0a:64:39:8f:7e:30:13:7a:1c:75:d3:7c:da:73:5b:7c:20:e8:b9:6c:fd:f1:db:e2:a2:da:db:23:32:bd:1e:b6:87:68:71:c3:5c:4f:a0:0d:8a:fd:ff:5d:00:ad:67:33:d6:23:dc:ce:d6:bd:70:bb:58:c6:45:7a:1b:71:b3:a6:0a:59:cb:07:81:48:2c:96:a0:df:98:6d:2f:88:d2:3e:92:23:5b:1e:4d:c0:56:90:07:6f:2f:f2:f7:08:fd:2f:dc:62:21:c8:66:45:4f:47:6a:9b:d6:dd:7e:d2:58:ab:0f:30:bd:e9:7a:f5:71:88:54:08:30:fd:23:eb:2f:5a:0b:a3:94:ed:c7:b6:a4:45:d6:be:64:15:9e:e8:2c:f5:42:bf:ae:fc:6d:6e:39:af:1f:c8:af:6d:65:a4:c6:40:45:4c:9f:64:a1:e5:6d:f9:20:9c:a1:95:f1:cd:ff:89:4b:e8:4d:d7:f0:6f:b1:57:aa:40:9f:75:02:8f:b2:f4:98:89:56:78:40:d0:31:10:c2:12:62:99:76:09:96:7a:08:ec:6d:d6:e1:f8:f1:a2:b4:15:02:81:d5:6e:10:51:38:af:25:e9:92:87:43:5e:e2:3e:11:98:62:97:e3:d9:e2:4a:69:1d:67:c7:79:9a:de:21:da:39:03:e0:54:b5:64:ce:12:8e:81:21:c8:30:7b:6e:0a:d9:69:91:fe:84:b1:6b:0f:47:f1:b5:19:8d:46" + }, + "tcp.segments": { + "tcp.segment": "9188", + "tcp.segment": "9190", + "tcp.segment.count": "2", + "tcp.reassembled.length": "1928", + "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:32:30:31:22:2c:20:4e:6f:6e:63:65:3d:22:49:32:4b:38:5a:52:39:53:45:4b:4f:2f:49:4e:55:49:72:77:69:54:65:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:42:70:6a:67:4f:2b:6b:4a:31:74:70:75:2f:46:62:61:2f:64:4a:6f:51:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:33:32:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:ef:2b:ea:fe:50:df:84:91:dc:10:8f:74:c5:c9:6e:b9:57:04:72:33:87:d0:8f:2a:35:53:b3:f2:25:33:e0:de:c7:cc:b1:69:72:ed:17:69:74:34:a2:ac:f3:25:f6:6d:74:b2:14:75:eb:c2:eb:ec:31:c9:b4:07:d5:cd:3c:76:e1:20:73:64:19:ed:27:50:fd:5d:c9:09:cf:0e:e7:e4:5a:b0:03:d1:39:03:18:2b:1c:b5:cf:4c:02:b1:ba:83:6e:b8:f1:66:65:54:18:f5:d2:6e:80:4f:e8:5b:0d:a9:37:91:bc:62:14:35:2b:af:5d:df:da:89:89:1c:ee:16:ba:6b:88:ad:b7:6b:e6:74:22:ab:f2:c2:a6:af:5b:a4:d4:3a:65:e2:12:b8:a0:ce:fe:73:46:27:a7:00:ea:72:dc:1a:d3:2f:24:70:96:37:4c:f1:53:ce:1b:f0:45:13:3d:ba:f2:ff:56:9a:da:7b:67:06:d3:e5:de:ea:6c:f6:0e:93:87:c1:97:34:15:74:62:9e:69:04:a6:be:25:80:4b:78:af:e8:47:82:ad:62:e2:45:25:1e:79:0f:cc:52:72:ed:fc:47:ec:f3:65:d7:f8:b0:52:56:de:7c:2e:23:d6:43:5f:f5:94:42:e4:c3:ce:76:b8:81:68:70:8a:36:4c:3e:f4:59:bf:ad:69:26:fd:43:0d:3c:7d:0d:42:8b:89:c3:03:4d:c7:bb:1e:e4:58:53:87:d1:0c:39:4c:5d:2f:6a:70:b6:db:a2:d1:1d:88:51:97:7a:2d:ee:e9:21:7f:bd:0a:b2:e1:0d:0e:a8:a4:67:1a:6b:7c:33:17:9e:03:b3:d6:12:4a:bf:0f:91:db:9b:fb:d0:4b:c4:b6:29:39:4c:bf:e9:46:8f:3f:52:d1:bd:9c:32:86:05:8a:fb:06:cc:f2:49:10:3f:2a:00:fd:12:2e:34:b8:4c:93:45:09:08:91:60:df:9f:a3:60:af:d8:86:e6:da:a7:02:fb:00:f5:ec:cc:9b:aa:e9:23:ad:2f:0f:f1:57:9f:8a:5f:23:dd:01:a9:d3:66:4a:51:f5:30:a5:6d:a5:a8:1f:40:97:21:48:fd:94:4f:46:13:ac:56:00:c1:2b:b4:90:f0:45:ab:95:74:7d:6b:0e:99:91:d2:e2:54:5c:32:63:19:99:e0:58:a0:d5:67:e5:25:b1:84:35:cb:99:1d:b6:72:6b:1f:1b:d4:49:24:61:62:94:64:88:59:95:34:a4:60:45:64:4f:5e:1d:ab:31:59:5a:30:e7:90:a6:05:e1:2a:1d:aa:0b:dd:a2:8d:90:b0:62:89:04:f2:60:f4:b6:43:f4:41:6b:e8:64:d9:f0:0d:28:38:f5:db:33:07:ed:c0:41:aa:d6:36:41:1f:ee:cf:73:f4:57:d2:23:20:02:3a:8a:6d:67:dc:2e:f8:01:05:51:1e:a6:94:b5:46:ce:b2:58:8b:fb:54:98:f3:25:46:1a:20:7e:09:89:72:37:e8:f8:60:a5:2f:69:ac:be:96:41:c4:c1:e2:6b:4f:a6:3b:18:e5:4d:a0:6c:bb:35:b6:54:25:d0:e6:93:87:7f:02:9e:b4:28:c4:06:73:1d:3b:c7:7a:5f:60:76:1f:2d:09:ef:51:e0:a3:50:47:cc:b1:02:ed:36:90:d4:f4:c0:eb:ed:32:01:82:0e:4b:09:16:d1:98:7e:42:7b:4a:2f:a9:72:0d:87:be:a3:52:a6:69:41:3b:1e:9f:df:08:18:70:1c:9e:b2:99:33:0b:e1:3a:7e:90:46:16:7e:94:98:06:6c:21:98:c4:11:f9:6b:51:70:8a:7a:8c:4b:16:55:ef:3c:64:fe:29:f5:0a:90:e7:a2:16:9a:ea:0d:3e:f9:33:ac:23:43:ce:27:cd:c1:77:e3:3d:56:de:1e:5d:08:42:28:b2:13:f6:0b:f1:04:ad:b9:44:34:ad:d3:d1:8e:3e:8e:a4:e5:73:81:97:c8:b8:cc:c8:a8:1a:82:37:a0:4c:7b:79:88:14:86:33:0e:7c:00:2d:29:23:31:f8:e6:75:af:3c:3e:72:7f:ae:7c:98:e4:d2:85:fb:97:66:5d:43:c1:1c:ec:6d:09:de:fc:88:94:9a:a7:2f:8b:7b:fa:45:86:b9:30:83:5f:18:24:bf:4f:b2:a9:58:a0:e7:ee:7e:65:70:41:ae:e1:ae:f8:c3:ba:f2:d0:ca:83:c5:e0:74:26:9e:23:39:e2:2b:85:8c:62:09:c9:a2:f6:e5:b6:5c:73:31:04:65:06:18:dc:12:b6:5d:f9:e2:6f:1e:fb:f6:42:ca:8d:69:31:d4:8b:54:2a:ab:65:91:ce:73:53:7c:55:05:4b:8d:92:14:dd:8a:12:a6:cd:19:96:83:68:3d:ef:0b:48:61:e0:d4:c9:95:c3:fd:1f:1d:71:01:65:eb:0f:74:8b:20:82:e8:0e:e4:63:9d:3e:86:b7:24:14:d8:f3:44:4c:ee:d7:ed:ae:c2:89:55:8c:fc:8e:79:33:bb:26:96:ef:ee:bc:16:ea:be:08:76:c6:a4:49:06:0f:5d:b5:d9:6c:62:9c:5b:80:37:a1:18:c7:5c:c7:7d:0b:d4:35:38:57:06:7e:9d:56:e5:4f:9a:c2:5b:b4:69:15:a9:29:5c:f0:cb:e7:fc:f4:51:bb:2a:50:e0:8e:40:e3:dc:51:58:68:e3:83:03:d8:a1:a0:7d:71:b0:57:fc:90:5b:92:58:0e:0d:66:15:18:0a:64:39:8f:7e:30:13:7a:1c:75:d3:7c:da:73:5b:7c:20:e8:b9:6c:fd:f1:db:e2:a2:da:db:23:32:bd:1e:b6:87:68:71:c3:5c:4f:a0:0d:8a:fd:ff:5d:00:ad:67:33:d6:23:dc:ce:d6:bd:70:bb:58:c6:45:7a:1b:71:b3:a6:0a:59:cb:07:81:48:2c:96:a0:df:98:6d:2f:88:d2:3e:92:23:5b:1e:4d:c0:56:90:07:6f:2f:f2:f7:08:fd:2f:dc:62:21:c8:66:45:4f:47:6a:9b:d6:dd:7e:d2:58:ab:0f:30:bd:e9:7a:f5:71:88:54:08:30:fd:23:eb:2f:5a:0b:a3:94:ed:c7:b6:a4:45:d6:be:64:15:9e:e8:2c:f5:42:bf:ae:fc:6d:6e:39:af:1f:c8:af:6d:65:a4:c6:40:45:4c:9f:64:a1:e5:6d:f9:20:9c:a1:95:f1:cd:ff:89:4b:e8:4d:d7:f0:6f:b1:57:aa:40:9f:75:02:8f:b2:f4:98:89:56:78:40:d0:31:10:c2:12:62:99:76:09:96:7a:08:ec:6d:d6:e1:f8:f1:a2:b4:15:02:81:d5:6e:10:51:38:af:25:e9:92:87:43:5e:e2:3e:11:98:62:97:e3:d9:e2:4a:69:1d:67:c7:79:9a:de:21:da:39:03:e0:54:b5:64:ce:12:8e:81:21:c8:30:7b:6e:0a:d9:69:91:fe:84:b1:6b:0f:47:f1:b5:19:8d:46" + }, + "http": { + "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "POST", + "http.request.uri": "\/DcpRequestHandler\/index.ashx", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "dcp.cpp.philips.com:80", + "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", + "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"201\", Nonce=\"I2K8ZR9SEKO\/INUIrwiTew==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"BpjgO+kJ1tpu\/Fba\/dJoQA==\"", + "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"201\", Nonce=\"I2K8ZR9SEKO\/INUIrwiTew==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"BpjgO+kJ1tpu\/Fba\/dJoQA==\"\r\n", + "http.content_length_header": "1328 ", + "http.content_length_header_tree": { + "http.content_length": "1328" + }, + "http.request.line": "Content-Length: 1328 \r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.connection": "close", + "http.request.line": "Connection: close\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", + "http.request": "1", + "http.request_number": "1", + "http.file_data": "\u00ef\u00bf\u00bd+\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdP\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0010\u00ef\u00bf\u00bdt\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdn\u00ef\u00bf\u00bdW\u0004r3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd*5S\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd%3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdir\u00ef\u00bf\u00bd\u0017it4\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bdmt\u00ef\u00bf\u00bd\u0014u\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0007\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd<v\u00ef\u00bf\u00bd sd\u0019\u00ef\u00bf\u00bd'P\u00ef\u00bf\u00bd]\u00ef\u00bf\u00bd\t\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdZ\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd9\u0003\u0018+\u001c\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdL\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdn\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdfeT\u0018\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdn\u00ef\u00bf\u00bdO\u00ef\u00bf\u00bd[\r\u00ef\u00bf\u00bd7\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdb\u00145+\u00ef\u00bf\u00bd]\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c\u00ef\u00bf\u00bd\u0016\u00ef\u00bf\u00bdk\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdk\u00ef\u00bf\u00bdt\"\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd[\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd:e\u00ef\u00bf\u00bd\u0012\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdsF'\u00ef\u00bf\u00bd" + }, + "media": { + "media.type": "ef:2b:ea:fe:50:df:84:91:dc:10:8f:74:c5:c9:6e:b9:57:04:72:33:87:d0:8f:2a:35:53:b3:f2:25:33:e0:de:c7:cc:b1:69:72:ed:17:69:74:34:a2:ac:f3:25:f6:6d:74:b2:14:75:eb:c2:eb:ec:31:c9:b4:07:d5:cd:3c:76:e1:20:73:64:19:ed:27:50:fd:5d:c9:09:cf:0e:e7:e4:5a:b0:03:d1:39:03:18:2b:1c:b5:cf:4c:02:b1:ba:83:6e:b8:f1:66:65:54:18:f5:d2:6e:80:4f:e8:5b:0d:a9:37:91:bc:62:14:35:2b:af:5d:df:da:89:89:1c:ee:16:ba:6b:88:ad:b7:6b:e6:74:22:ab:f2:c2:a6:af:5b:a4:d4:3a:65:e2:12:b8:a0:ce:fe:73:46:27:a7:00:ea:72:dc:1a:d3:2f:24:70:96:37:4c:f1:53:ce:1b:f0:45:13:3d:ba:f2:ff:56:9a:da:7b:67:06:d3:e5:de:ea:6c:f6:0e:93:87:c1:97:34:15:74:62:9e:69:04:a6:be:25:80:4b:78:af:e8:47:82:ad:62:e2:45:25:1e:79:0f:cc:52:72:ed:fc:47:ec:f3:65:d7:f8:b0:52:56:de:7c:2e:23:d6:43:5f:f5:94:42:e4:c3:ce:76:b8:81:68:70:8a:36:4c:3e:f4:59:bf:ad:69:26:fd:43:0d:3c:7d:0d:42:8b:89:c3:03:4d:c7:bb:1e:e4:58:53:87:d1:0c:39:4c:5d:2f:6a:70:b6:db:a2:d1:1d:88:51:97:7a:2d:ee:e9:21:7f:bd:0a:b2:e1:0d:0e:a8:a4:67:1a:6b:7c:33:17:9e:03:b3:d6:12:4a:bf:0f:91:db:9b:fb:d0:4b:c4:b6:29:39:4c:bf:e9:46:8f:3f:52:d1:bd:9c:32:86:05:8a:fb:06:cc:f2:49:10:3f:2a:00:fd:12:2e:34:b8:4c:93:45:09:08:91:60:df:9f:a3:60:af:d8:86:e6:da:a7:02:fb:00:f5:ec:cc:9b:aa:e9:23:ad:2f:0f:f1:57:9f:8a:5f:23:dd:01:a9:d3:66:4a:51:f5:30:a5:6d:a5:a8:1f:40:97:21:48:fd:94:4f:46:13:ac:56:00:c1:2b:b4:90:f0:45:ab:95:74:7d:6b:0e:99:91:d2:e2:54:5c:32:63:19:99:e0:58:a0:d5:67:e5:25:b1:84:35:cb:99:1d:b6:72:6b:1f:1b:d4:49:24:61:62:94:64:88:59:95:34:a4:60:45:64:4f:5e:1d:ab:31:59:5a:30:e7:90:a6:05:e1:2a:1d:aa:0b:dd:a2:8d:90:b0:62:89:04:f2:60:f4:b6:43:f4:41:6b:e8:64:d9:f0:0d:28:38:f5:db:33:07:ed:c0:41:aa:d6:36:41:1f:ee:cf:73:f4:57:d2:23:20:02:3a:8a:6d:67:dc:2e:f8:01:05:51:1e:a6:94:b5:46:ce:b2:58:8b:fb:54:98:f3:25:46:1a:20:7e:09:89:72:37:e8:f8:60:a5:2f:69:ac:be:96:41:c4:c1:e2:6b:4f:a6:3b:18:e5:4d:a0:6c:bb:35:b6:54:25:d0:e6:93:87:7f:02:9e:b4:28:c4:06:73:1d:3b:c7:7a:5f:60:76:1f:2d:09:ef:51:e0:a3:50:47:cc:b1:02:ed:36:90:d4:f4:c0:eb:ed:32:01:82:0e:4b:09:16:d1:98:7e:42:7b:4a:2f:a9:72:0d:87:be:a3:52:a6:69:41:3b:1e:9f:df:08:18:70:1c:9e:b2:99:33:0b:e1:3a:7e:90:46:16:7e:94:98:06:6c:21:98:c4:11:f9:6b:51:70:8a:7a:8c:4b:16:55:ef:3c:64:fe:29:f5:0a:90:e7:a2:16:9a:ea:0d:3e:f9:33:ac:23:43:ce:27:cd:c1:77:e3:3d:56:de:1e:5d:08:42:28:b2:13:f6:0b:f1:04:ad:b9:44:34:ad:d3:d1:8e:3e:8e:a4:e5:73:81:97:c8:b8:cc:c8:a8:1a:82:37:a0:4c:7b:79:88:14:86:33:0e:7c:00:2d:29:23:31:f8:e6:75:af:3c:3e:72:7f:ae:7c:98:e4:d2:85:fb:97:66:5d:43:c1:1c:ec:6d:09:de:fc:88:94:9a:a7:2f:8b:7b:fa:45:86:b9:30:83:5f:18:24:bf:4f:b2:a9:58:a0:e7:ee:7e:65:70:41:ae:e1:ae:f8:c3:ba:f2:d0:ca:83:c5:e0:74:26:9e:23:39:e2:2b:85:8c:62:09:c9:a2:f6:e5:b6:5c:73:31:04:65:06:18:dc:12:b6:5d:f9:e2:6f:1e:fb:f6:42:ca:8d:69:31:d4:8b:54:2a:ab:65:91:ce:73:53:7c:55:05:4b:8d:92:14:dd:8a:12:a6:cd:19:96:83:68:3d:ef:0b:48:61:e0:d4:c9:95:c3:fd:1f:1d:71:01:65:eb:0f:74:8b:20:82:e8:0e:e4:63:9d:3e:86:b7:24:14:d8:f3:44:4c:ee:d7:ed:ae:c2:89:55:8c:fc:8e:79:33:bb:26:96:ef:ee:bc:16:ea:be:08:76:c6:a4:49:06:0f:5d:b5:d9:6c:62:9c:5b:80:37:a1:18:c7:5c:c7:7d:0b:d4:35:38:57:06:7e:9d:56:e5:4f:9a:c2:5b:b4:69:15:a9:29:5c:f0:cb:e7:fc:f4:51:bb:2a:50:e0:8e:40:e3:dc:51:58:68:e3:83:03:d8:a1:a0:7d:71:b0:57:fc:90:5b:92:58:0e:0d:66:15:18:0a:64:39:8f:7e:30:13:7a:1c:75:d3:7c:da:73:5b:7c:20:e8:b9:6c:fd:f1:db:e2:a2:da:db:23:32:bd:1e:b6:87:68:71:c3:5c:4f:a0:0d:8a:fd:ff:5d:00:ad:67:33:d6:23:dc:ce:d6:bd:70:bb:58:c6:45:7a:1b:71:b3:a6:0a:59:cb:07:81:48:2c:96:a0:df:98:6d:2f:88:d2:3e:92:23:5b:1e:4d:c0:56:90:07:6f:2f:f2:f7:08:fd:2f:dc:62:21:c8:66:45:4f:47:6a:9b:d6:dd:7e:d2:58:ab:0f:30:bd:e9:7a:f5:71:88:54:08:30:fd:23:eb:2f:5a:0b:a3:94:ed:c7:b6:a4:45:d6:be:64:15:9e:e8:2c:f5:42:bf:ae:fc:6d:6e:39:af:1f:c8:af:6d:65:a4:c6:40:45:4c:9f:64:a1:e5:6d:f9:20:9c:a1:95:f1:cd:ff:89:4b:e8:4d:d7:f0:6f:b1:57:aa:40:9f:75:02:8f:b2:f4:98:89:56:78:40:d0:31:10:c2:12:62:99:76:09:96:7a:08:ec:6d:d6:e1:f8:f1:a2:b4:15:02:81:d5:6e:10:51:38:af:25:e9:92:87:43:5e:e2:3e:11:98:62:97:e3:d9:e2:4a:69:1d:67:c7:79:9a:de:21:da:39:03:e0:54:b5:64:ce:12:8e:81:21:c8:30:7b:6e:0a:d9:69:91:fe:84:b1:6b:0f:47:f1:b5:19:8d:46" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.430267000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.430267000", + "frame.time_delta": "0.136334000", + "frame.time_delta_displayed": "0.136334000", + "frame.time_relative": "2587.969581000", + "frame.number": "9191", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000077d4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00001307", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35315", + "tcp.port": "80", + "tcp.port": "35315", + "tcp.stream": "355", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1929", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "6068", + "tcp.window_size": "6068", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00009dce", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9190", + "tcp.analysis.ack_rtt": "0.136334000", + "tcp.analysis.initial_rtt": "0.139814000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.467313000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.467313000", + "frame.time_delta": "0.037046000", + "frame.time_delta_displayed": "0.037046000", + "frame.time_relative": "2588.006627000", + "frame.number": "9192", + "frame.len": "925", + "frame.cap_len": "925", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:media" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "911", + "ip.id": "0x00008794", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000ffdf", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35315", + "tcp.port": "80", + "tcp.port": "35315", + "tcp.stream": "355", + "tcp.len": "871", + "tcp.seq": "1", + "tcp.nxtseq": "872", + "tcp.ack": "1929", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "6068", + "tcp.window_size": "6068", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00001047", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.139814000", + "tcp.analysis.bytes_in_flight": "871", + "tcp.analysis.push_bytes_sent": "871" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.cache_control": "private", + "http.response.line": "Cache-Control: private\r\n", + "http.content_length_header": "560", + "http.content_length_header_tree": { + "http.content_length": "560" + }, + "http.response.line": "Content-Length: 560\r\n", + "http.content_type": "application\/CB-Encrypted; cipher=AES", + "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", + "http.server": "Microsoft-IIS\/7.5", + "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", + "http.www_authenticate": "CBAuth Nonce=\"u+X2i87wTqO\/INUInCbsSQ==\"", + "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"u+X2i87wTqO\/INUInCbsSQ==\"\r\n", + "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", + "http.response.line": "X-Powered-By: ASP.NET\r\n", + "http.date": "Wed, 01 Nov 2017 00:29:38 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:29:38 GMT\r\n", + "http.connection": "close", + "http.response.line": "Connection: close\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "0.173380000", + "http.request_in": "9190", + "http.file_data": "\u00ef\u00bf\u00bd+\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdP\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0010\u00ef\u00bf\u00bdt\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdn\u00ef\u00bf\u00bdW\u0004r3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd*5S\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd%3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd(\u00ef\u00bf\u00bd\u001e\u001ea\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000f{\u00ef\u00bf\u00bd:#\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0015{Zy\u0017>\u00ef\u00bf\u00bd\u0002m\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdZ\t,\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0007\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001f\u00ef\u00bf\u00bd\u0017eJZ\u0017%\u00ef\u00bf\u00bdr\u001d\u00ef\u00bf\u00bd[u\u00ef\u00bf\u00bdfL\u00ef\u00bf\u00bd\u001a\\yr\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\r\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdZ\u00ef\u00bf\u00bdK\u00ef\u00bf\u00bd\\\u0012\u001dw\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0012e\u00ef\u00bf\u00bd,\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd]d\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bd\u0003n\u00ef\u00bf\u00bd\u000b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdp\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd4\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bd\u001b\u00ef\u00bf\u00bd\u0016\u00ef\u00bf\u00bd\u0013\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0011R^\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdI\u00ef\u00bf\u00bdD'\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd)\u001b\u00ef\u00bf\u00bd']'|}\u00ef\u00bf\u00bd\u0018}]&a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdB\u0011\u00ef\u00bf\u00bdC\\&\u00ef\u00bf\u00bd@^\u0006\u001ea\u001b\u00ef\u00bf\u00bd\u001aE\u00ef\u00bf\u00bd\u000ec\u00ef\u00bf\u00bd+\u00ef\u00bf\u00bdzO\u00ef\u00bf\u00bd\"5\u0015o>b\/E\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bd(\u000f\u00ef\u00bf\u00bd)\b&jw\u00ef\u00bf\u00bd[\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u007f\u00ef\u00bf\u00bd\f\n\u000e\u00ef\u00bf\u00bd7.#Cl\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001d\u00ef\u00bf\u00bdm\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd6c[\u00ef\u00bf\u00bdX(\u00ef\u00bf\u00bd$\u001cJ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdm\u00ef\u00bf\u00bdtD\u00ef\u00bf\u00bd2\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdx\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bdp\u00ef\u00bf\u00bdx\u00ef\u00bf\u00bd\u0010ax\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0014\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdT\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bduG&\u00ef\u00bf\u00bd\u0016|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\r\"tB&\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdB\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd(\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd]" + }, + "media": { + "media.type": "ef:2b:ea:fe:50:df:84:91:dc:10:8f:74:c5:c9:6e:b9:57:04:72:33:87:d0:8f:2a:35:53:b3:f2:25:33:e0:de:28:87:1e:1e:61:fd:d8:85:0f:7b:8c:3a:23:81:de:15:7b:5a:79:17:3e:fc:02:6d:f9:be:5a:09:2c:f9:14:b8:d6:07:e7:24:e4:ed:a1:db:87:72:e9:b4:1f:ef:17:65:4a:5a:17:25:bf:72:1d:f2:5b:75:cc:66:4c:e5:1a:5c:79:72:b7:c1:83:fd:0d:ce:85:da:7c:92:bb:5a:dd:4b:d4:5c:12:1d:77:fe:aa:fc:e1:12:65:ef:2c:9a:fc:5d:64:ff:11:c8:8b:8a:4e:d5:03:6e:b7:0b:f6:85:80:70:e8:b4:a0:ab:a3:89:34:e3:03:9b:d3:e7:90:f1:f8:bc:9f:26:e6:1b:8f:16:d6:13:ce:e2:11:52:5e:0e:fd:c9:cb:db:c0:ab:49:e1:44:27:f8:eb:f9:b2:ce:29:1b:f1:27:5d:27:7c:7d:a2:18:7d:5d:26:61:be:f0:e0:eb:42:11:94:43:5c:26:8a:40:5e:06:1e:61:1b:a4:1a:45:c0:0e:63:81:2b:a2:7a:4f:88:22:35:15:6f:3e:62:2f:45:cd:02:f7:28:0f:91:29:08:26:6a:77:fa:5b:f2:a8:11:d9:90:cd:7f:d0:0c:0a:0e:f4:37:2e:23:43:6c:db:9b:ee:e7:b3:1d:b7:6d:19:e3:82:36:63:5b:ae:58:28:d7:24:1c:4a:ad:e2:c9:dd:6d:f1:74:44:85:32:b0:b7:78:cf:6a:c8:70:8b:78:dc:10:61:78:8e:f0:ce:b6:bb:e0:b6:14:19:a6:b1:c0:54:b1:d9:cd:75:47:26:aa:16:7c:e1:d0:0d:22:74:42:26:14:ac:d2:42:b6:82:28:e1:cf:c6:d7:5d:00:51:63:cb:a9:98:c6:49:d5:df:d7:e4:7e:f7:87:88:3a:0e:36:90:94:f9:07:8b:a3:e5:d5:6b:ac:6c:0d:05:f6:73:a4:c0:98:84:14:14:1b:bb:35:6a:1b:b1:d7:82:f8:a7:d0:6c:d7:45:f0:8f:8f:7c:f1:f9:14:a0:c1:30:13:be:54:ed:53:ff:cf:e1:63:aa:36:1f:b6:82:86:d4:e1:df:a1:7b:e5:cf:b3:f7:b8:1b:f9:ba:be:af:8b:d2:7e:e0:b4:3e:01:ff:61:de:72:f0:d0:36:48:a3:f3:4d:a3:87:e3:1a:55:ba:1e:78:23:4b:e5:77:13:ab:26:7a:da:74:dd:30:e1:9b:a0:64:d4:cd:82:a3:b5:4b:b8:60:d8:c4:ae:a9:77:6e:b9:6e:45:a9:b4:60:30:6e:d2:2f:14:4d:aa:a3:f8:fb:c7:37:3b:4f:ff:a9:82:07:75:9d:bc:3c:e2:7c:3d:2b:44:b9:aa:80:07:75:8d:92:94:aa:90:e1:53:af:9e:0a:c1:a2:b0:5e:32:47:13" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.467407000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.467407000", + "frame.time_delta": "0.000094000", + "frame.time_delta_displayed": "0.000094000", + "frame.time_relative": "2588.006721000", + "frame.number": "9193", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008796", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x00000345", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35315", + "tcp.port": "80", + "tcp.port": "35315", + "tcp.stream": "355", + "tcp.len": "0", + "tcp.seq": "872", + "tcp.ack": "1929", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "6068", + "tcp.window_size": "6068", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00009a66", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.467889000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.467889000", + "frame.time_delta": "0.000482000", + "frame.time_delta_displayed": "0.000482000", + "frame.time_relative": "2588.007203000", + "frame.number": "9194", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000059c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x00003040", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35315", + "tcp.dstport": "80", + "tcp.port": "35315", + "tcp.port": "80", + "tcp.stream": "355", + "tcp.len": "0", + "tcp.seq": "1929", + "tcp.ack": "872", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003b06", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9192", + "tcp.analysis.ack_rtt": "0.000576000", + "tcp.analysis.initial_rtt": "0.139814000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.468738000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.468738000", + "frame.time_delta": "0.000849000", + "frame.time_delta_displayed": "0.000849000", + "frame.time_relative": "2588.008052000", + "frame.number": "9195", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000059d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000303f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.dst_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.dst_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.dst_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.dst_lon": "-0.13", + "ip.geoip.lon": "-0.13" + } + }, + "tcp": { + "tcp.srcport": "35315", + "tcp.dstport": "80", + "tcp.port": "35315", + "tcp.port": "80", + "tcp.stream": "355", + "tcp.len": "0", + "tcp.seq": "1929", + "tcp.ack": "873", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "30485", + "tcp.window_size": "30485", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00003b04", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9193", + "tcp.analysis.ack_rtt": "0.001331000", + "tcp.analysis.initial_rtt": "0.139814000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.604233000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.604233000", + "frame.time_delta": "0.135495000", + "frame.time_delta_displayed": "0.135495000", + "frame.time_relative": "2588.143547000", + "frame.number": "9196", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000c425", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "235", + "ip.proto": "6", + "ip.checksum": "0x0000c6b5", + "ip.checksum.status": "2", + "ip.src": "5.79.62.93", + "ip.addr": "5.79.62.93", + "ip.src_host": "5.79.62.93", + "ip.host": "5.79.62.93", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { + "ip.geoip.src_country": "United Kingdom", + "ip.geoip.country": "United Kingdom", + "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.asnum": "AS15395 Rackspace Ltd.", + "ip.geoip.src_lat": "51.5", + "ip.geoip.lat": "51.5", + "ip.geoip.src_lon": "-0.13", + "ip.geoip.lon": "-0.13" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "35315", + "tcp.port": "80", + "tcp.port": "35315", + "tcp.stream": "355", + "tcp.len": "0", + "tcp.seq": "873", + "tcp.ack": "1930", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "6068", + "tcp.window_size": "6068", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00009a65", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9195", + "tcp.analysis.ack_rtt": "0.135495000", + "tcp.analysis.initial_rtt": "0.139814000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.673375000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.673375000", + "frame.time_delta": "0.069142000", + "frame.time_delta_displayed": "0.069142000", + "frame.time_relative": "2588.212689000", + "frame.number": "9197", + "frame.len": "216", + "frame.cap_len": "216", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "202", + "ip.id": "0x0000213b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x0000e6d9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57452", + "udp.dstport": "1900", + "udp.port": "57452", + "udp.port": "1900", + "udp.length": "182", + "udp.checksum": "0x000069f1", + "udp.checksum.status": "2", + "udp.stream": "163" + }, + "ssdp": { + "M-SEARCH * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "M-SEARCH", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.request.line": "HOST: 239.255.255.250:1900\r\n", + "http.request.line": "MAN: \"ssdp:discover\"\r\n", + "http.request.line": "MX: 1\r\n", + "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", + "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", + "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.request": "1", + "http.request_number": "4", + "http.prev_request_in": "9162" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.780641000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.780641000", + "frame.time_delta": "0.107266000", + "frame.time_delta_displayed": "0.107266000", + "frame.time_relative": "2588.319955000", + "frame.number": "9198", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.160" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:39.781035000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496179.781035000", + "frame.time_delta": "0.000394000", + "frame.time_delta_displayed": "0.000394000", + "frame.time_relative": "2588.320349000", + "frame.number": "9199", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "00:17:88:69:ee:e4", + "arp.src.proto_ipv4": "192.168.0.160", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:40.065788000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496180.065788000", + "frame.time_delta": "0.284753000", + "frame.time_delta_displayed": "0.284753000", + "frame.time_relative": "2588.605102000", + "frame.number": "9200", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000da30", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dd1a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "305", + "udp.checksum": "0x0000e4ae", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "10", + "http.prev_response_in": "9184" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:40.118685000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496180.118685000", + "frame.time_delta": "0.052897000", + "frame.time_delta_displayed": "0.052897000", + "frame.time_relative": "2588.657999000", + "frame.number": "9201", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000da32", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dd0f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "314", + "udp.checksum": "0x0000f299", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "11", + "http.prev_response_in": "9200" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:40.171439000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496180.171439000", + "frame.time_delta": "0.052754000", + "frame.time_delta_displayed": "0.052754000", + "frame.time_relative": "2588.710753000", + "frame.number": "9202", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000da37", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dd10", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "308", + "udp.checksum": "0x00001624", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "12", + "http.prev_response_in": "9201" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:40.382045000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496180.382045000", + "frame.time_delta": "0.210606000", + "frame.time_delta_displayed": "0.210606000", + "frame.time_relative": "2588.921359000", + "frame.number": "9203", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000da49", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dd01", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "305", + "udp.checksum": "0x0000e4ae", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "13", + "http.prev_response_in": "9202" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:40.434877000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496180.434877000", + "frame.time_delta": "0.052832000", + "frame.time_delta_displayed": "0.052832000", + "frame.time_relative": "2588.974191000", + "frame.number": "9204", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000da4e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dcf3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "314", + "udp.checksum": "0x0000f299", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "14", + "http.prev_response_in": "9203" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:40.487602000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496180.487602000", + "frame.time_delta": "0.052725000", + "frame.time_delta_displayed": "0.052725000", + "frame.time_relative": "2589.026916000", + "frame.number": "9205", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000da53", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dcf4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "308", + "udp.checksum": "0x00001624", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "15", + "http.prev_response_in": "9204" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:41.434007000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496181.434007000", + "frame.time_delta": "0.946405000", + "frame.time_delta_displayed": "0.946405000", + "frame.time_relative": "2589.973321000", + "frame.number": "9206", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000da84", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dcc6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "305", + "udp.checksum": "0x0000e4ae", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "16", + "http.prev_response_in": "9205" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:41.486782000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496181.486782000", + "frame.time_delta": "0.052775000", + "frame.time_delta_displayed": "0.052775000", + "frame.time_relative": "2590.026096000", + "frame.number": "9207", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000da85", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dcbc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "314", + "udp.checksum": "0x0000f299", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "17", + "http.prev_response_in": "9206" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:41.539595000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496181.539595000", + "frame.time_delta": "0.052813000", + "frame.time_delta_displayed": "0.052813000", + "frame.time_relative": "2590.078909000", + "frame.number": "9208", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000da87", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dcc0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "308", + "udp.checksum": "0x00001624", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "18", + "http.prev_response_in": "9207" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:42.118545000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496182.118545000", + "frame.time_delta": "0.578950000", + "frame.time_delta_displayed": "0.578950000", + "frame.time_relative": "2590.657859000", + "frame.number": "9209", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000da9e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dcac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "305", + "udp.checksum": "0x0000e4ae", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "19", + "http.prev_response_in": "9208" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:42.171329000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496182.171329000", + "frame.time_delta": "0.052784000", + "frame.time_delta_displayed": "0.052784000", + "frame.time_relative": "2590.710643000", + "frame.number": "9210", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000daa2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc9f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "314", + "udp.checksum": "0x0000f299", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "20", + "http.prev_response_in": "9209" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:42.224132000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496182.224132000", + "frame.time_delta": "0.052803000", + "frame.time_delta_displayed": "0.052803000", + "frame.time_relative": "2590.763446000", + "frame.number": "9211", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000daa3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dca4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "308", + "udp.checksum": "0x00001624", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "21", + "http.prev_response_in": "9210" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:43.123358000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496183.123358000", + "frame.time_delta": "0.899226000", + "frame.time_delta_displayed": "0.899226000", + "frame.time_relative": "2591.662672000", + "frame.number": "9212", + "frame.len": "339", + "frame.cap_len": "339", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "325", + "ip.id": "0x0000dac6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc84", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "305", + "udp.checksum": "0x0000e4ae", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: upnp:rootdevice\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "22", + "http.prev_response_in": "9211" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:43.176140000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496183.176140000", + "frame.time_delta": "0.052782000", + "frame.time_delta_displayed": "0.052782000", + "frame.time_relative": "2591.715454000", + "frame.number": "9213", + "frame.len": "348", + "frame.cap_len": "348", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "334", + "ip.id": "0x0000dac7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc7a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "314", + "udp.checksum": "0x0000f299", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "23", + "http.prev_response_in": "9212" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:43.228902000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496183.228902000", + "frame.time_delta": "0.052762000", + "frame.time_delta_displayed": "0.052762000", + "frame.time_relative": "2591.768216000", + "frame.number": "9214", + "frame.len": "342", + "frame.cap_len": "342", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "60:57:18:8e:aa:94", + "eth.dst_tree": { + "eth.dst_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "328", + "ip.id": "0x0000dacd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dc7a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.dst_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "57452", + "udp.port": "1900", + "udp.port": "57452", + "udp.length": "308", + "udp.checksum": "0x00001624", + "udp.checksum.status": "2", + "udp.stream": "164" + }, + "ssdp": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.host": "239.255.255.250:1900", + "http.response.line": "HOST: 239.255.255.250:1900\r\n", + "http.response.line": "EXT:\r\n", + "http.cache_control": "max-age=100", + "http.response.line": "CACHE-CONTROL: max-age=100\r\n", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", + "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", + "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", + "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "24", + "http.prev_response_in": "9213" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:49.739790000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496189.739790000", + "frame.time_delta": "6.510888000", + "frame.time_delta_displayed": "6.510888000", + "frame.time_relative": "2598.279104000", + "frame.number": "9215", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000208e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b762", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001055", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x0000029d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=669", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:49.740359000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496189.740359000", + "frame.time_delta": "0.000569000", + "frame.time_delta_displayed": "0.000569000", + "frame.time_relative": "2598.279673000", + "frame.number": "9216", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x0000208f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000985d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f150", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x0000029d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=669", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:49.740930000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496189.740930000", + "frame.time_delta": "0.000571000", + "frame.time_delta_displayed": "0.000571000", + "frame.time_relative": "2598.280244000", + "frame.number": "9217", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007f16", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x0000029d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=669", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:50.566308000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496190.566308000", + "frame.time_delta": "0.825378000", + "frame.time_delta_displayed": "0.825378000", + "frame.time_relative": "2599.105622000", + "frame.number": "9218", + "frame.len": "318", + "frame.cap_len": "318", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "304", + "ip.id": "0x00008658", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x00000e82", + "ip.checksum.status": "2", + "ip.src": "54.219.189.242", + "ip.addr": "54.219.189.242", + "ip.src_host": "54.219.189.242", + "ip.host": "54.219.189.242", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49782", + "tcp.port": "80", + "tcp.port": "49782", + "tcp.stream": "320", + "tcp.len": "264", + "tcp.seq": "1", + "tcp.nxtseq": "265", + "tcp.ack": "258", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "15544", + "tcp.window_size": "15544", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000da66", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018098000", + "tcp.analysis.bytes_in_flight": "264", + "tcp.analysis.push_bytes_sent": "264" + } + }, + "http": { + "HTTP\/1.1 200 OK\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.version": "HTTP\/1.1", + "http.response.code": "200", + "http.response.phrase": "OK" + }, + "http.date": "Wed, 01 Nov 2017 00:29:50 GMT", + "http.response.line": "Date: Wed, 01 Nov 2017 00:29:50 GMT\r\n", + "http.content_type": "text\/javascript; charset=\"UTF-8\"", + "http.response.line": "Content-Type: text\/javascript; charset=\"UTF-8\"\r\n", + "http.content_length_header": "24", + "http.content_length_header_tree": { + "http.content_length": "24" + }, + "http.response.line": "Content-Length: 24\r\n", + "http.connection": "keep-alive", + "http.response.line": "Connection: keep-alive\r\n", + "http.cache_control": "no-cache", + "http.response.line": "Cache-Control: no-cache\r\n", + "http.response.line": "Access-Control-Allow-Origin: *\r\n", + "http.response.line": "Access-Control-Allow-Methods: GET\r\n", + "\\r\\n": "", + "http.response": "1", + "http.response_number": "1", + "http.time": "280.033664000", + "http.request_in": "8348", + "http.file_data": "[[],\"15094945528362978\"]" + }, + "data-text-lines": { + "[[],\"15094945528362978\"]": "" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:50.600243000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496190.600243000", + "frame.time_delta": "0.033935000", + "frame.time_delta_displayed": "0.033935000", + "frame.time_relative": "2599.139557000", + "frame.number": "9219", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000107a", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f567", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.189.242", + "ip.addr": "54.219.189.242", + "ip.dst_host": "54.219.189.242", + "ip.host": "54.219.189.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49782", + "tcp.dstport": "80", + "tcp.port": "49782", + "tcp.port": "80", + "tcp.stream": "320", + "tcp.len": "0", + "tcp.seq": "258", + "tcp.ack": "265", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "5336", + "tcp.window_size": "5336", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000f95b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9218", + "tcp.analysis.ack_rtt": "0.033935000", + "tcp.analysis.initial_rtt": "0.018098000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:50.612044000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496190.612044000", + "frame.time_delta": "0.011801000", + "frame.time_delta_displayed": "0.011801000", + "frame.time_relative": "2599.151358000", + "frame.number": "9220", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00008659", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x00000f89", + "ip.checksum.status": "2", + "ip.src": "54.219.189.242", + "ip.addr": "54.219.189.242", + "ip.src_host": "54.219.189.242", + "ip.host": "54.219.189.242", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49782", + "tcp.port": "80", + "tcp.port": "49782", + "tcp.stream": "320", + "tcp.len": "0", + "tcp.seq": "265", + "tcp.ack": "259", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000011", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "1", + "tcp.flags.fin_tree": { + "_ws.expert": { + "tcp.connection.fin": "", + "_ws.expert.message": "Connection finish (FIN)", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" + }, + "tcp.window_size_value": "15544", + "tcp.window_size": "15544", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000d17a", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9219", + "tcp.analysis.ack_rtt": "0.011801000", + "tcp.analysis.initial_rtt": "0.018098000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:50.617955000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496190.617955000", + "frame.time_delta": "0.005911000", + "frame.time_delta_displayed": "0.005911000", + "frame.time_relative": "2599.157269000", + "frame.number": "9221", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000107b", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f566", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.219.189.242", + "ip.addr": "54.219.189.242", + "ip.dst_host": "54.219.189.242", + "ip.host": "54.219.189.242", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49782", + "tcp.dstport": "80", + "tcp.port": "49782", + "tcp.port": "80", + "tcp.stream": "320", + "tcp.len": "0", + "tcp.seq": "259", + "tcp.ack": "266", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5335", + "tcp.window_size": "5335", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000f95b", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9220", + "tcp.analysis.ack_rtt": "0.005911000", + "tcp.analysis.initial_rtt": "0.018098000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:51.606768000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496191.606768000", + "frame.time_delta": "0.988813000", + "frame.time_delta_displayed": "0.988813000", + "frame.time_relative": "2600.146082000", + "frame.number": "9222", + "frame.len": "77", + "frame.cap_len": "77", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "63", + "ip.id": "0x0000107c", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x00002968", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49153", + "udp.dstport": "53", + "udp.port": "49153", + "udp.port": "53", + "udp.length": "43", + "udp.checksum": "0x0000ae31", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.id": "0x00000000", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "pubsub.pubnub.com: type A, class IN": { + "dns.qry.name": "pubsub.pubnub.com", + "dns.qry.name.len": "17", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:51.608786000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496191.608786000", + "frame.time_delta": "0.002018000", + "frame.time_delta_displayed": "0.002018000", + "frame.time_relative": "2600.148100000", + "frame.number": "9223", + "frame.len": "540", + "frame.cap_len": "540", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "526", + "ip.id": "0x00009ded", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001928", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49153", + "udp.port": "53", + "udp.port": "49153", + "udp.length": "506", + "udp.checksum": "0x000083d5", + "udp.checksum.status": "2", + "udp.stream": "14" + }, + "dns": { + "dns.response_to": "9222", + "dns.time": "0.002018000", + "dns.id": "0x00000000", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "2", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "11", + "Queries": { + "pubsub.pubnub.com: type A, class IN": { + "dns.qry.name": "pubsub.pubnub.com", + "dns.qry.name.len": "17", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "pubsub.pubnub.com: type A, class IN, addr 54.241.191.239": { + "dns.resp.name": "pubsub.pubnub.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "171", + "dns.resp.len": "4", + "dns.a": "54.241.191.239" + }, + "pubsub.pubnub.com: type A, class IN, addr 52.9.63.131": { + "dns.resp.name": "pubsub.pubnub.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "171", + "dns.resp.len": "4", + "dns.a": "52.9.63.131" + } + }, + "Authoritative nameservers": { + "pubnub.com: type NS, class IN, ns ns-1979.awsdns-55.co.uk": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51368", + "dns.resp.len": "25", + "dns.ns": "ns-1979.awsdns-55.co.uk" + }, + "pubnub.com: type NS, class IN, ns ns2.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51368", + "dns.resp.len": "20", + "dns.ns": "ns2.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns-907.awsdns-49.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51368", + "dns.resp.len": "19", + "dns.ns": "ns-907.awsdns-49.net" + }, + "pubnub.com: type NS, class IN, ns ns4.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51368", + "dns.resp.len": "6", + "dns.ns": "ns4.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns1.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51368", + "dns.resp.len": "6", + "dns.ns": "ns1.p19.dynect.net" + }, + "pubnub.com: type NS, class IN, ns ns-22.awsdns-02.com": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51368", + "dns.resp.len": "18", + "dns.ns": "ns-22.awsdns-02.com" + }, + "pubnub.com: type NS, class IN, ns ns-1127.awsdns-12.org": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51368", + "dns.resp.len": "23", + "dns.ns": "ns-1127.awsdns-12.org" + }, + "pubnub.com: type NS, class IN, ns ns3.p19.dynect.net": { + "dns.resp.name": "pubnub.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "51368", + "dns.resp.len": "6", + "dns.ns": "ns3.p19.dynect.net" + } + }, + "Additional records": { + "ns1.p19.dynect.net: type A, class IN, addr 208.78.70.19": { + "dns.resp.name": "ns1.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3659", + "dns.resp.len": "4", + "dns.a": "208.78.70.19" + }, + "ns2.p19.dynect.net: type A, class IN, addr 204.13.250.19": { + "dns.resp.name": "ns2.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "55619", + "dns.resp.len": "4", + "dns.a": "204.13.250.19" + }, + "ns3.p19.dynect.net: type A, class IN, addr 208.78.71.19": { + "dns.resp.name": "ns3.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1929", + "dns.resp.len": "4", + "dns.a": "208.78.71.19" + }, + "ns4.p19.dynect.net: type A, class IN, addr 204.13.251.19": { + "dns.resp.name": "ns4.p19.dynect.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "55620", + "dns.resp.len": "4", + "dns.a": "204.13.251.19" + }, + "ns-22.awsdns-02.com: type A, class IN, addr 205.251.192.22": { + "dns.resp.name": "ns-22.awsdns-02.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56361", + "dns.resp.len": "4", + "dns.a": "205.251.192.22" + }, + "ns-907.awsdns-49.net: type A, class IN, addr 205.251.195.139": { + "dns.resp.name": "ns-907.awsdns-49.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56469", + "dns.resp.len": "4", + "dns.a": "205.251.195.139" + }, + "ns-1127.awsdns-12.org: type A, class IN, addr 205.251.196.103": { + "dns.resp.name": "ns-1127.awsdns-12.org", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56011", + "dns.resp.len": "4", + "dns.a": "205.251.196.103" + }, + "ns-1979.awsdns-55.co.uk: type A, class IN, addr 205.251.199.187": { + "dns.resp.name": "ns-1979.awsdns-55.co.uk", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "55812", + "dns.resp.len": "4", + "dns.a": "205.251.199.187" + }, + "ns-22.awsdns-02.com: type AAAA, class IN, addr 2600:9000:5300:1600::1": { + "dns.resp.name": "ns-22.awsdns-02.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56361", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5300:1600::1" + }, + "ns-907.awsdns-49.net: type AAAA, class IN, addr 2600:9000:5303:8b00::1": { + "dns.resp.name": "ns-907.awsdns-49.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56469", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5303:8b00::1" + }, + "ns-1127.awsdns-12.org: type AAAA, class IN, addr 2600:9000:5304:6700::1": { + "dns.resp.name": "ns-1127.awsdns-12.org", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "56011", + "dns.resp.len": "16", + "dns.aaaa": "2600:9000:5304:6700::1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:51.615403000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496191.615403000", + "frame.time_delta": "0.006617000", + "frame.time_delta_displayed": "0.006617000", + "frame.time_relative": "2600.154717000", + "frame.number": "9224", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x0000107d", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f34d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.239", + "ip.addr": "54.241.191.239", + "ip.dst_host": "54.241.191.239", + "ip.host": "54.241.191.239", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49783", + "tcp.dstport": "80", + "tcp.port": "49783", + "tcp.port": "80", + "tcp.stream": "356", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "0", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000002", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "0", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.syn": "", + "_ws.expert.message": "Connection establish request (SYN): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.checksum": "0x00008179", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:78", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1400" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:51.627748000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496191.627748000", + "frame.time_delta": "0.012345000", + "frame.time_delta_displayed": "0.012345000", + "frame.time_relative": "2600.167062000", + "frame.number": "9225", + "frame.len": "58", + "frame.cap_len": "58", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "44", + "ip.id": "0x00000000", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x000093cb", + "ip.checksum.status": "2", + "ip.src": "54.241.191.239", + "ip.addr": "54.241.191.239", + "ip.src_host": "54.241.191.239", + "ip.host": "54.241.191.239", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49783", + "tcp.port": "80", + "tcp.port": "49783", + "tcp.stream": "356", + "tcp.len": "0", + "tcp.seq": "0", + "tcp.ack": "1", + "tcp.hdr_len": "24", + "tcp.flags": "0x00000012", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "1", + "tcp.flags.syn_tree": { + "_ws.expert": { + "tcp.connection.sack": "", + "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + } + }, + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.checksum": "0x000030b4", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "02:04:05:b4", + "tcp.options_tree": { + "tcp.options.mss": { + "tcp.option_kind": "2", + "tcp.option_len": "4", + "tcp.options.mss_val": "1460" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "9224", + "tcp.analysis.ack_rtt": "0.012345000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:51.633506000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496191.633506000", + "frame.time_delta": "0.005758000", + "frame.time_delta_displayed": "0.005758000", + "frame.time_relative": "2600.172820000", + "frame.number": "9226", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x0000107e", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f350", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.239", + "ip.addr": "54.241.191.239", + "ip.dst_host": "54.241.191.239", + "ip.host": "54.241.191.239", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49783", + "tcp.dstport": "80", + "tcp.port": "49783", + "tcp.port": "80", + "tcp.stream": "356", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000a4a1", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9225", + "tcp.analysis.ack_rtt": "0.005758000", + "tcp.analysis.initial_rtt": "0.018103000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:51.661672000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496191.661672000", + "frame.time_delta": "0.028166000", + "frame.time_delta_displayed": "0.028166000", + "frame.time_relative": "2600.200986000", + "frame.number": "9227", + "frame.len": "69", + "frame.cap_len": "69", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "55", + "ip.id": "0x0000107f", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f340", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.239", + "ip.addr": "54.241.191.239", + "ip.dst_host": "54.241.191.239", + "ip.host": "54.241.191.239", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49783", + "tcp.dstport": "80", + "tcp.port": "49783", + "tcp.port": "80", + "tcp.stream": "356", + "tcp.len": "15", + "tcp.seq": "1", + "tcp.nxtseq": "16", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x0000ed1c", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018103000", + "tcp.analysis.bytes_in_flight": "15", + "tcp.analysis.push_bytes_sent": "15" + }, + "tcp.segment_data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:51.674048000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496191.674048000", + "frame.time_delta": "0.012376000", + "frame.time_delta_displayed": "0.012376000", + "frame.time_relative": "2600.213362000", + "frame.number": "9228", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057de", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x00003bf1", + "ip.checksum.status": "2", + "ip.src": "54.241.191.239", + "ip.addr": "54.241.191.239", + "ip.src_host": "54.241.191.239", + "ip.host": "54.241.191.239", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49783", + "tcp.port": "80", + "tcp.port": "49783", + "tcp.stream": "356", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "16", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "29200", + "tcp.window_size": "29200", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00004862", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9227", + "tcp.analysis.ack_rtt": "0.012376000", + "tcp.analysis.initial_rtt": "0.018103000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:51.679218000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496191.679218000", + "frame.time_delta": "0.005170000", + "frame.time_delta_displayed": "0.005170000", + "frame.time_relative": "2600.218532000", + "frame.number": "9229", + "frame.len": "296", + "frame.cap_len": "296", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:http" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "282", + "ip.id": "0x00001080", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "6", + "ip.checksum": "0x0000f25c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.src_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "ip.dst": "54.241.191.239", + "ip.addr": "54.241.191.239", + "ip.dst_host": "54.241.191.239", + "ip.host": "54.241.191.239", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.dst_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.dst_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.dst_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + } + }, + "tcp": { + "tcp.srcport": "49783", + "tcp.dstport": "80", + "tcp.port": "49783", + "tcp.port": "80", + "tcp.stream": "356", + "tcp.len": "242", + "tcp.seq": "16", + "tcp.nxtseq": "258", + "tcp.ack": "1", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "5600", + "tcp.window_size": "5600", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x000023b0", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.initial_rtt": "0.018103000", + "tcp.analysis.bytes_in_flight": "242", + "tcp.analysis.push_bytes_sent": "242" + }, + "tcp.segment_data": "73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" + }, + "tcp.segments": { + "tcp.segment": "9227", + "tcp.segment": "9229", + "tcp.segment.count": "2", + "tcp.reassembled.length": "257", + "tcp.reassembled.data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f:73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" + }, + "http": { + "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "GET", + "http.request.uri": "\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "pubsub.pubnub.com", + "http.request.line": "Host: pubsub.pubnub.com\r\n", + "http.user_agent": "lwsockets\/0.1", + "http.request.line": "User-Agent: lwsockets\/0.1\r\n", + "http.connection": "keep-alive", + "http.request.line": "Connection: keep-alive\r\n", + "http.cache_control": "no-cache, no-store, max-age=0", + "http.request.line": "Cache-Control: no-cache, no-store, max-age=0\r\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/pubsub.pubnub.com\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", + "http.request": "1", + "http.request_number": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:51.691563000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496191.691563000", + "frame.time_delta": "0.012345000", + "frame.time_delta_displayed": "0.012345000", + "frame.time_relative": "2600.230877000", + "frame.number": "9230", + "frame.len": "54", + "frame.cap_len": "54", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x000057df", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "47", + "ip.proto": "6", + "ip.checksum": "0x00003bf0", + "ip.checksum.status": "2", + "ip.src": "54.241.191.239", + "ip.addr": "54.241.191.239", + "ip.src_host": "54.241.191.239", + "ip.host": "54.241.191.239", + "ip.dst": "192.168.0.120", + "ip.addr": "192.168.0.120", + "ip.dst_host": "192.168.0.120", + "ip.host": "192.168.0.120", + "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", + "ip.geoip.src_city": "San Jose, CA", + "ip.geoip.city": "San Jose, CA", + "ip.geoip.src_lat": "37.339401", + "ip.geoip.lat": "37.339401", + "ip.geoip.src_lon": "-121.894997", + "ip.geoip.lon": "-121.894997" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "80", + "tcp.dstport": "49783", + "tcp.port": "80", + "tcp.port": "49783", + "tcp.stream": "356", + "tcp.len": "0", + "tcp.seq": "1", + "tcp.ack": "258", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "30016", + "tcp.window_size": "30016", + "tcp.window_size_scalefactor": "-2", + "tcp.checksum": "0x00004440", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9229", + "tcp.analysis.ack_rtt": "0.012345000", + "tcp.analysis.initial_rtt": "0.018103000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:53.985023000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496193.985023000", + "frame.time_delta": "2.293460000", + "frame.time_delta_displayed": "2.293460000", + "frame.time_relative": "2602.524337000", + "frame.number": "9231", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000e7a4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e1b2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:54.038049000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496194.038049000", + "frame.time_delta": "0.053026000", + "frame.time_delta_displayed": "0.053026000", + "frame.time_relative": "2602.577363000", + "frame.number": "9232", + "frame.len": "352", + "frame.cap_len": "352", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "338", + "ip.id": "0x0000e7a5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e1b1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "318", + "udp.checksum": "0x0000d568", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: upnp:rootdevice\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:54.090906000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496194.090906000", + "frame.time_delta": "0.052857000", + "frame.time_delta_displayed": "0.052857000", + "frame.time_relative": "2602.630220000", + "frame.number": "9233", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000e7aa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e1a3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:54.143838000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496194.143838000", + "frame.time_delta": "0.052932000", + "frame.time_delta_displayed": "0.052932000", + "frame.time_relative": "2602.683152000", + "frame.number": "9234", + "frame.len": "361", + "frame.cap_len": "361", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "347", + "ip.id": "0x0000e7ac", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e1a1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "327", + "udp.checksum": "0x0000d264", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:54.196674000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496194.196674000", + "frame.time_delta": "0.052836000", + "frame.time_delta_displayed": "0.052836000", + "frame.time_relative": "2602.735988000", + "frame.number": "9235", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000e7b0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e1a3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:54.249534000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496194.249534000", + "frame.time_delta": "0.052860000", + "frame.time_delta_displayed": "0.052860000", + "frame.time_relative": "2602.788848000", + "frame.number": "9236", + "frame.len": "355", + "frame.cap_len": "355", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:ssdp" + }, + "eth": { + "eth.dst": "01:00:5e:7f:ff:fa", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_7f:ff:fa", + "eth.addr": "01:00:5e:7f:ff:fa", + "eth.addr_resolved": "IPv4mcast_7f:ff:fa", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "341", + "ip.id": "0x0000e7b1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "255", + "ip.proto": "17", + "ip.checksum": "0x0000e1a2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "239.255.255.250", + "ip.addr": "239.255.255.250", + "ip.dst_host": "239.255.255.250", + "ip.host": "239.255.255.250", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1900", + "udp.dstport": "1900", + "udp.port": "1900", + "udp.port": "1900", + "udp.length": "321", + "udp.checksum": "0x00005094", + "udp.checksum.status": "2", + "udp.stream": "8" + }, + "ssdp": { + "NOTIFY * HTTP\/1.1\\r\\n": { + "_ws.expert": { + "http.chat": "", + "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", + "_ws.expert.severity": "2097152", + "_ws.expert.group": "33554432" + }, + "http.request.method": "NOTIFY", + "http.request.uri": "*", + "http.request.version": "HTTP\/1.1" + }, + "http.host": "239.255.255.250:1900", + "http.cache_control": "max-age=100", + "http.location": "http:\/\/192.168.0.160:80\/description.xml", + "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", + "http.unknown_header": "NTS: ssdp:alive\\r\\n", + "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", + "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", + "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", + "\\r\\n": "", + "http.request.full_uri": "http:\/\/239.255.255.250:1900*", + "http.notification": "1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:54.740071000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496194.740071000", + "frame.time_delta": "0.490537000", + "frame.time_delta_displayed": "0.490537000", + "frame.time_relative": "2603.279385000", + "frame.number": "9237", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002090", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b760", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001055", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x0000029d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=669", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:54.740587000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496194.740587000", + "frame.time_delta": "0.000516000", + "frame.time_delta_displayed": "0.000516000", + "frame.time_relative": "2603.279901000", + "frame.number": "9238", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002091", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000985b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f150", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x0000029d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=669", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:54.741222000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496194.741222000", + "frame.time_delta": "0.000635000", + "frame.time_delta_displayed": "0.000635000", + "frame.time_relative": "2603.280536000", + "frame.number": "9239", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007f16", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x0000029d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=669", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:55.028733000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496195.028733000", + "frame.time_delta": "0.287511000", + "frame.time_delta_displayed": "0.287511000", + "frame.time_relative": "2603.568047000", + "frame.number": "9240", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:nbns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00005ffa", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x000057e9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "137", + "udp.dstport": "137", + "udp.port": "137", + "udp.port": "137", + "udp.length": "58", + "udp.checksum": "0x0000a418", + "udp.checksum.status": "2", + "udp.stream": "28" + }, + "nbns": { + "nbns.id": "0x00009625", + "nbns.flags": "0x00000110", + "nbns.flags_tree": { + "nbns.flags.response": "0", + "nbns.flags.opcode": "0", + "nbns.flags.truncated": "0", + "nbns.flags.recdesired": "1", + "nbns.flags.broadcast": "1" + }, + "nbns.count.queries": "1", + "nbns.count.answers": "0", + "nbns.count.auth_rr": "0", + "nbns.count.add_rr": "0", + "Queries": { + "WPAD<00>: type NB, class IN": { + "nbns.name": "WPAD<00>", + "nbns.type": "32", + "nbns.class": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:55.029896000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496195.029896000", + "frame.time_delta": "0.001163000", + "frame.time_delta_displayed": "0.001163000", + "frame.time_relative": "2603.569210000", + "frame.number": "9241", + "frame.len": "84", + "frame.cap_len": "84", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" + }, + "eth": { + "eth.dst": "33:33:00:01:00:03", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:03", + "eth.addr": "33:33:00:01:00:03", + "eth.addr_resolved": "IPv6mcast_01:00:03", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x000439d5", + "ipv6.plen": "30", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::790f:988f:49cf:68ba", + "ipv6.addr": "fe80::790f:988f:49cf:68ba", + "ipv6.src_host": "fe80::790f:988f:49cf:68ba", + "ipv6.host": "fe80::790f:988f:49cf:68ba", + "ipv6.dst": "ff02::1:3", + "ipv6.addr": "ff02::1:3", + "ipv6.dst_host": "ff02::1:3", + "ipv6.host": "ff02::1:3", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60542", + "udp.dstport": "5355", + "udp.port": "60542", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x000049f3", + "udp.checksum.status": "2", + "udp.stream": "170" + }, + "llmnr": { + "dns.id": "0x000019c9", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type A, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:55.030493000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496195.030493000", + "frame.time_delta": "0.000597000", + "frame.time_delta_displayed": "0.000597000", + "frame.time_relative": "2603.569807000", + "frame.number": "9242", + "frame.len": "64", + "frame.cap_len": "64", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:llmnr" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fc", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fc", + "eth.addr": "01:00:5e:00:00:fc", + "eth.addr_resolved": "IPv4mcast_fc", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "50", + "ip.id": "0x00000582", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00001229", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "224.0.0.252", + "ip.addr": "224.0.0.252", + "ip.dst_host": "224.0.0.252", + "ip.host": "224.0.0.252", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60542", + "udp.dstport": "5355", + "udp.port": "60542", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x00006992", + "udp.checksum.status": "2", + "udp.stream": "171" + }, + "llmnr": { + "dns.id": "0x000019c9", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type A, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:55.031647000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496195.031647000", + "frame.time_delta": "0.001154000", + "frame.time_delta_displayed": "0.001154000", + "frame.time_relative": "2603.570961000", + "frame.number": "9243", + "frame.len": "84", + "frame.cap_len": "84", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" + }, + "eth": { + "eth.dst": "33:33:00:01:00:03", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:03", + "eth.addr": "33:33:00:01:00:03", + "eth.addr_resolved": "IPv6mcast_01:00:03", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x000fda3c", + "ipv6.plen": "30", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::790f:988f:49cf:68ba", + "ipv6.addr": "fe80::790f:988f:49cf:68ba", + "ipv6.src_host": "fe80::790f:988f:49cf:68ba", + "ipv6.host": "fe80::790f:988f:49cf:68ba", + "ipv6.dst": "ff02::1:3", + "ipv6.addr": "ff02::1:3", + "ipv6.dst_host": "ff02::1:3", + "ipv6.host": "ff02::1:3", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58912", + "udp.dstport": "5355", + "udp.port": "58912", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x00008533", + "udp.checksum.status": "2", + "udp.stream": "172" + }, + "llmnr": { + "dns.id": "0x0000e4cb", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type AAAA, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:55.032660000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496195.032660000", + "frame.time_delta": "0.001013000", + "frame.time_delta_displayed": "0.001013000", + "frame.time_relative": "2603.571974000", + "frame.number": "9244", + "frame.len": "64", + "frame.cap_len": "64", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:llmnr" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fc", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fc", + "eth.addr": "01:00:5e:00:00:fc", + "eth.addr_resolved": "IPv4mcast_fc", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "50", + "ip.id": "0x00000583", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00001228", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "224.0.0.252", + "ip.addr": "224.0.0.252", + "ip.dst_host": "224.0.0.252", + "ip.host": "224.0.0.252", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58912", + "udp.dstport": "5355", + "udp.port": "58912", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000a4d2", + "udp.checksum.status": "2", + "udp.stream": "173" + }, + "llmnr": { + "dns.id": "0x0000e4cb", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type AAAA, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:55.440906000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496195.440906000", + "frame.time_delta": "0.408246000", + "frame.time_delta_displayed": "0.408246000", + "frame.time_relative": "2603.980220000", + "frame.number": "9245", + "frame.len": "84", + "frame.cap_len": "84", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" + }, + "eth": { + "eth.dst": "33:33:00:01:00:03", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:03", + "eth.addr": "33:33:00:01:00:03", + "eth.addr_resolved": "IPv6mcast_01:00:03", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x000439d5", + "ipv6.plen": "30", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::790f:988f:49cf:68ba", + "ipv6.addr": "fe80::790f:988f:49cf:68ba", + "ipv6.src_host": "fe80::790f:988f:49cf:68ba", + "ipv6.host": "fe80::790f:988f:49cf:68ba", + "ipv6.dst": "ff02::1:3", + "ipv6.addr": "ff02::1:3", + "ipv6.dst_host": "ff02::1:3", + "ipv6.host": "ff02::1:3", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60542", + "udp.dstport": "5355", + "udp.port": "60542", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x000049f3", + "udp.checksum.status": "2", + "udp.stream": "170" + }, + "llmnr": { + "dns.id": "0x000019c9", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type A, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:55.441463000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496195.441463000", + "frame.time_delta": "0.000557000", + "frame.time_delta_displayed": "0.000557000", + "frame.time_relative": "2603.980777000", + "frame.number": "9246", + "frame.len": "64", + "frame.cap_len": "64", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:llmnr" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fc", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fc", + "eth.addr": "01:00:5e:00:00:fc", + "eth.addr_resolved": "IPv4mcast_fc", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "50", + "ip.id": "0x00000584", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00001227", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "224.0.0.252", + "ip.addr": "224.0.0.252", + "ip.dst_host": "224.0.0.252", + "ip.host": "224.0.0.252", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60542", + "udp.dstport": "5355", + "udp.port": "60542", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x00006992", + "udp.checksum.status": "2", + "udp.stream": "171" + }, + "llmnr": { + "dns.id": "0x000019c9", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type A, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:55.442891000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496195.442891000", + "frame.time_delta": "0.001428000", + "frame.time_delta_displayed": "0.001428000", + "frame.time_relative": "2603.982205000", + "frame.number": "9247", + "frame.len": "84", + "frame.cap_len": "84", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" + }, + "eth": { + "eth.dst": "33:33:00:01:00:03", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_01:00:03", + "eth.addr": "33:33:00:01:00:03", + "eth.addr_resolved": "IPv6mcast_01:00:03", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x000fda3c", + "ipv6.plen": "30", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::790f:988f:49cf:68ba", + "ipv6.addr": "fe80::790f:988f:49cf:68ba", + "ipv6.src_host": "fe80::790f:988f:49cf:68ba", + "ipv6.host": "fe80::790f:988f:49cf:68ba", + "ipv6.dst": "ff02::1:3", + "ipv6.addr": "ff02::1:3", + "ipv6.dst_host": "ff02::1:3", + "ipv6.host": "ff02::1:3", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58912", + "udp.dstport": "5355", + "udp.port": "58912", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x00008533", + "udp.checksum.status": "2", + "udp.stream": "172" + }, + "llmnr": { + "dns.id": "0x0000e4cb", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type AAAA, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:55.443515000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496195.443515000", + "frame.time_delta": "0.000624000", + "frame.time_delta_displayed": "0.000624000", + "frame.time_relative": "2603.982829000", + "frame.number": "9248", + "frame.len": "64", + "frame.cap_len": "64", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:llmnr" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fc", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fc", + "eth.addr": "01:00:5e:00:00:fc", + "eth.addr_resolved": "IPv4mcast_fc", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "50", + "ip.id": "0x00000585", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "1", + "ip.proto": "17", + "ip.checksum": "0x00001226", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "224.0.0.252", + "ip.addr": "224.0.0.252", + "ip.dst_host": "224.0.0.252", + "ip.host": "224.0.0.252", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58912", + "udp.dstport": "5355", + "udp.port": "58912", + "udp.port": "5355", + "udp.length": "30", + "udp.checksum": "0x0000a4d2", + "udp.checksum.status": "2", + "udp.stream": "173" + }, + "llmnr": { + "dns.id": "0x0000e4cb", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.conflict": "0", + "dns.flags.truncated": "0", + "dns.flags.tentative": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "wpad: type AAAA, class IN": { + "dns.qry.name": "wpad", + "dns.qry.name.len": "4", + "dns.count.labels": "1", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:55.570366000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496195.570366000", + "frame.time_delta": "0.126851000", + "frame.time_delta_displayed": "0.126851000", + "frame.time_relative": "2604.109680000", + "frame.number": "9249", + "frame.len": "42", + "frame.cap_len": "42", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "e4:95:6e:b0:20:39", + "eth.dst_tree": { + "eth.dst_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "1", + "arp.src.hw_mac": "b0:b9:8a:73:69:8e", + "arp.src.proto_ipv4": "192.168.0.1", + "arp.dst.hw_mac": "00:00:00:00:00:00", + "arp.dst.proto_ipv4": "192.168.0.120" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:55.575697000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496195.575697000", + "frame.time_delta": "0.005331000", + "frame.time_delta_displayed": "0.005331000", + "frame.time_relative": "2604.115011000", + "frame.number": "9250", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:arp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "e4:95:6e:b0:20:39", + "eth.src_tree": { + "eth.src_resolved": "Iconserv_20:39", + "eth.addr": "e4:95:6e:b0:20:39", + "eth.addr_resolved": "Iconserv_20:39", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000806", + "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + "arp": { + "arp.hw.type": "1", + "arp.proto.type": "0x00000800", + "arp.hw.size": "6", + "arp.proto.size": "4", + "arp.opcode": "2", + "arp.src.hw_mac": "e4:95:6e:b0:20:39", + "arp.src.proto_ipv4": "192.168.0.120", + "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", + "arp.dst.proto_ipv4": "192.168.0.1" + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:55.779172000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496195.779172000", + "frame.time_delta": "0.203475000", + "frame.time_delta_displayed": "0.203475000", + "frame.time_relative": "2604.318486000", + "frame.number": "9251", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:nbns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00005ffb", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x000057e8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "137", + "udp.dstport": "137", + "udp.port": "137", + "udp.port": "137", + "udp.length": "58", + "udp.checksum": "0x0000a418", + "udp.checksum.status": "2", + "udp.stream": "28" + }, + "nbns": { + "nbns.id": "0x00009625", + "nbns.flags": "0x00000110", + "nbns.flags_tree": { + "nbns.flags.response": "0", + "nbns.flags.opcode": "0", + "nbns.flags.truncated": "0", + "nbns.flags.recdesired": "1", + "nbns.flags.broadcast": "1" + }, + "nbns.count.queries": "1", + "nbns.count.answers": "0", + "nbns.count.auth_rr": "0", + "nbns.count.add_rr": "0", + "Queries": { + "WPAD<00>: type NB, class IN": { + "nbns.name": "WPAD<00>", + "nbns.type": "32", + "nbns.class": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:56.529384000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496196.529384000", + "frame.time_delta": "0.750212000", + "frame.time_delta_displayed": "0.750212000", + "frame.time_relative": "2605.068698000", + "frame.number": "9252", + "frame.len": "92", + "frame.cap_len": "92", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:nbns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "78", + "ip.id": "0x00005ffc", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x000057e7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "137", + "udp.dstport": "137", + "udp.port": "137", + "udp.port": "137", + "udp.length": "58", + "udp.checksum": "0x0000a418", + "udp.checksum.status": "2", + "udp.stream": "28" + }, + "nbns": { + "nbns.id": "0x00009625", + "nbns.flags": "0x00000110", + "nbns.flags_tree": { + "nbns.flags.response": "0", + "nbns.flags.opcode": "0", + "nbns.flags.truncated": "0", + "nbns.flags.recdesired": "1", + "nbns.flags.broadcast": "1" + }, + "nbns.count.queries": "1", + "nbns.count.answers": "0", + "nbns.count.auth_rr": "0", + "nbns.count.add_rr": "0", + "Queries": { + "WPAD<00>: type NB, class IN": { + "nbns.name": "WPAD<00>", + "nbns.type": "32", + "nbns.class": "1" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:59.740376000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496199.740376000", + "frame.time_delta": "3.210992000", + "frame.time_delta_displayed": "3.210992000", + "frame.time_relative": "2608.279690000", + "frame.number": "9253", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "01:00:5e:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv4mcast_fb", + "eth.addr": "01:00:5e:00:00:fb", + "eth.addr_resolved": "IPv4mcast_fb", + "eth.lg": "0", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002092", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.ttl_tree": { + "_ws.expert": { + "ip.ttl.lncb": "", + "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", + "_ws.expert.severity": "4194304", + "_ws.expert.group": "33554432" + } + }, + "ip.proto": "17", + "ip.checksum": "0x0000b75e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "224.0.0.251", + "ip.addr": "224.0.0.251", + "ip.dst_host": "224.0.0.251", + "ip.host": "224.0.0.251", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00001055", + "udp.checksum.status": "2", + "udp.stream": "150" + }, + "mdns": { + "dns.id": "0x0000029d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=669", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:59.740882000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496199.740882000", + "frame.time_delta": "0.000506000", + "frame.time_delta_displayed": "0.000506000", + "frame.time_relative": "2608.280196000", + "frame.number": "9254", + "frame.len": "275", + "frame.cap_len": "275", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:mdns" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "261", + "ip.id": "0x00002093", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009859", + "ip.checksum.status": "2", + "ip.src": "192.168.0.84", + "ip.addr": "192.168.0.84", + "ip.src_host": "192.168.0.84", + "ip.host": "192.168.0.84", + "ip.dst": "255.255.255.255", + "ip.addr": "255.255.255.255", + "ip.dst_host": "255.255.255.255", + "ip.host": "255.255.255.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1324", + "udp.dstport": "5353", + "udp.port": "1324", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x0000f150", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "mdns": { + "dns.id": "0x0000029d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=669", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:29:59.741505000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496199.741505000", + "frame.time_delta": "0.000623000", + "frame.time_delta_displayed": "0.000623000", + "frame.time_relative": "2608.280819000", + "frame.number": "9255", + "frame.len": "295", + "frame.cap_len": "295", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ipv6:udp:mdns" + }, + "eth": { + "eth.dst": "33:33:00:00:00:fb", + "eth.dst_tree": { + "eth.dst_resolved": "IPv6mcast_fb", + "eth.addr": "33:33:00:00:00:fb", + "eth.addr_resolved": "IPv6mcast_fb", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "d0:73:d5:12:8e:30", + "eth.src_tree": { + "eth.src_resolved": "LifiLabs_12:8e:30", + "eth.addr": "d0:73:d5:12:8e:30", + "eth.addr_resolved": "LifiLabs_12:8e:30", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x000086dd" + }, + "ipv6": { + "ipv6.version": "6", + "ip.version": "6", + "ipv6.tclass": "0x00000000", + "ipv6.tclass_tree": { + "ipv6.tclass.dscp": "0", + "ipv6.tclass.ecn": "0" + }, + "ipv6.flow": "0x00000000", + "ipv6.plen": "241", + "ipv6.nxt": "17", + "ipv6.hlim": "1", + "ipv6.src": "fe80::d273:d5ff:fe12:8e30", + "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.host": "fe80::d273:d5ff:fe12:8e30", + "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", + "ipv6.sa_mac": "d0:73:d5:12:8e:30", + "ipv6.dst": "ff02::fb", + "ipv6.addr": "ff02::fb", + "ipv6.dst_host": "ff02::fb", + "ipv6.host": "ff02::fb", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "1325", + "udp.dstport": "5353", + "udp.port": "1325", + "udp.port": "5353", + "udp.length": "241", + "udp.checksum": "0x00007f16", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "mdns": { + "dns.id": "0x0000029d", + "dns.flags": "0x00000000", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "0", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "2", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "2", + "Queries": { + "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._tcp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + }, + "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { + "dns.qry.name": "_alljoyn._udp.local", + "dns.qry.name.len": "19", + "dns.count.labels": "3", + "dns.qry.type": "12", + "dns.qry.class": "0x00000001", + "dns.qry.qu": "1" + } + }, + "Additional records": { + "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "39", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "24", + "dns.txt": "n_1=org.alljoyn.BusNode*", + "dns.txt.length": "3", + "dns.txt": "m=1" + }, + "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { + "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", + "dns.resp.type": "16", + "dns.resp.class": "0x00000001", + "dns.resp.cache_flush": "0", + "dns.resp.ttl": "120", + "dns.resp.len": "61", + "dns.txt.length": "9", + "dns.txt": "txtvers=0", + "dns.txt.length": "7", + "dns.txt": "ajpv=10", + "dns.txt.length": "4", + "dns.txt": "pv=2", + "dns.txt.length": "7", + "dns.txt": "sid=669", + "dns.txt.length": "17", + "dns.txt": "ipv4=192.168.0.84", + "dns.txt.length": "11", + "dns.txt": "upcv4=54077" + } + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:30:04.467458000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496204.467458000", + "frame.time_delta": "4.725953000", + "frame.time_delta_displayed": "4.725953000", + "frame.time_relative": "2613.006772000", + "frame.number": "9256", + "frame.len": "94", + "frame.cap_len": "94", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "80", + "ip.id": "0x00005842", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a627", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "40", + "tcp.seq": "5358", + "tcp.nxtseq": "5398", + "tcp.ack": "865", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x000030bc", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "40", + "tcp.analysis.push_bytes_sent": "40" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "35", + "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:f3:37:eb:ed:03:21:4b:d1:cf:de:ec:b8:31:b7:97:9b:1a:36:e9:3a:0d:57:1b:4c:8e:fa:06:e9" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:30:04.562482000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496204.562482000", + "frame.time_delta": "0.095024000", + "frame.time_delta_displayed": "0.095024000", + "frame.time_relative": "2613.101796000", + "frame.number": "9257", + "frame.len": "115", + "frame.cap_len": "115", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "101", + "ip.id": "0x00009751", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x000075fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "49", + "tcp.seq": "109562", + "tcp.nxtseq": "109611", + "tcp.ack": "24173", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000879d", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:ad:b4:a7:a4:d4:e8", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2665908, TSecr 2812597480": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2665908", + "tcp.options.timestamp.tsecr": "2812597480" + } + }, + "tcp.analysis": { + "tcp.analysis.bytes_in_flight": "49", + "tcp.analysis.push_bytes_sent": "49" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "44", + "ssl.app_data": "13:6b:24:d2:9f:7e:46:ef:c5:bb:55:eb:b3:5f:c6:bf:7f:64:0e:b0:b2:d7:c7:9f:05:18:6b:2b:e2:06:d4:8a:75:14:3a:46:58:48:b6:c7:4a:62:c9:ac" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:30:04.611044000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496204.611044000", + "frame.time_delta": "0.048562000", + "frame.time_delta_displayed": "0.048562000", + "frame.time_relative": "2613.150358000", + "frame.number": "9258", + "frame.len": "90", + "frame.cap_len": "90", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "76", + "ip.id": "0x00001021", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "49", + "ip.proto": "6", + "ip.checksum": "0x0000fd4c", + "ip.checksum.status": "2", + "ip.src": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.src_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.src_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.src_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.src_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "47009", + "tcp.port": "443", + "tcp.port": "47009", + "tcp.stream": "1", + "tcp.len": "36", + "tcp.seq": "865", + "tcp.nxtseq": "901", + "tcp.ack": "5398", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "1337", + "tcp.window_size": "1337", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x00003222", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9256", + "tcp.analysis.ack_rtt": "0.143586000", + "tcp.analysis.bytes_in_flight": "36", + "tcp.analysis.push_bytes_sent": "36" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "31", + "ssl.app_data": "54:26:79:5a:1e:3d:fa:78:05:8a:0d:a9:dd:24:96:a6:74:3a:61:36:92:25:31:23:89:6c:2d:64:9a:cd:17" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:30:04.611555000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496204.611555000", + "frame.time_delta": "0.000511000", + "frame.time_delta_displayed": "0.000511000", + "frame.time_relative": "2613.150869000", + "frame.number": "9259", + "frame.len": "60", + "frame.cap_len": "60", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800", + "eth.padding": "00:00:00:00:00:00" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "40", + "ip.id": "0x00005843", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000a64e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "104.155.18.91", + "ip.addr": "104.155.18.91", + "ip.dst_host": "104.155.18.91", + "ip.host": "104.155.18.91", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_asnum": "AS15169 Google Inc.", + "ip.geoip.asnum": "AS15169 Google Inc.", + "ip.geoip.dst_city": "Mountain View, CA", + "ip.geoip.city": "Mountain View, CA", + "ip.geoip.dst_lat": "37.419201", + "ip.geoip.lat": "37.419201", + "ip.geoip.dst_lon": "-122.057404", + "ip.geoip.lon": "-122.057404" + } + }, + "tcp": { + "tcp.srcport": "47009", + "tcp.dstport": "443", + "tcp.port": "47009", + "tcp.port": "443", + "tcp.stream": "1", + "tcp.len": "0", + "tcp.seq": "5398", + "tcp.ack": "901", + "tcp.hdr_len": "20", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "4015", + "tcp.window_size": "4015", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000ee25", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.analysis": { + "tcp.analysis.acks_frame": "9258", + "tcp.analysis.ack_rtt": "0.000511000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:30:04.623329000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496204.623329000", + "frame.time_delta": "0.011774000", + "frame.time_delta_displayed": "0.011774000", + "frame.time_relative": "2613.162643000", + "frame.number": "9260", + "frame.len": "121", + "frame.cap_len": "121", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp:ssl" + }, + "eth": { + "eth.dst": "d0:52:a8:a3:60:0f", + "eth.dst_tree": { + "eth.dst_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "107", + "ip.id": "0x00002e48", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "232", + "ip.proto": "6", + "ip.checksum": "0x00003700", + "ip.checksum.status": "2", + "ip.src": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.src_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "ip.dst": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.dst_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.src_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.src_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.src_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.src_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + }, + "Destination GeoIP: Unknown": "" + }, + "tcp": { + "tcp.srcport": "443", + "tcp.dstport": "44970", + "tcp.port": "443", + "tcp.port": "44970", + "tcp.stream": "0", + "tcp.len": "55", + "tcp.seq": "24173", + "tcp.nxtseq": "24228", + "tcp.ack": "109611", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000018", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "1", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "422", + "tcp.window_size": "422", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000c196", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:a7:a4:f3:40:00:28:ad:b4", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2812605248, TSecr 2665908": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2812605248", + "tcp.options.timestamp.tsecr": "2665908" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "9257", + "tcp.analysis.ack_rtt": "0.060847000", + "tcp.analysis.bytes_in_flight": "55", + "tcp.analysis.push_bytes_sent": "55" + } + }, + "ssl": { + "ssl.record": { + "ssl.record.content_type": "23", + "ssl.record.version": "0x00000303", + "ssl.record.length": "50", + "ssl.app_data": "34:cd:34:17:47:48:0e:ff:f1:6e:10:f0:e5:36:4d:f3:8c:4e:1a:46:2c:23:4b:cc:91:d9:69:ec:43:0b:a5:70:3d:28:ef:01:7c:33:9e:7a:db:a6:8f:80:60:1e:99:c2:79:93" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:30:04.623819000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496204.623819000", + "frame.time_delta": "0.000490000", + "frame.time_delta_displayed": "0.000490000", + "frame.time_relative": "2613.163133000", + "frame.number": "9261", + "frame.len": "66", + "frame.cap_len": "66", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:tcp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "d0:52:a8:a3:60:0f", + "eth.src_tree": { + "eth.src_resolved": "Physical_a3:60:0f", + "eth.addr": "d0:52:a8:a3:60:0f", + "eth.addr_resolved": "Physical_a3:60:0f", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "52", + "ip.id": "0x00009752", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "6", + "ip.checksum": "0x0000762d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.242", + "ip.addr": "192.168.0.242", + "ip.src_host": "192.168.0.242", + "ip.host": "192.168.0.242", + "ip.dst": "13.59.94.111", + "ip.addr": "13.59.94.111", + "ip.dst_host": "13.59.94.111", + "ip.host": "13.59.94.111", + "Source GeoIP: Unknown": "", + "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { + "ip.geoip.dst_country": "United States", + "ip.geoip.country": "United States", + "ip.geoip.dst_city": "Norwalk, CT", + "ip.geoip.city": "Norwalk, CT", + "ip.geoip.dst_lat": "41.127102", + "ip.geoip.lat": "41.127102", + "ip.geoip.dst_lon": "-73.441597", + "ip.geoip.lon": "-73.441597" + } + }, + "tcp": { + "tcp.srcport": "44970", + "tcp.dstport": "443", + "tcp.port": "44970", + "tcp.port": "443", + "tcp.stream": "0", + "tcp.len": "0", + "tcp.seq": "109611", + "tcp.ack": "24228", + "tcp.hdr_len": "32", + "tcp.flags": "0x00000010", + "tcp.flags_tree": { + "tcp.flags.res": "0", + "tcp.flags.ns": "0", + "tcp.flags.cwr": "0", + "tcp.flags.ecn": "0", + "tcp.flags.urg": "0", + "tcp.flags.ack": "1", + "tcp.flags.push": "0", + "tcp.flags.reset": "0", + "tcp.flags.syn": "0", + "tcp.flags.fin": "0", + "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" + }, + "tcp.window_size_value": "661", + "tcp.window_size": "661", + "tcp.window_size_scalefactor": "-1", + "tcp.checksum": "0x0000fbc9", + "tcp.checksum.status": "2", + "tcp.urgent_pointer": "0", + "tcp.options": "01:01:08:0a:00:28:ad:ba:a7:a4:f3:40", + "tcp.options_tree": { + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "No-Operation (NOP)": { + "tcp.options.type": "1", + "tcp.options.type_tree": { + "tcp.options.type.copy": "0", + "tcp.options.type.class": "0", + "tcp.options.type.number": "1" + } + }, + "Timestamps: TSval 2665914, TSecr 2812605248": { + "tcp.option_kind": "8", + "tcp.option_len": "10", + "tcp.options.timestamp.tsval": "2665914", + "tcp.options.timestamp.tsecr": "2812605248" + } + }, + "tcp.analysis": { + "tcp.analysis.acks_frame": "9260", + "tcp.analysis.ack_rtt": "0.000490000" + } + } + } + } + } + + , + { + "_index": "packets-2017-11-01", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 31, 2017 17:30:07.101114000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1509496207.101114000", + "frame.time_delta": "2.477295000", + "frame.time_delta_displayed": "2.477295000", + "frame.time_relative": "2615.640428000", + "frame.number": "9262", + "frame.len": "86", + "frame.cap_len": "86", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:data" + }, + "eth": { + "eth.dst": "ff:ff:ff:ff:ff:ff", + "eth.dst_tree": { + "eth.dst_resolved": "Broadcast", + "eth.addr": "ff:ff:ff:ff:ff:ff", + "eth.addr_resolved": "Broadcast", + "eth.lg": "1", + "eth.ig": "1" + }, + "eth.src": "60:57:18:8e:aa:94", + "eth.src_tree": { + "eth.src_resolved": "IntelCor_8e:aa:94", + "eth.addr": "60:57:18:8e:aa:94", + "eth.addr_resolved": "IntelCor_8e:aa:94", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "72", + "ip.id": "0x00006000", + "ip.flags": "0x00000000", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "0", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "128", + "ip.proto": "17", + "ip.checksum": "0x000057e9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.108", + "ip.addr": "192.168.0.108", + "ip.src_host": "192.168.0.108", + "ip.host": "192.168.0.108", + "ip.dst": "192.168.0.255", + "ip.addr": "192.168.0.255", + "ip.dst_host": "192.168.0.255", + "ip.host": "192.168.0.255", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57621", + "udp.dstport": "57621", + "udp.port": "57621", + "udp.port": "57621", + "udp.length": "52", + "udp.checksum": "0x0000199e", + "udp.checksum.status": "2", + "udp.stream": "1" + }, + "data": { + "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", + "data.len": "44" + } + } + } + } + +] diff --git a/parser/__init__.py b/parser/__init__.py new file mode 100644 index 0000000..e69de29 -- 2.34.1